CISO as a Service
@CISOasaService
5.17K subscribers
4.74K photos
770 videos
1.89K files
6.99K links
Founder @ DiyakoSecureBow | CISO as a Service (vCISO)
About Me
http://about.me/Alirezaghahrood

Follow Me on
🔵LinkedIn
https://www.linkedin.com/in/AlirezaGhahrood
🔴YouTube
https://www.youtube.com/AlirezaGhahrood
X
https://twitter.com/AlirezaGhahrood
Download Telegram
About
Blog
Apps
Platform
Join
CISO as a Service
5.17K subscribers
CISO as a Service
This media is not supported in your browser
VIEW IN TELEGRAM
كلي انرژي رفت و برگشت براتون آرزو ميكنم، اونم با كليد واژه هاي محبوب شما
كه حال ادم و ميسازه، 😁✌🏼دم و بازدم'


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
348 viewsAlireza Ghahrood, edited  
CISO as a Service
حمله سايبري به وب سرويس… راه آهن كشور
و يكرسي impact
روي يكسري fcp ها مثل پارس انلاين، هاي وب و….
فارغ از صحت اين موضوع كه معمولا گم ميشه در گزارشات و مرور زمان، فاكتور مهم داشتن برنامه مناسب براي برخورد با اين حملات، مديريت حادثه، ايزوله سازي، بررسي و جرم يابي ،
گزارش rca😊 و لسن لرن ميباشد
و پيشنهاد مي شود در مسير امن
مثل ساختار
Isac
اين يادگيري به اشتراك گذاشته شود !

فقط هي اين خبر رو كپي پبست نكنيم😊
كه اخ هك!هيچ كمكي به امنيت دارايي هاي كشور نميكند!


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
339 viewsAlireza Ghahrood, edited  
CISO as a Service
اگر آنچه را که من درباره قدرتِ بخشش‌کردن می‌دانم، می‌دانستی،
حتی وعده ی غذایی را بدون آنکه آن را به‌نحوی با دیگران ‌اشتراک‌بگذاری رها نمی‌کردی.


- خداوند شبان من است-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
299 viewsAlireza Ghahrood, edited  
CISO as a Service
OSCE³ Study Guide by Joas
OSWE, OSEP, OSED
كامل و جامع😏

https://github.com/CyberSecurityUP/OSCE-Complete-Guide


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
GitHub
GitHub - CyberSecurityUP/OSCE3-Complete-Guide: OSWE, OSEP, OSED, OSEE
OSWE, OSEP, OSED, OSEE. Contribute to CyberSecurityUP/OSCE3-Complete-Guide development by creating an account on GitHub.
287 viewsAlireza Ghahrood
CISO as a Service
Lets get started with the evergreen Beginning of most of the hacker’s starting Point

A PERFECT STARTER FOR BEGINNERS - TRYHACKME PRE SECURITY PATH

https://hacklido.com/blog/197


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
HACKLIDO
What is Reverse Shell? Reverse Shell Cheat Sheet
What’s a reverse shell? A reverse shell, also known as a remote shell or “connect-back shell,” takes advantage of the target system’s vulnerabilities to in...
251 viewsAlireza Ghahrood
CISO as a Service
سی سال بود‌،
تا من می‌گفتم:
خدایا
چنین کن و چنان ده!

چون به قدم اول معرفت رسیدم‌، گفتم:
الهی
تو مرا باش
و هر‌چه خواهی کن.


-آ م ي ن -

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
244 viewsAlireza Ghahrood
CISO as a Service
Cybersecurity has a many free resources, you them before you spend money

You can use free resources to increase your knowledge and value. Cybersecurity offers a lot of free (or affordable) resources. Here, I talk about the red and blue part but do not forget, Cybersecurity is much more than that. On the red side, we have countless options in different fields. The following picture shows a selection,…
https://www.cyberhuntingguide.net/free-resources.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
250 viewsAlireza Ghahrood, edited  
CISO as a Service
https://github.com/splunk/security_content/releases/tag/v3.24.0


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
GitHub
Release v3.24.0 · splunk/security_content
Updated Analytic Story

Malicious PowerShell
Data Exfiltration
Ransomware
Meterpreter

New Analytics

Detect Empire with PowerShell Script Block Logging
Detect Mimikatz With PowerShell Script Block...
253 viewsAlireza Ghahrood
CISO as a Service
#cve #windows #spooler #rce

PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service

Source :
https://github.com/afwu/PrintNightmare


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
252 viewsAlireza Ghahrood
CISO as a Service
How To Download The Windows 11 Beta Now
https://www.techadvisor.com/how-to/windows/windows-11-beta-3806180/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
Tech Advisor
How to download the Windows 11 beta now
Windows 11 is out now, but joining the Windows Insider Program will get you access to upcoming features before anyone else
268 viewsAlireza Ghahrood
CISO as a Service
https://start.me/p/ADwq1n/getting-started-in-information-security
😁كلي منبع


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
311 viewsAlireza Ghahrood
CISO as a Service
https://www.netacad.com/courses/networking/networking-essentials

Get free certificate by cisco for networking👆👆


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
302 viewsAlireza Ghahrood
CISO as a Service
https://www.netacad.com/courses/iot/introduction-iot

Get free certificate by cisco for iot
👆👆


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19
Netacad
Introduction to Internet of Things (IoT)
Free online course to learn about Internet of Things (IoT) - from Cisco Networking Academy. Sign up today!
308 viewsAlireza Ghahrood
CISO as a Service
Threat Research
1. Global Phishing Campaign Targets Energy Sector and its Suppliers😄
https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers
2. Tracking Cobalt Strike: A Trend Micro Vision One Investigation👍🏽
https://www.trendmicro.com/en_us/research/21/g/tracking_cobalt_strike_a_vision_one_investigation.html

Red Team Tactics
1. Code Injection, Inject malicious payload via pagetables pml4😄
https://github.com/kkent030315/PageTableInjection
2. VBA Stomping - Advanced Maldoc Techniques
https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278

Code Property Graph (CPG) frontend for binary applications and libraries
https://github.com/joernio/ghidra2cpg

Malware analysis
Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files😎
https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html?m=1

CVE-2021-35368:
CRS Request Body Bypass
https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
Intezer
Global Phishing Campaign Targets Energy Sector and its Suppliers
Attack also targets oil & gas suppliers likely as a stepping-stone to infect companies that work with the suppliers.
321 viewsAlireza Ghahrood
CISO as a Service
ديروز يه ٢ ساعتي از ١٠-١٢ دور خودم ميچرخيدم حدفاصل جردن- بهرامي - وليعصر
اينقد صحنه خوبه و بد ديدم😄سرگرم بودم اخر سر جا پارك گيرم نيومد😾تو ماشين نشستم يه ٢ ساعتي روي مستند فرآيند هاي امنيت و راهبرد آن كار كردن 😁نداريد!؟خوب كپي پيست مثل همه مستندات ISMS نيست كه😏
تا الان روي نهايي سازي درفت ١.٤ اش در حال گل بازي بودم از NIST سر ميخوردم تو سازمان استانداردiso از اونجا تاب روي الزامات😁
يك طرفم سند استراتژيك جامع و چابك امنيت سايبري حوزه IT

كم كم آمدم بخوابم، اين تصوير رو ديدم
اصلا خواستم مستنداتي كه كلمه به كلمه اش و چند ماهي هست درگير اشم بند بند آتيش بزنم از اين اوضاع نا به سامان

مارا چه شده است.
جز بي كفايتي موردي هست!؟


پ ن: صف ایرانیان در مرز ارمنستان و ميبيني! سر ميشم! به قول شمس تبریزی مورد علاقم:

«شناخت این قوم دشوارتر است از شناخت حق»


Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
320 viewsAlireza Ghahrood, edited  
CISO as a Service
Forwarded from PacktPub Free Learning
[#PacktPub] VMware vSphere 6.7 Cookbook - Fourth Edition
265 viewsAlireza Ghahrood
Download now
CISO as a Service
SEVerity.pdf
217.2 KB
Research
"SEVerity: Code Injection Attacks against Encrypted Virtual Machines", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
252 viewsAlireza Ghahrood, edited  
CISO as a Service
FUSE.pdf
472.4 KB
Offensive security
"FUSE: Finding File Upload Bugs via Penetration Testing", 2020.
]-> A penetration testing tool for finding file upload bugs:
https://github.com/WSP-LAB/FUSE


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
203 viewsAlireza Ghahrood, edited  
CISO as a Service
Evaluation_of_Cache_Attacks_on_Arm.pdf
2.2 MB
Research
"Evaluation of Cache Attacks on Arm Processors and Secure Caches", 2021.

// This work shows for the first time a systematic, large-scale analysis of Arm devices and the detailed results of attacks the processors are vulnerable to


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
201 viewsAlireza Ghahrood, edited  
CISO as a Service
Launching_Exploits_One_Small_Vulnerability.pdf
21 MB
Tech book
Red Team Tactics
"Launching Exploits: One Small Vulnerability for a Company, one Giant Heap for Port Bind", 2020.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
216 viewsAlireza Ghahrood, edited  
CISO as a Service
Manipulating_Byzantine.pdf
710 KB
Research
"Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning", 2021.
]-> Code:
https://github.com/vrt1shjwlkr/NDSS21-Model-Poisoning


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20
223 viewsAlireza Ghahrood, edited