feed2list
feed2list will stop its service on 2019-01-01
Search and browse in Computer · Security
   search hits: 33
website The Ethical Hacker Network
Free Online Magazine and Community for Security Professionals
feed text My Experience with the DoD Version of the RMF
Fri, 21 Sep 2018 13:24:47 +0000

Anyone out there dealing with the DoD implementation of the NIST 800-37 RMF? Just in case, it’s the "Guide for Applying the Risk Management Framework to Federal Information Systems" developed by the Joint Task Force Transformation Initiative Working Group. I have been knee deep in it now since it got rolled out and wanted to share some of the insights […]

The post My Experience with the DoD Version of the RMF appeared first on The Ethical Hacker Network.


text Book Review: Malware Data Science
Thu, 20 Sep 2018 17:08:52 +0000

[caption id="attachment_169289" align="alignright" width="500"]EH-Net - Book Review - Malware Data Science - Neural Net Learning Neural Network Learning Malware vs Benignware[/caption]

"Malware Data Science: Attack Detection and Attribution" (MDS) is a book every information security professional should consider reading due to the rapid growth and variation of malware and the increasing reliance upon data science to defend information systems. Known malware executables have expanded from 1 million in 2008 to more than 700 million in 2018. Intrusion Detection Systems (IDS) are changing from signature-based systems as code packing, encryption, dynamic linking and obfuscation point security towards tools applying heuristics methods supported by data science. This article is a summary and a review, but my primary goal is to encourage the reader to read the book and complete the activities. If you do, I am sure that your security toolkit will be better equipped.

Overview of Malware Data Science

MDS identifies Data Science as a growing set of algorithmic tools that allow us to understand and make predictions about data using statistics, mathematics, and artful statistical data visualizations. While these terms may imply a difficult read, authors Joshua Saxe (Chief Data Scientist at Sophos) and Hillary Sanders (Infrastructure Data Science Team Lead at Sophos) equip the reader for upcoming concepts well, building upon key concepts with python code examples and walking through the code to reinforce learning. At points they identify additional resources or refer to prior chapters in a way that both supports the reader and encourages further study.

EH-Net - Book Review - Malware Data ScienceThe code is downloadable from a site dedicated to MDS. Executing the code as you read helps to learn the concepts. I found working directly with the code itself to be surprisingly encouraging and even fun. Of course, some of the code is malware obtained from VirusTotal or Kaspersky Labs. That code is de-fanged with some flipped bits, but the code should be treated with due care in VirtualBox. The text offers a provisioned VirtualBox download.

The post Book Review: Malware Data Science appeared first on The Ethical Hacker Network.


text From Dev to Infosec – Making Friends
Mon, 10 Sep 2018 21:13:12 +0000

Whenever you enter a new community, the hardest part is always finding your way around and making friends. With InfoSec, it’s analogous to being dropped in the middle of Europe without a map, and you only know how to speak Spanish. It’s an incredibly broad subject area that encompasses different focuses and personalities, all of which adds to the need […]

The post From Dev to Infosec – Making Friends appeared first on The Ethical Hacker Network.


Register Now and Learn IoT Hacking Step-by-Step! Join Jacob Holcomb (AKA Gimppy) of SOHOpelessly Broken fame & principal researcher for Independent Security Evaluators (ISE), the people behind the IoT Villages of DEF CON, RSA, DerbyCon and more, for live demos of hacking IoT devices, the methodology for repeatable success and career opportunities for those with IoT Hacking skills during a […]

The post Webinar: Basics of IoT Hacking for the Career Pen Tester on Sept 27 2018 appeared first on The Ethical Hacker Network.


Containers are like BYOD (Bring Your Own Device). They are infiltrating our ranks, and InfoSec professionals’ gut reaction is to hesitate in including them in their environments. But instead of dismissing containers out of hand, I thought it would be wiser to study them not only to be prepared for the inevitable but also to understand their usefulness and most […]

The post Container Security Part 2 – Benchmarks to the Rescue appeared first on The Ethical Hacker Network.


Whether you’ve spent your career in cyber security on the vendor/provider side or the enterprise side of the table, you’ve no doubt participated in the circus that is the ‘evaluation’. Whether you’re the buyer trying to make a smart purchase, or the seller trying to make a smart sale, the evaluation is a fact of life. That said, evaluations are […]

The post The Evaluation – Four Phases to Finding "Better" Solutions appeared first on The Ethical Hacker Network.


text Video: The Future of Social Engineering
Tue, 21 Aug 2018 12:18:56 +0000

Video and Slide Deck from EH-Net Live! Aug 2018 The world of social engineering is a vast one. Probably more so than you might imagine. But to most, it can seem like a strange and mysterious place filled with the wonders of the human brain, trickery of the mind and all sorts of non-technical wizardry. You’ll need a wise and […]

The post Video: The Future of Social Engineering appeared first on The Ethical Hacker Network.


Hacking is awesome! I can understand the appeal of those that are doing it for a living. The hunt for bugs and the fight to secure systems from bad guys sounds like an incredible challenge of both intellect and skill. It’s probably why I’ve been drawn into the world of cybersecurity. It’s an exciting field to be in for a […]

The post From Dev to InfoSec Part 1 – The Journey Begins appeared first on The Ethical Hacker Network.


Computer transformed the working techniques in the organizations by making it easier and feasible for the companies to achieve their targets and manage sustainable growth in the organization. It has simplified the means of communicating to the clients all over the world. The data are easily transferred and can get connected to elsewhere for the operations and working purposes. It […]

The post How Important Is It to Take CCNA Course for IT Professionals? appeared first on The Ethical Hacker Network.


Register Now and Learn All Things SE! Noted expert Chris Hadnagy, CEO & Founder of Social-Engineer, LLC, will join us for an hour of exploring the past, present & future of social engineering during a FREE EH-Net Live! webinar on 16th of August 2018 at 1 PM ET. First Name* Last Name* Email* I agree to the privacy policy and […]

The post Webinar: The Future of Social Engineering – August 16 2018 appeared first on The Ethical Hacker Network.


In his new book, "Social Engineering: The Science of Human Hacking, 2nd Edition," Chris Hadnagy really hits the mark by providing a great overview of social engineering techniques, explaining how and why they work, and giving the reader plenty of real-world examples to back it all up. The target audience is humans as Chris explains. If you are human, I […]

The post Book Review: Social Engineering: The Science of Human Hacking appeared first on The Ethical Hacker Network.


text Video: Bug Hunting as a Second Income
Mon, 16 Jul 2018 08:43:26 +0000

Video and Slide Deck from EH-Net Live! July 2018 When most think of selling bugs, they have visions of the underground hacking scene populated by nefarious characters using their 0-days for illegal activity. But what if you could get in on the bug hunting action without the worry of law enforcement? You can now! Companies not only use 3rd party […]

The post Video: Bug Hunting as a Second Income appeared first on The Ethical Hacker Network.


Phishing attacks have become a common factor in our daily routines for businesses and in our personal lives. There are many different types of phishing attacks, each of which requires a slightly different defense while having some commonalities as well. This article covers a specific type of attack called credential phishing and ways to protect against it. While you may […]

The post Credential Phishing – Easy Steps to Stymie Hackers appeared first on The Ethical Hacker Network.


text Book Review: Investigating Cryptocurrencies
Mon, 02 Jul 2018 17:15:51 +0000

As the saying goes, "Follow the money." Regardless of one’s philosophical argument on the merits of a decentralized currency controlled by the masses and not a single government entity, criminals are utilizing the technology to their own ends specifically because of the lack of a paper trail. "Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence" was written for cyber and […]

The post Book Review: Investigating Cryptocurrencies appeared first on The Ethical Hacker Network.


My expertise is not necessarily laden in the land of career counseling, hiring standards, and education recommendations. However, anecdotally, coming into a cybersecurity career in an unorthodox manner and blossoming through passion and perseverance, this is the best advice I can offer. First and foremost, we are past the days of the common refrain that "cybersecurity is not an IT […]

The post Cybersecurity Career Path – A Fresh Perspective appeared first on The Ethical Hacker Network.


The cloud is everything. Organizations have either moved completely to the cloud, have a hybrid approach, or are actively planning a cloud strategy. Penetration testers have always had to provide their services anywhere the client’s environment takes them. This often leads to finding vital information and credentials for their cloud provider of choice. With Amazon Web Services (AWS) being the […]

The post WeirdAAL (AWS Attack Library) Basics from the Authors appeared first on The Ethical Hacker Network.


Join us as we discuss Bug Hunting in general and how to generate income from it. Our guest Jason Haddix, VP at Bugcrowd, will give us an insider’s view of how it’s done. Register now for this free EH-Net Live! webinar on 11th of July 2018, 1 PM ET: First Name* Last Name* Email* I agree to the privacy policy and […]

The post Webinar: Bug Hunting as a Second Income – July 11 2018 appeared first on The Ethical Hacker Network.


text Video: Time’s up! GDPR is here – Now what?
Tue, 12 Jun 2018 19:29:12 +0000

Video and Slide Deck from EH-Net Live! June 2018 As promised, here is the video of the webinar we did earlier this month on GDPR. First find the description and agenda. Then the video from the EH-Net YouTube Channel is embedded. Lastly, we offer the slide deck. The world has gone GDPR crazy. Now that the deadline has passed, let’s […]

The post Video: Time’s up! GDPR is here – Now what? appeared first on The Ethical Hacker Network.


text The L0pht Legacy
Mon, 04 Jun 2018 13:40:07 +0000

20 Years Ago, Some Hackers Visited Congress… May 19th, 1998. I was just wrapping up my first year of college. My grades were terrible. Instead of going to classes, I had been huddled in my tiny dorm room with the computer my parents bought me. I grew up with a computer in the house from an early age, but having […]

The post The L0pht Legacy appeared first on The Ethical Hacker Network.


43 years ago, a small team led by Chuck Peddle changed the way society computes today. In 1975, encased in plastic, this 40-pin DIP 8-bit microprocessor, known as the MOS Technology 6502, made its debut. Why should you care? Not only was this the cheapest microprocessor on the shelf, but I believe, without this OG beauty queen of tech, our […]

The post Poisonous Pi – The Execution of a Raspberry Pi Hacking Workshop appeared first on The Ethical Hacker Network.