16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Threat Research
Cutting Edge
Part 1 - Suspected APT Targets Ivanti Connect Secure VPN in New 0-Day Exploitation
https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day
Part 2 - Investigating Ivanti Connect Secure VPN 0-Day Exploitation
https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation
Part 3 - Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence
🎬:The Boy, the Mole, the Fox and the Horse
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.29
Tech book
Modern Software Testing Techniques:
A Practical Guide for Developers and Testers 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.24
https://www.linkedin.com/posts/alirezaghahrood_ciso-as-a-service-activity-7167027883171799040-TQd8?utm_source=share&utm_medium=member_ios
Why the Right Metrics Matter When it Comes to Vulnerability Management
How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working?
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to communicate any risks to the rest of the business.
So how do you know what to focus on? Cyber hygiene, scan coverage, average time to fix, vulnerability severity, remediation rates, vulnerability exposure… the list is endless. Every tool on the market offers different metrics, so it can be hard to know what is important.
vulnerability management program, the progress you've made, so you can create audit-ready reports that:
•Prove your security posture
•Meet vulnerability remediation SLAs and benchmarks
•Help pass audits and compliance
•Demonstrate ROI on security tools
•Simplify risk analysis
•Prioritize resource allocation
Why you need to measure vulnerability management?
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.23
Red Team Tactics
Attacking APIs
https://blog.devsecopsguides.com/attacking-apis
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.21
https://www.linkedin.com/posts/alirezaghahrood_red-team-tactics-attacking-apis-httpslnkdin-activity-7166036807938248705-j3U8?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
There's an equal risk of disruptions and breaches in digital infrastructure as there is in physical, eco-conscious infrastructure. Industries can innovate with smart grids, green technology and integrated urban planning.
To sum up, cybersecurity is not only a technical concern but a critical element of ESG and sustainability. Companies prioritising cybersecurity practices can safeguard their data, reduce environmental harm, promote social responsibility, improve business resilience, and encourage innovation and collaboration.
So:
Cybersecurity Is a Sustainability Enabler.
-Business Secure Continuity-
2024.02.17
——————————————————
#residentialsecurity #disasterrecovery #cybersecurityleadership
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-residentialsecurity-disasterrecovery-activity-7164541614474960896-ei_H?utm_source=share&utm_medium=member_ios
We worry about tomorrow
Like it’s promised.
2024 marks the rise of vCISO services, with 45% of MSPs and MSSPs joining the trend. Position yourself as a cybersecurity leader.
Watch the webinar for a 5-phase action plan to vCISO success: https://thehackernews.com/2024/02/new-webinar-5-steps-to-vciso-success.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.16
https://www.linkedin.com/posts/alirezaghahrood_we-worry-about-tomorrow-like-its-promised-activity-7164289701921730560-yQGR?utm_source=share&utm_medium=member_ios
🕵️ Chinese state-backed hackers exploited FortiOS SSL-VPN flaws to breach a Dutch military network, deploying a stealthy backdoor called COATHANGER.
Learn more:
https://thehackernews.com/2024/02/chinese-hackers-exploited-fortigate.html
🔥 A critical vulnerability has been found in the shim bootloader, leaving millions of Linux systems vulnerable to attack.
Learn more about CVE-2023-40547: https://thehackernews.com/2024/02/critical-bootloader-vulnerability-in.html
Update your device immediately if it uses shim and Secure Boot.
🔔 URGENT: Cisco, Fortinet, and VMware have (again!) released patches for new critical vulnerabilities in their products.
Patch immediately to prevent device takeover, data theft, and operational disruption.
Learn more:
https://thehackernews.com/2024/02/critical-patches-released-for-new-flaws.html
🛑 Urgent: Patch it now - Hackers are exploiting it!
Fortinet has unveiled a critical security flaw in its SSL VPN, CVE-2024-21762, allowing hackers to execute arbitrary code.
Learn more:
https://thehackernews.com/2024/02/fortinet-warns-of-critical-fortios-ssl.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12
https://www.linkedin.com/posts/alirezaghahrood_chinese-hackers-exploited-fortigate-flaw-activity-7162797436279754752-YVLs?utm_source=share&utm_medium=member_ios
Job description of a Senior Cyber Security Manager or CISO or V CISO :A Senior Cyber Security Manager or CISO or VCISO is responsible for safeguarding systems and networks against digital attacks and cyber threats. With extensive experience in the field of security, this individual engages in analyzing and identifying vulnerabilities, preventing cyber attacks, enhancing security measures, and providing training to employees. Additionally, they play a crucial role in responding to security incidents.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.08
https://www.linkedin.com/posts/alirezaghahrood_job-description-of-a-senior-cyber-security-activity-7161393984412536841-_XpH?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Techbook
Ultimate Blockchain Security Handbook: Advanced Cybersecurity Techniques and Strategies for Risk Management, Threat Modeling, Pentesting, and Smart Contract Defense for Blockchain 2023.
-Business Secure Continuity-
2024.02.07
——————————————————
#blockchaintechnology #artificialintelligence #riskmanagement #pentesting #cybersecurity
#BusinessSecureContinuity
#DiyakoSecureBow
———————————
We are very, very grateful and happy for your direct and indirect support and it is very valuable for us. 🙏❤️✌🏼😇
3/500✌🏼
-Business Secure Continuity-
2024.02.03
——————————————————
#marketanalysis #branding
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-marketanalysis-branding-activity-7159406399746150401-aphr?utm_source=share&utm_medium=member_ios
tools
Red Team Tactics
Offensive security
Open-source toolkit for hackers and security automation
https://github.com/We5ter/Scanners-Box
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.02
Research
Threat Research
Blue Team Techniques
Threat Intelligence of Abused Public Post-Exploitation Frameworks 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.31
https://www.linkedin.com/posts/alirezaghahrood_abuse-public-2024-activity-7158363489466564608-fTWS?utm_source=share&utm_medium=member_ios
I am happy to announce that I have recently received my
Cyber Security ,…Voice Badge🏅.
I hope to experience more success in this field and share it with others.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.27
https://www.linkedin.com/posts/alirezaghahrood_i-am-happy-to-announce-that-i-have-recently-activity-7156954875891728384-XkpT?utm_source=share&utm_medium=member_ios
Cloud Security
Lateral Movements in Kubernetes 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.24
https://www.linkedin.com/posts/alirezaghahrood_lm-kubernetes-2023-activity-7155793853319438336-jRXe?utm_source=share&utm_medium=member_ios
Ever wondered how SOC teams can sift through millions of alerts without missing a beat?
Discover how Threat Intelligence Platforms are revolutionizing SOC investigations and turning chaos into clarity.
Explore how to refine threat hunting: https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.28
https://www.linkedin.com/posts/alirezaghahrood_ever-wondered-how-soc-teams-can-sift-through-activity-7168407552190234626-5-J3?utm_source=share&utm_medium=member_ios
Red Team Tactics
Attacking APIs
https://blog.devsecopsguides.com/attacking-apis
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.24
Research
Hardware Security
Exploring AMD Platform Secure Boot
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.21
exploit
Buffer Overflow Exploits Demystified
Part 1: https://vandanpathak.com/kernels-and-buffers/buffer-overflow-exploits-demystified-from-theory-to-practice
Part 2: https://vandanpathak.com/kernels-and-buffers/buffer-overflow-exploits-demystified-from-theory-to-practice-part-2
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.17
https://www.linkedin.com/posts/alirezaghahrood_exploit-buffer-overflow-exploits-demystified-activity-7164532285327695872-e79l?utm_source=share&utm_medium=member_ios
Yashar Esmaildokht #Kudos You are such an invaluable member of the team #TeamPlayer
Yashar, good friend, with good morals and Lover Technology😍.All these years of friendship, communication and Recent collaborations…I am proud of this friendship.Your place is at a higher level than anywhere etc, especially the engineering platform, the cloud manager, the storage technologies, and the diverse services of Linux.I am happy that you are both expert and With professional creative. It is pleasant to cooperate and talk based on knowledge and experience with you❤️😘🙏👍🏽 Knowledge and experiences are always developing.
Take care of your lovely and professional ethics✌🏼
ياشار، دوست سالم، با اخلاق و خوره تكنولوژي متن بازم😍
اين همه سال دوستي و ارتباط و همكاري هاي اخير
باعث افتخار من هست اين دوستي. جاي تو در سطوح بالاتر از هر جاي كه الان قرار گرفته اي هست ومخصوصا مهندسي پلتفرم، ابري، تكنولوژي هاي ذخيره ساز، مديريت سرويس هاي متنوع لينوكسي
خوشحالم براي اينكه هم متخصصي و هم سالم
لذت بخش هست همكاري و گپ و گفت مبتني بر دانش و تجارب
❤️😘🙏👍🏽
دانش و تجارب ات هميشه رو به توسعه است
از سلامت و اخلاقيات حرفه اي دوست داشتني ات به شدت ازش
مراقبت كن✌🏼
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.16
#DiyakoSecureBow
————————————
CLTC WHITE PAPER SERIES
A Comparative Study of Interdisciplinary Cybersecurity
Education
University of California, Berkeley
Center for Long-Term Cybersecurity and @SCHOOL OF INFORMATION for the WILLIAM + William and Flora Hewlett Foundation
Special Thanks
LISA Ho
Sahar Rabiei
Drake White
September 2023
California Lighting Technology Center (CLTC), UC Davis
Center for Long-Term Cybersecurity
UC Berkeley Executive Education
🙏✌🏼😇❤️
The five-technical core knowledge units are
Basic Scripting and Programming (BSP)
Basic Networking (BNW)
Network Defense (NDF)
Basic Cryptography (BCY)
Operating Systems Concepts (OSC)
The five non-technical core knowledge units are:
Cyber Threats (CTH)
Policy, Legal, Ethics and Compliance (PLE)
Security Program Management (SPM)
Security Risk Analysis (SRA)
Cybersecurity Planning and Management (CPM)
-Business Secure Continuity-
2024.02.13
——————————————————
#berkeley #education #cybersecurityskills
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_interdisciplinary-cybersecurity-education-activity-7163026536483176449-xlrN?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
STATE OF CYBER AWARENESS IN THE
BOARD ROOM REPORT:
An In-Depth Analysis of the State of Cyber Awareness, Education, and Expertise of Board of Directors at S&P 500 Companies.
Cyber risk is now one of the top risk areas boards are spending time on and raising their awareness of the resiliency needs across their respective organizations and sectors. With the recent finalization of the SEC rules on cybersecurity disclosures, I am expecting the evolution to continue at a rapid rate.
Special Thanks
NightDragon
https://www.diligentinstitute.com
❤️😇✌🏼🙏
-Business Secure Continuity-
2024.02.12
——————————————————
#cyberdefense #cyberawareness #ciso
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_state-of-cyber-awareness-2024-activity-7162679237437448192-yxFk?utm_source=share&utm_medium=member_ios
Apply What You Have Learned Today: Vendors
#RSAC
Stronger Together
• Review your code to ensure it does not allow deleting or writing to privileged registry keys via registry symlink manipulation
• Always use user impersonation when accessing unprotected registry
keys or objects in general from privileged processes
• Set the correct ACL on your created registry keys
• Registry links, like other symbolic links, can pose potential security risks, underscoring the need for cautious access and appropriate
security measures to mitigate these risks
API documentation should include potential security risks to promote
secure coding practices a n d reduce the likelihood of security incident
Special Thanks
Crosspoint Labs
Bahaa Naamneh
❤️🙏😇👍🏽
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.07
https://www.linkedin.com/posts/alirezaghahrood_undocumented-api-2024-activity-7160852183276519424-LV6A?utm_source=share&utm_medium=member_ios
Pentesting Active Directory
a n d W i n d o w s - b a s e d I n f r a s t r u c t u r e
A comprehensive practical guide t o penetration testing
Microsoft i n f r a s t r u c t u r e😊
4 all security professionals who are fighting a good battle.
👇🏻
/channel/CISOasaService/14886
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.04
Analytics
State of API Security 2024:
The API Secret Sprawl
https://escape.tech/blog/how-we-discovered-over-18-000-api-secret-tokens
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.03
https://www.linkedin.com/posts/alirezaghahrood_state-api-sec-2024-activity-7159417737587417088-xXb0?utm_source=share&utm_medium=member_ios
🔒 Strengthening Your Cybersecurity Posture.
Did you know that less than half of cybersecurity pros have complete visibility into vulnerabilities? Regular assessments are key.
Learn more:
https://thehackernews.com/2024/01/top-security-posture-vulnerabilities.html
🚀 ANYRUN now supports Linux!
🐧 Linux faces frequent cyber threats targeting passwords, browser data, wallets, and logins. But with ANYRUN update you can:
✔️ Collect #IOCs using Ubuntu VM
✔️ Analyze Linux-based malware
Try ANYRUN free today!
https://thehackernews.co/malware-sandbox
Analytics
Threat Research😍
Intelligence Driven Threat Hunting 4 CiSO s
SentinelOne WatchTower End Of Year Report 2023.
Special Thanks
SentinelOne
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.01
https://www.linkedin.com/posts/alirezaghahrood_wath-tower-2023-perfecf-activity-7158673193686163456-drXS?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Cybersecurity Ecosystem
Introduction
This is an ongoing project to capture the taxonomy of the entire cybersecurity industry.
The mapping project is a combination of visuals, definitions, and examples from each area of the ecosystem. Seeing the ecosystem from multiple views is the most practical approach to grappling with the enormity of it all.
A table of contents is available to help you navigate through the mapping. It's large, and there is no way to simplify it without losing important details.
Various image formats and source files are also available at the bottom. You're welcome to use them as you please.
For more background on the thought process behind the project, check out the introductory article:
Special Thanks
Strategy of Security
https://lnkd.in/dXqGy47i
-Business Secure Continuity-
2024.01.28
——————————————————
#cybersecurity #cyberattack #threatintelligence #chiefinformationsecurityofficer
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cyber-security-ecosystem-2024-activity-7157603600980942848-Vi-W?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
MLSecOps
Whitepaper
Principles for the security of machine learning Aug 2022.
/channel/CISOasaService/14866
/channel/cissp/7391
Special Thanks
National Cyber Security Centre
-Business Secure Continuity-
2024.01.24
——————————————————
#cybersecurity #AI #ML
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ciso-as-a-service-activity-7155797620689383425-sb_6?utm_source=share&utm_medium=member_ios
Cloud Security
Lateral Movements in Kubernetes 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.01.24