HackDig : Dig high-quality web security articles for hacker

Web Application Whitepaper

This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not submitted. As a
Publish At:2017-10-27 17:20 | Read:1971 | Comments:0 | Tags:Whitepapers analysis HTML5 SDL training web

Hindering Lateral Movement

Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other sy
Publish At:2017-10-27 17:20 | Read:3121 | Comments:0 | Tags:Blog auditing blueteam redteam training Windows

Level up Your Security Training Through Engagement

We all can agree that security training is critical, but have you ever wondered why your organization does not share your same level of excitement when it comes training time?The majority of organizations struggle with getting employees motivated and enthusiastic about training. Many employees look at training as a quarterly or yearly checkbox with the goal
Publish At:2017-03-13 16:15 | Read:2583 | Comments:0 | Tags:Featured Articles Off Topic Engagement security training

Spear-Phishing Attack Installs Two PowerShell Backdoors on Victims’ Machines

An ongoing spear-phishing campaign is using malicious Microsoft Word documents to install two PowerShell backdoors on victims’ machines.FireEye as a Service (FaaS) first detected the operation in February 2017. The campaign appears to be targeting individuals who’ve played a part in submitting financial statements and other documents to the U.S.
Publish At:2017-03-08 22:35 | Read:2485 | Comments:0 | Tags:Latest Security News malware Phishing training

Keep your cookies safe (part 1)

What are cookies and why are they important? A cookie is a small piece of data sent from a website and stored in a user’s web browser and is subsequently includes with all authenticated requests that belong to that session. Some cookies contain the user session data in a website, which is vital. Others cookies are used for tracking long-term records of
Publish At:2016-11-20 02:20 | Read:4317 | Comments:0 | Tags:Blog phishing SDL training web

4 Lessons Learned from Offensive v Defensive Training

In June this year, Fifth Domain ran a ten-day cyberwar course for 21 participants. The course provided participants with both red-team (offensive) and blue-team (defensive) cyber operations exercises.During the first eight days, participants learned a number of principles, frameworks and technical skills that were then put into practice during the final two-
Publish At:2016-08-10 09:50 | Read:2709 | Comments:0 | Tags:Featured Articles Security Awareness Defensive Offensive sec

No Silver Bullet In Security Awareness

There is no silver bullet in security awareness.What I mean by that is there is not a right or wrong way to teach people about cyber security. Just like any other type of education, you must surround yourself with it. You cannot expect to show a once-a-year “death by Powerpoint” presentation and have your staff become cyber experts. This is somet
Publish At:2016-08-01 06:10 | Read:2861 | Comments:0 | Tags:Featured Articles Security Awareness Employee Training train

Hacker Mindset: SANS NetWars & Tools of the Trade

In my ongoing blog series “Hacker Mindset,” I’ll explore an attacker’s assumptions, methods and theory, including how information security professionals can apply this knowledge to increase cyber-vigilance on the systems and networks they steward.In this article, I share my thoughts on NetWars – a live interactive Capture the Flag training exercise at
Publish At:2016-07-27 16:35 | Read:3256 | Comments:0 | Tags:Events Featured Articles NetWars SANS security training

Windows Named Pipes: There and back again

Inter Process Communication (IPC) is an ubiquitous part of modern computing. Processes often talk to each other and many software packages contain multiple components which need to exchange data to run properly. Named pipes are one of the many forms of IPC in use today and are extensively used on the Windows platform as a means to exchange data between runni
Publish At:2015-11-20 12:45 | Read:8664 | Comments:0 | Tags:Blog SDL training Windows

NOPC version 0.4.7 released

NOPC, the Nessus-based offline patch checker for Linux distributions and UNIX-based systems has had some changes made and been made available in our tools section. This article discusses the new features in detail and provides some working examples. Updated features and bug fixes Improvements to the interactive mode (e.g. asking for what format for results
Publish At:2015-10-29 00:10 | Read:2092 | Comments:0 | Tags:Blog analysis training UNIX

Healthcare – Breaching a medical training mannequin raises new cyber security concerns

Cyber attacks against healthcare systems are likely to increase and students investigated the feasibility of breaching a medical training mannequin. Let me start with the scene from a popular TV series titled Homeland, it is a pacemaker hack. Security experts are warning the medical industry about the hacking of any medical e
Publish At:2015-09-11 01:10 | Read:1798 | Comments:0 | Tags:Breaking News Hacking Security Health Care Equipment healthc

Tech Giveth And Tech Taketh Away

At the beginning of this month Google released a new Chrome extension – Password Alert – that, despite the name, was actually designed to protect its users from phishing attacks (I wrote more about it here). As the name of the extension suggests, though, it also has something to do with passwords – namely, it checks that you aren’t r
Publish At:2015-05-04 11:15 | Read:2415 | Comments:0 | Tags:Security Awareness Tools Training

The 4 Phishing Commandments – #1: Distrust thy emails, all of them.

This is the first in a series of 4 posts that will highlight key aspects of phishing. The aim is to illuminate the considerable risks and to provide you with effective tools with which to identify the dangers to (hopefully!) successfully avoid them. We regard this as the one situation in life where paranoia is definitely of value. ‘In this rat-race everybody
Publish At:2015-04-23 02:45 | Read:3283 | Comments:0 | Tags:Uncategorized Awarness Phishing Training

The Seven Wonders of User Access Control: Part II

In the first of a two-part blog series, The Seven Deadly Sins of User Access Controls, my colleague Jean Gordon Kocienda provided fresh insights into overly-permissive user access controls as a common underlying cause of data breaches. In this blog, I address the solutions to those “Seven Deadly Sins” with a modern twist on the antiquity typicall
Publish At:2015-03-04 14:40 | Read:2552 | Comments:0 | Tags:Security access control automation mindfulness security trai

Steve, Employee of the Month

Sometimes the narrative direction your blog post is going to take does a 180, and then spins around a few more times for good measure. When we saw what appeared to be a fake OWA portal asking for username and password info, we were interested. When we saw the same site offering up an executable file after handing over credentials, we were even more intereste
Publish At:2014-11-21 13:55 | Read:2919 | Comments:0 | Tags:Online Security business employee security testing training


Share high-quality web security related articles with you:)


Tag Cloud