A small archive of writing, presentations, and reusable templates I've shipped to the security community over the years.
New insights into establishing incident-handling procedures for the various classes of malware. The paper gives a detailed perspective into malware types and their propagation mechanisms, arguing that response must be tailored to type — and offers handling procedures security personnel can use to quickly contain a threat and reduce business disruption.
Read full paperA community-effort guide for home users and students to secure their personal computers using only freely available software. Walks through the basic technologies, builds a secure home network from scratch, and closes with practical best practices for staying safe online without paid product investment or deep technical proficiency.
Read full paperA short presentation about SSLAuditor (v4.0). Walks through the various checks the tool performs against SSL services and the structure of the report it generates.
Watch on YouTubeA grounding in cryptography as the foundation of modern security solutions. Covers block and stream ciphers, asymmetric cryptography (including elliptic curve), hash functions and MACs, and closes with digital signatures and envelopes.
View presentationFocused on key management — the different types of keys, their lifecycle and transitions, and the X.509 certificate format that underpins most production PKI deployments.
View presentationContinuation of the PKI series, examining the various trust models that exist in practice and the different revocation methods (CRL, OCSP and friends) and when each is appropriate.
View presentation
