Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is the first half of an HTB machine named Cascade. HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve [β¦]
The post Hack the Box (HTB) machines walkthrough series β Cascade (Part 1) appeared first on Infosec Resources.
Introduction The global COVID-19 pandemic has forced individuals and organizations to adopt new ways of doing daily tasks, from working to learning. It has also accelerated the journey to the cloud for many organizations; for others, it has made them more reliant on the cloud. With that move comes a demand for professionals with cloud [β¦]
The post Microsoft Azure Certification: Overview And Career Path appeared first on Infosec Resources.
Introduction In modern networks, security is not an afterthought. You need to know how to build secure networks from the outset. Security has to be woven into the very fabric of the network.Β The 200-301 CCNA exam covers security fundamentals among a broad range of networking topics. This article describes what you need to know [β¦]
The post CCNA certification prep: Security fundamentals appeared first on Infosec Resources.
Introduction In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by AndrΓ© Henrique. Per the description given by the author, you must βHelp Morpheus to leave the Matrix and return to Zion.β To do so, we have to find and read two flags (user and [β¦]
The post ZION: 1.2 β VulnHub CTF walkthrough (part 1) appeared first on Infosec Resources.
Introduction It has been said that a picture is worth a thousand words. In the world of malware, a picture is worth an infection β in other words, a picture can actually be the malware (ransomware, specifically in this case) that initially infects the compromised machine. This malware is called Tycoon and it uses an [β¦]
The post Tycoon malware: What it is, how it works and how to prevent it | Malware spotlight appeared first on Infosec Resources.
Introduction to dark web phishing kits The internet is like an iceberg: there is a lot more to it than can be seen from the surface. In addition to the surface web (what can be accessed and indexed by search engines), there is the deep web (gated content on internet-connected computers) and the darknet or [β¦]
The post Cybercrime at scale: Dissecting a dark web phishing kit appeared first on Infosec Resources.
Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification [β¦]
The post Average CCNP salary 2020 appeared first on Infosec Resources.
What percentage of the exam focuses on network fundamentals? The network fundamentals section is 20% of the CCNA 200-301βs topics. Itβs neither the largest nor the smallest. The fact that the percentage increased from 15% in the previous version indicates that Cisco has emphasized the importance of having a strong base in this topic, on [β¦]
The post CCNA certification prep: Network fundamentals [updated 2020] appeared first on Infosec Resources.
Introduction In order to keep your AWS environment secure while allowing your users to properly utilize resources, you must ensure that users are correctly created with proper permissions. Also, you must monitor your environment to ensure that unauthorized access does not occur and accounts are up to date. User Account Creation and Management AWS IAM [β¦]
The post AWS User Management appeared first on Infosec Resources.
Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have [β¦]
The post Browser Forensics: Google Chrome appeared first on Infosec Resources.
Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have [β¦]
The post Browser Forensics: Firefox appeared first on Infosec Resources.
Introduction The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves your ability to install, configure, manage and support small- to medium-sized networks.Β A study by CompTIA found that 47% of SMBs see the IT skills gap growing. This IT skills gap is [β¦]
The post Average CCNA salary 2020 appeared first on Infosec Resources.
Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have [β¦]
The post Browser Forensics: IE 11 appeared first on Infosec Resources.
Introduction To understand Network Security, itβs imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and fundamentals to get started with Network Security.Β We cannot cover whole networking in a single post so we will be focusing only on core networking concepts needed for network [β¦]
The post Networking fundamentals (for Network security professionals) appeared first on Infosec Resources.
Introduction Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provided by wireless networks, we use wireless networks widely for connecting to the internet. We connect to the internet wirelessly either by router or using [β¦]
The post Wireless Networks and Security appeared first on Infosec Resources.
Introduction This article provides an overview of how printing functions work and how format strings are used to format the data being printed. Developers often use print functions for a variety of reasons such as displaying data to the users and printing debug messages. While these print functions appear to be innocent, they can cause [β¦]
The post Introduction to Printing and Format Strings appeared first on Infosec Resources.
Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how Format Strings can be used in an unusual way, which is a starting point to understanding Format String exploits. Next, we will understand what kind of mistakes [β¦]
The post Format String Vulnerabilities: Use and Definitions appeared first on Infosec Resources.
Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be exploited. In this article, we will begin by solving a simple challenge to leak a secret from memory. In the next article, we will discuss another example, where [β¦]
The post How to exploit Format String Vulnerabilities appeared first on Infosec Resources.
Copy-paste compromises: Introduction and overview Although the concept of copy-paste compromises is not exactly new, there are now several different forms of the attack. In the version of copy-paste compromise that weβll discuss today, malicious actors use open-source or publicly available exploit code, web shells and other tools to gain information. Recently, Australia has revealed [β¦]
The post Copy-paste compromises appeared first on Infosec Resources.
Introduction to Lockphish Phishing attacks are a common tactic for gaining initial access to a system. If an attacker can convince their target to hand over their login credentials or install and execute malware on their machine, this provides an attacker with a foothold that can be used to expand their access and achieve their [β¦]
The post Lockphish phishing attack: Capturing Android PINs & iPhone passcodes over https appeared first on Infosec Resources.
Fuzzing is a black-box software testing technique and consists of finding implementation flaws and bugs by using malformed/semi-malformed payloads via automation. Fuzzing an application is not a matter of simply exploiting a specific point of an application, but also acquiring knowledge and potential crashes that could be explored in-depth through the implementation of crafted payloads [β¦]
The post Fuzzing introduction: Definition, types and tools for cybersecurity pros appeared first on Infosec Resources.
Introduction: In the previous article of this series, we discussed how format string vulnerabilities can be exploited. This article provides a case study of how format string vulnerabilities can be used to exploit serious vulnerabilities such as Buffer Overflows. We will begin by understanding what stack canaries are and then we will exploit a Buffer [β¦]
The post Format String Vulnerabilities Exploitation Case Study appeared first on Infosec Resources.
Introduction: This article provides an overview of various techniques that can be used to mitigate Format String vulnerabilities. In addition to the mitigations that are offered by the compilers & operating systems, we will also discuss preventive measures that can be used while writing programs in languages susceptible to Format String vulnerabilities.Β Techniques to prevent [β¦]
The post How to mitigate Format String Vulnerabilities appeared first on Infosec Resources.
Introduction: IoT Manufacturers Favor Convenience over Security Because IoT security is still an afterthought, cybercriminals in general consider smart devices a βlow-hanging fruitβ β a target easy to compromise and manipulate. Security (and privacy) by design is key for IoT, and probably the only effective way for a smart gadget to protect its communications is [β¦]
The post IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications appeared first on Infosec Resources.
Introduction: Knowing the Notions Β Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc. This article will focus predominantly on the consumer Internet of Things (IoT) and how it relates to Operational Technology (OT). Operational Technology (OT) is a term that defines a specific category of [β¦]
The post IoT Security Fundamentals: IoT vs OT (Operational Technology) appeared first on Infosec Resources.
How public-key cryptography works Public-key or asymmetric cryptography is one of the two main types of encryption algorithms. Its names come from the fact that it uses two different encryption keys: a public one and a private one. Public and private keys The private key used in public-key cryptography is a random number with certain [β¦]
The post Public-Key Cryptography in Blockchain appeared first on Infosec Resources.
Introduction to hash functions Hash functions are one of the most extensively-used cryptographic algorithms in blockchain technology. They are cryptographic (but not encryption) algorithms that are designed to protect data integrity. In a nutshell, a hash algorithm is a mathematical function that transforms any input into a fixed size output. To be cryptographically secure β [β¦]
The post Hash Functions in Blockchain appeared first on Infosec Resources.