Research
"Evaluation of Cache Attacks on Arm Processors and Secure Caches", 2021.

// This work shows for the first time a systematic, large-scale analysis of Arm devices and the detailed results of attacks the processors are vulnerable to


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Tech book
Red Team Tactics
"Launching Exploits: One Small Vulnerability for a Company, one Giant Heap for Port Bind", 2020.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Research
"Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning", 2021.
]-> Code:
https://github.com/vrt1shjwlkr/NDSS21-Model-Poisoning


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Malware analysis
GotYou.exe (Evasive btc miner) Analysis Paper


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Whitepaper
"InSideCopy: How this APT continues to evolve its arsenal", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

https://www.splunk.com/en_us/blog/security/i-pity-the-spool-detecting-printnightmare-cve-2021-34527.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

بعد از یک حمله سایبری
لسن لرن دارید؟

قبل از حملات آیا ترند های حملات را با یکدیگر شخصی - حقوقی - سازمانی - تیمی
...
به اشتراک میگذارید؟

Information Sharing
Every organization has its own information about attacks. After all, attackers are very busy, and organizations around the world are defending themselves against various threat groups. In the process, the organizations catch some attacks in their logs, either because they were blocking and logging or because the attacker got in and left artifacts behind. Organizations may get breached and then have to launch an investigation, which may require the help of an external party to handle the incident investigation and guide the remediation activities.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

1.
Indicate steps required to protect against a ransomware attack.
Build Protections
Protection vs. Remediation
Threat-Informed Email Protection
Security Awareness and Training
2.
Select an appropriate remediation strategy for after an attack.
Remediation Plan
Backup Strategy
Network Segmentation
Isolation and Containment
Regulatory Concerns
3.
Recognize external entities required for planning and response.
Cyber Insurance
Ransomware Negotiation
Effective Communications


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Barrett, M.P. (2018). Framework for improving critical infrastructure cybersecurity version 1.1. NIST cybersecurity framework. National Institute of Standards and Technology. https://lnkd.in/dB6Dbd6


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

The most common attack method is not a technical attack. This means that attackers are not, for the most part, using exploits against vulnerabilities to external-facing services. They are not breaking into web applications and pivoting from your web application infrastructure into the inside of your network. They are not making their way through your firewall, at least in a traditional sense, the way we thought about attacks a couple of decades ago. Today’s attacker knows that the most effective technique is to use email. Email is always allowed through whatever firewall you have in place. Additionally, the weakest link in any security program is always going to be the user. The easiest way into an environment is likely going to be by sending an email to a user.

Question: What could you do to help prevent social engineering attacks that might result in ransomware

A. Block attachments 

B. Implement security awareness training

C. Use threat-intelligence-based email protection

D. All of the above 


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Cyber Insurance

Insurance carriers started getting into the cybersecurity business several years ago. Because ransomware can be a very expensive problem to resolve, having an insurance policy can be critical. This can help to transfer some of the risks of a ransomware attack because not all the costs will have to be covered by the organization that has been attacked. Because the insurance companies are assuming some of the risks on behalf of companies, they expect to have some say in what happens.
A lot of factors are in play when it comes to ransomware. Ideally, you would have a solid backup strategy and you wouldn’t worry about paying to get your data back. The problem with that, though, is that restoring hundreds or thousands of systems can be time-consuming. In the meantime, the business may be down or at least having a large operational impact that impairs revenue generation. This is the kind of cost you may expect an insurance company to take on,


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

The United States federal government now has a say in this. The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has issued a ruling indicating that any company that pays a ransom to get their data back will be subject to fines. 


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

LEARN PYTHON THE HARD WAY


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

What is Impacket?
Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
A description of some of the tools can be found at:
https://www.secureauth.com/labs/open-source-tools/impacket

https://github.com/ptswarm/impacket


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

“When planning for cloud application development, security teams first need to work with application development groups to perform threat modeling ✌🏼👍🏽and risk assessment👍🏽👍🏽👍🏽 for the deployment types that they envision.”


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

Information Systems Security Professional
Practice Tests


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

https://www.edyoda.com/course/101


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

CySA+ CS0-002 Exam q-a


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20

CySA+ CS0-002 Exam Topics Notes


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.20