#DiyakoSecureBow
————————————
Analytics
Threat Research
Microsoft 2023 Digital Defense Report

Special Thanks
Microsoft

-Business Secure Continuity-
1402.08.24
——————————————————
#cyberattack #microsoft #threatintelligence
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_mddr-cybersec-report-2023-activity-7130411596127862786-fE3I?utm_source=share&utm_medium=member_ios

Infographics
WiFi Hacking MindMap ver.1 2023.


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.24

https://www.linkedin.com/posts/alirezaghahrood_wfi-hack-mindmap-2023-activity-7130413713991368704-rnWF?utm_source=share&utm_medium=member_ios

🚨 Federal agencies and organizations, listen up!
CISA has set a critical ⏰ deadline of November 17, 2023. Secure your systems against 🛡️ security flaws in Juniper Junos OS discovered in August.
Read: https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html

Audit Db:
https://github.com/CompassSecurity/mssqlrelay


🛡️ Microsoft's November 2023 Security Update:
🔐 63 vulnerabilities addressed
🚨 5 zero-days
💥 3 actively exploited in-the-wild
📊 Severity ratings: 3 Critical, 56 Important, 4 Moderate

Get the scoop on the latest vulnerabilities: https://thehackernews.com/2023/11/alert-microsoft-releases-patch-updates.html


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.24

#DiyakoSecureBow
———————————
Attractive cyber security magazine

Special Thanks
tahawul tech

-Business Secure Continuity-
1402.08.29
——————————————————
#cybersecurity #cryptography
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_mag-cyber-security-2023-activity-7132215219241545728-QPPP?utm_source=share&utm_medium=member_ios

National Security Agency (NSA) Military Cryptanalytics
Part III by Lambros D. Callimahos, O


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.29

🔒 Critical Security Alert: Threat actors, including LockBit ransomware affiliates, exploit the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.

Learn more in this article:
https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.02

#DiyakoSecureBow
———————————
Q2 2023
Global Market Insights Report:

Catastrophic weather events led to extraordinary losses and market conservatism

The first half of 2023 proved monumental for natural catastrophe risk — especially, climate-related events
— as economic losses stemming from natural disasters globally reached $194 billion — well above the first half average of $128 billion for the 21st century. Key events contributing to the record-breaking total include
https://publications.aon.com/q2-2023-global-market-insights/

Special Thanks
Aon

-Business Secure Continuity-
1402.09.04
——————————————————
#cybersecurity #globalbranding #reporting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_cover-q2-2023-global-market-insights-activity-7134043026187808768--4Kx?utm_source=share&utm_medium=member_ios

Thank you Alireza Tavakoli, CISSP for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
Special Thanks Dear Bro
سال هاست در بدنه كارشناسي هم كارفرمايان و هم شركت هاي ارائه دهنده خدمات، سرويس ها ، محصولات و راهكارهاي امنيت سايبري و فناوري هاي وابسته كار كرده ايم
به مشكلات، چالش ها، كاستي ها، … اشراف مناسبي داريم
برگرفته از نظرات مشتريان حقيقي و حقوقي
كه
مشتمل از همكاري هاي ملي، سازماني، گسترده و پروژه هاي فرا مرزي و بين المللي هست

رويكرد به نياز هاي امنيت سايبري را صر ف استاندارد ها، الزامات، ريسك ها، عدم انطباق ها در تعادلي از بودجه، نيروي انساني و فرهنگ سازماني
به كمك چرخه
نيازسنجي، تحقيق و توسعه بروز، طراحي، استقرار، مميزي، بهينه سازي ، امن سازي، راهبري ، آموزش هاي سفارشي سازي شده با نگاه به بلوغ انجام مي دهيم.

بازخورد تيم را از مشترياني كه اعتماد كرده اند و دارايي به شدت مهم ما هستند، بپرسيد
+ خروجي و اثر بخشي

✌🏼🙏❤️👍🏽

-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.04

https://www.linkedin.com/posts/alirezaghahrood_thank-you-alireza-tavakoli-cissp-for-reviewing-activity-7134061247905329152-ZPRT?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow
———————————

Security Event IDs of Interest
Event ID Description

4624 An account was successfully logged on. (See Logon Type Codes)

4625 An account failed to log on.

4634 An account was logged off.

4647 User initiated logoff. (In place of 4634 for Interactive and RemoteInteractive logons)

4648 A logon was attempted using explicit credentials. (RunAs)

4672 Special privileges assigned to new logon.(Admin login)

4776 The domain controller attempted to validate the credentials for an account. (DC)

4768 A Kerberos authentication ticket (TGT) was requested.

4769 A Kerberos service ticket was requested.

4771 Kerberos pre-authentication failed.

4720 A user account was created.

4722 A user account was enabled.

4688 A new process has been created. (If audited; some Windows processes logged by default)

4698 A scheduled task was created. (If audited)

4798 A user's local group membership was enumerated.

4799 A security-enabled local group membership was enumerated.

5140 A network share object was accessed.

5145 A network share object was checked to see whether client can be granted desired access.

1102 The audit log was cleared. (Security)


-Business Secure Continuity-
1402.09.06
——————————————————
#cybersecurity #eventsecurity #securityoperationscenter #DFIR
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-eventsecurity-activity-7134775346893074432-gKCr?utm_source=share&utm_medium=member_ios

tools
Cloud Security
1. A collection of resources, tools and more for pentesting/securing MS Azure
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest

2. Finding complex attack paths in Kubernetes clusters🥹
https://labs.withsecure.com/tools/icekube--finding-complex-attack-paths-in-kubernetes-clusters
]-> https://github.com/WithSecureLabs/IceKube

⚠️ New PoC exploit for CVE-2023-46604 flaw in Apache ActiveMQ could let attackers stealthily execute malicious code.

CVSS score: 10.0! Are your servers secure?

Learn more about this critical vulnerability:
https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.07

#DiyakoSecureBow
———————————
Analytics
Mobile Security
Top 10 Mobile Risks:
Comparison between 2016 and 2023
https://blog.devsecopsguides.com/owasp-top-10-mobile-risks

-Business Secure Continuity-
1402.09.09
——————————————————
#cybersecurity #mobilesecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-mobilesecurity-activity-7135957433025224704-l4OF?utm_source=share&utm_medium=member_ios

Thank you Ali Tavakoli for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.

Special Thanks Dear Bro

✌🏼🙏❤️👍🏽

-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.10

https://www.linkedin.com/posts/alirezaghahrood_thank-you-ali-tavakoli-for-reviewing-my-cybersecurity-activity-7136262933549846529-5zO1?utm_source=share&utm_medium=member_ios

tools
Cloud Security
1. A collection of resources, tools and more for pentesting/securing MS Azure
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest

2. Finding complex attack paths in Kubernetes clusters
https://labs.withsecure.com/tools/icekube--finding-complex-attack-paths-in-kubernetes-clusters
https://github.com/WithSecureLabs/IceKube


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.11

tools
hardening
1. SharpRODC - .NET tool for RODC-related misconfiguration
https://github.com/wh0amitz/SharpRODC

2. GUI to Manage Software Restriction Policies and harden Windows 11
https://github.com/AndyFul/Hard_Configurator


جذاب اما به شدت ريسك هاي غير قابل تصور به كمك رويكرد مخالف اخلاقمداري در اين حوزه را ايجاد مي كند.
🔐 Discover 7 incredible ways AI is transforming security operations:
✅ Information Management
✅ Malware Analysis
✅ Tool Development
✅ Risk Evaluation
✅ Tabletop Exercises
✅ Incident Response
✅ Threat Intelligence
Learn more ➥
https://thehackernews.com/2023/11/7-uses-for-generative-ai-to-enhance.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.12

#DiyakoSecureBow
———————————
Evolution of AI

Origins
AI Can Learn
HUMAN ROLE: Train and manage USED BY: Analytics and data science TO: Support decisions & optimization

Yesterday
AI Can Learn and Repeat
HUMAN ROLE: Supervise and intervene USED BY: Business process improvement TO: Automate repetitive tasks

Today
AI Can Learn, Repeat,
Create and Re-Create
HUMAN ROLE: Oversee and course correct USED BY: Developers and content creators TO: Turbocharge digital developme

-Business Secure Continuity-
1402.09.13
——————————————————
#cybersecurity #machinelearning #artificialintelligence
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_state-of-applied-generative-ai-market-2024-activity-7137280523462160384-A6hJ?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow
———————————
Cloud Computing Study 2023
The balancing act of cloud expansion

Cloud adoption is continuing at pace, yet there are signs that the frenzied activity that characterized the pandemic period is easing somewhat.
Slowing adoption rates come at a time when a significant portion of the IT estate targeted for the cloud has already been migrated or is in the process of moving over. At the same time, cost management and security issues have become rising challenges for many companies as their cloud footprint expands, potentially dampening the speed of migration.

-Business Secure Continuity-
1402.09.15
——————————————————
#cybersecurity #cloud #computing
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_cloud-2023-activity-7138025678943211520-qGUe?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow
———————————
2013 Cyber Claims Report :

Cyber Claims Increased in the Face of Surging Attacks

Ransomware Severity Climbed to Historic High

Funds Transfer Fraud Severity Spiked

Email Security Remained Critical to Claims Reduction

MOVEit Quickly Evolved into Widespread Exploitation

How Businesses Can Actively Address Cyber Risk☺️

Methodology

Special Thanks
Coalition, Inc.

-Business Secure Continuity-
1402.09.18
——————————————————
#cybersecurity #crime #multifactorauthentication
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_2013-cyber-claims-report-activity-7139125852855791616-I_KT?utm_source=share&utm_medium=member_ios

How AI could augment a cyber-attack at every stage

Special Thanks
Darktrace

-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.18

https://www.linkedin.com/posts/alirezaghahrood_the-ai-kill-chain-2023-activity-7139127662391783424-cM28?utm_source=share&utm_medium=member_ios

Blue Team Techniques
Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates
https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp

tool to identify risky DHCP/DNS configurations in AD environments:
https://github.com/akamai/Invoke-DHCPCheckup

Offensive security
1. Abusing WSUS with MITM to perform ADCS ESC8 attack
https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html

2. What is Loader Lock?
https://elliotonsecurity.com/what-is-loader-lock


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.18

⚠️ IMPORTANT
A set ("5Ghoul") of new major security flaws in 📡 5G mobile network modems impact 714 smartphones models from all major brands—including Apple, Samsung, Google, Xiaomi, OnePlus and more.
Details on 5Ghoul here:
https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html

🚨 Ransomware-as-a-Service (RaaS) is reshaping cybercrime. Anyone with limited tech skills can now carry out devastating attacks.
Learn how in this article: https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html


Cyber Education
Tasks for learning how to use Frida for Android:
- Frida setup, Hooking a method;
- Calling a static method;
- Changing the value of a variable;
- Creating a class instance;
- Invoking methods on an existing instance;
- Invoking a method with an object argument;
- Hooking the constructor;
- Introduction to native hooking;
- Changing the return value of a native function / Calling a native function;
- Patching instructions using X86/ARM64 Writer.
https://github.com/DERE-ad2001/Frida-Labs


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.20