Your Ad Here

Tuesday, October 30, 2018

Attack Overview - Video

There are generally two reasons an individual or an organization is attacked.  One, you are specifically targeted or two, you are a target of opportunity.
Any good hacker will take a few common steps to attack a site these can generally be ordered from 1-4.
  1. Reconnaissance
  2. Scanning
  3. Research Vulnerabilities
  4. Performing the attack
See the video here -  https://www.securityorb.com/general-security/attack-overview-video/

The SecurityOrb Show - An Interview with Haiti CyberCon Co-Founder Michel Arbrouet

HaitiCyberCon is an InfoSec/Hacker conference for professionals and enthusiasts alike located in Haiti, offering training as well interesting and inventive talks and workshops.  We had the opportunity to speak with MICHEL ARBROUET, the co-founder of the conference about the event, the goal of the event and some other interesting topics.

Listen to the interview here -  https://www.securityorb.com/conference/the-securityorb-show-an-interview-with-haiti-cybercon-co-founder-michel-arbrouet/

Monday, October 29, 2018

A Book Review of “Learning Malware Analysis” by Monnappa KA

In my latest book review, I took on the topic of malware analysis which is not often covered in security books or training centers.  In 2018, Packt Publishing released “Learning Malware Analysis” by Monnappa KA.  Monnappa works for Cisco Systems as an information security investigator focusing on threat intelligence and the investigation of advanced cyber-attacks, he is also a member of the Black Hat review board.

I found “Learning Malware Analysis” to be very informative, easy to read as well as follow, moreover I found the examples in the book easy to replicate which was priceless.  Many times in the examples associated with books, the labs never quit work out as stated and you are left trying to figure out that went wrong.  When Monnappa introduced a concept, he would define it and follow it up with an example or analogy to help the reader obtain a stronger comprehension.  If fact, throughout the whole book, he would end a paragraph, concept or idea with the term “for example” or “for instance”.  This was something I appreciated very much as some of the concepts can be uncharted territory even for the seasoned security practitioner.

Read more here -  https://www.securityorb.com/featured/a-book-review-of-learning-malware-analysis-by-monnappa-ka/

A Book Review of “Pentesting Azure Applications” by Matt Burrough

In this book review, I looked at the topic of pentesting cloud-based applications, specifically Microsoft’s Azure.  While the focus of the book was for Azure, a lot of the information will be beneficial no matter the cloud environment.  Even thought Cloud hosting has been around for several years, it is still a new technology and many senior security professionals are learning the do and don’ts of how to secure the infrastructure.
 
I found “Pentesting Azure Applications” to be informative and Matt does a great job of sharing links to additional information on topics that can help secure your Azure deployment(s).  In this aspect, while this book is meant to be used for pentesting Azure, it is also a great resource in securing and locking down your subscription.   Just by looking at and using the “Defender’s Tips” that Matt includes, you will definitely make your network and systems more secure.

The text consists of 8 chapters, each chapter stands by itself and there is no need to read chapters 1 thru 7, if you are looking to understand logging and alerting in chapter 8.  Below is a breakdown of each chapter and what can be found in each.  Since the book can be used for all levels of security testers, you may find that some chapters are more useful than others.  A lot of large pentesting firms have a team that handles the preparation and legal aspects for multiple teams, and you may want to jump straight to reconnaissance or network investigations chapters.
Read more here - https://www.securityorb.com/cloud-security/a-book-review-of-pentesting-azure-applications-by-matt-burrough/

Friday, September 14, 2018

Cyberwar Season 1 – Episode 3: Cyber Mercenaries



Authoritarian regimes are using spyware tools bought from private companies in the West. Hacker PhineasFisher targeted these companies to reveal their deals to suppress dissent.
Hey everyone I am on the third episode of “Cyberwar” hosted by Ben Makuch (@BMakuch) a national security reporter that travels the world to meet with hackers, government officials, and dissidents to investigate the ecosystem of cyberwarfare. They have been really entertaining and educational about the events and issues in information security and digital privacy on a global level.
Episode 1 looked at Anonymous
Episode 2 looked at The Sony Hack

Cyberwar Season 1 – Episode 2: The Sony Hack


Cyberwar Season 1 – Episode 2: The Sony Hack - https://www.securityorb.com/hack/cyberwar-season-1-episode-2-the-sony-hack/

So, I am on my second episode of “Cyberwar” hosted by Ben Makuch (@BMakuch) a national security reporter. Cyberwar is a show where Ben travels the world to meet with hackers, government officials, and dissidents to investigate the ecosystem of cyberwarfare.
The first episode looked into the decentralized group of international activist hackers known as “Anonymous” while episode 2 explores The Sony Hack.  At that time (2014) the Sony Hack was one of the worst attacks against a corporation.  Not only were embarrassing emails released, personal health records of employees and their family and social security numbers to name a few were dumped.  North Korea was named the culprit and many people assumed it was due to an upcoming release of a movie titled ‘The Interview” about the assassination of the North Korea leader.

Cyberwar Season 1 – Episode 1 Recap: Who is Anonymous?



I started watching a very interesting program titled “Cyberwar” hosted by Ben Makuch (@BMakuch) who is a national security reporter. The show is described as:
Ben Makuch travels the world to meet with hackers, government officials, and dissidents to investigate the ecosystem of cyberwarfare.
The first episode looked into the decentralized group of international activist hackers known as “Anonymous” which has been linked to numerous high-profile incidents over the years, including Internet attacks on governments, major corporations, financial institutions and religious groups.  A trademark for the online hacktivist group is a person wearing a Guy Fawkes mask.

A Book Review of "Practical Cyber Intelligence" by Wilson Bautista Jr.

A Book Review of "Practical Cyber Intelligence" by Wilson Bautista Jr. - https://www.securityorb.com/featured/book-review-of-practical-cyber-intelligence-by-wilson-bautista-jr/

Packt Publishing, in 2018 released “Practical Cyber Intelligence” by Wilson Bautista Jr. a retired military officer who holds the position of Director of IT and InfoSec at i3 Microsystems.

I found this book to be very informative, easy to read as well as easy to follow once I engaged it.  One of the key aspects that captured my attention pertained to the vital information and moreover the perspective into information security that is rarely discussed or examined in recent offerings.  As a practitioner in the information security field, this book can serve as a handbook for team leads, managers, directors and CISOs responsible for securing organizational assets. As an educator of information security, this book can serve as a key role in courses dealing with in the management of information security as a possible text, but definitely as supplemental reading text.