AZ-500 Course Introduction


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

AZ-500 Course Introduction
نمونه سوالات و پاسخ
مهندسي امنيت آژور- ابر/مايكروسافت


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

دوست عزيز و خوبم سلام
اگر لطف كنيد و اين پيام را براى كليه اشنايان در ايران بفرستيد كه همه گير شود ممنون خواهم بود🙏🏿

تا حالا شده وقتی از کنار مردان زحمت کشی که در سطل زباله دنبال کسب درآمد هستن ، رد بشین و دلتون براشون بسوزه...

با خودتون فکر کنین که چه جوری میشه بهشون کمک کرد...
فقط یک کار میشه کرد که:
خواهشاً
وقتی از
خامه
شیر
ماست
وایتکس
پنیر
ریکا
اب معدنی
استفاده کردین
ظروف پلاستیکی اش را محض رضای خداجداگانه
در نایلون جمع کنین
و بعد جداگانه
بگذارید کنار سطل زباله.

دیگه این افراد مجبور نیستند
تا کمر برن تو سطل آشغال كه ما از یک کیلومتری اش به خاطر بوی تعفن و میکروبش رد هم نمیشیم.

این حداقل کمکی است که به اینها میشه.
خیلی شاد ميشن وقتی نایلون بزرگ آماده را یکجا برمیدارن
خواهش میکنم.
این پیام مرا تا جایی که میشه
و می تونین انتشار بدین🙏🏿
از همین حالا شروع کنین. کسی که میاد زباله ها را میبره اسمش، پیک بهداشت است. چطوری دلمون راضی میشه بگیم آشغالی .اينها هم زن و بچه دارن. خیلی زحمت میکشن برای اینکه نون حلال ببرن سر سفره.
لطفا این کار کوچیک رو انجام بدین ممنون🙏🏻🙏🏻🙏🏻


‎-هموطن-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

On Establishing a Cloud Security Program

Congratulations! You have been tasked with establishing a cloud security strategy. Now what?
In this post, I’m going to walk through actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering.

The Goal: a Roadmap for Cloud Security Teams
Security strategies focusing on cloud native solutions are becoming prominent within the industry, but it feels like everyone is trying to - due to a lack of shared knowledge - reinvent the wheel every time
https://www.marcolancini.it/2021/blog-cloud-security-roadmap


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

exploit
A PoC for CVE-2021-27850
affecting Apache Tapestry and leading to unauthencticated RCE
https://github.com/kahla-sec/CVE-2021-27850_POC

Threat Research
Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE-2021-32824
https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo

A step-by-step tutorial for Soot
(A Java static analysis framework)
https://github.com/noidsirius/SootTutorial

Malware analysis
1. iOS Malicious Bit Hunter - malicious plug-in detection engine for iOS applications👍🏽
https://github.com/alipay/ios-malicious-bithunter
2. Crackonosh: A New Malware Distributed in Cracked Software
https://decoded.avast.io/danielbenes/crackonosh-a-new-malware-distributed-in-cracked-software


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

Whitepaper
"JNLP Injection To Multi-OS Code Execution", 2021.
// Whitepaper discussing BIZARRELOVETRIANGLE and FULLCLIP - JNLP parameter injection attacks to remote, persistent, multi-os code execution


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

Running multiple Nessus scans?
Need to combine and analyze huge vulnerability report files?
Let's make life easier!

Introducing Nessus File Analyzer, by #LimberDuck (pronounced *ˈlɪm.bɚ dʌk*) is a GUI tool which enables you to parse multiple Nessus files containing the results of scans performed by using Nessus by (C) Tenable, Inc., and exports parsed data to a Microsoft Excel Workbook for effortless analysis.

Seeking more info? pay a visit to https://lnkd.in/eWa9GyQ

#cybersecurity
#informationsecurity
#riskmanagement
#riskassessment
#vulnerabilitymanagement
#vulnerabilityassessment
#vulnerabilityscanning
#vulnerability
#nessus


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

Cybersecurity leadership,Teamwork is required.

#cybersecurity #leadership #teamwork
#informationsecurity #security #cloudsecurity #ciso #cyber #training #securityawareness

https://www.linkedin.com/posts/alirezaghahrood_why-the-call-4-zer0-trust-access-activity-6814491448151437312-QMdB


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

A supply-chain breach: Taking over an Atlassian account
https://research.checkpoint.com/2021/a-supply-chain-breach-taking-over-an-atlassian-account/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.05

Hello Alireza,
 
SANS, in partnership with Bolster, would like to invite you to partake in an upcoming SANS Virtual Roundtable:
 
Auto-Takedowns: The Essential Tool for Modern Security
Wednesday, June 30th, 2021 | 2:00-3:30PM ET
Led by Jake Williams, SANS Senior Instructor and Shashi Prakash, Bolster’s CTO
 
This virtual roundtable will bring together forward-thinking security professionals to discuss the current role of technology for real-time detection & takedowns. We believe this would be a great opportunity to network and collaborate with other like-minded individuals and share your perspective on the auto-takedown process.
 
This is an invitation only event and space is limited to only 15 attendees. If you’re interested in participating in this discussion, please let me know and I can reserve your spot, as well as provide next steps.
 
If you have any questions, please don’t hesitate to reach out to me directly. 
 
Thank you,
 
Angelina Derajtys
SANS Institute


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

This post covers 6

 free online VirusTotal alternatives to scan files for malware. Each of these scanners has different file size limits ranging from 1 MB to 140 MB. The first three scanners on this list use multiple scan engines to check file thoroughly and one of them can also scan multiple files at once. The remaining two use their own anti-malware tools to scan the file. So, let’s get started and discuss these online scanners one by one in details.
1.https://https://lnkd.in/dCdqcr8
2.https://opentip.kaspersky.com/
3.https://www.virscan.org/
4.https://virusscan.jotti.org/
5.https://https://lnkd.in/dHYK_Ja
6.https://www.virscan.org/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

آمار قابل توجه برای الویت دهی ریسک های امنیت محور


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

NIST SP 800-161 Rev.1 (Draft):
"Cyber Supply Chain Risk Management Practices for Systems and Organizations", 2021.
]-> https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/draft


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

Research
"Toward a Knowledge Graph of Cybersecurity Countermeasures", MITRE, 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

Whitepaper
"A supply-chain breach:
Taking over an Atlassian account".


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

Tech book
"Dark Web Investigation
(Security Informatics and Law Enforcement)", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

ZenGRC is a cloud-based and on-premise governance, risk and compliance (GRC) management solution. It serves businesses of all sizes in any industry, including technology, retail, consumer goods, health care and finance. Primary features include audit management, compliance management, contract and policy management, risk assessment and reporting.
ZenGRC helps users in internal auditing, compliance and information security teams. With it, these teams can manage and implement audit and compliance processes. It automates audit evidence collection, routine compliance and helps with the creation of new compliance programs. Other features include team collaboration, role-based access, project management, import and export and dashboards.

Managing compliance isn’t getting any easier.
Managing it with spreadsheets only makes it harder

https://www.linkedin.com/posts/alirezaghahrood_managing-compliance-isnt-getting-any-easier-activity-6814806100257333248-O9ug


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

Get Ahead of yr Audits

https://www.linkedin.com/posts/alirezaghahrood_grc-services-activity-6814807458393927681-PnuK


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06

سلام استاد
اگر دوست داشتین خدمت حضرتعالی:

https://events.sophos.com/americatha2021?cmp=123157

مميزي ميبايست بصورت فني و سيستمي در يك چرخه مشخص براي حوزه فناورانه و آي تي
سازمان لحاظ گردد، تا بتوان اشراف داشت به شرايط جاري سازمان، ريسك ها و چالش هاي جاري

و سپس برنامه ريزي كرد براي بهبود معماري، …. امنيت سازمان!


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.06