Threat Modeling is the structured practice of identifying and prioritizing potential threats and vulnerabilities, and the prioritization of mitigations to protect assets, including confidential data and intellectual property. Threat Modeling Best Practices Define the scope and depth of analysis Understand what you’re threat modeling — Create a diagram or flowchart of the major components…

Continue to Capture… The Skills?In — December 2019 I read a Tweet calling for participants in an “upcoming 24-hour CTF”. Most infosec Tweets with lots of acronyms usually go over my head, this one should have not been any different, except for the gigantic flamingo plastered on it. If you have not caught on by now…

Are you a first time participant? — Trace Labs Trace Labs is a Not-For-Profit organization with a mission to crowdsource the collection of Open Source Intelligence (OSINT) to generate new leads on missing person cases. Trace Labs fundamental goal is to provide open-source intelligence (OSINT) to law enforcement, gathered at regular OSINT operations and via non-theoretical CTF (Capture the…

Port scanning, ping sweeps, OS detection, version detection, and more. — Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. It uses raw IP packets to determine what hosts, services, operating systems, and type of packet filters/firewalls are in use and available in the network as well as dozens of other characteristics. …

Exploiting Windows and Privilege Escalation Deploy & hack into a Windows machine, exploiting a very poorly secured media server. Tools: Nmap, Metasploit, Mimikats #1 Connect Connect to the network using OpenVPN or access it using the in browser machine provided by THM (membership required) ~ Detailed steps >>Here<< #2 Recon — What can we find out about this machine? Deploy the machine!

It worked for me, it might work for you too. — CompTIA Security+ Is a certification that aims to establish the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. The information security field has a vast range of certificates, some are industry-specific, and others depend on the career path chosen; however, one aspect that…

Engineering my first CTF challenge! — HilltopCTF is a team-based public CTF hosted by Security Blue Team which focuses in jeopardy style challenges with increasing level of difficulties. The CTF is aimed at anyone from novice to medium high level experience as challenges are varied and require a combination of resources and methodologies to be completed. …

An experience worth repeating! — Trace Labs is designed to serve as a tool for enhancing the state of missing persons location and family reunification. Trace Labs offers a modern, cost-effective, and accessible approach to an issue that has broken many families — their fundamental goal is to provide open-source intelligence (OSINT) to law enforcement…

“Learn security, test your knowledge, prove your skill” -SBT — Getting started in the field of information technology is a daunting challenge which is often exacerbated by the infinite amount of resources available to several divisions in the field on any topic. There’s one thing, though, that stays true irrespective of the direction you want to take, everyone has a…