SANS
Securing Web Application Technologies (SWAT) Checklist
Poster AppSec
Secure DevOps Toolchain
https://www.sans.org/security-resources/posters/secure-devops-toolchain-swat-checklist/60/download
Securing Web Application Technologies (SWAT) Checklist
Poster AppSec
Secure DevOps Toolchain
https://www.sans.org/security-resources/posters/secure-devops-toolchain-swat-checklist/60/download
Network+ video courses: https://mega.nz/#F!e75VmKJT!8Kc8MzSWKrhqQE4oVhJooA
Security+ video Courses: https://mega.nz/#F!H3pH0ACB!OEtXp59qZIqMh7oQI5Gcdg
CySA+ Video Courses: https://mega.nz/#F!66pXSYTT!GjbQkKXxT3dIWx-w5a47LA
Android Pocketprep Premium apks: https://mega.nz/#F!ijxn1aKC!c-1ENzRpuXKInWwGdy8EGA
various books, course notes, practice exams: https://mega.nz/#F!HrRlAa4a!HN-LxlJ8fM-uPwSHGi5fGg
+ pentest android web - red team👍🏽
https://mega.nz/?fbclid=IwAR0zt050MN2t9T7LrQMuKKr1LUf_21qroTD4ObWIEJCni_mx6SeJGKTcjTY#F!vmICjAiL!2Kib1xFG07oj0Ugn7kq4mg!K3pzVSZA
Security+ video Courses: https://mega.nz/#F!H3pH0ACB!OEtXp59qZIqMh7oQI5Gcdg
CySA+ Video Courses: https://mega.nz/#F!66pXSYTT!GjbQkKXxT3dIWx-w5a47LA
Android Pocketprep Premium apks: https://mega.nz/#F!ijxn1aKC!c-1ENzRpuXKInWwGdy8EGA
various books, course notes, practice exams: https://mega.nz/#F!HrRlAa4a!HN-LxlJ8fM-uPwSHGi5fGg
+ pentest android web - red team👍🏽
https://mega.nz/?fbclid=IwAR0zt050MN2t9T7LrQMuKKr1LUf_21qroTD4ObWIEJCni_mx6SeJGKTcjTY#F!vmICjAiL!2Kib1xFG07oj0Ugn7kq4mg!K3pzVSZA
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
John the Ripper: Pen Testing Product Overview and Analysis:
John the Ripper is a fine tool for checking on password vulnerability. It should be viewed as more of a supplemental tool than a primary one in the penetration arsenal. As it combines several approaches to password cracking into one, it is well worth trying out.
Type of tool: Password cracker
Key Features: Passwords are a weak link in enterprise security. As requirements get stiffer for the number and type of characters, bad habits multiply such as post-it notes on screens, Word docs with passwords listed, retaining default passwords and other workarounds. That's why cybercriminals go after passwords so often. Once a hacker steals credentials, they can enter sensitive systems or wait in ambush to stage a devastating attack against a prized asset.
Penetration testing, therefore, pays close attention to password cracking. John the Ripper is a free, easy to use, open source tool that takes the best aspects of various password crackers and unites them into one package. As such it can be harnessed by pen testers to detect weak passwords and find a way into a system or database.
John the Ripper works by using the dictionary method favored by attackers as the easiest way to guess a password. It takes text string samples from a word list using common dictionary words. It can also deal with encrypted passwords, and address online and offline attacks.
Differentiator: It is a free tool that is easy to use and it is aimed squarely at password cracking.
What it can't do: Vulnerability analysis and test for other areas of penetration beyond passwords.
Cost: Free
John the Ripper is a fine tool for checking on password vulnerability. It should be viewed as more of a supplemental tool than a primary one in the penetration arsenal. As it combines several approaches to password cracking into one, it is well worth trying out.
Type of tool: Password cracker
Key Features: Passwords are a weak link in enterprise security. As requirements get stiffer for the number and type of characters, bad habits multiply such as post-it notes on screens, Word docs with passwords listed, retaining default passwords and other workarounds. That's why cybercriminals go after passwords so often. Once a hacker steals credentials, they can enter sensitive systems or wait in ambush to stage a devastating attack against a prized asset.
Penetration testing, therefore, pays close attention to password cracking. John the Ripper is a free, easy to use, open source tool that takes the best aspects of various password crackers and unites them into one package. As such it can be harnessed by pen testers to detect weak passwords and find a way into a system or database.
John the Ripper works by using the dictionary method favored by attackers as the easiest way to guess a password. It takes text string samples from a word list using common dictionary words. It can also deal with encrypted passwords, and address online and offline attacks.
Differentiator: It is a free tool that is easy to use and it is aimed squarely at password cracking.
What it can't do: Vulnerability analysis and test for other areas of penetration beyond passwords.
Cost: Free
PowerGREP
Windows grep Software to Search (and Replace) through Files and Folders on Your PC and Network
https://www.powergrep.com/
Windows grep Software to Search (and Replace) through Files and Folders on Your PC and Network
https://www.powergrep.com/
Powergrep
PowerGREP: Windows grep Software to Search (and Replace) through Files and Folders on Your PC and Network
Quickly search through large numbers of files on your PC or network using powerful text patterns to find exactly the information you want. Search and replace with plain text or regular expressions to maintain web sites, source code, reports, ...
Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
https://www.keycloak.org/about.html
https://www.keycloak.org/about.html
The 10 Interesting News :
1.Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops!:https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover
2.Shark Tank' Star Barbara Corcoran Gets Back the Nearly $400,000 Stolen in Phishing Scam:https://www.etonline.com/shark-tank-star-barbara-corcoran-gets-back-the-nearly-400000-stolen-in-phishing-scam-142267
3.Chinese cybersecurity company accuses CIA of 11-year-long hacking campaign:https://www.reuters.com/article/us-china-usa-cia/chinese-cybersecurity-company-accuses-cia-of-11-year-long-hacking-campaign-idUSKBN20Q2SI
4.US Charges Two With Laundering $100M for North Korean Hackers:
https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers
5.Ransomware Attackers Use Your Cloud Backups Against You Backups Against You:https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you
6.'Malware-free' attacks now most popular tactic amongst cybercriminals:https://www.zdnet.com/article/malware-free-attacks-now-most-popular-tactic-amongst-cybercriminals
7.Concern over Coronavirus Leading to Global Spread of Fake Pharmacy Spam:https://www.imperva.com/blog/concern-over-coronavirus-leading-to-global-spread-of-fake-pharmacy-spam
8.RSA - The 5 Most Dangerous New Attack Techniques and How to Counter Them:https://www.youtube.com/watch?v=xz7IFVJf3Lk
9.What to know about cyberattacks targeting energy pipelines:https://thehill.com/policy/energy-environment/485254-what-to-know-about-recent-cyberattacks-on-energy-pipelines
10.Hackers Target Companies With Coronavirus Scams:https://www.wsj.com/articles/hackers-target-companies-with-coronavirus-scams-11583317802
1.Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops!:https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover
2.Shark Tank' Star Barbara Corcoran Gets Back the Nearly $400,000 Stolen in Phishing Scam:https://www.etonline.com/shark-tank-star-barbara-corcoran-gets-back-the-nearly-400000-stolen-in-phishing-scam-142267
3.Chinese cybersecurity company accuses CIA of 11-year-long hacking campaign:https://www.reuters.com/article/us-china-usa-cia/chinese-cybersecurity-company-accuses-cia-of-11-year-long-hacking-campaign-idUSKBN20Q2SI
4.US Charges Two With Laundering $100M for North Korean Hackers:
https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers
5.Ransomware Attackers Use Your Cloud Backups Against You Backups Against You:https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you
6.'Malware-free' attacks now most popular tactic amongst cybercriminals:https://www.zdnet.com/article/malware-free-attacks-now-most-popular-tactic-amongst-cybercriminals
7.Concern over Coronavirus Leading to Global Spread of Fake Pharmacy Spam:https://www.imperva.com/blog/concern-over-coronavirus-leading-to-global-spread-of-fake-pharmacy-spam
8.RSA - The 5 Most Dangerous New Attack Techniques and How to Counter Them:https://www.youtube.com/watch?v=xz7IFVJf3Lk
9.What to know about cyberattacks targeting energy pipelines:https://thehill.com/policy/energy-environment/485254-what-to-know-about-recent-cyberattacks-on-energy-pipelines
10.Hackers Target Companies With Coronavirus Scams:https://www.wsj.com/articles/hackers-target-companies-with-coronavirus-scams-11583317802
The Register
Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops
Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites
Is your organization prepared for remote access by many users in context of Covid-19?
Pre-requisites:
1. Policies/Procedures
2. Awareness
3. Tools
4. Infrastructure ( security and optimization)
5. Controls
6. Engagements
Questions:
1. Do you have a Business Continuity Plan? Has it been reviewed and Aligned? Risk Evaluation?
2. What are the possible business and customer impacts? What will be the minimum services provided? What are the legal obligations?
3. Do you have a VPN or remote access and work from home policy?
4. Has your HR created adequate awareness?
5. Do you have an adequate VPN gateway/Firewall?
6. Will your Gateway and Throughput be adequate to support the work from home connections. Remote IT support for staff?
7. Controls for security, monitoring, proactive response and data leakage.
8. What are the engagement plans? Collaboration tools.
9. Health and safety arrangements for onsite staff and arrangements for medical assistance.
10. Align your plans with your suppliers and business partners.
11. Have communication plans for staff, partners and customers.
12. Escalation process.
13. Pilots have been executed to test run?
Pre-requisites:
1. Policies/Procedures
2. Awareness
3. Tools
4. Infrastructure ( security and optimization)
5. Controls
6. Engagements
Questions:
1. Do you have a Business Continuity Plan? Has it been reviewed and Aligned? Risk Evaluation?
2. What are the possible business and customer impacts? What will be the minimum services provided? What are the legal obligations?
3. Do you have a VPN or remote access and work from home policy?
4. Has your HR created adequate awareness?
5. Do you have an adequate VPN gateway/Firewall?
6. Will your Gateway and Throughput be adequate to support the work from home connections. Remote IT support for staff?
7. Controls for security, monitoring, proactive response and data leakage.
8. What are the engagement plans? Collaboration tools.
9. Health and safety arrangements for onsite staff and arrangements for medical assistance.
10. Align your plans with your suppliers and business partners.
11. Have communication plans for staff, partners and customers.
12. Escalation process.
13. Pilots have been executed to test run?