Apr 14, 2020 Posted in blog, Cloud, Encryption, Featured, Information Security, Quick Tips, Windows

Azure – Security Best Practices

Azure Security Best Practices – Part 1

Hello and welcome again!

This time around, I’ve decided to make this blog post as a Part 1 of many several parts that will be released. There is just too much Azure security information to put up in a single post. So, my plan is to make multiple posts over time.

Azure has many great security features that not everyone may be aware of right from the start. This post will focus on some key areas of Azure, and how it can better enhance the security of the environment. Key focus will investigate security best practices for Azure.

Attending the BCAware Security Conference

Meeting Brian Krebs at the BCAware Conference

One of the most exciting parts of the BCAware conference was getting to meet Brian Krebs live in person!

During his talk he shared some interesting topics such as how cyber criminals are using websites similar to https://haveibeenpwned.com/

Except, that these “other” websites will actually list out the users leaked password(s) in plaintext. And, with this method attackers can now attack various social media, banking and other commonly used services online to possibly find valid emails/passwords to accounts.

Another topic was related to how cyber criminals determine how much money to ask for during a ransomware attack. The typical amount seems to point at about 10% of total revenue a business makes from the previous year. This way, they do not ask for too much or too little. It gets close to an amount that the organization can afford, and finds would be cheaper than to recover from backups or rebuilding the environment.

Read The Full Post

Dec 16, 2019 Posted in blog, Featured, Information Security

Passing the GCIH Exam

I’m proud to announce that I have now obtained my SANS – GIAC GCIH certification. It was a long process, and I pushed myself to get it done before the start of the New Year – 2020.

New SANS GIAC changes to exams

One thing that was particularly new for me compared to the other 2 SANS exams I’ve done was the lab questions. SANS with GIAC now has added a section that tests your knowledge through a virtual lab. Now, I have to say I think it’s actually pretty awesome! It puts your real world skills to the test to see if you can actually can apply needed practical skills. It also gives companies assurance that their employees are also getting and being tested on real hands on work and not just theory based topics.

Stealing Windows Wi-Fi WPA2-PSK Passwords through PowerShell

This week, I was hanging out with a friends, who happened to forget their Wi-Fi Password to connect a new device to their network. I decided, I would find a way and help them out so they could obtain the Wi-Fi password. It then led me to a thought, that a malicious attacker could technically use the same technique. Or, that it could be a good technique used when pen testing an environment. So, therefore, I have decided to make a blog post about it. Enjoy!

National Cybersecurity Awareness Month 2019

So, I ended up posting this much later than I anticipated. I originally had it ready for October. However, I had to make some final edits and had to delay it. None the less, here it is a month later!

Cyber security awareness month is coming up real soon. In October, it is nationally known as cyber security month. Many security leaders present important security topics. This is also a time where many companies, government units and various organizations educate their members on cyber security. Many hold training workshops, lectures and send out updates to their workers.

I’d like to highlight some key points that readers should try to implement and incorporate in their personal lives and at work.

The US Cert organization has built some excellent cyber security training.

There detailed reports and educational training can be found all for free à https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019