We’d like to invite you to OWASP’s 13th Annual AppSecUSA Conference taking place in Washington, DC, October 11-14. The event is comprised of two days of training sessions followed by a two-day conference where software security leaders, researchers and technologists discuss cutting-edge ideas, initiatives and technological advancements to secure web applications. This is also an opportunity for C-level executives focused on improving the security posture of their organization to discuss key ... Continue Reading >>

In a day and age where everything is online, it makes sense to use email; but why is it “a dying media”? Before I answer this question, have you ever wondered why people don’t use email? Well, one reason is all the junk or “spam” as people call it. No, not the food popular in American culture, but the kind literally NO ONE wants to take a bite of.     The second, not as obvious reason, is that it can be a bit inconvenient to use. I mean, with everything on phones and other mo ... Continue Reading >>

On this episode we discuss password leaks from Last.FM and Opera browser. You can check it out on our website www.cydefe.com or on youtube We are also doing a Qwertycards giveaway which can be found here http://www.cydefe.com/giveaway/ Continue Reading >>

On this episode Micheal and i talk about CVE-2016-5696 better known as the off path attack. You can listen to our podcast on our website cydefe.com or via our youtube channel below. If you enjoy our podcast please subscribe to our channel and follow us on twitter. Show Notes: in /etc/sysctl.conf set the following value net.ipv4.tcp_challenge_ack_limit = 999999999 Then load the configuration with # sysctl -p Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

On this weeks episode we are joined by Ben0xA who works for https://www.trustedsec.com you can follow him on twitter @Ben0xA. This week we discuss Macs and iPhones have a Stagefright-style bug, Android banking malware blocks victims’ outgoing calls to customer service, Hidden ‘backdoor’ in Dell security software gives hackers full access, and Companies failing to plan for many cyber dangers. This podcast and more can be found at CyDefe.com Remember to follow us on twitter @CyDefe ... Continue Reading >>

Hey hey everyone, It’s been a little while since we’ve last posted but we figured we should pop on here and give everyone an update on our podcast. Since we’ve last posted we’ve had a few awesome episodes come out. Minicast: 1 http://www.cydefe.com/podcast/2016/5/20/minicast-episode-1 On this episode we discuss the linked in breach and its impact on users. We advise everyone to change any passwords they may have used over multiple accounts and discuss the top worst passw ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-028-Cheryl_Biswas_Tiaracon_ICSSCADA_headaches.mp3   Long time listeners will remember Ms. Cheryl #Biswas as one of the triumvirate we had on to discuss #mainframes and mainframe #security. (http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3) I was interested in the goings on at BlackHat/DefCon/BsidesLV, and heard about #TiaraCon (@tiarac0n on Twitter). I went to find someone involved to understand what it was all about ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-029-Jarrod_Frates-What_to_do_before_a_pentest_starts.mp3 Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at #InGuardians sees him engaging many companies who have realized that a typical ‘pentest #puppymill’ or pentest from certain companies just isn’t good enough. Jarrod has also gone on more than a few engagements where he has found the client in question ... Continue Reading >>

Cybrary has been working hard to release our newest platform for individuals, allowing them to learn and develop their cyber security skills on Cybrary together. Drum-roll, please…Introducing Cybrary Teams! With Cybrary eclipsing the 500,000 Registered Users mark, we sought to find a way to bring people closer together to learn, share, and grow beyond what’s currently available on Cybrary. We believe Cybrary Teams will be able to meet the needs of learning cohorts, IT/Security Teams, ... Continue Reading >>

By Andrey Makhanov A lot of people think Juliar is a combination of Julia and R programming languages. However, that’s simply not true. I originally created the *Juliar * programming language for a girl I used to love. She is a very talented artist and really wanted to find a way to express herself. She bought many books, and she wanted to learn how to create things on a computer. However, it proved difficult for her to understand the books, let alone the languages. I shared her pain. Whe ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

CyberPop gets your brain going! Today’s Question: What’s a Proxy Server? Answer: A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. Most proxies are web proxies, facilitating access to content on the World Wide ... Continue Reading >>

According to a 2016 survey by PwC: 65% of businesses surveyed are “embracing a more collaborative approach to cybersecurity, one in which intelligence on threats and response techniques is shared with external partners. Internally, organizations are rethinking the roles of key executives and the Board of Directors to help create more resilient and proactive security capabilities.” – The Global State of Information Security® Survey 2016 Continue Reading >>

InfoArmor has identified a group of bad actors performing targeted cyberattacks on healthcare institutions and their IT infrastructure, including connected medical devices such as Magnetic Resonance Imaging systems (MRI), X-ray machines and mobile computing healthcare workstations. This group of bad actors has performed at least four successful attacks against US-based organizations of varying size, compromising a significant number of medical records. The threat actors claim to have stolen mil ... Continue Reading >>

Here’s a complete list of DNS Training Videos on Cybrary (in alphabetical order by first letter). Explore additional classes and modules here… Configuring DNS Zone Transfers Length: 12:12 Configuring DNS Zones Length: 21:27 DNS Enumeration Lab Length: 03:58 DNS Overview and Zone Transfers Length: 18:44 DNS Records (part 2) Length: 08:51 DNS Servers (part 1) – Specific functions of the DNS Server Length: 09:12 Enterprise Computing (part 6.2) DNS Security Length: 09:52 Installing an ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

“Thanks to Apple’s tight control over its app store and operating system, threats to iPhones and iPads have been infrequent and limited in scale. This changed in 2015. In 2015, [Symantec] identified nine new iOS threat families,compared to four in total previously. Bootlegged developer software, known as XcodeGhost, infected as many as 4,000 apps. TheYiSpecter malware bypassed the app store altogether by using the enterprise app provisioning framework. Researchers found Youmi embedde ... Continue Reading >>

CyberPop is a quick way to learn definitions and facts about cyber security.   Today’s Question: What’s SIEM Answer: The combined process of incident detection and incident response (pronounced “sim”). Includes features such as alerts, analytics, dashboards and forensic analysis.   Learn more terms in Cybrary’s Glossary. Continue Reading >>

  http://traffic.libsyn.com/brakeingsecurity/2016-027-DFIR_policy_controls.mp3 Mr. Boettcher is back!  We talked about his experiences with the #DFIR conference, and we get into a discussion about the gap between when incident response is and when you’re using #digital #forensics. Mr. Boettcher and I discuss what is needed to happen before #incident #response is required. We also discuss the Eleanor malware very briefly and I talk about finding Platypus, which is a way for you to cre ... Continue Reading >>

Recently, Cybrary released the “My Notes” feature, which members use to their personal record notes while take free cyber security training class. Since its inception, many users have leveraged this tool to capture critical information, thoughts and ideas. Researchers found that if important information was contained in notes, it had a 34 percent chance of being remembered. Information not found in notes had only a five percent chance of being remembered” (Howe, 1970, in Longman an ... Continue Reading >>

“Symantec discovered more than 430 million new unique pieces of malware in 2015, up 36 percent from the year before. Perhaps what is most remarkable is that these numbers no longer surprise us. As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives. Attacks against businesses and nations hit the headlines with such regularity that we’ve become numb to the sheer volume and acceleration of cyber threats.” – Internet Se ... Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security. Today’s Question: What’s Remediation Answer: What an organization does to limit or stop an attack once it’s detected, as part of incident response. Includes things like blocking IP addresses, removing infected files or devices, and restoring affected systems to a known good state. Continue Reading >>

Advanced Activities in Python Length: 39:47 Basic Python Commands and Functions Length: 29:47 Ctypes in Python Length: 31:32 Data Structures in Python Length: 31:36 Exceptions and Classes in Python Length: 28:05 Exploit Development (part 5) Python Length: 08:28 How to Install Python Length: 11:03 Info Gather (part 3) – Testing Your Python Scripts Length: 15:31 Introduction to Python Length: 21:15 Networking in Python Length: 27:49 Packet Analyzer – Writing a Packet Sniffer in Python Length: ... Continue Reading >>

By Kathleen Smith For the last several years, cyber security leaders and business owners have been lamenting the worldwide hiring crisis for cyber security professionals[1]. From building new educational programs, to discussing the relaxation of immigration regulations, every corner of the cyber security community has looked for an answer to this crisis. At the same time, we as a veteran-owned firm want to ensure that veterans find great career opportunities which led us to ask one simple questi ... Continue Reading >>

What are Cyber Security Standards?   “Cyber security standards are various forms of security standards which enable entities and organizations to practice security techniques to help minimize the number of cyber security attacks. In essence, the cyber security standards are fundamental guides which provide a general outline as well as more specific techniques for implementing various platforms for cyber security. For more specific standards, cyber security certifications issued by an ... Continue Reading >>

Today, most companies are deeply concerned about how to prevent ransomware. News stories abound and Infosec professionals are scrambling to keep themselves and their users out of the fire. Below, you’ll find a compilation of content to understand this important topic – from a 360 perspective. But, first a quick definition. According to Wikipedia: “Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restri ... Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What’s Penetration Testing or Pentesting?   Answer: “Penetration Testing or Pentesting refers to techniques for actively testing an organization’s computer or network security, usually by identifying potential vulnerabilities and weak spots and trying to exploit those and/or break in.”   Browse courses and topics here. Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-025-Windows_Registry-RunKey_artifacts-finding_where_malware_hides.mp3 The Windows Registry has come a long way from it’s humble beginnings in #Windows 3.11 (Windows for Workgroups).  This week, we discuss the structure of the Windows Registry, as well as some of the inner workings of the registry itself. Did you know that it is contained in specific files, located in %%Windows%%\system32, that are in a binary format? This makes them unreadab ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-025-Windows_Registry-RunKey_artifacts-finding_where_malware_hides.mp3   We are pleased to introduce Ms. Kim Green (Twitter: @kim1green). She is the CEO of KAZO Security, as well as the CISO / CPO of Zephyr Health, a #SaaS based #Healthcare data #analytics company.  She brings over 20 years of experience in healthcare and leadership to help small and medium business companies get help from a #CISO to assist in an advisory role. Ms. Green also ... Continue Reading >>

Got burgeoning hacking skills? Growing cyber security talents? A compelling mission to join or continue working in the cyber security industry? A cyber security degree is something to seriously consider: Cybercrime continues to grow into more of a global threat – just read the news. Small, medium and large companies desperately need competent individuals to fight crime that come in the forms of security breaches and online attacks. Cybersecurity professionals report an average salary of $116 ... Continue Reading >>

We love feedback from our Userbase. We have thousands of Users taking Cybrary classes on a daily basis and wanted to ensure that a Cybrary Certificate of Completion is a valuable measure of achievement. It should be something you’re proud to show your friends, family and employers. Upon 100% completion of a course on Cybrary, Users will continue to be able to use their Cybytes to purchase a Certificate of Completion. Many Users have also requested the ability to download their certificate ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

Operation “Get Rich or Die Trying” — Beginning in 2005 and for a more than a three year period, American hacker Albert Gonzalez, along with accomplices in Russia and the Ukraine, pulled off what has been called the largest cyber crime of all time, stealing more than 170 million credit card and ATM numbers. Total losses were estimated at more than $300 million. – BlackStratus Continue Reading >>

CyberPop is a quick way to learn definitions, terms and facts about cyber security.   Today’s Question: What does ‘Kill Chain’ mean? Kill Chain is a “military-inspired term encompassing the various stages of a cyber attack—reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action. Applies mainly to malware attacks, and was popularized by Lockheed Martin.”   Never. Stop. Learning. >> Browse courses and top ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

According to the pentest-standard.org website, “The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods described in this phase are meant to help the tester identify and document sensitive data, identify configuration settings, communicati ... Continue Reading >>

Angler Manages to Infect more than One Million Workstations a Year “There is a common misconception that a user explicitly needs to download a malicious file in order to get his PC infected. Exploit kits use a technique called drive-by-downloads. With this technique, malicious software can be ran just by opening a website in your browser. Angler is by far the most effective exploit kit that makes use of drive-by-downloads. It manages to give millions of users a headache after visiting an ... Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What are Exploit Kits? According to Wikipedia, “an exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities to upload and execute malicious code on the client. One of the earlier kits was MPack, in 2006. Exploit kits are often desig ... Continue Reading >>

  Information Security Governance and Risk Management professionals maintain and enforce policies to ensure the preservation of information security and build plans to account for applicable risks. Watch these videos to learn more!   Information Security Governance & Risk Management (part 1) Length: 06:03 Information Security Governance & Risk Management (part 2.1) Length: 10:59 Information Security Governance & Risk Management (part 2.2) Length: 13:12 Information Security ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

We’re very excited to launch My Notes on Cybrary. My Notes was developed after spending a good deal of time speaking with Users and learning what we could provide to help improve the experience on the site. Researchers found that if important information was contained in notes, it had a 34 percent chance of being remembered. Information not found in notes had only a five percent chance of being remembered”(Howe, 1970, in Longman and Atkinson, 1999). New Note Icon Available on Lesson Pag ... Continue Reading >>

” A staggering 98% of tested web applications were vulnerable to attack. Web apps are everywhere now, and it’s essential that updates and patches are installed so known vulnerabilities are addressed.” – 2015 Trustwave Global Security Report Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What was Heartbleed? A widespread vulnerability discovered in April 2014 that put user passwords (and other sensitive information) on popular websites at risk of being stolen. The bug, in OpenSSL encryption software, allowed hackers to repeatedly access a Web server’s memory.   Yearning for more information? Browse Cybrary courses and topics here. Continue Reading >>

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers. (from Wikipedia) Exploit Development (part 10) Creating Shell Code in Kali Linux Length: 16:33 Kali Linux (part 1) Length: 00:58 Kali Linux (part 2) Kali Linux Commands Length: 14:06 Kali Linux (part 3) – Directories, myfile and Nano Length: 13:19 Kali Linux (par ... Continue Reading >>

Earl Carter (@kungchiu) spends all day researching exploit kits and using that information to protect customers from various malware payloads that spread ransomware.  This week we sit down with him to understand the #Angler EK. He starts us off with a history or where it came from and how it gained so much popularity, evolving from earlier EKs, like #BlackHole, or WebAttacker. We even discuss how it’s gone from drive-by downloads, to running only in memory, to being used in malvertising ... Continue Reading >>

Today, we’re introducing the new course catalog on Cybrary. To date, Users have had limited flexibility when it comes to sorting through our course catalog. Taking into account some great User feedback, we’ve included the ability to filter classes by difficulty, vendor, and added Learning Paths. Learning Paths are designed to provide Users with recommended course paths for careers they may be interested in. By checking the designated Learning Path, the User can see exactly how to get ... Continue Reading >>

“The majority of data breach victims surveyed, 81 percent, report they had neither a system nor a managed security service in place to ensure they could self-detect data breaches, relying instead on notification from an external party. This was the case despite the fact that self-detected breaches take just 14.5 days to contain from their intrusion date, whereas breaches detected by an external party take an average of 154 days to contain.” – 2015 Trustwave Global Security Report Continue Reading >>

CyberPop is a quick way to learn more definitions and facts about cyber security.   Today’s Question: What’s “Dwell Time?”   Answer: “Duration, usually in days, that a vulnerability or infection remains undetected within a network or environment. (Some also define it as the time between detection and remediation, or even total time from infection to remediation.)”   Browse courses and topics here. Continue Reading >>

  Ben Johnson (@chicagoben on Twitter) has spent a good deal of time working on protecting client’s endpoints. From his work at the NSA, to being the co-founder of Carbon Black (@carbonblack_inc). Ben is co-founder and chief security strategist for Carbon Black. In that role, he uses his experience as a cofounder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry ... Continue Reading >>

Here’s a “done for you” list of Cybrary’s Malware Training Videos. Enjoy!   Incident responders (or Malware Analysts) perform appropriate malware analysis in order to fix the current infections and prevent future ones. Malware Analysis Introduction (Part 1) Length: 23:33 Malware Analysis Introduction (Part 2) Length: 09:48 Malware Analysis Introduction (Part 3) Length: 08:07 Malware Analysis Lab Setup (Part 1) Length: 01:47 Malware Analysis Lab Setup (Part 2) Length ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to learn, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session are uploaded to Cybrary’s ... Continue Reading >>

Despite almost daily reports revealing the contrary, 44% of organizations still believe they can keep attackers off their network entirely. – CyberArk’s 2015 Global Advanced Threat Landscape Survey Continue Reading >>

CyberPop tests your knowledge and builds your strength as an Infosec pro. Today’s Question: Define Code Injection Answer: An attack or pentest that introduces malicious code into a software application, which executes the code when the application is opened. Examples include SQL injection, which can compromise or modify information in a database and cross-site scripting, which can allow attackers or pentesters to hijack user accounts or display fraudulent content. Thanks for reading! Continue Reading >>

Let’s begin…   TCP .IP Internet Protocol Length: 15:48   TCP/IP Configurations (part 1) Length: 07:30   TCP/IP Configurations (part 2) Length: 11:33   TCP/IP Configurations (part 3) Length: 13:14   TCP/IP Configurations (part 4) Length: 08:03   TCP/IP Configurations (part 5) Length: 07:04   TCP/IP Configurations (part 6) Length: 10:51   TCP/IP Configurations (part 7) Length: 10:51   TCP/IP Configurations (part 8) Length: 10:50   TCP/ ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-018-software_restriction_policy-applocker.mp3 Windows has all the tools you need to secure an OS, but we rarely use them.  One example of this is ‘Software restriction policies’ or the use of Windows Applocker. It assists IT organizations by allowing you to block certain files from being saved anywhere, what file types can be executed in a directory, and can even whether or not you should allow software to install. We also discuss the ... Continue Reading >>

Here’s a concise list of offensive Hacker Training Videos on Cybrary (in alphabetical order by first letter). Explore additional hacking classes and other training videos here!   Google Hacking Length: 3:24 Google Hacking Lab Length: 25:40 Hacking Web Servers (Whiteboard) Length: 19:36 Info Gather (part 1) – An Activity in Post Exploitation Hacking Length: 31:15 Introduction to Hacking Web Servers Length: 01:39 Introduction to Mobile Hacking Length: 01:12 Introduction to Post ... Continue Reading >>

CyberPop from Cybrary aims adds to your knowledge as an Infosec pro.   Today’s Question: Name the 7 Stages of an APT Attack   According to Wired.com, the 7 stages are: 1. Reconnaissance 2. Intrusion into the network 3. Establishing a backdoor 4. Obtaining user credentials 5. Installing multiple utilities 6. Privilege escalation 7. Maintaining persistence Read more… Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. Just sign into Blab using your Twitter or Facebook account to start learning! In ... Continue Reading >>

According to a recent survey, some 42% of survey respondents said security education and awareness for new employees played a role in deterring a potential [cyber] criminal. — “US cybercrime: Rising risks, reduced readiness; Key findings from the 2014 US State of Cybercrime Survey,” PwC Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Andrew McNicol Andrew (@primalsec) is a Python junkie who is currently the lead for a web application penetration testing team and mentor for the SANS institute. Previously, he worked on an incident response team focusing on malware analysis and network forensics. He is alw ... Continue Reading >>

#content-block-background-1757 { background-image: url(); background-position: center top; background-repeat: no-repeat; background-color: #fff; background-attachment: scroll; background-size: auto; } #content-block-body-1757 { padding: 0px 0px 0px 0px; color: #333; } .content-block-body { margin-left: auto; margin-right: auto; position: relative; } #wrapper-1 { overflow-x: hidde ... Continue Reading >>

Take a moment to consider your company’s cybersecurity efforts. Do you picture your IT and security teams devising proactive technical solutions and dealing with threats? If so, that’s a typical and valid response.   Yet, there’s another key piece that most companies don’t consider: business process. The ins and outs of how your company works affects cybersecurity more than you know.   Ken Chodnicki, COO at Deep Run Security, a consulting firm in Baltimore, Maryland speaks pass ... Continue Reading >>

What is Mobile Hacking? With the alarming rate of advances in technology and affordability, a New Wave of Hackers has reached the shores of the infosec world. And the preferred choice of platform for these next generation hackers? The Mobile Phone. The Mobile Platform is ideal since modern phones are easily concealable and heavily spec’ed, allowing resource-intensive applications to run. With the commonness of Free WiFi, people are quick to accept a False sense of security and make it a pa ... Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session will be uploaded to Cybrary&# ... Continue Reading >>

What is S3SS10N Wednesday? Click here to find out more, or watch the Session below to experience it.   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute ... Continue Reading >>

On this weeks episode we discuss checking for malware in your firmware with Google’s VirusTotal, Getting pwned by hearthstone hacking tools, Fake Flash Update Serves OS X Scareware, and the FBI trying to scrub its employees data off of the web. Check out the podcast at http://www.cydefe.com/podcast/2016/4/12/episode-22-the-one-after-the-long-break Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio- Joshua Marpet Josh’s background is varied across man ... Continue Reading >>

I just wanted to take a minute to thank Joe Taylor @jbtaylor051 for making a substantial donation today. Joe purchased a huge amount of Cybytes, and the team here at Cybrary would like to say thank you! Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session will be uploaded to Cybrary ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructors – Kyle Hanslovan (left) & Chris Bisnett (right) Kyle ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-013-michael_gough-the_5_Ps.mp3 Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-013-michael_gough-the_5_Ps.mp3 iTunes: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 (look for the episode starting with “2016-013”) We discuss a model that Michael Gough used while he was at HP. The Information Security and Service Management (ISSM) Reference model can be used to help companies align their I ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-012-Ben_Caudill-Application_Logic_Flaws.mp3 Ever bought “-1” of an item on a retail site? Or was able to bypass key areas of an application and get it bypass authentication, or you were able to bypass a paywall on a site? This is only one example of a class of vulnerabilities called “logic flaws”. Application logic flaws are often insidious and not easy to find. they require often a bit of work to bypass, and are often misse ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio – Max Alexander Currently a Federal Law Enforcement O ... Continue Reading >>

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat. These unrehearsed conversations allow anyone to join in, ask questions, and share their experiences from offensive and defensive perspectives. In case you miss an episode, each recorded session will be uploaded to Cybrary ... Continue Reading >>

In 1903, “Magician and inventor Nevil Maskelyne disrupted John Ambrose Fleming’s public demonstration of Guglielmo Marconi’s purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium’s projector,” according to the Wikipedia entry “Timeline of computer security hacker history.” (I believe this may be the first recorded cyber attack.) After considering this attack, I wondered what John Ambrose Fleming did next. Di ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and Subject Matter Experts’s. They are designed to provide you with a quick dose of cyber security learning. New episodes from various instructors and experts in the industry, are published every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login ... Continue Reading >>

Cybersecurity News Site Review: TechNewsWorld – Cybersecurity Section Relevance to the Readership: Potentially high. A Google search on “cybersecurity news sites,” returned this site as the second listing on the SERP. This site may likely have a devoted readership, who are comfortable with the format, content and other features. Main Feature(s): Unique articles with balanced points of view, written by freelance writers. Readers may also subscribe, at no charge, to newsletters and news aler ... Continue Reading >>

You must be a Cybrary member to view this S3SS10N Wednesday Video .. Login or Join for Free Now Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are weekly 15 minute (or less) white board lessons by Cybrary Instructors and SME’s. They are designed to provide you with a quick dose of cyber security learning. We publish a new episode every Wednesday morning (Eastern Time). Now, check out our newest episode below!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor – Joshua Marpet Bio: Josh’s background is varied ac ... Continue Reading >>

Hector Monsegur has had a colorful history. A reformed black hat who went by the name ‘Sabu’ when he was involved in the hacker collectives “Lulzsec” and “Anonymous”, he turned state’s evidence for the FBI, working to stop further hacking attempts by the same people he was previously working with. This week, we got to sit down with Hector, to find out what he’s been doing in the last few years. Obviously, a regular job in the security realm for a l ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-009-brian_engle_rcisc_information_sharing.mp3 We’ve reached peak “Br[i|y]an” this week when we invited our friend Brian Engle on to discuss what his organization does. Brian is the Executive Director of the Retail Cyber Intelligence Sharing Center – R-CISC. “Created by retailers in response to the increased number and sophistication of attacks against the industry, the R-CISC provides another tool in retailers’ arsen ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are our weekly 15 minute (or less) lessons put together by Instructors and Cybrary Staff to offer you valuable information relevant to your life. Every Wednesday morning (Eastern time) a new session will be available for you to view, read, and discuss with others. Make sure to come back weekly and see what’s new!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor – George ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3   DNS… we take it for granted… it’s just there. And we only know it’s broken when your boss can’t get to Facebook. This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it’s creation, how it’s hierarchical structure functions to allow resolution to occur, and even why your /etc/host ... Continue Reading >>

Diving a little deeper Previously, I’ve written about the value of cyber security degrees and wanted to dive a little deeper into this topic. Lately, I have had a series of conversations on this topic. The opinion I’ve formed on the subject seems to represent a large consensus. Many jobs in cyber security require people to have a certification. Or, at least, a cert will help back up a skill set. They’re helpful in getting many of the jobs are out there. Penetration testing, m ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are our weekly 15 minute lessons put together by Instructors and Cybrary Staff to offer you valuable information relevant to your life. Every Wednesday morning (Eastern time) a new session will be available for you to view, read, and discuss with others. Make sure to come back weekly and see what’s new!   You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free. Join Now Login Instructor Bio – Dean Pompilio ... Continue Reading >>

Hey hey everyone after a very long break due to work, education, and family circumstances we are finally back. On this weeks episode we are joined by Ben Miller and Jayson Street. We discuss three stories from 2015 and talk about our predicitons for 2016. Dont worry we have another episode right around the corner. You can listen to the newest episode at http://www.cydefe.com/podcast/ or you can listen to us on itunes. Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3 This week’s super-sized episode is brought to us thanks to previous guest Cheryl Biswas. You might remember her from our “Shadow IT” (http:/brakeingsecurity.com/2015-048-the-rise-of-the-shadow-it) podcast a few months ago. She reached out to us to see if we were interested in doing a podcast on mainframe security with her and a couple of gentlemen that were not unknown to us. Of course we jumped at the ... Continue Reading >>

You must be a Cybrary member to view this S3SS10N. Don’t worry, membership is completely free! Join Now Login Continue Reading >>

We first heard about FingerprinTLS from our friend Lee Brotherston at DerbyCon last September. Very intrigued by how he was able to fingerprint client applications being used, we finally were able to get him on to discuss this. We do a bit of history about #TLS, and the versions from 1.0 to 1.2 Lee gives us some examples on how FingerprintTLS might be used by red teamers or pentest agents to see what applications a client has on their system, or if you’re a blue team that has specific appl ... Continue Reading >>

This week starts with an apology to Michael Gough about comments I (Bryan) mangled on the “Anti-Virus… What is it good for?” podcast. Then we get into the meat of our topic… a person’s “Moxie” vs. a mechanism Moxie: noun “force of character, determination, or nerve.”   Automation is a great thing. It allows us to do a lot more work with less personnel, run mundane tasks without having to think about them, and even allow us to do security ... Continue Reading >>

You must be a Cybrary member to view this S3SS10NS. Membership is free! Register Now Login Whiteboard Notes (Click the picture below to open in a new tab)   The Supreme Court Decisions of Riley v. California and U.S. v. Wurie (seizure of cell phones and search of cell phone data incident to arrest). These cases limit the ability of law enforcement to view cell phone data after a subject is arrested. Therefore there are 4 key take-a-ways for law enforcement. 1. The ability to search an arr ... Continue Reading >>

What is S3SS10N Wednesday? S3SS10N Wednesdays are our weekly 15 minute lessons put together by Instructors and Cybrary Staff to offer you valuable information relevant to your life. Every Wednesday morning (Eastern time) a new session will be available for you to view, read, and discuss with others. Make sure to come back weekly and see what’s new!   Instructor Bio – Kelly Handerhan Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary a ... Continue Reading >>

Patrick Heim, Chief of Security and Trust at Dropbox Brakeing Down #Security had the pleasure of having Patrick Heim join us to discuss a number of topics.   What stops many traditional #companies from moving into #cloud based operations? What hurdles do they face, and what are some pitfalls that can hamper a successful #migration? We touched briefly on #BYOD and the use of personal devices in a business environment, as well as #Dropbox’s deployment of optional #2FA and using #U2F key ... Continue Reading >>

The team at Cybrary has officially named February: #SecureCodingMonth Given that secure coding principles are often so overlooked in most CS programs and coding classes, we feel the obligation to fill the coding security void. There are many courses on Cybrary which coders / programmers can benefit from already, such as the Advanced Penetration Testing and the CompTIA CASP. However, we have yet to launch classes that are specifically designed, from start to finish, to address the methodical step ... Continue Reading >>

BrakeSec Podcast welcomes Bill Gardner this week! #Author, #InfoSec Convention Speaker, and fellow podcaster… We break a bit from our usual rigid methods, and have a good ol’ jam session with Bill this week. We talk about #vulnerability #management, #google #dorking, #career management, the troubles of putting together a #podcast and more!   Bill’s Twitter: https://www.twitter.com/oncee Bill’s books he’s authored or co-authored: http://www.amazon.com/Bill-Gard ... Continue Reading >>

http://traffic.libsyn.com/brakeingsecurity/2016-003-AntiVirus_what_is_it_good_for.mp3 #Anti-virus products… they have been around for as long as many of us have been alive. The first anti-virus program, “The Reaper” was designed to get rid of the first virus ‘The Creeper’ by Ray Tomlinson in 1971. This week, we discuss the efficacy of anti-virus. Is it still needed? What should blue teamers be looking for to make their #anti-virus work for them.  And what options d ... Continue Reading >>

When you think of a centaur, thoughts of a mythical creature that can perform threat analysis doesn’t exactly come to mind, does it? Enter Recorded Future’s artificial intelligence system – poised to provide both intelligence and strength to uncover hidden threat actors upon our systems. In this way, Recorded Future’s  use of AI techniques in the security realm is similar to that of a centaur — its the brains and brawn that make their threat predictive and analysi ... Continue Reading >>

  As every security professional knows, for every ‘Happy New Year!’ shout, hoot and holler, there’s a heck of a lot additional commotion going on surrounding another issue—a new year of new security threats. And while it’s no secret that 2016 will bring along a hoard of headline-grabbing security incidents, it’s important to know what the experts think will be the most biggest security trends of the new year. Lucky for you and I, the threat intelligence ... Continue Reading >>

This week, we find ourselves understanding the #Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap. Remember the last time you heard about a hardcoded #SSH private key, or have you been at work when a developer left the #API keys in his #github #repo? We go through some gotchas from the excellent book “24 Deadly Sins of #Software #Securi ... Continue Reading >>

#Jay #Schulman is a consultant with 15+ years of experience in helping organizations implementing #BSIMM and other compliance frameworks.  For our first #podcast of 2016, we invited him on to further discuss BSIMMv6 and how he has found is the best way to implement it into a company’s #security #program.   Jay Schulman’s #website: https://www.jayschulman.com/ Jay’s Podcast “Building a Life and Career in Security” (iTunes): https://itunes.apple.com/us/podcast ... Continue Reading >>

The good folks over at Android Authority featured our Android App, which of course was previously banned in the Google Play Store. Again, thanks to all of you who caused an uproar, which ultimately got the app reinstated by Google Play. Here is the article on Android Authority. Continue Reading >>

ATTENTION: Web Developers in the Washington DC / Baltimore, MD area!! Here is a chance to come work for us!! We are seeking a talented WordPress developer to join our team, and work with us to continue to build our rapidly growing community and learning website. The person we hire must be able to work at our Greenbelt, MD office, and we cannot offer relocation. Our company values are as follows, and if you believe that any of our values may be a problem for you, its best that you do not apply, b ... Continue Reading >>

Dave Kennedy does a lot for the infosec community. As owner/operator of 2 companies (Binary Defense Systems and Trusted Security), he also is an organizer of #DerbyCon as well as creator and active contributor to the Social Engineering ToolKit (#SET).  You can also find him discussing the latest hacking attempts and breaches on Fox News and other mainstream media outlets. But this time, we interview Dave Kennedy because he has been elected to the ISC2 board. He will be serving a 3 year term wit ... Continue Reading >>

I got a hold of Mr. Wim Remes, because he was elected to the ISC board in November 2015.  Recent changes to the CISSP included changing the long-standing 10 domains down to 8 domains, plus a major revamp to all of them. I wanted to know what Mr. Remes’ plans were for the coming term, how the board works, and how organizations like ISC2 drive change in the industry. I also asked Wim how he is trying to ensure that CISSP and the other certs are going to remain current and competitive. This ... Continue Reading >>

Recently, we surveyed 435 senior-level cyber security professionals on topics surrounding the cyber security job market, and discussed the directions the market may be heading. As we’ve discussed many times, cyber security’s skills gap is massive, incomparable to anything in the world’s recent labor market. We packaged the results of the survey into the infographic below. We present data on expected growth rates, upcoming cyber security job demands, duration of job openings, th ... Continue Reading >>

We’ve realized that it might have been confusing for some people on where to start a class since all of the “good stuff” was buried under hundreds of page scrolls. Well now we’ve re-arranged the main course pages. The information you wanted is now on top (go figure)! Faster access to the course lessons without all the scrolling. But don’t worry – all of the information from before is still there, just in a different spot. So let us know what you think of the ... Continue Reading >>

#MITRE has a matrix that classifies the various ways that your network can be . It shows all the post-exploitation categories from ‘Persistence’ to ‘Privilege Escalation’. It’s a nice way to organize all the information. This week, Mr. Boettcher and I go over “#Persistence” and “#Command and #Control” sections of the Matrix. Every person who attacks you has a specific method that they use to get and keep access to your systems, it’s as ... Continue Reading >>

That’s the question many think is an automatic ‘yes’.  Whether your httpd is running on port 82, or maybe your fancy #wordpress #module needs some cover because the code quality is just a little lower than where it should be, and you need to cover up some cruft. But maybe there are some times where things just need to be secure… This week, Mr. Boettcher and I discuss reasons for obscuring for the sake of #security, when it’s a good idea, and when you shouldn’ ... Continue Reading >>

Globally, cyber security shortages are expected to reach upward of 1.5 million by the year 2020. As the Cybrary community reaches the 300,000 registered users mark; we found this a great opportunity to thank everyone that has contributed and continued to make this a great cyber security learning environment for people from around the world. We are proud to make our content available and represent users from nearly every country and truly believe we will have the ability to help curb the looming ... Continue Reading >>

This post is an update to my previous post about Cybrary’s Android app being banned from the Google Play store: https://www.cybrary.it/2015/11/google-play-against-cybersecurity-education-and-for-censorship-you-decide/ Thank you Cybrarians, for your support in getting the Cybrary app put back into the Google Play store! Also, thank you Google Play Support Team for hearing our appeal! As you know, last Wednesday (11/25), the Google Play Support Team notified us that our app was being removed fro ... Continue Reading >>

On this week’s episode we discuss Microsoft’s operations center to fight cyber threats, Dell added Cylance, a bug in Gmail app for Android allows anyone to send spoofed emails, and Siri’s lockscreen bypass. This weeks episode also has a codeword that can be entered over at our giveaway page at http://www.cydefe.com/giveaway Continue Reading >>

What we are about to present are facts regarding why the Google Play Support team decided to remove our app from their app marketplace, and how this position by Google Play reflects a negative stance against the free flow of cyber security education, and an enactment of censorship of what should be available knowledge to the cyber security community. If you believe knowledge should be free and open, then feel free to make your voice heard in a professional manner.   See the conversation on Twit ... Continue Reading >>

Cybersecurity – Choosing a Career As computer systems store more and more confidential personal, financial, medical, and top secret data, protecting that data is becoming more and more important to governments and businesses, worldwide. Enterprises must respond to the increasing number of complex threats and attacks by hiring cybersecurity professionals with deep technical experience in a variety of new and rapidly-evolving technologies.   Cybersecurity is one of the fastest growing car ... Continue Reading >>

Hello Fellow Cybrarians, As you know, our promise to you at Cybrary is that we will continue to provide new, cutting edge cyber security classes for free, forever. We will never ask you to pay for our classes. We are working hard to continue to build more classes, and we are working on making the learning experience within our classes, even greater. Currently, the team is working on adding quizzes, practice tests and other features. We will also soon be launching two new classes; Intro to Malwar ... Continue Reading >>

Cybersecurity certifications are very often required for employment in cybersecurity jobs. Certifications benefit employers by identifying prospective employees with specific skill sets, and certifications help prospective employees stand out when applying for a job in the desirable and competitive cybersecurity job market. Industry certifications are vendor-neutral (vendor certifications are for a vendor’s specific products) and provide industry-recognized evidence of having a specific skill ... Continue Reading >>

Struggling to get that promotion or land that cybersecurity job? Have all the right skills/certifications/years of experience but things just don’t seem to work out? You’ve read about the demand for cyber professionals, seems like a no brainer that the company should be need you. The articles say there are over 200,000 unfilled jobs in the US and several times that, worldwide. Companies are complaining that there aren’t enough professionals with the skillsets to fill their open positions ... Continue Reading >>

Cyber security is a booming field with many positions available, but Millennials seem to be largely ignorant of these opportunities. In order to stay on top of the demand for cyber security specialists, both current professionals and educational institutions have to start making an effort to open the doors of the industry to young people. The Growing Need for Cyber Security It only takes a quick look at recent news to know that security breaches are running rampant. Whether it’s someo ... Continue Reading >>

Cybersecurity, as much as it seems to be just the current buzzword of the month , is very much part of our present and future lives. Our reliance on technology continues to grow; and now, with the commencement of the Internet of Things, that technology is growing even more connected and interdependent. Week after week, a new breach hits the airwaves, reminding us that even, what seem to be, the largest and most protected companies share in the same risk we all face. While those threats, and our ... Continue Reading >>

Cyber security jobs offer lucrative financial rewards for protecting the nation’s computer networks and data from attack or unauthorized use. These top five highest paying positions command six-figure salaries: 1. Chief Information Security Officer (CISO) Complex challenges to a CISO include the development and delivery of an Information Technology (IT) risk management strategy that is aligned with business security. The primary responsibility is the general supervision of an organization’s ... Continue Reading >>

In honor of November 5th, we will be issuing double Cybytes on all Cybyte based activity (not on purchases, these ones you have to earn). Cybytes activities can be found here: https://www.cybrary.it/cybytes/ So, any time on 11/5/2015, login and accumulate Cybytes, just like you would on any other day, we will reward you with double Cybytes, its that simple. Why Are We Doing This? As many of you know, the team here at Cybrary believes just as many of you do, that knowledge should be free. Learn ... Continue Reading >>

With the proliferation of hack attacks and cybersecurity breaches, there is a growing need for cybersecurity experts and, therefore, there are an increasing number of opportunities in cybersecurity for those entering the work place or wanting to change careers to take advantage of the opportunities in this growing field. One of the first decisions someone entering this field needs to make is whether to work in the public sector or the private sector. Public sector jobs generally are with governm ... Continue Reading >>

Following last month’s $1billion contract awarded to Raytheon from the Homeland Security Department, the Pentagon is now taking bids from defense contractors to help protect against the digital future. Big industry names such as Raytheon Co., Lockheed Martin Corp., and General Dynamics Corp. are expected to be at the forefront, competing for a contract valued at up to $460 million. While many of these large companies have felt the effects of budget cuts elsewhere, with the government’s dedic ... Continue Reading >>

Finding a job that will sponsor you for a US Security Clearance is pretty tough to do. Many jobs out there in the US Cyber Security jobs market require that you already have a clearance. People know all to well, that in the USA, a Security Clearance is a ticket to a lifelong successful career in Cyber Security, but getting one is always the hard part, unless you are fresh out of the military, and you already have one. When a new jobs pops-up, that is offering to sponsor you for a security cleara ... Continue Reading >>

A “Cyber Talent Pipeline” refers to an organization’s creation of an going, readily available, talent pool to fill various cyber security jobs, as they become available. The effects of a poorly maintained pipeline is hitting the cyber security industry in full force. The supply is simply not available to meet the demand. With present reporting of over 200,000 unfilled jobs, and future shortage reports upward of 1 million by 2020, we are now faced with a need to create solutions that c ... Continue Reading >>

Episode 19 of our podcast is up at CyDefe.com/podcast. On this weeks episode we are joined by Shannon Morse. We discuss hacking chip and pin cards, malware that replaces your browser, a FitBit danger, and the rise of OS X malware. Have a listen and enjoy. Continue Reading >>

Did you know that the demand for skilled cyber security professionals is growing four times faster the overall IT job market, and 12 times faster than the total labor market? Currently there are more than a million open job postings for cyber security positions around the world. Cybrary is curious to know what business and other organizations are thinking when it comes to the cyber security job market. Here’s how you can help:  Take our brief survey Enter to win an iPad (optional) R ... Continue Reading >>

WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely. Why are we talking about it? Its use in the enterprise and by admins is rarely used, but use in moving laterally by bad actors is growing. It’s highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. Mr. Boettcher and I sit down and discu ... Continue Reading >>

Hello Cybrarians, I hope you all had a great weekend! Many of you know that Two weeks ago, we launched our Android Application, which is available here https://play.google.com/store/apps/details?id=com.cybrary.app I would like to ask for your help in getting the word out about our App. If you would be willing to submit our App to App Featuring Websites like Product Hunt (www.producthunt.com) and Hacker News (news.ycombinator.com) we we would be very grateful! In fact, since interacting and enga ... Continue Reading >>

We’ve toiled and wracked our brains trying to figure out what to call our members, but nothing ever seemed good enough.   Trying to explain who our global community is in just a name is trickier than it seems. Now you get the chance to voice your opinion. What do you want to be called? Let us know which of the following you like the best, or provide your own suggestion. Cybrarians Cybrary Nation Cybrary Empire Continue Reading >>

Getting hired has never been an easy process. Between revamping your resume and spending hours on LinkedIn searching for ‘networking opportunities’, looking for a new job can be both time-consuming and frustrating. Enter Cybrary’s new job platform, created in part to help alleviate some of the stress invariably involved in the job hunting process. Currently, there are over one million unfilled jobs in the cyber security industry. The problem? Matching the right talent to the n ... Continue Reading >>

Washington D.C., Virginia, and Maryland are being called the hub for cyber security jobs. Driven by an exorbitant federal budget and an influx of venture capital, demand for cyber security professionals is not only high, but, as basic economics tells us, due to the shortage of those qualified professionals, salaries for these positions are pushing ever higher. The venture capital that has made its way into the Cyber Corridor (as the DC, VA, MD area has been known to be called) is helping to driv ... Continue Reading >>

Get even more convenient access to Cybrary through our Android mobile app so you can learn how to hack, crack and exploit nearly anything. Our developer @akhaliq92 has worked diligently over the past several months to make your mobile experience better with features that include easy video downloading, video streaming, and offline viewing. You can also visit the forums, look for jobs, and rate our content – Oh yeah, and it’s FREE just like Cybrary. So, why the Cybrary App? This mobile app wa ... Continue Reading >>

Typically, October equals Halloween. The month of October is also national cyber security awareness month. Sure it’s all about the haunted houses, frightening decorations, and scary costumes. Do you know what else is scary? Viruses and malware. These two often occur when an abundance of internet searches occur. What group of people spend a significant amount of time on laptops, tablets, phones? I’d say college students. I attend James Madison University, a student body of over 20,000. Think ... Continue Reading >>

When we wanted to have Martin Fisher on, it was to discuss ‘Security Mandate vs. Security Influence’. We wanted to discuss why companies treat compliance as more important, and if it’s only because business requires it to be done. And if infosec is a red-headed stepchild because they often don’t have the guidance of a compliance framework. But it ended up going in another direction, with Martin discussing infosec leadership, and how we as agents of infosec should be ̵ ... Continue Reading >>

Hey hey everyone. We at CyDefe have released another awesome episode of our cyber security podcast. On this week’s episode we discuss fake blue screen of death, ad blocking, a critcal WinRAR vulnerability, and a shortage of cyber professionals. You can check out the episode on iTunes or check it out on our website. Have a listen and enjoy. Continue Reading >>

Sure, maybe you’d like to think you possess the manpower to monitor your computer networks 24/7, but we all know that’s simply impossible.  Thus, threats come as they may, and you might be sleeping when one attempts to overthrow your data system. So what can you do to prevent this from happening? Enter the Honeypot—a security mechanism that detects and deflects threats from harming your data, so you don’t have to. Setting up a honeypot is easy, and can be done in a few ... Continue Reading >>

Cybrary would like to announce a really cool Java programming competition by our friends at NextHacker. Check it out:  Java Programmers Competition IPPC: SHOW ME YOUR SPEED!  We are already convinced that there are many gifted programmers and ingenious hackers. Now we want to know who the fastest and most flexible are. After all, we are in the century of speed: TIME = $ Next Hacker IPPC: International Programming Player Competition, February 26 & 27, 2016 in Berlin, Germany, the 2016 IPPC ... Continue Reading >>

Employers Want YOU!   If you are searching for a job or looking to change to a career in IT or Cyber Security, our developer has created something special for you. Cybrary’s job platform was created for employers, recruiters – and yes – YOU! To help build the Cyber Security community and balance the “ecosystem” that is the world of IT, our platform is aimed at helping members find jobs near them that match their skills and experience.   This is why completing your Cybrary profi ... Continue Reading >>

Given we’re a cyber security education company, we like to preach (maybe too much at times) about how darn important security awareness training for employees really is. So, we thought we’d share the hideously ugly lesson that internet authority company, ICANN, learned about security awareness not too long ago.   Reliving the ICANN Phishing Hack: Phishing is the act of using electronic communication to pretend to be a trustworthy individual in order to obtain secure informat ... Continue Reading >>

You know those times where you took an exam without studying, and still did well? We hate to break it to you, but those times don’t exist in the Infosec world.  Sure, you may have one or two baby Einsteins who can sit through a five-day bootcamp and retain all of the information without blinking, but for the rest of us, actual studying is part of the process will have to occur. When it comes to reviewing for an exam, the problem many of us face isn’t how to do it, it’s where ... Continue Reading >>

Perhaps it is somewhat shocking that hundreds of thousands of people are learning hacking, for free on Cybrary. However, there are several very good reasons for this free cyber security learning revolution. A fundamental change in the way cyber security is taught and learned, is upon us. Together, the Cybrary team, and each of our Members, are making this change happen, and it is well overdue. The ability to learn cyber security should be a right, not a privilege. Up until now, that privilege wa ... Continue Reading >>

There is a cyber defense podcast that launched a couple of months ago called CyDefe, and they have been doing some really cool things. Their focus, and tagline, is “Making cyber defense simple”. I had the pleasure of joining this podcast for an episode, primarily focused on end user security, the other day. That episode will launch Thursday, 8/20/15. In their short time podcasting, they have already had some really cool guests, including last week’s guest Jayson Street. What I ... Continue Reading >>

Regarding, end-user security, the term PII is commonly referenced. PII, or Personally Identifiable Information, consists of data that can allow an individual to trace and/or contact another person. This type of information may indicate an individual’s name, address, the type of car a person owns, credit card numbers, the names of family members, email addresses, telephone numbers, the locations of schools that an individual has attended and a person’s driver’s license number. ... Continue Reading >>

Security Awareness Training has migrated from a “nice to have” security function within an organization, to now, a “must have.” In fact, more quickly than ever, companies of all sizes and industries are integrating security awareness training into their required learning for all employees. It’s now a matter of simply being irresponsible if your organization doesn’t have a course. One of the more common features in a security awareness training course is the pr ... Continue Reading >>

Great news! Our End User Security Awareness training course, is now available from Cybrary. No matter how well trained the cyber security staff is within your organization, the greatest vulnerability remains just that, a huge vulnerability, if it remains unmitigated. It is widely known that the primary cause of data breaches within organizations comes from their end users. Cybrary now helps your organization address this major concern with our continually updated, cutting edge, easy to follow, ... Continue Reading >>

Are you familiar with the process of a virtual machine’s OS separating from its parent’s hypervisor, which is known as VMEscape? Are you familiar with the key vulnerabilities that exist within the VMEscape process? Here is how you mitigate security risks in VMEscape: Keep virtual machine software patched. Install only the resource-sharing features that are required. Keep software installations to a minimum as each program carries vulnerabilities. If you’re less than familia ... Continue Reading >>

Below is an email we received from Cybrary [email protected] He wrote to tell us about the success he had in passing the exam after taking our Security+ Course. If you have a similar success story, we’d love to share it. Send an email telling us about it: [email protected] Here’[email protected]’s email: Hey everyone. My name is Alan Raff. I am a Computing Security student at the Rochester Institute of Technology in Rochester, NY. I just wanted to take a couple minutes to explain w ... Continue Reading >>

We get it. We truly do. We’re JUST as excited about our new classes as you. We understand the anticipation, the anxiousness and the frustration. You joined Cybrary just for Malware Analysis. You refresh the Metasploit course page daily.  We get it, because we created Cybrary for you.  So when you ask us about the release date of a specific class and we can’t give you a definitive answer, it’s not because we don’t care about you. It’s because there’s a lot th ... Continue Reading >>

Many companies, throughout the years, have failed because they failed to innovate and change. Many great market leaders, like Kodak, even held in their hands the future of their industry, and still refused to embrace it. Change is always difficult for someone of something in a position where status quo is providing awesome returns. It takes courage to innovate, and that’s why it is so difficult. The CompTIA Security+ certification is a fantastic example of a cyber-security certification that ... Continue Reading >>

The Certified Information Systems Security Professional (CISSP) certification is a strong credential to have for professionals who have a mix of both technical and managerial experience as well as competence in designing, engineering and the overall management of security programs. Their knowledge helps protect company’s important and confidential information from the growing threat of cyber attacks. This certification is perfect for security professionals in the following positions: Security ... Continue Reading >>

Wireless networks are fast and convenient and allow for many devices to be connected on a network and communicate with each other. However, this technology presents a new set of issues that weren’t present in the wired world. Mainly, threats to security including but certainly not limited to: Information reaching unintended recipients Unauthorized users exploiting the open access of such systems; destroying or stealing data Network shutdowns to attacks Authorized users losing network access d ... Continue Reading >>

Individuals now own multiple electronic devices – from Smartphones, to tablets, to laptops and more. They often bring these items into the workplace, or use them to work from a remote location. Increased threats to a company’s important and confidential information are more prevalent than ever. Protection of this information is crucial – as information can travel across the world in mere seconds. Cryptography provides protection and plays an integral part in against fraud in electr ... Continue Reading >>

In a physical crime scene, say a home has been burned down as a result of an arsonist or maybe a home has been burglarized, the role of first responders on the scene is very important. These skilled individuals must be able to avoid contaminating the crime scene or destroying evidence, all the while securing the crime scene and documenting every detail, down to the most minute. First responders take note of the victims, the lighting, talk to witnesses and potential suspects and try to gather any ... Continue Reading >>

Calling all Spanish, French and German Speakers Cybrary’s mission is to provide free cyber security and IT training to people across the globe. However, as an English-only website, we have been limited in our ability to reach people who do not speak English as a first language. Because we are committed to making our revolution global, we are expanding our course content to include translated subtitles to make free learning truly accessible to all.  Spanish, French or German speakers a ... Continue Reading >>

When taking classes to prepare for exams, there are important factors to consider. With Cybrary’s courses, much – if not all – of the class material is based on watching videos. While this may be great for some people, for others it is not enough to fully grasp the discussed concepts. Below are some tips on how to prepare yourself for learning in an online environment, and how to effectively study the information to help pass your exams. Keep in mind that there is no “right” or “wron ... Continue Reading >>

The CIA triad is becoming the standard model for conceptualizing challenges to information security in the 21st century. CIA stands for confidentiality, integrity and availability, which are said to be the three most important elements of reliable security. Every IT worker should have a thorough understanding of the triad and its intricacies, but every staff member who works around sensitive data should at least be made aware of the concept, which is why the concept is a foundation to our Securi ... Continue Reading >>

When most people think of a hacker, they think of a dishonest individual who uses techniques to bypass a system’s defenses and steal confidential and sensitive information. Security breaches, data as well as identify theft are all incidents which can occur as a result of a hacker breaking into a system. However, in this modern workplace where information can be distributed and leaked in seconds, there exists the ethical hacker. Sounds like an oxymoron to you? Well, it isn’t! In fact, the eth ... Continue Reading >>

Computer related crime is very prevalent in this day of global communication, people bringing their personal electronic items to work as well as many companies having people who do not work in house but instead opt to work remotely. For this reason, the field of digital investigation is an emerging field and up to date knowledge of the latest practices and technology in the field is paramount for the following professionals: Anyone who may encounter a crime scene that might involve digital evid ... Continue Reading >>

The following is a re-post of the excellent PowerPoint presentation created by Cybrary SME @ethicalmjpen regarding Vulnerability Assessment and Penetration Testing and how the two differ, and overlap. We wanted to share this on the blog because the content in explaining the two topics, is very concise and offers great insight. To download the actual slides, Go Here. Vulnerability Assessment & Penetration Testing, An Analysis and Comparison – by @EthicalMJPen Vulnerability Assessment I ... Continue Reading >>

Many of the Members that join Cybrary, join because they are looking to begin a career in cyber security. This is obviously a great idea given that the amount of unfilled jobs in cyber security, globally, is estimated to be over 1 million. The question is though, where should one begin when they have no tech, IT, or cyber security experience at all? We address a variety of scenarios for people looking for training on the learning paths page on our site. Most commonly, it is best to begin ones c ... Continue Reading >>

Public key cryptography has been around for a long time. Whitfield Diffie and Martin Hellman invented it in 1976. It sometimes goes by the name Diffie-Hellman encryption as well as symmetric encryption as it uses to keys instead of one (this is called symmetric encryption). Cryptography uses two kinds of encryptions: A public key which is known to everyone and a private key, which is just known by the recipient of a message. An example of cryptography in motion: imagine you want to send a secur ... Continue Reading >>

Electronic discovery, also known as e-discovery refers to a process of how information is obtained, located and secured to be used as evidence in a civil or criminal legal case. E-discovery can be carried out in the following ways: Offline On a particular computer As part of a network In addition to the above, there is also a type of e-discovery known as government sanctioned hacking, which a court might order for the purpose of obtaining important evidence. E-discovery makes finding informati ... Continue Reading >>

The CompTIA Advanced Security Practitioner (CASP) certification is a credential that designates professionals IT industry with advanced-level security skills and knowledge. The CASP certification is approved by the United States Department of Defense (DoD) to meet IA technical and management certification requirements and is a credential favored by multinational corporations such as Dell and HP. It is vendor neutral and is a globally recognized name. The CompTIA Advanced Security Practitioner (C ... Continue Reading >>

Over the past few years, the news has been full of stories detailing how large corporations put the security information of tens of thousands of their clients at risk. More times than not, these risks came as the result of low-level employees doing things to compromise the cyber security of large multi-million-dollar corporations. In an effort to combat security breaches, more and more companies are paying to provide their employees security awareness training. However, there is some debate as t ... Continue Reading >>

Threat intelligence company Recorded Future has just released a daily email service that will deliver up-to-date information on the latest threat indicators for IT and cyber security professionals. The service, called the Cyber Daily, is a free newsletter that will include the top five results in each category for trending technical indicators that Recorded Future has analyzed over the last 24 hours. Categories include Information Security Headlines, Top Targeted Industries, Top Hackers, Top Ex ... Continue Reading >>

The end user security awareness industry has taken off substantially in the last several years. As more and more organizations are breached and embarrassed publicly due to end user negligence or malevolence, the mass adoption of “we need to do something about this” has spread rampantly. What we previously believed to be a problem reserved for major corporations, we now realize is a problem that faces organizations of every size and type. Great examples include the Damariscotta Countr ... Continue Reading >>

Cybrary’s initiative is to make cyber security learning free and open for everyone, everywhere. This basically means, we want to provide the opportunity to learn to those who either want to begin a career in the field, or for those who want to advance within their current IT or cyber security job. In order to reach this goal, we need to continually be in front of the upcoming trends, continually recognize the next hot topic and continually innovate with our course offerings. Research, deve ... Continue Reading >>

In the ethical hacker class on our website, the course begins by recapping the five phases of penetration testing. Essentially, the five phases of pen testing is a module that summarizes what the rest of the ethical hacker class is going to look like. The five phases refer to each primary step in the process of operating a penetration test, and the concept is critical for a new entrant into the field. Here is a brief overview of the five phases of penetration testing: Phase 1 | Reconnaissance Re ... Continue Reading >>

Show off Your Achievements Use Cybrary often? Completed several courses? Show off what you’ve worked so hard for! Now that you have earned the cred make sure to share your achievement! Our L337 Emblem is available below along with a code snippet to help you better display it on your site or signature. <A HREF="http://cybrary.it/" target="_blank"><IMG SRC="https://www.cybrary.it/wp-content/uploads/2015/04/transparent-leet-mask.png" WIDTH="xxx" HEIGH ... Continue Reading >>

We often get asked by our Members, if we plan on offering coding classes. The short answer is no, and typically, what we do, is refer people to sites like Codecademy and Code Fellows. Those companies specialize in coding / programming training, and have capabilities to do that type of training much better than we do. Our focus is on core Cyber Security training. However, the fact that our Members consistently ask us about that type of training is because a fundamental knowledge of coding is abso ... Continue Reading >>

  In order to get into a secured system, you’ll have to first break in—and a lot of times, the first step in doing so requires cracking a password. Contrary to popular belief, password cracking doesn’t actually require a lot of heavy-lifting. Instead of spending hours at a computer screen trying your hand at thousands of random combinations, the computer does the work for you. So while the process is less labor-intensive than those pictures of hackers staring intently at ... Continue Reading >>

Want to Know How and Where All Major Data Breaches Begin? With all of the publicity major corporate data breaches receive, we often get caught up in the outcomes. What happened, how many people were impacted and in what ways, who was responsible, etc. In the 2014 Sony Pictures hack, personal data about employees and corporate IP was released to the public. In the Target hack, hackers made money selling the magstripe data of the victim’s credit cards on the black market.   Media has tradi ... Continue Reading >>

The Smartphone Pentest Framework (SPF) in Kali Linux is an increasingly useful tool, initially developed by Georgia Weidman. The 5 part tutorial for how to use the SPF is part of the Advanced Penetration Testing class, which of course is free, just like all of our classes. For Cybrary Members who have a solid foundation in penetration testing, I would highly recommend you take that course, overall, it is an invaluable experience since it deeply covers a wide variety of advanced pen testing conce ... Continue Reading >>

This post will begin by assuming you have a baseline skill set in information technology. Generally, in order to begin your career in Cyber Security, you would need some fundamental skills. Often, in the IT training industry, baseline skills include topics covered in the CompTIA A+ class and the Network+ class. If you don’t have that type of skill set, begin there, then move in to Cyber Security learning. The Linux+ certification class will definitely provide you with useful knowledge that you ... Continue Reading >>

The first month and a half here at Cybrary have been really fun. So far, we are hearing from our Members that they appreciate what we are doing. I have spoken on this blog before about why we believe so firmly, that the opportunity to learn should be free and open to anyone, anywhere, for free, forever. We have found that many of our Members only have access to the site via a mobile device.  Watching the videos takes up a great deal of their monthly data limits on their devices plan. We want to ... Continue Reading >>

What is Red Team & Blue Team? At its core, there are two main players in any cybersecurity or penetration testing event. While the terminologies for the two sides vary (Hackers vs. Defenders, ‘Bad Guys’ vs ‘Good Guys’, etc.) one of the most commonly used titles is Red Team and Blue Team. To put it simply the “Red Team” is the group trying to find a way in and the “Blue Team” is the group trying to keep them out and responding if they get in.This cybersecurity landscape can b ... Continue Reading >>

Hopefully, with the support of our Members, Cybrary can be successful. Why? Because the education system both domestically here in the USA, and internationally, is flawed, badly. Education is far too limited. If one is not born into a family that highly values education, or a situation where they are not given the access that some others have, then one can be left behind very quickly. Here in the United States, students are herded through a standardized educational flow until they complete high ... Continue Reading >>

“Education is the most powerful weapon which you can use to change the world.” -Nelson Mandela For too long IT & Cyber Security education has been reserved for those who have the money to pay highly inflated prices. In the growing technological world, the need for that knowledge is at an all-time high. As you know by now, we believe firmly that IT and Cyber Security training, should be free! Cybrary has only been active for a month, and we have already heard from our Members about how fr ... Continue Reading >>

My Fellow Cybrary Members, We sincerely want to thank you for joining the revolution to liberate IT and cyber security training, for everyone, everywhere. The support you are providing will change the very landscape of the industry forever. I am posting this blog to both thank you, as well as give you some updates and tips about the site. Earning Points To begin, we need your help spreading the word about this revolution to everybody, and you may do so through the member point tool. If you sh ... Continue Reading >>

Hello Cybrary Members, First, we are appreciative that you have decided to join our community. We cannot survive without members, and we are working very hard to make your learning experience here as excellent as possible. The training on Cybrary is designed by our education team as well as the Subject Matter Experts who teach here. Our classes are designed to prepare you for the certification exam, as well as build your skill set in that topic. Cybrary was started because we believe, strongly, ... Continue Reading >>