Latest News & Articles
Secure Our World: 20 Years of CISA’s Cybersecurity Awareness Month
Every October, the United States government, in collaboration with public and private sectors, observes Cybersecurity Awareness Month. This annual event,
Honoring the Heroes of 9/11
Twenty-two years have passed, but the scars of that tragic day remain etched in our collective memory. Today, we pay
The Importance of Strong Passwords: Best Practices for Online Security
Whether it’s safeguarding personal email accounts, sensitive financial information, or even critical business data, the significance of a robust password
Security Resources
CISA's Known Exploited Vulnerabilities Catalog
Minimize Cybersecurity Risk with the Known Exploited Vulnerabilities (KEV) Catalog
In November 2021 the Cybersecurity and Infrastructure Security Agency (CISA) started the Known Exploited Vulnerabilities (KEV) Catalog and Binding Operational Directive 22-01. The KEV catalog lists only vulnerabilities known to be actively exploited.
KEV Catalog: OpenSMTPD RCE Vulnerability (CVE-2020-7247)
CVE-2020-7247 is a remote code execution vulnerability in OpenSMTPD. OpenSMTPD is a free smtp protocol (mail server protocol) that runs
KEV Catalog: “Shellshock” GNU Bash Arbitrary Code Execution Vulnerability (CVE-2014-6271, CVE-2014-7169)
The “Shellshock” or “Bashdoor” vulnerability is a critical remote code execution vulnerability.
Active Directory Series
Active Directory Series: Introducing AD CS
This post introduces Active Directory Certificate Services (AD CS) and topics like: public key infrastructure (PKI), the Kerberos pre-authentication protocol PKINIT, Certificate Signing Requests (CSR), and templates. This overview provides a baseline for learning AD CS penetration testing.
Active Directory Series: Kerberoasting
Kerberoasting is an Active Directory credential attack that attackers use to access other services in Active Directory environments. This post
Active Directory Series: Kerberos Authentication Overview
Active Directory uses the Kerberos protocol to authenticate clients and permit or deny access to different services like mail, databases