INFOSEC How Not to CISO - Tools Before Capabilities Tools are stepping stones in maturity and capability within an organization. In this article we take a look at how not to approach investing in infosec tools.
CYBERSEC How To Handle A Data Breach Crisis ‘Crisis’ is not a word that sensible people like and is best avoided altogether. Let's imagine that a cybersecurity crisis ambushes you when you least expect it.
CYBERSEC Secure Password Handling in Depth Infosec never gets bored of talking about passwords. In this article we deep dive into the consensus around web application password handling.
TECHNICAL Using Serverless Frameworks - Part 1 Serverless has become a movement in application development because it allows developers to focus on code and leave infrastructure to the providers.
CYBERSEC Getting Started With Objection + Frida How to get started assessing iOS apps on a nailed device using Objection. which enables us to assess an iOS app in an environment using Frida.
CYBERSEC Quantum Computing 101 - Part One Quantum Physics studies the behavior of matter & energy at the molecular, atomic & nuclear levels and it will have a huge impact on secure computing.
TECHNICAL False Flags In Threat Attribution The entire concept of threat attribution is tremendously flawed argues security researcher Matt Telfer. In this article we take a closer look at false flags.
INFOSEC The Browser Is A Bitch We love browsers, they are our window to the world, we love browsers so much that we have fought wars over them, but sadly the browser is not your friend.
INFOSEC Lets Talk About Ciphers Ciphers have been used since ancient times for sending encrypted messages which could not be read if they were intercepted by a third party.
TECHNICAL Flaring The Blue Team - When You Confuse Them You Lose Them In this article, we take a closer look at a flaring script for report-uri, one that we will use to confuse and distract the blue team by sending them random false positives. #flaring
CYBERSEC Beyond Buzzword Bingo: A Measured Discussion of AI and Cybersecurity Within the infosec community, AI is either dismissed like vegan turkey or praised as the industry's magical elixir. In this article Jamie Collier delves into how the conversation can be improved.
CYBERSEC How To Build A Hash Cracking Rig In this article security researcher Sebastian Bicchi teaches us how to build a low-cost, but high quality cracking rig by repurposing a hardware crypto mining rig.
CYBERSEC Playing In The Dark Corners Of Windows With Alternative Data Streams In this article we look at the exploitation of ADS in the NTFS file system to conceal data secretly using the Stealth Alternative Data Stream, which cannot easily be detected.
CYBERSEC Small Businesses Face More Cyber Risk Now Than They Ever Have It’s a jungle out there, one with cybercriminals hiding behind every bush and the small business has become a top target for cybercriminals
CYBERSEC What Does A Cryptocurrency B2B Scam Look Like? With the arrival of new technologies, cryptocurrency scams are catching a second wind. Take a closer look at the scams targetting businesses.
TECHNICAL Malware Analysis Using Memory Forensics Malware analysis can be very simple or very complex. The goal of this article is to introduce a process of using free tools that entry-level analysts can use to collect data.
TECHNICAL An Introduction To Binary Exploitation Interested in binary exploitation? Then welcome to a very detailed beginners guide and introduction to help you start your journey's in binary exploitation!
INFOSEC From Passwords To Web Authentication Passwords safe aren't here to stay. Yet they are still needed. Read where we are with web authentication and where we are going.
CYBERSEC Passive Reconnaissance Using OSINT This article explores the basics and core aspects of OSINT from a reconnaissance perspective, in which we map out the entire public facing infrastructure of a target.
CTF Apache Struts2 CVE-2018-11776 POC Learn about the Struts2 Remote Code Execution vulnerability CVE-2018-11776, how to exploit and how to create a Proof of Concept (POC) with docker.
CYBERSEC Cryptocurrency Double Spending An introduction to cryptocurrency and a closer look at double spending, one of the many attacks affecting the security of some cryptocurrencies.
CYBERSEC Passwords & Human Psychology The problem with humans is that we want to protect our data but are not willing to make any effort to protect it, a good example is the passwords we choose.
CYBERSEC Mobile Infosec Challenge Walkthrough Infosec Mobile CTF - The goal of this challenge is to extract encrypted data plus its secret from a database embedded inside the application.
CYBERSEC Does it Equate? Does it equate? - Lets take a closer look at the most advanced threat actor we have seen, the Equation Group.
CYBERSEC How The Air Gap Got Its Groove Back The idea of using an air gap for cybersecurity is an old idea, it harks back to the good old days when we weren’t paranoid about being hacked through the air.
