Introduction tutorials for binching?
Crypto Sheriff for Rescue
www.nomoreransom.org to be tested when…, ehm if….
Cyber Security Vids – Salted Hash
CSO Online makes trivial cyber security heads-up videos, and some are quite Nice actually.
NIST Cyber Security Framework 1.1
A new version of CSF is out with a few changes [NIST andĀ csoonline]:
- better correlation of cybersecurity risk management metrics to organizational objectives
- supply chain cyber risk
- vulnerability disclosures
- refined authentication, identification and authorisation
- Internet of Things (IoT) in addition to critical infrastructure
- self-assessing cyber security
- removed Federal Alignment
Account Recovery
Ways to request access or recover data from a platform, identity and access service or social media. The best you can do is to prepare for it to be lost, establish recovery e-mail, sms, friends/family members recovery accounts etc.
Secunia PSI is dead
They say it will be discontinued in April. It’s rather sad, liked the initiative and how it made it simple to the ordinary IT user to update apps. Look for SUMo (Software Update Monitor), uCheck and more here for a replacement.
PSnmap
Portscanning done “silently” using powershell does not require administrative privileges, thus being a tool where nmap (or similar tools) is no option (due to time and/or authorisation constraints).
The PSnmap tool utilise Powershell capabilities in its module for port scanning.
- Download package fromĀ Poweshelladmin
- Install module
Install-Module -Name PSnmap -Scope CurrentUser
- Check if module is installed
Get-Module -ListAvailable
- Set Execution Policy
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
- Import module
Import-Module -Name PSnmap
- Run scans, e.g.:
PSnmap -Cn 192.168.1.1 -ThrottleLimit 5 -Timeout 5 -PortConnectTimeoutMs 5 -Verbose > test.txt
To scan more stealth, adjust throttle limit (HIDS may detect resource intensive processes), and timeout values. See full list here.
Cyber Threat Awareness for CxOs
Information is Beautifull still propagate their “World’s Biggest Data Breaches” map. A great way to show why cyber security is important in means of both protection and detection. The worst are probably not even in this map…
The Self-Healing Double Ratchet Algorithm
If you are looking into perfect forward secrecy (e.g., a compromised key for one message does not compromise all past messages) in exchange encrypted messages you should check out Double Ratchet Algorithm.
You can use Qualys to check if your site needs it.
IoT is taking over
People, and manufacturers apparently, does not care how their gadgets are secured. So makes a DDoS.
Check out how Mirai was used to exploit some Chinese DVRs and cameras.