Detect Tactics, Techniques & Combat Threats, Latest version: 1.8.0
DeTT&CT aims to assist blue teams in using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation.
The DeTT&CT framework consists of a Python tool (DeTT&CT CLI), YAML administration files, the DeTT&CT Editor (to create and edit the YAML administration files) and scoring tables for detections, data sources and visibility.
GitHub
#pentest #defensive
DeTT&CT aims to assist blue teams in using ATT&CK to score and compare data log source quality, visibility coverage, detection coverage and threat actor behaviours. All of which can help, in different ways, to get more resilient against attacks targeting your organisation.
The DeTT&CT framework consists of a Python tool (DeTT&CT CLI), YAML administration files, the DeTT&CT Editor (to create and edit the YAML administration files) and scoring tables for detections, data sources and visibility.
GitHub
#pentest #defensive
👍6
👍3
Metasploit MS SQL Server, 2023
Metasploit is an excellent framework developed by H. D. Moore. It is a free and lightweight tool for penetration testing. It is open-source and cross-platform and has a range of features. Its popularity rests primarily on the fact that it is a powerful tool for auditing security. While this is true, it also has many features that can help people protect themselves. Personally speaking, this is my go-to tool for testing as it encapsulates the exploit a pentester can ever need.
Through this article, we will learn how to use Metasploit to exploit MSSQL. Therefore, we will go through every exploit Metasploit has to offer step by step, from finding the MSSQL server in the network to retrieving the sensitive information from the database and gaining control. Without any further ado, let us begin.
#pentest
Metasploit is an excellent framework developed by H. D. Moore. It is a free and lightweight tool for penetration testing. It is open-source and cross-platform and has a range of features. Its popularity rests primarily on the fact that it is a powerful tool for auditing security. While this is true, it also has many features that can help people protect themselves. Personally speaking, this is my go-to tool for testing as it encapsulates the exploit a pentester can ever need.
Through this article, we will learn how to use Metasploit to exploit MSSQL. Therefore, we will go through every exploit Metasploit has to offer step by step, from finding the MSSQL server in the network to retrieving the sensitive information from the database and gaining control. Without any further ado, let us begin.
#pentest
👍4🔥1
Те самые ситуации, когда девушка тебе пишет первой, оставляет свой номер и готова на встречу, а потом бац и ghosted 😂😂😂
#fun
#fun
🤣5
image_2023-04-11_14-02-38.png
1.5 MB
Session Based Authentication
Understand what is session based authentication and how it is implemented
#useful #web
Understand what is session based authentication and how it is implemented
#useful #web
👍6
IoT and OT Security Handbook, Smita Jain, Vasantha Lakshmi, 2023
Assess risks, manage vulnerabilities, and monitor threats with Microsoft Defender for IoT
#book
Assess risks, manage vulnerabilities, and monitor threats with Microsoft Defender for IoT
#book
👍5
IoT.and.OT.Security.Handbook.pdf
22.4 MB
IoT and OT Security Handbook, Smita Jain, Vasantha Lakshmi, 2023
👍5
Есть компании имеющие свой бренд, долгую историю и солидный годовой оборот, но при этом не уделяющие вопросам ИБ внимания. Потом происходит утечка данных, падение инфраструктуры, дефейс сайта и тд. И после они срочно нанимают штат безопасников. И тут что?
Anonymous Poll
17%
П#дорасить такие компании, ломать их специально что бы бы они ощутили все проблемы без ИБ и нанимали
6%
Им не повезло:( злые люди это сделали, простить и понять ведь с кем не бывает
42%
Будет им уроком, отныне наймут ИБ спецов, выделят бюджет, воткнут СЗИ, аудит сделают
19%
Ничему это их не научит, если не было осознания за сколько лет то и сейчас ни к чему не приведет
10%
Ломать, Ломать, с#ка всех Ломать, я black hat и психопат, всех кто не держит удар Ломать
6%
Свой вариант (пиши в чат)
🔥4
Zero TrustтSecurity. An Enterprise Guide,тJason Garbis, Jerry W. Chapman, 2023
Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Zero Trust is about fundamentally changing the underlying philosophy and approach to enterprise security—moving from outdated and demonstrably ineffective perimeter-centric approaches to a dynamic, identity-centric, and policy-based approach. Making this type of shift can be challenging.
Your organization has already deployed and operationalized enterprise security assets such as Directories, IAM systems, IDS/IPS, and SIEM, and changing things can be difficult. Zero Trust Security uniquely covers the breadth of enterprise security and IT architectures, providing substantive architectural guidance and technical analysis with the goal of accelerating your organization‘s journey to Zero Trust.
#book#architecture
Zero Trust security has become a major industry trend, and yet there still is uncertainty about what it means. Zero Trust is about fundamentally changing the underlying philosophy and approach to enterprise security—moving from outdated and demonstrably ineffective perimeter-centric approaches to a dynamic, identity-centric, and policy-based approach. Making this type of shift can be challenging.
Your organization has already deployed and operationalized enterprise security assets such as Directories, IAM systems, IDS/IPS, and SIEM, and changing things can be difficult. Zero Trust Security uniquely covers the breadth of enterprise security and IT architectures, providing substantive architectural guidance and technical analysis with the goal of accelerating your organization‘s journey to Zero Trust.
#book#architecture
👍2🎉1