OSINT

New Kids On The Block (Part I)

Shodan is considered to be the standard for mass internet OSINT, however in this article n0mad researches alternatives and provides insight to why these tools should be included in your toolset.

CYBERSEC

How much do we really know?

Jonny B, shares his journey into hacking, where we learn about the challenges he faced, the resources that helped, some of the benefits of certifications, and the importance of Coding.

CYBERSEC

Mentoring me, mentoring you

Jamie Collier explores the challenges around mentoring in infosec, and how more of us should be providing guidance to all around us.

TECHNICAL Featured

Bypass XSS filters using JavaScript global variables

In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.

TECHNICAL

Three Reasons Developers Hate Updating Programming Languages

Why do Developers hate updating Programming Languages? In this article learn why, and gain insight from engineers who have a different viewpoint.

TECHNICAL

Attacking Encryption Systems

Cryptography is the science of secret writing, its usage dates back to ancient civilizations. It has two main components, encryption and steganography.

ChromeCast Leaks App Data

One night I checked my local network for PS4 traffic, instead something else caught my attention. I saw something strange and this is the story of my ChromeCast bug.

CYBERSEC

Up & Coming Hackers

In this article I pay homage to awesome talent and namedrop my favorite up and coming hackers of 2019. These are a few of my favorite coders and engineers.

CYBERSEC

Advice On Developing a Cyber Crisis Management Plan

Practical advice for developing a cybersecurity crisis management plan and a closer look at is components.

TECHNICAL

Shooting Rubber Bands At Firewalls

How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.

TECHNICAL

Notes On CVE-2019-0708 (RCE 0day)

This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.

INFOSEC

A Beginners Guide To The Dark Net & Protecting Yourself When Using It

You already know about the surface web, it is the home of websites like Amazon, Google, and YouTube, but have you ever been to the dark web?

INFOSEC

Chinese Threat Intelligence: Part Three

In part three of Viking Sec's series on Chinese threat intelligence, we look at how China evolved from starving farmers into APT1.

A Hacking Methodology Explainer

In this explainer I will attempt to explain hacking methodology in simple terms, because it can often be difficult for infosec outsiders to understand even the most commonly used terms.

CYBERSEC

Chinese Threat Intelligence: Part 2

In part two of this three part series on Chinese threat intelligence we learn about Chinese Nationalism and the Chinese nation state hacking scene.

TECHNICAL

Introduction To Serverless Security: Part 2 - Input Validation

Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.

CYBERSEC

Secure Browsing: My Personal Journey

Infosec writer Miguel A. Calles shares his journey to secure web browsing and a review on a service that helped him achieve his browsing strategy with remote browser isolation.

INFOSEC

Chinese Threat Intelligence: Part 1

A modern primer on threat intelligence in China and a non-specific inventory of the threats we're facing from China. Part one of a three part series.

TECHNICAL

How To Technically Deal With An Intrusion On A Windows System

It's late in the evening, you're getting ready to sleep when your phone rings, it's one of your relatives, "I think someone hacked into my computer, I need help". What's your next move?

TECHNICAL

Introduction To Serverless Security: Part 1 - Dependencies

Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.

INFOSEC

Small Businesses Need Remote Browsers More Than The Enterprise

Small businesses need the protection of remote browser isolation more than large businesses, because their cost of failure is catastrophically higher.

TECHNICAL

PowerShell Logging and Security

This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.

TECHNICAL

Homegrown Cyber Threat Intelligence With STIX2 and Couchbase

Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.

INFOSEC

Furious Fapping & Your Privacy

The UK's PORN BLOCK is bringing back the embarrassing old days of buying dirty magazines at the newsagents for the new digital generation.

INFOSEC

Someone May be Listening To You Through Your Smart Speaker

The best way to protect your privacy with smart speakers is not to have one, because when you speak to it a stranger might be listening in.