HackDig : Dig high-quality web security articles for hackers

More Lessons Learned About Trying Harder and Passing the Offensive Security Certified Professional Exam (OSCP)

On February 11, 2020, Offensive Security introduced a major overhaul and update to their already fantastic course: Penetration Testing with Kali Linux. Those changes included updates to their lab environment.The study materials were substantially updated, with additional material including entire new sections on Bash Scripting, Active Directory Attacks, and
Publish At:2021-01-13 00:56 | Read:79 | Comments:0 | Tags:IT Security and Data Protection OSCP training security

Phishing tricks that really work – and how to avoid them

Co-authored byJuan Badell and Russell PetrichAs two people for whom creating phishing emails constitutes legitimate employment (we are on the product team behind the Sophos Phish Threat phishing simulation service) we know we’re in the minority.Like our not-so-lawful counterparts, we spend our days using social engineering techniques to trick people into ope
Publish At:2020-12-15 11:37 | Read:299 | Comments:0 | Tags:BEC Phishing education Phish Threat phishing training

Lessons from Teaching Cybersecurity: Week 6

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to Python ai
Publish At:2020-11-09 12:37 | Read:339 | Comments:0 | Tags:Cyber Security teaching toolkit tools training security cybe

Lessons From Teaching Cybersecurity: Week 2

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to Python cla
Publish At:2020-10-07 01:37 | Read:507 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Intern Men

Helping Inspire the Next Generation of Cybersecurity Professionals

If you had asked 10 year old Tyler what he wanted to be when he grew up, the answer would have been a very enthusiastic, “Teacher!”Over time, however, that desire lessened as my fascination with technology grew. I ultimately ended up attending Fanshawe College to study Computer Systems Technology. I never fully abandoned that desire to teach, though. For a p
Publish At:2020-09-30 12:20 | Read:377 | Comments:0 | Tags:Cyber Security Education training security cyber cybersecuri

Lessons From Teaching Cybersecurity: Week 1

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to Python cou
Publish At:2020-09-30 12:20 | Read:316 | Comments:0 | Tags:IT Security and Data Protection lessons school teaching trai

From the Desk of the CEO: TrustedSec Announces Professional Training Courses Online

TrustedSec has offered customized, in-person training to our clients for several years. With the need to move toward an online platform, TrustedSec has expanded our cutting edge training to help further educate and develop the Information Security industry. These offerings are designed to be some of the most effective instructor-led and live courses availabl
Publish At:2020-04-07 14:01 | Read:1210 | Comments:0 | Tags:Online Training Remediation Assistance & Training Training

Working from Home Tips for Script Kiddies

Working from home seems like a dream. What is everyone complaining about? I can’t think of anything better than working from my couch in my hoodie and boxers. I don’t have to make small talk. I don’t have to go outside. I can just sit by myself, crank out the code, and catch up on the last season of Mr. Robot. Working from home is going to rule! I don’t need
Publish At:2020-03-26 12:32 | Read:908 | Comments:0 | Tags:Leadership Training

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (simi
Publish At:2020-03-25 09:59 | Read:844 | Comments:0 | Tags:Business Risk Assessment Managed Services Operational Perfor

(Podcast) Episode 2: Cybersecurity Awareness with Graham Cluley

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best practice
Publish At:2020-02-11 07:40 | Read:1025 | Comments:0 | Tags:Podcast cybersecurity awareness Graham Cluley Tim Erlin trai

Why We Are Launching the TrustedSec Sysmon Community Guide

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the knowledge gained in working to detect attack
Publish At:2020-02-06 14:50 | Read:1087 | Comments:0 | Tags:Application Security Assessment Architecture Review Business

The importance of logs: You won’t see what you don’t log

Presentation on logging and auditing strategies (as given at Secure South West 11). Building on my blog post on Cisco’s security blog entitled The Importance of Logs, I put together a presentation that picks apart some of the practical aspects of building a successful logging capability focusing on the need to document “good” and curate 
Publish At:2019-09-19 17:35 | Read:1446 | Comments:0 | Tags:Presentations blue team hardening red team SecureSouthWest t

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:1472 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:1645 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

Use Infrastructure as Code they said. Easier to audit they said… (part 1)

Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing code reviews and if we&#
Publish At:2019-09-19 17:35 | Read:1544 | Comments:0 | Tags:Blog auditing devops devsecops infradev orchestration seceng

Tools

Tag Cloud