CISO as a Service
5.17K subscribers
4.74K photos
770 videos
1.89K files
6.98K links
Founder @ DiyakoSecureBow | CISO as a Service (vCISO)
About Me
http://about.me/Alirezaghahrood

Follow Me on
🔵LinkedIn
https://www.linkedin.com/in/AlirezaGhahrood
🔴YouTube
https://www.youtube.com/AlirezaGhahrood
X
https://twitter.com/AlirezaGhahrood
Download Telegram
مثل انرژي گرفتن و لبخند
كمك به يكديگر سرشار از ورودي هاي خاص و متحير كننده✌🏼❤️🙏👍🏽😇
مي شود ساخت گرچه يك دانه گندم در مزرعه🤓


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
در سازمان شما طبقه بندي اطلاعات انجام شده!؟دارايي ها وزن دارند!؟ انباشت دارايي هاي مهم، اطلاعات و داده مشخص شده!؟

ريسك هاي آن چطور!؟

مسير هاي جلوگيري از نشت اطلاعات و يا دسترسي هاي غير مجاز به دارايي هاي طبقه بندي شده بواسطه ابزار و تكنولوژي مسدود و مديريت شده است!؟


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
Your platform for software quality management
The best toolbox for building better software. From continuous integration, and continuous analysis to empowering human code reviews with code intelligence
جذاب و كارا
https://scrutinizer-ci.com/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
دوره ترند و كارگاهي
دواپس😀


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
بعد تصرف خرمشهر سربازان عراقی نوشته بودند «آمدیم بمانیم» خرمشهر که ازاد شد رزمندگان ایرانی نوشتند آمدیم نبودید.

آری ایرانی شکست ناپذیر نیست می‌توان او را از خانه‌اش بیرون راند، خون‌ش بر زمین ریخت و سرزمینش را آتش کشید و تصرف کرد ولی بدانید روزی از همین خون برمیخیزد و انتقامش را میگیرد!


‎- كاش قسمت اعظم مسولين رو ميشد تگ ضد انقلاب زد زنداني كرد و مملكت رو درست ميساختيم
(هيچكس)-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
https://www.secjuice.com/blue-team-detection-darkside-ransomware/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
Threat Research
An Information Disclosure Bug in ISC BIND Server (PoC)
https://www.zerodayinitiative.com/blog/2021/6/15/zdi-21-502-an-information-disclosure-bug-in-isc-bind-server

Malware analysis
APT Ferocious Kitten
https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806

exploit
CVE-2020-8300:
Detect Citrix ADC SAML action or SAML iDP Profile config vulnerable to CVE-2020-8300 using Citrix ADC NITRO API (PoC)
https://github.com/stuartcarroll/CitrixADC-CVE-2020-8300

CVE-2021-31159:
Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (PoC)
https://github.com/ricardojoserf/CVE-2021-31159

Offensiv security
Router (D-Link, Zyxel, TP-Link, Huawei) exploitation tool that allows to disclosure network router admin password😁
https://github.com/EntySec/RomBuster


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
Certified_Pre_Owned.pdf
9.9 MB
Blue Team Techniques
"Certified Pre-Owned: Abusing Active Directory Certificate Services", 2021.
https://posts.specterops.io/certified-pre-owned-d95910965cd2
]-> Defensive Toolkit:مميزي اكتيو امن
PowerShell toolkit for AD CS auditing based on the PSPKI toolkit
https://github.com/GhostPack/PSPKIAudit


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
spoofing_downloaded_filename.pdf
1.9 MB
Whitepaper
"Spoofing Downloaded Filename's Extension
in Chromium", 2021.

// This whitepaper illustrates exploitation of an insufficient data validation vulnerability in the Chromium framework (CVE-2021-21123)


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
یه گله از فیل‌های چینی که ۱۵ ماهه در حال سفرند، حدودا ۵۰۰ کیلومتر دورتر از زیستگاه طبیعی خودشون دارن استراحت می‌کنن.
تو این مدت یک تیم هشت‌نفره ۲۴ ساعته اینها رو تحت نظر داشتن و این تصویر ناب رو امروز منتشر کردن.


‎-تصاوير ناب-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
This media is not supported in your browser
VIEW IN TELEGRAM
‎-قابل تامل و كمي فكر-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
گوگل پيرو حملات ساپلاي چي ن، يك فريمورك طراحي و پيشنهاد داده كه خوندنش خالي از لطف نيست🤓
Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html?m=1


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
پكيج هاي امنيت محور آژور ابري مايكروسافت
Waf
Fw
Siem
Edr
Policy
Compliance
Proxy
….
به شدت هيجان انگيزن، هم مطالب هم كار با اين ترند جذاب

پيشنهاد ميكنم يك نيم نگاهي داشته باشيد
امتحان اش هم براي ممبر هاي قديمي مايكرسافت ٤٥٪؜ كد تخفيف وچر صادر شده🤓
چرا كه نه
Protect data, apps, and infrastructure quickly with built-in security services in Azure that include unparalleled security intelligence to help identify rapidly evolving threats early—so you can respond quickly. ... Unify security management and enable advanced threat protection across hybrid cloud environments

https://azure.microsoft.com/en-us/overview/security/?cdn=disable

https://docs.microsoft.com/en-us/azure/security/fundamentals/overview

https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28
Web_Application_Penetration_Testing_E_Book__1624041422.pdf
13.3 MB
WEB APPLICATION PENETRATION TESTING


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
CHFI_v9_notes_1623959812.pdf
1.9 MB
CHFIv9 STUDY GUIDE


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Learn Azure in a Month of Lunches @MegaPack.pdf
3.8 MB
LEARN AZURE IN A MONTH OF LUNCHES


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Beginning Azure Functions.pdf
6.6 MB
Beginning Azure Functions
Building Scalable and Serverless Apps


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Azure Implementation.pdf
28.6 MB
Exam Ref 70-533 Implementing Microsoft Azure Infrastructure Solutions


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Microsoft Azure For Dummies @MegaPack.pdf
14.5 MB
Microsoft® Azure® For Dummies®


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Microsoft 365 Security Administration MS-500.pdf
34.1 MB
Microsoft 365 Security Administration: MS-500 Exam Guide


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Bypassing 2FA using OpenID Misconfiguration
https://youst.in/posts/bypassing-2fa-using-openid-misconfiguration

Threat Research
Old .NET Vulnerability #5: Security Transparent Compiled Expressions (CVE-2013-0073)
https://www.tiraniddo.dev/2020/05/old-net-vulnerability-5-security.html?m=1

Cloud Security
Kubernetes-based infrastructure for CTF competitions
https://github.com/google/kctf

Offensive security
Abusing PKI in Active Directory Environment😃
https://www.riskinsight-wavestone.com/en/2021/06/microsoft-adcs-abusing-pki-in-active-directory-environment/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29