background preloader

SANS Information Security Training

SANS Information Security Training
What is SANS? SANS is the most trusted and by far the largest source for information security training in the world. We offer training through several delivery methods - live & virtual, classroom-style, online at your own pace or webcast with live instruction, guided study with a local mentor, or onsite at your workplace where even your most remote colleagues can join in via Simulcast. Our computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security. Courses are taught by real-world practitioners who are the best at ensuring you not only learn the material, but that you can apply it immediately when you return to the office. All of SANS security courses are also offered at a government customer's desired location.

http://www.sans.org/

Related:  Network toolsSecurity

Levels of the Deep Web & Internet What are the Levels? There are, supposedly, 5 levels of the deep web (not counting Level 0). According to an anon, however, three more levels exist after the 5th one. Nikto2 Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security solution. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Information Assurance National Security Cyber Assistance Program The National Security Agency (NSA) / Information Assurance Directorate (IAD) has established a National Security Cyber Assistance Program wherein commercial organizations can receive accreditation for cyber incident response services. This accreditation in Cyber Incident Response Assistance will validate that an organization has established processes, effective tools and knowledgeable people with the proper skill set and expertise to perform cyber incident response for national security systems. The accreditation will only be issued to organizations that meet the criteria set forth in the NSA/IAD Accreditation Instruction Manual.

Crack/Keygen Sites That Are Safe To Use Blindly searching the web for cracks & keygens is about as smart as using Limewire to search for antivirus software - something not well-advised. Undoubtedly and unfortunately, the number of crack sites with overtones of a malicious agenda heavily outweigh sites that just want to serve up the honest goods. Having said that, there actually are quite a few creditable ‘crack’ sites that won’t try to bombard you with full-screen popup ads, or commandeer your computer into a spam-loving Kraken or Srizbi Botnet army.

Rainbow Tables: Your Password's Worst Nightmare While you might think of Rainbow Tables as eclectic colorful furniture, those aren't the ones we are going to discuss. The Rainbow Tables that we are talking about are used to crack passwords and are yet another tool in the hacker's ever-growing arsenal. What are "Rainbow Tables"? How could something with such a cute and cuddly name be so harmful? The Basic Concept Behind Rainbow Tables STIGs Home Updates! IAVM to CVE Mapping Spreadsheet - Update April 11, 2014 Google Chrome Browser STIG for Windows, Version 1, Release 1 - Update April 10, 2014 IAVM to CVE Mapping Spreadsheet - Update April 4, 2014 IAVM to CVE Mapping Spreadsheet - Update March 28, 2014

Cybersecurity Framework Latest Updates NIST is pleased to announce the release of NISTIR 8323 (Draft) Cybersecurity Profile for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The comment period is open through November 23, 2020 with instructions for submitting comments available HERE. NIST just published NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM).

Free Steganography Software - QuickStego Free Steganography Software - QuickStego What is Steganography? Steganography is the science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. An Example of Image Steganography ... A perfectly innocuous picture? Nothing special about it? Linux Text Editors Linux Editors for Plain Text: Linux editors for plain text can be divided into two categories, graphical GUI editors and console text editors. The advantage of the GUI editor is intuitive user friendly interface while the benefit of the console text editor is the suitability over long distance network connections which may or may not provide suitable bandwidth or reliability which would both be required by the GUI editors for remote operation. Console Based Editors: Graphical GUI Editors:

How to View Passwords Hidden Under Asterisks [Video] Google Chrome, Firefox and other browsers hide passwords behind asterisks but you can easily view the saved passwords using the built-in developer tools. Web browser hide passwords under asterisk characters for improved security. Say you are on the Gmail login page and the web browser, as always, has auto-filled the username and passwords fields for you. This is convenient because you can sign-in to your account with a click but because you have not been typing these saved passwords for a while now, you don’t even remember the Gmail password anymore. All web browsers, for security reasons, mask the password fields in login forms behind asterisk characters thus making it impossible for passersby to see your secret string.

WebGoat - Learn the hack - Stop the attack Learn the hack - Stop the attack WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components. Description Web application security is difficult to learn and practice. Not many people have full blown web applications like online book stores or online banks that can be used to scan for vulnerabilities. Remove hidden data and personal information by inspecting documents If you plan to share an electronic copy of a Microsoft Word document with clients or colleagues, it is a good idea to review the document for hidden data or personal information that might be stored in the document itself or in the document properties (metadata). Because this hidden information can reveal details about your organization or about the document itself that you might not want to share publicly, you might want to remove this hidden information before you share the document with other people. This article describes how the Document Inspector feature in Word can help you find and remove hidden data and personal information in your documents. In this article

Near Field Communication (NFC) Technology, Vulnerabilities and Principal Attack Schema - Infosec Resources The Near Field Communication (NFC) is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance. The NFC standard regulates a radio technology that allows two devices to communicate when they are in close proximity, usually no more than a few centimeters, allowing the secure exchange of information. NFC standards are based on different communications protocols and data exchange formats, and include also existing radio-frequency identification (RFID) standards such as the ISO/IEC 14443 specific for identification cards, proximity cards and contactless integrated circuit cards. The coverage of various ISO standards ensures for NFC technology the global interoperability that makes the technology usable in different areas.

Google Hacking Diggity Project – Bishop Fox Sometimes, the best defense is a good offense. Bishop Fox’s attack tools for Google Hacking level the playing field by allowing our clients to find information disclosures and exposed vulnerabilities before others do. Arm yourself with our arsenal of attack tools that leverage Google, Bing, and other popular search engines. SearchDiggity SearchDiggity v 3 SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project.

Related: