A part of my work involves working with Cyber Threat Intelligence (CTI) so I wanted to brush up my CTI knowledge and learn new concepts (maybe!). I picked up Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón (published in October 2020 by Packt Publishing Limited). This book has been on my reading list […]
Book Review: Practical Threat Intelligence and Data-Driven Threat Hunting
Book Review: Hacking API
After taking some time to finish my eLearnSecurity Certified Reverse Engineer certification, I decided to pick up another book. This time I chose API security as the topic and went for Hacking APIs: Breaking Web Application Programming Interfaces by Corey Ball. It was published in April 2022 by No Starch Press. Content Overview This book […]
Book Review: Pentesting Azure Applications
In continuance of my research in cloud security, I picked up another book on Azure security. The book was Pentesting Azure Applications – The Definitive Guide to Testing and Securing Deployments by Matt Burrough. I got it as part of the Humble Book Bundle. It was published in July 2018 and was the only book […]
Book Review: Penetration Testing Azure for Ethical Hackers
I have been researching cloud security off late. Recently, the book, Penetration Testing Azure for Ethical Hackers by David Okeyode , Karl Fosaaen, showed up on my Twitter feed. The book had good reviews so I decided to pick it up. It was published recently (at the time of writing), in November 2021 (another reason […]
The Three Command and Control Tiers
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. A well designed Command and Control (C2) infrastructure is critical to the success of an adversary emulation exercise. During an engagement, established C2 sessions may get disconnected frequently. Whenever this happens, there might be a temptation to re-exploit the target […]
Book Review: Red Team Development and Operations by Joe Vest and James Tubberville
I recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the ‘Zero-Day Edition’ (along with this content, of course). Also, it was published recently (at […]
Book Review: Container Security by Liz Rice
I recently came across this book, Container Security by Liz Rice, while searching for material to read on how to secure containerized applications. This was the only book I could find on the topic, so I picked it up without thinking further. It was published in April 2020. Content overview The book’s tagline, “Fundamental Technology […]
Introduction to MITRE ATT&CK Framework
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. If you want to beat your adversaries, think like them. A common adage we have all heard. MITRE ATT&CK is just that. A framework to think like adversaries and beat them in their game. It is a culmination of […]
What is Adversary Emulation?
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. Adversary Emulation is a form of cybersecurity assessment. During this assessment assessors replicate a specific threat scenario. For example, assessors may assume the role of cyber criminals who want to exfiltrate customer data out of the organization. Another scenario could […]
Red Team Operations Attack Lifecycle
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature: Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization. Initial Compromise […]
- 1
- 2
- 3
- …
- 8
- Next Page »
