Cloud Security
AWS Security Reference Architecture:
A guide to designing with AWS security services (.pdf)
]-> https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/welcome.html
]-> Example solutions demonstrating how to implement the AWS Security Reference Architecture using AWS Control Tower, AWS Landing Zone, and CloudFormation:
https://github.com/aws-samples/aws-security-reference-architecture-examples


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

Malware analysis
1. IndigoZebra APT continues to attack Central Asia with evolving tools
https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools
2. Shelob Moonlight - Spinning a Larger Web
From IcedID to CONTI, a Trojan and Ransomware collaboration
https://www.cynet.com/attack-techniques-hands-on/shelob-moonlight-spinning-a-larger-web/?utm_content=171192942&utm_medium=social&utm_source=linkedin&hss_channel=lcp-9363621

Threat Research
1. The Complicated History of a Simple Linux Kernel API
https://grsecurity.net/complicated_history_simple_linux_kernel_api
2. Exploiting Insecure Deserialization Vulnerabilities Found in the Wild
https://macrosec.tech/index.php/2021/06/22/exploiting-insecure-deserialization-vulnerabilities-found-in-the-wild

exploit
CVE-2020-24511:
Improper isolation of shared resources in some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access (PoC)
https://github.com/AlAIAL90/CVE-2020-24511


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

⚡ Widespread supply-chain #ransomware attack hit hundreds of businesses overnight after REvil cybercriminals compromised Kaseya's IT management software and sent malicious updates to nearly 40 managed service providers (MSPs) worldwide.

Read: https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

Research
"On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways", 2020.
]-> Auxiliary material (UPnP IGD honeypot implementation + UPnP Checker):
https://github.com/RUB-SysSec/MiddleboxProtocolStudy


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

Whitepaper
"Linux Kernel Release Signing. Security Assessment", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

exploit
C# code for Transferring Backdoor Payloads by DNS Traffic (A - PTR Records) and Bypassing Anti-viruses😊
https://github.com/DamonMohammadbagher/NativePayload_DNS2

Offensive security
1. How Gopher works in escalating SSRFs
https://infosecwriteups.com/how-gopher-works-in-escalating-ssrfs-ce6e5459b630
]-> Tool:
https://github.com/tarunkant/Gopherus
2. 1-click meterpreter exploit chain with BeEF and AV/AMSI bypass
https://medium.com/@bluedenkare/1-click-meterpreter-exploit-chain-with-beef-and-av-amsi-bypass-96b0eb61f1b6

WLAN Security
Hacking the Dlink DIR-615
https://noob3xploiter.medium.com/hacking-the-dlink-dir-615-for-fun-and-no-profit-a2f1689f9920

Threat Research
1. Diavol Ransomware🥸
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
2. Backdoored Client from Mongolian CA MonPass
https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

#جذب #استخدام

٣ نفر كارشناس سرويس دسك- هلپ دسك
براي بانك ايران زمين- استخدام در شركت خصوصي ذينفع خود بانك

رنج حقوق ٥ -7 م ت

ارسال رزومه مرتبط و به روز به آي دي واتس اپ
0912.1964383


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

مشابه اين كسي محتواي آموزشي در دسترس دارد!؟
https://archive.nullcon.net/website/goa-14/training/penetration-testing-smartgrid-and-scada.php


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

Start by going to www.microsoft.com/learning and follow the screen shots below. 

https://lnkd.in/dczfFwg


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

SC-900: Microsoft Security, Compliance, and Identity Fundamentals Microsoft Official Practice Test

https://lnkd.in/d62RhNW


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

گاهی آدم باید اونقدر خوب باشه که ببخشه، اما اونقدر احمق نباشه که دوباره اعتماد کنه!


-🤲🏻-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

لیستی از مجموعه خشونت هایی که در زمان ازدواج در حق زنان میشه


-🥸-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

در صورت درگيري با ويروس كرونا، از دست دادن كار و …
قيمت امتحانات بين المللي مايكروسافت با هر قيمتي
صرفا ١٥$ با شرايط و زمان محدود🙃


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

‎-Infinity-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.12

https://pythonforcybersecurity.com/courses/python3-for-infosec-professionals/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13

response playbook: Phishing investigation ,…. Of microsoft


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13

During a supply-chain attack, hackers compromised the website of Mongolian Certificate Authority and replaced legitimate MonPass CA client software with a backdoored version to distribute malware.😀😀

Details: https://thehackernews.com/2021/07/mongolian-certificate-authority-hacked.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13

‏شما یادتون نمیاد ولی ما ساعت‌ها به این خیره میشدیم😂


‎-😙-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13

Practical Guide to
AWS Cloud Security
Security in the AWS Cloud
به شدت كاربردي👍🏽


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13

“Companies using on-premises environments have been leveraging DevOps processes to create close coordination between the developers, who create new applications, and operations, which provides the virtual machines they run on. The cloud brings a whole host of services to automate all aspects of the infrastructure deployment and management that on-premises services are unable to match.”


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13

EWhy a Framework?
Regardless of the existing level of operations maturity, security teams face common needs:
• Adapting to changing business demands and evolving threats
• Obtaining management support for necessary resources and changes in IT or other areas
• Demonstrating improvement and providing risk assessment and forecasting
• Reducing the burden of satisfying auditors that security operations are compliant
A security framework, with its recommended set of security processes and controls, along with a risk assessment and management approach to match the appropriate set of controls to the business and threat environment, is an efficient way to meet these needs. Using an established framework can take the guesswork out of the process for smaller organizations, while allowing larger and more mature security operations to justify their decisions and resource requests to management and auditors


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.13