CYBER SECURITY JOB CATEGORIES

High employer demand, fabulous salaries, great promotion prospects – what’s not to love about cyber security? According to data compiled by Burning Glass, postings for cyber security jobs grew 74% from 2007 to 2013 – 2x faster than other IT positions. Sure, it all sounds sexy, but any cyber security professional will tell you that…

HACKER HACKED INTO FINANCIAL DOMAIN

++++++++++++++++++++++++++++++++++++++++++++++++++++++ Kenya : Hackers steal Sh 30billion from Kenya’s financial institutions Team arrested at least 16 suspects including of a former police officer who is also touted as an IT guru, Insiders (KRA-Kenya Revenue Authority People) and a hacker who has been stealing money from local banks electronically in conjunction with a ring of other international…

TOP 10 SECURITY AND INTELLIGENCE STORIES OF 2016

When an Intrusion Happens, Speed Matters Here are the top stories on security & intelligence from 2016 ranked by ooda loop: #1: 10 Red Teaming Lessons Learned over 20 Years by Matt Devost #2: Best Security, Business, and Technology Books of 2016 by Matt Devost #3: The Red Teamers Top Ten Books by Mark Mateski #4:…

A BEAUTIFUL MANAGEMENT STORY

The Pregnant Deer In a forest, a pregnant deer is about to give birth. Pregnant Deer Scenario : She finds a remote grass field near a strong-flowing river. This seems a safe place. Suddenly labour pains begin. At the same moment, dark clouds gather around above & lightning starts a forest fire. She looks to…

SOME IMPORTANT LINKS

Sharing some references for study purposes   1: SANS Whitepapers: https://www.sans.org/reading-room/whitepapers/forensics/1906.php 2: CISSP Cookbook https://drive.google.com/open?id=0ByczHyAbM7lDT0ZmUVl1SDJ4R2s 3: C3 Cyber: www.slideshare.net/Deepakniit14/c3-11-sep 4: Slideshare resources: www.slideshare.net/Deepakniit14 5: Python: https://drive.google.com/open?id=0ByWO0aO1eI_MQzRhNXJocjgzczQ 6: Edward Snowden Data Breach: https://www.slideshare.net/Deepakniit14/edward-snowden-databreach 7: Cyber Security Career: https://www.slideshare.net/Deepakniit14/information-security-34067666 8: Some other resources: https://drive.google.com/open?id=0ByczHyAbM7lDNzR6RDV5MnhOWnM  9: Linux: https://drive.google.com/open?id=0ByWO0aO1eI_Mb3ltMFNMUVlXRjQ  10: Computer Forensic Glossary: https://drive.google.com/open?id=0ByczHyAbM7lDSFB4RUVFUU1TTVE 11: SQL Server Database Forensic BlackHat: https://www.blackhat.com/presentations/bh-usa-07/Fowler/…/bh-usa-07-fowler.pdf List will update continuously : Last updated 25 Feb 2017

CYBERCRIMINAL: MINDSET DRIVES BEHAVIOR

Quick Look: Psychology of an Eastern European Cyber-Criminal Sharing one riveting stuff regarding criminal mindset. The usual conversation about Eastern European cyber-criminals does not differentiate them from criminals in other regions or address how they perceive the world differently. This disconnect makes it difficult to bring wrongdoers to justice and leads to breach after breach. We…

BANGLADESH BANK HEIST 2016 🕵️

Updated on 10 Feb 2019 In 2016, it was determined North Korea was linked to the $81 million Bangladesh Cyber Heist. We first reported on this incident in May of that year and surmised it was a preventable attack. Our determination later proved correct as it turns out the institution knew they were unprepared but didn’t get…

GLOSSARY : COMPUTER & EMAIL FORENSICS

Note: The terms in this glossary may have other uses in other fields. The uses discussed here are for general use in computer science & email forensics. EMAIL FORENSICS :  https://d3pakblog.wordpress.com/2016/12/28/email-analysis-techniques/ Acquisition: The stage in a computer forensic investigation wherein the data involved is collected. Often the means used is a bit-by-bit copy of the…

CYBER SECURITY THREAT 2017

Thanks you ones again to all those who read this blog and keep up with me via Facebook LinkedIn and twitter, I’m grateful for our connection. Well in this article going to focus on Cyber Security threats. As we know Ransomwares, DDOS, Mobile malware, Underground Hacking, Insider Threat are the major trending threats in few last…

Why Experts get paid more?

This is a really nice story that I received in my email today. This story demonstrates why the experts need to be paid more for their services and how the power of knowledge is important. There are probably dozens of variations on this story, but I liked this one the most. A giant ship engine…

WAYS TO HACK OFFLINE

Is unplugging your Internet connection enough to hide from prying eyes? Certainly Not. Just because you’re offline doesn’t mean your computer or your Smartphone can’t be hacked. Chances are high that you are one of the owners of nearly 100,000 computers around the world in which the National Security Agency has implanted software that enables…

DFIR RESOURCES

Digital Forensics & Incident Response is a multidisciplinary profession that focuses on identifying, investigating, and remediating computer network exploitation. This can take varied forms and involves a wide variety of skills, kinds of attackers, kinds of targets. The forms and policies posted on this page are publicly available on the Internet and are good sources…

AWESOME THREAT INTELLIGENCE

A curated list of awesome Threat Intelligence resources A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. Sources Formats Frameworks Tools Research,…

INFO-SEC RELATED CHEAT SHEETS

PENETRATION TESTING CHEAT SHEETS Mobile Application Pentesting: https://www.peerlyst.com/posts/mobile-application-penetration-testing-cheat-sheet Nmap : https://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0/ Nmap (Not printable): https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/ Nmap 5(older version): https://nmapcookbook.blogspot.lu/2010/02/nmap-cheat-sheet.html Nmap 5 (older version, printable) http://www.cheat-sheets.org/saved-copy/Nmap5.cheatsheet.eng.v1.pdf   Java-Deserialization https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet Metasploit https://www.tunnelsup.com/metasploit-cheat-sheet/ Another Metasploit: http://resources.infosecinstitute.com/metasploit-cheat-sheet/ Powerupsql https://github.com/NetSPI/PowerUpSQL/wiki/PowerUpSQL-CheatSheet Scapy https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560# HTTP Status codes: http://suso.suso.org/docs/infosheets/HTTP_status_codes.gif Beacon https://github.com/HarmJ0y/CheatSheets/blob/master/Beacon.pdf Powershellempire https://github.com/HarmJ0y/CheatSheets/blob/master/Empire.pdf Powersploit https://github.com/HarmJ0y/CheatSheets/blob/master/PowerSploit.pdf PowerUp https://github.com/HarmJ0y/CheatSheets/blob/master/PowerUp.pdf PowerView https://github.com/HarmJ0y/CheatSheets/blob/master/PowerView.pdf Vim https://people.csail.mit.edu/vgod/vim/vim-cheat-sheet-en.pdf Attack Surface Analysis XSS Filter…

CHALLENGES IN MOBILE FORENSICS

One of the biggest forensic challenges when it comes to the mobile platform is the fact that data can be accessed, stored, and synchronized across multiple devices. As the data is volatile and can be quickly transformed or deleted remotely, more effort is required for the preservation of this data. Mobile forensics is different from…

The Vigilante Who Hacked Hacking Team

Read about ethics of hacking, what is important in the world for “Phineas Fisher” and the choices we make. Hacker who hacked ‘The Hacking team’ The hacker who stole reams of secret documents from the controversial surveillance company Hacking Team has come forward to explain how he did it and why. In a lengthy post…

SPYING ON ANDROID USERS

Who Is Spying On Android Users, Why Do They Do It And What Are They Doing With The Data?  If you’ve been following the news, you may already know about the many cases where companies, big and small, were caught spying on their users. It might appear that just about everyone making a phone or an…

NIPUN JASWAL, Apex

Today we are going to publish the second interview of the well known Ethical hacker or Mastering Metasploit , Security researcher and information security professional of India. Yeah, here we have Mr. Nipun Jaswal aka Apex with us. Who has wide experience in Information Security domain. He is the master of Metasploit and also published a…

CYBERCOP : Ramamohan Ukkalam, CID

एक दिलचस्प पुलिस अधिकारी राममोहन उक्कलम से मुलाक़ात पुलिस अधिकारी के नायक रूप को लेकर बहुत-सी कहानियाँ लिखी गयी हैं और बहुत-सी फिल्में बनी हैं, लेकिन सच में पुलिस विभाग को हीरो यदा कदा ही मिलते हैं। ऐसे ही एक हीरो इन दिनों तेलंगाना पुलिस में हैं, जिन्होंने अब तक लाखों बमों को नाकाम बनाया…

PHISHING : Tips & Examples

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. (WiKi) SOME EXAMPLES 10 TIPS TO PREVENT PHISHING ATTACKS Learn to Identify Suspected Phishing Emails There are some qualities that identify an…