As part of eLearnSecurity’s commitment to reaching out and building community, we are pleased to announce a partnership with VeteranSec, a non-profit group that helps veterans transition from military life to the private sector. VetSec provides information technology and cyber security training to its members, many of whom began their training in the military.
Dr. Ali Hadi is a Senior Information and Cyber Security professional with more than 14 years of experience. He is currently a full-time professor and researcher at Champlain College and is a contributing author to cyber security textbooks. Ali is the course designer for eLearnSecurity’s upcoming Malware Analysis Professional Course.
What is a Business Email Compromise and why should cyber security professionals care?
Author: Keith Roberts, Senior Information Security Analyst
The FBI categorizes business email compromise (BEC) scams into three specific brands. While there are certainly hybrid forms, for this article we are focusing on the big three.
eLearnSecurity’s guide to penetration testing fundamentals continues with more information on human OSINT
Google and file searches on a website are good ways to accomplish manual Human OSINT. However, most penetration testers like automation. There is a tool called “Maltego” that automates many of the search processes one would use on multiple search engines and social media platforms.
eLearnSecurity recently sat down with Chloé Messdaghi, discussing her journey from business consultant to cyber security professional.
Chloe is the VP of strategy at Point Three Security. She is a security research advocate who strongly believes that information security is a humanitarian issue.
When gathering initial information, penetration testers need to focus on an organization’s human element.
In the last article, Hisomeru covered the technical aspects of Open Source Intelligence or OSINT. OSINT traditionally comes in two different forms, Technical and Human. For penetration tests, it is equally important to know the human aspect of the target network just as well as knowing the technical aspects.
Malware and phishing attacks during a global pandemic emphasize the need for trained cyber security professionals
The staggering number of new COVID-19 cases reported every day are one reminder that the world is facing massive upheaval. With an unprecedented amount of the workforce resigned to home offices and IT teams struggling to monitor activities of their co-workers, the coronavirus has also turned into a boon for cyber criminals.
IT teams that access dark forums for cyber security intelligence are urged to use caution and practice transparency
While dark markets and the dark web can provide valuable information for cyber security professionals, organizations and individuals need to follow laws and regulations and maintain open lines of communication with law enforcement to avoid major investigative scrutiny.
Learn more about updates to our Threat Hunting Professional Course and Watch a Live Lab Demo
eLearnSecurity will release a new version of Threat Hunting Professionals (THPv2) during a live webinar on March 24th. During the one hour webinar, course creators Dimitrios Bougioukas and Slavi Parpulov will discuss the essentials of threat hunting and outline course updates that address the modern threat landscape.
Hisomeru’s final thoughts on Technical OSINT and gathering information in the initial penetration testing phase
If you missed missed part one or part two of our pentesting series, start there then come back to this article.
One of the most comprehensive ways to gather Technical OSINT on a penetration testing target is to use a search engine called “Shodan.”