Before You Join the Band Clamoring for the Latest Internet-Connected Gadgets, Press Pause and Consider what’s Unsaid about Security

by Morey Haber  | 

While the newest internet-connected gadgets, toys, and other technologies and their applications may be cool, and we all clamor to get our hands on it, we need to exercise some discipline in contemplating the security of the products and their potential long-term ramifications before we consider any of them for personal use or in our businesses. This leads to the basis of this blog post.

How to Hone Proactive Security Hardening Tactics via Milnet CTF

by Jay Beale  | 

In episode 5 of my Attacking and Defending Linux series, we proceed through a three-stage attack, breaking into the Cuckoo's Egg-themed Milnet Boot2Root CTF virtual machine, collecting flags as we go. Milnet is an intentionally-vulnerable CTF puzzle, created by Sebastian Brabetz and inspired by Cliff Stoll's book, The Cuckoo's Egg. On the webinar, we break exploitation of one of the vulnerabilities, but today, let’s talk about how we could break the very first exploit in the chain: the point where we got the Internet-accessible web application to give us a low privileged shell.

How to Secure Assets, and the Associated User Privileges, to Dismantle Cyberattacks

by Morey Haber  | 

While many cyberattacks are opportunistic, scanning indiscriminately across the web for specific vulnerabilities to exploit, or sending phishing emails to gullible users, some attacks are targeted against a specific company or individual. Analyzing the stages of a cyberattack can provide insight into the tools and tactics of the attackers, and help you improve your organization's cyber defenses.