19 Posts

Dave McMillen

Senior Threat Researcher, IBM Managed Security Services

Dave brings over 25 years of network security knowledge to IBM. Dave began his career in IBM over 15 years ago where he was part of a core team of six IBMers that created the IBM Emergency Response Service which eventually grew and evolved into Internet Security Systems. As an industry-recognized security expert and thought leader, Dave's background in security is full featured. Dave thrives on identifying threats and developing methods to solve complex problems. His specialties are intrusion detection/prevention, ethical hacking, forensics and analysis of malware and advanced threats. As a member of the IBM MSS Threat Research Team, Dave takes the intelligence he has gathered and turns out immediate tangible remedies that can be implemented within a customer’s network or on IBM MSS's own proprietary detection engines. Dave became interested in security back in the late 1980's and owned and operated a company that provided penetration and vulnerability testing service, one of the first of its kind. As the internet's footprint began to grow, it became clear to him there was a new problem on the horizon; protecting data. Dave worked with WheelGroup (later acquired by Cisco) where he helped develop NetRanger IDS and NetSonar. Dave also assisted with development of the very first IBM intrusion detection system, BillyGoat. Dave also has developed several other security based methods and systems which were patented for IBM.

Written By Dave McMillen

Command Injection: A Deadly Needle in the Haystack

Command injection attacks may not get a lot of hype, but they can be seriously damaging to an enterprise that isn't careful about its security.

The Webshell Game Continues

IBM X-Force researchers have noted a dramatic increase in the use of malicious webshell attacks throughout the first half of 2016.

Got WordPress? PHP C99 Webshell Attacks Increasing

IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.

Why Botnets Remain the Go-To Weapon for Cybercriminals

Aside from reappearing botnets, a newer angle to this threat is the thingbot — a botnet composed of infected Internet of Things (IoT) devices.

Blind SQL Injection: The Last Handkerchief Up the Attacker’s Sleeve

Blind SQL injections are still being leveraged by actors to steal information. Here's what users need to know about these persistent attacks.

Manufacturing Security: Managing Machines in Motion

What happens when manufacturing processes running at optimum efficiency to meet market demand are suddenly altered unintentionally or maliciously?

How Technology Advances Create Industrial Risk for Organizations

A look at industrial risk in industrial control systems (ICS), the susceptibility of ICS to certain attacks and how these systems can be defended.

IBM X-Force Research: Understanding the Risks of Content Management Systems

In today’s fast-paced business world there’s an ever-growing need for quick changes to web content. This used to be the responsibility of webmasters who created HTML code, JavaScript modules and plugins on the fly, but therein lay a fundamental...

Hidden Warnings: A Look at Indicators of Compromise (IoC)

Modern techniques and tools can assist security professionals with digging in and identifying the key indicators of compromise (IoC) on a network.

Co-Written By Dave McMillen

An Increase in PowerShell Attacks: Observations From IBM X-Force IRIS

Since the open source release of the PowerShell framework in 2016, IBM X-Force Incident Response and Intelligence Services (IRIS) has identified an upward trend in malicious PowerShell use.