cissp | Unsorted

Telegram-канал cissp - cissp

16255

@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood

Subscribe to a channel

cissp

27 Mar 2024 01:48

Tech book
Windows Security Internals with PowerShell 2024.


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.27

Читать полностью…

cissp

25 Mar 2024 12:55

#DiyakoSecureBow
————————————
Infographics
Ransomware Ecosystem Map, v.26, 2024.
https://lnkd.in/eSsDkqng

-Business Secure Continuity-
2024.03.25
——————————————————
#malware #Ransomware #Threat #Cybersecurity‏
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_ransomware-ecosystem-2024-activity-7177903280621035520-m2W2?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

24 Mar 2024 04:09

exploit
1.CVE-2023-48788:
Fortinet FortiClient EMS SQL Injection
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive

2.VM Escape Exploit for Parallels Desktop Hypervisor:
https://zerodayengineering.com/research/pwn2own-2021-vm-escape.html
PoC: https://github.com/badd1e/Pwn/tree/main/prl_pwn_v1.1

3. CVE-2024-2432:
Palo Alto GlobalProtect EoP
https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP

Sec code review
Dangling Pointer Guide
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/dangling_ptr_guide.md

Dangling Pointer Detector:
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/dangling_ptr.md


*منم آن شهری که یادش رفته
کسی را ندارم♩♬ دلش میخواهد عرق سرمست ولی نا ندارد♩♬
اگر شب تبر میزند نیوفتاده ام.


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.24

Читать полностью…

cissp

23 Mar 2024 14:29

Research
OpenVPN is Open to VPN Fingerprinting 2024.

Network traffic classification library:
https://lnkd.in/d7rErkTQ


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.23

https://www.linkedin.com/posts/alirezaghahrood_vpn-clear-exchange-2024-activity-7177295194122293248-7Jbd?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

16 Mar 2024 05:40

#DiyakoSecureBow
————————————
Analytics
Threat Research
Threat Detection Report: Techniques, Trends, Takeaways 2024.

Special Thanks🙏❤️😇
Red Canary

-Business Secure Continuity-
2024.03.16
——————————————————
#cybersecurity #Vulnerability ‏
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_threat-detection-report-2024-activity-7174625222535331840-kJTR?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

15 Mar 2024 10:57

⚠️ Vulnerability Alert: Fortinet warns of a severe SQL Injection vulnerability (CVE-2023-48788) in FortiClientEMS allowing unauthenticated attackers to execute code remotely.
Details:
https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html
Check if your versions are affected and upgrade ASAP!

🥶https://www.fortiguard.com/psirt/FG-IR-24-013

Analytics
Red Team Tactics
Top 10 Blockchain Hacking Techniques 2023
https://blog.openzeppelin.com/top-10-blockchain-hacking-techniques-of-2023

Blue Team Techniques
Microsoft Entra ID: The Complete Guide
To Conditional Access Policies
https://www.rezonate.io/blog/microsoft-entra-id-the-complete-guide-to-conditional-access-policies


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.15

https://www.linkedin.com/posts/alirezaghahrood_vulnerability-alert-fortinet-warns-of-activity-7174341133844574209-7mj8?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

12 Mar 2024 13:01

Tech book
Azure Security 2024.


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12

Читать полностью…

cissp

12 Mar 2024 12:49

Tech book
Cloud and Edge Networking 2023.


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12

Читать полностью…

cissp

08 Mar 2024 14:46

#DiyakoSecureBow
———————————
SCADA Security
Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents 2024

-Business Secure Continuity-
2024.02.008
——————————————————
#plcprogramming #otsecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_detecting-ics-incidents-2024-activity-7171863795022061572-2EmN?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

06 Mar 2024 08:12

Malware analysis
1. Scam .pdf files
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads

2. ComPromptMized: Unleashing 0-click Worms that Target GenAI-Powered Applications
https://sites.google.com/view/compromptmized

3. Malicious traffic detection system
https://github.com/stamparm/maltrail

4. CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit


Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.05

https://www.linkedin.com/posts/alirezaghahrood_malware-analysis-1-scam-pdf-files-https-activity-7170644257706307585-Ttf1?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

03 Mar 2024 09:59

Analytics
Outbreak Alerts Annual Report 2023

Challenges to the Cyber Landscape in 2024:The cybersecurity landscape is ever changing, marked by the continual emergence of new threats. Being aware of
the primary challenges enables organizations to remain vigilant against evolving risks and adjust their cybersecurity strategy accordingly.

Understanding these key challenges is vital for efficient risk management, safeguarding sensitive data, ensuring uninterrupted business operations, fostering trust,
and staying proactive against emerging threats. Let’s discuss what are some of the key challenges...

Special Thanks❤️😇🙏
Fortinet
FortiGuard Labs
Fortinet Partner

-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.03

https://www.linkedin.com/posts/alirezaghahrood_outbreak-alerts-report-forti-2023-activity-7169975709170450432-GFOt?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

29 Feb 2024 19:00

⚠️ Lazarus Group hackers found exploiting a Windows kernel zero-day vulnerability (CVE-2024-21338) weeks after a patch was released, allowing them to gain system-level control and disable security software on targeted systems.
Details here:
https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html

Iranian hackers are using fake job offers to target Middle East industries, particularly in aerospace, aviation, and defense. The cyberattacks have been linked to threat group UNC1549, backed by Iran.
Learn more:
https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.29

https://www.linkedin.com/posts/alirezaghahrood_lazarus-group-hackers-found-exploiting-activity-7169028461347491840-Db0S?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

28 Feb 2024 01:59

Ever wondered how SOC teams can sift through millions of alerts without missing a beat?

Discover how Threat Intelligence Platforms are revolutionizing SOC investigations and turning chaos into clarity.

Explore how to refine threat hunting: https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.28

https://www.linkedin.com/posts/alirezaghahrood_ever-wondered-how-soc-teams-can-sift-through-activity-7168407552190234626-5-J3?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

23 Feb 2024 16:06

Red Team Tactics
Attacking APIs
https://blog.devsecopsguides.com/attacking-apis


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.24

Читать полностью…

cissp

23 Feb 2024 13:30

https://www.linkedin.com/posts/alirezaghahrood_why-the-right-metrics-matter-when-it-comes-activity-7166771266077552641-icqZ?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

26 Mar 2024 13:29

#DiyakoSecureBow
————————————
Analytics
MLSecOps
Why Red Teams
Play a Central Role in Helping Organizations Secure AI Systems 2023

Special Thanks❤️🙏😇
Google

-Business Secure Continuity-
2024.03.26
——————————————————
#google #offensive #Redteam #vulnerability
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_redteam-google-2023-activity-7178258114717118464-KOzN?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

24 Mar 2024 08:04

Definitive guide to ransomware:

In some extreme cases, attackers demanded
that victims pay as much as USD 80 million to
have data released.

Ransomware is an online attack perpetrated by cybercriminals or
nation state-sponsored groups who demand a monetary ransom
to release a hold on encrypted or stolen data. Increasingly,
ransomware attacks result in crisis-level operational impact
to critical infrastructure and commercial organizations, while
criminals threaten to publicly release or destroy data if prompt
payment isn’t made.
In the past decade, ransomware attacks have evolved from
a consumer-level nuisance of fake antivirus products to
sophisticated malware with advanced encryption capabilities
that now primarily target public and private-sector organizations.
Robustly applied threat intelligence can help identify industries
and geographies considered a primary target at any given time,
but no individual or organization is immune to attack.

Special Thanks ✌ 🙏 ❤️ 😊
IBM Security
IBM
IBM iX


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.24

https://www.linkedin.com/posts/alirezaghahrood_definitive-guide-2-ransomware-2023-by-ibm-activity-7177544689112260608-xQ41?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

23 Mar 2024 14:45

#DiyakoSecureBow
————————————
KEY FINDINGS FROM THE SURVEY INCLUDE:

VPN Vulnerabilities and Cybersecurity Impacts: Despite their critical role, VPNs pose security risks, with 88% of organizations expressing a slight to extreme concern
that VPNs may jeopardize their environment’s security. Furthermore, 45% of organizations confirmed experiencing at least one attack that exploited VPN vulnerabilities in the last 12 months - one in three became victim of VPN-related ransomware attacks. The increasing threat of cyberattackers exploiting VPN vulnerabilities underscores the urgent need to address the security of current VPN architectures.

VPN Use and User Experience: VPNs have a broad spectrum of use, with 84% of respondents identifying remote employee access as their primary application. However, users reported a less than optimal experience, with a majority of users dissatisfied with their VPN experience (72%), highlighting
the need for more user-friendly and reliable remote access solutions in the digital workplace.

Special Thanks🙏❤️😇
Zscaler

-Business Secure Continuity-
2024.03.203
——————————————————
#vpn #risk #Cybersecurity‏
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_vpn-risk-report-2023-activity-7177299139129393152-Bv0z?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

20 Mar 2024 11:36

#DiyakoSecureBow
————————————
Analytics
The Future of Application Security 2024

Special Thanks🙏❤️😇
Checkmarx

-Business Secure Continuity-
2024.03.20
——————————————————
#applicationsecurity #Cybersecurity‏
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_appsec-report-2024-activity-7176164532287881222-3vr0?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

15 Mar 2024 20:18

Tech book
Okta Administration Up and Running: Drive operational excellence with IAM solutions for on-premises and cloud apps 2023.


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.15

Читать полностью…

cissp

12 Mar 2024 13:08

Tech book
Hacker: Hack The System 2024.


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12

Читать полностью…

cissp

12 Mar 2024 12:51

Tech book
Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications. Fourth Edition 2024.


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12

Читать полностью…

cissp

08 Mar 2024 15:39

https://www.linkedin.com/posts/alirezaghahrood_ciso-as-a-service-activity-7171874176612327424--5s5?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

06 Mar 2024 08:13

Mental Models for Cyber Defense
- Part 1 of 3 -
Attack Surface Management is a PRIORITY:
https://JymCheong.hacklido.com/d/100-mental-models-for-cyber-defense-part-1-of-3-attack-surface-management-is-a-priority


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.06

https://www.linkedin.com/posts/alirezaghahrood_mental-models-for-cyber-defense-part-1-activity-7171039338699321346-pa6b?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

06 Mar 2024 08:12

Analytics
Threat Research
The 2024 Crypto Crime Report:
The latest trends in ransomware, scams, hacking and more Feb. 2024.

Special Thanks😍👍🏽😇🙏
Chainalysis


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.04

https://www.linkedin.com/posts/alirezaghahrood_crypto-crime-rep-2024-activity-7170278035965755392-gg5D?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

02 Mar 2024 09:33

#DiyakoSecureBow
————————————
SCADA Security
Mode Matters:
Monitoring PLCs for Detecting Potential ICS/OT Incidents 2024.

-Business Secure Continuity-
2024.03.02
——————————————————
#scada #operationaltechnology #otsecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_detecting-ics-incidents-2024-activity-7169610602670112769-dX0t?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

28 Feb 2024 23:31

Threat Research
Cutting Edge
Part 1 - Suspected APT Targets Ivanti Connect Secure VPN in New 0-Day Exploitation
https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day

Part 2 - Investigating Ivanti Connect Secure VPN 0-Day Exploitation
https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation

Part 3 - Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence


🎬:The Boy, the Mole, the Fox and the Horse


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.29

Читать полностью…

cissp

24 Feb 2024 09:07

Tech book
Modern Software Testing Techniques:
A Practical Guide for Developers and Testers 2024.


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.24

https://www.linkedin.com/posts/alirezaghahrood_ciso-as-a-service-activity-7167027883171799040-TQd8?utm_source=share&utm_medium=member_ios

Читать полностью…

cissp

23 Feb 2024 13:30

Why the Right Metrics Matter When it Comes to Vulnerability Management

How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working?

And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to communicate any risks to the rest of the business.
So how do you know what to focus on? Cyber hygiene, scan coverage, average time to fix, vulnerability severity, remediation rates, vulnerability exposure… the list is endless. Every tool on the market offers different metrics, so it can be hard to know what is important.

vulnerability management program, the progress you've made, so you can create audit-ready reports that:

•Prove your security posture
•Meet vulnerability remediation SLAs and benchmarks
•Help pass audits and compliance
•Demonstrate ROI on security tools
•Simplify risk analysis
•Prioritize resource allocation

Why you need to measure vulnerability management?


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.23

Читать полностью…

cissp

21 Feb 2024 12:50

Red Team Tactics
Attacking APIs
https://blog.devsecopsguides.com/attacking-apis

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.21

https://www.linkedin.com/posts/alirezaghahrood_red-team-tactics-attacking-apis-httpslnkdin-activity-7166036807938248705-j3U8?utm_source=share&utm_medium=member_ios

Читать полностью…
Subscribe to a channel