Category: InfoSec Resources

Read the original article: ICS/SCADA Wireless Attacks Introduction Wireless communication has gained attention in the industrial environment. Many organizations have moved from wired networks to wireless in order to provide IT networks with hassle-free… Go on to the site to…

Read more →

Read the original article: Security controls for ICS/SCADA environments Introduction  An Industrial Control System (ICS) is any technology used to control and monitor industrial activities. Supervisory control and data acquisition systems (SCADA) are a subset of ICS. … Go on to…

Read more →

Read the original article: Least Privilege Vulnerabilities Exploitation Case Study Introduction The principle of least privilege is a security concept that limits security exposure in IT environments through balancing security, productivity, privacy and risk. To put it simply,… Go on…

Read more →

Read the original article: Data execution prevention (DEP) in Windows 10 Introduction Does this sound familiar? “Sorry, not on the list.” “Oh come on! I was just in there five minutes ago! I just need to go get my coat.”…

Read more →

Read the original article: What is the NICE Cybersecurity Workforce Framework? Introduction: All about the NCWF The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST), is a partnership between government,… Go on…

Read more →

Read the original article: Netwalker malware: What it is, how it works and how to prevent it | Malware spotlight Introduction Netwalker is a data encryption malware that represents an evolution of the well-known Kokoklock ransomware and has been active…

Read more →

Read the original article: How to configure password policies in Windows 10 Introduction A password is one of the common methods to authenticate user identity. Windows OS comes with various authentication options like PIN, password, fingerprint and token, but the…

Read more →

Read the original article: Cryptography-based Vulnerabilities in Applications Introduction to cryptography Cryptography is designed to help protect the confidentiality, integrity and authenticity of data. By using an encryption algorithm, it is possible to transform data in a… Go on to…

Read more →

Read the original article: How to use Disk Quotas in Windows 10 Introduction Let’s say for a moment that it’s been a big family dinner and you’ve got one massive pie left for dessert. You ask who wants pie, and…

Read more →

Read the original article: SQL Injection Vulnerabilities Databases and the structured query language A database is designed to store data in an understandable and easily accessible way. Data is organized into tables, rows and columns, making it easy to… Go…

Read more →

Read the original article: Are apps stealing company secrets? Smart device privacy concerns for businesses Introduction Privacy often feels like it is something that can be bought, sold and/or simply ignored. So many people use the old and worn argument:…

Read more →

Read the original article: The False Claims Act and cybersecurity: Are third-party vendors putting you at risk? Introduction A government supplier law written over a century ago may seem outdated in the digital age, but it may be putting your…

Read more →

Read the original article: Data Security in Windows 10 Introduction By design, Windows 10 is more secure than its predecessors Windows 7 and Windows 8.1. That’s what the people from Microsoft say, anyway. One excellent measuring tool regarding security… Go…

Read more →

Read the original article: How to use AppLocker in Windows 10 What is AppLocker? AppLocker is an application whitelisting feature which helps an organization to control what apps and files can be run by the user. AppLocker was first introduced…

Read more →

Read the original article: Ramsay malware: What it is, how it works and how to prevent it | Malware spotlight Introduction The unique functionality of things normally makes them as much of a point of interest as an oddity. Malware…

Read more →

Read the original article: Are there any new cybersecurity threats that come with 5G technology? Introduction  5G technology has long been a source of controversy over health and security concerns. This is particularly true because the introduction of an open,…

Read more →

Read the original article: New Cisco report: SMB security posture catches up to enterprise counterparts Introduction Small-to-medium businesses (SMBs) have a lot of things to deal with. They have a huge number of responsibilities but not a lot of resources…

Read more →

Read the original article: How to align NICE Cybersecurity Workforce Framework KSAs with roles in your organization Introduction Dealing with the many emerging cybersecurity challenges is a daunting task. With the ever-increasing number of attacks and cybercriminals that constantly update…

Read more →

Read the original article: Format String Vulnerabilities C++ and strings The C++ programming language has a couple of different variable types designed to manage text data. These include C strings, which are defined as arrays of characters, and the C++……

Read more →

Read the original article: Command Injection Vulnerabilities What is a command injection vulnerability? Many applications are not designed to be wholly self-contained. They often access external systems as well, including databases, application programming… Go on to the site to read…

Read more →

Read the original article: Credential Management Vulnerabilities The importance of strong credential management Passwords are the most commonly-used method by which users authenticate to online accounts, computers and other systems. The reason for the massive… Go on to the site…

Read more →

Read the original article: CMMC relationship (mapping) to other frameworks Introduction Today, we are continuing our Infosec series on the new U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC). This article will focus on how the new Defense… Go…

Read more →

Read the original article: Analysis of ransomware used in recent cyberattacks on health care institutions Introduction In recent years, there has been a steady increase in the number of ransomware attacks on healthcare institutions. The pressure such institutions experienced as…

Read more →

Read the original article: How to configure Windows 10 firewall What is a firewall? A firewall is a device which monitors and filters all the incoming and outgoing network traffic and prevents unauthorized access to/within the network. The firewall is…

Read more →

Read the original article: Windows 10 Security Features Introduction Alexander Benoit, senior consultant and head of Competence Center Microsoft, said something during a Microsoft event in Orlando in September 2017: “Because the threat landscape… Go on to the site to…

Read more →

Read the original article: Key Elements of an Information Security Policy Learn about SCADA security policies Learn the process of developing a SCADA security policy. This skills course covers: ⇒ Developing SCADA security policy ⇒ Security frameworks and strategy ⇒ And… Go…

Read more →

Read the original article: AWS Essentials & Solution Architect Associate certification: The ultimate guide Introduction With the rapidly evolving cloud market and the COVID-19 pandemic, many organizations are looking for ways to adapt to the new normal. One of the…

Read more →

Read the original article: Understanding the CMMC model Introduction The threat of cybercrime has always been a concern for businesses of every size and across all industries, especially with losses linked to cybercrime are expected to exceed $5 trillion… Go…

Read more →

Read the original article: PonyFinal malware: What it is, how it works and how to prevent it | Malware spotlight Introduction to PonyFinal PonyFinal ransomware appeared for the first time in 2020. It is malware that relies on human-operated attacks,…

Read more →

Read the original article: Me and My Girlfriend 1: CTF walkthrough In this article, we will solve a Capture the Flag (CTF) challenge which was posted on VulnHub. As you may know from previous articles, VulnHub is a platform which…

Read more →

Read the original article: Key Elements of an Information Security Policy Learn about SCADA security policies Learn the process of developing a SCADA security policy. This skills course covers: ⇒ Developing SCADA security policy ⇒ Security frameworks and strategy ⇒ And… Go…

Read more →

Read the original article: SCADA & security of critical infrastructures [updated 2020] Introduction Current Scenario Industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems are critical components for the operation of industrial facilities and… Go on to…

Read more →

Read the original article: SCADA & Security of Critical Infrastructures [Updated 2020] Introduction Current Scenario Industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems are critical components for the operation of industrial facilities and… Go on to…

Read more →

Read the original article: Spamdexing (SEO spam malware) Introduction: About SEO spam — is my website a target? You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that……

Read more →

Read the original article: Top 8 cybersecurity books for incident responders in 2020 Introduction Are you passionate about incident response? Do you want to build upon your knowledge of how to mitigate cyberthreats? If yes, then you’d love the nuggets…

Read more →

Read the original article: CySA+: Studying for the exam [Updated 2020] Introduction: The merits of being certified as a cybersecurity analyst Many organizations are placing a greater value on hiring employees who have IT security certifications, illustrating the… Go on…

Read more →

Read the original article: Critical security concerns for the education industry Balancing cybersecurity & compliance requirements in a resource-limited industry Executive summary The education industry has become a top hacker target: birth certificates, Social Security… Go on to the site…

Read more →

Read the original article: How to identify and prevent firmware vulnerabilities Introduction As creators of computer software begin to take security vulnerabilities more seriously, hackers are increasingly targeting the lower ends of the computer stack in hopes of stealing… Go…

Read more →

Read the original article: DMV 1: VulnHub Capture the Flag (CTF) walkthrough In this article, we will find an answer to a Capture the Flag (CTF) challenge published on VulnHub by the author Jonathan. As per the information given by…

Read more →

Read the original article: 14 best open-source web application vulnerability scanners [updated for 2020] Learn Vulnerability Scanning Learn about vulnerability scanning tools. This skills course covers ⇒ Application and container scans ⇒ Analyzing vulnerability scans ⇒ Vulnerability scanning LEARN MORE… Go…

Read more →

Read the original article: Key findings from Infosec’s 2020 IT & security talent pipeline study Fewer challenges facing our industry are more pervasive than the cybersecurity talent shortage. It’s an advanced persistent threat of the human variety that impacts nearly…

Read more →

Read the original article: How to prevent burnout in a cybersecurity career Introduction: Picture, if you will …  It was just another Wednesday. As usual, Grace Adams had arrived punctually at 8:00, even though she had worked late yet again…

Read more →

Read the original article: 7 NICE Cybersecurity Workforce Framework categories: Everything you need to know Introduction In the world of cybersecurity, there are many roles to play. While those roles can vary, there is also the NICE (National Initiative for…

Read more →

Read the original article: Best Tools to Perform Steganography [Updated 2020] Learn about Steganography Explore how cryptographic hashing, stenography and other techniques are used to hide data. This skills course covers ⇒ Steganography ⇒ Cryptographic hashes ⇒ And more Start……

Read more →

Read the original article: Top 9 free security training tools Cybersecurity training is one of the best defenses against cyber attacks targeting organizations and individuals alike. Although security training is a tried-and-true defense against cyber attacks… Go on to the…

Read more →

Read the original article: Cookies: An overview of associated privacy and security risks Introduction Anyone who regularly browses the internet must have seen some sort of pop-up or other form of alert about the use of cookies. Some sites even…

Read more →

Read the original article: Security risks of outdated encryption: Is your data really secure? Introduction They say that those who fail to learn history are doomed to repeat it. A salient factor in the defeat of Austria by Prussia in…

Read more →

Read the original article: 4 tips for phishing field employees [Updated 2020] Phishing is easy. Let’s just get that out of the way. It’s easy for an attacker, and, if you have the right tools (such as InfoSec Institute’s PhishSim),…

Read more →

Read the original article: Cybersecurity consultant certifications — Explore your options Introduction: IT consultants for cybersecurity matters Cybersecurity consultants are the go-to professionals to devise best ways to protect an organization’s critical assets. Their role entails… Go on to the…

Read more →

Read the original article: djinn 1: CTF walkthrough, part 1 Introduction In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author named “0xmzfr.” As per the description given…

Read more →

Read the original article: Cyber Work podcast: Top soft skills and the Federal Cybersecurity Reskilling Academy Introduction In this episode of Infosec’s Cyber Work podcast, host Chris Sienko spoke with Chris Triolo, VP of customer success for Respond Software. They…

Read more →

Read the original article: Agent Tesla: What it is, how it works and why it’s targeting energy companies Introduction to Agent Tesla Agent Tesla appeared for the first time in 2014, but it has been just recently used for attacks…

Read more →

Read the original article: How to get promoted in a cybersecurity career Introduction: What the cybersecurity talent market looks like at the moment Are you considering a career in cybersecurity? If so, this is actually a great time to be…

Read more →

Read the original article: Vishing spikes as workforces go remote: 6 vishing prevention tips anyone can follow Introduction With thousands of teams worldwide being asked to work remotely to help contain the spread of COVID-19, scammers have a fertile ground…

Read more →

Read the original article: All My Stripes: The New Business Imperative of LGBTQ+ Inclusion “Don’t talk, just act. Don’t say, just show. Don’t promise, just prove.” -Hiroko Tsuchimoto As another LGBTQ+ Pride month comes to a close and I look…

Read more →

Read the original article: Can 2FA prevent breaches? Lessons learned from the SFO airport watering hole attack Introduction In March 2020, two websites serving customers of San Francisco International Airport were hacked. The websites used first-factor authentication only and the…

Read more →

Read the original article: Preventing cybersecurity employee burnout and churn: 6 tips for managers Introduction “Burnout” and “churn” are two words that probably send shivers down the spines of most cybersecurity managers. After all, employees who are “feeling the burn,”…

Read more →

Read the original article: Active Directory series: Unconstrained delegation Introduction In this article series, we will look into the most famous ways that can be used to attack Active Directory and achieve persistence. Note: Attacks discussed in this series have…

Read more →

Read the original article: Dark web fraud: How-to guides make cybercrime too easy Introduction to dark web fraud Dark web fraud constitutes a global information security problem. The widespread availability of how-to guides providing instructions on how to commit such…

Read more →

Read the original article: Blockchain Security Overview Introduction Despite being over a decade old, blockchain has only really taken off within the last few years. During this time, it has moved from a fad to the subject of serious research…

Read more →

Read the original article: Fundamentals of Blockchain Security Introduction The goal of blockchain is to create a fully decentralized, trustless digital ledger. This is an ambitious goal since most ledger systems in use today, such as those used to track…

Read more →

Read the original article: Ragnar Locker malware: what it is, how it works and how to prevent it | Malware spotlight Introduction The popularity of ransomware threats does not appear to be decreasing. Instead, more and sophisticated ransomware threats are…

Read more →

Read the original article: Active Directory series: SILVER TICKET Introduction In this article series, we will look into the most famous ways that can be used to attack Active Directory and achieve persistence. This article will be looking at the…

Read more →

Read the original article: Aqua 1: VulnHub Capture the Flag (CTF) walkthrough In this article, we will find an answer to a Capture the Flag (CTF) challenge published on VulnHub by the author yunaranyancat. As per the information given by…

Read more →

Read the original article: PoetRAT malware: what it is, how it works and how to prevent it | Malware spotlight Introduction As new malware constantly emerges, some have been taking advantage of recent events to make it easier to establish…

Read more →

Read the original article: Top 8 tips for office security when employees are working from home Introduction: Who’s minding the store? Cybersecurity has become even more high profile during the current COVID-19 pandemic. A recent warning from the UK National…

Read more →

Read the original article: Active Directory walkthrough series: GOLDEN TICKET Introduction In this article series, we will look at the most famous ways that can be used to attack Active Directory and achieve persistence. This article will focus on Golden…

Read more →

Read the original article: Microsoft certification update: MCSA & MCSE certifications retired Introduction It may have come as a shock to you that two of the leading Microsoft certifications, Microsoft Certified Solutions Associate (MCSA) and Microsoft Certified Solutions Expert (MCSE),…

Read more →

Read the original article: It’s October 1: VulnHub CTF walkthrough In this article, we will try to solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by Akanksha Sachin Verma. As per the description given…

Read more →

Read the original article: Cyber Work Episode Recap: How is the open exchange of information affecting cybersecurity? Introduction Cody Cornell, CEO of Swimlane, is a passionate advocate for the open exchange of security information. Infosec recently chatted with Cody about…

Read more →

Read the original article: Top 6 security best practices for agile development environments Introduction  Software development teams have had to change significantly to cope with the ever-evolving software markets. The high competition in the market has especially pushed firms to…

Read more →

Read the original article: How to stay cyber-secure at home with a secure home network Introduction: Working from home made secure Many companies across the world have been introducing their employees to the concept of working from home. Although the…

Read more →

Read the original article: DC 8: Capture the Flag (CTF) walkthrough In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author named Duca. As per the description given…

Read more →

Read the original article: Will CVSS v3 change everything? Understanding the new glossary The Common Vulnerability Scoring System (CVSS) enables organizations to use a common language when dealing with vulnerability threats. Since its initial release in 2003, CVSS has been…

Read more →

Read the original article: Capture the Flag: A walkthrough of EVM: 1 Introduction Welcome to my write-up for the EVM: 1 machine from VulnHub. This is a beginner-level, intentionally vulnerable virtual machine created for the purposes of testing and strengthening…

Read more →

Read the original article: Paradise malware: What it is, how it works and how to prevent it | Malware spotlight Introduction Meet Paradise, a malware that has been lurking in the wild since 2017. While it may not be a…

Read more →

Read the original article: Top eight podcasts episodes and webinars on closing the skills gap and starting a cybersecurity career Introduction: Expert-led digital audio and video files grow in popularity These days, employers are facing millions of unfilled IT security…

Read more →

Read the original article: Do you need a master’s degree in cybersecurity? Introduction One of the greatest challenges in landing a job in any field is demonstrating that you possess the knowledge and experience required for the role. This is…

Read more →

Read the original article: Digital forensics and incident response: Is it the career for you? Introduction When many of us think of detective work, we conjure up images of trench-coated detectives chasing bad guys down darkened alleyways or poring over…

Read more →

Read the original article: Security awareness training and cyber insurance: Prevention, treatment or both? Cybersecurity risk management: A business priority Managing cybersecurity risk should be a priority for all organizations, no matter the size or industry. Bad actors don’t discriminate…

Read more →

Read the original article: Capture the Flag (CTF) walkthrough: My File Server 1 In this article, we will solve a Capture the Flag (CTF) challenge which was posted on VulnHub. As you may know from previous articles, Vulnhub.com is a…

Read more →

Read the original article: How to scan email headers for phishing and malicious content Introduction Phishing emails are one of the most common attack vectors used by cybercriminals. They can be used to deliver a malicious payload or steal user…

Read more →

Read the original article: 5 takeaways from Bitdefender’s 2019 Hacked Off! report Introduction What’s the best way to fend off advanced cyberattacks? What keeps information security professionals awake at night? How do they rate their knowledge of cybersecurity issues? These……

Read more →

Read the original article: Five key lessons from the 2020 U.S. Cyberspace Solarium Commission report Introduction On March 11, 2020, the Cyberspace Solarium Commission (CSC), a governmental commission aiming to identify “a strategic approach to defending the United States in…

Read more →

Read the original article: Matrix 3 CTF walkthrough In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by Ajay Verma. As per the description given by the author, this is…

Read more →

Read the original article: CIP Introduction Common Industrial Protocol (CIP) was created by Open DeviceNet Vendors Association Company (ODVA) specifically for automating industrial processes for sharing the data among various… Go on to the site to read the full article…

Read more →

Read the original article: Should you phish-test your remote workforce? Introduction: New wave of phishing When the novel coronavirus pandemic began, it caused more than a medical emergency and lockdowns. Like many events before, it also caused an increase in…

Read more →

Read the original article: CK 00: CTF walkthrough [Part 1] In this article, we will solve a Capture the Flag (CTF) challenge that was posted on VulnHub by Vishal Biswas. Per the description given by the author, this is an easy-level…

Read more →

Read the original article: Open vs Proprietary Protocols Introduction To understand ICS/SCADA networks and how various components communicate with each other, we need to understand the underlying protocols that are being used by these systems. “Protocol”… Go on to the…

Read more →

Read the original article: 6 tips for getting a salary increase in cybersecurity Whether you’re saving up for a dream house or simply want some extra spending money on the weekend, getting a salary raise in cybersecurity will certainly help…

Read more →

Read the original article: Recruiting externally vs. training internally: 5 tips to improve your cybersecurity talent pipeline in 2020 Introduction If you are in the market for cybersecurity talent, you do not need to hear (again) just how hard it…

Read more →

Read the original article: Certifications compared: Linux+ vs RHCSA/RHCE Introduction: Linux talent most sought-after by employers In the past couple of years, there has been a growing demand for open source skills in order to fill shortage gaps. According to…

Read more →

Read the original article: How much can I make in cybersecurity? Introduction: The cybersecurity job market Cybersecurity is a growing field, and with the shortage of specialists expected to grow and the prospect of up to 3.5 million unfilled job…

Read more →

Read the original article: Critical security concerns for the financial services industry Compliance regulations in the financial services industry  The financial services industry is heavily regulated with compliance requirements focusing on the management of risk and fraud. The sector… Go…

Read more →

Read the original article: Outsourcing cybersecurity: What services to outsource, what to keep in-house The growing need for outsourced cybersecurity The growing number and sophistication of threats that organizations face daily puts a bigger demand on cybersecurity. With roaming users…

Read more →

Read the original article: Critical security concerns facing government Challenge 1: Staying compliant If the government enforces regulations, then its various departments and functions must also comply with those same regulations. Major data security regulations… Go on to the site…

Read more →

Read the original article: Cybersecurity budgeting and spending trends 2020: How does yours compare? Cybersecurity spending grows Protecting data and assets becomes more complicated as threats evolve. Cybersecurity budgets continue to grow every year, reflecting this complexity. Analyst data shows……

Read more →

Read the original article: Critical security concerns facing the energy & utility industry A perfect storm of technical & human vulnerabilities The global dependency and wide use of utility companies makes the system highly vulnerable to both natural and human-made…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — Mango Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — Registry Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named…

Read more →