16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Thank you Mohsen Azarnejad for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
Special Thanks Dear Bro
For many years, we have worked in the expert body of both employers and companies that provide services, products and solutions for cyber security and related technologies. We have a good understanding of problems, challenges, shortcomings, etc Taken from the opinions of real and legal customers That It consists of national, organizational, extensive collaborations and cross-border and international projects.
The approach to cyber security needs is based on standards, requirements, risks, non-conformities in a balance of budget, human power and organizational culture. With the help of cycle We carry out needs assessment, research and development, design, implementation, audit, optimization(FineTune), hardening, operation and customized training with an eye on maturity. Ask the team for feedback from customers who have trusted us and are our most valuable asset + output and effectiveness.
سال هاست در بدنه كارشناسي هم كارفرمايان و هم شركت هاي ارائه دهنده خدمات، سرويس ها ، محصولات و راهكارهاي امنيت سايبري و فناوري هاي وابسته كار كرده ايم
به مشكلات، چالش ها، كاستي ها، … اشراف مناسبي داريم
برگرفته از نظرات مشتريان حقيقي و حقوقي
كه
مشتمل از همكاري هاي ملي، سازماني، گسترده و پروژه هاي فرا مرزي و بين المللي هست
رويكرد به نياز هاي امنيت سايبري را صر ف استاندارد ها، الزامات، ريسك ها، عدم انطباق ها در تعادلي از بودجه، نيروي انساني و فرهنگ سازماني
به كمك چرخه
نيازسنجي، تحقيق و توسعه بروز، طراحي، استقرار، مميزي، بهينه سازي ، امن سازي، راهبري ، آموزش هاي سفارشي سازي شده با نگاه به بلوغ انجام مي دهيم.
بازخورد تيم را از مشترياني كه اعتماد كرده اند و دارايي به شدت مهم ما هستند، بپرسيد
+ خروجي و اثر بخشي
✌🏼🙏❤️👍🏽
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.15
https://www.linkedin.com/posts/alirezaghahrood_thank-you-mohsen-azarnejad-for-reviewing-activity-7152445907219668992-Cxqh?utm_source=share&utm_medium=member_ios
T H R E AT H U N T I N G P L AY B OO K
LEARN HOW TO EMBRACE A PROACTIVE SECURITY POSTUR
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.13
https://www.linkedin.com/posts/alirezaghahrood_threat-hunting-playbook-2023-activity-7151784348835348480-clQY?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Executive Dashboard
InitialAccessBrokers
-Business Secure Continuity-
2024.01.10
——————————————————
#cybersecurity #cloud
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-cloud-activity-7150738302193537026-2Hr-?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Hardening
Office 365 Secure Configuration Framework Feb.2024
-Business Secure Continuity-
2024.01.09
——————————————————
#cybersecurity #office365 #hardening
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_office365-sec-config-2024-activity-7150322827877949441-R52P?utm_source=share&utm_medium=member_ios
Check out this job at Diyako Secure Bow:
https://www.linkedin.com/jobs/view/3800192325
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.06
exploit
Analytics
Top 10 Vulnerabilities of 2023:
1. CVE-2023-34362: MOVEit Vulnerability
2. CVE-2023-23397: MS Outlook PE
3. CVE-2023-43641: 1-Click RCE on GNOME
4. CVE-2023-28252: Windows CLFS PE
5. CVE-2023-2868: Barracuda ESG CI
6. CVE-2023-26360: Adobe ColdFusion
7. CVE-2023-4966: Citrix Bleed
8. CVE-2023-22952: SugarCRM RCE
9. CVE-2023-24880: Win Smart Screen Bypass
https://www.vicarius.io/vsociety/posts/windows-smartscreen-security-feature-bypass-cve-2023-24880
10. CVE-2022-42475:
FortiOS heap-based buffer overflow in sslvpnd
https://bishopfox.com/blog/exploit-cve-2022-42475
https://github.com/scrt/cve-2022-42475
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.06
Malware analysis
Ransomware and Extortion Report 2023.
Special Thanks
Palo Alto Networks
Palo Alto Networks Education Services
And
Unit42✌🏼❤️😇🙏
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.02
Happy New Year 2024: New Year is celebrated on January 1 of every year. As 2023 comes to an end, we welcome 2024 with pomp. Globally, people celebrate the day by visiting loved ones, exchanging gifts, cooking a fest for loved ones, attending events or parties, countdowns with friends, kissing their partner when the clock strikes 12, watching fireworks, and more. Additionally, New Year is the time to make resolutions that help people grow physically and mentally. You can also celebrate the day by sending heartfelt messages and wishes to your loved ones on January 1, 2024.
❤️😇✌🏼
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.01
Threat Research
Blue Team Techniques
1. Sensor Mappings to ATT&CK - collection of resources to assist cyber defenders with understanding which sensors/events can help detect real-world adversary behaviors in their environments
https://github.com/center-for-threat-informed-defense/sensor-mappings-to-attack
2. Early Detection of Malicious Stockpiled Domains
https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.06
Thank you Hassan Abdi for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
Special Thanks Bro
✌🏼🙏❤️👍🏽
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.06
https://www.linkedin.com/posts/alirezaghahrood_fthank-you-hassan-abdi-for-reviewing-my-cybersecurity-activity-7145696258911870976-wMua?utm_source=share&utm_medium=member_ios
I will be attending Intersec, the world's leading trade fair for safety, security & fire protection taking place from 16 – 18 January 2024. Register today and join me at the show. #intersecexpo
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.05
https://www.linkedin.com/posts/alirezaghahrood_ive-registered-to-visit-intersec-2024-register-activity-7145501607357546497-lChU?utm_source=share&utm_medium=member_ios
info
Events
TOP-20 Leading Cybersecurity Conferences in 2024:
1. IEEE S&P
45th IEEE Symposium (May 20-23):
https://www.ieee-security.org/TC/SP2024
European (July 8-12):
https://www.ieee-security.org/TC/EuroSP2024/accepted_and_awards.html
2. ENISA Cybersecurity Standardisation Conference (Mar 05)
https://www.enisa.europa.eu/events/cybersecurity_standardisation_2024
3. USENIX Security Symposium (Aug 14-16)
https://www.usenix.org/conference/usenixsecurity24
4. NDSS Symposium (26 Feb. - 01 Mar.)
https://www.internetsociety.org/events/ndss/2024
5. ESORICS (European Symposium on Research in Computer Security, Sept. 16-20)
https://www.esorics2024.org
6. Nullcon Berlin (March 11-13)
https://nullcon.net/berlin-2024
7. International Conference on Cybersecurity and Common Problems (ICCCP, Jan. 18-19)
https://waset.org/cybersecurity-and-common-problems-conference-in-january-2024-in-sydney
8. Pwn2Own Miami (Feb.14-16)
https://www.zerodayinitiative.com/Pwn2OwnMiami2024Rules.html
9. International Conference on Cybersecurity and Hacking (ICCH 2024, Jan. 11-12)
https://waset.org/cybersecurity-and-hacking-conference-in-january-2024-in-tokyo
10. RSA Conference 2024 (May 6-9)
https://www.rsaconference.com/usa
11. JSAC 2024 (Jan. 25-26)
https://jsac.jpcert.or.jp
12. SANS 2024 Cyber Security Training (Mar 24-29)
https://www.sans.org/cyber-security-training-events/2024
13. 45th IEEE Symposium on Security and Privacy (May 20-23)
https://sp2024.ieee-security.org
14. National Cyber Summit (Sep. 24-26)
https://www.nationalcybersummit.com
15. ACM WiSec 2024 (May 27-30)
https://wisec2024.kaist.ac.kr
16. Zer0Con 2024 (April 4-5)
https://zer0con.org/?ref=infosec-conferences.com
17. DEF CON 32 (Aug. 10-13)
https://defcon.org
18. Black Hat 2024
Spring Trainings (Mar. 12-15):
https://www.blackhat.com/tr-24
USA (Aug. 3-8):
https://www.blackhat.com/upcoming.html#usa
Asia (Apr. 16-19):
https://www.blackhat.com/upcoming.html#asia
Europe (Dec. 4-7):
https://www.blackhat.com/upcoming.html#europe
19. BSides SF 2024 (May 4-5)
https://bsidessf.org/cfp
20. European Interdisciplinary Cybersecurity Conference (EICC, June 5-6)
https://www.fvv.um.si/eicc2024
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.05
#DiyakoSecureBow
———————————
WRETHINKING DATA STORAGE
elcome to the latest edition of your favourite monthly magazine,
where we dive deep into the ever-evolving landscape of data storage. In this era of unprecedented information generation, storage solutions are no longer confined to the background; they have become pivotal in shaping the course of innovation and progress.
In this issue, we embark on a journey to explore the forefront of data storage, a realm brimming with possibilities and challenges. Our Cover Story with Samer Semaan of Pure Storage focuses on how, as we rethink conventional paradigms, we uncover revolutionary strategies that promise to reshape the way we manage, access, and safeguard our digital assets.
From the explosive growth of cloud-based architectures to the resurgence of edge computing, the choices we make about data storage ripple through industries and touch our personal lives. This magazine aims to be your compass in navigating this dynamic landscape. Our team of experts delves into the realms of quantum storage, pushing the boundaries of what was once thought possible. We examine the environmental footprint of data centers and spotlight innovations that marry efficiency with sustainability.
As we reflect on the contents of this issue, it becomes evident that the conversation surrounding data storage is more critical than ever before. The choices we make today will shape the contours of our future. We invite you to join us in this exploration, to challenge assumptions, and to embrace the transformative power of rethinking data storage.
Special Thanks
tahawul tech
tahawultech.com
-Business Secure Continuity-
1402.10.04
——————————————————
#cybersecurity #cloudsecurity #storagemanagement
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_tahawultech-2023-activity-7144914681298653184-Q_4g?utm_source=share&utm_medium=member_ios
SCADA Security
Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures", 2023.
Special Thanks
Noam Moshe
Sharon Brizinov
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.02
https://www.linkedin.com/posts/alirezaghahrood_scada-2023-opcuq-activity-7144271253552451584-QD8p?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Annual Payment Fraud Intelligence Report: 2023
Special Thanks
Recorded Future
-Business Secure Continuity-
1402.10.01
——————————————————
#cybersecurity #threathunting #threatintelligence
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2023-fraud-report-activity-7143861976580947968-ZRgS?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
WHEN THE LIGHTS
WENT OUT
A COMPREHENSIVE REVIEW OF THE 2015 ATTACKS ON UKRAINIAN CRITICAL INFRASTRUC
-Business Secure Continuity-
2024.01.13
——————————————————
#cybersecurity #cyberattack #malwareanalysis #operationaltechnology #OT
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ukraine-report-20232015-attack-ot-activity-7151787545461170176-xN26?utm_source=share&utm_medium=member_ios
The diversity of talent in cybersecurity, which is what makes the field so refreshingly different from many others, is also one of the critical factors that stifles its evolution.
https://www.linkedin.com/posts/alirezaghahrood_the-diversity-of-talent-in-cybersecurity-activity-7151176698082779136-Ydrr?utm_source=share&utm_medium=member_ios
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.11
Thank you Hoda Taheri for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.07
https://www.linkedin.com/posts/alirezaghahrood_thank-you-hoda-taheri-for-reviewing-my-cybersecurity-activity-7149687471713222656-V2r6?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
Infographics
"API Pentesting Mindmap":
Recon+Attacking+GraphQL Attacking
-Business Secure Continuity-
2024.01.06
——————————————————
#cybersecurity #apigateway #pentesting #offensivesecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_api-pentesting-map-2024-activity-7149317714614894593-Ub5_?utm_source=share&utm_medium=member_ios
I am happy to announce that I have recently received my
Network Security ,…Voice Badge🏅.
I hope to experience more success in this field and share it with others.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.03
#DiyakoSecureBow
———————————
A Comparative Study of Interdisciplinary Cybersecurity
Education
Executive Summary
Since 2014, the William and Flora Hewlett Foundation Cyber Initiative has allocated grants to support interdisciplinary cybersecurity education at universities across the United States, as part of a broader goal to develop a field of cyber policy experts and institutions that can “an- ticipate, analyze, and address [cybersecurity] risks thoughtfully and systematically.”1 This paper presents a comparative study of the interdisciplinary cybersecurity education landscape to guide educational institutions in developing and creating cybersecurity programs. We compiled publicly available information about a selection of 17 interdisciplinary cybersecurity degree pro- grams, with a focus on masters programs offered by Hewlett grantees. We then supplemented our data collection with two focus group meetings with representatives from the programs studied, as well as from recent Hewlett grantees.2
Programs in the study depicted a range of models for interdisciplinary cybersecurity education and a variety of approaches for cultivating diverse and interdisciplinary thinking in the field. These models include dual-degree programs and curriculum requirements that span multiple schools and disciplines, and that are designed to foster cross-disciplinary thinking and develop student competency in both technical and policy-oriented domains.
The study revealed a variety of important insights for university leaders to consider as they create or evolve their interdisciplinary cybersecurity programs:
Special Thanks
CLTC
Center for Long-Term Cybersecurity
University of California, Berkeley
And✌🏼❤️😇
L I S A H O Project Lead
Academic Director
- Masters in Information and Cybersecurity, UC Berkeley
S A H A R R A B I E I Lead Researcher
Masters Student
- Cybersecurity and Information, UC Berkeley
DRAKE WHITE Researcher
Masters Student
- Information Management and Systems, UC Berkeley
https://lnkd.in/e5WhgqpU
-Business Secure Continuity-
1402.10.09
——————————————————
#cybersecurity #berkeley #mitreattack
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cyber-security-education-2023-activity-7146749253992812544-d8zL?utm_source=share&utm_medium=member_ios
Let's go to the specialized analysis of a series of malware:
Malware analysis
1. Qilin Ransomware
https://lnkd.in/eCgeYhwY
2. The csharp-streamer RAT
https://lnkd.in/eQrTj6YF
Let's go to the techniques of resistance and security (Hardening) against attacks and abuses(Exploit):
Exploitation Mitigations
Knowledge base of exploit mitigations for various OS, architectures, applications and versions
https://lnkd.in/duccdB5
And
🚨 New Linux Trojan Alert!
Meet "Krasue," a stealthy remote access trojan targeting Thai telecom companies. Krasue relies on a rootkit derived from open-source projects to maintain persistence.
Learn more:
https://lnkd.in/eqmkDg97
https://lnkd.in/e9WjWR3d
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.06
https://www.linkedin.com/posts/alirezaghahrood_lets-go-to-the-specialized-analysis-of-a-activity-7145807195257933824-5kF9?utm_source=share&utm_medium=member_ios
Thank you Rezvan Barzegar for reviewing my Cybersecurity service. It was great working with you. To learn more about my work, visit my Service Page.
Special Thanks Ms
✌🏼🙏❤️👍🏽
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.06
https://www.linkedin.com/posts/alirezaghahrood_thank-you-rezvan-barzegar-for-reviewing-my-activity-7145696390680125440-5EGe?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
To learn more about how to adopt and accelerate AI in a safe way, click the link the description
Special Thanks
Holistic AI
-Business Secure Continuity-
1402.10.06
——————————————————
#cybersecurity #gdprcompliance #artificialintelligence #machinelearningalgorithms
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ai-regulations-2024-activity-7145513879857463296-qZt_?utm_source=share&utm_medium=member_ios
https://www.linkedin.com/company/diyako-secure-bow/
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.05
tools
Blue Team Techniques
Weaponizing DHCP DNS Spoofing - A Hands-On Guide
https://www.akamai.com/blog/security-research/weaponizing-dhcp-dns-spoofing-hands-on-guide
tool that enables DHCP DNS Dynamic Update attacks against MS DHCP servers in AD environments:
https://github.com/akamai/ddspoof
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.04
🔒 "Unlocking the Future: Cybersecurity in the Digital Age" 🔒
In today's digital age, where data is the new currency😍, the importance of cybersecurity cannot be overstated. Cyber threats evolve and mutate at an unprecedented pace, posing challenges to individuals and organizations worldwide.
🚨 Did you know that cyberattacks have been growing in frequency and sophistication? From ransomware assaults to social engineering, each new threat demands innovative solutions and heightened vigilance.
💡 Amidst this dynamic landscape, the role of cybersecurity professionals has become pivotal. They are the guardians of our digital realm, constantly thwarting malicious attempts and fortifying our defenses.
🔍 Exploring the realms of encryption, AI-driven security, and proactive threat hunting, the journey through cybersecurity is a fusion of technology, intelligence, and resilience.
State of the CIO 2023 sample slides
This year’s global study highlights the CIO’s increasing involvement with cybersecurity, as well as their initiatives to increase operational efficiency
State of the CIO 2023 sample slides
This year’s global study highlights the CIO’s increasing involvement with cybersecurity, as well as their initiatives to increase operational efficiency.
Security Priorities Study 2022 white paper
This white paper provides insight into the various security projects that organizations are currently focused on and will be prioritizing in the coming year so you can best build out your marketing plans.
https://resources.foundryco.com
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.10.01
https://www.linkedin.com/posts/alirezaghahrood_cios-cement-leadership-role-2023-activity-7143873089544548352--G53?utm_source=share&utm_medium=member_ios
💻🕵️♂️ Watch Out — Chinese-speaking threat actors known as Smishing Triad are impersonating UAE authorities to send malicious 📩 SMS messages, aiming to steal sensitive information from residents and foreigners.
Details: https://thehackernews.com/2023/12/alert-chinese-hackers-pose-as-uae.html
DNS,DHCP☺️
Invoke-DHCPCheckup.ps1:
Invoke-DHCPCheckup is a tool meant to identify risky DHCP and DNS configurations in Active Directory environments. For additional information please refer to our blogpost: https://akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp
The tool identifies the following misconfigurations:
DNS Credential
• DNS Credential is not configured
• The configured DNS credential is of a strong user
Name Protection
• Name protection is not enabled on a scope
• Name protection is not enabled by default on new scopes
DNSUpdateProxy
• Display group members
• Specify whether the members are DHCP servers
Weak record ACLs
• List records owned by DHCP servers (Managed Records)
• List records that could be overwritten by authenticated users
https://github.com/akamai/Invoke-DHCPCheckup
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.09.30