Psst! Do you wanna protect your company from security incidents?
But what you have is hundreds of apps, your infrastructure looks like a bowl of spaghetti and the company is short on resources? Don’t worry, it’s doable with careful planning!
This risk-based incident response framework lets you target the most critical things at your organisation. Keep on reading and your incident response team will operate as a powerful sniper rifle, rather than a clunky shotgun.
Ransomware is a variation of malicious software that encrypts the victim’s files without any consent, then demands a ransom in exchange for the decryption keys. This is a lucrative, multi-million-dollar business model, which targets hundreds of thousands of users each day.
Files becoming unavailable could lead to the disruption of normal business activities, therefore it costs money. A formal incident response playbook with effective pre-designed instructions, however, helps minimize the impact on the business.
Incident response runbook (aka. playbook, “use case”) is a written guidance for identifying, containing, eradicating and recovering from cyber security incidents.
Check out this practical guide that walks you through the runbook development process for tackling phishing campaigns.
Two-factor authentication protected WordPress login pages can be bypassed because of certain unsafe NTP practices.
The Internal clock of remote servers can be manipulated under the right conditions. Because certain WordPress Google Authenticator plugins also rely on the local timestamp, it opens up new ways to circumvent the user authentication process on the /wp-admin dashboard.
We demonstrate a practical attack against two-factor protected WordPress login pages. We are going to gain access to the dashboard without having access to the token generator app.
Because of unsafe NTP practices, internal clocks on remote machines can be manipulated under the right conditions. Once time is altered, expired SSL certificates become valid again and causes HSTS policies to expire.
But what about authentication? Certain TOTP implementations such as popular WordPress plugins also rely on the local timestamp.
This article demonstrates a proof of concept for accessing two-factor authentication protected WordPress dashboards.
This post guides you through the process of setting up PGP on OS X and registering a Keybase account. Configure Thunderbird and create a verified Keybase profile that allows you to send and receive encrypted email messages with other Keybase members.