Key findings from ESG’s Modern Application Development Security report
In August 2020, the Enterprise Strategy Group (ESG) published its report, “Modern Application Development Security.” ESG is a company specialized in IT-related...
Topics
Decrypting SSL/TLS traffic with Wireshark [updated 2021]
The internet wasn’t designed to be secure from the start. Many protocols (such as HTTP and DNS) were designed to serve their purpose of conveying information...
Dumping a complete database using SQL injection [updated 2021]
SQL Injection is a web-based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common...
CompTIA Security+ Certification: History of the Exam [updated 2021]
Note: Daniel Brecht contributed to the update of this article.
CompTIA continues to rework the Security+ certification curriculum that establishes the core...
10 benefits of security awareness training
Great training is the bedrock of engaged employees. Engaged means they are aware of and follow directives. Without training, employees could be making serious...
Software maturity models for AppSec initiatives
Software is on the front lines of security: a 2019 report from GitLab found that almost half of respondents deploy software on-demand or multiple times per...
Best Free and Open Source SQL Injection Tools [Updated 2021]
SQL injection is one of the most common attacks against web applications. This is used against websites which use SQL to query data from the database server....
Basic Snort Rules Syntax and Usage [updated 2021]
In this series of lab exercises, we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting...
Exploiting NFS Share [updated 2021]
Recently, while performing a network-level penetration testing activity for one of the clients, I came across a vulnerability which was used to compromise...
11 phishing email subject lines your employees need to recognize
By now, we’ve all probably received an enticing email from a long-lost relative promising untold riches and wealth. In fact, there might be a few sitting...
Phishing with Google Forms, Firebase and Docs: Detection and prevention
The COVID-19 pandemic spurred a massive shift toward telework as companies tried to both stay operational and safe. One of the biggest impacts of this shift...
Computer Forensics is one of the hottest subject areas in our articles, mini-courses, and forensics boot camps. If you or your organization needs classroom or online computer forensics training, call an account representative at 877-471-0059.
Email forensics: desktop-based clients
Emails are the most commonly used technology for exchanging messages between people/business using electronic media. With every technology, there comes a risk.This...
What is a Honey Pot? [updated 2021]
Honeypots are special programs that are written for one purpose: to be exploited. Honeypots emulate the appearance of a vulnerability so that attackers, viruses...
Ghimob Trojan Banker: What it is, how it works and how to prevent it | Malware spotlight
Introduction
Malware is a popular term used to classify software with bad proposes that is part of our lives these days. Ghimob Trojan Banker is one of the...
Stantinko Trojan: What it is, how it works and how to prevent it | Malware spotlight
The number of threats attacking Linux systems have exploded in recent days. Within this context, a botnet that impacted several countries in the past, including...
Hack the box machines walkthrough series — Europa
Hack the Box (HTB) is an excellent platform that hosts machines belonging to multiple operating systems. Individuals have to solve the puzzle (simple enumeration...
Hack the Box [HTB] machines walkthrough CTF series — Omni
Hack the Box (HTB) is an excellent platform that hosts machines belonging to multiple operating systems. Individuals have to solve the puzzle (simple enumeration...
Understanding stacks and heap for reverse engineering
Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program. During...
Top 8 Reverse Engineering Tools for Cyber Security Professionals [Updated 2021]
Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together...
PDF File Format: Basic Structure [updated 2020]
We all know that there are a number of attacks where an attacker includes some shellcode in a PDF document. This shellcode uses some kind of vulnerability...
FBI, DHS & CISA report summarizes top 10 exploited vulnerabilities
According to the Cybersecurity and Infrastructure Security Agency (CISA), foreign cyber actors often exploit software vulnerabilities that have been already...
Mitigating MFA bypass attacks: 5 tips for developers
App developers have enough reasons to integrate multi-factor authentication (MFA) into their offerings. Passwords just don’t do the trick, as they’re...
Introduction to variables
A variable is simply a concept to make programming easier and more efficient. It is entirely possible to have a programming language without different types...
Cybersecurity Weekly: SolarWinds blames intern, AOL phishing scam, Kia ransomware attack
SolarWinds blames an intern for the weak password that led to a cyberattack. An AOL phishing email states your account will be closed. Kia Motors allegedly suffers a ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly....
Cybersecurity Weekly: Phishing attacks spike, SHAREit patch, NSA exploit
Malformed URL prefix phishing attacks spike 6,000%. SHAREit fixes security bugs in their app with one billion downloads. Hackers used an NSA exploit years before the Shadow Brokers leak. All this, and more, in this week’s edition of Cybersecurity Weekly....
6 key elements of a threat model
Threat modeling is a process for threat discovery and risk management. Any system carries potential risk, and a clear understanding of these risks is essential...
Top threat modeling frameworks: STRIDE, OWASP Top 10, MITRE ATT&CK Framework and more
Threat modeling is an exercise designed to identify the potential threats and attack vectors that exist for a system. Based upon this information, it is possible...
Introduction to Full Disk Encryption
Encryption is the process of converting plaintext to encrypted text. Encrypted text hides the original data from unauthorized users since encrypted text cannot...
Virtual Private Networks (VPN) Limitations
You probably have heard about VPNs before. It’s even possible that you might have used one. In this post, we will be learning about VPN, some of its basic...
CloudGoat walkthrough series: IAM privilege escalation by attachment
This is the fourth in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security...
CloudGoat walkthrough series: EC2 server-side request forgery (SSRF)
This is the fifth in the walkthrough series of the CloudGoat scenarios. CloudGoat is a “vulnerable by design” AWS deployment tool designed by Rhino Security...
How to use Microsoft DirectAccess
When you are physically located at an organization's site, it is relatively straightforward to present users with an experience that is consistent across the...
How to protect a Windows 10 host against malware
Contrary to popular belief, malware is not a Space Cowboy costume- that would be "Mal Wear". Malware is the shortened form of "Malicious Software", a term that...
Deception technologies: 4 tools to help you identify threats and mitigate risks
Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...
FBI releases Rana Intelligence Computing indicators of compromise (IOCs)
The FBI’s Cyber Division recently disclosed that Iran’s intelligence agency is employing nation-state actors and a front company, Rana Intelligence Computing,...
7 Steps of the MITRE ATT&CK®-based Analytics Development Method
The MITRE ATT&CK-based analytics development method is a process of using red and blue team engagements to develop and improve the analytics used to detect...
How to Use MITRE ATT&CK® to Map Defenses and Understand Gaps
The MITRE ATT&CK® framework is a useful way to standardize cybersecurity terminology and provides a framework for organizations to plan and evaluate...
Top Cyber Security Risks in Healthcare [Updated 2020]
The healthcare industry is a prime target for cybercriminals. Stolen protected health information (PHI) is worth hundreds, even thousands of dollars on the...
The Most Vulnerable and Hackable Medical Devices
The Internet of Things (IoT) adds convenience and capabilities in both personal and professional applications. Smart device usage in the medical field...
BPCS & SIS
Cybersecurity in the process industries is a growing concern due to the increasing number of cyber attacks against industrial control systems (ICS) and the...
Security Technologies for ICS/SCADA environments
Generally speaking, security is not a priority in the context of industrial control systems (ICSs) and Supervisory Control And Data Acquisition (SCADA) environments....
Infosec Skills Author Jason Welsh shares his passion for Linux and Cybersecurity
Infosec Skills author Jason Welsh on his passion for Linux...
Upskilling to deepen employee engagement & retention
Having a highly-skilled, engaged and motivated workforce is in everyone’s best interest, and it takes a combination of factors to support employees in becoming...
Firewalls and IDS/IPS
A typical corporate network makes use of a number of networking devices and mechanisms for preventing various attacks and maintaining the security of their...
Network traffic analysis for IR: Data exfiltration
Understanding network behavior is a prerequisite for developing effective incident detection and response capabilities. ESG research has found that 87 percent...
IDS/IPS Overview
A typical corporate network makes use of a number of networking devices for preventing attacks originating from the internet and maintaining the security of...
Exploiting built-in network protocols for DDoS attacks
A distributed denial-of-service (DDoS) attack is an attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending...
Digital forensics and incident response: Is it the career for you?
When many of us think of detective work, we conjure up images of trench-coated detectives chasing bad guys down darkened alleyways or poring over black-and-white...
Top 30 Incident Responder Interview Questions and Answers for 2019
As systems move into the cloud and are increasingly exposed to the Internet, incident responders are becoming more necessary in the corporate world. If you...
Acceptable Use Policy (AUP) Template For Public WiFi Networks [Updated 2019]
Acceptable Use Policies (AUPs) are an essential component to all organizations, companies, and other establishments offering Internet or Intranet access.
According...
SAP Mobile Infrastructure Security [Updated 2019]
SAP, like any other large vendor, is evolving towards greater mobility and providing access to its applications from different devices located anywhere in the...
What are Smart Contracts?
Let’s understand what Smart Contracts are using a simple example. Consider the purchase of cookies from a vending machine. The one who wants to buy the...
Introduction to Blockchain Consensus Algorithms
A blockchain is a record of digital transactions. It is a distributed software network which can function both as a digital ledger and as a mechanism allowing...
BEC attacks: A business risk your insurance company is unlikely to cover
Business email compromise (BEC) attacks can cost an organization millions of dollars, and the threat is growing as more business activity takes place online....
The $9 billion BEC threat you can’t ignore
Business email compromise (BEC) attacks are expected to cost businesses $9 billion by the end of 2018, according to Trend Micro estimates. In this discussion...
File Carving
File carving is a process used in computer forensics to extract data from a disk drive or other storage device without the assistance of the file system that...
Average VMware Certified Professional Salary (VCP6) in 2018
The Cloud phenomenon is taking the world by storm (pun unintended)! Cloud and virtualization technology is becoming increasingly popular with both large and...
Installing and Configuring CentOS 8 on Virtualbox [updated 2021]
Unix-based operating systems are ruling the webserver OS market. According to data from W3techs, in 2017 Unix servers were used by 66.5% of all the websites,...
Virtual Machine Introspection in Malware Analysis – Use Case
To determine the behavior of a piece of malware, we will develop a script (based on LibVMI functions) that will allow us to trace the Kernel APIs executed by...
Purple team cyber ranges: Hands-on training for red and blue teams
Businesses are always adapting and innovating when it comes to cybersecurity. While the use of layered defenses and red and blue teams used to be enough, many...
Cyber ranges: Who are they for and how can they help
The field of cybersecurity has a number of great books and references. Whether general overviews, deep dives into particular skill sets, or certification...
Which CompTIA cert is right for you: PenTest+, CySA+ or CASP+?
There's never been a better time to be a cybersecurity professional, but with so many potential career paths, what skills should you focus on learning?...
CISSP Domain #1 Cheat Sheet: Security and Risk Management
Our new Cheat Sheet on the first domain of the CISSP, "Security and Risk Management," covers all the major focus areas you need to know for the exam! Our...
8 of the world’s biggest insider threat security incidents
If you work in security or are just interested in the general area of cybersecurity you will no doubt have heard of the dreaded insider threat. In the context...
Top 5 Ways to Identify and Address Insider Threats
A recent report commissioned by CA Technologies threw up some very interesting and alarming data about the threats that an insider can pose to an organization....
AWS APIs abuse: Watch out for these vulnerable APIs
In December 2020, Unit 42 researchers at Palo Alto Networks discovered a class of AWS application programming interfaces (APIs) that can be abused to enumerate...
How to reserve a CVE: From vulnerability discovery to disclosure
A CVE, meaning Common Vulnerabilities and Exposure, is a publicly reported vulnerability in software products. Vulnerabilities are assigned CVE IDs to ensure...
NIST CSF: Cybersecurity basics — Foundation of CSF
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is all about the security of critical Infrastructure. NIST SP 800-30,...
NIST CSF: Implementing NIST CSF
The National Institute of Standards and Technology’s Cybersecurity Framework, or NIST CSF, was first published in 2014 to provide voluntary guidance for...
Incident response and recovery best practices for industrial control systems
In collaboration with the North American Electric Reliability Corporation (NERC), the Federal Energy Regulatory Commission (FERC) developed a 2020 Cyber Planning...
Advice to a New SCADA Engineer
As I have come in contact with those new to industrial control systems – whether they be supervisor control and data acquisition (SCADA) systems, building...
IoT Security Fundamentals: IoT vs OT (Operational Technology)
Introduction: Knowing the Notions
Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication,...
IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications
Introduction: IoT Manufacturers Favor Convenience over Security
Because IoT security is still an afterthought, cybercriminals in general consider smart devices...
Generating Text Using ML
Most of us have that one TV show that we want to see just one more episode of. Just one more reunion or reboot or movie to finish off a storyline that wasn't...
Setting Up a Virtual Lab for Cybersecurity Data Science
"Giant Rabbit uses Carrot Smash. You take 9999 damage. Game over."
"Aww! All right, this time I’ll get it for sure."
"Do you want to reload your...
PenTest+: DoDD 8570 overview
In November 2020, the US Department of Defense (DoD) has selected CompTIA PenTest+ as an approved certification for military personnel and defense contractors...
Introduction to the DoD Cyber Workforce Framework (DCWF)
In response to the ever-changing world, including the increased focus on cyberspace as a theater of war, the US Department of Defense (DoD) decided that it...
Close Your Skills Gap: Putting the NICE Workforce Framework for Cybersecurity to Work
If you’re looking for a blueprint that classifies, manages and explains cybersecurity work, the National Initiative for Cybersecurity Education (NICE) has...
What is the difference between the NICE Framework and DoDD 8140/8570?
For those looking into government work, or for those just plain interested in the different cybersecurity frameworks out there, have probably encountered...
Top 25 vulnerabilities exploited by Chinese nation-state hackers (NSA advisory)
China is considered a world leader in cybercrime. It is amongst “the most hacker-active countries” in terms of intensity of outgoing attack traffic, “often...
Top 9 cybercrime tactics, techniques and trends in 2020: A recap
2020 was a busy year for cybercriminals, with new opportunities brought on by the COVID-19 lockdowns and digital transformation initiatives. According to...
Data breach vs. data misuse: Reducing business risk with good data tracking
Imagine this, and let’s face it, this isn't too hard: your personal data, including financial information, has been stolen in a major data breach. You’d...
DDoS Attacks: A Perfect Smoke Screen for APTs and Silent Data Breaches
At the beginning of the year, Forbes mentioned a trend of growing DDoS attacks all over the world. During this year, many security companies have announced...
6 Windows event log IDs to monitor now
It’s possible to use Windows 10 event logs to detect intrusions and malicious activity, but some knowledge of critical IDs is mandatory to avoid over-collection...
Conferences
Listed below are the in-person events Infosec will be at this year.
November 3-5, 2019 | Chicago, IL
November 18-20, 2019 | Phoenix, AZ
December 9-10, 2019...
Average CCNA salary 2020
The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves...
CCNA versus CCNP Difficulty
For anyone starting a new project, the wise thing to do is to “count the cost.” This also holds true for those just starting out in their Cisco (or networking-related)...