Your Guardian in the Cyber World
In continuance of my research in cloud security, I picked up another book on Azure security. The book was Pentesting Azure Applications – The Definitive Guide to Testing and Securing Deployments by Matt Burrough. I got it as part of the Humble Book Bundle. It was published in July 2018 and was the only book […]
I have been researching cloud security off late. Recently, the book, Penetration Testing Azure for Ethical Hackers by David Okeyode , Karl Fosaaen, showed up on my Twitter feed. The book had good reviews so I decided to pick it up. It was published recently (at the time of writing), in November 2021 (another reason […]
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. A well designed Command and Control (C2) infrastructure is critical to the success of an adversary emulation exercise. During an engagement, established C2 sessions may get disconnected frequently. Whenever this happens, there might be a temptation to re-exploit the target […]
I recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the ‘Zero-Day Edition’ (along with this content, of course). Also, it was published recently (at […]
I recently came across this book, Container Security by Liz Rice, while searching for material to read on how to secure containerized applications. This was the only book I could find on the topic, so I picked it up without thinking further. It was published in April 2020. Content overview The book’s tagline, “Fundamental Technology […]
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. If you want to beat your adversaries, think like them. A common adage we have all heard. MITRE ATT&CK is just that. A framework to think like adversaries and beat them in their game. It is a culmination of […]
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. Adversary Emulation is a form of cybersecurity assessment. During this assessment assessors replicate a specific threat scenario. For example, assessors may assume the role of cyber criminals who want to exfiltrate customer data out of the organization. Another scenario could […]
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature: Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization. Initial Compromise […]
I recently came across this book, Web Application Security by Andrew Hoffman, while searching for material to read on how to secure web applications. There are many books available on this topic. I picked this one specifically because of it’s recent publication date. It was published in March 2020 (about 5 month back, at the […]
This is an ongoing post containing my notes on PoshC2 usage. What is PoshC2? PoshC2 is a command and control software. It is used to carry out post-exploitation tasks such as persistence, privilege escalation, lateral movements etc. during penetration testing and red teaming exercises. It supports Python3, PowerShell (v2 and v5), C# and C++. The […]
