concise blog posts

Meet the CAT: Cyber Attack Terminator!

Category: Pentesting Tools

In this blog post we interview Brian Parsons, an inventor/ entrepreneur living in Wellington, New Zealand. Brian is the CEO and Founder of TFE (Telecoms Forensics Equipment Ltd) which “builds things to meet the regulatory and legislative compliance of targeted electronic communications, intelligence, and things of particular interest.” With our interest and fascinating in penetration, networking, firewalls and digital forensic tools we were keen to contact Brian to ask him about his latest and greatest project titled: CAT, which is an abbreviation for “Cyber Attack Terminator”. About the CAT: Cyber Attack Terminator CAT is a high-speed IPS Appliance removing all exploited services and application traffic in realtime. CAT detects and drops Malware, Viruses, Bot-nets, DDoS, MySQL injection and other malicious code variants. In addition all IPs are checked against a global IP blacklist. In summary, and before we dive into the interview, here’s an overview of the main features of this awesome cybersecurity monitoring device: By breaking the attackers TCP/IP communications we sanitise your network. Works any-to-any Network CAT provides a simple Cyber Security solution for the home, SME, Industrial or Corporate, protecting all devices including IoT and IT Server networks. No IT or networking skills required, ideal where IT resources are short, just plug in cables and turn on. CAT runs transparent to the underlying network, and doesn’t require support or configuration. 1. Can you tell us a little about your past experience and what led you to create…

Read More

We Interviewed Ron Gula! Co-Founder of Tenable Network Security

Category: Pentesting Tools

We had the honor of interviewing Ron Gula from Tenable Networks and are delighted to share this with our community. For those that don’t know, Ron is a legend in the Cyber Business Scene: I’ll let a recent interview with Paul Asadoorian do a better job than I’d ever do (see the bottom of this post for the video) – there’s also a very good overview of Ron here. Tenable Network Security create network security monitoring tools, which watches your network for vulnerabilities, threats, compromised systems, ‘odd-traffic’ and issues that could be affecting your security compliance. Tenable is most well known for, and virtually synonymous with Nessus: a leading vulnerability scanning platform. Nessus is perhaps one of the best known hacking tools out there and one which has been on our Top Ten Hacking Tools List for several years now. Nessus was freely available as an open source platform (and still is in a limited format), but in 2005 Tenable Network decided to change the license in order to better develop and support the vulnerability scanner. Any Penetration Tester or Ethical Hacker worth their salt will know exactly how to use Nessus, indeed many Pentesters mention Nessus in our ever-green interview post here. Henry, Concise How did you get your get your break in Cyber Security? Was it an accident or was it by design? Ron, Tenable I have always been a UFO fan and did a lot of online research in…

Read More

We Ask You For Your Hacker Tools Opinions, Tips, Tricks and Advice!

Category: Pentesting Tools

What is this post about? Time to read: 1 min Since 2012 we’ve been listing the web’s most favorite Hacking and Digital Forensics Tools (Penetration Testing Tools). We’d like to have your feedback on the tools you love: we want to know the why and the how you come to enjoy using these tools. Your advice and feedback would be invaluable to our community. Please share! If you use hacking tools please share your advice and wisdom! (Google Form) Take Part In The Questionnaire!

Read More

How Do I Get Started In Cybersecurity? Career Advice From Cyber Professionals

Category: Information Security Careers

What is this post about? Time to read: 10 mins We’ve helped literally thousands of young folk get interested in Cybersecurity, and one question we get asked a lot is “How Do I Get Started In Cybersecurity?” So, rather than us give you a ream of content and tips we thought we’d go ahead and ask the professionals for their thoughts! If you would like to contribute to this post please go ahead and click the below button to take part in the two minute questionnaire: Take Part In The Interview! Nithun Chand O Nithun is a Cyber Security, Information Security and Cloud Security Researcher. What do you do within Cybersecurity? Just Completed my Master’s degree in Cyber Security. Did you always want a career in Cybersecurity or do you migrate into it? I want a career in Cyber Security. What advice would you give to someone trying to break into Cybersecurity? Learn the basics. How important are Cybersecurity Certs and which ones would you advise? Certs have gone business. Honestly I have no certs but just knowledge and skills.

Read More

Is CEH Difficult? We Ask Cyber Pro’s With Certified Ethical Hacker Cert

Category: Information Security Certifications

What is this post about? Time to read: 10 mins We’ve been covering Cybersecurity training for many years now; but one certification that has been there from day one is CEH. Love it or loath it let’s just agree that HR and Recruiters tend to love this Cybersecurity Certification. We get asked a lot “Is CEH Difficult”, or “Is CEH Easy”, and the answer is obviously not as simple as the question! So, we thought we’d contact Cybersecurity Professionals that have taken and passed CEH what for their thoughts and experience on how they studied for and passed CEH, and, whether having the designation has helped their career. Did you pass the CEH Exam? If you have any advice to give please share it by answering our two minute questionnaire: Take Part In The Interview! Praveen Kumar Balasundaram Praveen is a security analyst; he’s able to perform vulnerability assessments, penetration testing and log analysis of firewalls, servers and incident response. How many years experience do you have within InfoSec? 3+ years. Did you find the CEH difficult, and did you pass first time? Little difficulty while facing questions related to practicals like Wireshark Packets, Cookies, Flags, Cryptography etc. What did you use to study? Flash cards, practice exams? Any books you can recommend? Practical exposure. What would be your #1 bit of advice for someone attempting to pass CEH? Need networking, Operating system basics. Are you a proficient (Python) coder/…

Read More

Is Passing CISSP Difficult? We Ask Cybersecurity Professionals with the CISSP Certification

Category: Information Security Certifications

What is this post about? Time to read: 10 mins We’ve been covering Cybersecurity training for many years now; but one certification that has been there from day one is CISSP. Love it or loath it let’s just agree that HR and Recruiters tend to love this Cybersecurity Certification. We get asked a lot “Is CISSP Difficult”, or “Is CISSP Easy”, and the answer is obviously not as simple as the question! So, we thought we’d contact Cybersecurity Professionals that have taken and passed CISSP what for their thoughts and experience on how they studied for and passed CISSP, and, whether having the designation has helped their career. If you’ve passed CISSP and would like to share your study experience please share your thoughts Take Part In The Interview! Anthony Leece A dedicated and motivated security professional with a strong background in technical information security and business development; known for providing effective project coordination, attention to detail, and maintaining client relationships. How many years experience do you have within InfoSec? 7 years. Did you find the CISSP difficult, and did you pass first time? I found the test prep questions to be more difficult than the actual test questions. I did pass my exam the first time, in roughly 2.5 hours. What did you use to study? Flash cards, practice exams? Any books you can recommend? I found the study guides to be the most helpful. They distilled the main…

Read More

How Do You Become a Cybersecurity Analyst? We Get Expert Advice…

Category: Information Security Careers

What is this post about? Time to read: 20 mins We often publish blog posts and content on how to become a Cybersecurity Professional; an example is our “How To Become A Penetration Tester”, and in this post we take a look at how you would go about become a Cybersecurity Analyst. Key to this post is sharing the experience that took these individuals on their journey in becoming a Information Security (Cyber) Analyst. Please share YOUR advice and expertise by answering a few questions on a Google Form: Take Part In The Interview! Juan Carlos Montes Senra What type of Analyst are you and what industry do you work in (or have you worked for)? Juan Carlos is a reverse engineer senior with experience in malware analysis, cryptography systems and security audits. More than 7 years of experience in software development. How did you become a Cyber Analyst/ Professional? I started as cryptographic analyst when I started working for the Spanish CSIRT. What advice would you give to someone interested in starting a career in Cyber Security? Start by focusing on one thing (forensic, malware, pentesting etc) and master that. Niels Groeneveld What type of Analyst are you and what industry do you work in (or have you worked for)? Niels is a Senior Threat Intelligence Analyst at RedSocks Malware Labs How did you become a Cyber Analyst/ Professional? Grew into this role after being a Cisco Network Engineer….

Read More

Is The OSCP Certification Difficult? Advice From OSCP Cert Holders

Category: Information Security Certifications

What is this post about? Time to read: 10 mins We’ve been covering Cybersecurity training for many years now; but one certification has really caught our attention; and that’s the OSCP Certification. The Offensive Security Certified Professional (OSCP) course and certification is the sequential certification to a course called “Penetration Testing with Kali Linux”. The folks behind Kali Linux are responsible for the OSCP Course (as well as a bunch of other ones). Here’s why we think the OSCP is the real deal and the bad-ass cybersecurity cert you can achieve: it tests the individual by assessing their penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam! That’s right. 24 Hours! Pretty awesome… The end result is that the professional that has passed OSCP has clearly demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report (which is also a requirement). In this post we ask current Professional Penetration Testers and Cybersecurity Professionals how they trained for and passed the OSCP Certification. If you’ve passed OSCP and have some advice and thoughts to share we’d love it if you could share it with us all! Take Part In The Interview! Grant Boudreau [Taken from Grant’s LinkedIn Profile] Hard working, self-motivated, high achieving professional with over 8 years experience in the Information Technology industry, with extensive work with Kali…

Read More

Summary of Cybersecurity Conferences Happening This Week [Week 50, 2016]

Category: Information Security Conferences

Here are the events that we have outlined taking place this week (week #50 December 12 – 18, 2016). You will likely also be interested in cyber security events events taking place in 2017. ICS CyberSec 2016 (Industrial Control Systems) December 12, 2016 | Nazareth, Israel This one day event will focus on Cyber Defense for Industrial Control Systems serving Utility Operations, Manufacturing and Critical Infrastructure. World Congress on Industrial Control Systems Security (WCICSS-2016) December 12 – 14, 2016 | London, UK Co-Sponsored by IEEE UK/RI Computer Chapter, WCICSS 2016 will be a meeting point for experts and researchers, managers, IT security professionals, educators, developers, vendors and service providers who are involved in assessment, integration, development, implementation and operation cybersecurity industrial technologies. This event will provide a chance to discuss topics on the current status and trends in protection of industrial control systems. The objectives of the WCICSS include bridging the knowledge gap between academia and industry, promote research esteem in Industrial Control Systems Security and the teach the importance of Intelligent Control Applications. ISC2 Security Congress December 12 – 15, 2016 | Orlando, Florida, USA Proudly collocated with ASIS International 62nd Annual Seminar and Exhibits, ISC2 Security Congress 2016 is expected to gather more than 19,000 professionals worldwide from the operational, cyber, information, software and infrastructure security disciplines. The goal of ISC2 Security Congress is to advance security leaders with invaluable education, networking and career advancement opportunities to all…

Read More

Summary of Cybersecurity Conferences Happening This Week [Week 49, 2016]

Category: Information Security Conferences

The year is drawing ever closer. Here are the events for this week (apologies, this week is a little late!). The 1st Biometrics Middle East, December 5 – 6, 2016 | Dubai, UAE The organizers believe that you will learn a ton about the latest innovations and advancements in biometrics regionally and globally. Biometrics obviously continues to be a major topic in cyber security. Privacy & Security Forum December 5 – 7, 2016 | Boston, Massachusetts, USA Conquer tomorrow’s most daunting privacy and security threats at this peer-to-peer networking event focused on healthcare’s unique challenges. From prevention and detection to response and recovery, get practical solutions you can put into action right away. Clearly if you work in healthcare & cybersecurity and live and work on the East Coast then this would be an excellent event to attend. Passwords 2016 December 5 – 7, 2016 | Bochum, Germany A hacker conference that’s all about passwords, PIN codes, and digital authentication. Passwords events explore fringe conversations on everything from analysis and education to securing, creating, cracking, and exploiting authentication solutions. And unlike other events where the speaker is rushed in and out, Passwords provides a unique environment for attendees to directly engage speakers before, during, and after their presentations. The 11th International Conference for Internet Technology and Secured Transactions (ICITST-2016) December 5 – 7, 2016 | Barcelona, Spain The ICITST is an international refereed event dedicated to the advancement of the…

Read More