Security+ March 2, 2021 Greg Belding The Security+ CBK Domains: Outline and key points Change is constant, and this extends to certifications like CompTIA’s Security+. CompTIA releases a new version of their certification exams every three years...
Cyber ranges March 2, 2021 Howard Poston Cyber ranges: Who are they for and how can they help The field of cybersecurity has a number of great books and references. Whether general overviews, deep dives into particular skill sets, or certification...
Penetration testing March 1, 2021 Infosec Basic Snort Rules Syntax and Usage [updated 2021] In this series of lab exercises, we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting...
Cyber ranges March 1, 2021 Howard Poston What types of cybersecurity skills can you learn in a cyber range? A cyber range is an environment designed to provide hands-on learning for cybersecurity concepts. This typically involves a virtual environment designed to...
Capture the flag (CTF) March 1, 2021 Security Ninja Hack the Box [HTB] machines walkthrough CTF series — Omni Hack the Box (HTB) is an excellent platform that hosts machines belonging to multiple operating systems. Individuals have to solve the puzzle (simple enumeration...
News February 25, 2021 Sam Fay Cybersecurity Weekly: Phishing attacks spike, SHAREit patch, NSA exploit Malformed URL prefix phishing attacks spike 6,000%. SHAREit fixes security bugs in their app with one billion downloads. Hackers used an NSA exploit years before the Shadow Brokers leak. All this, and more, in this week’s edition of Cybersecurity Weekly....
Security+ February 25, 2021 Daniel Brecht The Security+ Exam Information [updated 2021] Security+ by CompTIA is a certification that validates the baseline skills of an individual required to perform core security functions and pursue a career...
Capture the flag (CTF) February 25, 2021 LetsPen Test ELECTION: 1 VulnHub CTF walkthrough Information shared in this article is intended for educational purposes only. Infosec and the author are not responsible for nefarious actions associated with...
General security February 25, 2021 Daniel Dimov Key findings from ESG’s Modern Application Development Security report In August 2020, the Enterprise Strategy Group (ESG) published its report, “Modern Application Development Security.” ESG is a company specialized in IT-related...
Cloud security February 24, 2021 Mosimilolu Odusanya CloudGoat walkthrough series: IAM privilege escalation by attachment This is the fourth in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security...