Offline Password Cracking: The Attack and the Best Defense Against It

Offline Password Cracking is an attempt to recover one or more passwords from a password storage file that has been recovered from a target system.  Typically, this would be the Security Account Manager (SAM) file on Windows, or the /etc/shadow file on Linux.  In most cases, Offline Password Cracking will require that an attacker has already attained administrator / root level privileges on the system to get to the storage mechanism. 

How to Protect Your Data with VeraCrypt

Today, encryption plays an important role in cybersecurity. It allows businesses to secure customers’ information, allows us to navigate the internet without the fear of anyone else eavesdropping, and allows remote employees to connect to the work network securely. However, even though encryption is crucial for protecting one’s data, not many average home users utilize encryption. Average home users should be encrypting their desktops, laptops, and mobile devices because encryption is the most useful technology for protecting one’s privacy. However, many people don’t know where to start; they are daunted by the technology. This blog will help you encrypt your drive using an open-source program called VeraCrypt.

Aviation Cybersecurity - Hacking Aircraft

This blog is an excerpt from the Atlantic Council report Aviation Cybersecurity - Finding Lift, Minimizing Drag by Pete Cooper. Alpine's Christian Espinosa, an expert on penetration testing and risk assessments of commercial aircraft, contributed to this report via an interview and panel discussion.

Review: EC-Council’s Licensed Penetration Tester (Master) Exam 2.0: The World’s First Proctored, Hands-On Pentesting Examination

The most significant difference with the new exam format is that it is proctored.  This means that you are being watched over your webcam for the entire period of the session.  Proctoring a five-day exam is impractical, so the exam was split into three six-hour sessions.  Each six-hour session consists of three individual “challenges”.  Each challenge involves recovering the contents of a secret file, but some challenges will require hacking more than one machine.  You enter the contents of the file into a web page and submit it when you are done with the session.  You must complete at least one challenge per session, and you must complete at least five out of the nine sessions to pass the exam.

The "Physical" Security of Cybersecurity

We get so focused on encryption, identity access management, secure data transmission, etc., that we forget we have a PHYSICAL security component to our craft.As a former police officer for 20 years, the holidays brought with it happy times/sad times. People would go shopping for gifts.  They would load up their cars, and make one more store stop… and return to their car emptied of their newly purchased gifts.  They were in such a hurry, they forgot to lock the doors on the car when they ran inside.  Upon return, the car is empty.  Now is the time that we all need to take pause, and take stock of our SITUATIONAL AWARENESS.  That doesn’t just mean in the cyber-realm, but in our daily lives.

How to Securely Manage Passwords

As cybersecurity professionals we know a “strong” password is, supposedly, one that is at least 8 characters long with a combination of upper case, lower case, numbers, and special characters.  But, as Bob Dylan said, the times they are a-changing. There is new movement in the industry to move away from this traditional password guidance to something more secure, user-centric, and friendly.

Why SMS Authentication Isn't Safe Anymore

The most common two-factor authentication method is a password and a time-based one-time password (TOTP), which can be sent to your phone via SMS.  So even if your password is compromised, the cybercriminals will need the second factor, a code sent to your phone, to log into your account.  However, using SMS for two-factor authentication is not considered safe anymore.  Why is it not safe anymore?  What should we use then?

Why Where You Get Your Cybersecurity Training Matters

Do you work in IT or cybersecurity and want to advance your career?  Are you required to hold certain certifications for your job?  It sounds like you need some certification training.  Finding the right training for your certification can help you achieve your goals, save time and money, and even put you on the fast track to promotions and pay raises.

Top 10 Considerations for Choosing a Penetration Testing Vendor

You cannot fix what you do not know. A penetration test strengthens your defenses by revealing your weaknesses and recommending prioritized fix actions.This article contains ten items you should consider when selecting an organization to perform a penetration test against your environment.

OSCP vs LPT (Master): A Comparison Made by a Cybersecurity Professional with Both Certifications

The OSCP certification is great for individuals with several years of experience in system administration, networking, or software development, who wish to learn “elite hacking skills.” The LPT (Master) is great for those who want to pursue penetration testing as a career and who are looking for a certification that demonstrates that they can complete a realistic penetration test simulation on their own.