From The Bottom of Information Technology
I recently sat for the Comptia CySA+ exam, and was pleasantly surprised at the technical material covered. What is it? Comptia started offering a new certification in June of 2017 that focuses on Blue Team/defensive information security and incident response. The CySA+ was recently recognized by the DOD to cover the Cyber Security Provider (CSSP) …
This weekend I decided to check out the TUCTF Capture the Flag event. The event started on Nov. 23rd 2018 in the evening. Location – Online: https://tuctf.com/challenges The rules were simple: ABSOLUTELY no sharing flags There is no limit to team members Prizes are given to the top 3 placing collegiate and high school teams …
After building out a fairly transparent home network, I found myself needing to receive IDS and SIEM alerts so I could respond to events quicker. AWS is reliable and fairly cheap, so that is the platform I chose to build out my SMTP server. This guide will only show how to stand up a system …
While working on a CTF a couple of weeks ago I ran across a challenge that required inspecting a web app. The page had one line of visible text, however the source showed many repeating patterns of characters(‌​) Say “Hello” to zero-width characters. These characters are called non-printing characters so they are not visible while …
Building your Command & Control environment from the cloud not only allows easy management of instances, but also provides scaling as needed. This guide will show how to build a ubuntu server in AWS, and then download and install the PenTest Framework. Create an AWS account. Under Instances -> Select Launch Instance Within the Quick …
Malware analysis, like many other areas of information security, has an overload of tools and custom scripts. With so many options it is difficult to stay on top of the most current useful tools for doing static/dynamic malware analysis. I stumbled across a great resource recently and wanted to share. Check out FireEye’s flare-vm. This …
Due to recent hardware failure, I have been on the market for a new switch to replace my CISCO 24 port. I wanted something a bit smaller, that would still allow management features such as VLAN, QOS, Port monitoring, etc. With these requirements in mind, I found a good deal on a TP-Link TL-SG1016DE. This …
Preventing messages and communication from being intercepted between two machines is a requirement in today’s IT infrastructure. In order to secure your communications between a server and client, encryption is required. TLS is the current standard. This walk-through will help install and configure SSL/TLS certificates on a Cent OS 7 machine. Check out the CentOS …
Read More “Set up SSL certificates for your web applications!”
What is the LAMP stack? This acronym was given because of a common group of services installed commonly for web applications: Linux, Apache, MySQL, and PHP. Before we install this group of open source services, if you need help installing CentOS 7, follow my walkthrough here. 1.Install Apache sudo yum install httpd 2.Install the database …
I recently passed the examination in March 2018. This entire experience has helped me understand security at a foundation level, and I expect this knowledge to greatly benefit my career. The CISSP or Certified Information Systems Security Professional is an information security certification that has had many mixed opinions in the security community. This mixed …