Category: InfoSec Resources

Read the original article: Tips For Purchasing Essays Online When you have a passion for writing and need to earn additional money, there are a number of excellent ways to earn by purchasing essays online. When you have not written…

Read more →

Read the original article: Term Paper Writers For Hire – 3 Things to Search For in Requirements and Topic Writers How do we know which term paper essay writer helper authors for hire are legitimate? The answer is: You do…

Read more →

Read the original article: Microsoft Azure Fundamentals (AZ-900) Domains Overview Introduction The Microsoft Azure Fundamentals (AZ-900) certification exam is a great way for someone new to the field of cloud computing to demonstrate knowledge, interest and experience to current… Go…

Read more →

Read the original article: What is a cyber range? Introduction When it comes to cyberthreats, it is not a matter of if, but when an organization is going to be targeted by cybercriminals. Will you and your organization be ready?…

Read more →

Read the original article: Are open-source security tools secure? Weighing the pros and cons Introduction There is a myth that good security solutions are necessarily expensive, but the truth is that there are many options, not only at low cost,…

Read more →

Read the original article: CCNA certification prep: Security fundamentals Introduction In modern networks, security is not an afterthought. You need to know how to build secure networks from the outset. Security has to be woven into the very fabric of…

Read more →

Read the original article: Microsoft Azure Certification: Overview And Career Path Introduction The global COVID-19 pandemic has forced individuals and organizations to adopt new ways of doing daily tasks, from working to learning. It has also accelerated the journey to…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — Cascade (Part 1) Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is the first half…

Read more →

Read the original article: BPCS & SIS Introduction Cybersecurity in the process industries is a growing concern due to the increasing number of cyber attacks against industrial control systems (ICS) and the presence of a large number of… Go on…

Read more →

Read the original article: Browser Forensics: Firefox Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used…

Read more →

Read the original article: Browser Forensics: Google Chrome Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be…

Read more →

Read the original article: AWS User Management Introduction In order to keep your AWS environment secure while allowing your users to properly utilize resources, you must ensure that users are correctly created with proper permissions. Also, you… Go on to…

Read more →

Read the original article: Wireless Networks and Security Introduction Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provided by…

Read more →

Read the original article: Networking fundamentals (for Network security professionals) Introduction To understand Network Security, it’s imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and… Go on to the…

Read more →

Read the original article: Browser Forensics: IE 11 Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be…

Read more →

Read the original article: Introduction to Printing and Format Strings Introduction This article provides an overview of how printing functions work and how format strings are used to format the data being printed. Developers often use print functions for a…

Read more →

Read the original article: Format String Vulnerabilities: Use and Definitions Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how… Go on…

Read more →

Read the original article: Fuzzing introduction: Definition, types and tools for cybersecurity pros Fuzzing is a black-box software testing technique and consists of finding implementation flaws and bugs by using malformed/semi-malformed payloads via automation. Fuzzing an application is not a……

Read more →

Read the original article: Lockphish phishing attack: Capturing Android PINs & iPhone passcodes over https Introduction to Lockphish Phishing attacks are a common tactic for gaining initial access to a system. If an attacker can convince their target to hand…

Read more →

Read the original article: Copy-paste compromises Copy-paste compromises: Introduction and overview Although the concept of copy-paste compromises is not exactly new, there are now several different forms of the attack. In the version of copy-paste… Go on to the site…

Read more →

Read the original article: How to exploit Format String Vulnerabilities Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be… Go on to…

Read more →

Read the original article: Format String Vulnerabilities Exploitation Case Study Introduction: In the previous article of this series, we discussed how format string vulnerabilities can be exploited. This article provides a case study of how format string vulnerabilities can be……

Read more →

Read the original article: IoT Security Fundamentals: IoT vs OT (Operational Technology) Introduction: Knowing the Notions  Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc. This… Go on to the…

Read more →

Read the original article: IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications Introduction: IoT Manufacturers Favor Convenience over Security Because IoT security is still an afterthought, cybercriminals in general consider smart devices a “low-hanging fruit” – a target easy… Go…

Read more →

Read the original article: How to mitigate Format String Vulnerabilities Introduction: This article provides an overview of various techniques that can be used to mitigate Format String vulnerabilities. In addition to the mitigations that are offered by the compilers… Go…

Read more →

Read the original article: Hash Functions in Blockchain Introduction to hash functions Hash functions are one of the most extensively-used cryptographic algorithms in blockchain technology. They are cryptographic (but not encryption) algorithms that are… Go on to the site to…

Read more →

Read the original article: Public-Key Cryptography in Blockchain How public-key cryptography works Public-key or asymmetric cryptography is one of the two main types of encryption algorithms. Its names come from the fact that it uses two different encryption keys:… Go…

Read more →

Read the original article: Blockchain Structure Introduction The blockchain gets its name from its underlying structure. The blockchain is organized as a series of “blocks” that are “chained” together. Understanding blockchain security requires… Go on to the site to read…

Read more →

Read the original article: The business value of CompTIA CySA+ employee certification Introduction The cybersecurity threat landscape is rapidly evolving, and cybercriminals are becoming more sophisticated. Traditional threat detection techniques that rely on signature-based threat… Go on to the site…

Read more →

Read the original article: Breached passwords: The most frequently used and compromised passwords of the year Introduction Passwords should be secret, so why do so many people wind up using the same popular passwords? The truth is, no one sets…

Read more →

Read the original article: Hack the Box (HTB) Machines Walkthrough Series – Traceback Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named…

Read more →

Read the original article: Hacking Microsoft Teams vulnerabilities: A step-by-step guide Introduction We are living in an era where technology is part of our lives and a primary valuable resource for personal and professional tasks. The use of online videoconference…

Read more →

Read the original article: Tech companies, privacy and vulnerabilities: How much transparency is enough? Views and opinions published in this article are intended to foster productive thought and discussion around challenges in the cybersecurity industry. Views expressed in this article…

Read more →

Read the original article: IPv4 and IPv6 Overview IP stands for internet protocol. The internet protocol is the protocol which allows internetworking at the internet layer of the internet protocol suite. IPv4 is the fourth version of the protocol… Go…

Read more →

Read the original article: Zero-day Sophos XG Firewall vulnerability: An exploit guide for pentesters The Sophos XG Firewall vulnerability The Sophos XG Firewall recently had a publicly-reported zero-day vulnerability. The vulnerability in question was an SQL injection vulnerability that, if……

Read more →

Read the original article: How to verify and respond to vulnerability reports from security researchers Introduction Part of doing business in today’s increasingly cyber-world is dealing with security vulnerabilities and bugs that come up along the way. Many organizations first…

Read more →

Read the original article: How to achieve CMMC levels 1 through 5 Introduction: Where the DoD stands on cybersecurity certification The Department of Defense (DoD) has created the Cybersecurity Maturity Model Certification (CMMC) in an effort to secure the Defense……

Read more →

Read the original article: IoT Security Fundamentals: Hardware, Software and Radio Security What is IoT – IoT stands for Internet of Things. The Internet of Things (IoT) is the interconnection and network of various devices formed by connecting any physical…

Read more →

Read the original article: Deepfake Introduction “Deepfake” isn’t a new type of beauty cream, an underwater virtual tour or even a sternly worded insult. It is in fact, the culmination of decades worth of audio and video editing… Go on…

Read more →

Read the original article: Endpoint Hardening (best practices) Introduction Endpoint hardening: If you were to tell the average person that you were going to be performing this task for your organization, they’d probably ask if you were a blacksmith…. Go…

Read more →

Read the original article: Encryption vs Encoding Encryption and decryption Encryption is the process of converting plaintext to encrypted text. Since encrypted text cannot be read by anyone, encrypted text hides the original data from unauthorized… Go on to the…

Read more →

Read the original article: The OSI Model and TCP/IP Model What is the OSI model? The OSI model was the primary standard model for network communications, adopted by all major telecommunication companies and computers within the early 1980s. The users…

Read more →

Read the original article: Using Base64 for Malware Obfuscation What is Malware – Malware stands for malicious software and software, in simple language, means some program written in any programming language. So if a malicious program is intentionally written to……

Read more →

Read the original article: Attacks on Blockchain Blockchain attack vectors Blockchain can be attacked in a number of different ways. Many of the most famous attacks focus on issues with either the theoretical blockchain protocol (such as the 51%… Go…

Read more →

Read the original article: Mobile Device Management Introduction “Hey Buddy, can you make it so my phone can get work email please?”  “Oh sure, no problem.”  “Thanks.  Also I’ll need my laptop, tablet, smartwatch,… Go on to the site to…

Read more →

Read the original article: Blockchain: Beyond the Basics Beyond the basic blockchain The core blockchain protocol implements a distributed ledger capable of performing cryptocurrency transfers. Smart contract platforms add additional functionality by… Go on to the site to read the…

Read more →

Read the original article: Linux vulnerabilities: How unpatched servers lead to persistent backdoors Vulnerability management is a challenge Humans make mistakes, software has bugs and some of these bugs are exploitable vulnerabilities. The existence of vulnerabilities in software is not…

Read more →

Read the original article: Top 7 cybersecurity books for ethical hackers in 2020 Top ethical hacking books for 2020 Ethical hacking is a huge field with a number of different specializations within it. Since ethical hackers are expected to perform…

Read more →

Read the original article: 8 of the world’s biggest insider threat security incidents Introduction If you work in security or are just interested in the general area of cybersecurity you will no doubt have heard of the dreaded insider threat.…

Read more →

Read the original article: Exploiting leading antivirus software: RACK911 Labs details vulnerabilities How an antivirus works Antivirus programs are designed to keep your computer safe from malware and other malicious content. In order to minimize the damage that a potentially…

Read more →

Read the original article: Security theatrics or strategy? Optimizing security budget efficiency and effectiveness Introduction I am a staunch advocate of the consideration of human behavior in cybersecurity threat mitigation. The discipline of behavioral ecology is a good place to…

Read more →

Read the original article: Top 5 ways ransomware is delivered and deployed Introduction If your computer has not yet been affected by ransomware, odds are it could soon be. With ransom payments averaging more than $80,000 in Q4 2019, the…

Read more →

Read the original article: 21 free training resources for Cybersecurity Awareness Month (NCSAM 2020) October is Cybersecurity Awareness Month — your best opportunity to jumpstart security awareness at your organization and highlight the importance for every employee to adopt secure…

Read more →

Read the original article: NY SHIELD Act: Security awareness and training requirements for New York businesses Introduction The world of data protection and privacy regulations has brought us many laws and acts. The most commonly cited are the EU’s General…

Read more →

Read the original article: How to spot a malicious browser extension Introduction Let’s not kid ourselves — the experience of surfing the web wouldn’t be the same without extensions. Browser extensions make it possible to block advertisements, change the appearance…

Read more →

Read the original article: Capture the flag: A walkthrough of SunCSR’s Geisha Introduction Welcome to my write-up for the Geisha machine from VulnHub. This is a beginner- to intermediate-level, intentionally vulnerable virtual machine created for the purposes of testing and……

Read more →

Read the original article: Sunset Decoy: VulnHub CTF walkthrough In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author whitecr0wz. As per the description given by the author,…

Read more →

Read the original article: LockBit malware: What it is, how it works and how to prevent it | Malware spotlight Introduction LockBit is a data encryption malware in operation since September 2019 and a recent Ransomware-as-a-Service (RaaS), in which developers…

Read more →

Read the original article: Ransomware deletion methods and the canary in the coal mine Introduction  Ransomware is an emergent threat. Every week, there is a new and notable outbreak of this class of data encryption malware. From Ragnar Locker to…

Read more →

Read the original article: Time to update your cybersecurity policy? Introduction In today’s highly connected world, new cyberthreats and risks emerge seemingly every hour, around the clock. Whether it is from spearphishing, a distributed denial-of-service attack or a… Go on…

Read more →

Read the original article: 6 Windows event log IDs to monitor now Introduction It’s possible to use Windows 10 event logs to detect intrusions and malicious activity, but some knowledge of critical IDs is mandatory to avoid over-collection and other…

Read more →

Read the original article: Cloud Pentesting Certification Boot Camp: The ultimate guide What is a Certified Cloud Penetration Tester (CCPT) certification? The CCPT certification is offered by the Information Assurance Certification Review Board to validate an applicant’s skills in cloud……

Read more →

Read the original article: Purple Fox malware: What it is, how it works and how to prevent it Introduction Without question, there has been a marked die-off in the usage of Exploit Kits (EK). The Purple Fox exploit kit is…

Read more →

Read the original article: How your home network can be hacked and how to prevent it Introduction Thanks to technology, jobs that used to require us to physically commute to work can now be done at home in a pair…

Read more →

Read the original article: The CySA+ knowledge domains Introduction The new CompTIA Cybersecurity Analyst Certification (CySA+), exam code CS0-002, came into effect as of April 21, 2020, replacing the CySA+ exam (CS0-001). The new certification verifies… Go on to the…

Read more →

Read the original article: How your home network can be hacked and how to prevent it Introduction Thanks to technology, jobs that used to require us to physically commute to work can now be done at home in a pair…

Read more →

Read the original article: The CySA+ knowledge domains Introduction The new CompTIA Cybersecurity Analyst Certification (CySA+), exam code CS0-002, came into effect as of April 21, 2020, replacing the CySA+ exam (CS0-001). The new certification verifies… Go on to the…

Read more →

Read the original article: Introduction to Cryptography The field of cryptology Cryptology — literally “the study of secrets” — is composed of cryptography (making codes) and cryptanalysis (breaking codes). However, many people use the term cryptography… Go on to the…

Read more →

Read the original article: Top 9 Phishing Simulators [Updated 2020] The title of this article was supposed to be “Top 10 Free Phishing Simulators”. However, after much searching, trying, visiting of broken links, filling out forms and signing up for…

Read more →

Read the original article: Top 6 cybersecurity books for IT auditors Introduction Like many other information security professionals, you probably have a library of books on the topic of your career choice. Not only that, but like many others, yours…

Read more →

Read the original article: Podcast recap: Email attack trend predictions for 2020 Introduction Email continues to be a major method of communication in both personal and professional contexts. The sheer proliferation of information transmitted via email every day makes it…

Read more →

Read the original article: National Counterintelligence and Security Center: 5 priorities for 2020 Introduction: NCSC’s role For years, the United States has faced increasingly aggressive and complex threats from foreign intelligence entities (FIEs) and nation-states, as well as from a…

Read more →

Read the original article: Zeus Sphinx: What it is, how it works and how to prevent it | Malware spotlight Introduction When something is described as “rising from the ashes,” the mythological creature known as the phoenix normally comes to…

Read more →

Read the original article: What are Black Box, Grey Box, and White Box Penetration Testing? [Updated 2020] Introduction Pentesters are apparently huge fans of colors. Different roles within pentesting assignments are designated as Red Team, Blue Team, Purple Team and…

Read more →

Read the original article: How to detect and prevent web shells: New guidance from the NSA and the Australian government Introduction It’s not every day that governments of different countries draft guidance rules about any subject together. It is even…

Read more →

Read the original article: How privacy agreements impact data privacy for business users: Slack, Zoom and Microsoft Teams The growing interest in third-party collaboration apps The growing trend toward remote work is changing how people communicate in the workplace. Cloud-based…

Read more →

Read the original article: Securing Cookies with HttpOnly and secure Flags [Updated 2020] Learn how to fight malware Any program that runs can be disassembled, but that doesn’t mean it’s going to be easy. In this skills course you’ll learn ⇒…

Read more →

Read the original article: Top 8 world crises exploited by cybercriminals and lessons learned Introduction Crises can vary immensely, be it in terms of the specific nature of each situation or the impacts that may be limited to a specific…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — ServMon Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named…

Read more →

Read the original article: Cyber Work Podcast recap: What does a military forensics and incident responder do? Introduction Cybersecurity meets CSI in the exciting field of digital forensics and incident response. In this role, tech-savvy investigators sift through computer systems…

Read more →

Read the original article: The Most Common Social Engineering Attacks [Updated 2020] Introduction In his book, “The Art of Deception,” popular hacker Kevin Mitnick explained the power of social engineering techniques. Today, we are aware that social engineering can be…

Read more →

Read the original article: Capture the flag: A walkthrough of SunCSR’s Sumo Introduction Welcome to my write-up for the Sumo machine from VulnHub. This is a beginner-level, intentionally vulnerable virtual machine created for the purposes of testing and strengthening one’s……

Read more →

Read the original article: 4 reasons why you should include current events in your phishing simulation program Introduction One of the dirtiest aspects of phishing campaigns in the wild is that they will take advantage of anything happening in the…

Read more →

Read the original article: Lab: Hacking an Android Device with MSFvenom [Updated 2020] Learn penetration testing Build your real-world pentesting skills through 34 hands-on labs. This skills course covers ⇒ Web app hacking ⇒ Hacking with Android ⇒ Ethical hacking…

Read more →

Read the original article: Tesla Model 3 vulnerability: What you need to know about the web browser bug Introduction In 2020, Jacob Archuleta, a researcher nicknamed Nullze, discovered an important information security vulnerability on the web browser of the Tesla…

Read more →

Read the original article: Work-from-home network traffic spikes: Are your employees vulnerable? A shift to work-from-home culture Social distancing during the COVID-19 pandemic has forced employees to work from home, and many businesses were unprepared to provide cybersecurity in this…

Read more →

Read the original article: Network Design: Firewall, IDS/IPS Introduction There are many different types of devices and mechanisms within the security environment to provide a layered approach of defense. This is so that if an attacker is able to bypass…

Read more →

Read the original article: 21 cybersecurity products to combat APT29: MITRE weighs in Introduction MITRE, a not-for-profit organization based in the US, is best known for its globally accessible knowledge base of cyber adversary strategies and techniques popularly referred to…

Read more →

Read the original article: Bypassing security products via DNS data exfiltration Introduction  Criminals are using different strategies to compromise computer networks, infrastructures and organizations. Cyber incidents have increased in number and complexity since the… Go on to the site to…

Read more →

Read the original article: RTS Threshold Configuration for Improved Wireless Network Performance [Updated 2020] In a scenario where a lot of users connect to a wireless network and where they occasionally lose their connections, an individual or a company can…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — Nest, part 2 Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB…

Read more →

Read the original article: App isolation in Windows 10 What is app isolation in Windows 10? Suppose you want to install and run a new program on Windows but you think it may be risky and may harm your system.…

Read more →

Read the original article: How to use Radare2 for reverse engineering Introduction This article defines reverse-engineering as it is used in the analysis of software. We will explain in detail how to use radare2 for reverse engineering. It exposes techniques…

Read more →

Read the original article: Windows Supported wireless encryption types Introduction We all want to keep our wireless network secure, to keep our personal data and information safe, don’t we? Fortunately, Windows supports multiple wireless encryption types. You, as… Go on…

Read more →

Read the original article: Configuring DNS in AWS Introduction The Domain Name System (DNS) is necessary for routing traffic across the internet. It accomplishes this task by converting easily remembered domain names (example.com) into the IP… Go on to the…

Read more →

Read the original article: Podcast recap: Fuzzing, security testing and tips for a career in AppSec Introduction In this episode of Infosec’s Cyber Work Podcast, host Chris Sienko welcomes back previous guest Dr. Jared DeMott. In the previous episode, the…

Read more →

Read the original article: AWS Storage Services Introduction Amazon offers several storage services, each optimized for specific use cases. In order to choose the best storage for your application, first we must understand the various offerings…. Go on to the…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — Nest, part 1 Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB…

Read more →

Read the original article: Cross-Site Request Forgery (CSRF) Vulnerabilities Introduction to cookies and user authentication Cross-site request forgery (CSRF) vulnerabilities are designed to take actions on a website on behalf of an authenticated user. Accomplishing this… Go on to the…

Read more →

Read the original article: HTTP-based Vulnerabilities Introduction to HTTP and HTML vulnerabilities Web applications are commonly targeted by cybercriminals. The combination of public exposure and potential access to sensitive data makes them easily… Go on to the site to read…

Read more →