I creating a tool to identify and generate common typos for popular Bitly links to prevent them from being used by scammers.
The free URL shortener is a convenient internet feature that frequently goes against basic tenets of information security training: only click links that you recognize, are expected to receive, and are owned by a company or service you trust. Despite this, popular free link shortening services process millions of new links and clicks every month.
Don’t get me wrong: URL shorteners are definitely useful and can be very safe when used properly (more on that later). They make links more manageable to type for the rare time you need to give someone printed information, provide link tracking and analytics services, and are sometimes even catchy. However, the design of free URL shortening services is easily abusable, especially when these links are to be visited at scale or by customers of an industry that processes personally identifiable information (PII). …
Today I’ll be reviewing the CompTIA Advanced Security Practitioner (CASP+) CAS–003 exam, which validates candidates’ ability to implement technical solutions within cybersecurity policies and frameworks. The exam covers advanced-level concepts in risk management, enterprise security operations, architecture, security integration, research, and collaboration.
Exam Information
The CASP+ CAS–003 exam contains five weighted sections:
- 19% Risk Management — business and industry influences, policies and procedures, risk mitigation strategies, risk metrics
- 25% Enterprise Security Architecture — network security components, host security components, mobile and small form factor device security, software vulnerabilities and controls
- 20% Enterprise Security Operations — security assessments, incident response, forensics, and tools to conduct each…
Dear customer. Your Account Has Been Blocked. Please check your account information by clicking the link below.
At this point, we’re all used to receiving a few (if not tens or hundreds of) scam emails a week. Modern email services do an outstanding job of keeping these messages relegated to the spam folder through SPF, DKIM, and DMARC authentication. Still, a message or two will slip through on occasion. Such was the case when I found the following email in my inbox about a week ago.
Today I’ll be reviewing SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and its accompanying certification, the GIAC Certified Incident Handler (GCIH). SEC504 is a 6-day course that teaches step-by-step processes for incident response, how attackers undermine systems, detection and response strategies, and how to discover holes in computer systems and networks before the bad guys do.
The course leads up to the GCIH exam, which tests the knowledge needed to manage security incidents by understanding attack techniques, vectors, and tools, and how to defend against and respond to such attacks when they occur.
Exam Information
The GCIH covers a wide variety of topics, such…
The Department of Energy’s CyberForce is an annual red/blue team competition hosted by a coalition of national laboratories, government organizations, and industry sponsors. The fourth annual competition was held online on the weekend of November 14th and focused on defending cyber-physical energy infrastructure while simulating realistic utilities, users, anomalies, and constraints.
Over 180 blue team members were responsible for patching, maintaining, and recovering vulnerable infrastructure, while red team volunteers actively exploited these vulnerabilities to disrupt operations. The CyberForce competition also added a green team — volunteers that simulate users and verify the uptime and accessibility of business applications — and a CISO panel to give blue teams experience interacting with users and reporting to information security managers for additional points. …
This post is a collaborative effort between myself, Connor C., Tim E., and Tilden W. Together, we represented Northeastern University, the University of Cincinnati, the Rochester Institute of Technology, and the University of Virginia. Thanks for a great time, guys!
MetaCTF is an annual cybersecurity Capture The Flag (CTF) event, hosted online this year due to the COVID-19 pandemic. Teams of four from across the world, composed of students and non-students alike, competed in the event for a total prize pool of $5000. The 24-hour event began on October 24 at noon EST. …
conINT is a two-day INTelligence conference and fundraising event hosted by The Many Hats Club, Trace Labs, and the National Child Protection Task Force (NCPTF). Held live on Twitch this year, attendees had the opportunity to develop intelligence acquisition and analysis skills, learn about digital investigation, and more with the first full day of presentations and hands-on technical workshops. The second day of conINT allowed attendees to apply these skills by assisting international law enforcement agencies in locating missing persons from real cases using OSINT techniques during the six-hour Trace Labs OSINT Search Party CTF.
Trace Labs
Trace Labs is a nonprofit organization founded in 2017 by Rob Sell, a tracker for search and rescue and computer security professional, dedicated to organizing global Capture-the-Flag (CTF) “Search Parties” for missing persons and children across the world. To date, Trace Labs has assisted in over 300 investigations across 35 search parties, both online and in-person at notable security conferences including DEF CON. …
Today I’ll be taking a look at the Cisco Certified CyberOps Associate exam, an entry-level exam designed to validate the day-to-day tactical knowledge and skills that Security Operations Center (SOC) teams need to detect and respond to cybersecurity threats. The exam covers knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures to help teach the essentials of preventing, detecting, and responding to incidents and breaches.
Exam Information
The CyberOps Associate’s corresponding exam is Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS 200–201), taken at one of Pearson VUE’s testing centers available worldwide (and online, temporarily, due to the COVID-19 pandemic). …
Today I’ll be reviewing the CompTIA PenTest+ exam, a basic penetration testing certification with an emphasis on planning, scoping, and reporting on offensive engagements. The exam covers the knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures to help teach the essentials of preventing, detecting, and responding to incidents and breaches.
Exam Information
The PenTest+ PT0–001 exam contains four weighted sections:
- 15% Planning and Scoping — policies and procedures, legal concepts, contract types, and rules of engagement
- 22% Information Gathering and Vulnerability Identification — vulnerability scanning and enumeration, exploit identification, identifying and scanning specialized…
In RIT’s Computer System Forensics class, students learn basic incident response procedures as well as methods to uncover and investigate the activities of computer users. Students also learn to employ activities needed to gather and preserve evidence to be presented in court cases. Some of the concepts discussed in class are incident response reporting, forensic imaging, Linux and Windows file systems and steganography.
While the class is well-designed and the concepts presented are highly applicable, assignments and labs can grow a bit stale because the two professors that regularly teach the class are actively involved in research. Such was the case for Spring 2019's memory acquisition and analysis lab, which instructs on how to use the Linux Memory Extractor (LiME) and the Volatility Framework to analyze memory images for system information and malware infections. …
About
