Cyber Security Interview Questions [2018 Update]

Cyber Security Interview Questions [2018 Update] What follows is a list of techniques for vetting candidates in Information Security (InfoSec / Cybersecurity). The list and approach has evolved over the years, as I think it should, and I think it represents a good balance between technical content and the philosophy around desired answers. interview first principles system administration encryption network security application security risk industry wisdom the onion question model the role-playing model the project…

"Cyber Security Interview Questions [2018 Update]"

Windows Defender Antivirus can now run in a sandbox

Windows Defender Antivirus can now run in a sandbox Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we…

"Windows Defender Antivirus can now run in a sandbox"

Crack a WEP key of an open network without user intervention with Wesside-ng

Crack a WEP key of an open network without user intervention with Wesside-ng Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme, reinject ARP requests and finally determine the WEP key. All this is done without your intervention.

"Crack a WEP key of an open network without user intervention with Wesside-ng"

Building Your Own Dedicated IPSEC VPN in Less Than 10 Minutes

Daniel Miessler Blog There are tons of VPN options out there, and the field is confusing enough that I did a post on the topic a while back to help people pick one of the better ones and avoid the scams. But if you look at the considerations for making a good choice, they mostly reduce to the following: Privacy Log retention Bandwidth Legal issues Customer service

"Building Your Own Dedicated IPSEC VPN in Less Than 10 Minutes"

How to tighten security and increase privacy on your browser

  Is my browser making an effort to keep my system safe and my online behavior private? This is usually not the first question we ask ourselves when we choose our default browser. But maybe it should be. These days, threats to your privacy and security come at your from all angles, but browser-based attacks such as malvertising, drive-by downloads, adware, tracking, and rogue apps make going online and conducting a search a little more…

"How to tighten security and increase privacy on your browser"

Proper Disposal of Electronic Devices

We can help you remove any and all data from your devices prior to disposal     From the following Government Agency Security Tip (ST18-005) Proper Disposal of Electronic Devices Why is it important to dispose of electronic devices safely? In addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal. Computers, smartphones, and cameras allow you to keep a great deal of information at…

"Proper Disposal of Electronic Devices"

OWASP Mobile Security Testing Guide

“This is the official GitHub Repository of the OWASP Mobile Security Testing Guide (MSTG). The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). You can also read the MSTG on Gitbook or download it as an e-book.”

"OWASP Mobile Security Testing Guide"

Gaining Domain Admin from Outside Active Directory

A very detailed post explaining the process they used to “…or why you should ensure all Windows machines are domain joined. The first thing I run on an internal is the Responder tool. This will grab Windows hashes from LLMNR or NetBIOS requests on the local subnet. However, this client was wise to this and had LLMNR & NetBIOS requests disabled. Despite already knowing this fact from the previous engagement, one of the things I learned during…

"Gaining Domain Admin from Outside Active Directory"