I am the co-founder of Knight Group, a holding company of the Knight Family Office that operates six companies in its portfolio; Knight Studios, a television and movie production company that owns and operates a television streaming service called Knight TV+; Knight Events, an events management company that hosts annual conferences; Knight Coffee Co., a specialty coffee roaster and reserve; Knight Publishing, a book publishing company; and Brier & Thorn, a Managed Security Services Provider.

OUTBREAK: DATA SECURITY IN THE NEW ERA OF PANDEMICS AND REMOTE WORKERS
Publish Date: MAR 2020
Client: Approov, Inc.

Synopsis: Outbreak: Data Security in the New Era of Pandemics addresses a growing concern in data security of trade secrets, intellectual property, and sensitive data loss in a new era of remote workers as a result of pandemics and other factors driving businesses to allow employees to work from home.
HACKING HEALTHCARE: EXPLOITING THE NEW API ATTACK SURFACE IN TELEMEDICINE APPS
Publish Date: NOV 2020
Client: Approov, Inc.

Synopsis: In this adversarial analysis of telemedicine mobile apps, an invisible attack surface is uncovered in healthcare that underscores a systemic lack of hardening of APIs and mobile apps putting our protected healthcare information at risk.
RANSOMWARE, INC:
THE RISE OF TARGETED RANSOMWARE CRIME SYNDICATES
Publish Date: DEC 2020
Client: Illusive, Inc.

Synopsis: This paper discusses the rise of a new threat, targeted ransomware -- or as Microsoft refers to it, “human- operated ransomware.” This new type of ransomware is created specifically and fine tuned for the organizations an operator is targeting and is increasingly [..]
A HOUSE DIVIDED: RE-MAPPING MITRE ATT&CK TO NETWORK DETECTION AND RESPONSE
Publish Date: DEC 2020
Client: Lastline, Inc.

Synopsis: This paper underscores the significance of how machine learning is helping to address the challenge of threat detection in a world of encrypted east-west traffic in networks and datacenters.
BREAKING BANKS: RANSOMWARE BIG GAME HUNTING IN FINANCIAL SERVICES AND FINTECH
Publish Date: DEC 2020
Client: Illusive, Inc.

Synopsis: This paper addresses the growing threat of big game hunters targeting financial services companies in an effort to extort larger payouts by bringing their services [..]
ALL THAT WE LET IN: HACKING 30 MOBILE HEALTH APPS AND APIs
Publish Date: FEB 2021
Client: Approov, Inc.

Synopsis: According to Mobius MD, there are now over 318,000 mHealth apps available in major app stores. Over 60 percent of people have downloaded an mHealth app, which is now more common of a smartphone activity than online banking, job searches [..]
ISOLATED CASTLES:
INCIDENT RESPONSE IN THE NEW WORK FROM HOME ECONOMY
Publish Date: MAR 2021
Client: Tanium, Inc.

Synopsis: It can no longer be a topic of debate. If you have enterprise assets connected to the Internet, you will get breached. It is only just a matter of when. Every organization, especially in today’s work-from-home economy must have a documented incident response plan [..]
Go Fuzz Yourself:
How to Find More Vulnerabilities in APIs Through Fuzzing
Publish Date: AUG 2021
Client: Detectify, Inc.

Synopsis: This white paper demystifies API fuzzing, why it should be incorporated into every API penetration test, and what free, open source fuzzers are available and how to use them.
RUNNING WITH KITES: HACKING APIS THROUGH FUZZING
AND CONTENT DISCOVERY
Publish Date: JUN 2021
Client: Detectify, Inc.

Synopsis: This paper provides a step-by-step workflow for performing fuzzing and content discovery of APIs using Kiterunner. Along the journey of teaching Kiterunner, it also presents empirical data resulting from [..]
PLAYING WITH FHIR: HACKING AND SECURING FHIR APIs
Publish Date: OCT 2021
Client: Approov, Inc.

Synopsis: Alissa Knight has spent the last year focusing on hacking Fast Healthcare Interoperability and Resources (FHIR) APIs, working with some of the world’s largest Electronic Health Record (EHR) companies and healthcare providers in her vulnerability research.
THE PRICE OF HUBRIS: THE PERILS OF OVERESTIMATING THE SECURITY OF YOUR APIS
Publish Date: JUL 2021
Client: Traceable, Inc.

Synopsis: This eBook offers a cautionary tale to
CISOs and other cybersecurity leaders
who believe their APIs are secure when
using the wrong security controls for
the job. This is a [..]
FOOTPRINTS IN THE SAND: STARVING ADVERSARIES FROM LIVING OFF THE LAND
Publish Date: OCT 2021
Client: Illusive, Inc.

Synopsis:This white paper demystifies attack surface management (ASM) and why it should be a required layer in your security control stack. The fact is indisputable. There is a direct linkage between identity risk and [..]
STARVING YOUR ADVERSARIES:
PREVENTING ATTACKERS FROM LIVING OFF THE LAND
Publish Date: FEB 2022
Client: Illusive, Inc.

Synopsis:This white paper was written for Chief Information Security Officers (CISOs) and other cybersecurity management as well as security engineers wanting to better understand the threat of subdomain takeover, what it is [..]
VIEW FROM THE ATTACKER: THE TOOLS
Publish Date: MAY 2022
Client: Illusive, Inc.

Synopsis: In this third and final installment of the View From the Attacker series, I introduce the tactics used by adversaries and the tools they use when a foothold has been established on a target network to exploit privileged identity sprawl, shadow admins, and other issues [..]
AT FIRST SIGHT:
MANAGING THE EXTERNAL ATTACK SURFACE AND SUBDOMAIN TAKEOVER THREATS
Publish Date: FEB 2022
Client: Detectify, Inc.

Synopsis: The goal of this white paper is to educate organizations on the threat of subdomain takeover, demystify exactly what it is, and further explain the importance of [..[
DANCING WITH THE DEVIL AN API HACKER'S SHOWDOWN WITH TRACEABLE'S API SECURITY SOLUTION
Publish Date: JAN 2023
Client: Traceable, Inc.

Synopsis: This white paper documents my targeting and exploitation of an API protected behind Traceable and whether it was effective in detecting and stopping [..]
Home
A. V. Knight
Knight Family Office
Works
A dropdown icon
Let's Talk