CYBERSEC Advice On Developing a Cyber Crisis Management Plan Practical advice for developing a cybersecurity crisis management plan and a closer look at is components.
TECHNICAL Shooting Rubber Bands At Firewalls How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.
TECHNICAL Notes On CVE-2019-0708 (RCE 0day) This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.
INFOSEC A Beginners Guide To The Dark Net & Protecting Yourself When Using It You already know about the surface web, it is the home of websites like Amazon, Google, and YouTube, but have you ever been to the dark web?
INFOSEC Chinese Threat Intelligence: Part Three In part three of Viking Sec's series on Chinese threat intelligence, we look at how China evolved from starving farmers into APT1.
A Hacking Methodology Explainer In this explainer I will attempt to explain hacking methodology in simple terms, because it can often be difficult for infosec outsiders to understand even the most commonly used terms.
CYBERSEC Chinese Threat Intelligence: Part 2 In part two of this three part series on Chinese threat intelligence we learn about Chinese Nationalism and the Chinese nation state hacking scene.
TECHNICAL Introduction To Serverless Security: Part 2 - Input Validation Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.
CYBERSEC Secure Browsing: My Personal Journey Infosec writer Miguel A. Calles shares his journey to secure web browsing and a review on a service that helped him achieve his browsing strategy with remote browser isolation.
INFOSEC Why Do Infosec People Wear Masks? Normal people are generally suspicious of someone who wears a mask, an obviously fake name, or does not present themselves as a real person.
INFOSEC Chinese Threat Intelligence: Part 1 A modern primer on threat intelligence in China and a non-specific inventory of the threats we're facing from China. Part one of a three part series.
TECHNICAL How To Technically Deal With An Intrusion On A Windows System It's late in the evening, you're getting ready to sleep when your phone rings, it's one of your relatives, "I think someone hacked into my computer, I need help". What's your next move?
TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
INFOSEC Small Businesses Need Remote Browsers More Than The Enterprise Small businesses need the protection of remote browser isolation more than large businesses, because their cost of failure is catastrophically higher.
TECHNICAL PowerShell Logging and Security This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.
TECHNICAL Homegrown Cyber Threat Intelligence With STIX2 and Couchbase Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.
INFOSEC Furious Fapping & Your Privacy The UK's PORN BLOCK is bringing back the embarrassing old days of buying dirty magazines at the newsagents for the new digital generation.
INFOSEC Someone May be Listening To You Through Your Smart Speaker The best way to protect your privacy with smart speakers is not to have one, because when you speak to it a stranger might be listening in.
INFOSEC How To Choose A Virtual Private Network (VPN) Provider This article will help you cut through the VPN vendor marketing confusion and help you choose a provider who is serious about your privacy.
INFOSEC The Mental Health Hackers We rarely talk about mental health issues in the infosec space, but it is both healthy and positive for everyone if we can talk about them openly, without judgement.
INFOSEC Tips For Awesome Infosec Conferences Security researcher Abartan Dhakal just returned from his first infosec CON's, here are his top tips for getting the best out of your conference trips.
INFOSEC SAST Isn't Code Review Static Application Security Test (SAST) is useful for checking your source code to find potential security vulnerabilities, but it isn't Code Review.
The Eternal Password Riddle Despite constant technological innovation going on all around us, password management still feels like a riddle, a good excuse to deep dive into information entropy.
TECHNICAL Curling With Hack The Box A fantastic technical write up of the Curling box challenge from Hack The Box and security researcher aPirateMoo.
INFOSEC Never Post A Picture Of Your Boarding Pass On Social Media Posting your boarding pass on social media may seem like a cool thing to do, but here are a ton of reasons why you shouldn't.
