Topics - Infosec Resources

General security

General security October 13, 2021 Greg Belding

Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]

With most of the workforce working from home these days due to COVID-19, you may be wondering if it is possible to earn a certification or two during this...

General security October 4, 2021 Susan Morrow

FLoC delayed: what does this mean for security and privacy?

Is Google’s FLoC initiative able to meet the balance between the privacy of the individual and the needs of marketers?

Hacking

549 Articles

Hacking September 7, 2021 Pedro Tavares

Tutorial: How to exfiltrate or execute files in compromised machines with DNS

Go through this tutorial on exfiltrating and executing files between machines using the well-known DNS protocol.

Hacking July 5, 2021 Lester Obbayi

Top 19 tools for hardware hacking with Kali Linux

These Kali Linux tools enable hardware hacking.

Penetration testing

364 Articles

Penetration testing October 19, 2021 Pedro Tavares

Red teaming tutorial: Active directory pentesting approach and tools

Organizations widely use Microsoft Active Directory (AD) networks to exchange information and manage their internal and critical infrastructures.

Penetration testing October 12, 2021 Pedro Tavares

Red Team tutorial: A walkthrough on memory injection techniques

Memory injection is a stealthy technique generally used to bypass defenses and inject additional payloads into a PE file or shellcode memory.

Security awareness

321 Articles

Security awareness October 20, 2021 Infosec

Specialty Steel Works turns cyber skills into life skills

Learn how this Infosec Inspire Award finalist leverages Infosec IQ to keep its employees engaged, reduce phishing rates and guide their business.

Security awareness July 27, 2021 Greg Belding

The other sextortion: Data breach extortion and how to spot it

Both data breach extortion and sextortion are serious crimes. Here’s what to do when faced with either.

Application security

320 Articles

Application security September 21, 2021 Jeff Peters

How to carry out a watering hole attack: Examples and video walkthrough

What is a watering hole attack, how do they work and what can you do to defend against them? Find out in this from Infosec's Keatron Evans.

Application security September 12, 2021 Jeff Peters

How cross-site scripting attacks work: Examples and video walkthrough

What are cross-site scripting attacks and how do they work? Find out in this walkthrough from Infosec Skills author John Wagnon.

Professional development

273 Articles

Professional development October 20, 2021 Bianca Gonzalez

Learn the 3 pillars of cyber security risk management and leadership

Cyber security leaders and those in cyber security risk management need to follow three pillars to successfully add value to an organization.

Professional development October 19, 2021 Kimberly Doyle

Application security: Is AppSec the right career for you?

Application security covers various roles, including engineers, managers, analysts, consultants and more. Find out if AppSec is the career for you.

Phishing

262 Articles

Phishing September 28, 2021 Susan Morrow

The state of BEC in 2021 (and beyond)

What are the trends in business email compromise (BEC) in the next 12 months likely to be? Will deep fakes or crypto be the next big thing in BEC?

Phishing July 20, 2021 Susan Morrow

Why employees keep falling for phishing (and the science to help them)

Phishing is an ever-present cybersecurity issue. And people keep falling for it. Here is why and how people keep falling for phishing emails.

Malware analysis

252 Articles

Malware analysis October 5, 2021 Greg Belding

REvil ransomware: Lessons learned from a major supply chain attack

The REvil ransomware has led to one of the most significant ransomware attacks in history but performed poorly.

Malware analysis September 29, 2021 Pedro Tavares

Pingback malware: How it works and how to prevent it

Pingback malware is a new malware that uses ICMP to perform all the communications with the C2 server.

Capture the flag (CTF)

225 Articles

Capture the flag (CTF) October 14, 2021 LetsPen Test

HACKABLE: II CTF Walkthrough

In this article, we will solve a Capture the Flag (CTF) challenge posted on Vulnhub.

Capture the flag (CTF) October 11, 2021 LetsPen Test

MOMENTUM: 1 VulnHub CTF walkthrough

Take this capture-the-flag activity for a spin for an easy to medium challenge.

Digital forensics

220 Articles

Digital forensics September 7, 2021 Hashim Shaikh

iOS forensics

Day by day, smartphones and tablets are becoming ever more popular, and as a result, the technology used in development to add new features or improve the security...

Digital forensics July 28, 2021 Graeme Messina

Kali Linux: Top 5 tools for digital forensics

There are many tools available from Kali Linux. These are the five most popular tools for digital forensics work.

Management, compliance & auditing

199 Articles

Management, compliance & auditing October 20, 2021 Howard Poston

SOC 3 compliance: Everything your organization needs to know

Learn about SOC 3 compliance, how it differs from SOC 1 and SOC 2, and how to prepare for a SOC 3 audit.

Management, compliance & auditing October 19, 2021 Howard Poston

SOC 2 compliance: Everything your organization needs to know

Learn about SOC 2 compliance, how it differs from SOC 1 and SOC 3, and how to prepare for an SOC 2 audit.

Reverse engineering

155 Articles

Reverse engineering July 26, 2021 Howard Poston

Kali Linux: Top 8 tools for reverse engineering

These Kali Linux tools are great for offensive and defensive cybersecurity.

Reverse engineering March 1, 2021 Richard Azu

Stacks and Heap

Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program. During...

Secure coding

154 Articles

Secure coding July 15, 2021 Greg Belding

Only 20% of new developers receive secure coding training, says report

A lack of secure coding training presents a risk for your organization.

Secure coding July 14, 2021 Srinivas

Container security implications when using Iron vs VM vs cloud provider infrastructures

Containers are popular, meaning more and more service providers are offering ways to manage container workloads, each with their own pros and cons.

Network security

137 Articles

Network security August 22, 2021 Jeff Peters

How to use Wireshark for protocol analysis: Video walkthrough

Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump. Then try it yourself!

Network security June 23, 2021 Nitesh Malviya

9 best practices for network security

Network security is important for every organization, no matter how big or small. Here are some best practices.

News

133 Articles

News October 18, 2021 Sam Fay

Cybersecurity Weekly: REvil shuts down, PowerShell flaw, iOS 15 hacked

REvil ransomware shuts down again after Tor sites were hijacked. Microsoft asks admins to patch PowerShell to fix WDAC bypass. Experts hacked a fully patched iOS 15 running on an iPhone 13. All this, and more, in this week’s edition of Cybersecurity Weekly.

News September 20, 2021 Sam Fay

Cybersecurity Weekly: REvil decryptor, AT&T loses millions, OMIGOD flaw

A free decryptor for past REvil ransomware victims was released. AT&T lost $200 million to an illegal phone unlocking scheme. Mirai Botnet started exploiting the OMIGOD flaw. All this, and more, in this week’s edition of Cybersecurity Weekly.

Threat Intelligence

117 Articles

Threat Intelligence August 3, 2021 Dan Virgillito

Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more

The demand for dark web hacking tools has reached all-time highs across the cybercriminal ecosystem during the COVID-19 pandemic.

Threat Intelligence July 29, 2021 Dan Virgillito

Double extortion ransomware: Pay now or get breached

Ransomware has become a lot more sophisticated recently, and learning more about it is important to stay safe in case it happens to you.

Cryptography

108 Articles

Cryptography August 20, 2021 Riya Sander

Beginner’s guide to the basics of data encryption

Encryption is one of the best ways to protect data from being exposed due to different types of cyber incidents. Learn how it works.

Cryptography June 17, 2021 Nitesh Malviya

Structures of cryptography

Cryptography is an important way to keep data safe. Learn about cryptography features and how cryptography works.

Cloud security

90 Articles

Cloud security August 24, 2021 Gilad Maayan

Securing cloud endpoints: What you should know

Let’s take a closer look at security challenges affecting endpoints in public and private clouds.

Cloud security March 24, 2021 Robert Johnson

AWS security and compliance overview

Amazon offers many solutions for ensuring your environment is secure and meets many industry standard compliance frameworks. By properly utilizing tools such...

Incident response

89 Articles

Incident response May 5, 2021 Mosimilolu Odusanya

Sparrow.ps1: Free Azure/Microsoft 365 incident response tool

Sparrow is a powerful tool used for detecting malicious activities in Azure and Microsoft Office 365.

Incident response April 13, 2021 Susan Morrow

Uncovering and remediating malicious activity: From discovery to incident handling

Need a “cybersecurity playbook” for incident response? A recent CISA alert used threat intel from five counties to create this best practice guide.

Operating system security

86 Articles

Operating system security June 2, 2021 Daniel Brecht

Android security: Everything you need to know [Updated 2021]

Android devices have a host of security risks, but updates are helping to mitigate them.

Operating system security February 22, 2021 Kurt Ellzey

Application sideloading in Windows 10

Windows 10 security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access is restricted...

Vulnerabilities

71 Articles

Vulnerabilities October 12, 2021 Kurt Ellzey

Top 30 most exploited software vulnerabilities being used today

Learn more about the 30 exploits most often used in 2020 and 2021.

Vulnerabilities September 15, 2021 Pedro Tavares

The real dangers of vulnerable IoT devices

Internet of Things devices pose a very real threat to cybersecurity. And today, they are prevalent in every household.

Critical infrastructure

70 Articles

Critical infrastructure October 6, 2021 Greg Belding

Operation technology sees rise in targeted remote access Trojans and ransomware

Operation technology (OT) is one of the most overlooked segments of the IT sector that attack groups target.

Critical infrastructure October 5, 2021 Graeme Messina

Vehicle hacking: A history of connected car vulnerabilities and exploits

New cars have features that need a connection to work, like keyless entry via smartphones or in-car Wi-Fi systems, which can introduce vulnerabilities.

Healthcare information security

67 Articles

Healthcare information security August 18, 2021 Susan Morrow

Genetic testing “hottest” new form of health insurance fraud, FBI warns

The FBI is finding more and more cases of health insurance fraud. Learn more about it.

Healthcare information security July 13, 2021 Susan Morrow

Healthcare data security issues: Best security practices for virtual healthcare sessions

With more telehealth and related digital mechanisms to deliver health, healthcare data security standards are more important than ever.

MITRE ATT&CK™

52 Articles

MITRE ATT&CK™ March 11, 2021 Greg Belding

Most common MITRE ATT&CK tactics and techniques: CISA shares most common RVAs

CISA has released a list of Risk and Vulnerability Assessments, or RVAs, to the MITRE ATT&CK Framework and have released their findings to the public...

MITRE ATT&CK™ February 9, 2021 Howard Poston

Using MITRE ATT&CK with cyber threat intelligence

The MITRE ATT&CK framework is a tool developed by the MITRE Corporation. It is designed to provide information about how a cyberattack works and the various...

Threat hunting

46 Articles

Threat hunting February 15, 2021 Dan Virgillito

Deception technologies: 4 tools to help you identify threats and mitigate risks

Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...

Threat hunting August 13, 2019 Lester Obbayi

Threat hunting with Kolide and osquery

In this article, we’ll discuss how we can use Kolide Fleet for threat-hunting purposes. This article is not intended to be an introductory piece, but rather...

Machine learning and AI

35 Articles

Machine learning and AI July 30, 2021 Dimitar Kostadinov

Engineering speech recognition from machine learning

The goal of speech recognition is to translate spoken words into text, and machine learning is helping it evolve.

Machine learning and AI July 23, 2021 Dimitar Kostadinov

Engineering voice impersonation from machine learning

Voice cloning can become a problem as scammers use it in new ploys to get money from people and corporations.

Blockchain security

34 Articles

Blockchain security July 14, 2021 Susan Morrow

Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy?

Learn more about decentralized identifiers and the role they play in keeping your privacy and data intact.

Blockchain security April 26, 2021 Susan Morrow

Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations

A new Cryptocurrency Enforcement Framework was recently released. Learn how it may impact cryptocurrency, cybersecurity and digital forensics investigations.

IoT Security

34 Articles

IoT Security May 4, 2021 Susan Morrow

Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021]

As smart toys get more advanced, they bring more cybersecurity risk with them.

IoT Security October 15, 2020 Rodika Tollefson

Japan’s IoT scanning project looks for vulnerable IoT devices

The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and continues to expand at a healthy...

Industry insights

30 Articles

Industry insights October 11, 2021 Keatron Evans

The ransomware paper (part 1): What is ransomware?

Ransomware is everywhere, but it’s not always understood. Keatron Evans breaks down the ransomware fact and fiction based on insights from the trenches.

Industry insights October 5, 2021 Drew Robb

How gamification boosts security awareness training effectiveness

Gamifying cybersecurity training is one of the best ways to engage your workforce and build an effective security awareness training program.

Insider threat

18 Articles

Insider threat July 19, 2021 Waqas

Human reconnaissance: The solution to insider threats

Human reconnaissance offers awareness regarding how your employees are most likely to fall victim to hacks, data breaches or other vulnerabilities.

Insider threat May 10, 2021 Greg Belding

Insider threat report: Tesla employee thwarts $1 million bribery attempt

Tesla’s near insider threat situation response is a good model to follow if faced with a similar situation.

Cyber ranges

18 Articles

Cyber ranges September 30, 2021 Elise Chan

Infosec Skills October Challenge: Metasploit, insecure sudo and Python secure coding

Join the quest for new skills, bragging rights and over $1,000 in prizes. Each month, we’ll release a brand new challenge. Can you complete it?

Cyber ranges March 22, 2021 Patrick Mallory

ICS cyber ranges: Hands-on training for industrial control system security teams

Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control...

DoD 8570

16 Articles

DoD 8570 January 27, 2021 Daniel Brecht

PenTest+: DoDD 8570 overview

In November 2020, the US Department of Defense (DoD) has selected CompTIA PenTest+ as an approved certification for military personnel and defense contractors...

DoD 8570 October 26, 2020 Greg Belding

Introduction to the DoD Cyber Workforce Framework (DCWF)

In response to the ever-changing world, including the increased focus on cyberspace as a theater of war, the US Department of Defense (DoD) decided that it...

NIST Cyber Security Framework

16 Articles

NIST Cyber Security Framework August 19, 2021 Kurt Ellzey

How to mitigate IoT attacks using manufacturer usage description (MUD)

IoT devices can effectively be black boxes on our network, capable of launching attacks against ourselves or others. The new NIST MUD standard can help lock them down.

NIST Cyber Security Framework July 26, 2021 Greg Belding

NIST Privacy Framework: A tool for improving privacy and enterprise risk

To keep data safe, organizations can look to the NIST Privacy Framework and the NIST Cybersecurity Framework for peace of mind.

NICE Framework

9 Articles

NICE Framework June 23, 2021 Susan Morrow

Two ways to build a secure software team using the NICE Framework

The NICE Framework can help you run your organization smoothly.

NICE Framework May 6, 2021 Susan Morrow

Two ways to build a cybersecurity team using the NICE Framework

Using the NICE Framework for Cybersecurity will help you structure your team against cyberthreats.