Welcome!

I Am Security

Iftach Ian Amit

Subscribe to Iftach Ian Amit: eMailAlertsEmail Alerts
Get Iftach Ian Amit via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Iftach Ian Amit

I have been playing around with some wireless security for one of my customers lately. Having a pretty solid understanding of how things work, but also having been challenged to try out “everything there is to try” by the client, I went off to look for new tools that I might not have tried before. It did not take too long, and with the accidental help of TechCrunch (btw TechCrunch – you may want to change this link to something else after you read this…) I ran into this “Wifi Security” site. Yes, I know, the design is horrible, the scrolling thing on the top of the page is just missing a tag to drive you into an epileptic seizure, and the music, well, it’s music as part of a website – welcome to the 80’s. Not being deterred by the horrible design, I went ahead and downloaded the “tools” offered in the article. After all, the FBI are using this guy’s tools... (more)

Advanced Data Exfilration

This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading) Abstract Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has been preparing for, and do not utilize the same tools and techniques employed by such tests. This paper discusses the different ways that attacks should be emulated, and focuses mainly on data exfiltration. The ability to “break into” a... (more)

Sexy Defense

So, Source Boston proved to be a great venue for the inauguration of the Sexy Defense paper and talk that I was working on recently. Had a great time both developing the concepts, as well as discussing them before, on stage, and … Continue reading → ... (more)

Identity Crisis

Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?” The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking. I think that this question is highly inappropriate for two reasons: You should not be looking for “technology”. Buying a product is not going to make you more secure or less secure. You should n... (more)

Being in the middle (or: things we didn’t manage to learn in a decade)

&l This is going to be painful, so hold on. Instead of mumbling short tweets about things I think that suck, I decided to keep everything in and just formulate a post on it. This post is a rant. It’s a complicated rant by an “old” guy (my excuse for cynicism) in the industry who’s had a chance to see a lot going. Disclaimer: I’m going to give some examples here, real life examples from my own experience in the security industry. Some are from my consulting days, some from the vendor days, some from freelance and other gig days. If you think you are someone who I’m describing here ... (more)