From tldrsec.com: tl;dr: This paper by academics from the University of Warwick and the University of Kent, UK, lays out a framework for how organizations should communicate after a security incident. The post has some very good flowcharts and diagrams to follow while navigating an incident. https://tldrsec.com/blog/a-framework-for-effective-corporate-communication-after-cyber-security-incidents/
Zachary Crocket over at The Hustle wrote a very good article about phoney-pressure scams where: A person is called out of the blue by a scammer Scammer asserts authority and immediately pressures the victim about some emergency Claims “bad stuff” will happen unless person stays on the phone Scammer pressures person into buying gift cards […]
USB sticks can have more than bad stuff on the flash portion of the drive, the firmware can be tweaked to emulate a keyboard as a Hardware Input Device (HID). Wonderhowto.com has a walkthrough showing how easy it is. Hackaday has a great explanation of why plugging random USB devices into your computer can lead […]
Via Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps: In this tutorial you’ll learn: Where to start when implementing a phishing awareness training program Which aspects of phishing warrant user training How to conduct phishing simulation tests What an ongoing training program looks like How to baseline and measure training […]
Full details at: https://www.kitploit.com/2017/12/ghostinthenet-ultimate-network.html How it works The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN. Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality. Patching of such […]
Some good tips here that I’ll be implementing in my own .vimrc: https://dougblack.io/words/a-good-vimrc.html
Because you don’t want to spread your real phone number all around the web all willy-nilly. https://www.raymond.cc/blog/top-10-sites-receive-sms-online-without-phone/
An excellent walk-through here on transforming your Android Phone into a Network Pentesting Device. I was debating switching to the iPhone 5, but maybe I’ll go for the next Google phone instead.
Jay Turla of the Infosec Institute introduces us to a bunch of free tools, utilities, and resources to set up a lab where we can practice our penetration testing and elite haxxor skills: You don’t need to pay a single penny in setting up a pentesting lab because there are a lot of vulnerable distros […]
I always figured it would work to simply push the individual wires into the “pinch” areas of a Cat 5 jack, allowing you to “patch in” to the cable without needing to clip it… and it works! Pics and story at: 7 Habits of Highly Effective Hackers: Passively Cable Tapping Cat5.