On the Security of Serverless Environments

A few years ago, cloud computing was only about spinning up virtual machines. The ability to add more on demand when the load increased fundamentally changed the way we think about uptime and reliability. Software development patterns evolved, andisolation and immutability became cornerstones with the emergence of microservices. At that time, the cloud offering exploded […]

Following Up on the Deserialization Attacks Presentation from BlackHat USA 2017

One of the main axioms of secure programming is a rather simple principle: never trust the user input. It might seem obvious, but this is even more relevant if the user input relates to something in the code, whether it be used to generate a piece of code, or simply a class or function name. […]

A photograph rendered in the style of "Starry Night" by a deep convolutional neural network.

Machine Learning and You

The Future is Machine Learning In recent years, machine learning and artificial intelligence have become prominent in industry and the minds of the public. The availability of more data than ever before, combined with the unwavering growth in capabilities of hardware systems, has allowed machine learning techniques to be scaled with unprecedented ambition. The field […]

Docker Security

Docker Security In Production

Delve Labs was present during the GoSec 2016 conference, where our lead infrastructure architect presented an overview of the current options available for securing Docker in production environments. Text from the slides follows:

Will 50% False Positive Detection Rate Work for IoT Security?

During a talk at the NullCon conference in Goa, India, a researcher from NCC Group shared troubling statistics regarding the current vulnerability scanner landscape. Using an automated scanner, they targeted 100 of their customer’s assets, which turned up over 900,000 vulnerabilities with a false positive rate of 89% to 50% depending on the industry.

NSA “Hacker-In-Chief” on their network penetration techniques (a.k.a pentest 101)

The Enigma 2016 Usenix Conference featured an hour long talk from NSA’s Tailored Access Operations (TAO) chief, where he exposed the ease with which they were able to penetrate most networks without much effort.

NorthSec 2016

We’re proud to support and be part of NorthSec organization.

For the third year in a row now, Delve Labs will join efforts to support the biggest on-site applied security event in Canada : NorthSec. NorthSec is aimed at raising the knowledge and technical expertise of professionals and students alike. NorthSec’s goal is to create a high quality security forum via a two-day single track conference […]