16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
I will be attending Intersec, the world's leading trade fair for safety, security & fire protection taking place from 16 – 18 January 2024. Register today and join me at the show. #intersecexpo
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.05
https://www.linkedin.com/posts/alirezaghahrood_ive-registered-to-visit-intersec-2024-register-activity-7145501607357546497-lChU?utm_source=share&utm_medium=member_ios
info
Events
TOP-20 Leading Cybersecurity Conferences in 2024:
1. IEEE S&P
45th IEEE Symposium (May 20-23):
https://www.ieee-security.org/TC/SP2024
European (July 8-12):
https://www.ieee-security.org/TC/EuroSP2024/accepted_and_awards.html
2. ENISA Cybersecurity Standardisation Conference (Mar 05)
https://www.enisa.europa.eu/events/cybersecurity_standardisation_2024
3. USENIX Security Symposium (Aug 14-16)
https://www.usenix.org/conference/usenixsecurity24
4. NDSS Symposium (26 Feb. - 01 Mar.)
https://www.internetsociety.org/events/ndss/2024
5. ESORICS (European Symposium on Research in Computer Security, Sept. 16-20)
https://www.esorics2024.org
6. Nullcon Berlin (March 11-13)
https://nullcon.net/berlin-2024
7. International Conference on Cybersecurity and Common Problems (ICCCP, Jan. 18-19)
https://waset.org/cybersecurity-and-common-problems-conference-in-january-2024-in-sydney
8. Pwn2Own Miami (Feb.14-16)
https://www.zerodayinitiative.com/Pwn2OwnMiami2024Rules.html
9. International Conference on Cybersecurity and Hacking (ICCH 2024, Jan. 11-12)
https://waset.org/cybersecurity-and-hacking-conference-in-january-2024-in-tokyo
10. RSA Conference 2024 (May 6-9)
https://www.rsaconference.com/usa
11. JSAC 2024 (Jan. 25-26)
https://jsac.jpcert.or.jp
12. SANS 2024 Cyber Security Training (Mar 24-29)
https://www.sans.org/cyber-security-training-events/2024
13. 45th IEEE Symposium on Security and Privacy (May 20-23)
https://sp2024.ieee-security.org
14. National Cyber Summit (Sep. 24-26)
https://www.nationalcybersummit.com
15. ACM WiSec 2024 (May 27-30)
https://wisec2024.kaist.ac.kr
16. Zer0Con 2024 (April 4-5)
https://zer0con.org/?ref=infosec-conferences.com
17. DEF CON 32 (Aug. 10-13)
https://defcon.org
18. Black Hat 2024
Spring Trainings (Mar. 12-15):
https://www.blackhat.com/tr-24
USA (Aug. 3-8):
https://www.blackhat.com/upcoming.html#usa
Asia (Apr. 16-19):
https://www.blackhat.com/upcoming.html#asia
Europe (Dec. 4-7):
https://www.blackhat.com/upcoming.html#europe
19. BSides SF 2024 (May 4-5)
https://bsidessf.org/cfp
20. European Interdisciplinary Cybersecurity Conference (EICC, June 5-6)
https://www.fvv.um.si/eicc2024
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.05
#DiyakoSecureBow
———————————
WRETHINKING DATA STORAGE
elcome to the latest edition of your favourite monthly magazine,
where we dive deep into the ever-evolving landscape of data storage. In this era of unprecedented information generation, storage solutions are no longer confined to the background; they have become pivotal in shaping the course of innovation and progress.
In this issue, we embark on a journey to explore the forefront of data storage, a realm brimming with possibilities and challenges. Our Cover Story with Samer Semaan of Pure Storage focuses on how, as we rethink conventional paradigms, we uncover revolutionary strategies that promise to reshape the way we manage, access, and safeguard our digital assets.
From the explosive growth of cloud-based architectures to the resurgence of edge computing, the choices we make about data storage ripple through industries and touch our personal lives. This magazine aims to be your compass in navigating this dynamic landscape. Our team of experts delves into the realms of quantum storage, pushing the boundaries of what was once thought possible. We examine the environmental footprint of data centers and spotlight innovations that marry efficiency with sustainability.
As we reflect on the contents of this issue, it becomes evident that the conversation surrounding data storage is more critical than ever before. The choices we make today will shape the contours of our future. We invite you to join us in this exploration, to challenge assumptions, and to embrace the transformative power of rethinking data storage.
Special Thanks
tahawul tech
tahawultech.com
-Business Secure Continuity-
1402.10.04
——————————————————
#cybersecurity #cloudsecurity #storagemanagement
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_tahawultech-2023-activity-7144914681298653184-Q_4g?utm_source=share&utm_medium=member_ios
SCADA Security
Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures", 2023.
Special Thanks
Noam Moshe
Sharon Brizinov
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.02
https://www.linkedin.com/posts/alirezaghahrood_scada-2023-opcuq-activity-7144271253552451584-QD8p?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Annual Payment Fraud Intelligence Report: 2023
Special Thanks
Recorded Future
-Business Secure Continuity-
1402.10.01
——————————————————
#cybersecurity #threathunting #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2023-fraud-report-activity-7143861976580947968-ZRgS?utm_source=share&utm_medium=member_ios
Whitepaper
Sec code review
"Securing the Software Supply Chain: Recommended Practices for Managing Open-Source Software and Software Bill of Materials", Dec.2023.
Good,Bad News🤓
+ 🚨 Threat Alert: The notorious 8220 Gang is exploiting a high-severity flaw (CVE-2020-14883) in Oracle WebLogic Server to spread malware.
Find details here: https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html
+Threat Research
1. Chaining Vulnerabilities to Achieve RCE on Outlook
https://www.akamai.com/blog/security-research/chaining-vulnerabilities-to-achieve-rce-part-one
2. SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide
+ Cloud_Security
AWS Attacks Monitoring:
IOC, malware and malware analysis associated with AWS cloud
https://github.com/unknownhad/AWSAttacks
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.29
https://www.linkedin.com/posts/alirezaghahrood_open-source-software-security-2023-activity-7143122307144642561-tO8J?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Analytics
Threat Research
Charting China's Climb as a Leading Global Cyber Power", 2023.
Special Thanks
Recorded Future
-Business Secure Continuity-
1402.09.27
——————————————————
#cybersecurity #threathunting #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cta-2023-activity-7142393308084912128-db6d?utm_source=share&utm_medium=member_ios
[#PacktPub] Free eBook - Practical Industrial Internet of Things Security
Читать полностью…
🛡️ Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws.
This release includes 4 Critical and 29 Important fixes, making it one of the lightest in recent years.
Read:
https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.23
Mobile Security
Black Hat Europe 2023:
"Evils in the Sparse Texture Memory: Exploit Kernel Based on Undefined Behaviors of Graphic APIs", 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.22
https://www.linkedin.com/posts/alirezaghahrood_texture-exploit-2023-activity-7140541399132725251-UB9x?utm_source=share&utm_medium=member_ios
How AI could augment a cyber-attack at every stage
Special Thanks
Darktrace
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.18
https://www.linkedin.com/posts/alirezaghahrood_the-ai-kill-chain-2023-activity-7139127662391783424-cM28?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Cloud Computing Study 2023
The balancing act of cloud expansion
Cloud adoption is continuing at pace, yet there are signs that the frenzied activity that characterized the pandemic period is easing somewhat.
Slowing adoption rates come at a time when a significant portion of the IT estate targeted for the cloud has already been migrated or is in the process of moving over. At the same time, cost management and security issues have become rising challenges for many companies as their cloud footprint expands, potentially dampening the speed of migration.
-Business Secure Continuity-
1402.09.15
——————————————————
#cybersecurity #cloud #computing
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cloud-2023-activity-7138025678943211520-qGUe?utm_source=share&utm_medium=member_ios
tools
hardening
1. SharpRODC - .NET tool for RODC-related misconfiguration
https://github.com/wh0amitz/SharpRODC
2. GUI to Manage Software Restriction Policies and harden Windows 11
https://github.com/AndyFul/Hard_Configurator
جذاب اما به شدت ريسك هاي غير قابل تصور به كمك رويكرد مخالف اخلاقمداري در اين حوزه را ايجاد مي كند.
🔐 Discover 7 incredible ways AI is transforming security operations:
✅ Information Management
✅ Malware Analysis
✅ Tool Development
✅ Risk Evaluation
✅ Tabletop Exercises
✅ Incident Response
✅ Threat Intelligence
Learn more ➥
https://thehackernews.com/2023/11/7-uses-for-generative-ai-to-enhance.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.12
Thank you Ali Tavakoli for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
Special Thanks Dear Bro
✌🏼🙏❤️👍🏽
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.10
https://www.linkedin.com/posts/alirezaghahrood_thank-you-ali-tavakoli-for-reviewing-my-cybersecurity-activity-7136262933549846529-5zO1?utm_source=share&utm_medium=member_ios
https://www.linkedin.com/company/diyako-secure-bow/
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.05
tools
Blue Team Techniques
Weaponizing DHCP DNS Spoofing - A Hands-On Guide
https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide
tool that enables DHCP DNS Dynamic Update attacks against MS DHCP servers in AD environments:
https://github.com/akamai/ddspoof
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.04
🔒 "Unlocking the Future: Cybersecurity in the Digital Age" 🔒
In today's digital age, where data is the new currency😍, the importance of cybersecurity cannot be overstated. Cyber threats evolve and mutate at an unprecedented pace, posing challenges to individuals and organizations worldwide.
🚨 Did you know that cyberattacks have been growing in frequency and sophistication? From ransomware assaults to social engineering, each new threat demands innovative solutions and heightened vigilance.
💡 Amidst this dynamic landscape, the role of cybersecurity professionals has become pivotal. They are the guardians of our digital realm, constantly thwarting malicious attempts and fortifying our defenses.
🔍 Exploring the realms of encryption, AI-driven security, and proactive threat hunting, the journey through cybersecurity is a fusion of technology, intelligence, and resilience.
State of the CIO 2023 sample slides
This year’s global study highlights the CIO’s increasing involvement with cybersecurity, as well as their initiatives to increase operational efficiency
State of the CIO 2023 sample slides
This year’s global study highlights the CIO’s increasing involvement with cybersecurity, as well as their initiatives to increase operational efficiency.
Security Priorities Study 2022 white paper
This white paper provides insight into the various security projects that organizations are currently focused on and will be prioritizing in the coming year so you can best build out your marketing plans.
https://resources.foundryco.com
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.01
https://www.linkedin.com/posts/alirezaghahrood_cios-cement-leadership-role-2023-activity-7143873089544548352--G53?utm_source=share&utm_medium=member_ios
💻🕵️♂️ Watch Out — Chinese-speaking threat actors known as Smishing Triad are impersonating UAE authorities to send malicious 📩 SMS messages, aiming to steal sensitive information from residents and foreigners.
Details: https://thehackernews.com/2023/12/alert-chinese-hackers-pose-as-uae.html
DNS,DHCP☺️
Invoke-DHCPCheckup.ps1:
Invoke-DHCPCheckup is a tool meant to identify risky DHCP and DNS configurations in Active Directory environments. For additional information please refer to our blogpost: https://akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp
The tool identifies the following misconfigurations:
DNS Credential
• DNS Credential is not configured
• The configured DNS credential is of a strong user
Name Protection
• Name protection is not enabled on a scope
• Name protection is not enabled by default on new scopes
DNSUpdateProxy
• Display group members
• Specify whether the members are DHCP servers
Weak record ACLs
• List records owned by DHCP servers (Managed Records)
• List records that could be overwritten by authenticated users
https://github.com/akamai/Invoke-DHCPCheckup
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.30
Thank you Rezvan Barzegar for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
✌🏼🙏❤️👍🏽
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.28
https://www.linkedin.com/posts/alirezaghahrood_thank-you-rezvan-barzegar-for-reviewing-my-activity-7142826769719459840-vOPC?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Analytics
2023 CWE Top 10 KEV Weaknesses
2023 CWE Top 10 KEV Weaknesses List Insights:
https://cwe.mitre.org/top25/archive/2023/2023_kev_insights.html
Methodology:
https://cwe.mitre.org/top25/archive/2023/2023_kev_methodology.html
Special Thanks
MITRE ATT&CK
MITRE
-Business Secure Continuity-
1402.09.25
——————————————————
#cybersecurity #mitreattack #defensivesecurity
#BusinessSecureContinuity
#DiyakoSecureBow
———————————
Red Team Tactics
Black Hat Europe 2023:
"New Process Injection Techniques Using Windows Thread Pools"
https://github.com/SafeBreach-Labs/PoolParty
https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
Special Thanks
SafeBreach
Alon Leviev
-Business Secure Continuity-
1402.09.23
——————————————————
#cybersecurity #redteaming #threathunting
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_proc-inj-win-thr-pool-2023-activity-7140937358786420737-WvDa?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
KEY FINDINGS AND INSIGHTS FOR THE FIRST 6 MONTHS OF 2023:
The Russian invasion has triggered a notable shift in the Russian cybercriminal ecosystem that will likely have long-term implications for coordination between criminal groups and the scale of cybercrime worldwide.
The shift from hack and encrypt attacks to actual offensive espionage and influence operations will keep the bar for sophisticated instructions high for further escalation around the globe after the Ukrainian victory on the battlefield.
Key Insights:
2X GROWTH IN THE NUMBER OF INCIDENTS WHERE CERT UA WAS INVOLVED IN INVESTIGATIONS & FORENSICS
Despite all improvements implemented by Ukrainian authorities (from utilizing the most modern protection stack to many other enhancements), the number of incidents doubled in the last 6 months: from an average of 1.9 incidents per day (57 per month) in H2’22 to 4-5 per day (128 per month) in H1’23.
Russian state-controlled adversaries brace for the long stand against the West and add more people to increase the capacity and speed of the attacks.
Special Thanks
USAID
-Business Secure Continuity-
1402.09.22
——————————————————
#cybersecurity #crime #ukraine #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_russia-cyber-tactics-2023-activity-7140550597430145024-I1B8?utm_source=share&utm_medium=member_ios
⚠️ IMPORTANT
A set ("5Ghoul") of new major security flaws in 📡 5G mobile network modems impact 714 smartphones models from all major brands—including Apple, Samsung, Google, Xiaomi, OnePlus and more.
Details on 5Ghoul here:
https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html
🚨 Ransomware-as-a-Service (RaaS) is reshaping cybercrime. Anyone with limited tech skills can now carry out devastating attacks.
Learn how in this article: https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html
Cyber Education
Tasks for learning how to use Frida for Android:
- Frida setup, Hooking a method;
- Calling a static method;
- Changing the value of a variable;
- Creating a class instance;
- Invoking methods on an existing instance;
- Invoking a method with an object argument;
- Hooking the constructor;
- Introduction to native hooking;
- Changing the return value of a native function / Calling a native function;
- Patching instructions using X86/ARM64 Writer.
https://github.com/DERE-ad2001/Frida-Labs
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.20
Blue Team Techniques
Spoofing DNS Records by Abusing DHCP DNS Dynamic Updates
https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp
tool to identify risky DHCP/DNS configurations in AD environments:
https://github.com/akamai/Invoke-DHCPCheckup
Offensive security
1. Abusing WSUS with MITM to perform ADCS ESC8 attack
https://j4s0nmo0n.github.io/belettetimoree.github.io/2023-12-01-WSUS-to-ESC8.html
2. What is Loader Lock?
https://elliotonsecurity.com/what-is-loader-lock
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.18
#DiyakoSecureBow
———————————
2013 Cyber Claims Report :
Cyber Claims Increased in the Face of Surging Attacks
Ransomware Severity Climbed to Historic High
Funds Transfer Fraud Severity Spiked
Email Security Remained Critical to Claims Reduction
MOVEit Quickly Evolved into Widespread Exploitation
How Businesses Can Actively Address Cyber Risk☺️
Methodology
Special Thanks
Coalition, Inc.
-Business Secure Continuity-
1402.09.18
——————————————————
#cybersecurity #crime #multifactorauthentication
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2013-cyber-claims-report-activity-7139125852855791616-I_KT?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Evolution of AI
Origins
AI Can Learn
HUMAN ROLE: Train and manage USED BY: Analytics and data science TO: Support decisions & optimization
Yesterday
AI Can Learn and Repeat
HUMAN ROLE: Supervise and intervene USED BY: Business process improvement TO: Automate repetitive tasks
Today
AI Can Learn, Repeat,
Create and Re-Create
HUMAN ROLE: Oversee and course correct USED BY: Developers and content creators TO: Turbocharge digital developme
-Business Secure Continuity-
1402.09.13
——————————————————
#cybersecurity #machinelearning #artificialintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_state-of-applied-generative-ai-market-2024-activity-7137280523462160384-A6hJ?utm_source=share&utm_medium=member_ios
tools
Cloud Security
1. A collection of resources, tools and more for pentesting/securing MS Azure
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest
2. Finding complex attack paths in Kubernetes clusters
https://labs.withsecure.com/tools/icekube--finding-complex-attack-paths-in-kubernetes-clusters
https://github.com/WithSecureLabs/IceKube
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.11
#DiyakoSecureBow
———————————
Analytics
Mobile Security
Top 10 Mobile Risks:
Comparison between 2016 and 2023
https://blog.devsecopsguides.com/owasp-top-10-mobile-risks
-Business Secure Continuity-
1402.09.09
——————————————————
#cybersecurity #mobilesecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-mobilesecurity-activity-7135957433025224704-l4OF?utm_source=share&utm_medium=member_ios