16245
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Hardening
Enhanced Visibility and Hardening Guidance for Communications Infrastructure 2024.:
Network Infrastructure Security Guide, ver.1.2
https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
Cisco Guide to Securing NX-OS Devices
https://sec.cloudapps.cisco.com/security/center/resources/securing_nx_os.html
Cisco IOS XE Hardening Guide, 2024
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-16/220270-use-cisco-ios-xe-hardening-guide.html
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group
National Security Agency
National Cyber Security Centre
@canadian centre for cyber Security
Australian Signals Directorate
Cybersecurity and Infrastructure Security Agency
-Secure Business Continuity-
2024.12.04
——————————————————
#CyberSecurity #vCISO #CISA #Hardening
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ev-hardening-guide-2024-activity-7269914274351730688-D9Gt?utm_source=share&utm_medium=member_ios
Techbook
CloudSecurity
Cloud Hacking Playbook 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.03
Techbook
Malware Development:
The result of self-research and investigation of malware development tricks, evasion techniques and persistence 2022.
Special Thanks❤️🙏😇👍🏽
ZHUSSUPOV ZHASSULAN
(COCOMELONC)
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.03
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Research
Offensive Security
AI-Augmented Ethical Hacking:
A Practical Examination of Manual Exploitation and Privilege Escalation in Linux Environments 2024.
Special Thanks❤️😇👍🏽🙏
Haitham S. Al-Sinani and Chris J. Mitchell
1 Department of Cybersecurity and Quality Assurance, Diwan of Royal Court,
Muscat, Oman.
2 Department of Information Security, Royal Holloway, University of London,
-Secure Business Continuity-
2024.12.03
——————————————————
#CyberSecurity #vCISO #Hacking #Ethical
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ethical-hacking-gen-ai-2024-activity-7269624361907625984-unMU?utm_source=share&utm_medium=member_ios
Research
Offensive security
AI-Augmented Ethical Hacking:
A Practical Examination of Manual Exploitation and Privilege Escalation in Linux Environments", 2024.
اون قسمتی از وجودم که مدارا رو انتخاب میکرد از بین رفته، دیگه نمیتونم هر طور شده آدمها رو کنار خودم نگه دارم حتي در قبال مشتري و دوست...، بگذريم؛
وَ من..؟مصمم؛در سبز زیستن
در آدمِ بهتری بودن و آدم بهتری شدن! حتي اگر چرخه جاري زندگي شايد هيچ عدل و منطقي هم همراش نباشد و وعده انتظار دنياي بهتر بعد از زندگي صرفا از خاك بودن و به خاك برگشتن باشد.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.02
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
The State of aUtomotive CyBerSecurity
Special Thanks❤️😇👍🏽🙏
Pavel Khunt
Thomas Sermpinis
Auxilium Pentest Labs
@troopers sec
-Secure Business Continuity-
2024.11.29
——————————————————
#CyberSecurity #vCISO #Automotive #ASM
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cybersecurityautomotive-2024-activity-7268033641555873794-jFiT?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Principles of operational technology cyber security:
Principle 1: Safety is paramount.
Principle 2: Knowledge of the business is crucial.
Principle 3: OT data is extremely valuable and needs to be protected.
Principle 4: Segment and segregate OT from all other networks.
Principle 5: The supply chain must be secure.
Principle 6: People are essential for OT cyber security.
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group
National Security Agency
National Cyber Security Centre
Federal Bureau of Investigation (FBI)
Australian Signals Directorate
This publication was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in collaboration with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), United Kingdom’s National Cyber Security Centre (NCSC-UK), Canadian Centre for Cyber Security (Cyber Centre), New Zealand’s National Cyber Security Centre (NCSC-NZ), Germany’s Federal Office for Information Security (BSI Germany), the Netherlands’ National Cyber Security Centre (NCSC-NL), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity
(NISC) and National Police Agency (NPA), and the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center (NCSC)
-Secure Business Continuity-
2024.11.26
——————————————————
#CyberSecurity #vCISO #OT #Scada
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_principles-of-operational-technology-cybersecurity-activity-7267279078544605186-5NhW?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
Threat Research
2023 Top Routinely Exploited Vulnerabilities
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group,…
-Secure Business Continuity-
2024.11.22
——————————————————
#CyberSecurity #vCISO #Vulnerability
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_top-vulnerabilities-2023-activity-7265654191891628032-ypUk?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
tools
DFIR
ETW Forensics
Why use Event Tracing for Windows over EventLog
https://blogs.jpcert.or.jp/en/2024/11/etw_forensics.html
ETW Scanner for Volatility3
Special Thanks❤️😇👍🏽🙏
朝長 秀誠
@Shusei Tomonaga
-Secure Business Continuity-
2024.11.15
——————————————————
#CyberSecurity #vCISO #CSIRT #Malware #Event
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7263277845647409154-dhAI?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
KernelSecurity
Redefining Security Boundaries: Unveiling Hypervisor Backed Security Features For Windows Security 2024
Special Thanks❤️😇👍🏽🙏
Connor McGarr
SANS Institute
-Secure Business Continuity-
2024.11.09
——————————————————
#Hardening #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_redefining-security-boundaries-2024-activity-7260911792611098625-HNgG?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Research
HardwareSecurity
Hardware Designs for Secure Microarchitectures 2023.
Special Thanks❤️😇👍🏽🙏
Dr.-Ing. Jan Philipp Thoma
-Secure Business Continuity-
2024.10.30
——————————————————
#CWE #Incident #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_hardware-security-activity-7257224637728579584-6mCO?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infographics
Malware Analysis
Ransomware Ecosystem Map, version 27 (2024)
https://github.com/cert-orangecyberdefense/ransomware_map
Special Thanks❤️😇👍🏽🙏
Marine P.
-Secure Business Continuity-
2024.10.27
——————————————————
#CyberSecurity #vCISO #Pentest #OWASP
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_malware-analysis-2024-activity-7256551819470925824-F5Tl?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
On the occasion of the first anniversary of our young and specialized startup, "Diyako Secure Bow," which operates in the field of cybersecurity, I would like to express my sincere appreciation to all the team members and colleagues who have walked with us on this challenging journey.❤️
A special thanks to the colleagues in customer relationship management as AM Team, Project control as PMO Team, Finance as Accounting and Tax Team, and the technical and engineering teams as Ciso as a Service Team (vCISO) , whose tireless efforts have played a crucial role in our success.🙏
I am also deeply grateful to the board members and senior managers for their invaluable support and trust in our decision-making.🤝
Moreover, I would like to extend my heartfelt thanks to all friends and colleagues in the cybersecurity community, who have worked closely with us, and to our partner companies, whose close cooperation has guided us along the right path.✌️
I also express my gratitude 2 the Defense Organization, the Strategic Cybersecurity Center of the Presidency(AFTA), the Cyber Police (FATA), and other official authorities 4 their support and endorsement in consulting and securing critical IT,OT infrastructures.✊🏽
Finally, I thank all those, both friends and competitors, who have taught us that the path we have chosen, based on patriotism, integrity, and professionalism, is challenging but clear.😎🤓
The 26-member family of Diyako Secure Bow, standing with you to build a Secure Digital future.🥳
+ I would also like to extend my deep gratitude to the CEOs, Chief Security Officers, Information Security Managers, SOC Managers, Cyber Incident Responders, Technology, Infrastructure, Network, Development, Planning, Industrial Automation, and …, along with all the specialists in our client base, who have placed their trust in us. This trust has enabled us to deliver exceptional and tailored services, including technical and systemic cybersecurity audits, risk management and compliance oversight(GRC), secure network design, customized training, optimization of cyber defense controls, cyber drills, data leak monitoring (ASM), and various other solutions under vCISO.🤜🤛🏻
Thank you for your confidence and collaboration, allowing us to demonstrate our true value and take meaningful steps together toward enhancing cybersecurity.
-Secure Business Continuity-
2024.10.24
——————————————————
#CyberSecurity #vCISO
#SecureBusinessContinuity
Whitepaper
ThreatResearch
eBPF Security Threat Model 2024.
eBPF Verifier Code Review (.pdf)
https://github.com/ebpffoundation/publications
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.03
DFIR
Techbook
A Practical Hands-on Approach to Database Forensics.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.12.03
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infosec Standards
NIST SP 800-63B-4:
"Digital Identity Guidelines. Authentication and Authenticator Management", August 2024.
NIST SP 800-63-4:
"Digital Identity Guidelines"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-4.2pd.pdf
NIST SP 800-63A-4:
"Identity Proofing and Enrollment"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63A-4.2pd.pdf
NIST SP 800-63C-4:
"Federation and Assertions"
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63C-4.2pd.pdf
Special Thanks❤️😇👍🏽🙏
National Institute of Standards and Technology (NIST)
-Secure Business Continuity-
2024.12.03
——————————————————
#CyberSecurity #vCISO #NIST #AAA
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_nist-800-63-activity-7269639297606066176-yG5p?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
CISA ROADMAP FOR ARTIFICIAL INTELLIGENCE
As noted in the landmark Executive Order 14110, “Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI),” signed by the President on October 30, 2023, “AI must be safe and secure .” As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, CISA will play a key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure .
This “2023–2024 CISA Roadmap for Artificial Intelligence” serves as a guide for CISA’s AI-related
efforts, ensuring both internal coherence as well as alignment with the whole-of-government AI strategy . This roadmap incorporates key CISA-led actions as directed by Executive Order, along with additional actions CISA is leading to promote AI security and support critical
infrastructure owners and operators as they navigate the adoption of AI .
The roadmap includes CISA’s efforts to:
• Promote beneficial uses of AI to enhance cybersecurity capabilities and other aspects of CISA’s mission;
• Protect the nation’s AI systems from cybersecurity threats; and
• Deter malicious actors’ use of AI capabilities to threaten critical infrastructure .
The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer . Although AI software systems might differ from traditional forms of software, fundamental security practices still apply . Thus, CISA’s AI roadmap
builds on the agency’s cybersecurity and risk management programs . Critically, manufacturers
of AI systems must follow secure by design principles: taking ownership of security outcomes for customers, leading product development with radical transparency and accountability, and making secure by design a top business priority . As the use of AI grows and becomes
increasingly incorporated into critical systems, security must be a core requirement and integral to AI system development from the outset and throughout its lifecyc
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group
Cybersecurity and Infrastructure Security Agency
-Secure Business Continuity-
2024.11.29
——————————————————
#CyberSecurity #vCISO #CISA #AI
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cisa-roadmap-4-ai-2024-activity-7268036739653410816-2riB?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
White Paper
General Quarters!
Cybersecurity Challenges in the Maritime Industry
October 2024
Special Thanks❤️😇👍🏽🙏
Marco (Marc) Ayala
Jason Murrell
Sean Plankey
SANS Institute
SANS ICS
Fortinet
-Secure Business Continuity-
2024.11.29
——————————————————
#CyberSecurity #vCISO #OT #Scada
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ot-cybersecurity-by-sansfortinet-2024-activity-7268030353045397508-3oTP?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Introduction
SPECIAL REPORT
MANDIANT M-TRENDS:
When looking at the year ahead, we never make predictions. Instead, we look at the trends we are already seeing, and provide realistic forecasts of what we expect to see in the wide world of cybersecurity. The Cybersecurity Forecast 2025 report is filled with forward- looking insights from Google Cloud security leaders.
The report also features insights from more than a dozen
researchers, analysts, responders and experts across
numerous Google Cloud security teams, including Google
Threat Intelligence, Mandiant Consulting, Google Security
Operations, Google Cloud’s Office of the CISO, and VirusTotal. These individuals are regularly on the frontlines, and know what organizations and security teams should be prioritizing next year. Technology advances, threats evolve, the cybersecurity
landscape changes, and defenders must adapt to it all if they want to keep up.
The Google Cloud Cybersecurity Forecast 2025
report aims to help the cybersecurity industry frame its fight against cyber adversaries in 2025
Special Thanks❤️😇👍🏽🙏
Google
Mandiant (part of Google Cloud)
Google Cloud
Google Research
Google Cloud Security
-Secure Business Continuity-
2024.11.26
——————————————————
#CyberSecurity #vCISO #Google #adversaries
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cybersecurity-forecast-2025-activity-7267272871096242176-Twc8?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infographics
The DoD Cybersecurity Policy Chart,
October 2024.
https://csiac.org/resources/the-dod-cybersecurity-policy-chart
Special Thanks❤️😇👍🏽🙏
United States Department of Defense
-Secure Business Continuity-
2024.11.22
——————————————————
#CyberSecurity #vCISO #Dod
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2024-dod-cyber-security-activity-7265656460599021568-U-Vn?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
2024 State of Threat and Exposure Management Report
Special Thanks❤️😇👍🏽🙏
NopSec
-Secure Business Continuity-
2024.11.09
——————————————————
#Mitre #Attack #CVE #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_state-threat-exp-report-2024-activity-7260913892095119360-tsNV?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Here are a few reasons why organizations might perform or have a vulnerability assessment performed:
*To find and identify vulnerabilities using scanners specifically designed for this type of testing.
*To discover and identify vulnerabilities that may be difficult or unique to the organization.
*To find and identify vulnerabilities resulting from a misconfiguration.
*To find and identify permissive security settings and whether least privilege is in place.
*If a vulnerability is discovered, to determine the viability of the attack vector.
*To assess potential business and operational impact.
*To test in-place security tools, operations, and controls to determine the ability of the organization.
*to detect, defend, and counterattack.
^In remediation, the discovered issue is resolved. This means a patch or upgrade was put in place or a procedure was updated to prevent an attack.
^In mitigation, whatever is discovered is not or cannot be resolved. To bring the threat down to a more manageable level, tighter compensating security controls are put in place around it. An example might include older systems that cannot be replaced either because the manufacturer no longer supports it or a significant financial investment would have to be made; this is common in manufacturing. To mitigate the situation, systems might be placed in their own segment of the network and firewalled off with no internet or remote access.
^Verification: The verification phase is quite straightforward. It is just checking to ensure actions
taken by IT resolve the discovered issue either through remediation or mitigation.
Special Thanks❤️😇👍🏽🙏
Tenable
-Nessus Professional
-Nessus Expert
-Secure Business Continuity-
2024.11.04
——————————————————
#Patch #Vulnerability #CyberSecurity #vCISO
#SecureBusinessContinuity
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Threat Research
The CTI Research Guide: Curated Intelligence 2024.
Special Thanks❤️😇👍🏽🙏
Curated Intelligence
-Secure Business Continuity-
2024.10.31
——————————————————
#Threat #CTI #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cti-2024-activity-7257701114333020160-BKHJ?
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
DFIR
Analytics
Cybersecurity incident disclosures: A 13-year review October 2024.
Special Thanks❤️😇👍🏽🙏
Ideagen
-Secure Business Continuity-
2024.10.30
——————————————————
#CWE #Incident #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2024-cybersec-incident-disclosures-activity-7257213939204149248-Ti63?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
tools
Offensive Security
Vulnhuntr - tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis
https://github.com/protectai/vulnhuntr
// World's first autonomous AI-discovered 0-day vulnerabilities
-Secure Business Continuity-
2024.10.26
——————————————————
#CyberSecurity #vCISO #Pentest #OWASP
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7255859686476763136--90v?utm_source=share&utm_medium=member_ios