Python for network penetration testing: an overview
Python is an extremely powerful and versatile scripting language. It is designed to be easy to write, and its large number of libraries provide a great deal...
Topics
Decrypting SSL/TLS traffic with Wireshark [updated 2021]
The internet wasn’t designed to be secure from the start. Many protocols (such as HTTP and DNS) were designed to serve their purpose of conveying information...
Dumping a complete database using SQL injection [updated 2021]
SQL Injection is a web-based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most...
Basic Snort Rules Syntax and Usage [updated 2021]
In this series of lab exercises, we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting...
Exploiting NFS Share [updated 2021]
Recently, while performing a network-level penetration testing activity for one of the clients, I came across a vulnerability which was used to compromise...
Key findings from ESG’s Modern Application Development Security report
In August 2020, the Enterprise Strategy Group (ESG) published its report, “Modern Application Development Security.” ESG is a company specialized in IT-related...
Microsoft’s Project OneFuzz Framework with Azure: Overview and concerns
In September 2020, the Microsoft Security Team announced that Microsoft’s new open-source fuzzing platform, Project OneFuzz, was available as an open-source...
Excel 4.0 malicious macro exploits: What you need to know
Adversaries are finding new ways to weaponize Excel 4.0 macros for delivering additional, more sophisticated malware....
Worst passwords of the decade: A historical analysis
Cybersecurity breaches are on the rise, so it’s perplexing that so many people continue to use the same basic passwords. Perhaps it’s the exhaustion of...
Malicious Excel attachments bypass security controls using .NET library
A recent threat group called Epic Manchego is using a new technique to create Excel files to bypass antivirus (AV) and and get low detection rates. By exploring...
Top 9 Phishing Simulators [Updated 2021]
The title of this article was supposed to be “Top 10 Free Phishing Simulators”. However, after much searching, trying, visiting of broken links, filling...
3 tips to build a stronger cybersecurity team with Katie Boswell and Jason Jury
Learn how to build a stronger cybersecurity team with these tips from KPMG Cyber’s Katie Boswell and Booz Allen Hamilton’s Jason Jury....
(ISC)² certifications: The ultimate guide [updated 2021]
(ISC)² offers six internationally-recognized security certifications that can help you advance your cybersecurity career. ...
APT Sandworm (NotPetya) technical overview
Sandworm, also known as Telebots, is one of the most dangerous Russian threat actors impacting industrial control systems. ...
MRBMiner malware: What it is, how it works and how to prevent it | Malware spotlight
MrbMiner is a recent malware discovered and documented by the Tencent Team last September. It targets MSSQL databases and implants cryptomining modules on target...
Email forensics: desktop-based clients
Emails are the most commonly used technology for exchanging messages between people/business using electronic media. With every technology, there comes a risk.This...
What is a Honey Pot? [updated 2021]
Honeypots are special programs that are written for one purpose: to be exploited. Honeypots emulate the appearance of a vulnerability so that attackers, viruses...
Y0usef 1 VulnHub CTF walkthrough
This is an easy CTF tasking you with gaining root access to the machine. To complete this task, two flags will need to be read....
Tomato 1: VulnHub CTF walkthrough
Information shared in this article is intended for educational purposes only. Infosec and the author are not responsible for nefarious actions associated with...
Commercial off-the-shelf IoT system solutions: A risk assessment
The Internet of Things (IoT) is growing rapidly. IoT devices provide convenience and can be a more efficient and cost-effective solution to a variety of different...
A school district’s guide for Education Law §2-d compliance
During the 2014-2105 fiscal year, the New York State Education Department enacted Education Law §2-d, which includes a series of provisions designed to enhance...
Stacks and Heap
Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program.
During...
Top 8 Reverse Engineering Tools for Cyber Security Professionals [Updated 2021]
Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together...
How to implement common logic constructs such as if/else/loops in x86 assembly
X86 is an assembly language. It is also backward compatible. It is said to be compatible with systems going back 1972. Object codes can be created by x86...
How to control the flow of a program in x86 assembly
X86 is an assembly language. It is also backward compatible. It is said to be compatible with systems going back 1972. Object codes can be created by x86...
Cellular Networks and Mobile Security
Despite their seemingly endless coverage (your mileage will definitely vary), Cellular Network security has proven to be surprisingly robust over the years....
Wi-Fi Security
Wi-Fi is one of those things that has become so ubiquitous that it can be extremely easy to just forget to turn it off on your mobile device before you leave...
Cybersecurity Weekly: Vaccine phish, firewall evasion, VMware authentication fix
Phishing attacks use vaccine surveys to steal personal info. Hackers are using a Windows OS feature to evade firewalls. VMware fixes an authentication bypass....
Cybersecurity Weekly: California phished, ransomware tied to Hafnium, MobiKwik breach
A phishing attack leads to a breach at California State Controller. Microsoft Exchange servers are now targeted by BlackKingdom ransomware. A Zoom screen sharing bug lets users access restricted apps. All this, and more, in this week’s edition of Cybersecurity Weekly....
FBI warning: China-based hacking group APT41 hacks into over 100 companies
Hacking group APT41 used spearphishing attacks, publicly known exploits and carefully crafted personas to compromise more than 100 companies worldwide....
ATP group MontysThree uses MT3 toolset in industrial cyberespionage
Targeted malware is often an issue for officials such as diplomats and telecom operators. In rare cases, industries become a target, which is known as industrial...
Quantum cyberattacks: Preparing your organization for the unknown
Quantum computing has been a buzzword for several years. And while it’s still the early days, several industries have been showing progress, and 2020 brought...
An Introduction to asymmetric vs symmetric cryptography
Most people are aware of the basic idea behind cryptography — hiding a message with a code that can only be decoded by your intended recipient. However, this...
AWS Security and Compliance Overview
Amazon offers many solutions for ensuring your environment is secure and meets many industry standard compliance frameworks. By properly utilizing tools such...
CloudGoat walkthrough series: IAM privilege escalation by attachment
This is the fourth in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security...
DHS Cyber Hunt and Incident Response Teams (HIRT) Act: What you need to know
Not a month goes by without the new media reporting that another city or municipality has fallen victim to a cyberattack, and oftentimes this attack comes...
When and how to report a breach: Data breach reporting best practices
One day you go into work and the nightmare has happened. The company has had a data breach. This scenario plays out, many times, each and every day, across...
Application sideloading in Windows 10
Windows 10 security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access is restricted...
Web Browser Security in Windows 10
Windows 10 browser security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access...
ICS/SCADA Threats and Threat Actors
Industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems play a critical role in critical infrastructure and industrial...
Incident response and recovery best practices for industrial control systems
In collaboration with the North American Electric Reliability Corporation (NERC), the Federal Energy Regulatory Commission (FERC) developed a 2020 Cyber Planning...
Analysis of ransomware used in recent cyberattacks on health care institutions
In recent years, there has been a steady increase in the number of ransomware attacks on healthcare institutions. The pressure such institutions experienced...
Top Cyber Security Risks in Healthcare [Updated 2020]
The healthcare industry is a prime target for cybercriminals. Stolen protected health information (PHI) is worth hundreds, even thousands of dollars on the...
Volodya/BuggiCorp Windows exploit developer: What you need to know
Check Point researchers unveiled the identity of two authors responsible for zero-day attacks on Windows using a novel technique that allows them to recognize...
AWS APIs abuse: Watch out for these vulnerable APIs
In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumerate...
Most common MITRE ATT&CK tactics and techniques: CISA shares most common RVAs
CISA has released a list of Risk and Vulnerability Assessments, or RVAs, to the MITRE ATT&CK Framework and have released their findings to the public...
Using MITRE ATT&CK with cyber threat intelligence
MITRE ATT&CK® is a framework. It’s designed as a store of knowledge about the possible ways that cyber attackers might create a plan or execute that...
Deception technologies: 4 tools to help you identify threats and mitigate risks
Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...
Threat hunting with Kolide and osquery
In this article, we’ll discuss how we can use Kolide Fleet for threat-hunting purposes. This article is not intended to be an introductory piece, but rather...
Japan’s IoT scanning project looks for vulnerable IoT devices
The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and continues to expand at a healthy...
IoT Security Fundamentals: IoT vs OT (Operational Technology)
Introduction: Knowing the Notions
Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication,...
Blockchain and Hash Functions
Hash functions are cryptographic algorithms designed to protect the integrity of data. Hash functions have a few useful properties, including:
One-Way:...
Attacking Block Creation
Blockchain is a relatively new technology that is achieving rapid adoption. It has a number of built-in protections and incentives designed to allow the decentralized...
Machine Learning for Social Engineering
Social engineering is a form of communication that aims at gaining people’s trust at first and then prompting them to share sensitive information or do...
Is AI the cybersecurity skills shortage silver bullet?
Views and opinions published in this article are intended to foster productive thought and discussion around challenges in the cybersecurity industry. Views...
ICS cyber ranges: Hands-on training for industrial control system security teams
Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control...
Purple team cyber ranges: Hands-on training for red and blue teams
Businesses are always adapting and innovating when it comes to cybersecurity. While the use of layered defenses and red and blue teams used to be enough, many...
Insider threat report: Former Twitter employees charged with spying for Saudi Arabia
Insider threats are malicious threats to an organization that come from employees and other people working at that organization. This type of threat is particularly...
8 of the world’s biggest insider threat security incidents
If you work in security or are just interested in the general area of cybersecurity you will no doubt have heard of the dreaded insider threat. In the context...
NIST CSF: Cybersecurity basics — Foundation of CSF
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is all about the security of critical Infrastructure. NIST SP 800-30,...
NIST CSF: Implementing NIST CSF
The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide voluntary guidance for...
PenTest+: DoDD 8570 overview
In November 2020, the US Department of Defense (DoD) has selected CompTIA PenTest+ as an approved certification for military personnel and defense contractors...
Introduction to the DoD Cyber Workforce Framework (DCWF)
In response to the ever-changing world, including the increased focus on cyberspace as a theater of war, the US Department of Defense (DoD) decided that it...
Close Your Skills Gap: Putting the NICE Workforce Framework for Cybersecurity to Work
If you’re looking for a blueprint that classifies, manages and explains cybersecurity work, the National Initiative for Cybersecurity Education (NICE) has...
What is the difference between the NICE Framework and DoDD 8140/8570?
For those looking into government work, or for those just plain interested in the different cybersecurity frameworks out there, have probably encountered...