Latest News & Articles
Secure Our World: 20 Years of CISA’s Cybersecurity Awareness Month
Every October, the United States government, in collaboration with public and private sectors, observes Cybersecurity Awareness Month. This annual event,
Honoring the Heroes of 9/11
Twenty-two years have passed, but the scars of that tragic day remain etched in our collective memory. Today, we pay
The Importance of Strong Passwords: Best Practices for Online Security
Whether it’s safeguarding personal email accounts, sensitive financial information, or even critical business data, the significance of a robust password
Security Resources
CISA's Known Exploited Vulnerabilities Catalog
Minimize Cybersecurity Risk with the Known Exploited Vulnerabilities (KEV) Catalog
In November 2021 the Cybersecurity and Infrastructure Security Agency (CISA) started the Known Exploited Vulnerabilities (KEV) Catalog and Binding Operational Directive 22-01. The KEV catalog lists only vulnerabilities known to be actively exploited.
KEV Catalog: “sAMAccountName” “noPac” Privilege Escalation (CVE-2021-42278 and CVE-2021-42287)
“sAMAcountName” and “noPac” are two critical Active Directory vulnerabilities that can lead to full Domain compromise. Learn how a dollar
KEV Catalog: ExifTool Remote Code Execution Vulnerability (CVE-2021-22204)
This vulnerability is in ExifTool, a tool for changing the metadata of video, image and pdf files. Vulnerable versions of
Active Directory Series
Active Directory Series: Introducing AD CS
This post introduces Active Directory Certificate Services (AD CS) and topics like: public key infrastructure (PKI), the Kerberos pre-authentication protocol PKINIT, Certificate Signing Requests (CSR), and templates. This overview provides a baseline for learning AD CS penetration testing.
“PetitPotam” Windows LSA Spoofing Vulnerability (CVE-2021-36942)
PetitPotam is a NTLM relay attack vulnerability that is often checked for in Active Directory penetration testing. Attackers can become
Active Directory Series: 10 Reasons to Use CrackMapExec
CrackMapExec has various modules and options for Active Directory penetration testing. Here are 10 reasons to check out CrackMapExec.
Dallas County Data Incident from Computers Sold at Auction
Last month, Dallas County released a notice disclosing that Dallas County computers were sold at auction that did not have
Ferrari Cyber Incident: Cyber Extortion vs Ransomware
Last week, Ferrari announced it was contacted by a cyber threat actor for a ransom demand. Their corporate response to
CISA Announces Ransomware Vulnerability Warning Pilot
Last week, Monday March 13, CISA announced the creation of the Ransomware Vulnerability Warning Pilot (RVWP). This program was launched
Introducing and Setting Up the New Kali Linux 2023.1: Kali Purple
Today, Kali Linux’s 10-year anniversary, Kali Linux released their newest Kali Linux version: Kali Purple. Kali Linux is known for
An Overview of the Biden-Harris New National Cyber Security Strategy
The key messages emphasize where the U.S. government wants to allocate its cybersecurity spending and who should be responsible for
DDoS Attacks Emerge as Main Cyber Threat in Ukraine Conflict
The CyberPeace Institute has recorded cyber-attacks against a variety of host nations, including Ukraine and Russia. Reviewing their data from