Memorial Day 2015 Thoughts

Posted on ITSecurity Training

http://www.wsj.com/articles/SB118014402282815483 An excellent tribute and a very good expanation in 2007 Memorial Day and today 8 years later:   Once we knew who and what to honor on Memorial Day: those who had given all their tomorrows, as was said of the men who stormed the beaches of Normandy, for our todays. But in a […]

Read more >

3 MUST DO in #Cybersecurity

Posted on ITSecurity Training

We have all heard or seen the headlines Sony gets hacked, Home Depot Credit Card processing stolen, Target credit Card processing stolen, and more and more companies are all getting hacked. So big deal you say how did that happen? Yes, most of the reason breaches occur is a human employee clicks on spam or […]

Read more >

BBQSQL – for Delicious SQL Injection Testing

Posted on ITSecurity Training

Official Kali Linux BBQSQL site: http://tools.kali.org/vulnerability-analysis/bbqsql BBQSQL is a Python based blind SQL injection tool to test your SQL connections on the Internet.  (why bbq? because SQL injection is delicious) This is a bit more advanced than the SVA -(Scan Vulnerability Analysis) within the SVAPE & C  http://oversitesentry.com/tonyz/pubhtml/fixvirus/svapec/ SQL injection is more like the PE portion […]

Read more >

We Must Master The Cybersecurity Basics

Posted on ITSecurity Training

A great SECINT (Security Intelligence) paper John Stewart wrote: http://www.cisco.com/web/about/security/intelligence/JNS_TTPs.pdf   Basics must be mastered: patching Identity: Strong identity, federated Identity, and identity based networking Eliminate dark space Notice that the basic #1 item is  patching.  We must be able to cover patching on a timely basis with a regular methodology. Otherwise our systems are […]

Read more >

Testing System Vulnerabilities

Posted on ITSecurity Training

It would be a good idea to test your system hacking skills on systems that are not production systems. But who has time to create systems with a few vulnerabilities? Well it is vulnhub.com Here is Bwapp which you can download which is actually a vmware instance of a vulnerable application which can be “test” […]

Read more >