search
top

National Cybersecurity Awareness Month 2019

National Cybersecurity Awareness Month 2019

So, I ended up posting this much later than I anticipated. I originally had it ready for October. However, I had to make some final edits and had to delay it. None the less, here it is a month later!

Cyber security awareness month is coming up real soon. In October, it is nationally known as cyber security month. Many security leaders present important security topics. This is also a time where many companies, government units and various organizations educate their members on cyber security. Many hold training workshops, lectures and send out updates to their workers.

I’d like to highlight some key points that readers should try to implement and incorporate in their personal lives and at work.

The US Cert organization has built some excellent cyber security training.

There detailed reports and educational training can be found all for free à https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019

Read more About This Post

Cybersecurity for Small Businesses

Cybersecurity for Small Businesses

The FTC (Federal Trade Commission) has recently created a whole section on cybersecurity awareness for small businesses. It can be viewed here –> https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity.

Best of all, the resources are all free to read and use within your own organization. When I first heard of the FTC doing this, I was glad because many smaller businesses find it difficult to obtain free security resources and expertise. There are a lot of small businesses that either state they have no resources, or they lack the funds for information security and awareness. Well, the posted information by the FTC is a great way for businesses to measure their current security practises.

What will I learn ?

Some of the topics discussed are:

  • ransomware
  • phishing emails
  • cyber insurance
  • physical security
  • information regarding the NIST framework
  • email security 

Read The Full Post

NCIX Data Breach

NCIX Data Breach

One of the biggest news items around recently has been the NCIX Breach. I was notified of it through a colleague prior to the media finding out about it through the following blog –> (https://www.privacyfly.com/articles/ncix_breach/). The blog details events that took place where a person uncovered hard drives left by the now bankrupt NCIX computer retailer. The warehouse housing these drives, and left over computers that belonged to NCIX were being sold off by the warehouse landlord. The information based off privacyfly’s blog seems to point towards the landlord illegally selling the data on the drives to recuperate lost rent. The big question here is how NCIX, or the team taking care of their assets after bankruptcy could allow this information to be sold. And, this also goes to show how NCIX has very weak security procedues in place to safeguard their most vital data (customer and employee data). Read The Full Post

SANS 542 – Winning the CTF Event – Coinage

SANS 542 – Winning the CTF Event

I just finished taking the SANS 542 vLive class on Web Application Penetration testing. During the last week (week 6) of the course, we have a CTF (Capture The Flag) event, where you team up with other classmates to exploit systems in a special SANS virtualized environment.

In our event, it started off being a bit unfair where the team I was on had 1 other person with me. While, the team on the other end had 4 members, so it was a 4 vs. 2 battle for most of the CTF. SANS has a similar environment as to one you would see at SANS Netwars. There is an area to create a team name, see your team rank and scores, as well as questions that are asked to you.

In the event our team thepentestninjas won the event leading the other team by over 100 points. We compromised all of the servers on the network, and completed the Level 3 mark. We however, got the very last system with 1 minute to spare.

SANS now has started a new program where they give out special SANS coins to winners of these types of events.

What is a SANS Pentest Coin?

(more…)

Wappalyzer – Identify technology on websites

Wappalyzer – Identify technology on websites

During one of my SANS vLive courses I am currently taking part in. My instructor introduced us to a nifty tool called Wappalyzer. He said he does use it as “one” of his tools of arsenal for pentesting servers and websites. I decided to take a look for myself since it wasn’t part of our SANS course. And, when you have a SANS instructor discussing a tool they use… well you just can’t go wrong by checking it out for yourself.

Finding technologies on a website

One of the most important aspects of pen testing online is to conduct proper recon. You need information to be able to devise a plan to more forward with the pen test. Information gathering is key and Wappalyzer can definetly help with recon. I decided to use Stealthbay.com as an example to see what type of technologies would show up. (more…)

« Previous Entries

top