TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
INFOSEC Small Businesses Need Remote Browsers More Than The Enterprise Small businesses need the protection of remote browser isolation more than large businesses, because their cost of failure is catastrophically higher.
TECHNICAL PowerShell Logging and Security This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.
TECHNICAL Homegrown Cyber Threat Intelligence With STIX2 and Couchbase Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.
INFOSEC Furious Fapping & Your Privacy The UK's PORN BLOCK is bringing back the embarrassing old days of buying dirty magazines at the newsagents for the new digital generation.
INFOSEC Someone May be Listening To You Through Your Smart Speaker The best way to protect your privacy with smart speakers is not to have one, because when you speak to it a stranger might be listening in.
INFOSEC How To Choose A Virtual Private Network (VPN) Provider This article will help you cut through the VPN vendor marketing confusion and help you choose a provider who is serious about your privacy.
INFOSEC The Mental Health Hackers We rarely talk about mental health issues in the infosec space, but it is both healthy and positive for everyone if we can talk about them openly, without judgement.
INFOSEC Tips For Awesome Infosec Conferences Security researcher Abartan Dhakal just returned from his first infosec CON's, here are his top tips for getting the best out of your conference trips.
INFOSEC SAST Isn't Code Review Static Application Security Test (SAST) is useful for checking your source code to find potential security vulnerabilities, but it isn't Code Review.
The Eternal Password Riddle Despite constant technological innovation going on all around us, password management still feels like a riddle, a good excuse to deep dive into information entropy.
TECHNICAL Curling With Hack The Box A fantastic technical write up of the Curling box challenge from Hack The Box and security researcher aPirateMoo.
INFOSEC Never Post A Picture Of Your Boarding Pass On Social Media Posting your boarding pass on social media may seem like a cool thing to do, but here are a ton of reasons why you shouldn't.
CYBERSEC Credential Stuffing Attacks Are Rising In Popularity, But They're Easy to Stop Why have rudimentary attacks such as credential stuffing become so common? Because hackers prefer to spend their time using more efficient and less costly attack methods.
INFOSEC Disclosure of Origin IP of The Exploits Trading Platform 0day.today Ever wondered where the origin server for the popular zero day exploit platform 0day-today is?
TECHNICAL Powershell CLM Bypass Using Runspaces Learn about Powershell's CLM and one of the ways you can bypass the Constrained Language Mode (CLM) using Runspaces.
INFOSEC How To Train Your Social Team To Deal With Security Researchers A guide for leaders who want to train their social media teams to deal with researchers reporting cyber security issues.
TECHNICAL How To Harden Your Docker Containers Properly securing your containers can be time consuming. This technical walkthrough will guide you through the steps involved in hardening your containers.
CYBERSEC What You Don't Know Can Hurt You “What you don’t know can't hurt you” is an old saying which does not really apply to infosec.
OSINT The Stoic Approach To OSINT The deep thinkers approach to OSINT. What if all you had was a search engine? A complete and total focus on observable evidence linked by inferences.
TECHNICAL Investigation - A Fraudulent App With Some Dangerous Permissions A security researcher is hot on the trail of the creators of a fraudulent Android app with some dangerous permissions, in this ongoing investigation and analysis.
INFOSEC The Poetry Of Infosec Let it never be said that the information security space does not have a poetic side, this Valentines day we saw an outpouring of romantic prose.
CTF HackTheBox Giddy Write Up Join security researcher Shaksham Jaiswal on a technical deep dive into HackTheBox's Giddy CTF.
TECHNICAL DNS over HTTPS (+ModSecurity WAF) One of the problems with DNS is that a query is sent over an unencrypted connection, anyone listening to the packets knows the websites you visit.
INFOSEC Long Live Non-Profit's The infosec community faces a unique challenge in persuading young talent not to do anything dumb or illegal and helping them positively harness their skills.
