Understanding the Digital World, and Staying Safe on Cyberspace!
I think the Pentester Academy site has covered the syllabus of the Certified Red Team Professional (CRTP) which is somewhat of a misnomer because today’s definition of red-teaming goes far beyond what this course covers: Active Directory penetration testing and defence techniques. Note that the attack methodology and tips given by the instructor, Nikhil Mittal,…
Students who are familiar with the PWK/OSCP understand that the field of penetration testing is broad, and at times, overwhelming because there is a lot to learn. Does the AWAE/OSWE come across as significantly less broad? Well, not exactly, because web applications are extremely diverse. Let us take the white box/black box approach to examine…
(Warning: A slightly long read. I have wanted to write about doctrine for the longest of times, but I decided to weave in some of my personal musings about other areas of cybersecurity as well, that are related to doctrine. The result is a long story.) Introduction: The Thought on Business A number of friends…
(This isn’t a cybersecurity blog post. This is just some thoughts of a patriotic citizen on National Day.) I remembered ever writing my thoughts when the late LKY passed away in 2015 in a post as part of being a socio-political writer. Those were times when, as a student, one could flirt with many different…
“Minimum 8 characters, minimum 1 upper case, 1 lower case, 1 number and 1 special character.” Sounds familiar? Yes, this is a fairly common password policy. Users found the shortest password that could meet these requirements, “P@ssw0rd” and used it so widely that one of the biggest data breaches in Singapore documented how the use…
Recently, I finished reading a book at the intersection of behavioural economics and psychology, and will be embarking on yet another book on behavioural economics. For someone who graduated from a hard science degree, I think this qualifies as “reading some fluff” to pass time. They make for interesting reads to suggest that humans are…
(If you have not read Part 2, please click here.) Let us now extend what we did in Parts 1 and 2 to more than one machine. After all, one machine teaches one set of skills; multiple machines can cover a range of skills. This, in effect, is building a cyber range. Before we jump…
(If you have not read Part 1, you should have a look at it here.) DISCLAIMER: If you would like to try the TORMENT machine and root it (this is currently pending Vulnhub publication), please download a copy of the machine here. Do NOT read beyond this disclaimer because this will be a full post…
Apologies for the delay; I have been away on a “pseudo-holiday”, or “service break” — I’ve been wanting to write something security-related this month, but found myself a little out of time. This series will be broken into three parts. Part 1: General Design Principles Part 2: Building a Machine (with an example) Part 3:…
It’s Total Defence Day in Singapore today. And for the first time in thirty-five years, there has been an update to the framework. Introduce Digital Defence. This was probably much called for, considering how the theatre of warfare has transcended physical space into the digital space. The subject of digital warfare is too complicated to…