The technical heart: vulnerability research, disclosure, threat analysis, the craft of finding and fixing
Security
Notes from judging DistrictCon's Junkyard Year 1 — a Pwn2Own-style exploit contest targeting end-of-life devices. Disco balls, DNA sequencers, gym treadmills, and self-propagating game worms. Includes exploit chain diagrams for all eleven talks.
Security
That said, the widespread nature of the effects shown in the six-part series are definitely plausible. Industrial control systems and the infrastructure that supports them are riddled with zero-day vulnerabilities, alongside the more common "known, yet unpatched" n-day vulnerabilities.
Security
Crowdsourced security empowers ethical hackers to protect digital assets, reshaping cybersecurity. Casey Ellis encourages entrepreneurs to lead with resilience, delegate wisely, prioritize health, and embrace innovation amid chaos for lasting impact and scalable success.
Security
Alfred Hobbs: The OG bug bounty hunter who cracked England’s ‘unpick-able’ locks. His breaker mindset exposed flaws, sparked innovation, and proved no system is perfect.
Security
It was an privilege to participate on this panel at the NEBULA:FOG:PRIME AI x Security Hackathon event on the 25th of January.
Security
It's that time of year again... Here are a few trends that I see making their presence felt in 2025 - These are a work in progress, and I might expand on a few of these: 1. Peacetime cyber vs. wartime cyber: 10 years from now, we'
Security
What's the deal with Volt Typhoon, Salt Typhoon, and Flax Typhoon - and what do we need to do?
Security
Synopsis In this episode of Resilient Cyber Chris Hughes chats with Cyber industry veterans and long-time leaders Wendy Nather and Casey Ellis about systemic cyber struggles, issues that still plague us over the years, and some of the economic incentives at play (or not) when it comes to cybersecurity. Casey
Security
Bug bounty programs are a valuable tool for security efforts but only if they are correctly applied. This is particularly true for airlines who have to secure both the IT business systems and OT aircraft systems that enable the business to operate safely.
Security
Recording this was a tonne of fun and we cover a LOT of ground - There's a general theme of system-level thinking, vulnerability and transparency, and the personal pursuit of potential through things like entrepreneurship. It's very much a backstory and #thoughtops conversation.
Security
During Hacker Summer Camp, I was asked "where do you, uh, live now and stuff" a lot. Forgive this slightly indulgent post, but I wanted to blog a little bit of our story, and some of the thinking that went into executing our trans-pacific COVID bug-in back in 2020.
Security
Here's a list of the talks that I'm going to get myself along to at Blackhat and DEF CON this year, and why...