Security – Bogomil Shopov

Github is still #1 malware hosting network

August 20, 2025 by Bogomil Shopov

A chart stating that github is #1 malware site

I visit a lot of sources to research my talk entitled “The archetypes of the attackers“. One of those is URLhouse, where you can see some good stats on the malware distribution. Sometimes, we as developers unquestioningly trust everything that comes from the sources we constantly use. GitHub is not an exception. Do I need … Read more

Steganography API at your service. (upd)

October 10, 2023October 6, 2023 by Bogomil Shopov

Steganography is the art and science of embedding secret messages in a cover message so that no one, apart from the sender and intended recipient, suspects the existence of the message. The most common example is to hide a message in an image file without compromising how the image looks. Most people use the photos … Read more

My Threat Modeling book is available in 12 networks and supports the Fedora Project.

January 18, 2024December 22, 2022 by Bogomil Shopov

A screen from the e-shop that sells the threat modeling e-book

I started distributing my little e-book to the world a few weeks ago. Now I am sharing that it’s available on at least 12 websites that you probably use, including Barnes and Noble, Google Play, Apple Books, and the Kindle store. If you are curious about the Threat Modeling topic, here is what this book … Read more

Get my Threat Modeling e-book for just $3.

June 12, 2023December 9, 2022 by Bogomil Shopov

Why e-book? So, I wrote a small e-book compiling all the knowledge I have from researching and training more than 200 people on efficient threat modeling. I decided to push it as an e-book for a few reasons: How is this threat modeling e-book different from the others on the market? First, thanks for choosing … Read more

A convenient guide to starting you on Threat Modeling – part two

November 28, 2022November 18, 2022 by Bogomil Shopov

In part one of this article, I started to look at the challenge of making threat modeling better as a development team. I recommend reading it first before continuing with this one. Continue(Threat Modeling); At this point, you should know your attackers and assets and build a register of threats. This information should give you … Read more

A convenient guide to starting you on Threat Modeling – part one

November 28, 2022November 18, 2022 by Bogomil Shopov

Per Wikipedia, the core definition of threat modeling is “A process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.” Suppose we want to get practical and decode this into something everyone can understand. In that case, it’s answering four simple … Read more