Understanding the Digital World, and Staying Safe on Cyberspace!
When teaching the OT Security 101 Workshop for Div0, one conundrum I had (and in general, for any introductory workshop) is how we can provide enough material for the faster peers amongst us, yet make sure the slower ones can catch up. We do this through the concept of the extra mile. This was first…
On Friday evening, I caught up with a fellow cybersecurity professional over dinner. Luckily none of us had to deal with the meltdown Crowdstrike had caused. But this caused much grief and frenetic hours for our IT administrators around the globe, who had to manually perform workarounds to recover affected Windows servers and clients. Being…
In April, it was reported that the eScan antivirus update mechanism was targetted by an APT group to distribute GuptiMiner malware. The malware itself is quite sophisticated, but what was baffling to me was the modality of said attack: delivery of the attack vector through HTTP. The “Lock” on the Browser If you had been…
While the ChatGPT hype might not be so fervent anymore, many of us have internalised ChatGPT’s capabilities into our everyday life. I tried to provide it ten different types of tasks, and have provided some commentary on how we “might” get ChatGPT to work better for us. (In this post we play with the free…
Several friends in different social circles had talked up the Quantic MBA since it was free. But I was a cybersecurity professional. Why did I need to read a MBA now? I decided to do it anyway, and I am glad to report I have survived. Why I Did It Perhaps the answer can be…
*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…
I have decided to share a post written by Naomi, a CISO, on her views on whether a cybersecurity career requires IT fundamentals. She summarises her position as follows: You don’t NEED to know networking, computer hardware, operating systems, databases, or anything deeply technical to start in cybersecurity. All you need is a high level…
A few weeks after I signed up for Cracking the Perimeter (CTP), CTP was retired. Some infosec friends thought I got the short end of the stick, because the course content had not changed in a long while. That is half-true; newer exploit development techniques are now in the while, and CTP only covers the…
I think the Pentester Academy site has covered the syllabus of the Certified Red Team Professional (CRTP) which is somewhat of a misnomer because today’s definition of red-teaming goes far beyond what this course covers: Active Directory penetration testing and defence techniques. Note that the attack methodology and tips given by the instructor, Nikhil Mittal,…
Students who are familiar with the PWK/OSCP understand that the field of penetration testing is broad, and at times, overwhelming because there is a lot to learn. Does the AWAE/OSWE come across as significantly less broad? Well, not exactly, because web applications are extremely diverse. Let us take the white box/black box approach to examine…
