Skip to content

Latest commit

 

History

History
145 lines (108 loc) · 13.2 KB

infosec.md

File metadata and controls

145 lines (108 loc) · 13.2 KB

drawing

infosec

1. Your USB Gadget Could Be Weaponized

Cybersecurity experts have been warning us for years about using USB devices. We look at how an ordinary USB-powered device can be easily weaponized.

2. How to Get a Reverse Shell on macOS Using A Flipper Zero as a BadUSB

Using a Flipper Zero as an ethical pentesting device to establish a reverse shell on a macOS computer.

3. What is URL Masking and How Does It Work?

Be careful of the latest engineering technique called "URL Masking", it's quite dangerous.

4. The Trouble with FIPS

FIPS 140 sets the standard for cryptography used in the United States, but it's got problems. Because of FIPS, we all have problems.

5. 5 Reasons Why We Dont Need To Worry About the SolarWinds Hack

There is quite a bit of consternation in the tech universe about the Solar Winds hack. Here are five reasons not to worry about the Solar Winds hack because these are much more important.

6. We Need to Talk About Nigeria and Cybersecurity

Keeping information secured and protecting the integrity of data over the internet is now becoming a huge and complex task, due to the increasing number of threats to the information security.

7. Artificial Intelligence is No Match for Natural Stupidity

A Lazy Introduction to AI for Infosec.

[8. CyberSec Games Part I:

Backdoors & Breaches](https://hackernoon.com/cybersec-games-part-i-backdoors-and-breaches-96393b0z) Backdoors & Breaches is an Incident Response Card Game that contains 52 unique cards to help you conduct incident response tabletop exercises and learn attack tactics, tools, and methods.

9. Mutual Human Authorization: A New Standard in Data Privacy

Mutual Human Authorization is a digital communication protocol that SharePass is pioneering to help address persistent data privacy and security gaps.

10. My SIM swap attack: How I almost lost $71K, and how to prevent it

11. MITRE ATT&CK & D3FEND Framework are Redefining Counter-efforts to Cyberattacks

Implement best security controls with Mitre ATT&CK & D3FEND frameworks Redefine your organizational security posture to withstand emerging and advance threats

12. How Security Operations is a Journey, Not a Destination: An Analyst’s Perspective

“No matter how strong a defense, a stronger offense will always shatter it.”— Byakuya Kuchiki

13. Using Macros and Emulation Voodoo to Solve a Crackme

This time I’m tackling this beautiful crackme, the third of the series. To solve this we will use radare2’s macros and unicorn emulation. Let’s jump right in!

14. A Tale of Two Cities: Economic vs Digital Democracy

More than new laws and fines, we need to reconsider data ownership as a whole and discover new structures that place control back into the hands of the people.

15. 'I Worked for Free to Get the Experience': Chris Ray, CISO & Security Researcher

Meet Chris Ray, CISO, Security Researcher, and HackerNoon Contributor.

16. On Making The Internet A Safer Space: Inti De Ceukelaire, Head Of Hackers At Intigriti

Intigriti co-founder, Inti De Ceukelaire, shares their origin story, what makes him excited about his job, and the technology he is currently excited about.

17. America's Digital Maginot Line

America's critical infrastructure appears to be protected by a Digital Maginot Line

18. I Have My Own AWS VPC, and Now You Can Too!

Let's see how a default VPC is configured in AWS, CIDR block, the associated subnets within it, routes, NACLs and Security Groups.

19. Inside a Hacker's Backpack: Gadgets, Tips, and Tricks for Hackers

Not ever hack job requires just a laptop and some software to gain privileges into a system. Sometimes, something extra is required to make the job very easy

20. 5 Best Browser Extensions For Protecting Your Privacy Online

It is essential for every internet user to comprehend the importance of browser security capabilities to assure they browse the internet safely. Protecting your browser might mean limited functionality of some web sites, but it’ll shield your most sensitive information as well.

21. Questions For The Most Controversial Hacker Of This Generation: Sabu

I believe strongly if we get answers to these questions from a source with gravitas, such as Sabu, we will understand how to navigate the future.

22. What is “Cyberbiosecurity?" and why we should stop using the term

The term cyberbiosecurity is rapidly making its way around the internet, academic, and government communities. If you want a silly analogy, you might say its spreading like an emerging infection through various host communities. Specifically, communities with no innate immunity to fight off the misinformation.

23. Introduction to the Zero Trust Security Architecture — a Concept, Not A Product

"Zero Trust" has been around for years. Now, I am writing to lay the fundamental concepts and introduce anyone who wants to bring Zero Trust into practice.

24. Why Educational Platforms are a Favorite Target Among Attackers?

Educational Institutes are easy prey for hackers to compromise and covertly launch Cyber Attacks/Malicious Campaigns under the hood, without divulging their real identity.

25. Who Should the CISO Report to?

Should the CEO be the sole decision-maker for a CISO's plans?

26. Why I Hire Non-IT Graduates in The Cybersecurity Field

Essential elements you should have and why I hire non-IT graduates.

27. Insider Threats Facing Government Organizations: 3 Tips for Mitigation

Verizon's Data Breach Investigation Report for 2022 (DBIR) was recently released and it has some good news and bad news when it comes to the risk of insider attacks. 

28. Viewing K8S Cluster Security from the Perspective of Attackers (Part 1)

Based on previous penetration testing experience, we have sorted out the possible security issues under the K8S cluster architecture.

29. I Could Crash Your Instagram Remotely. But I Chose to Report It.

On April 2019, I had the foolish idea of testing Facebook security (and more specifically Instagram security), after I got informed that the company enabled a new setting on their assets (called Whitehat Settings), making easier for researchers to discover new vulnerabilities (pinning was not a problem, I am just a bit lazy sometimes :P).

30. Why You Should Protect Your Cell Phone Number and How to Do It

With only your cell phone number hackers become you!

31. After scanning over a million apps — 3 things Mobile App Devs need to know about App Security

Hackers might not attack you. Bots will.

32. 10 things InfoSec Professionals Need to Know About Networking

So this story stems from the fact that I’ve plopped myself into the InfoSec world from App Development and from my Sec work I’ve really seen and understood that there is a need for a greater security understanding amongst devs, and the planet in general.

33. Understanding & Recognizing Different Cyber Threats: What to Look Out For

This article will dive into understanding & recognizing some cyber threats. It will not cover every example for each attack or every attack.

34. What devs need to know about Encoding / Encryption / Hashing / Salting / Stretching

This is a typical exchange about encryption with someone willing to learn.

35. Part 2: Developing Software Requirements, A Case Study

This is Part 2 of a 4 part series. Part 1: Why Software Requirements In The Real World Are Hard discusses the challenges of developing requirements and what good ones might look like. This post looks at the requirements development process and its outputs on a real-world project.