Akamai Diversity

Akamai Security Intelligence
& Threat Research

Or Katz

Or Katz

January 27, 2021 9:00 AM

When Destiny is Knocking on Your Door Again - Data M ...

A few years ago, I wrote a blog post trying to explain, with humor, why choosing application security as a career path is destiny derived by my parents calling me "Or", and why a personal name that is a conditional word can sometimes be challenging in daily routines, since some attack payloads contain conditional words.

Steve Ragan

Steve Ragan

January 26, 2021 9:00 AM

Minecraft players are targets even off the network

When we write the SOTI and talk about attacks against gamers, we spend a good deal of time focusing on network-level events, such as DDoS and credential stuffing. These are serious types of attacks and attack surfaces, but they aren't the only things gamers have to deal with. In fact, the add-on attacks are far more common than one would imagine.

Steve Ragan

Steve Ragan

January 21, 2021 11:40 AM

People Management with Kathryn Kun: A Discussion

Kathryn Kun, the XO of the Office of the CSO, joins Martin and Steve for a discussion about people management, and the challenges associated with such tasks. The three also discuss ice fishing, and the fact that some ice fishing setups include cable TV.

Martin McKeay

Martin McKeay

January 19, 2021 9:00 AM

Why Do We Need Security Predictions?

I recently wrote about why I hate security predictions. I hate being asked to make them, I dislike reading many of them, and I think a lot of what we think of as "predictions" are simply extensions of the analysis security researchers and analysts are doing on a daily basis. This brings me to the conclusion that I actually hate the framing and connotation of predictions, rather than the actual

Steve Ragan

Steve Ragan

January 14, 2021 9:00 AM

Three Editors Walk Into A Podcast: A Discussion

Steve, Martin, and Amanda talk about what it's like to edit a report the size of the SOTI, and Amanda discusses her strategies for getting the most out of your security blogging efforts.

Yael Daihes

Yael Daihes

January 13, 2021 9:00 AM

Detecting Mylobot, unseen DGA based malware, using D ...

In our first blog post, we explained DGA evasion techniques and discussed different methods for detecting DGA-based malware. We also elaborated on our own solution, a deep learning neural network that predicts over Akamai's extensive DNS traffic. A solution that currently autonomously blocks more than 70 million DNS requests daily, with very low positive rate. Another exciting aspect of this system was the detection of thus far undetected botnets, with

Martin McKeay

Martin McKeay

January 12, 2021 9:00 AM

Why I Hate Security Predictions: Part 1

Security predictions have been a staple of news in the security industry for as long as I've been in this profession. I hate them. Every December and January, there's a spate of stories written about what the "experts" expect for the upcoming year. With rare exceptions, they fall into one of three categories: more of the same, growth in a specific attack type, or "the year of" . Some of

Larry Cashdollar

Larry Cashdollar

January 6, 2021 9:00 AM

What happens when your vulnerability is weaponized f ...

An examination of exploits used by the KashmirBlack botnet Not too long ago, I read a couple of excellent articles by Sarit Yerushalmi and Ofir Shaty on their research of the KhasmirBlack botnet, which are published here and here. Their articles described the KashmirBlack botnet infecting sites via various exploitable WordPress plugins. One of the things I noticed is that the botnet used some of my own vulnerability disclosures, so

Steve Ragan

Steve Ragan

December 22, 2020 11:15 AM

What A Year: A Discussion

This year has been a strange one. For the final podcast of 2020, Martin and Steve look back on everything that happened this year, and offer some thoughts and advice for 2021. Thanks for listening! We'll see you soon.