Blog - Cyber Security Informer

How Cobalt Strike Became a Favorite Tool of Hackers

eSecurity Planet

MARCH 14, 2022

Cobalt Strike was created a decade ago by Raphael Mudge as a tool for security professionals. Indeed, the tool can assess vulnerabilities and run penetration tests , while most tools on the market cannot do both. Vulnerability assessment and pentesting are two different things. Cobalt Strike Attacks Make Headlines.

Energy and Utilities

Energy and Utilities DNS Penetration Testing Ransomware

Cyber Security Accessibility for Small Businesses

Pentester Academy

MARCH 10, 2023

Some of the world’s largest companies like Sony, Adobe and NASA have fallen victim to hackers. Hackers see small businesses as easy targets because smaller businesses often-times do not have the infrastructure, training, or bandwidth that larger companies have at their disposal. We’ve all seen headlines in the news about cyber attacks.

Small Business

Small Business Cyber Attacks Data breaches Technology

CTEM: The First Proactive Security Innovation in 20 Years

NopSec

FEBRUARY 13, 2024

My partners, Michelangelo Sidagni and Shawn Evans, always advocate the mentality of “think like a hacker.” Enterprises, large or small, on average own between 20 and 100+ security tools. It is no longer a tooling problem, it is a data problem. Each scanning tool has its own methods of defining severity levels.

Marketing

Marketing Risk Digital transformation Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The Hacker Mind Podcast: So You Want To Be A Pentester

ForAllSecure

FEBRUARY 23, 2021

Wylie wrote The PenTester BluePrint: Starting A Career As An Ethical Hacker. Often when I talk to people about pentesting, it’s the same problem. But what does the day to day look like for the average pentester? She is also the co-author of The Pentesting Blueprint, from John Wily and Co., I mean really?

Penetration Testing

Penetration Testing InfoSec Cyber Attacks Education

The Hacker Mind Podcast: So You Want To Be A Pentester

ForAllSecure

FEBRUARY 23, 2021

Wylie wrote The PenTester BluePrint: Starting A Career As An Ethical Hacker. Often when I talk to people about pentesting, it’s the same problem. But what does the day to day look like for the average pentester? She is also the co-author of The Pentesting Blueprint, from John Wily and Co., I mean really?

Penetration Testing

Penetration Testing InfoSec Cyber Attacks Education

Oh no! A client failed a pen test. Now what?

Webroot

JUNE 1, 2021

Did my tools cause the failure Has the MSP soured its relationship with its client? Others will immediately start pointing fingers at the tools that were identified in the pen test report. Review your tools configurations. Often, a security tool is designed to identify, evaluate and/or stop bad actors along the threat chain.

Penetration Testing

Mainframe Mania: Highlights from SHARE Orlando 2024

NetSpi Executives

MARCH 26, 2024

I had the pleasure of attending this year’s SHARE Orlando 2024 where I learned about the state of mainframe security today and the in-demand skills needed to protect these critical systems. All an attacker needs is one weakness to prevail, and these are the situations I am here to identify and report for eradication.

Penetration Testing

Penetration Testing Encryption Insurance Healthcare

What do Cyber Threat Actors do with your information?

Zigrin Security

OCTOBER 11, 2023

Hackers are becoming more sophisticated in their techniques, targeting individuals and businesses alike. Therefore, it is crucial to understand what hackers are planning to do with your data and take proactive measures to protect it. Financial Gain One of the primary motivations for hackers is financial gain.

Cyber threats

Cyber threats Penetration Testing Passwords Backups

Penetration Testing: What is it?

NetSpi Executives

APRIL 27, 2024

Penetration testing , also called pentesting or pen test , is a cybersecurity exercise in which a security testing expert, called a pentester, identifies and verifies real-world vulnerabilities by simulating the actions of a skilled threat actor determined to gain privileged access to an IT system or application.

Penetration Testing

Penetration Testing Social Engineering Software Wireless

Lab Walkthrough?—?The WannaCry Ransomware

Pentester Academy

FEBRUARY 23, 2023

This ransomware made use of the EternalBlue , an exploit of Microsoft’s implementation of their SMB protocol, released by The Shadow Brokers hacker group in April 2017, to gain access to remote Windows machines in most cases. For instance, government agencies or medical facilities often need immediate access to their files.

Ransomware

Ransomware Encryption Cryptocurrency Banking

The Hacker Mind Podcast: How To Get Paid To Hack

ForAllSecure

SEPTEMBER 29, 2022

In this episode of The Hacker Mind, I return to Episode 7 with Tim Becker, Episode 9 with Stok, and Episode 22 with Jack Cable to get their perspective on leaving 1337 skillz while getting paid by various bug bounty programs. It's a through line through all 56 episodes to the hacker mind thus far. You might even travel the world.

Hacking

Hacking Cryptocurrency Software InfoSec

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. Tools, methods, automation, and no BS. Denial-of-Suez attack.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. Now, we need to determine the sheet that contains this particular cell string. See more about msiexec.exe and its parameters here.

Malware

Malware Antivirus Technology Phishing

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

Hackers taking advantage of COVID-19 to spread malware New COVID-19-themed malspam campaign delivers FormBook Malware. Today I want to contribute to such a blog-roll analyzing a new spreading variant that hit my observatory. Then the attacker populates that folder with the needed files to follow the infection chain.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Cyber Attacks

Cyber Security Informer

How Cobalt Strike Became a Favorite Tool of Hackers

Cyber Security Accessibility for Small Businesses

Webinars

Trending Sources

CTEM: The First Proactive Security Innovation in 20 Years

Webinars

The Hacker Mind Podcast: So You Want To Be A Pentester

The Hacker Mind Podcast: So You Want To Be A Pentester

Oh no! A client failed a pen test. Now what?

Mainframe Mania: Highlights from SHARE Orlando 2024

What do Cyber Threat Actors do with your information?

Penetration Testing: What is it?

Lab Walkthrough?—?The WannaCry Ransomware

The Hacker Mind Podcast: How To Get Paid To Hack

Top Cybersecurity Accounts to Follow on Twitter

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Is APT27 Abusing COVID-19 To Attack People ?!

Stay Connected