feed2list
feed2list will stop its service on 2019-01-01
Search and browse in Computer · Security
   search hits: 33
website The Ethical Hacker Network
Free Online Magazine and Community for Security Professionals

Register Now to See the SOC of Tomorrow and How to Survive It!

Peter Schawacker whips SOCs into shape with Security Automation and Orchestration (SOAR), SIEM Analytics, Big Data, Vulnerability Management and a healthy amount of AI for Deloitte customers. He'll show you the evolution of the SOC and the skills you need to stay relevant during this career saving presentation for Blue Team members in this FREE EH-Net Live! webinar on Thursday November 29, 2018 at 1:00 PM US Eastern. Join us live and you might just get hired by Deloitte!

The post Webinar: The Bots Are Coming! A Blue Teamer Survival Guide on Nov 29 2018 appeared first on The Ethical Hacker Network.


EH-Net - Daw - Ease Me Into Cryptography Part 2: Symmetric Ciphers - Symmetric CyphersIn the first article in this series on the basics of crypto, "Ease Me Into Cryptography Part 1: Buzzwords and Hash Function", we learned some lingo and talked about the different aspects of hash functions. Remember that hash functions are one-way — we cannot reverse them algorithmically. We talked about why this is useful, however let’s get to something that we can encrypt AND decrypt. In cryptography, we call these ciphers. Just like in the last section, and in true "Explain Like I’m Five" fashion, let’s break this down. What is a cipher? What are symmetric ciphers? How are they useful? Are there any weaknesses?

The post Ease Me Into Cryptography Part 2: Symmetric Ciphers appeared first on The Ethical Hacker Network.


text Travel Hacking for the Successful InfoSec Pro
Mon, 05 Nov 2018 18:40:43 +0000

EH-Net - Kron - Travel Hacking for the Successful InfoSec Pro - Digital AirplaneSo, you want to be a road warrior? Maybe your job has morphed into something where travel is now part of the fun. Or maybe travel is required to reach that InfoSec rock star status you've always desired. Either way I want to share some of the tips and tricks I have learned during my stints traveling for a living in the hope that some travel hacking will make things a little easier for you. First off, let me offer a sincere, "Welcome to the club"! In no time at all, you too will have the 1000-yard stare and be able to tell the difference between an Airbus A319 and an Airbus A319EOW by the number of life rafts and vests. This is an invaluable skill which you can use to impress family and friends at the next holiday gathering.

I’ve had a couple of different road warrior jobs. Both have involved flying often. In my first travel job, I was a field service engineer fixing cancer diagnostics equipment in hospitals and labs across the western United States. That job was pre-911 and involved flying to a different city every day, while usually only finding out my destination while driving to the airport. My second real road warrior job is the one I am in now as the Security Awareness Advocate for KnowBe4. In this role, I get to travel all over the United States to speak and work at cybersecurity conferences and similar events. While I typically only stay for a day or two at a time, this still involves a lot of travel especially at peak times of the year.

Now don’t get me wrong. I love what I do. The fact that I have numerous speaking engagements, have been repeatedly chosen to represent my employers and have done more articles and webinars than I can count, makes me proud. My successes in the InfoSec industry have allowed me to rise in my chosen career, given me a pretty decent personal brand and provides nicely for my family. However, getting there as well as staying there often comes with the unavoidable baggage (pun intended). And with multiple traveling jobs and years of experience, I’ve learned to spot certain patterns as well as where the ‘system’ is vulnerable. Here’s just a few items to get you through the airports, hotels and beyond.

The post Travel Hacking for the Successful InfoSec Pro appeared first on The Ethical Hacker Network.


EH-Net Live! Oct 2018 - Hacking Blockchain for Investigating Cryptocurrenices - Video GraphicVideo and Slide Deck from EH-Net Live! Oct 2018

Follow the money. Be it business, politics or crime, this is a common method of trying to find out who's involved and their motivations. In the world of cyber crime, bad actors use cryptocurrencies for the innate security of the blockchain and the supposed anonymity that comes with it. But as with any investigation, if you look hard enough, there's always breadcrumbs left behind. Somehow, someway, there's always a paper/electronic trail back to a human in the real world. Join Nick Furneaux, author of "Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence", for an eye-opening presentation with live demos on how to break through the wall and get to the data your investigation needs.

Use Code: Cry20 for a 20% discount on Nick's book on Wiley's site. Code expires on December 31, 2019.

The post Video: Blockchain Hacking for Investigating Cryptocurrencies appeared first on The Ethical Hacker Network.


EH-Net - Los - Evaluation Stage 1 - Definition of the ProblemI need a better pen.

That statement may mean something dramatically different depending on who just said the words. In some cases, like with me, it means I want more consistent ink and a body that fits comfortably in my hand for longer periods of time. To you that may mean something different.

In the introductory article of this series, "The Evaluation – Four Phases to Finding "Better" Solutions", the foundation was laid with general descriptions of the four phases. This month's entry goes a little deeper into Stage 1, the definition of the problem to be solved. The word "definition" itself means the condition of being definite, distinct, or clearly outlined1. I couldn't have said it better myself.

The post The Evaluation: Stage 1 – Definition of the Problem to be Solved appeared first on The Ethical Hacker Network.


EH-Net - Brown - Maintaining a Pulse: Ransomware in the Healthcare SectorIt seems in media today, the rise of ransomware has plateaued and remained painstakingly prevalent , targeting the most critical of data. Committed through financially motivated efforts, these organizations still wake to the sorrowful sound of their assets being hijacked and held for ransom. So, while new threats such as crypto miner botnets and third-party application exploits drown our feeds, why are we suddenly desensitized to ransomware?

Well, for one, we’re not. Just because ransomware is no longer the flavor of the month in the media and in turn reported less, this doesn’t mean that ransomware is any less prevalent. Small and medium sized organizations are still very active on this front, as they serve to face the threat regularly. In exploring one specific industry as an example, these extortion methods are increasingly aimed towards, is the healthcare sector. A sector that, ridden with legacy systems, an exploding IoT environment, and a few portals for business partners, customers, and employees alike, has enough security projects on their plate. This leaves the time dedicated to ransomware at a general reactive level with only a few occurrences of runbooks and response plans to save the day.

The post Maintaining a Pulse: Ransomware in the Healthcare Sector appeared first on The Ethical Hacker Network.


EH-Net - Education Hacking to Achieve an HR Filter Bypass - Matrix Graduation CapNothing seems to be more deflating to many IT professionals than dropping resumes and hearing nothing but silence. To be shot down even before an initial conversation with an employer stings, especially if due to their HR filters weeding out ‘unqualified’ individuals before they’ve even garnered a look. There are numerous red flags that corporate recruiters quickly home in on when paring down a stack of resumes such as a lack of time in the industry, little if any directly relevant experience for a position, or that a person seems to frequently jump from job to job. All of those are valid. However, one glaring item usually stands out as a disqualifying issue faster than the rest, and it’s one that seems to affect a large number of senior people in technology – the lack of a college degree. In this article, I’ll highlight a little of my past and present to show where I’ve come from and where I’m going. I’ll look at how I just accomplished what I like to call ‘Education Hacking’.

The post Education Hacking to Achieve an HR Filter Bypass appeared first on The Ethical Hacker Network.


Register Now to Learn Blockchain Hacking Step-by-Step!

Nick Furneaux, forensics trainer, investigator & author of "Investigating Cryptocurrencies" takes you through a journey of code and tools to unpick the movement of illegal funds through the blockchain during this fascinating, FREE EH-Net Live! webinar on Wednesday October 24, 2018 at 1:00 PM US Eastern. Join us live to learn how to win free copies of his book!

The post Webinar: Blockchain Hacking for Investigating Cryptocurrencies on Oct 24 2018 appeared first on The Ethical Hacker Network.


Video and Slide DeckEH-Net Live! - Basics of IoT Hacking - Watch Full Webinar from EH-Net Live! Sept 2018

IoT is not only a hot buzzword, but the sheer number of devices shows that it’s living up to the hype. The benefits can be a game changer for any organization. But at the pace with which the technology is being adopted, we as security professionals know all too well what happens when speed to market is the highest priority. As Trinity said, "You have been down there, Neo. You know that road. You know exactly where it ends. And I know that's not where you want to be." On the other hand, this gives us a huge opportunity in the field of IoT security research and bug hunting.

IoT devices are beautiful not only because of their capabilities in such a small package, but also because they are a wonderful merging of several technologies. But with each new added feature, the attack surface gets that much bigger. And anywhere there’s a way in for an attacker, there’s also a paying gig for a security professional… before, during and after a product is released.

Join the experts from Independent Security Evaluators (ISE), the people that bring you IoT Village at DEF CON, DerbyCon, RSA and many others, as they guide you through the inner workings of this great field of ethical hacking with a live demo, discussing career paths, and additional resources to keep you educated in this rapidly changing industry. From those in the maker movement to InfoSec professionals, IoT hacking isn’t just a fun skill, but a lucrative one!

The post Video: Basics of IoT Hacking for the Career Pen Tester appeared first on The Ethical Hacker Network.


text DoD RMF Part 1: How We Got to the RMF
Mon, 01 Oct 2018 13:26:25 +0000

Over the next few weeks, I plan to post about the RMF process.  This will piggy back on and expand upon the article: My Experience with the DoD Version of the RMF. A little background on how the DoD got to the RMF.  For those that have been around a while, it started with the Rainbow series of publications, most […]

The post DoD RMF Part 1: How We Got to the RMF appeared first on The Ethical Hacker Network.


EH-Net - Johnson - Container Security Part 3 – Kubernetes Cheat SheetDuring the first two articles of this series, we went from some initial research as a "Quick Dive into Containers, Kubernetes and Security" to a more detailed look at the first steps of actual implementation in "Container Security Part 2 – Benchmarks to the Rescue". While that mostly covered Docker, my obvious next step was to tackle Kubernetes. This led to not only a much deeper dive but also to the inevitable glut of information. To make it easier for me, I created a cheat sheet of commands for use in Kubernetes. As my intention was always to share my findings, this ended up being a great companion piece to tag along with my talk at BSides Toronto 2018 titled "Kubernetes - Security you need to know about it".

The bulk of this article is the Cheat Sheet itself. But before we get to it, let me give a little background and credit. This is a personal cheat sheet I have made while going through the Learn Kubernetes Basics tutorials, and specifically, "Using Minikube to Create a Cluster". I used the interactive tutorial, and copied the commands to a cluster in my ESXI server. This cheat sheet does not go through setting up an environment that runs Kubernetes and Docker. This assumes Docker and Minikube are installed. For a non-interactive tutorial follow Hello Minikube.

And now on with the show…

The post Container Security Part 3 – Kubernetes Cheat Sheet appeared first on The Ethical Hacker Network.


EH-Net - Daw - Ease Me Into Cryptography Part 1 - 1 Bite at a TimeYou know what it’s like being in security, and someone asks you what you do. Now imagine the responses when I tell people I do cryptography. And it’s not just outsiders. Even within a techie crowd, common responses range from "Ooof, that sounds complicated" to "I wouldn’t touch that with a ten-foot stick". I usually laugh and assure people that, although it can be complex, the complexity is surmountable. Even my reassuring comments are met with disbelief and the persistence of a feeling of intimidation by the topic of cryptography. I would love nothing more than for my words to be met with intrigue rather than hesitation. So I’m here to prove to you that crypto is tackle-able, and you can be the one to tackle it.

Cryptography is no longer a convenient addition. It is becoming more and more of a necessity for security and privacy. Organizations and consumers are demanding it. So, if you must learn it eventually, why not start now and why not learn the easy way. I fully admit that cryptography sounds intimidating, especially when it comes to adding it into your code. However, I firmly believe that the intimidation is solely because it is in an unfamiliar context. If the concepts can be broken down into bite-sized pieces, then our brains can more easily consume the crypto elephant. "Ease Me Into Cryptography", a series of introductory articles for InfoSec professionals, will do just that.

The post Ease Me Into Cryptography Part 1: Buzzwords and Hash Function appeared first on The Ethical Hacker Network.


text My Experience with the DoD Version of the RMF
Fri, 21 Sep 2018 13:24:47 +0000

Anyone out there dealing with the DoD implementation of the NIST 800-37 RMF? Just in case, it’s the "Guide for Applying the Risk Management Framework to Federal Information Systems" developed by the Joint Task Force Transformation Initiative Working Group. I have been knee deep in it now since it got rolled out and wanted to share some of the insights […]

The post My Experience with the DoD Version of the RMF appeared first on The Ethical Hacker Network.


text Book Review: Malware Data Science
Thu, 20 Sep 2018 17:08:52 +0000

[caption id="attachment_169289" align="alignright" width="500"]EH-Net - Book Review - Malware Data Science - Neural Net Learning Neural Network Learning Malware vs Benignware[/caption]

"Malware Data Science: Attack Detection and Attribution" (MDS) is a book every information security professional should consider reading due to the rapid growth and variation of malware and the increasing reliance upon data science to defend information systems. Known malware executables have expanded from 1 million in 2008 to more than 700 million in 2018. Intrusion Detection Systems (IDS) are changing from signature-based systems as code packing, encryption, dynamic linking and obfuscation point security towards tools applying heuristics methods supported by data science. This article is a summary and a review, but my primary goal is to encourage the reader to read the book and complete the activities. If you do, I am sure that your security toolkit will be better equipped.

Overview of Malware Data Science

MDS identifies Data Science as a growing set of algorithmic tools that allow us to understand and make predictions about data using statistics, mathematics, and artful statistical data visualizations. While these terms may imply a difficult read, authors Joshua Saxe (Chief Data Scientist at Sophos) and Hillary Sanders (Infrastructure Data Science Team Lead at Sophos) equip the reader for upcoming concepts well, building upon key concepts with python code examples and walking through the code to reinforce learning. At points they identify additional resources or refer to prior chapters in a way that both supports the reader and encourages further study.

EH-Net - Book Review - Malware Data ScienceThe code is downloadable from a site dedicated to MDS. Executing the code as you read helps to learn the concepts. I found working directly with the code itself to be surprisingly encouraging and even fun. Of course, some of the code is malware obtained from VirusTotal or Kaspersky Labs. That code is de-fanged with some flipped bits, but the code should be treated with due care in VirtualBox. The text offers a provisioned VirtualBox download.

The post Book Review: Malware Data Science appeared first on The Ethical Hacker Network.


text From Dev to Infosec – Making Friends
Mon, 10 Sep 2018 21:13:12 +0000

Whenever you enter a new community, the hardest part is always finding your way around and making friends. With InfoSec, it’s analogous to being dropped in the middle of Europe without a map, and you only know how to speak Spanish. It’s an incredibly broad subject area that encompasses different focuses and personalities, all of which adds to the need […]

The post From Dev to Infosec – Making Friends appeared first on The Ethical Hacker Network.


Register Now and Learn IoT Hacking Step-by-Step! Join Jacob Holcomb (AKA Gimppy) of SOHOpelessly Broken fame & principal researcher for Independent Security Evaluators (ISE), the people behind the IoT Villages of DEF CON, RSA, DerbyCon and more, for live demos of hacking IoT devices, the methodology for repeatable success and career opportunities for those with IoT Hacking skills during a […]

The post Webinar: Basics of IoT Hacking for the Career Pen Tester on Sept 27 2018 appeared first on The Ethical Hacker Network.


Containers are like BYOD (Bring Your Own Device). They are infiltrating our ranks, and InfoSec professionals’ gut reaction is to hesitate in including them in their environments. But instead of dismissing containers out of hand, I thought it would be wiser to study them not only to be prepared for the inevitable but also to understand their usefulness and most […]

The post Container Security Part 2 – Benchmarks to the Rescue appeared first on The Ethical Hacker Network.


Whether you’ve spent your career in cyber security on the vendor/provider side or the enterprise side of the table, you’ve no doubt participated in the circus that is the ‘evaluation’. Whether you’re the buyer trying to make a smart purchase, or the seller trying to make a smart sale, the evaluation is a fact of life. That said, evaluations are […]

The post The Evaluation – Four Phases to Finding "Better" Solutions appeared first on The Ethical Hacker Network.


text Video: The Future of Social Engineering
Tue, 21 Aug 2018 12:18:56 +0000

Video and Slide Deck from EH-Net Live! Aug 2018 The world of social engineering is a vast one. Probably more so than you might imagine. But to most, it can seem like a strange and mysterious place filled with the wonders of the human brain, trickery of the mind and all sorts of non-technical wizardry. You’ll need a wise and […]

The post Video: The Future of Social Engineering appeared first on The Ethical Hacker Network.


Hacking is awesome! I can understand the appeal of those that are doing it for a living. The hunt for bugs and the fight to secure systems from bad guys sounds like an incredible challenge of both intellect and skill. It’s probably why I’ve been drawn into the world of cybersecurity. It’s an exciting field to be in for a […]

The post From Dev to InfoSec Part 1 – The Journey Begins appeared first on The Ethical Hacker Network.