With the rise of a the Covid-19 pandemic, there’s also a sharp rise in scammers trying to profit on the situation.

Unfortunately, WHO’s email servers are not helping with the situation.

During the coronavirus pandemic, scammers have sent several emails using the domain of the World Health Organization. Some are addressed from Tedros Adhanom Ghebreyesus, the director-general of the WHO, and carry attachments that can install malware on the victim’s device. Others announce a coronavirus cure that you can read all about in an attachment. They each appear to be sent from the WHO’s who.int email address.

Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group, Microsoft, speaks at RSA Conference.

As organizations digitally transform, access to artificial intelligence and machine learning powered by the cloud will mean the difference between struggle or success for organizations, as bad actors look to AI to do their dirty work. While cybersecurity and operational resilience should be complementary disciplines, the one thing many organizations who recover quickly from a cyberattack possess is also the one thing many attackers don’t take into account. The human spirit. Ann Johnson, CVP Cybersecurity Solutions Group, Microsoft, will share how to create a culture where people are your best defense.Ann Johnson, Corporate Vice President, Cybersecurity Solutions Group, Microsoft Corp.

freeCodeCamp.org has posted a full 14 hour network penetration testing/ethical hacking in this full tutorial course for beginners.

This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field.

Throughout the course, you will develop your own Active Directory lab in Windows, make it vulnerable, hack it, and patch it. We’ll cover the red and blue sides. We’ll also cover some of the boring stuff like report writing :).

This course was originally live streamed weekly on Twitch and built from lessons learned in the previous week.

GitHub repo (for homework):
https://github.com/hmaverickadams/Beginner-Network-Pentesting

Course created by The Cyber Mentor.

Check out his YouTube channel:
https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw

Course Contents

  • (0:00) – Course Introduction/whoami
  • (6:12) – Part 1: Introduction, Notekeeping, and Introductory Linux
  • (1:43:45) – Part 2: Python 101
  • (3:10:05) – Part 3: Python 102 (Building a Terrible Port Scanner)
  • (4:23:14) – Part 4: Passive OSINT
  • (5:41:41) – Part 5: Scanning Tools & Tactics
  • (6:56:42) – Part 6: Enumeration
  • (8:31:22) – Part 7: Exploitation, Shells, and Some Credential Stuffing
  • (9:57:15) – Part 8: Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
  • (11:13:20) – Part 9: NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
  • (12:40:46) – Part 10: MS17-010, GPP/cPasswords, and Kerberoasting
  • (13:32:33) – Part 11: File Transfers, Pivoting, Report Writing, and Career Advice

Siraj Raval just posted this video on defending AI against adversarial attacks

Machine Learning technology isn’t perfect, it’s vulnerable to many different types of attacks! In this episode, I’ll explain 2 common types of attacks and 2 common types of defenses using various code demos from across the Web. There’s some really dope mathematics involved with adversarial attacks, and it was a lot of fun reading about the ‘cat and mouse’ game between new attack techniques, followed by new defense techniques. I encourage anyone new to the field who finds this stuff interesting to learn more about it. I definitely plan to. Let’s look into some math, code, and examples. Enjoy!

Slideshow for this video:
https://colab.research.google.com/drive/19N9VWTukXTPUj9eukeie55XIu3HKR5TT

Demo project:
https://github.com/jaxball/advis.js

 

In this video, Siraj Raval demonstrates how to build a CyberSecurity startup around a demo app called DharmaSecurity, a fraud detection tool for businesses.

The way it works is that once signed up, a business will paste a code snippet into their website, and then they’ll get access to a dashboard that tells them how many fraudulent accounts they have.

In case you were wondering when the worlds of CyberSecurity and AI would collide and create new threats, it’s happening.

AI fuzzing definition AI fuzzing uses machine learning and similar techniques to find vulnerabilities in an application or system. Fuzzing has been around for a while, but it’s been too hard to do and hasn’t gained much traction with enterprises. Adding AI promises to make the tools easier to […]

As we rush headlong into an internet connected world, have we really thought through all of the risks? The next episode of Data Driven will take a deeper look at the global security risks our connected world exposes us to.

Here’s a sobering video from Motherboard on why we need to think very carefully about what kind of future we want.