Article: MONT расширил отдел экспертизы по информационной безопасности - cisoclub - published about 2 months ago.
Content: ... DevSecOps. Команда отдела ИБ-экспертизы MONT к началу 2024 года увеличилась на 40%. Сегодня в ней работают сертифицированные инженеры, которые ...
Copy Link: https://cisoclub.ru/mont-rasshiril-otdel-jekspertizy-po-informacionnoj-bezopasnosti/   
Published: 2024 03 12 18:16:07
Received: 2024 03 12 23:46:55
Feed: Google Alert - devsecops
Source: Google Alert
Category: News
Topic: DevSecOps

Article: DevSecOps - AWS Workshops - published about 2 months ago.
Content: DevSecOps Workshops. Tag: Amazon Bedrock cancel. Use Generative AI to build a DevSecOps Chatbot. Level: 300. checkmark Categories: GenAI, DevSecOps.
Copy Link: https://workshops.aws/categories/DevSecOps?tag=Amazon%20Bedrock   
Published: 2024 03 12 20:42:10
Received: 2024 03 12 23:46:54
Feed: Google Alert - devsecops
Source: Google Alert
Category: News
Topic: DevSecOps

Article: Patch Tuesday, March 2024 Edition - published about 2 months ago.
Content: Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent ...
Copy Link: https://krebsonsecurity.com/2024/03/patch-tuesday-march-2024-edition/   
Published: 2024 03 12 20:36:33
Received: 2024 03 12 23:22:36
Feed: Krebs on Security
Source: Krebs on Security
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Free Score Certificate

Article: Hacking Windows 95, part 1 - published over 10 years ago.
Content: During a CTF game, we came across very-very old systems. Turns out, it is not that easy to hack those dinosaur old systems, because modern tools like Metasploit do not have sploits for those old boxes and of course our "133t h4cking skillz" are useless without Metasploit... :) But I had an idea: This can be a pretty good small research for fun. The rules...
Copy Link: https://jumpespjump.blogspot.com/2014/02/hacking-windows-95-part-1.html   
Published: 2014 02 02 11:11:00
Received: 2024 03 12 23:22:36
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Attacking financial malware botnet panels - Zeus - published about 10 years ago.
Content: I played with leaked financial malware recently. When I saw these panels are written in PHP, my first idea was to hack them. The results are the work of one evening, please don't expect a full pentest report with all vulns found :-) The following report is based on Zeus 2.0.8.9, which is old, but I believe a lot of Zeus clones (and C&C panels) depend...
Copy Link: https://jumpespjump.blogspot.com/2014/02/attacking-financial-malware-botnet.html   
Published: 2014 02 14 10:09:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Stop using MD-5, now! - published about 10 years ago.
Content: TL;DR: Don't use MD-5 to identify malware samples. Believe me, it is a bad idea. Use SHA-256 or a stronger hash function. This post is dedicated to all malware researchers, still using MD-5 to identify malware samples. Before deep-diving into the details, let me explain my view on this topic. Whenever you want to identify a malware, it is only OK to p...
Copy Link: https://jumpespjump.blogspot.com/2014/03/stop-using-md-5-now.html   
Published: 2014 03 25 08:30:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Article: BYOPPP - Build your own privacy protection proxy - published about 10 years ago.
Content: I have read a blog post, where you can build your own privacy proxy server built on Raspberry PI. The post got me thinking about how I can use this to protect my privacy on my Android phone, and also get rid of those annoying ads.  Since I own a Samsung Galaxy S3 LTE with Android 4.3 (with a HW based Knox counter), rooting the phone now means you bre...
Copy Link: https://jumpespjump.blogspot.com/2014/04/byoppp-build-your-own-privacy.html   
Published: 2014 04 01 09:09:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: WiFi hacking on tablets - published about 10 years ago.
Content: Disclaimer: Don't hack anything where you don't have the authorization to do so. Stay legal. Ever since I bought my first Android device, I wanted to use the device for WEP cracking. Not because I need it, but I want it :) After some googling, I read that you can't use your WiFi chipset for packet injection, and I forgot the whole topic. After a while, I ...
Copy Link: https://jumpespjump.blogspot.com/2014/04/wifi-hacking-on-tablets.html   
Published: 2014 04 22 12:16:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: DSploit - published about 10 years ago.
Content: DSploit After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality. The DSploit AP...
Copy Link: https://jumpespjump.blogspot.com/2014/04/dsploit.html   
Published: 2014 04 29 21:56:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Hacking Windows 95, part 2 - published almost 10 years ago.
Content: In the Hacking Windows 95, part 1 blog post, we covered that through a nasty bug affecting Windows 95/98/ME, the share password can be guessed in no time. In this article, I'm going to try to use this vulnerability to achieve remote code execution (with the help of publicly available tools only). The first thing we can do when we have read access to the Wi...
Copy Link: https://jumpespjump.blogspot.com/2014/05/hacking-windows-95-part-2.html   
Published: 2014 05 23 15:29:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Attacking financial malware botnet panels - SpyEye - published over 9 years ago.
Content: This is the second blog post in the "Attacking financial malware botnet panels" series. After playing with Zeus, my attention turned to another old (and dead) botnet, SpyEye. From an ITSEC perspective, SpyEye shares a lot of vulnerabilities with Zeus.  The following report is based on SpyEye 1.3.45, which is old, and if we are lucky, the whole SpyEye bra...
Copy Link: https://jumpespjump.blogspot.com/2014/08/attacking-financial-malware-botnet.html   
Published: 2014 08 22 17:09:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Change passwords regularly - a myth and a lie, don't be fooled, part 1 - published over 9 years ago.
Content: TL;DR: different passwords have different protection requirements, and different attackers using various attacks can only be prevented through different prevention methods. Password security is not simple. For real advise, checking the second post (in progress). Are you sick of password advices like "change your password regularly" or "if your password is ...
Copy Link: https://jumpespjump.blogspot.com/2014/10/change-passwords-regularly-myth-and-lie.html   
Published: 2014 10 01 07:17:00
Received: 2024 03 12 23:22:34
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Article: Change passwords regularly - a myth and a lie, don't be fooled, part 2 - published over 9 years ago.
Content: In the previous blog post, I have covered the different passwords you have to protect, the attackers and attack methods. Now let's look at how we want to solve the issue. Password requirements So far we have learned we have to use long, complex, true random passwords. In theory, this is easy. Now, this is my password advice for 2014: Password chara...
Copy Link: https://jumpespjump.blogspot.com/2014/10/change-passwords-regularly-myth-and-lie_13.html   
Published: 2014 10 13 10:40:00
Received: 2024 03 12 23:22:34
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Bypass hardware firewalls - published over 9 years ago.
Content: This is just a collection of links about my DEF CON 22 presentation, and the two tools I released: Slides: http://www.slideshare.net/bz98/defcon-22-bypass-firewalls-application-white-lists-secure-remote-desktops-in-20-seconds Tools: https://github.com/MRGEffitas/Write-into-screen https://github.com/MRGEffitas/hwfwbypass Presentation video from Hacktivity:...
Copy Link: https://jumpespjump.blogspot.com/2014/11/bypass-hardware-firewalls.html   
Published: 2014 11 09 14:05:00
Received: 2024 03 12 23:22:34
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Hacking freemium games - the evolution of PC game cheating - published over 9 years ago.
Content: This post is going to be a rather strange post compared to previous ones. But bear with me, in the middle of the post you will see why this post fits the IT security topic. I'm also terribly sorry for not posting recently, but I was busy with my SPSE and SLAE certification. Both are recommended for Python and Assembly noobs like me. But back to this post...
Copy Link: https://jumpespjump.blogspot.com/2015/01/hacking-freemium-games-evolution-of-pc.html   
Published: 2015 01 14 19:47:00
Received: 2024 03 12 23:22:34
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Article: Many ways of malware persistence (that you were always afraid to ask) - published about 9 years ago.
Content: TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;) Are you into blue teaming? Have to find those pesky backdoors? This post is not that long, read it ;) In the previous post, I listed different ways how a Windows domain/forest can be backdoored. In this new post, I am digging a bit deeper, and list the most common/...
Copy Link: https://jumpespjump.blogspot.com/2015/05/many-ways-of-malware-persistence-that.html   
Published: 2015 05 05 06:32:00
Received: 2024 03 12 23:22:33
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Mythbusters: Is an open (unencrypted) WiFi more dangerous than a WPA2-PSK? Actually, it is not. - published almost 9 years ago.
Content: Introduction Whenever security professionals recommend the 5 most important IT security practices to average users, one of the items is usually something like: “Avoid using open Wifi” or “Always use VPN while using open WiFi” or “Avoid sensitive websites (e.g. online banking) while using open WiFI”, etc. What I think about this? It is bullshit. But le...
Copy Link: https://jumpespjump.blogspot.com/2015/07/mythbusters-is-open-unencrypted-wifi.html   
Published: 2015 07 23 13:59:00
Received: 2024 03 12 23:22:33
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: How to secure your home against "Internet of Things" and FUD - published over 8 years ago.
Content: TL;DR, most of the security news about IoT is full of FUD. Always put the risks in context - who can exploit this and what can the attacker do with it. Most story only covers the latter. Introduction There is rarely a day without news that another "Internet of Things" got hacked. "Smart" safes, "smart" rifles, "smart" cars, "smart" fridges, "smart" TVs,...
Copy Link: https://jumpespjump.blogspot.com/2015/08/how-to-secure-your-home-against.html   
Published: 2015 08 20 11:37:00
Received: 2024 03 12 23:22:33
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Article: How I hacked my IP camera, and found this backdoor account - published over 8 years ago.
Content: The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the most affordable among all others, my expectations regarding security was low. But this camera was still able to surprise me. Maybe I will disclose the camera model used in my hack in this blog later, but first, I will try to contact someone regarding these i...
Copy Link: https://jumpespjump.blogspot.com/2015/09/how-i-hacked-my-ip-camera-and-found.html   
Published: 2015 09 26 12:02:00
Received: 2024 03 12 23:22:33
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: One reason why InfoSec sucked in the past 20 years - the "security tips" myth - published almost 8 years ago.
Content: From time to time, I get disappointed how much effort and money is put into securing computers, networks, mobile phones, ... and yet in 2016 here we are, where not much has changed on the defensive side. There are many things I personally blame for this situation, and one of them is the security tips. The goal of these security tips is that if the averag...
Copy Link: https://jumpespjump.blogspot.com/2016/06/one-reason-why-infosec-sucked-in-past.html   
Published: 2016 06 11 12:56:00
Received: 2024 03 12 23:22:33
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Why (I believe) WADA was not hacked by the Russians - published over 7 years ago.
Content: Disclaimer: This is my personal opinion. I am not an expert in attribution. But as it turns out, not many people in the world are good at attribution. I know this post lacks real evidence and is mostly based on speculation. Let's start with the main facts we know about the WADA hack, in chronological order: 1. Some point in time (August - September 20...
Copy Link: https://jumpespjump.blogspot.com/2016/10/why-i-believe-wada-was-not-hacked-by.html   
Published: 2016 10 17 08:41:00
Received: 2024 03 12 23:22:33
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Assesment

Article: Recovering data from an old encrypted Time Machine backup - published almost 6 years ago.
Content: Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem. The problem 1. I had an encrypted Time Machine backup which was not used for months 2. This backup was not on an of...
Copy Link: https://jumpespjump.blogspot.com/2018/07/recovering-data-from-old-encrypted-time.html   
Published: 2018 07 21 13:42:00
Received: 2024 03 12 23:22:32
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: How to build a "burner device" for DEF CON in one easy step - published over 5 years ago.
Content: TL;DR: Don't build a burner device. Probably this is not the risk you are looking for. Introduction Every year before DEF CON people starts to give advice to attendees to bring "burner devices" to DEF CON. Some people also start to create long lists on how to build burner devices, especially laptops. But the deeper we look into the topic, the more confusi...
Copy Link: https://jumpespjump.blogspot.com/2018/08/how-to-build-burner-device-for-def-con.html   
Published: 2018 08 15 07:43:00
Received: 2024 03 12 23:22:32
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Article: Hacktivity 2018 badge - quick start guide for beginners - published over 4 years ago.
Content: You either landed on this blog post because  you are a huge fan of Hacktivity you bought this badge around a year ago you are just interested in hacker conference badge hacking.  or maybe all of the above. Whatever the reasons, this guide should be helpful for those who never had any real-life experience with these little gadgets.  But first things fi...
Copy Link: https://jumpespjump.blogspot.com/2019/09/hacktivity-2018-badge-quick-start-guide.html   
Published: 2019 09 19 08:56:00
Received: 2024 03 12 23:22:32
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: The RastaLabs experience - published over 4 years ago.
Content: Introduction It was 20 November, and I was just starting to wonder what I would do during the next month. I had already left my previous job, and the new one would only start in January. Playing with PS4 all month might sound fun for some people, but I knew I would get bored quickly. Even though I have some limited red teaming experience, I always fe...
Copy Link: https://jumpespjump.blogspot.com/2020/01/the-rastalabs-experience.html   
Published: 2020 01 16 14:54:00
Received: 2024 03 12 23:22:32
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security