roze.ma

After spending years in cybersecurity education, I’ve seen the same claims about phishing awareness training repeated like gospel: “Users are the Human Firewall,” “Training reduces risk,” “Engaged employees are your first line of defense,” “Interactive learning drives change…” but does it? We just finished the largest known enterprise-scale field trial assessing phishing training effectiveness using…

SUMMARY: This panel discussion focused on innovative security awareness programs, gamification strategies, phishing simulations, and challenges posed by generative AI in cybersecurity. Participants included security leaders from various industries, discussing practical approaches to engaging employees and adapting to emerging threats, such as deepfakes and AI-assisted attacks. OUTLINE: IDEAS: QUOTES: RECOMMENDATIONS: ONE SENTENCE SUMMARY: Security awareness…

The Going PRO Talent Fund (Talent Fund) is a Michigan state initiative aimed at helping employers train, develop, and retain current and new employees. Funded by the Department of Labor and Economic Opportunity – Workforce Development (LEO-WD), grants are distributed to employers through Michigan Works! Agencies (MWAs). The training programs supported must address skill gaps…

TITLE: Phishing the Phishing Resistant: Phishing for Primary Refresh Tokens in Microsoft Entra Slides SUMMARY: Dirk-jan Mollema discusses the vulnerabilities in Microsoft’s phishing-resistant authentication systems, focusing on phishing for Primary Refresh Tokens (PRT) in Microsoft Entra (formerly Azure AD). The lecture covers the token architecture, Windows Hello authentication, token upgrades, and phishing strategies, providing methods…

The problem described in the Stack Overflow post revolves around a misconfigured SSL certificate in a Kubernetes environment. Specifically, after adding an SSL certificate to the Kubernetes Ingress, the user observes that the certificate presented is the “Kubernetes Ingress Controller Fake Certificate” instead of the expected SSL certificate. This issue occurs when accessing services via…

Adobe Acrobat Reader has integrated generative AI tools to enhance document management and productivity, but ensuring HIPAA compliance is crucial for users handling protected health information (PHI). Here’s a comprehensive look into how Adobe manages data transmission and security to align with HIPAA requirements. Data Handling Practices Adobe’s generative AI features in Acrobat and Acrobat…

(by AI & me… mostly AI) Below you will find a recording of the talk I gave on AI and OSCP and such. Followed by the Github (mess) of code I demoed, and the .ppt. Then, a bunch of AI generated content from the captions. https://github.com/ProRo-GRCC/AI_DEMO When we talk about integrating AI and OSCP into…