CERT-In को भारतीय साइबरस्पेस के संरक्षक के रूप में सोचें। उनका मिशन भारतीय सूचना प्रौद्योगिकी बुनियादी ढांचे में साइबर हमलों को रोकना और उनसे निपटना है। इसमें सरकारी, सार्वजनिक और निजी संस्थाओं से संबंधित बुनियादी ढाँचा शामिल है। वे विभिन्न जटिलताओं के साइबर खतरों का मुकाबला करते हुए, सरकारी और अन्य छुट्टियों के दौरान भी […]
CERT-In: The first responders of the Indian cyberspace
Think of CERT-In as the guardians of the Indian cyberspace. Their mission is to prevent and deal with cyber attacks across the Indian information technology infrastructure. This includes infrastructure belonging to Government, Public and Private entities. They are operational 24 hours, even during government and other holidays, combating cyber threats of different complexities. The Indian […]
Book Review: Pentesting Azure Applications
In continuance of my research in cloud security, I picked up another book on Azure security. The book was Pentesting Azure Applications – The Definitive Guide to Testing and Securing Deployments by Matt Burrough. I got it as part of the Humble Book Bundle. It was published in July 2018 and was the only book […]
Book Review: Penetration Testing Azure for Ethical Hackers
I have been researching cloud security off late. Recently, the book, Penetration Testing Azure for Ethical Hackers by David Okeyode , Karl Fosaaen, showed up on my Twitter feed. The book had good reviews so I decided to pick it up. It was published recently (at the time of writing), in November 2021 (another reason […]
The Three Command and Control Tiers
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. A well designed Command and Control (C2) infrastructure is critical to the success of an adversary emulation exercise. During an engagement, established C2 sessions may get disconnected frequently. Whenever this happens, there might be a temptation to re-exploit the target […]
Book Review: Red Team Development and Operations by Joe Vest and James Tubberville
I recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the ‘Zero-Day Edition’ (along with this content, of course). Also, it was published recently (at […]
Book Review: Container Security by Liz Rice
I recently came across this book, Container Security by Liz Rice, while searching for material to read on how to secure containerized applications. This was the only book I could find on the topic, so I picked it up without thinking further. It was published in April 2020. Content overview The book’s tagline, “Fundamental Technology […]
Introduction to MITRE ATT&CK Framework
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. If you want to beat your adversaries, think like them. A common adage we have all heard. MITRE ATT&CK is just that. A framework to think like adversaries and beat them in their game. It is a culmination of […]
What is Adversary Emulation?
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. Adversary Emulation is a form of cybersecurity assessment. During this assessment assessors replicate a specific threat scenario. For example, assessors may assume the role of cyber criminals who want to exfiltrate customer data out of the organization. Another scenario could […]
Red Team Operations Attack Lifecycle
This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature: Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization. Initial Compromise […]
- 1
- 2
- 3
- …
- 7
- Next Page »