Your Ad Here

Tuesday, October 30, 2018

Attack Overview - Video

There are generally two reasons an individual or an organization is attacked.  One, you are specifically targeted or two, you are a target of opportunity.
Any good hacker will take a few common steps to attack a site these can generally be ordered from 1-4.
  1. Reconnaissance
  2. Scanning
  3. Research Vulnerabilities
  4. Performing the attack
See the video here -  https://www.securityorb.com/general-security/attack-overview-video/

The SecurityOrb Show - An Interview with Haiti CyberCon Co-Founder Michel Arbrouet

HaitiCyberCon is an InfoSec/Hacker conference for professionals and enthusiasts alike located in Haiti, offering training as well interesting and inventive talks and workshops.  We had the opportunity to speak with MICHEL ARBROUET, the co-founder of the conference about the event, the goal of the event and some other interesting topics.

Listen to the interview here -  https://www.securityorb.com/conference/the-securityorb-show-an-interview-with-haiti-cybercon-co-founder-michel-arbrouet/

Monday, October 29, 2018

A Book Review of “Learning Malware Analysis” by Monnappa KA

In my latest book review, I took on the topic of malware analysis which is not often covered in security books or training centers.  In 2018, Packt Publishing released “Learning Malware Analysis” by Monnappa KA.  Monnappa works for Cisco Systems as an information security investigator focusing on threat intelligence and the investigation of advanced cyber-attacks, he is also a member of the Black Hat review board.

I found “Learning Malware Analysis” to be very informative, easy to read as well as follow, moreover I found the examples in the book easy to replicate which was priceless.  Many times in the examples associated with books, the labs never quit work out as stated and you are left trying to figure out that went wrong.  When Monnappa introduced a concept, he would define it and follow it up with an example or analogy to help the reader obtain a stronger comprehension.  If fact, throughout the whole book, he would end a paragraph, concept or idea with the term “for example” or “for instance”.  This was something I appreciated very much as some of the concepts can be uncharted territory even for the seasoned security practitioner.

Read more here -  https://www.securityorb.com/featured/a-book-review-of-learning-malware-analysis-by-monnappa-ka/

A Book Review of “Pentesting Azure Applications” by Matt Burrough

In this book review, I looked at the topic of pentesting cloud-based applications, specifically Microsoft’s Azure.  While the focus of the book was for Azure, a lot of the information will be beneficial no matter the cloud environment.  Even thought Cloud hosting has been around for several years, it is still a new technology and many senior security professionals are learning the do and don’ts of how to secure the infrastructure.
 
I found “Pentesting Azure Applications” to be informative and Matt does a great job of sharing links to additional information on topics that can help secure your Azure deployment(s).  In this aspect, while this book is meant to be used for pentesting Azure, it is also a great resource in securing and locking down your subscription.   Just by looking at and using the “Defender’s Tips” that Matt includes, you will definitely make your network and systems more secure.

The text consists of 8 chapters, each chapter stands by itself and there is no need to read chapters 1 thru 7, if you are looking to understand logging and alerting in chapter 8.  Below is a breakdown of each chapter and what can be found in each.  Since the book can be used for all levels of security testers, you may find that some chapters are more useful than others.  A lot of large pentesting firms have a team that handles the preparation and legal aspects for multiple teams, and you may want to jump straight to reconnaissance or network investigations chapters.
Read more here - https://www.securityorb.com/cloud-security/a-book-review-of-pentesting-azure-applications-by-matt-burrough/