Bypassing 2FA using OpenID Misconfiguration
https://youst.in/posts/bypassing-2fa-using-openid-misconfiguration
Threat Research
Old .NET Vulnerability #5: Security Transparent Compiled Expressions (CVE-2013-0073)
https://www.tiraniddo.dev/2020/05/old-net-vulnerability-5-security.html?m=1
Cloud Security
Kubernetes-based infrastructure for CTF competitions
https://github.com/google/kctf
Offensive security
Abusing PKI in Active Directory Environment😃
https://www.riskinsight-wavestone.com/en/2021/06/microsoft-adcs-abusing-pki-in-active-directory-environment/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
https://youst.in/posts/bypassing-2fa-using-openid-misconfiguration
Threat Research
Old .NET Vulnerability #5: Security Transparent Compiled Expressions (CVE-2013-0073)
https://www.tiraniddo.dev/2020/05/old-net-vulnerability-5-security.html?m=1
Cloud Security
Kubernetes-based infrastructure for CTF competitions
https://github.com/google/kctf
Offensive security
Abusing PKI in Active Directory Environment😃
https://www.riskinsight-wavestone.com/en/2021/06/microsoft-adcs-abusing-pki-in-active-directory-environment/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
www.tiraniddo.dev
Old .NET Vulnerability #5: Security Transparent Compiled Expressions (CVE-2013-0073)
It's been a long time since I wrote a blog post about my old .NET vulnerabilities. I was playing around with some .NET code and found an iss...
expanding_security_toolbox.pdf
2.3 MB
• How much visibility do we have into the various elements of the organization?
• What data points does my security team currently utilize to detect and respond to
incidents?
• Does my security team write their own detections? If so, do we utilize all the data points identified above?
• When we consider our risk exposure
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
• What data points does my security team currently utilize to detect and respond to
incidents?
• Does my security team write their own detections? If so, do we utilize all the data points identified above?
• When we consider our risk exposure
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
LockBit_Case_Report.pdf
3.4 MB
LockBit RaaS In-Depth Analysis
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
exploit
CVE-2020-11235:
Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto / Compute / Connectivity / Consumer Electronics Connectivity /IOT / Industrial IOT / Mobile
https://github.com/PwnCast/CVE-2020-11235
CVE-2020-11238:
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto / Compute / Connectivity / Consumer Electronics Connectivity /IOT / Industrial IOT / Mobile
https://github.com/PwnCast/CVE-2020-11238
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
CVE-2020-11235:
Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto / Compute / Connectivity / Consumer Electronics Connectivity /IOT / Industrial IOT / Mobile
https://github.com/PwnCast/CVE-2020-11235
CVE-2020-11238:
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto / Compute / Connectivity / Consumer Electronics Connectivity /IOT / Industrial IOT / Mobile
https://github.com/PwnCast/CVE-2020-11238
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Risk Responses - FUNNY WAY TO LEARN.
Drunk and Drive.
Risk Avoidance = Don’t drink and drive.
Risk Transfer = Drink and drive in taxi.
Risk mitigation = Drink very lightly and drive.
Residual risk = From above. You’ll drive normally but if police caught you. You’re stuck. Still damage is less as no accidents might take place.
Risk Rejection = Drink and Drive anyways.
😁😁😁😁😁😁😁😁😁😁😁😁
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Drunk and Drive.
Risk Avoidance = Don’t drink and drive.
Risk Transfer = Drink and drive in taxi.
Risk mitigation = Drink very lightly and drive.
Residual risk = From above. You’ll drive normally but if police caught you. You’re stuck. Still damage is less as no accidents might take place.
Risk Rejection = Drink and Drive anyways.
😁😁😁😁😁😁😁😁😁😁😁😁
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
AZ-500: Microsoft Azure Security Technologies Practice Tests
5 complete practice tests & 3 case studies for Microsoft AZ-500 Certification Exam based on the latest syllabus
https://lnkd.in/dXDu2z4
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
5 complete practice tests & 3 case studies for Microsoft AZ-500 Certification Exam based on the latest syllabus
https://lnkd.in/dXDu2z4
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
The journey to Microsoft Certified: Azure Security Engineer Associate
https://lnkd.in/d7Ccy-m
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
#azure #cybersecurity #security #cloud #cloudsecurity #engineer #cyber #devops #aws
https://lnkd.in/d7Ccy-m
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
#azure #cybersecurity #security #cloud #cloudsecurity #engineer #cyber #devops #aws
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
یکی از آپدیتهای اخیر ویندوز 10
که گجت اخبار و آبوهوا را نمایش میدهد
باعث هنگ کردن ویندوز میشود
اگر این مشکل برای كاربران پیش آمد
روی تسکبار راست کلیک کنید
و از منوی News and interests
گزینهی Turn off را انتخاب نمایید
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
که گجت اخبار و آبوهوا را نمایش میدهد
باعث هنگ کردن ویندوز میشود
اگر این مشکل برای كاربران پیش آمد
روی تسکبار راست کلیک کنید
و از منوی News and interests
گزینهی Turn off را انتخاب نمایید
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
This media is not supported in your browser
VIEW IN TELEGRAM
چقدر
NDA
را از پيمانكاران و ….. جدي اخذ ميكنيد!؟
آيا nda شما در مراجع قضايي قابل پذيرش هست!؟حتما ضمانت اجراي و قانوني بودن آن و محكمه پسند بودن اين مستند را بررسي كنيد!؟
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
NDA
را از پيمانكاران و ….. جدي اخذ ميكنيد!؟
آيا nda شما در مراجع قضايي قابل پذيرش هست!؟حتما ضمانت اجراي و قانوني بودن آن و محكمه پسند بودن اين مستند را بررسي كنيد!؟
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
امنيت يك اند پوينت نيست نصب كنيم و تموم😊سرعت توسعه و رشد ابزار و راهكارها به حدي است كه شبكه و زيرساخت سازمان ميبايست براي حفظ امنيت انعطاف پذير باشد مگر نه از امنيت صرفا يك لب و دهان باقي مي ماند!
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
The Digital Forensics & Incident Response (DFIR) Analyst will work to address security incidents, hunt down security risks or incidents within the environment, and act as a supporting team member in Cyber Defense
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Frequently Asked Docker Interview Questions and Answers
#Docker #DockerHub #container #DockerInterview
https://reconshell.com/frequently-asked-docker-interview-questions-and-answers/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
#Docker #DockerHub #container #DockerInterview
https://reconshell.com/frequently-asked-docker-interview-questions-and-answers/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
Become Microsoft Certified LAST UPDATED JUNE 2021
https://lnkd.in/dUiwFtb
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
https://lnkd.in/dUiwFtb
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Awesome Shodan Search Queries
https://github.com/jakejarvis/awesome-shodan-queries
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
https://github.com/jakejarvis/awesome-shodan-queries
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.29
GitHub
GitHub - jakejarvis/awesome-shodan-queries: 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io…
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻 - jakejarvis/awesome-shodan-queries
This media is not supported in your browser
VIEW IN TELEGRAM
سن كه ميره بالا😁رول هاي دايورت بصورت پيشفرض ميشينند تو قواعد بازي🤓چقدر اين مشاركت ها رو دوس داشتم، اونم از اين مراجع 😊اما زمانم كم است😊
-!-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
-!-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
ادم لذت ميبره از مكاتبات با شركت هاي بين المللي امنيت، مهندس فروش درست، ….. تواتر ايميل درست، خدمت خوب …… احترام
شركت هاي حوزه امنيت، اقيانوس ابي است اگر فقط دنبال پول نباشيد، نباشند… از فروش سوييچ كنيد به مهندسي فروش!🤓
- نظم
- خوش قولي
-تعهد
- سلامت هم اضافه كنيد
كه به 😀
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
شركت هاي حوزه امنيت، اقيانوس ابي است اگر فقط دنبال پول نباشيد، نباشند… از فروش سوييچ كنيد به مهندسي فروش!🤓
- نظم
- خوش قولي
-تعهد
- سلامت هم اضافه كنيد
كه به 😀
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
This media is not supported in your browser
VIEW IN TELEGRAM
رشد تو مثل دومينو به رشد ادم ها در هر جاي دنيا تو حوزه تخصصيت مرتبطه😁لذت ببريم از رشد و كمك به يكديگر✌🏼
پ ن:
در ايران به ندرت فرهنگ تعامل و كار تيمي ديدم مخصوصا تو حوزه امنيت🤓اصلا يه وضعي
-مديريت مشاركتي-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
پ ن:
در ايران به ندرت فرهنگ تعامل و كار تيمي ديدم مخصوصا تو حوزه امنيت🤓اصلا يه وضعي
-مديريت مشاركتي-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
This media is not supported in your browser
VIEW IN TELEGRAM
خوب سياست بروز برگرفته از موسسه NIST و بهروش سنز و تهيه كردم جمع و جور- سياست البته😁 نميشه ايده آل هام رو دنبال كنم
بايد وقف بدم خروجي ها رو با شرايط
كمتر اذيت بشم 🤓
داشتم با يك دوست روسي گپ فرانكي 🤪ميزدم
ديد كسلم😊سورپرايز ام كرد با دوره هاي ٢٠٢٠ سنز🥳انصافا سورپرايز بود
گفتم چجوري جبران كنم، گفت مثل هميشه باش😜lol
اولين كار ارسال كل ديتا براي يه bro بود اون ور دنيا🤓✌🏼
پ ن: سي پي يوم بدون وقفه چند شبه داره با حقيقت ميجنگه🤓
-لينكدين-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30
بايد وقف بدم خروجي ها رو با شرايط
كمتر اذيت بشم 🤓
داشتم با يك دوست روسي گپ فرانكي 🤪ميزدم
ديد كسلم😊سورپرايز ام كرد با دوره هاي ٢٠٢٠ سنز🥳انصافا سورپرايز بود
گفتم چجوري جبران كنم، گفت مثل هميشه باش😜lol
اولين كار ارسال كل ديتا براي يه bro بود اون ور دنيا🤓✌🏼
پ ن: سي پي يوم بدون وقفه چند شبه داره با حقيقت ميجنگه🤓
-لينكدين-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30