Latest News & Articles

Secure Our World: 20 Years of CISA’s Cybersecurity Awareness Month
Every October, the United States government, in collaboration with public and private sectors, observes Cybersecurity Awareness Month. This annual event,

Honoring the Heroes of 9/11
Twenty-two years have passed, but the scars of that tragic day remain etched in our collective memory. Today, we pay

The Importance of Strong Passwords: Best Practices for Online Security
Whether it’s safeguarding personal email accounts, sensitive financial information, or even critical business data, the significance of a robust password
Security Resources
CISA's Known Exploited Vulnerabilities Catalog

Minimize Cybersecurity Risk with the Known Exploited Vulnerabilities (KEV) Catalog
In November 2021 the Cybersecurity and Infrastructure Security Agency (CISA) started the Known Exploited Vulnerabilities (KEV) Catalog and Binding Operational Directive 22-01. The KEV catalog lists only vulnerabilities known to be actively exploited.

“Certifried” Active Directory Privilege Escalation Vulnerability (CVE-2022-26923)
“Certifried” is an Active Directory privilege escalation vulnerability found in AD Certificate Services in May 2022 by Oliver Lyak.

Atlassian Confluence Server and Data Center RCE Vulnerability (CVE-2022-26134)
This critical remote code execution vulnerability was announced in June 2022 and affected both Atlassian Confluence servers and data centers.
Active Directory Series

Active Directory Series: Introducing AD CS
This post introduces Active Directory Certificate Services (AD CS) and topics like: public key infrastructure (PKI), the Kerberos pre-authentication protocol PKINIT, Certificate Signing Requests (CSR), and templates. This overview provides a baseline for learning AD CS penetration testing.

Active Directory Series: “ZeroLogon” Privilege Escalation Vulnerability
In July 2020 a critical privilege escalation vulnerability emerged that affected Active Directory environments: CVE-2020-1472. Nicknamed “ZeroLogon”, the vulnerability was

Active Directory Series: LDAP Reconnaissance
LDAP is a protocol that is targeted by attackers to get more information about Active Directory environments. This post covers

White House Unveils Comprehensive Cybersecurity Implementation Plan
On July 13, 2023, the Biden administration issued the first iteration of its National Cybersecurity Strategy Implementation Plan. Some experts

Cybersecurity In Real Time: Network Tech For Identifying Attacks
An effective cyber defense strategy should not only include preventative measures but also focus on identifying attacks as they happen

Fort Worth Under Digital Siege: City’s Cyber Defenses Breached
Forth Worth’s cybersecurity was tested by the hacktivist group SiegedSec this past week. This article delves into the motivations behind

Precision From Above: Drones Exploring the Unreachable and Securing Our World
Drones have emerged as the go-to solution to complete dangerous tasks that often put humans at great risk. Drone are

The Great Firewall Breached: China’s Hacking Shenanigans Exposed
The Cyber Battlefield: Analyzing China’s Aggressive Campaign of State-Sponsored Hacks

Drone Security: An Introduction to Blue UAS 2.0
Drone security continues to be a timely and challenging task. DIU’s Blue UAS 2.0 aims to help streamline the process