Jul 25th, 2021 | 6 minute readIn collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mobile phones that is sold to governments around the world by NSO Group. It’s used to target political leaders and their families, human rights activists, political dissidents, journalists, and so on, and surreptitiously download their messages/photos/location data, record their microphone, and otherwise spy on them. As part of the investigation, Amnesty International wrote a blog post with their forensic analysis of several compromised phones, as well as an open source tool, Mobile Verification Toolkit, for scanning your mobile device for these indicators. MVT supports both iOS and Android, and in this blog post we’ll install and run the scanner against my iOS device.
Continue reading "Scanning your iPhone for Pegasus, NSO Group's malware" →
Jul 9th, 2021 | 7 minute readYesterday Amazon released a new Cloudfront API that returns partial AWS account ids and Cloudfront distribution ids associated with some given domain name, to help you determine which of your own AWS accounts serves traffic for that domain.
Continue reading "Getting Partial AWS Account IDs for any Cloudfront Website" →
May 23rd, 2020 | 11 minute readAs a result of the global pandemic Zoom has seen an explosion in usage (going from 10M to 200M daily active users) and has received quite a bit more scrutiny into their security and privacy practices. This has caused them to get reamed in the press for a number of issues:
Continue reading "A Summary of Zoom's Bad Security Month" →
Nov 12th, 2019 | 20 minute readIn this post I’ll describe a set of AWS Cloudtrail alerting rules that let you detect when someone makes a manual change in your AWS Console. This has been one of the highest signal / lowest noise alerts we created in our organization - it lets us know when engineers do things like, i.e., manually add new security group ingress rules through the AWS Console: 
Continue reading "Detecting Manual AWS Console Actions" →
Oct 7th, 2019 | 11 minute readIn response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents law enforcement from using forensics tools against your phone, and the result of which is this blog post.
Continue reading "Pair Locking your iPhone with Configurator 2" →