PenTest Edition: Testing Wi-Fi Passwords with Aircrack-ng
Aircrack-ng is a suite of wireless penetration testing tools used to assess the security of Wi-Fi networks, specifically through various monitoring, attacking, testing, and cracking methods that you'll learn here. Aircrack-ng is compatible with various IEEE 802.11 standards, which is great, but it will only work if you're wireless NIC supports "monitor" mode. If you ...
FISMA Compliance & NIST SP 800-37 (Rev. 1)
The "Federal Information Security Management Act," or "FISMA," is a U.S. federal law that arose from the E-Government Act of 2002. In this act, the U.S. government underlined the significance of improving the management of electronic government services and processes. FISMA provides the framework for organizations to develop and maintain the minimum security goals for ...
Orangeworm Mounting an Espionage Campaign Against the Healthcare Sector
A hacking group, dubbed "Orangeworm," is conducting highly coordinated and deliberate cyberattacks against healthcare facilities in the U.S., Europe, and Asia. According to many reports, Orangeworm is compromising healthcare systems like network shares and servers, but most notably, MRI and X-Ray machines. With the recent uptick in compromised IoT devices, it should come to no ...
HTTPS: The TLS Handshake Using Diffie-Hellman Ephemeral
A client securely connects to a web server via the TLS 1.2 transport encryption protocol. This is a process that starts with asymmetric cryptography and ends with symmetric cryptography. As a refresher, recall that asymmetric cryptography uses a public and private key pair, whereas symmetric cryptography uses only one shared key. I published a blog ...
Common Network Security Protections
Cybersecurity functions encricle the tertiary goals of confidentiality, integrity, and availability of data; thereupon, outlining the appropriate focal points to network security. I'll go through many of the technologies and processes used to secure modern-day networks in no particular order. Please note, this isn't a comprehensive list, but rather just SOME of the ways in ...
The Cybersecurity Man 