π A Zero Day that went undiscovered for 18 years
π https://hacklido.com/blog/917-a-zero-day-that-went-undiscovered-for-18-years
π https://hacklido.com/blog/917-a-zero-day-that-went-undiscovered-for-18-years
HACKLIDO
A Zero Day that went undiscovered for 18 years
Eighteen years is a long time by anyoneβs standards β and itβs certainly a long time for a vulnerability to go undetected and unpatched. But in early Apr...
π A tech coalition to combat scams
π https://hacklido.com/blog/912-a-tech-coalition-to-combat-scams
π https://hacklido.com/blog/912-a-tech-coalition-to-combat-scams
HACKLIDO
A tech coalition to combat scams
Weβre focused onβ¦ Protecting tech users against scams. Why? Because in 2023, the US Federal Trade Commission reported that consumers in the US alone lo...
π2
βοΈ CyberWeekly 28' Sept | Issue #7
βοΈ CUPS, vulnerabilities, remote code execution, patches, NIST, authentication guidelines, cyberattacks, transportation, logistics, malware, water treatment, cybersecurity, EPA, ATG systems.
π https://hacklido.substack.com/p/cyberweekly-28-sept-issue-7
βοΈ CUPS, vulnerabilities, remote code execution, patches, NIST, authentication guidelines, cyberattacks, transportation, logistics, malware, water treatment, cybersecurity, EPA, ATG systems.
π https://hacklido.substack.com/p/cyberweekly-28-sept-issue-7
π Insights from a CISO: What I look for when hiring new talent
π https://hacklido.com/blog/908-insights-from-a-ciso-what-i-look-for-when-hiring-new-talent
π https://hacklido.com/blog/908-insights-from-a-ciso-what-i-look-for-when-hiring-new-talent
HACKLIDO
Insights from a CISO: What I look for when hiring new talent
Hiring cybersecurity talent is one of the major challenges faced by CISOs across the industry. Reaching the right people, developing an attractive job prop...
β€1
π Crypto security: Embracing transparency in leadership
π https://hacklido.com/blog/918-crypto-security-embracing-transparency-in-leadership
π https://hacklido.com/blog/918-crypto-security-embracing-transparency-in-leadership
HACKLIDO
Crypto security: Embracing transparency in leadership
With a background in counterintelligence for the US Army and experience of building and leading incident response and security engineering teams, Philip Ma...
β€1
π AI in Cybersecurity: Enhancing Threat Detection
π https://hacklido.com/blog/925-ai-in-cybersecurity-enhancing-threat-detection
π https://hacklido.com/blog/925-ai-in-cybersecurity-enhancing-threat-detection
HACKLIDO
AI in Cybersecurity: Enhancing Threat Detection
Cyber criminals have evolved from a peripheral threat to a significant danger in our online lives today. In todayβs world, technology has spread out and is...
βοΈ CyberWeekly 05' Oct | Issue #8
βοΈ Texas Hospital ransomware attack, Ivanti Endpoint Manager vulnerability, Zimbra flaw, CUPS DDoS, US Healthcare Cybersecurity Bill, CVE-2024-29824, CVE-2024-45519, CISA.
π https://hacklido.substack.com/p/cyberweekly-05-oct-issue-8
βοΈ Texas Hospital ransomware attack, Ivanti Endpoint Manager vulnerability, Zimbra flaw, CUPS DDoS, US Healthcare Cybersecurity Bill, CVE-2024-29824, CVE-2024-45519, CISA.
π https://hacklido.substack.com/p/cyberweekly-05-oct-issue-8
π1
π A surge in cyber attacks: Is critical infrastructure safe?
π https://hacklido.com/blog/923-a-surge-in-cyber-attacks-is-critical-infrastructure-safe
π https://hacklido.com/blog/923-a-surge-in-cyber-attacks-is-critical-infrastructure-safe
HACKLIDO
A surge in cyber attacks: Is critical infrastructure safe?
According to data from Check Point Research, Q2 2024 saw a 30% surge in cyber attacks worldwide. And itβs reflected in the headlines: UK telecoms company...
βοΈ CyberWeekly 12' Oct | Issue #9
βοΈ Internet Archive breach exposed 31M users' data, Microsoft Patch Tuesday fixed critical flaws, Firefox zero-day patched, OpenAI blocked AI misuse, education cyber threats rise.
π https://hacklido.substack.com/p/cyberweekly-12-oct-issue-9
βοΈ Internet Archive breach exposed 31M users' data, Microsoft Patch Tuesday fixed critical flaws, Firefox zero-day patched, OpenAI blocked AI misuse, education cyber threats rise.
π https://hacklido.substack.com/p/cyberweekly-12-oct-issue-9
β€1
βοΈ CyberWeekly 19' Oct | Issue #10
βοΈ Apple and Google propose shorter SSL/TLS certificate lifecycles, CISA warns of SolarWinds vulnerabilities, Iranian cyber threats targeting critical infrastructure, and post-quantum cryptography.
π https://hacklido.substack.com/p/cyberweekly-19-oct-issue-10
βοΈ Apple and Google propose shorter SSL/TLS certificate lifecycles, CISA warns of SolarWinds vulnerabilities, Iranian cyber threats targeting critical infrastructure, and post-quantum cryptography.
π https://hacklido.substack.com/p/cyberweekly-19-oct-issue-10
π Security Training and Freelancers
π https://hacklido.com/blog/884-security-training-and-freelancers
π https://hacklido.com/blog/884-security-training-and-freelancers
HACKLIDO
Security Training and Freelancers
Weβve all been there. The request pops up in your work inbox β complete your cybersecurity awareness course now. You put it off for a few days, but ultima...
π Pentesting Active Directory - Series @hacklido
Β» #1 - Active directory and familiarize with itβs components like trees, forest and trust relations
Β» #2 - Authentication, Authorization, Access Control, Users, KRGBT, Golden ticket attack and more
Β» #3 - reconnaissance & Enumeration in AD - Using AD Module, Bloodhound, PowerView & Adalanche
Β» #4 - LLMNR Poisoning
Β» #5 - Lateral movement, privilege escalation and some amazing tools that you can add to your arsenal
Β» #6 - Domain persistence and cross forest attacks
π Save it to read later
π Link to collection: https://hacklido.com/lists/6
Β» #1 - Active directory and familiarize with itβs components like trees, forest and trust relations
Β» #2 - Authentication, Authorization, Access Control, Users, KRGBT, Golden ticket attack and more
Β» #3 - reconnaissance & Enumeration in AD - Using AD Module, Bloodhound, PowerView & Adalanche
Β» #4 - LLMNR Poisoning
Β» #5 - Lateral movement, privilege escalation and some amazing tools that you can add to your arsenal
Β» #6 - Domain persistence and cross forest attacks
π Save it to read later
π Link to collection: https://hacklido.com/lists/6
π4
π Essential Security Practices for Node.js Web Applications
π https://hacklido.com/blog/936-essential-security-practices-for-nodejs-web-applications
π https://hacklido.com/blog/936-essential-security-practices-for-nodejs-web-applications
HACKLIDO
Essential Security Practices for Node.js Web Applications
1. Implementing SSL/TLS Security Securing data transmission between clients and servers is crucial, particularly when handling sensitive information. HTT...
π1
π Breaking Down the ISC2 2024 Cybersecurity Workforce Study: Key Insights and Career Tips
π https://hacklido.com/blog/942-breaking-down-the-isc2-2024-cybersecurity-workforce-study-key-insights-and-career-tips
π https://hacklido.com/blog/942-breaking-down-the-isc2-2024-cybersecurity-workforce-study-key-insights-and-career-tips
HACKLIDO
Breaking Down the ISC2 2024 Cybersecurity Workforce Study: Key Insights and Career Tips
ISC2 just dropped 2024 ISC2 Cybersecurity Workforce Study report and after reading it here are my thoughts: As organizations continue to battle escalatin...
π3
βοΈ CyberWeekly 09' Nov | Issue #11
βοΈ Interpol's crackdown on cybercrime, Google Cloud MFA requirement, Germany's protection for researchers, Snowflake hacking arrests, Cisco vulnerability fixes.
π https://hacklido.substack.com/p/cyberweekly-09-nov-issue-11
βοΈ Interpol's crackdown on cybercrime, Google Cloud MFA requirement, Germany's protection for researchers, Snowflake hacking arrests, Cisco vulnerability fixes.
π https://hacklido.substack.com/p/cyberweekly-09-nov-issue-11
π4π₯2
π Pwn College β Talking to Web Walkthrough
π https://hacklido.com/blog/945-pwn-college-talking-to-web-walkthrough-by-karthikeyan-nagaraj
π https://hacklido.com/blog/945-pwn-college-talking-to-web-walkthrough-by-karthikeyan-nagaraj
HACKLIDO
Pwn College β Talking to Web Walkthrough
Sending requests to a Web server via Curl, Netcat, and Python to Access Sensitive files and data | 2024 Note: The below notes were taken while I was solvi...
π5
π SUID Exploits Uncovered: A Step-by-Step Privilege Escalation Guide
π https://hacklido.com/blog/946-suid-exploits-uncovered-a-step-by-step-privilege-escalation-guide
π https://hacklido.com/blog/946-suid-exploits-uncovered-a-step-by-step-privilege-escalation-guide
HACKLIDO
SUID Exploits Uncovered: A Step-by-Step Privilege Escalation Guide
How to Read Sensitive Files with SUID set on the Commands and How to Escalate Privilege Introduction to Pwn College pwn.college is an online platform that...
β€4π₯2π1
π CyberWeekly 23' Nov | Issue #12
βοΈ AI fuzzing, OSS-Fuzz, open-source bugs, ransomware recovery, cybersecurity, CISA audit, D-Link flaws, EOL routers, Ubuntu need restart, privilege escalation, Linux security, patching, healthcare IT.
π https://hacklido.substack.com/p/cyberweekly-23-nov-issue-12
βοΈ AI fuzzing, OSS-Fuzz, open-source bugs, ransomware recovery, cybersecurity, CISA audit, D-Link flaws, EOL routers, Ubuntu need restart, privilege escalation, Linux security, patching, healthcare IT.
π https://hacklido.substack.com/p/cyberweekly-23-nov-issue-12
β€5π1
π CyberWeekly 01' Dec | Issue #13
βοΈ TL;DR: Russian hackers leveraged unsecured nearby Wi-Fi to breach networks, bypassing MFA protections. Another campaign exploited an old Avast driver to disable endpoint security tools through a BYOVD attack. DEF CON volunteers teamed up with U.S. water utilities to strengthen cybersecurity for under-resourced critical infrastructure. Meanwhile, SCOTUS allowed a class-action lawsuit against Meta to proceed, stemming from the Cambridge Analytica data scandal. Lastly, a Microsoft 365 outage disrupted services like Teams, Exchange, and SharePoint, prompting calls for stronger contingency planning and SLA reviews.
π https://hacklido.substack.com/p/cyberweekly-01-dec-issue-13
βοΈ TL;DR: Russian hackers leveraged unsecured nearby Wi-Fi to breach networks, bypassing MFA protections. Another campaign exploited an old Avast driver to disable endpoint security tools through a BYOVD attack. DEF CON volunteers teamed up with U.S. water utilities to strengthen cybersecurity for under-resourced critical infrastructure. Meanwhile, SCOTUS allowed a class-action lawsuit against Meta to proceed, stemming from the Cambridge Analytica data scandal. Lastly, a Microsoft 365 outage disrupted services like Teams, Exchange, and SharePoint, prompting calls for stronger contingency planning and SLA reviews.
π https://hacklido.substack.com/p/cyberweekly-01-dec-issue-13
π3π€―3