As a Certified Member of (ISC)2, it’s necessary to accumulate and report Continuing Professional Education (CPE) credits during the three-year certification period. The sum of CPE credits earned in the three-year span must meet the minimum CPE credit requirement for the certification cycle One great way of earning CPE is via Hack the box challenges…. Continue reading
Post Category → General
FFUF vs DIRB vs GOBUSTER
We are going to use Wgel from tryhack me to test the Enumeration speeds of the three. We are going to use the same list We will use the list usr/share/dirb/wordlists/common.txt I copied this to common1.txt so as not to use the original Kept only the last 1000 word of this file using the following… Continue reading
Linux PrivEsc Methodology Mind Map
Privilege escalation in cybersecurity refers to the act of gaining unauthorized access to higher-level privileges on a computer system or network. It is a type of attack that occurs when an attacker gains access to a low-level account on a system and then uses that access to gain higher-level, root privileges. Many thanks to @conda… Continue reading
Windows PrivEsc Methodology Mind Map
Privilege escalation in cybersecurity refers to the act of gaining unauthorized access to higher-level privileges on a computer system or network. It is a type of attack that occurs when an attacker gains access to a low-level account on a system and then uses that access to gain higher-level, administrator privileges. Many thanks to @conda… Continue reading
Upgrading shell to an interactive TTY Shell
The command python -c ‘import pty; pty.spawn(“/bin/bash”)’ is a command that is used to spawn a new TTY (teletypewriter) shell using the pty module in Python. This command is useful in situations where you have compromised and got a shell on a target machine, but the shell is not interactive. In this case, using this… Continue reading
Navigating the Evolving Landscape of Cybersecurity
This past year (2022) has been a challenging one for cybersecurity, with data breaches and ransomware attacks continuing to be major issues. The IBM-Ponemon survey shows that the cost of a data breach remains in excess of $4 million per incident, and ransomware is a leading cause of these breaches. Not only do they result… Continue reading
Why ISA 62443 is Critical for Ensuring the Security of Industrial Control Systems
Operational Technology (OT) cyber security is a critical concern for industrial organizations, as more and more industrial systems and control networks are connected to the internet. To address this concern, the International Society of Automation (ISA) developed ISA 62443, a set of standards for the secure design, implementation, and maintenance of industrial control systems. In… Continue reading
Lessons Learned from the Top OT Cyber Security Breaches of the Past
Operational Technology (OT) cyber security breaches have become increasingly common in recent years, as more and more industrial systems and control networks are connected to the internet. These breaches can have serious consequences, including loss of production, equipment damage, and even physical harm to personnel. In this blog post, we will discuss some of the… Continue reading
OWASP Top 10 – 2021
OWASP Top 10 – 2021 is the latest version of the OWASP Top 10 list of the most critical web application security risks. It was released in 2021 and includes the following risks: It’s important to note that the OWASP Top 10 – 2021 list is not exhaustive, but it’s a good starting point to… Continue reading
CISSP Certification Tips
Earning the Certified Information Systems Security Professional (CISSP) certification is no easy feat. It is widely considered one of the toughest exams in the cyber security industry. But with the right approach and resources, it is possible to pass the CISSP exam in just two months of study. I know, because I did it. When… Continue reading
MobSF – Mobile Security Framework
Mobile Security Framework (MobSF) is an open-source, all-in-one mobile application (Android/iOS) pen-testing platform. It can be used for static, dynamic analysis and web API testing of mobile applications. It supports both binary and source code analysis and can be used to perform a variety of tasks including: MobSF has a web-based user interface that allows… Continue reading
Darknet Diaries – Podcast
Darknet Diaries is a podcast that explores true stories from the dark side of the internet, including tales of hacking, data breaches, and cybercrime. The podcast is hosted by Jack Rhysider, a security researcher and journalist who investigates and shares stories about the world of cybercrime and the people who operate within it. Each episode… Continue reading