Tag: InfoSec Resources

Read the original article: 7 ways K-12 teachers can help close the cybersecurity skills gap Introduction Security professionals have grown ubiquitous across many industries. However, the workforce is still seeing a shortage of talent that actually has the knowledge and…

Read more →

Read the original article: Kwampirs malware: what it is, how it works and how to prevent it | Malware spotlight Introduction Supply chain compromise has become more of a concern as of late, with the appearance of COVID-19 affecting many…

Read more →

Read the original article: How to get security clearance and win more contracts Introduction Having a security clearance can increase your job options and make you a more sought-after employee. An individual is not authorized to obtain a clearance on…

Read more →

Read the original article: Security first: Compliance by design Introduction Whether it’s the General Data Protection Regulation (GDPR) or the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD), nearly every regulation or industry standard… Go on…

Read more →

Read the original article: Critical security concerns facing the technology industry Executive summary Of the top five most valuable brands in North America in 2019, four were information technology companies. Information technology has provided a backbone of innovation that is……

Read more →

Read the original article: Top 5 enterprise tools that have free home trials Introduction Cybersecurity threats and attacks are coming faster and more persistently than ever, especially with the scattered nature of companies and the altered day-to-day operations of nearly……

Read more →

Read the original article: Zoombombing: How it works and how to prevent it from happening to you Introduction COVID-19 is likely to be the Oxford English Dictionary’s word of the year for 2020. But as well as entering our lexicon…

Read more →

Read the original article: Starslord 2.0 malware: What it is, how it works and how to prevent it | Malware spotlight Introduction The sLoad malware was discovered for the first time in 2018. It delivers various Trojans to the infected…

Read more →

Read the original article: How to turn your IT team into a security team Introduction: IT teams vs. security teams Building a strong security team should be a priority for all organizations today. This includes companies that already have a…

Read more →

Read the original article: 2020 NIST ransomware recovery guide: What you need to know Introduction Over the past decade, a destructive piece of malware has grown from a novel concept into a digital epidemic. Now ransomware is causing a serious…

Read more →

Read the original article: Top 6 malware strains to watch out for in 2020 Introduction: The upsurge of malware Malware is a favorite way for cybercriminals to launch attacks. A number of malware types have made the news as responsible…

Read more →

Read the original article: Webinar summary: Digital forensics and incident response — Is it the career for you? Introduction Infosec held a webinar with Cindy Murphy to find out about what it takes to get started in digital forensics and…

Read more →

Read the original article: Cybersecurity manager certifications compared: CIPM vs. CISM vs. GSLC vs. CISSP Introduction: Management in the age of cybersecurity These days, no organization can run successfully without cybersecurity managers. In their oversight role, cybersecurity managers ensure staff……

Read more →

Read the original article: The business value of the CompTIA CASP+ employee certification Introduction Cybersecurity breaches continue to present serious challenges to organizations across every sector and of every size. In the first nine months of 2019, 7.9 billion data…

Read more →

Read the original article: Web server protection: Web server security monitoring Introduction Web server security is important in ensuring the correct operation of your websites. It allows you to identify vulnerabilities and any other security issues found to exist within…

Read more →

Read the original article: Overview of phishing techniques: Urgent/limited supplies Introduction The internet has made online shopping possible for all different types of suppliers and consumers. Online shopping is everywhere, whether it comes to social media-based “stores” or… Go on…

Read more →

Read the original article: How to use BitLocker in Windows 10 (with or without TPM) Introduction Possibly the most profound security enhancement that has become the norm for organizations in recent years is encryption. Early concepts of encryption were born…

Read more →

Read the original article: MITRE ATT&CK spotlight: Process injection Introduction It is no longer a surprise to discover that attackers have changed their attack methodologies and continue to improve the sophistication of their Tactics, Techniques and Procedures… Go on to…

Read more →

Read the original article: How To Use Microsoft Edge Security Features Introduction Microsoft Edge (Edge) is a web browser that was first released with Windows 10 back in 2015. Edge has essentially replaced Internet Explorer, as IE 11 is technically…

Read more →

Read the original article: Spam Filtering Introduction Anyone who has had email is well familiar with the often sloppy, bungling menace that is spam. You know that that Nigerian prince that keeps telling you he found money with your name…

Read more →

Read the original article: Federated Learning Introduction Privacy used to be so common (in the 1990s and early 2000s) that you literally could not escape it. Interactive advances in technology, social media not being the least of them, has… Go…

Read more →

Read the original article: Share Permissions in Windows 10 Introduction Sharing files and folders is both a basic and essential task performed by nearly all organizations on a daily basis. It allows organization employees to share organization resources… Go on…

Read more →

Read the original article: Encrypted File System (EFS) in Windows 10 Introduction Everybody is talking about information security these days because it literally impacts anyone who uses (relatively) modern electronic devices. Of the many ideas to bolster information… Go on…

Read more →

Read the original article: Free online cyber security training: Courses, hands-on training, practice exams Technology is changing — fast. Vanishing security perimeters and increasingly remote workforces are speeding the pace of digital transformation, along with the demand for skilled cyber…

Read more →

Read the original article: ICS/SCADA Social Engineering Attacks Introduction ICS/SCADA systems are essential to the daily operations of utility companies and industrial manufacturers. Due to their importance, these vulnerable systems are targets for attack. These… Go on to the site…

Read more →

Read the original article: Overview of phishing techniques: Compromised account Introduction One phishing technique that has gotten a significant amount of mileage in recent years is known as the compromised account technique. This technique relies on the behavior of a…

Read more →

Read the original article: How to work with HR or recruiters to improve your cybersecurity hiring strategy Introduction: Is there a talent gap in your organization? With the IT security industry’s skills shortage and the high demand for advanced cybersecurity…

Read more →

Read the original article: Intrusion Detection and Prevention for ICS/SCADA Environments Introduction Although the target audience for this writing is information security professionals such as ICS & SCADA or automation managers and engineers, it may also be useful to other…

Read more →

Read the original article: SIEM for ICS/SCADA Environments Introduction Security Information and Event Management (SIEM) solutions are the traditional IT go-to for organizations looking to get the most out of their vast information load, which includes… Go on to the…

Read more →

Read the original article: 6 ways to address the OWASP top 10 vulnerabilities Introduction The OWASP top 10 list of vulnerabilities has long been the source of data that information security professionals trust with making critical security decisions. There are…

Read more →

Read the original article: How To Audit Windows 10 Application Logs Introduction The Audit feature in Windows 10 is a useful carryover from prior Windows versions. It allows Windows 10 users and administrators to view security events in an audit…

Read more →

Read the original article: Web server security: Active defense Introduction Active defense is an approach taken to prevent attacks from adversaries. In this article, we discuss the various active defenses and countermeasures that can be enforced in an attempt to……

Read more →

Read the original article: Firewalls For ICS/SCADA Environments Introduction Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) environments are facing increasing exposure to the internet, giving nefarious parties and malicious… Go on to the site to read…

Read more →

Read the original article: Cyber Work Podcast: Teach yourself cybersecurity with skills-based education with John Wagnon Introduction In this episode of Infosec’s Cyber Work Podcast series, host Chris Sienko speaks with John Wagnon, Senior Solution Developer at F5 Networks. They…

Read more →

Read the original article: VulnHub CTF Walkthrough: Sar 1 In this article, we will solve a Capture the Flag (CTF) challenge which was posted on Vulnhub. As you may know from previous articles, vulnhub.com is a platform which provides vulnerable……

Read more →

Read the original article: Phishing techniques: Contest winner scam Introduction: Phishing is evolving via bogus online ads and webmail Phishing scams are among the most serious and pervasive frauds operating today. One of the most used tactics is a scheme…

Read more →

Read the original article: Certifications compared: GCFA vs. CSFA vs. CCFP Introduction: The importance of forensic analysts An increase in computer crimes is driving the need for more certified forensics analysts. These specialists have a crucial role in gathering… Go…

Read more →

Read the original article: Understanding Windows Services Introduction In order to understand the functions that Windows services perform, we need to first understand the role breakdown of Windows systems in general.  Many people have heard of… Go on to the…

Read more →

Read the original article: Cyber Work Podcast: Growing the number of women in cybersecurity with Olivia Rose Introduction Cybersecurity is a field on the cutting edge, yet when it comes to gender parity, there’s still much progress to be made.…

Read more →

Read the original article: COVID-19: How criminals take advantage of the pandemic Introduction Cybercriminals are taking advantage of the feeling of widespread panic to carry out new waves of cyberattacks. The latest headlines are reporting everything phishing to malware campaigns……

Read more →

Read the original article: Windows 10 Auditing Features Introduction “At 7:04am on July 22nd, our bad actor successfully obtained access to the user’s workstation. At 7:06am, they attempted to install malicious programs but were… Go on to the site to…

Read more →

Read the original article: Web Traffic Analysis Introduction: Significance and Impact In 2018 DayTrek Corp, a broadband and data communications company in the UK discovered a cross-site request-exploit on their routers. Attackers would hack into… Go on to the site…

Read more →

Read the original article: Understanding Windows Registry Introduction Let’s say a user just finished installing a piece of recommended software. They weren’t really familiar with the source, but the potential benefits would be excellent. Immediately after… Go on to the…

Read more →

Read the original article: Windows Internals for Malware Analysis Introduction This article defines Windows internals and illustrates tools which can be used to explore Windows internal systems. We’ll be defining malware and describing how they can be analyzed by… Go…

Read more →

Read the original article: Keeping Alexa out of the boardroom (and the bedroom office): IoT security tips for remote employees Introduction  I can’t help myself. I find myself liking Alexa. She/he/it isn’t exactly a friend, but I can play music…

Read more →

Read the original article: Symfonos 5.2: CTF Walkthrough Introduction In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author named ‘Zayotic.’ As per the description given by the…

Read more →

Read the original article: Phishing techniques: Expired password/account Introduction Nowadays, a fair number of phishing attacks have been linked to expired password scams. This is a tactic used to steal identifying information and account access by luring users into… Go…

Read more →

Read the original article: Hack the Box (HTB) machines walkthrough series — Forest Today we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named…

Read more →

Read the complete article: b’Overview of Phishing Techniques: Fake Websites’ This post doesn’t have text content, please click on the link below to view the original article.   Advertise on IT Security News. Read the complete article: b’Overview of Phishing…

Read more →

Read the complete article: b’Lampion malware: what it is, how it works and how to prevent it | Malware spotlight’ This post doesn’t have text content, please click on the link below to view the original article.   Advertise on…

Read more →

Introduction In 2018, the world was faced with the Ryuk ransomware strain. The responsibility for this ransomware attack was originally placed squarely in the camp of a state-sponsored North Korean… Go on to the site to read the full article…

Read more →

In this article, we will find an answer to a Capture the Flag (CTF) challenge published on VulnHub. As you may know from previous articles, VulnHub.com is a platform which provides vulnerable… Go on to the site to read the…

Read more →

Introduction Ransomware is not new at this point in time and will be with us for the foreseeable future, as new types of ransomware are constantly emerging. And sometimes, new ransomware makes a big… Go on to the site to…

Read more →

Introduction For those with a passion for information security and a mind for auditing, the role of information security auditor is tailor-made. Not only does it allow you to work in information… Go on to the site to read the…

Read more →

Introduction Cybercriminals understand that your website is not only the face of your organization, but often also its weakest link. With just one misconfigured port, malicious spearphishing email or… Go on to the site to read the full article  …

Read more →

Introduction The need for talented cybersecurity professionals is on the rise, but a huge amount of job postings go unfilled. Why is that? Cybersecurity is in the midst of a “skills gap,” a situation… Go on to the site to…

Read more →

Introduction Firewalls are an integral part of the tools necessary in securing web servers. In this article, we will discuss all relevant aspects of web application firewalls. We’ll explore a few… Go on to the site to read the full…

Read more →

Introduction Understanding network behavior is a prerequisite for developing effective incident detection and response capabilities. ESG research has found that 87 percent of companies use Network… Go on to the site to read the full article   Advertise on IT…

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named Postman. HTB is an excellent platform that… Go on to the site to…

Read more →

Introduction Adequate web server security requires proper understanding, implementation and use of a variety of different tools. In this article, we will take a look at some command line tools that… Go on to the site to read the full…

Read more →

Today we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named JSON. HTB is an excellent platform that… Go on to the site to…

Read more →

Introduction In January 2020, industrial cybersecurity firm Dragos released the North American Electric Cyber Threat Perspective, referred to as the Dragos report. This report summarized findings… Go on to the site to read the full article   Advertise on IT…

Read more →

Introduction In this episode of Infosec’s Cyber Work podcast series, host Chris Sienko speaks with Ted Shorter. Ted is co-founder and CTO of Keyfactor, a computer security firm. He has worked in… Go on to the site to read the…

Read more →

Introduction This article defines logical instructions as executed by x86 processors. It goes on to describe four key classifications of logical instructions in brief. This article is designed for… Go on to the site to read the full article  …

Read more →

Introduction This article will define network reverse engineering, list tools used by reverse engineers for reverse engineering and then highlight the network basics required by such engineers. The… Go on to the site to read the full article   Advertise…

Read more →

Introduction In this article, we will discuss the various methods one could take to perform reconnaissance on the SNMP protocol. As you may know, SNMP reveals too much information about targets that… Go on to the site to read the…

Read more →

Artificial intelligence and machine learning trends Although artificial intelligence and its subfield of machine learning have been applied in cybersecurity for some time, the speed of adoption is… Go on to the site to read the full article   Advertise…

Read more →

Introduction This article will introduce readers to the assembly concepts in relation to the stack. We will discuss basic concepts related to stack and various registers, and the instructions used… Go on to the site to read the full article…

Read more →

Introduction In the previous article, we discussed how if statements can be spotted in the disassembly of a binary. We learned that if conditions are translated to conditional jumps when exploring… Go on to the site to read the full…

Read more →

Introduction Single-stepping is one of the most powerful features of a debugger, as it allows a reverse engineer to execute a single instruction at a time before returning control to the debugger…. Go on to the site to read the…

Read more →

Introduction Ransomware is one of the biggest threats faced by organizations today. After encrypting all files on servers and desktops, ransomware perpetrators demand payment before decrypting what… Go on to the site to read the full article   Advertise on…

Read more →

Introduction In this article, we shall discuss some stealthy reconnaissance techniques that should be employed during a hacking exercise. It’s important to know which scan to use, especially when you… Go on to the site to read the full article…

Read more →

Introduction “Memento mori” is Latin for “Remember that you are mortal.” According to tradition, this phrase was whispered to triumphant Roman military commanders on parades, to remind them they… Go on to the site to read the full article  …

Read more →

Introduction This article defines Virtual Private Network (VPN) and the three basic connection types of VPN: remote user, third-party to mask source IP and user activities, and site-to-site-VPN. It… Go on to the site to read the full article  …

Read more →

Introduction to race conditions Race condition vulnerabilities are an artifact of parallel processing. The ability to run multiple different execution threads in parallel can create vulnerabilities… Go on to the site to read the full article   Advertise on IT…

Read more →

Introduction DLL load order hijacking is a popular technique used to force a legitimate program to load a malicious DLL file in Windows by abusing Windows’ DLL load order feature. In this article, we… Go on to the site to…

Read more →

Introduction This article defines arithmetic instructions as executed by x86 processors. It goes on to describe in brief, four key classifications of arithmetic instructions: addition, subtraction,… Go on to the site to read the full article   Advertise on IT…

Read more →

Introduction If the last five years or so have proven anything, it is that ransomware is here to stay as a threat in the cybersecurity wild. This should not be used as rationale to simply ignore the… Go on to…

Read more →

Introduction The battle between cybersecurity and malicious files is ever-changing, as the goalposts are always being moved. Whenever analysts figure out a way to reverse-engineer a particular type… Go on to the site to read the full article   Advertise…

Read more →

Introduction Like many other phishing scams featured on this site, friends-and-family imposter scams are common. These scams usually begin with a phone call impersonating a friend or relative, or… Go on to the site to read the full article  …

Read more →

Introduction This article will briefly discuss conditionals and jump instructions. Conditionals are commonly used in assembly for comparison so that other instructions can make use of the output… Go on to the site to read the full article   Advertise…

Read more →

Introduction The principle of least privilege is an essential component of information assurance and security activities. According to the National Institute of Standards and Technology (NIST),… Go on to the site to read the full article   Advertise on IT…

Read more →

Introduction With the evolution of the internet, online services have grabbed the attention of every sector, including the government. Nowadays, online amenities are available in almost all… Go on to the site to read the full article   Advertise on…

Read more →

Introduction: How Linux fits into an IT career It is becoming increasingly valuable for an IT professional to have advanced Linux skills, as employers are on the lookout for qualified open-source… Go on to the site to read the full…

Read more →

Modbus Modbus is a serial communication protocol developed by Gould-Modicon systems (now Schneider Electric) in 1979 for integrating and using it with PLCs (Programmable Logic Controller). Modbus has… Go on to the site to read the full article   Advertise…

Read more →

As of January 2020, there are almost 4.54 billion people around the world that are active internet users. This means that the internet is reaching just past 59 percent of the world’s population. … Go on to the site to read…

Read more →

Defending against cybercrime Cybercrime bears tremendous costs for organizations, with some estimates showing the annual cost of cybercrime to reach $6 trillion by 2021. But while there’s no shortage… Go on to the site to read the full article  …

Read more →

If there is one thing that can’t be denied, the Web has made the world a smaller place. People are able to work together towards common goals from across the planet, hang out, game and teach without… Go on to…

Read more →

Introduction When I was working on this article, I was trying to figure out something witty for the title, but all I kept coming up with was “Fear and Loathing in UAC.” Very few built-in… Go on to the site…

Read more →

Introduction When I was working on this article, I was trying to figure out something witty for the title, but all I kept coming up with was “Fear and Loathing in UAC.” Very few built-in… Go on to the site…

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named Joker. HTB is an excellent platform that… Go on to the site to…

Read more →

Introduction In this article, we will discuss the top techniques that hackers use today when performing privilege escalation within Windows machines. Where necessary, we shall give examples of the… Go on to the site to read the full article  …

Read more →

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named Chatterbox. HTB is an excellent platform… Go on to the site to read…

Read more →

Introduction In this episode of Infosec’s Cyber Work Podcast series, host Chris Sienko spoke with Adam Darrah about foreign vote tampering and other election security concerns for the upcoming 2020… Go on to the site to read the full article…

Read more →

Introduction As cybersecurity conferences worldwide cancel events, the impact of the coronavirus (COVID-19) on the industry comes close to home. At least two people who attended the annual RSA… Go on to the site to read the full article  …

Read more →

Introduction Industrial Control Systems, or ICS, have been the target of malware for some time now. Most of these threats target Windows systems and Windows processes, and aside from targeting… Go on to the site to read the full article…

Read more →

Introduction This article on logs and web server security continues the Infosec Skills series on web server protection. While there are many active and passive defenses that can be employed to… Go on to the site to read the full…

Read more →

Introduction For many organizations, the role of information security (IS) manager is both pivotal and strategically important. Among their many responsibilities are managing an organization’s… Go on to the site to read the full article   Advertise on IT Security…

Read more →

Introduction In the previous article, we discussed how if statements can be spotted in the disassembly of a binary. We learned that if conditions are translated to conditional jumps when exploring… Go on to the site to read the full…

Read more →

Today we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is of an HTB machine named Sneaky. HTB is an excellent platform that… Go on to the site to…

Read more →