General security January 16, 2023 Bianca Gonzalez Password security: Using Active Directory password policy Learn how to implement password security policies using Active Directory in this walkthrough from Infosec Skills author Mike Meyers.
General security November 7, 2022 Bianca Gonzalez Inside a DDoS attack against a bank: What happened and how it was stopped Distributed denial-of-service attacks are often used to disrupt websites. Learn how one bank got attacked and what they did to stop it.
Hacking December 26, 2022 Bianca Gonzalez How to crack a password: Demo and video walkthrough Infosec Skills author Mike Meyers shows just how easy it is to use a brute-force attack or a password dictionary attack to crack a password.
Hacking December 19, 2022 Bianca Gonzalez Inside Equifax’s massive breach: Demo of the exploit The Equifax data breach affected nearly half of the U.S. population. In this episode of Cyber Work Applied, see how the attack actually happened.
Penetration testing September 20, 2022 Pedro Tavares Red Teaming: Taking advantage of Certify to attack AD networks Learn more about using Certify to attack AD networks.
Penetration testing April 29, 2022 Louis Livingston-Garcia How ethical hacking and pentesting is changing in 2022 The cloud and new web applications are changing the world of ethical hacking and penetration testing.
Application security January 12, 2023 Nitesh Malviya Introduction to DevSecOps and its evolution and statistics Learn about the growth of DevSecOps and key statistics associated with it for 2022.
Application security October 18, 2022 Gina Napier MongoDB (part 3): How to secure data Learn how to secure data in a MongoDB database.
Security awareness January 30, 2023 Bianca Gonzalez 5 ways to prevent APT ransomware attacks APT groups are behind recent ransomware campaigns. Learn five ways you can prevent your organization from becoming the next victim.
Security awareness January 20, 2023 Jeff Peters Celebrate Data Privacy Week: Free privacy and security awareness resources Practice data privacy year-round with these free resources for Data Privacy Week! Learn about data privacy best practices, data privacy careers and more.
Professional development January 27, 2023 Patrick Mallory Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity How VetsInTech helped a career Army medic achieve his goal of becoming a cybersecurity professional and his advice for other veterans
Professional development January 19, 2023 Graeme Messina 7 top security certifications you should have in 2023 Earning a cybersecurity certification can help you stand out and get hired. Find out which certs are most in-demand in 2023.
Malware analysis January 10, 2023 Pedro Tavares How AsyncRAT is escaping security defenses Learn more about the popular and dangerous AsyncRAT malware.
Malware analysis October 19, 2022 Pedro Tavares Chrome extensions used to steal users’ secrets Learn how Chrome extensions are being used for nefarious purposes.
Phishing January 9, 2023 Bianca Gonzalez How Zoom is being exploited for phishing attacks Learn how easy it is to create a Zoom phishing email in this episode of Cyber Work Applied with Infosec Principal Security Researcher Keatron Evans.
Phishing March 20, 2022 Christine McKenzie 11 phishing email subject lines your employees need to recognize [Updated 2022] 53% of organizations reported a phishing-related breach. Here are the top phishing email subject lines your employees should be able to recognize.
Capture the flag (CTF) April 14, 2022 LetsPen Test THE PLANETS EARTH: CTF walkthrough, part 1 This is an easy-level CTF and is recommended for beginners in the field.
Capture the flag (CTF) April 11, 2022 LetsPen Test EMPIRE BREAKOUT: VulnHub CTF walkthrough Learn some crucial cybersecurity skills with this capture the flag activity.
Digital forensics July 14, 2022 Pedro Tavares Top 7 tools for intelligence-gathering purposes Experts can often collect significant artifacts related to the authors behind the analyzed scenarios during cybersecurity exercises, including details such...
Digital forensics September 7, 2021 Hashim Shaikh iOS forensics Day by day, smartphones and tablets are becoming ever more popular, and as a result, the technology used in development to add new features or improve the security...
Management, compliance & auditing January 30, 2023 John Bandler Federal privacy and cybersecurity enforcement — an overview Learn a quick overview of the federal government’s privacy and cybersecurity laws.
Management, compliance & auditing September 20, 2022 John Bandler U.S. privacy and cybersecurity laws — an overview Learn how federal and state privacy laws intersect with cybersecurity and how to comply without being overwhelmed.
News January 30, 2023 Dan Virgillito Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware An ex-employee leaks a Yandex source code repository, malware campaign infects over 4,500 WordPress sites and the new SwiftSlicer wiper tool. Catch all this...
News January 23, 2023 Dan Virgillito PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware Credential stuffing attack exposes data of 35,000 PayPal accounts, Chinese hackers exploit Fortinet VPN vulnerability as 0-day and the new Android Hook malware....
Secure coding January 17, 2023 Nitesh Malviya DevSecOps Tools of the trade Dig into the DevSecOps tools, including Source Composition Analysis and Static Analysis Security Testing, used in cybersecurity work.
Secure coding January 16, 2023 Gilad Maayan Secure software deployment for APIs Why application programming interfaces (or APIs) are an essential component of cybersecurity.
Reverse engineering July 26, 2021 Howard Poston Kali Linux: Top 8 tools for reverse engineering These Kali Linux tools are great for offensive and defensive cybersecurity.
Reverse engineering March 1, 2021 Richard Azu Stacks and Heap Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program. During...
Network security January 2, 2023 Bianca Gonzalez How to use Nmap and other network scanners Learn how to use free network scanning tools like Nmap, Zenmap and Advanced Port Scanner in this episode of Cyber Work Applied.
Network security October 26, 2022 Dan Virgillito Security engineers: The top 13 cybersecurity tools you should know Security engineers utilize a range of tools to prevent cyber threats. These are the top 13 tools security engineering industry leaders are using now.
Threat Intelligence August 3, 2021 Dan Virgillito Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more The demand for dark web hacking tools has reached all-time highs across the cybercriminal ecosystem during the COVID-19 pandemic.
Threat Intelligence July 29, 2021 Dan Virgillito Double extortion ransomware: Pay now or get breached Ransomware has become a lot more sophisticated recently, and learning more about it is important to stay safe in case it happens to you.
Cryptography January 23, 2023 Bianca Gonzalez How does hashing work: Examples and video walkthrough What is password hashing? Infosec Skills author Mike Meyers explains how a hash works and demonstrates common hashing use cases.
Cryptography August 18, 2022 Patrick McSweeney How does encryption work? Examples and video walkthrough Infosec Skills author Mike Meyers provides an easy-to-understand walkthrough of cryptography.
Industry insights January 17, 2023 Drew Robb Data storage security isn’t working: Here are 5 ways to improve Data storage and backup systems are far more insecure than other IT systems, research says. Here are five ways to improve their security.
Industry insights January 10, 2023 Drew Robb Protect your data with zero-trust networks 83% of former employees retain access to one or more of your company's accounts. It's past time to use a zero-trust network to ensure your data stays safe.
Cloud security May 24, 2022 Gilad Maayan Security risks of cloud migration An overview of cloud migration projects and the considerations for migrating applications to the cloud.
Cloud security May 3, 2022 Gilad Maayan DevSecOps in the Azure Cloud Explore how organizations operating in the Microsoft Azure cloud can use a vendor-prescribed architecture and dedicated security tools to adopt a DevSecOps process.
Operating system security September 22, 2022 Daniel Brecht Certifications compared: Linux+ vs RHCSA/RHCE [2022 update] Find out which certifications are best to validate your knowledge and skills working in open-source environments.
Operating system security June 2, 2021 Daniel Brecht Android security: Everything you need to know [Updated 2021] Android devices have a host of security risks, but updates are helping to mitigate them.
Incident response January 19, 2022 Gilad Maayan How will zero trust change the incident response process? Find out how Zero Trust security affects the incident response process.
Incident response November 26, 2021 Waqas How to build a proactive incident response plan The average cost of a data breach is now $4.24 million. A proactive incident response plan is crucial to help organizations mitigate that risk.
Vulnerabilities September 27, 2022 Pedro Tavares Digium Phones Under Attack and how web shells can be really dangerous Learn about the dangers web shells have on Digium phones.
Vulnerabilities August 30, 2022 Pedro Tavares vSingle is abusing GitHub to communicate with the C2 server Lazarus' advanced persistent threat (APT) operations use malware specially crafted for attacking financial institutions, espionage, and disruptive purposes.
Critical infrastructure October 4, 2022 Drew Robb Securing operational technology: Safeguard infrastructure from cyberattack How do we guard operational technology against cyberattacks? Tune in as Francis Cianfrocca, Insight Cyber Group CEO, & Chris Sienko dissect this very issue.
Critical infrastructure October 6, 2021 Greg Belding Operation technology sees rise in targeted remote access Trojans and ransomware Operation technology (OT) is one of the most overlooked segments of the IT sector that attack groups target.
Healthcare information security August 18, 2021 Susan Morrow Genetic testing “hottest” new form of health insurance fraud, FBI warns The FBI is finding more and more cases of health insurance fraud. Learn more about it.
Healthcare information security July 13, 2021 Susan Morrow Healthcare data security issues: Best security practices for virtual healthcare sessions With more telehealth and related digital mechanisms to deliver health, healthcare data security standards are more important than ever.
MITRE ATT&CK™ December 6, 2022 Bianca Gonzalez Executing the Sandworm APT: Lab and walkthrough Learn the techniques the Sandworm APT hacking group used to compromise, pivot from and destroy a server. Then try to do it yourself.
MITRE ATT&CK™ November 29, 2022 Bianca Gonzalez Using persistence to maintain a foothold: Example and walkthrough Learn how threat actors use MITRE ATT&CK® persistence techniques to maintain a foothold in an environment. Then try the techniques yourself.
Threat hunting December 3, 2021 Waqas Compromise assessment or threat hunting? What do organizations need? Compromise assessment and threat hunting are two rising techniques of implementing network security. Figure out what your organization needs.
Threat hunting February 15, 2021 Dan Virgillito Deception technologies: 4 tools to help you identify threats and mitigate risks Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...
Machine learning and AI February 3, 2022 Kimberly Doyle AI and machine learning career paths, trends and job prospects Learn about the job prospects for artificial intelligence and how to prepare for a career in it.
Machine learning and AI November 30, 2021 Susan Morrow Will a Digital Bill of Rights solve machine learning and privacy issues? Will the Digital Bill of Rights fix the machine learning algorithm and privacy conundrum?
IoT Security July 28, 2022 Lester Obbayi Capture: Improve IoT firmware security with new firmware architecture In this article, we shall discuss what Capture is and discuss how its application can benefit both IoT device owners and IoT device vendors.
IoT Security May 4, 2021 Susan Morrow Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021] As smart toys get more advanced, they bring more cybersecurity risk with them.
Blockchain security July 14, 2021 Susan Morrow Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy? Learn more about decentralized identifiers and the role they play in keeping your privacy and data intact.
Blockchain security April 26, 2021 Susan Morrow Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations A new Cryptocurrency Enforcement Framework was recently released. Learn how it may impact cryptocurrency, cybersecurity and digital forensics investigations.
Insider threat November 9, 2021 Kurt Ellzey Homeland Security’s Cyber Talent Management System (CTMS) Find out all you need to know about the Department of Homeland Security's Cyber Talent Management System.
Insider threat November 3, 2021 Kurt Ellzey Insider risk management: Balancing security and employee agility How to balance security when insider risk management is a concern.
NIST Cyber Security Framework November 18, 2021 Howard Poston NIST first responder guidance: Balancing mobile security with response time The NIST 1800-13 standard describes how public safety first responder organizations can improve access to sensitive data without compromising security
NIST Cyber Security Framework October 26, 2021 Susan Morrow Critical software security guidance issued by NIST Explore the five best practices in cybersecurity risk mitigation for all organizations based on NIST's Security Measures for EO-Critical Software Use.
Cyber ranges August 1, 2022 Elise Chan Infosec Skills August Challenge Join the quest for new skills, bragging rights and over $1,000 in prizes. Each month, we’ll release a brand new challenge. Can you complete it?
Cyber ranges March 22, 2021 Patrick Mallory ICS cyber ranges: Hands-on training for industrial control system security teams Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control...
DoD 8570 January 26, 2023 Beth Osborne The ultimate guide to DoD 8570 certification and compliance Everying you need to know about the Department of Defense's 8570 Directive.
DoD 8570 November 17, 2022 Greg Belding DoDD 8570 IAM level III A complete guide to DoDD 8570 IAM Level III
NICE Framework June 23, 2021 Susan Morrow Two ways to build a secure software team using the NICE Framework The NICE Framework can help you run your organization smoothly.
NICE Framework May 6, 2021 Susan Morrow Two ways to build a cybersecurity team using the NICE Framework Using the NICE Framework for Cybersecurity will help you structure your team against cyberthreats.