CYBERSEC Mentoring me, mentoring you Jamie Collier explores the challenges around mentoring in infosec, and how more of us should be providing guidance to all around us.
TECHNICAL Bypass XSS filters using JavaScript global variables In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.
TECHNICAL Three Reasons Developers Hate Updating Programming Languages Why do Developers hate updating Programming Languages? In this article learn why, and gain insight from engineers who have a different viewpoint.
TECHNICAL Attacking Encryption Systems Cryptography is the science of secret writing, its usage dates back to ancient civilizations. It has two main components, encryption and steganography.
ChromeCast Leaks App Data One night I checked my local network for PS4 traffic, instead something else caught my attention. I saw something strange and this is the story of my ChromeCast bug.
CYBERSEC Up & Coming Hackers In this article I pay homage to awesome talent and namedrop my favorite up and coming hackers of 2019. These are a few of my favorite coders and engineers.
CYBERSEC Advice On Developing a Cyber Crisis Management Plan Practical advice for developing a cybersecurity crisis management plan and a closer look at is components.
TECHNICAL Shooting Rubber Bands At Firewalls How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.
TECHNICAL Notes On CVE-2019-0708 (RCE 0day) This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.
INFOSEC A Beginners Guide To The Dark Net & Protecting Yourself When Using It You already know about the surface web, it is the home of websites like Amazon, Google, and YouTube, but have you ever been to the dark web?
INFOSEC Chinese Threat Intelligence: Part Three In part three of Viking Sec's series on Chinese threat intelligence, we look at how China evolved from starving farmers into APT1.
A Hacking Methodology Explainer In this explainer I will attempt to explain hacking methodology in simple terms, because it can often be difficult for infosec outsiders to understand even the most commonly used terms.
CYBERSEC Chinese Threat Intelligence: Part 2 In part two of this three part series on Chinese threat intelligence we learn about Chinese Nationalism and the Chinese nation state hacking scene.
TECHNICAL Introduction To Serverless Security: Part 2 - Input Validation Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.
CYBERSEC Secure Browsing: My Personal Journey Infosec writer Miguel A. Calles shares his journey to secure web browsing and a review on a service that helped him achieve his browsing strategy with remote browser isolation.
INFOSEC Why Do Infosec People Wear Masks? Normal people are generally suspicious of someone who wears a mask, an obviously fake name, or does not present themselves as a real person.
INFOSEC Chinese Threat Intelligence: Part 1 A modern primer on threat intelligence in China and a non-specific inventory of the threats we're facing from China. Part one of a three part series.
TECHNICAL How To Technically Deal With An Intrusion On A Windows System It's late in the evening, you're getting ready to sleep when your phone rings, it's one of your relatives, "I think someone hacked into my computer, I need help". What's your next move?
TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
INFOSEC Small Businesses Need Remote Browsers More Than The Enterprise Small businesses need the protection of remote browser isolation more than large businesses, because their cost of failure is catastrophically higher.
TECHNICAL PowerShell Logging and Security This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.
TECHNICAL Homegrown Cyber Threat Intelligence With STIX2 and Couchbase Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.
INFOSEC Furious Fapping & Your Privacy The UK's PORN BLOCK is bringing back the embarrassing old days of buying dirty magazines at the newsagents for the new digital generation.
INFOSEC Someone May be Listening To You Through Your Smart Speaker The best way to protect your privacy with smart speakers is not to have one, because when you speak to it a stranger might be listening in.
INFOSEC How To Choose A Virtual Private Network (VPN) Provider This article will help you cut through the VPN vendor marketing confusion and help you choose a provider who is serious about your privacy.
