Threat Analysis and Risk Assessment (TARA) is a critical process in cybersecurity that helps organizations identify, evaluate, and prioritize potential threats to their information systems and data. As cyber threats continue to evolve, understanding TARA is essential for protecting sensitive information and maintaining the integrity of systems. This summary will provide an overview of TARA Read More …
Tag: security
Tools – BEAR: Simulating Advanced Persistent Threats for Cybersecurity Education
For aspiring and new information security professionals, gaining practical insight into real-world attack methodologies is paramount. One tool that offers a unique perspective into advanced threat simulation is “BEAR,” a project found on GitHub. Unlike typical vulnerability scanners or compliance tools, BEAR is a compilation of Command and Control (C2) scripts, payloads, and stagers explicitly Read More …
Notes :: Kubernetes
Key topics include: Traditional vs. Kubernetes Challenges: Comparing the challenges of managing applications in traditional virtual machine environments versus containerized Kubernetes environments. Kubernetes Fundamentals: Defining Kubernetes, its origins, why it’s used, and key concepts like cluster architecture, API server, nodes, pods, and network policies. Kubernetes Security Fundamentals: Discussing control plane and data plane protection, including API protection, encryption, Read More …
Hacker TV – How I Would Learn Cyber Security If I Could Start Over
How I Would Learn Cyber Security If I Could Start Over Want to learn all about cyber-security and become an ethical hacker? His thoughts on the basics and fundamentals is so right on. Networking, User or Desktop support, Server maintenance, whatever. I firmly believe that the best security people started in IT originally. Experience on Read More …
Security is underwater
Also , there are no life preservers. In a recent reflection on conversations I’ve had, I’ve noticed a recurring theme that highlights the disconnect between non-IT professionals and security experts regarding data handling and application deployment. Non-IT individuals often enthusiastically present their newly developed applications that utilize specific data and share it with various users, Read More …
Hacker TV – Start Web App Pentesting
Looking to step up your web app pentesting and bug bounty skills? In this video, Alex from TCM Security walks you through some of the best FREE tools and resources to help you sharpen your AppSec knowledge and techniques. Whether you’re just starting out or looking to boost your skill set, these tools are must-haves!
AZ 900 – Part III – Microsoft Entra ID
Microsoft Entra ID Overview What is Microsoft Entra ID? Microsoft Entra ID, formerly known as Azure Active Directory (Azure AD), is a cloud-based identity and access management service provided by Microsoft. It enables organizations to manage user identities and access to resources securely. Key Features of Microsoft Entra ID Identity Management: User Lifecycle Management: Entra ID Read More …
AZ 900 – Part II – Architecture & Security II
Microsoft Azure is a powerful cloud computing platform that provides a wide range of services and resources for building, deploying, and managing applications and services through Microsoft-managed data centers. Understanding the structure of Azure is essential for effectively utilizing its capabilities. Key components of Azure’s organizational structure include subscriptions, management groups, resource groups, and resources. Read More …
AZ 900 – Part II – Architecture & Security I
Microsoft Azure is a comprehensive cloud computing platform that provides a wide range of services, including computing power, storage, networking, databases, analytics, and more. Understanding its global infrastructure involves several key concepts: Regions and Availability Zones Regions: Azure is divided into geographic regions, which are clusters of data centers located in specific areas around the Read More …
Decoupling CI/CD from deployment
Decoupling CI/CD from deployment allows teams to build, test, and deploy code changes independently, offering more flexibility and control over releases, enabling faster feedback loops and risk reduction. Why Decouple? Improved Control and Stability: By separating deployment (moving the code to production) from release (making the code available to users), teams can deploy new versions of Read More …