https://start.me/p/ADwq1n/getting-started-in-information-security
😁كلي منبع


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19

https://www.netacad.com/courses/networking/networking-essentials

Get free certificate by cisco for networking👆👆


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19

https://www.netacad.com/courses/iot/introduction-iot

Get free certificate by cisco for iot
👆👆


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.19

Threat Research
1. Global Phishing Campaign Targets Energy Sector and its Suppliers😄
https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers
2. Tracking Cobalt Strike: A Trend Micro Vision One Investigation👍🏽
https://www.trendmicro.com/en_us/research/21/g/tracking_cobalt_strike_a_vision_one_investigation.html

Red Team Tactics
1. Code Injection, Inject malicious payload via pagetables pml4😄
https://github.com/kkent030315/PageTableInjection
2. VBA Stomping - Advanced Maldoc Techniques
https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278

Code Property Graph (CPG) frontend for binary applications and libraries
https://github.com/joernio/ghidra2cpg

Malware analysis
Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files😎
https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html?m=1

CVE-2021-35368:
CRS Request Body Bypass
https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

ديروز يه ٢ ساعتي از ١٠-١٢ دور خودم ميچرخيدم حدفاصل جردن- بهرامي - وليعصر
اينقد صحنه خوبه و بد ديدم😄سرگرم بودم اخر سر جا پارك گيرم نيومد😾تو ماشين نشستم يه ٢ ساعتي روي مستند فرآيند هاي امنيت و راهبرد آن كار كردن 😁نداريد!؟خوب كپي پيست مثل همه مستندات ISMS نيست كه😏
تا الان روي نهايي سازي درفت ١.٤ اش در حال گل بازي بودم از NIST سر ميخوردم تو سازمان استانداردiso از اونجا تاب روي الزامات😁
يك طرفم سند استراتژيك جامع و چابك امنيت سايبري حوزه IT

كم كم آمدم بخوابم، اين تصوير رو ديدم
اصلا خواستم مستنداتي كه كلمه به كلمه اش و چند ماهي هست درگير اشم بند بند آتيش بزنم از اين اوضاع نا به سامان

مارا چه شده است.
جز بي كفايتي موردي هست!؟


پ ن: صف ایرانیان در مرز ارمنستان و ميبيني! سر ميشم! به قول شمس تبریزی مورد علاقم:

«شناخت این قوم دشوارتر است از شناخت حق»


Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

[#PacktPub] VMware vSphere 6.7 Cookbook - Fourth Edition

Research
"SEVerity: Code Injection Attacks against Encrypted Virtual Machines", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Offensive security
"FUSE: Finding File Upload Bugs via Penetration Testing", 2020.
]-> A penetration testing tool for finding file upload bugs:
https://github.com/WSP-LAB/FUSE


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Research
"Evaluation of Cache Attacks on Arm Processors and Secure Caches", 2021.

// This work shows for the first time a systematic, large-scale analysis of Arm devices and the detailed results of attacks the processors are vulnerable to


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Tech book
Red Team Tactics
"Launching Exploits: One Small Vulnerability for a Company, one Giant Heap for Port Bind", 2020.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Research
"Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning", 2021.
]-> Code:
https://github.com/vrt1shjwlkr/NDSS21-Model-Poisoning


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Malware analysis
GotYou.exe (Evasive btc miner) Analysis Paper


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Whitepaper
"InSideCopy: How this APT continues to evolve its arsenal", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

https://www.splunk.com/en_us/blog/security/i-pity-the-spool-detecting-printnightmare-cve-2021-34527.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

بعد از یک حمله سایبری
لسن لرن دارید؟

قبل از حملات آیا ترند های حملات را با یکدیگر شخصی - حقوقی - سازمانی - تیمی
...
به اشتراک میگذارید؟

Information Sharing
Every organization has its own information about attacks. After all, attackers are very busy, and organizations around the world are defending themselves against various threat groups. In the process, the organizations catch some attacks in their logs, either because they were blocking and logging or because the attacker got in and left artifacts behind. Organizations may get breached and then have to launch an investigation, which may require the help of an external party to handle the incident investigation and guide the remediation activities.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

1.
Indicate steps required to protect against a ransomware attack.
Build Protections
Protection vs. Remediation
Threat-Informed Email Protection
Security Awareness and Training
2.
Select an appropriate remediation strategy for after an attack.
Remediation Plan
Backup Strategy
Network Segmentation
Isolation and Containment
Regulatory Concerns
3.
Recognize external entities required for planning and response.
Cyber Insurance
Ransomware Negotiation
Effective Communications


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Barrett, M.P. (2018). Framework for improving critical infrastructure cybersecurity version 1.1. NIST cybersecurity framework. National Institute of Standards and Technology. https://lnkd.in/dB6Dbd6


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

The most common attack method is not a technical attack. This means that attackers are not, for the most part, using exploits against vulnerabilities to external-facing services. They are not breaking into web applications and pivoting from your web application infrastructure into the inside of your network. They are not making their way through your firewall, at least in a traditional sense, the way we thought about attacks a couple of decades ago. Today’s attacker knows that the most effective technique is to use email. Email is always allowed through whatever firewall you have in place. Additionally, the weakest link in any security program is always going to be the user. The easiest way into an environment is likely going to be by sending an email to a user.

Question: What could you do to help prevent social engineering attacks that might result in ransomware

A. Block attachments 

B. Implement security awareness training

C. Use threat-intelligence-based email protection

D. All of the above 


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Cyber Insurance

Insurance carriers started getting into the cybersecurity business several years ago. Because ransomware can be a very expensive problem to resolve, having an insurance policy can be critical. This can help to transfer some of the risks of a ransomware attack because not all the costs will have to be covered by the organization that has been attacked. Because the insurance companies are assuming some of the risks on behalf of companies, they expect to have some say in what happens.
A lot of factors are in play when it comes to ransomware. Ideally, you would have a solid backup strategy and you wouldn’t worry about paying to get your data back. The problem with that, though, is that restoring hundreds or thousands of systems can be time-consuming. In the meantime, the business may be down or at least having a large operational impact that impairs revenue generation. This is the kind of cost you may expect an insurance company to take on,


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

The United States federal government now has a say in this. The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has issued a ruling indicating that any company that pays a ransom to get their data back will be subject to fines. 


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20