Welcome to the Cybrary Studios, home to Cybrarys three podcast series, including the award-winning 401 Access Denied voted Best Cybersecurity Podcast for NORTH AMERICA by the 2021 Cybersecurity Excellence Awards.The Cybrary Podcast -In this show, we will be speaking with current leaders and experts in the IT and Cybersecurity fields. Discussing topics ranging from DevSecOps and Ransomware attacks to diversity and the retention of talent the Cybrary Podcast covers it all. Stay up to date with recent discussions and insight from current vendors and instructors from Cybrary. Come join us at Cybrary and get to your Next Level today! 401 Access Denied -Want authorized access to top security tips from the experts in InfoSec? Join the 401 Access Denied Podcast Bi-weekly, with Thycotic’s ethical hacker Joseph Carson and Cybrary’s VP of Engineering Mike Gruen, as they share life lessons and insights into the world of InfoSec – the good, the bad, and the ugly. Whether you want to learn more about the latest hacking techniques, or navigating how to become a CISO, this is the podcast for you.Go For It with Sarah Moffat - Our newest podcast, Go For It, hosted by Sarah Moffat, the popular talent & leadership development expert is HERE!! Working in a male-dominated industry like #cybersecurity presents unique hurdles, so Sarah is here to help you gain the confidence, consistency, and courage to #GoForIt at work and in life!
In part 2 of our Quantum-focused series, the Cybrary Podcast welcomes back Ron Lewis, VP of Customer Success and Innovation at Patero. We've explored how quantum computing impacts cybersecurity professionals as both a threat to encryption and as a machine learning tool. In this episode, Ron shares his deep wealth of knowledge on the "Q's of Quantum" and the history of the field of study around Quantum Random Number Generation (QRNG). Discover Patero! Learn more about the quantum threat! See the research from NIST: ~NIST Announces First Four Quantum-Resistant Cryptographic Algorithms Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Who knew that casual livestream ethical hacking could lead to a full-time content creation career? The one-and-only Ben Sadeghipour aka NahamSec takes us down memory lane from the time he studied computer science and digital marketing in college to the moment he saw a promising future in bug bounty hunting. Get into the livestream hacker's mindset in this fun conversation about mentorship and community building in the cybersecurity space! Follow NahamSec! ~Twitter ~YouTube ~Twitch Consider Donating to the The Leukemia & Lymphoma Society® (LLS) Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
What were the biggest cybersecurity trends of 2022, and which types of threats do experts predict we should prepare for in 2023? Dan Lohrmann, Field CISO with Presidio, returns to the 401 Access Denied Podcast to provide a consolidated perspective on all the trends from an eventful year. From the war in Ukraine to the rise in cyber mercenary attacks, hacktivism, cloud hacks, and deepfakes, we're welcoming 2023 with a careful review of all the most memorable topics! Read Dan's article on "The Top 23 Security Predictions for 2023" ~The Top 23 Security Predictions for 2023 Part 1 Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Could an AI chatbot like ChatGPT help you co-author the next great cyberpunk novel? Or craft a phishing email and generate sock puppets - for ethical hacking research, of course! Join our security research team - incident responder Marc Balingit and adversary emulator Matt Mullins - as we wade into the fun (and sometimes ethically ambiguous) areas of AI tech in cybersecurity. Keep the conversation going as we explore how AI tools can impact productivity, learning, skill shortages, and more. Check out the podcast on Youtube to wat ch Will, Matt, and Marc demo ChatGPT. Explore ChatGPT in Cybrary's FREE challenge activity! Read all about the potential impact of A.I. chatbots on the cybersecurity world! Learn more about OpenAI on their website! See How OpenAI became an AWS Certified Cloud Practitioner! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Cloud services have made it easier for users to stay connected and access resources from anywhere. But how can we reduce the security risks resulting from on-premises-to-cloud infrastructure migration? Security researcher Carlos Polop returns to the 401 Access Denied Podcast to expose the most unexpected cloud security flaws commonly leveraged by adversaries. From tackling misconfigurations to enhancing security controls, we cover top risk mitigation strategies recommended by cloud penetration testers! Follow Carlos! (and join his Discord community!) ~Github ~Twitter Check out Carlos' latest book on cloud hack tricks ~Hacktricks Cloud Learn more about Carlos's priviledge escalation tool ~Purple Panda Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Cybersecurity needs dynamic minds to keep up with ever-evolving threats. How can managers foster an inclusive workforce that celebrates diversity of thought? Scott Gibson, Chief Strategy Officer at Melwood, discusses how a "double empathetic" approach can help security leaders improve sourcing best practices and meet their employees where they're at. Hear more about the steps that neurodivergent people can take to build their career-ready skills and succeed in cybersecurity. Learn more about Melwood and the abilIT program! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Ethical hackers are motivated to make society safer, but how can they ensure that they are following the law? This episode of the 401 Access Denied Podcast explores all the gray areas of vulnerability disclosure policies, copyright laws, and end-user license agreements. Learn essential hacker safety tips from our hosts, Joe Carson and Chloé Messdaghi! Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
The quantum computing revolution is a hot topic in the technology world, but how exactly does it impact cybersecurity professionals? To what extent does quantum computing pose a threat to encryption, and how long do we have to prepare for it? Ron Lewis, VP of Customer Success and Innovation at Patero, helps us find a pragmatic approach to post-quantum resiliency. In the first episode of our Quantum and Cyber podcast series with Patero, you'll learn all about how to differentiate Shor's algorithm from Grover's, navigate the cryptographic saga of Bob and Alice, and realistically quantify post-quantum risks. Discover Patero! Learn more about the quantum threat! See the research from NIST: ~NIST Announces First Four Quantum-Resistant Cryptographic Algorithms Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
The art of hacking is often synonymous with high-profile cybercrime. But how can the cybersecurity and penetration testing community help more crafty hackers go from breaking bad to breaking good? Phil Wylie, author of "The Pentester Blueprint," joins Joe Carson and Chloé Messdaghi to discuss innovative ways of fostering a safe, supportive, and rewarding culture among ethical hackers. We explore how effective mentorship, gamified bug bounty challenges, and free training opportunities can positively impact cybersecurity job recruitment and satisfaction. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Some threat actor groups pursue state-sponsored espionage, and others conduct financially-motivated cyberattacks. APT41, also known as Double Dragon, happens to do both! Our adversary emulator and self-described Chief Thief, Matt Mullins, teams up with defensive security freelancer, Chris Daywalt, to discuss their latest threat actor campaign emulating APT41. Get caught up in the cat-and-mouse game between red and blue teamers in this conversation on reducing risk, enhancing alerts, and exploring realistic simulations! Start the Double Trouble with Double Dragon Threat Actor Campaign to detect TTPs leveraged by real-world threat actor group, APT41! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
When threat actors target enterprise security environments, they often seek to compromise the accounts with the most privileged access. How can organizations minimize security risks in a world where remote account access is growing? George Eapen, Group Chief Information Officer at Petrofac, discusses important strategies for reducing risk and increasing resilience in the face of threats like ransomware attacks. Learn more about how layered security controls, privileged access management, and employee training can foster a positive organizational security culture. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Interested in switching your career to cybersecurity, but don't know where to start? Need to brush up on your cyber basics? In this episode of the Cybrary Podcast, we are joined by our very own course managers Sara Faradji and Jenn Barnabee. Jenn goes into detail on the making of her new Entry-Level Cybersecurity Training (ELCT) course that is intended for absolute beginners with no prior knowledge of the industry! Get the inside scoop on how you can gain the foundational knowledge to take the next step towards your cybersecurity career or goals. Check out Jenn's Entry-Level Cybersecurity Training course at Cybrary! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Learn more about Cybrary! Feeling fatigued from all the fear and uncertainty surrounding cybersecurity news? Take a breather in this engaging podcast conversation with Ian Murphy, founder of CyberOff and affectionately known as "The Monty Python of Cyber"! Join in the fun as Ian breaks down the complexities of cybersecurity to focus on the value of human impact, bravery, and connectedness in this dynamic field. Check out CyberOff! Connect with Ian! ~LinkedIn Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Have you ever thought about pursuing a cybersecurity career, but you don't imagine yourself as a "tech person"? Tennisha Martin, founder and Executive Director of Black Girls Hack, discusses strategies for both front and backdoor entrances into the dynamic world of cybersecurity. Learn how to take advantage of networking, resume review, and hands-on training opportunities so that you can see yourself in cyber! Join Black Girls Hack! ~Black Girls Hack Website Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
With the state of cybersecurity in constant flux, how can security teams better prepare both their organizations and society for the challenges ahead? Rik Ferguson, VP of Security Intelligence at Fourscout Technologies, shares best practices for tackling issues of trust, authenticity, communication, and problem-solving in the security world. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
A skill shortage is pervading the cybersecurity industry. But what is the root cause of the problem, and how can employers fill more job roles? Dave Kennedy, CEO and founder of TrustedSec, and Chloé Messdaghi, Chief Impact Officer at Cybrary, discuss hiring and training best practices in the security world. Learn how you can break into the cybersecurity field from any educational or technical background! Follow Dave Kennedy! ~LinkedIn Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
With ransomware, supply-chain attacks, and other organized cybercrime incidents on the rise, what can we do to better protect society? Philipp Amann, Head of Strategy at the European Cybercrime Centre (EC3), invites us to his world of cyber law enforcement and analysis. Learn more about the evolution of cyberattacks and cybercriminal investigations. Hear how you can join government agencies in the fight against new and pervasive threats. Follow Philipp! ~LinkedIn ~Twitter Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
When it comes to vulnerability disclosure, there can be a lot of unknowns. What is the first step in safely reporting? How can global bug bounty hunters better understand the specialized legalese in disclosure policies? Casey Ellis, Founder and CTO of Bugcrowd, addresses the importance of standardizing vulnerability disclosure policy language. Join in the de-villainization of ethical hackers and bug bounty hunters with Casey and the Cybrary team at Black Hat! Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
At the onset of the 2022 war in Ukraine, how did the wiper malware attacks deployed by Russia impact civilians? To what extent does cyberwarfare coincide with information warfare in the context of the Russo-Ukrainian War? In part 2 of our conversation with Chris Kubecka, CEO of HypaSec, we discuss the importance of open-source intelligence and community support amidst global conflict. Connect with Chris Kubecka! ~Twitter Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
How did Tracy Z. Maleeff (aka InfoSecSherpa) pivot from a library science job into a cybersecurity research career? What first steps can other liberal arts majors take on their potential path toward the information security field? Find your niche in the security world with Tracy's tips on leveraging diverse skill sets to help solve complex security problems. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
With the Great Resignation looming, what can security leaders do to empower their teams? How does effective training help shatter glass ceilings? Lance James, CEO of Unit 221B, shares his methodology for boosting team confidence and capability. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
A distressing escape from a nation at the outbreak of war. A race to the border filled with sharp turns, sleepless nights, and evasion from mercenary groups. This is the true story of cyberwarfare expert Chris Kubecka's exodus from Ukraine in early 2022. Follow Chris down the winding Ukrainian backroads in part 1 of her perilous story. Connect with Chris Kubecka! ~Twitter Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
Cybrary has been hard at work building a custom lab experience designed to prepare your security teams to succeed. Get the inside scoop on Cybrary's SOC Analyst Assessment from Senior Product Manager Ned Hinman. Learn how you evaluate your team's skill development with a high-fidelity, immersive assessment. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
With thousands of new vulnerabilities discovered each year, how can security teams prioritize which ones to mitigate? John Hammond, acclaimed content creator and Senior Security Researcher at Huntress, explains key factors determining a vulnerability's potential impact. Join John behind the scenes at the RSA conference as he discusses threat actor mindsets, community engagement, and the ethics of hacking. Connect with John! ~LinkedIn Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube
What is your ideal password management experience? Pamela Dingle, Director of Identity Standards at Microsoft, chats with us during the 2022 RSA conference about forward-thinking identity management strategies from the perspectives of consumers, businesses, and government entities. Hear Pamela's take on how authentication, standardization, and decentralization efforts are changing the way that we think about digital identity. Connect with Pamela! ~Linkedin Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
With companies migrating to cloud environments amidst a continued influx of remote and hybrid workspaces, it's essential to keep your data secure. Nick Lumsden, co-founder and CTO of Tenacity Cloud, helps organizations to improve their foundational AWS cloud security. In a world where you can quickly make software changes, how can you maintain asset visibility and ensure compliance? Listen to Nick's insights on cost-effective cloud security management best practices. Connect with Nick! ~LinkedIn Check out Tenacity Cloud ~Company Website Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
When the next zero-day vulnerability hits, how can your security team prepare to detect and respond to the latest threats? In what ways can your organization reduce risk in a dynamic threat landscape? Our Cybrary Threat Intelligence Group (CTIG) is here to jumpstart the conversation on grounding your security training and decision-making on actionable research. Hear our CTIG experts, Ryan English and Matt Mullins, discuss the latest intel on the Follina vulnerability (CVE-2022-30190), the ZuoRAT report from Black Lotus Labs, and evolving tactics from initial access brokers like Prophet Spider. Take Matt's training course on the Follina vulnerability: ~https://www.cybrary.it/course/cve-series-follina-cve-2022-30190/ Subscribe to our forthcoming course campaign to detect behaviors of real-world initial access brokers: ~https://www.cybrary.it/catalog/spinning-a-web-shell-for-initial-access/ Check out the report on ZuoRat from the Cybray Threat Intelligence Group (CTIG): ~https://www.cybrary.it/blog/ctig-coverage-of-black-lotus-labs-zuorat-report/ Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
As our threat landscape evolves and remote work opportunities continue to grow in popularity, it's important that security leaders enhance their future-proofing strategies. How can organizations cultivate human-centered approaches to prioritizing risks and developing proactive incident response plans? Robert Burns, Chief Security Officer of the Thales Cloud Protection and Licensing division, sits down with the 401 Access Denied team to discuss these strategies and other key takeaways from the June 2022 BSIDES and RSA conferences. Connect with Bob! ~LinkedIn ~Twitter Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Security conference season is back in full swing, and Cybrary is here to bring you all the highlights! Our Senior Product Manager, Ned Hinman, shares key takeaways from the Infosecurity Europe Conference in June of 2022. Hear what security leaders organizations like ISC2 are saying about strategies for bridging skills gaps, attracting new talent, and approaching cybersecurity as a psychological challenge. Read the Psychology of Intelligence Analysis Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Living in the Information Age means that we have a wide world of knowledge and networks at our fingertips, but where do we find that balance between enlightenment and exhaustion? If you're weary from doomscrolling and tired of putting bandaids on burnout, you'll want to hear what Chloé Messdaghi has to say about maintaining sanity in the security industry. Join Chloé as she kicks off her latest gig as the co-host of the 401 Access Denied podcast, where she will share insights on prioritizing mental health support and positive leadership in cybersecurity. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
As cybersecurity teams become more advanced, adversaries get craftier. That's why Cybrary's blue teamer Owen Dubiel and red teamer Matt Mullins joined forces to develop purple team training campaigns based on real-world threats. Their latest campaign explores how threat actors like FIN10 extort organizations by threatening to expose their stolen data publicly. Hear all about how Owen and Matt created training exercises to help you improve your situational awareness and detection strategies. Think you have what it takes to enhance your detections to pinpoint each step in FIN10's attack kill chain? Enroll now in our Exfiltration and Extortion campaign, where you'll gain expert insights on real-world threat actor behavior and detect the malicious activity yourself in a virtual lab. Enroll now in our new Exfiltration and Extortion Campaign! Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Verizon's 2022 Data Breach Investigations Report (DBIR) is out, and Delinea is here to break down the highlights! Delinea CISO Stan Black and Cybersecurity Evangelist, Tony Goulding, discuss which findings are most surprising, actionable, and trending upward in this year's report. Get the experts' advice on how we all can develop smart, data-driven security solutions based on evolving threat actor behavior and incident analysis. Read all about it in Verizon's 2022 Data Breach Investigations Report! Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Acclaimed cybersecurity power player Chloé Messdaghi is making big moves in her new role as Cybrary's Head of Impact. In this episode of the Cybrary podcast, she discusses commonsense approaches to minimizing bias and cultivating inclusivity in the security industry. How can organizations mitigate not only dynamic cyber risks, but also the revolving door of employee turnover? What can effective leaders do to prioritize the value of security teams and invest in their continued growth? Listen to Chloé's advice on developing a human-centered perspective in security management and workplace culture. Connect with Chloe! ~LinkedIn Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Where can organizations find specialized candidates for millions of unfilled security jobs? How can the right approach to training help increase employee retention and close the notorious cybersecurity skills gap? Kevin Hanes, CEO of Cybrary, shares why investing in people is a vital part of reducing risk. Learn how you can effectively prioritize diversity in the hiring process and support the growth of people who value the continuous educational journey that is cybersecurity. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
How can purple teaming benefit your organization? When red teamers like Matt Mullins collaborate with blue teamers like Owen Dubiel, you know you'll get a thorough and cost-effective assessment of your security environment. Listen to Matt and Owen share their strategies for successful purple teaming design and implementation. Plus, hear about their new Cybrary course campaign where you'll learn real-world adversary techniques before enhancing detections. Check Owen and Matt's Threat Actor Campaign series, where you'll learn the tactics and techniques used by real-world adversaries! ~Threat Actor Campaigns Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
How does the hacker of all trades, Fredrik Alexandersson (aka STÖK), take the time to learn new things, design sustainable fashion, and connect with a growing social media community? Hear how you can satisfy your curiosity with the ultimate work-life balance. Follow STÖK down the bug bounty career path that influenced his cybersecurity career journey and inspired his creative pursuits. Follow STÖK on all platforms! ~Website ~YouTube ~Twitter ~Instagram ~LinkedIn ~Github ~Twitch Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Ransomware attacks impacted 66% of organizations in 2021. As threat actor groups like FIN7 take advantage of expanded networks, security weaknesses, and human trust, it's more important than ever to keep up with their level of prowess. Cybrary's "enterprise defender," Owen Dubiel, and "chief thief," Matt Mullins, discuss how their cybersecurity work experiences informed their Ransomware for Financial Gain course series modeled after FIN7's techniques. Follow each part of their attack scenario that lets you emulate adversaries before enhancing your detections to reduce your risk of being the next ransomware victim. Why choose between the red and blue teams when you can do both? Check Owen and Matt's Threat Actor Campaign series, where you'll learn the tactics and techniques used by real-world adversaries! ~Threat Actor Campaigns Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Just in time for World Password Day, this podcast episode is all about password cracking and the solutions to securing your secrets. Four-time DEF CON Black Badge winner and Chief Architect of IBM X-Force, Dustin Heywood, shares essential tips for easy password management. And if you're into ethical hacking, listen to Dustin's advice on which tools, hardware baselines, technique variations, and intellectual abilities will give you the advantage you need to start cracking. Follow Dustin on Social! ~Twitter ~LinkedIn Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Ready to get hands-on with Cybrary's ten bite-sized OWASP Top 10 courses? Legendary instructor and penetration tester, Clint Kehr, shares what you can expect in his scenario-based training courses that prepare you to exploit real-world web application vulnerabilities. Hear what's new in the 2021 OWASP Top Ten List, including category revisions, position ranking adjustments, and a whole lot of freshly-mapped CWEs. Plus, learn how Clint and the CyDefe team worked to bring you custom lab exercises that challenge you to think like a pen tester. Enroll in all of Clint's phenomenal OWASP Top 10: 2021 courses! ~A01:2021 - Broken Access Control ~A02:2021 - Cryptographic Failures ~A03:2021 - Injection ~A04:2021 - Insecure Design ~A05:2021 - Security Misconfiguration ~A06:2021 - Vulnerable and Outdated Components ~A07:2021 - Identification and Authentication Failures ~A08:2021 - Software and Data Integrity Failures ~A09:2021 - Security Logging and Monitoring Failures ~A10:2021 - Server-Side Request Forgery (SSRF) Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
In a world where cybersecurity is no longer just an IT issue, it is more important than ever to assess the human, technical, and physical security aspects of any organization. Bringing responsible awareness to this triad, FC (aka Freaky Clown) and his team at Cygenta are reimagining the role of penetration testing in fostering sustainable cyber resilience. Hear the tricks that FC has learned on the job while (ethically!) robbing banks to identify physical security weaknesses, enhancing the comprehensive value of pen tests, and developing cybersecurity training exercises for people of all ages. Learn more about FC's company! ~Cygenta Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
With privilege escalation vulnerabilities like Dirty Pipe posing potentially critical impacts, it is more important than ever to learn how adversaries exploit these flaws. Security researcher Carlos Polop joins us on this episode of 401 Access Denied to discuss his valuable contribution to the penetration testing community: Privilege Escalation Awesome Scripts Suite (PEASS). Gain insights on how pen testers can leverage LinPEAS and WinPEAS to exploit vulnerabilities in CTF environments. Plus, hear how you can contribute to Carlos' research. Follow Carlos! ~Twitter Check Out Carlos' Book: ~HackTricks Follow Carlos on GitHub and submit pull requests: ~Github Join Carlos' Discord Community: ~CarlosPolop's Hacking Society Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
The Okta security breach has gained considerable attention since the company's public disclosure of the attack on March 22nd, 2022. As debates continue on the timeliness and effectiveness of the organization's response, we at Cybrary want to elevate the discourse on how to foster smart, sustainable, and empathetic approaches to cybersecurity risk management. On this episode of the Cybrary Podcast, listen to the thoughtful advice of Cybrary's CEO, Kevin Hanes, and Senior Director of Content, Will Carlson, as they discuss how all organizational stakeholders can align on incident response strategies. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
As cybersecurity teams seek to enhance their defenses in the wake of worldwide ransomware attacks and the spread of wiper malware in Ukraine, what predictions can we make about the evolution of global information wars? Acclaimed security leader and Field CISO at Presidio, Dan Lohrmann, discusses emerging trends in cyber insurance, cyber incident reporting, and incident response planning. Learn more about the potential impact of the Shields Up advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Amidst growing risk and uncertainty, hear Dan's advice on how you can develop best practices for training and preparing your security team. Connect with Dan! ~ LinkedIn ~ Twitter Check out Dan's Book: ~Cyber Mayday and the Day After Read Dan's Blog Post on Cyber Insurance: ~Where Next for Government in the Cyber Insurance Market? Read More on Cybersecurity and the Invasion of Ukraine: ~What the Newly Signed US Cyber-Incident Law Means for Security ~‘For the first time in history anyone can join a war': Volunteers join Russia-Ukraine cyber fight Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
During unprecedented times when cyber and kinetic military actions coalesce, what can we learn about the evolving nature of warfare? Mike McLellan and Rafe Pilling join us from the Counter Threat Unit at Secureworks to discuss the latest cyberattacks in Ukraine. What is distinctive about these emergent types of wiper malware, and how can we better discern the objectives of threat actors? Get advice from the security research experts about how your organization can enhance defenses and incident response planning in the face of new threats. Read more about this subject in our blog post: ~Cyberwarfare: Evolution and Impact on the Russia-Ukraine Conflict Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
In just the first half of 2021, the financial industry saw a 1,318% in ransomware attacks. How can knowledge of ransomware gangs' encryption strategies help employees at every level of an organization to develop stronger incident response plans? Paula Januszkiewicz, acclaimed security leader, pen tester, and CQURE CEO, offers practical guidance on inclusive approaches to security awareness training. As the threat landscape evolves alongside new technological innovations, questions emerge about how we need to rethink password protection, privilege access, and at-home security. Enjoy this thought-provoking conversation about the value of curiosity and teamwork in forward-thinking security strategy development. Connect with Paula! ~ LinkedIn ~ Twitter Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Come on over to the dark side with Matt Mullins, the red teamer and penetration tester who is here to help you think like an adversary. Cybrary Course Manager Jenn Barnabee talks with Matt about his Cybrary courses that teach you how to exploit and mitigate the latest critical vulnerabilities, including Log4j, HiveNightmare, and more. Considering a path forward in offensive security? Then you'll love hearing about how Matt's career aspirations evolved from Buddhism studies to the "Help Desk Farm" to penetration testing. From zen to ZAP, he has a lot to share about taking risks and learning new tools! Enroll now in Matt's Cybrary courses! ~Exploitation and Mitigation: Log4j CVE-2021-44228 ~Exploitation and Mitigation: HiveNightmare (CVE-2021-36934) ~Exploitation and Mitigation: InstallerFileTakeOver (CVE-2021-41379) ~Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444) ~Cybrary's MITRE ATT&CK TTP Course: SSH Authorized Keys Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
How can we improve the security of life-saving medical, communications, and transportation devices? What hands-on skills do we need in order to design more trustworthy hardware? In this episode of 401 Access Denied, InfoSec veterans Beau Woods and Paulino Calderon discuss key tips from their informative book, "Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things." If you enjoy working with your hands and breaking things, then you'll want to hear Beau and Paulino's tips for how to kick off a dynamic, fulfilling career in IoT security. Learn more about why accessibility and collaboration are essential to improving the way that humans interact with, trust, and benefit from technological devices. Check out Beau and Paulino's book! ~"Practical IoT Hacking" Connect with Beau and Paulino on social media ~Beau's Twitter ~Beau's LinkedIn ~Paulino's Twitter ~Paulino's LinkedIn Join the IoT Village Discord server ~IoT Village ~#practical-iot-hacking Channel Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Ready to defend your organization against the widespread PolicyKit vulnerability that experts are comparing to the Log4j flaw? In this episode of the Cybrary Podcast, Raymond Evans, CEO of CyDefe Labs, discusses his latest Cybrary course on Polkit CVE-2021-4034. By exploiting this flaw, just how easy is it to gain root access on a target system? What can we learn from this vulnerability about the value of penetration testers and open-source software? Find out in this podcast and in Ray's course! Enroll now in Ray's newest course! ~Exploitation and Mitigation: Polkit CVE-2021-4034 Learn more about Cybrary's partnership with CyDefe: ~https://www.cybrary.it/catalog/vendor/cydefe/ Follow CyDefe Labs on Social Media! ~Twitter Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Whether you're new to cybersecurity or a longtime security professional, one of your best opportunities to network is at conferences. In this fun-filled episode of 401 Access Denied, seasoned conference-goers, Joe Carson and HillBilly Hit Squad's vCISO (aka “Chief Geek”), Chris Roberts, share their insights on how to make the most of networking events. What clothes should you pack? How can you best plan your daily schedule so that you maximize productivity and have time to socialize? And, most importantly, where in the world can you find the best whiskey? Cheers to a new year filled with engaging, informative cybersecurity events! Connect with Chris on social media! ~LinkedIn ~Twitter Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn
The next revolution in quantum computing and technologies is happening now, but how exactly will these growing innovations affect our lives? Dr. Maksym Sich, CEO of the groundbreaking quantum photonics startup, Aegiq, discusses how quantum will impact our medical, communications, and financial industries. Addressing the myth that quantum computing will break all our encryption keys, Maksym elaborates on quantum communications, post-quantum cryptography, and efforts to develop sustainable solutions with security by design. Be ahead of the curve in knowing how we will want to upgrade our systems to improve efficiency, data privacy, and more! Learn more about Maksym's startup, Aegiq: ~Company Website For more information on Quantum Computing: ~Quantum Manifesto ~Quantum Technologies - Blackett Review ~Quantum Comms Hub, "What does QKD mean for the Economy?" ~Report from the QED-C, "Guide to a Quantum Safe Organization" ~Downloadable Report from the QED-C Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Everyone is talking about malware these days, but what new developments and trends are we seeing in malware attacks? This week's featured guest is Shyam Sundar Ramaswami—Senior Research Scientist at Cisco by day, and the Batman of Hacking by night. So how does cybersecurity's Bruce Wayne propose that we strengthen our incident response plans against emerging malware threats? What's really happening when we click that inconspicuous link in the “Delivery Address Confirmation Needed” email? Find out the answers to these questions from the ethical hacker hero who's here to help you save the world from cyberattacks! Read Shyam's Book! ~"It's Your Digital Life" - https://www.routledge.com/Its-Your-Digital-Life/Govindarajulu-Ramaswami-Vasudevan/p/book/9780367700041 Check out Shyam's TED Talks ~Can a Couch Potato Save the Digital World? | Shyam Sundar Ramaswami | TEDxIIITBangalore - https://youtu.be/VEDF8bQPOeY ~Cyber Security - The Responsibility | Shyam Sundar Ramaswami | TEDxBITSathy - https://youtu.be/D4wJMjDhUBw Follow Shyam on social media! ~Twitter ~LinkedIn Follow us on Social!! ~Cybrary Twitter ~Thycotic Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Thycotic LinkedIn