Introduction to Attack Simulation

The purpose of Attack Simulation is to provide a process for simulating attacks to applications, analyzing cyber threats that originate them and mitigate cybercrime risks that these attacks and threats pose to organizations. PASTA consists of a seven stage process for simulating attacks and analyzing threats to an application environment with the objective of minimizing […]

Adversarial Machine Learning Threat Matrix

Microsoft and MITRE , also 11 other organizations including IBM, NVIDAI released adversarial Machine Learning Threat Matrix, an industry-focused open framework, to empower security analysts to detect, respond to, and remediate threats against ML systems: https://github.com/mitre/advmlthreatmatrix Read more on how cyberattacks against machine learning systems are more common than you think: https://www.microsoft.com/security/blog/2020/10/22/cyberattacks-against-machine-learning-systems-are-more-common-than-you-think/

What Is Threat Intelligence?

Threat Intelligence The intensifying race between different businesses and organizations racing to have an online presence has increased the risk of cyberattacks by manifolds and the need to have a strong cybersecurity system has never been direr. In recent years, cyber-attacks have caused organizations hundreds of million dollars and this is precisely the reason why […]

Basic Penetration Testing Tools

Basic Penetration Testing Tools Metasploit Framework – World’s most used penetration testing software Burp Suite – An integrated platform for performing security testing of web applications ExploitPack – Graphical tool for penetration testing with a bunch of exploits BeeF – The Browser Exploitation Framework Project faraday – Collaborative Penetration Test and Vulnerability Management Platform evilgrade – The update explotation framework commix – […]

Passive Footprinting

Passive footprinting is all about the publicly accessible information we are targeting. There are tools we can use for passive footprinting, like search engines, perusing social media sites, gaining network ranges and raiding DNS for information.