How I Would Learn Cyber Security If I Could Start Over Want to learn all about cyber-security and become an ethical hacker? His thoughts on the basics and fundamentals is so right on. Networking, User or Desktop support, Server maintenance, whatever. I firmly believe that the best security people started in IT originally. Experience on Read More …
Tag: security
Security is underwater
Also , there are no life preservers. In a recent reflection on conversations I’ve had, I’ve noticed a recurring theme that highlights the disconnect between non-IT professionals and security experts regarding data handling and application deployment. Non-IT individuals often enthusiastically present their newly developed applications that utilize specific data and share it with various users, Read More …
Hacker TV – Start Web App Pentesting
Looking to step up your web app pentesting and bug bounty skills? In this video, Alex from TCM Security walks you through some of the best FREE tools and resources to help you sharpen your AppSec knowledge and techniques. Whether you’re just starting out or looking to boost your skill set, these tools are must-haves!
AZ 900 – Part III – Microsoft Entra ID
Microsoft Entra ID Overview What is Microsoft Entra ID? Microsoft Entra ID, formerly known as Azure Active Directory (Azure AD), is a cloud-based identity and access management service provided by Microsoft. It enables organizations to manage user identities and access to resources securely. Key Features of Microsoft Entra ID Identity Management: User Lifecycle Management: Entra ID Read More …
AZ 900 – Part II – Architecture & Security II
Microsoft Azure is a powerful cloud computing platform that provides a wide range of services and resources for building, deploying, and managing applications and services through Microsoft-managed data centers. Understanding the structure of Azure is essential for effectively utilizing its capabilities. Key components of Azure’s organizational structure include subscriptions, management groups, resource groups, and resources. Read More …
AZ 900 – Part II – Architecture & Security I
Microsoft Azure is a comprehensive cloud computing platform that provides a wide range of services, including computing power, storage, networking, databases, analytics, and more. Understanding its global infrastructure involves several key concepts: Regions and Availability Zones Regions: Azure is divided into geographic regions, which are clusters of data centers located in specific areas around the Read More …
Decoupling CI/CD from deployment
Decoupling CI/CD from deployment allows teams to build, test, and deploy code changes independently, offering more flexibility and control over releases, enabling faster feedback loops and risk reduction. Why Decouple? Improved Control and Stability: By separating deployment (moving the code to production) from release (making the code available to users), teams can deploy new versions of Read More …
TLS: How It Protects Your Data Online
In today’s interconnected world, ensuring the security of data during online communication is essential. Transport Layer Security (TLS) is a foundational protocol that helps protect the privacy and integrity of data exchanged over the internet. This article will briefly explain what TLS is, how it works, and why it is critical for safe online communication. Read More …
Quick Note :: Attribute Based Access
We then end up with two main classifications of access control: Role-Based Access Control (RBAC). Define the role for the access to data, eg Policy = Subject (AND/OR) Role –> Permissions. Attribute-Based Access Control (ABCL). Define attributes eg Policy = User (role, nationality) AND/OR Resource (department, owner) AND/OR Action AND/OR Context (time, IP, location) -> Read More …
Hacker Video – SIEGECAST: Kerberoasting & Attacks 101
Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? Tim Media walks you through how to attack Kerberos with ticket attacks and Kerberoasting. He covers the basics of Kerberos authentication and then shows you how the trust model can be exploited for persistence, pivoting, and privilege escalation. At the conclusion, Read More …