eLearnSecurity sat down with Mari Gallow, CEO of Women’s Society of Cyberjutsu to discuss her experiences in cyber security and how to make strides toward a more inclusive industry.   Mari Galloway is currently a Senior Security Architect located in Las Vegas, Nevada, but her cyber security career wasn’t always guaranteed. In the interview, she mentions failing one of her first certifications by only a handful of points. It’s a reality many in the industry face when they begin their training, and it took mentors and long hours studying for Mari to bounce back from her initial setback.&nb ..read more

Welcome to the second episode of Cyber Insecurity, eLearnSecurity’s weekly show on all things cyber security. You can check us out on YouTube or on INE’s The IT Experts Network wherever you listen to podcasts. This week Neal Bridges, Jeff Golz and Matt Kreisher tackle a number of topics related to the increased threat landscape due to COVID-19. Cyber security teams have been working non-stop since the beginning of the pandemic to secure networks, build out VPN infrastructure and test applications for security vulnerabilities. But sometimes it feels like facing a tidal wave with a Boogie Board ..read more

Welcome to eLearnSecurity’s Cyber Insecurity, a new show dedicated to the latest InfoSec news. Every week, cyber experts Neal Bridges and Jeff Golz join eLearnSecurity’s Matt Kreisher to discuss what businesses need to know about the latest events in cyber security. This week, Jeff, Neal and Matt discuss AWS coin mining, the 5-alarm vulnerability at F-5 Networks and Encrochat. AWS Coin Mining On July 7th, Anthony Randazzo of Expel tweeted about a new AWS coin mining attack that, while not subtle, did raise “interesting observations.” Not only did the attackers have root access, but they also ..read more

by Hisomeru This is the final article in a series on fingerprinting in Pentesting. Start from the beginning here. WHAT TO DO WITH THE FINGERPRINT The goal of fingerprinting a network is to find out what operating systems and services are running and potentially find a way into the network through those internet facing systems. For those looking for ways into the network from an external source using vulnerable software, there is a search engine for service and operating system vulnerabilities called the “Exploit Database” or exploit-db. Exploit-db is updated daily and hosts exploit code and ge ..read more

eLearnSecurity Launches Version 2 of Penetration Testing eXtreme On Tuesday, June 23, eLearnSecurity released the latest version of Penetration Testing Extreme, our most advanced pentesting course. We overhauled PTX to address modern TTPs, especially regarding Active Directory attacks. Our course designers have also created 100+ hands-on red teaming challenges spread across 11+ attack scenarios in our industry leading labs. In tandem with the release of PTXv2, eLearnSecurity is also celebrating Red Team Month. From now until June 30th, all our ethical hacking and red team courses are 25% off w ..read more

by Hisomeru So far, the Fingerprinting section of our Pentesting 101 series has shown scans originating from a personal network. That isn’t always ideal in some situations. While following the attack methodologies found in the APT-1 report, Mandiant did not talk about APT-1 doing any type of scanning or fingerprinting. It would be crazy for APT-1 not to do any type of scanning. In fact, Mandiant probably had a hard time proving any type of scanning activity from APT-1. Being a nation state actor, APT-1 did not want to give away that it was scanning the target network from its infrastructure in ..read more

Announcing eLearnSecurity’s Red Team Month Discount We here at eLearnSecurity have been beating the dead horse about cyber security skills shortage for quite a while now. Why? According to CoreSecurity’s 2020 Penetration Testing Report, 47 percent of businesses have not pentested their network. That means nearly half of businesses are not prepared for an attack. They don’t know where their network vulnerabilities lie, and many can’t find skilled cyber security professionals to help. In fact, 63 percent of IT executives named “hiring enough skilled personnel to do the test” as their largest bar ..read more

by Hisomeru Since we are trying to paint a picture of the target network, saving the nmap output would help. The command line switch “-oA” will output the results of a nmap scan to XML, a grepable format and plain text like you’d see on the screen. Also, since we are trying to gather as much information as possible, nmap should be used to scan all ports, pull back the banners of the services, get the version information of the service and finally the operating system information.  There is a lot of information in the above screenshot. Using the “-v” flag gives a verbose output. Since we ..read more

Malware and Web Application Security and Phishing OH MY! eLearnSecurity Launches Malware Analysis Professional Course eLearnSecurity officially launched our latest cyber security training course, Malware Analysis Professional (MAP) on May 19. As malware continues to plague modern industry, many organizations struggle to comprehend the effects of an attack, where the vulnerability started and the consequences of such a breach.  MAP trains cyber security professionals in the intricacies of malware dissection, including how to implement dynamic and static analysis to better understand malwar ..read more

by Hisomeru Introduction to Fingerprinting So far in the introduction to penetration testing series of articles, we have covered non-intrusive ways of gathering intelligence on a target network. Using Technical and Human OSINT helped create a picture of the target network that is subject to a penetration test through unobtrusive means. If you’re just joining us in this series, we define Technical OSINT as gathering technical data on a target network through tools and web searches. Human OSINT is gathering data on the human aspect of the target network. Aspects of an organization such as email ..read more