I provide live instructor-led cyber defense training. The outline of the course is detailed below. Contact me for more information or to schedule a training. I. IntroductionA. Importance of online securityB. Overview of the training topics II. Understanding the BasicsA. Online threats and common attack vectorsB. Personal data and its Read more
nd threats within an application, system, or network. It involves systematically analyzing the architecture, components, and data flows to understand how attackers might exploit weaknesses. Threat Modeling in Penetration Testing 1. Scope Definition: 2. Gather Information: 3. Identify Assets and Data Flows: 4. Decompose the System: 5. Identify Threats: 6. Read more
Eternal Blue, a powerful hacking tool developed by the National Security Agency (NSA), has made headlines over the past few years for its involvement in some of the most destructive cyber attacks in history. The leaking of this sophisticated cyber weapon to Russia and its subsequent release by the mysterious Read more
Kerberoasting is a popular attack technique used by cybercriminals to exploit the Kerberos protocol in Windows Active Directory environments. This blog post will discuss the inception of kerberosting, its impact on Active Directory environments, and the steps penetration testers take to use this technique in their assessments. We’ll delve into Read more
The curl command is a versatile and powerful tool that allows users to transfer data to and from a server using various network protocols such as HTTP, HTTPS, FTP, and more. It is widely used by developers, system administrators, and even casual users for tasks ranging from testing APIs to Read more
eb requests are the backbone of the internet. Whether you’re browsing a website or making an API call, every interaction with a web application involves sending and receiving web requests. In this post, we will explore the basics of how web requests work. What is a web request? A web Read more
duals and organizations to exploit for financial gain or to steal sensitive data. As an individual, it’s important to take measures to protect yourself from these online threats. In this blog post, we will discuss some of the steps you can take to stay secure online and avoid hackers. Strong Read more
DOM-based cross-site scripting (XSS) is a type of web vulnerability that allows an attacker to inject malicious code into a web page. The code is then executed by the browser, allowing the attacker to steal sensitive information, modify the content of the page, or redirect the user to a malicious Read more
An IDS (intrusion detection system) and an IPS (intrusion prevention system) are both security technologies that are used to protect computer networks from attacks. The main difference between the two is the way they respond to potential security threats. An IDS is a passive security system that monitors network traffic Read more
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap.org This tool can be used to to obtain a network inventory, determine what ports are open on a host, what services are running on ports, the version of those services, operating system Read more