eLearnSecurity sat down with Stephanie Ihezukwu, known online as Steph and Sec. She serves as a Lead for WoSEC Houston and served as lead for WISP at last year’s DefCon. She speaks at security conferences on various topics. She co-hosts a “happy hour” inspired podcast called Coolest Nerds in the Room, where she leads conversations based on the lives of people in tech.
As part of eLearnSecurity’s commitment to reaching out and building community, we are pleased to announce a partnership with VeteranSec, a non-profit group that helps veterans transition from military life to the private sector. VetSec provides information technology and cyber security training to its members, many of whom began their training in the military.
eLearnSecurity’s guide to penetration testing fundamentals continues with more information on human OSINT
Google and file searches on a website are good ways to accomplish manual Human OSINT. However, most penetration testers like automation. There is a tool called “Maltego” that automates many of the search processes one would use on multiple search engines and social media platforms.
When gathering initial information, penetration testers need to focus on an organization’s human element.
In the last article, Hisomeru covered the technical aspects of Open Source Intelligence or OSINT. OSINT traditionally comes in two different forms, Technical and Human. For penetration tests, it is equally important to know the human aspect of the target network just as well as knowing the technical aspects.
Malware and phishing attacks during a global pandemic emphasize the need for trained cyber security professionals
The staggering number of new COVID-19 cases reported every day are one reminder that the world is facing massive upheaval. With an unprecedented amount of the workforce resigned to home offices and IT teams struggling to monitor activities of their co-workers, the coronavirus has also turned into a boon for cyber criminals.
IT teams that access dark forums for cyber security intelligence are urged to use caution and practice transparency
While dark markets and the dark web can provide valuable information for cyber security professionals, organizations and individuals need to follow laws and regulations and maintain open lines of communication with law enforcement to avoid major investigative scrutiny.