Tuesday, June 5, 2018

Friday, April 27, 2018

The Cryptographers' Panel at RSAC 2018

RSA conference has been in my security events favorite list for many years. I always ‌follow the presentations, the innovation sandbox and other ones. One of the interesting sessions at RSAC is the cryptographers' panel. This year's pannel was held with the participation of legends such as Adi Shamir, Ronald Rivest and Whitfield Diffie. The panelists discussed various topics such as the incorrect usage of the word "crypto" in the context of cryptocurrencies, facts and fictions about the blockchain, and so on.

Tuesday, April 10, 2018

Talking Security to the Top Management

Talking to the board is one of the main tasks of the CISO. He/She is expected to discuss security in terms of business risks to the top management in a way that they become able to make supportive decisions. However, it may become a challenge if you fail to use the appropriate language in this talk. Here is a good #SANS2018 presentation by Lance Spitzner on the topic.

Monday, April 9, 2018

I'm back

After a long time, I've decided to begin updating this blog again. During my absence I was busy with my jobs as the CISO of a major Telco company, and next, as the CISO of a payment regulation company. I also kept blogging in Persian (Farsi) in my blog which was started in March 2004.

Friday, April 17, 2015

Nmap script for MS15-034

Microsoft has announced a critical vulnerability (M15-034) in multiple windows platform. The vulnerability is assigned CVE number 2015-1635. It can be exploited remotely via a special HTTP request resulting in a server hang or code execution.
Download Nmap NSE script for MS15-034.

Thursday, April 16, 2015

Verizon 2015 DBIR

Verizon has published its annual report on data breach investigation called DBIR. Covering thousands of security incidents and real data breaches from different industries, it has become a valuable reference for security professionals.

Thursday, August 28, 2014


Sysmon is a new tool from the Sysinternals collection. It aims at logging sensitive operations inside MS windows performed  by processes. This includes process creation details, network connections by a process and changing the creation date of a file. The latter is a common behavior of malwares (although may be the action of a legitimate processes).
After download, it could be installed by the following command:

Sysmon.exe -i -h sha256 -n

It becomes a system service which starts at boot time. After installation, you should use the windows Event Viewer and navigate to Applications and Services Logs/Microsoft/Windows/Sysmon/Operational to view its logs.