Showing posts from May, 2017

On "Gaming" Social Media

I begin this blog post with an acknowledgment of the irony of the situation. But I'm taking the opportunity use this chance to highlight the social media snowball and how to use your momentum responsibly. This post is in no way an indictment of MalwareTechBlog, nor am I implying that they did anything wrong here. If I come across as petty it is intentional and not sincere.

On May 26th, 2017, I tweeted about a bug with Microsoft Office in which a background task would flicker a command prompt briefly due to it being mistakenly registered as a user-context task.

Thirty-seven hours later the Savior of the Internet, Slayer of Wcry, MalwareTechBlog posted a tweet that said basically the same thing. With no significant additional information.

Social media is all about visibility. After MalwareTech posted their tweet SwiftonSecurity retweeted it, and between both of their substantial platforms a very visible conversation about this background task occurred. I sat at my desk and watched i…

Securing a Law Firm, part 1: Securing Chrome

On a snowy day, late in December of 2016 I sat in a corner office of a local law firm with the firm's IT manager discussing the hottest topic of the week - ransomware. After a law firm down the road had been hit by a ransomware attack the partners were afraid. They were asking a lot of questions for which the IT manager had serviceable answers. I had my own questions in preparation for my practicum beginning in the new year.
Scribbled in various notebooks and loose scraps of paper in my bag laid the anatomy of the day's typical ransomware attack. My previous months had been spent picking up the tools of the infosec trade from the sidelines of Twitter. I wanted to see how much of it I could use.
Over lunch I probed the IT Manager about their threat model, what they were prepared for, and their recovery plans for when they failed. I approached them because I knew their environment wasn't prepared for a modern attack. My goal during the meeting was to see just how bad things…

Introduction and Ethics

1. Don't hurt others
2. Protect those who cannot protect themselves
3. Strive to be better

My name is ephemeral. I currently go by Amanda on Twitter, and by NotAwful in most other places. It will change in the future but for now I am comfortable and have no plans to change that.

As of writing, I am a networking and telecom student studying information security on the side. I do not have much real-world experience but I am seeking it avidly and learning as much as I can until I get there. My primary interest in infosec is malware research and software reverse engineering, but before I get there I will likely be working within the realms of general IT. Expect me to post reviews and thoughts about things that I am learning in technology here.

I have played a lot of tabletop roleplaying games such as Dungeons & Dragons, Dungeon World, Shadowrun, and a few others. I have also played many video games. I think critically about game design and while you won't see me breaking down …