Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets.

In the wake of the ransomware success, Ransomware-as-a-Service (RaaS) is being offered as a franchise model that allows people without programming skills to become active attackers…


The fallout of SolarWinds compromise has resulted in a bevy of new malware families, each with different characteristics and behaviors.

SolarWinds advisory : https://www.solarwinds.com/securityadvisory#anchor2


An illustration of transitive and deeply connected software supply chains

The U.S. was caught off guard by foreign interference in the 2016 election. Given the powerful role of social media in political contests, understanding the Russian efforts was crucial in preventing or blunting similar, or more sophisticated, attacks in the 2020 congressional races. …


If you’ve arrived to this post, I’d suggest reading the Part-1 and Part-2 to gain context.

FireEye released additional details here (on December 24th, 2020) that is well worth reading.

With the increase of complexity in software and the availability of complex and customizable malware, the amount of work required…


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information

If you’ve arrived to this post, I’d suggest reading the prior post to gain context.

As details are still emerging, let’s speculatively examine the attacker’s post…


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information

If you’ve arrived to this post, I’d suggest reading the prior post to gain context.

As details are still emerging, let’s speculatively examine the attacker’s post…


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here (FireEye) and others indicated in references section below.

[UPDATE] : A detailed followup post has been published here

FireEye discovered the supply chain attack that…


Image Courtesy : https://www.huismanequipment.com/

The Scala language has continued to gain popularity over the last several years, thanks to its excellent combination of functional and object-oriented software development principles, and its implementation on top of the proven Java Virtual Machine (JVM). Although Scala compiles to Java bytecode, it is designed to improve on many…


As COVID-19 expanded across the globe to hit most nations, wider interest in tracing real-life contacts through Bluetooth are quickly emerging. These include MIT’s SafePaths, Enigma’s SafeTrace or Covid Watch to name a few.

What digital beacons will apps use to trace proximity contacts? Current designs rely on a low…


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here.

Yet, despite the warning, previous incidents and effective controls, exposed S3 buckets containing either highly sensitive data, cached entities, SDKs, static assets are still being…

Chetan Conikee

Engineer, InfoSec tinkerer, Seed Investor, Founder/CTO of ShiftLeft Inc., (Opinions, my own)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store