HackDig : Dig high-quality web security articles for hackers

From the Desk of the CEO: TrustedSec Announces Professional Training Courses Online

TrustedSec has offered customized, in-person training to our clients for several years. With the need to move toward an online platform, TrustedSec has expanded our cutting edge training to help further educate and develop the Information Security industry. These offerings are designed to be some of the most effective instructor-led and live courses availabl
Publish At:2020-04-07 14:01 | Read:566 | Comments:0 | Tags:Online Training Remediation Assistance & Training Training

Working from Home Tips for Script Kiddies

Working from home seems like a dream. What is everyone complaining about? I can’t think of anything better than working from my couch in my hoodie and boxers. I don’t have to make small talk. I don’t have to go outside. I can just sit by myself, crank out the code, and catch up on the last season of Mr. Robot. Working from home is going to rule! I don’t need
Publish At:2020-03-26 12:32 | Read:413 | Comments:0 | Tags:Leadership Training

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (simi
Publish At:2020-03-25 09:59 | Read:313 | Comments:0 | Tags:Business Risk Assessment Managed Services Operational Perfor

(Podcast) Episode 2: Cybersecurity Awareness with Graham Cluley

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best practice
Publish At:2020-02-11 07:40 | Read:493 | Comments:0 | Tags:Podcast cybersecurity awareness Graham Cluley Tim Erlin trai

Why We Are Launching the TrustedSec Sysmon Community Guide

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the knowledge gained in working to detect attack
Publish At:2020-02-06 14:50 | Read:480 | Comments:0 | Tags:Application Security Assessment Architecture Review Business

The importance of logs: You won’t see what you don’t log

Presentation on logging and auditing strategies (as given at Secure South West 11). Building on my blog post on Cisco’s security blog entitled The Importance of Logs, I put together a presentation that picks apart some of the practical aspects of building a successful logging capability focusing on the need to document “good” and curate 
Publish At:2019-09-19 17:35 | Read:879 | Comments:0 | Tags:Presentations blue team hardening red team SecureSouthWest t

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:973 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:1127 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

Use Infrastructure as Code they said. Easier to audit they said… (part 1)

Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing code reviews and if we&#
Publish At:2019-09-19 17:35 | Read:1027 | Comments:0 | Tags:Blog auditing devops devsecops infradev orchestration seceng

Web Application Whitepaper

This document aims to analyse and explore data collected from technical assurance engagements during 2016. The original piece of data analysis was performed by two of our interns (Daniel and Chris) as part of Cisco’s intended contribution to the next Top 10 publication from OWASP however due to time constraints, our data points were not submitted. As a
Publish At:2017-10-27 17:20 | Read:3172 | Comments:0 | Tags:Whitepapers analysis HTML5 SDL training web

Hindering Lateral Movement

Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other sy
Publish At:2017-10-27 17:20 | Read:4978 | Comments:0 | Tags:Blog auditing blueteam redteam training Windows

Level up Your Security Training Through Engagement

We all can agree that security training is critical, but have you ever wondered why your organization does not share your same level of excitement when it comes training time?The majority of organizations struggle with getting employees motivated and enthusiastic about training. Many employees look at training as a quarterly or yearly checkbox with the goal
Publish At:2017-03-13 16:15 | Read:3726 | Comments:0 | Tags:Featured Articles Off Topic Engagement security training

Spear-Phishing Attack Installs Two PowerShell Backdoors on Victims’ Machines

An ongoing spear-phishing campaign is using malicious Microsoft Word documents to install two PowerShell backdoors on victims’ machines.FireEye as a Service (FaaS) first detected the operation in February 2017. The campaign appears to be targeting individuals who’ve played a part in submitting financial statements and other documents to the U.S.
Publish At:2017-03-08 22:35 | Read:3629 | Comments:0 | Tags:Latest Security News malware Phishing training

Keep your cookies safe (part 1)

What are cookies and why are they important? A cookie is a small piece of data sent from a website and stored in a user’s web browser and is subsequently includes with all authenticated requests that belong to that session. Some cookies contain the user session data in a website, which is vital. Others cookies are used for tracking long-term records of
Publish At:2016-11-20 02:20 | Read:5989 | Comments:0 | Tags:Blog phishing SDL training web

4 Lessons Learned from Offensive v Defensive Training

In June this year, Fifth Domain ran a ten-day cyberwar course for 21 participants. The course provided participants with both red-team (offensive) and blue-team (defensive) cyber operations exercises.During the first eight days, participants learned a number of principles, frameworks and technical skills that were then put into practice during the final two-
Publish At:2016-08-10 09:50 | Read:3455 | Comments:0 | Tags:Featured Articles Security Awareness Defensive Offensive sec


Share high-quality web security related articles with you:)