Critical Security Controls: Part 0 - Introduction

Everyone knows that they need to improve the current state of their cybersecurity measures, but to many people this task is a daunting one.  “Where do I start?  What should I focus on first? What security measures will have the greatest impact on the security of my computer systems and network?” Don’t worry, the Center for Internet Security can answer all these questions, and help guide you to a more secure infrastructure. 

Cybersecurity Threats to Flying Taxis

Flying taxis are soon to become reality. Dubai started testing taxi drones last year. The Volocopter is supposed to provide transportation for two passengers for up to 30-minute trips. The Volocopter and other flying taxis are supposed to publicly launch within five years. What are the cybersecurity risks associated with autonomous flying vehicles?

To Cert or Not Cert

Since entering the IT field later in my career-life, I noticed an on-going debate amongst cybersecurity professionals: to cert or not to cert. There seems to be those (like myself) that push the obtainment of a certificate(s). On the flip side, there are those that tend to lump certificates into the “not-needed” category. Mostly, the argument is “learn it yourself”. This is especially true among “hackers”. I say “hackers” because the term hacker is actually a misnomer, and can be its own topic. The bigger picture considers whether a certificate outweighs a degree program.

Empire: A PowerShell Post-Exploitation Tool

This blog will demonstrate how to download Empire, a PowerShell post-exploitation tool, in Kali Linux, create a script, make a connection back to your machine from the victim machine without Windows Defender blocking it, elevate privileges, and extract password hashes using Mimikatz. It is a versatile and useful tool that every penetration tester should have in their arsenal.

What Is This Internet of Things?

The IoT, as it is called, is a growing part of our lives and is something we all need to be aware of. Just last year (2017) there were reportedly 20 billion connected devices all around us. Every year, the number of IoT devices is rapidly growing. Although IoT devices make our lives easier, these devices are not safe from cyberattacks. 

Offline Password Cracking: The Attack and the Best Defense Against It

Offline Password Cracking is an attempt to recover one or more passwords from a password storage file that has been recovered from a target system.  Typically, this would be the Security Account Manager (SAM) file on Windows, or the /etc/shadow file on Linux.  In most cases, Offline Password Cracking will require that an attacker has already attained administrator / root level privileges on the system to get to the storage mechanism. 

How to Protect Your Data with VeraCrypt

Today, encryption plays an important role in cybersecurity. It allows businesses to secure customers’ information, allows us to navigate the internet without the fear of anyone else eavesdropping, and allows remote employees to connect to the work network securely. However, even though encryption is crucial for protecting one’s data, not many average home users utilize encryption. Average home users should be encrypting their desktops, laptops, and mobile devices because encryption is the most useful technology for protecting one’s privacy. However, many people don’t know where to start; they are daunted by the technology. This blog will help you encrypt your drive using an open-source program called VeraCrypt.

Aviation Cybersecurity - Hacking Aircraft

This blog is an excerpt from the Atlantic Council report Aviation Cybersecurity - Finding Lift, Minimizing Drag by Pete Cooper. Alpine's Christian Espinosa, an expert on penetration testing and risk assessments of commercial aircraft, contributed to this report via an interview and panel discussion.

Review: EC-Council’s Licensed Penetration Tester (Master) Exam 2.0: The World’s First Proctored, Hands-On Pentesting Examination

The most significant difference with the new exam format is that it is proctored.  This means that you are being watched over your webcam for the entire period of the session.  Proctoring a five-day exam is impractical, so the exam was split into three six-hour sessions.  Each six-hour session consists of three individual “challenges”.  Each challenge involves recovering the contents of a secret file, but some challenges will require hacking more than one machine.  You enter the contents of the file into a web page and submit it when you are done with the session.  You must complete at least one challenge per session, and you must complete at least five out of the nine sessions to pass the exam.