🚨 Only have one day to train? Make it count.
Join us on at OWASP Global AppSec USA 2025 in Washington, D.C. for a full day of expert-led, hands-on security training.
🎯 Whether you're a builder, breaker, defender, or manager, there's a course to help you go deeper.
🔗 Register: https://owasp.glueup.com/event/131624/register/
#OWASP #AppSec #CyberSecurity #InfosecTraining #AIsecurity #ThreatModeling #DevSecOps #OWASP2025 #WashingtonDC #SecurityTraining #PrivacySecurity
🔍 Ready to level up your offensive security skills?
Join Dawid Czagan on November 3–5 at OWASP Global AppSec USA 2025 for a 100% hands-on training: "Full-Stack Pentesting Laboratory"
👉 REGISTER: https://owasp.glueup.com/event/131624/register/
#OWASP #CyberSecurity #AppSec #Pentesting #DevSecOps #InfosecTraining #EthicalHacking #RedTeam #OWASP2025 #WashingtonDC
📣 Calling all developers and AppSec pros!
Join Jim Manico on November 3–5 at OWASP Global AppSec USA 2025 for a 3-day, hands-on training experience.
REGISTER NOW: https://owasp.glueup.com/event/131624/register/
➡️ Ideal for beginners looking to build a strong, modern security foundation in both traditional and AI-driven environments.
#OWASP #CyberSecurity #AppSec #AIsecurity #DevSecOps #SoftwareSecurity #WashingtonDC #SecureCoding #InfosecTraining #Developers
Roadmap To Achieving The PCI-DSS Certification
The Payment Card Industry Data Security Standard is a widely recognized and accepted information security standard that allows organizations to regulate a large assortment of credit cards through card schemes that are widely available.
Click here to enroll the PCI DSS training course - https://www.infosectrain.com/courses/pci-data-security-standard-training-course/
Cloud Practitioner Interview Questions
The Cloud Practitioner role is an excellent place to begin if you want to get into the realm of cloud computing.
Register here for cloud practitioner course - https://www.infosectrain.com/courses/cloud-security-practitioner-training/
#cloudpractionertraining #infosectraining #learntorise #cloudpractitioner
Still a few seats available for Red Siege's Red Team Tactics training this month!
https://redsiege.com/training-red-team-tactics
#redsiege #training #infosec #redteam #offsectraining #offsec #infosectraining
Level up your web #appsecurity testing with the #OWASP #ASVS! Listen in to our live discussion with our security consultant Shanni Prutchi as she shares her #appsec expertise, happening here later today!
Join us & bring your ASVS questions. #infosectraining #applicationsecurity #BFLive
And don't forget about our Discord AMA starting at 1 PM MST.
Last Call For Registrations!
In 2 weeks we will be meeting in Vienna for a deep dive into #SocialEngineering & #OSINT!
You can still join the 2-day training class "Practical Social Engineering & Open-source Intelligence for Security Teams" I will be delivering at this year's #DeepSec conference, in which you will...
🌐 Learn how attackers leverage OSINT to identify organizational vulnerabilities.
🎯 Understand the psychology and methodology behind social engineering attacks.
🔍 Acquire necessary skills & knowledge that will help you prevent and better simulate social engineering attack scenarios.
💼 Examine real-life case studies and attack methodologies.
📚 Build better protective measures, inform your security strategy, and learn to provide realistic insights to clients.
Date: 14 & 15 November 2023
Location: Vienna, Austria
⬇️ Course Content & Registration Details: https://deepsec.net/speaker.html#WSLOT626
I look forward to seeing you there!
#socialengineeringtraining #cybersecurity #opensourceintelligence #osinttraining #infosectraining #infosec #deepsec2023
Debunking Cybersecurity Myths
Cybersecurity expert Eva Galperin — @evacide — helps debunk some common myths about cybersecurity.
☑️ Is the government watching you through your computer camera?
☑️ Does Google read all your Gmail?
☑️ Does a strong password protect you from hackers?
☑️ Will encryption keep my data safe?
☑️ Are all hackers bad people?
Eva answers all these questions and much more using clear language that's easy to understand.
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation — @eff
Rather read than listen? A helpful transcript is available.
https://www.wired.com/video/watch/expert-debunks-cybersecurity-myths
#Infosec #Cybersecurity #BeCyberSmart
#MoreThanAPassword #InfosecTraining
#DiceWare #Encryption #Passwords
#PasswordManagers #PublicWiFi #VPN
#EFF #ElectronicFrontierFoundation
What is currently missing from ronin-exploits and ronin-payloads for beginners wanting to learn exploit/payload development? I keep seeing people in InfoSec educational Discord servers recommending Metasploit for beginner exploit-dev. I think Metasploit is way too complicated for beginner exploit-dev and it's exploits/payloads contain way too much messy and unnecessary boilerplate code compared to ronin-payloads/ronin-exploits. Metasploit is clearly better suited for exploiting old CVEs and learning how to pentest a Windows environment, due to it's corpus of exploits and meterpreter. I really think ronin-exploits and ronin-payloads, or even just loading ronin-support into a Ruby script, are much better suited for beginners than Metasploit, but I can't seem to get through to anyone.
PS: I know about pwntools. I am not asking about pwntools, I'm asking about ronin-exploits and ronin-payloads specifically in this context.
#exploitdev #xdev #infosectraining
It appears that the ALPHV ransomware group is behind MGM Resorts' cyberattack on Monday. The way they reportedly gained initial access is by looking into the MGM employees on LinkedIn, picking one, and then calling the Help Desk.
The ALPHV group is said to be "extremely skilled at social engineering".
Yet finding information on an organization's employees on LinkedIn & and then using it in a vishing attack, often impersonating that individual, is a frequent and rather standard practice in #vishing attacks.
I have seen first-hand that there is a need to improve in a few areas:
🔹 Few organizations are prepared to handle phone-based social engineering. Most companies focus almost entirely on #phishing attack simulations.
That allows blind spots and a lack of processes/preparedness in too many other areas like vishing, social media and SMS-based attacks among other things.
🔹 Having a proper identity verification process in place and training your employees to stick with it often mitigates a lot of vishing/impersonation attacks.
Yet in most cases, there is either a lack of verification process or the employees are not aware of it (they sometimes get trained on it once during onboarding, and then forget all about it).
🔹 Understanding that social engineering is not limited to email attacks. It is a serious threat, and it requires working on a comprehensive social engineering prevention protocol.
We are still waiting for more information on the exact methodology. But it won't be the last time we hear of a similar attack scenario.
News Reporting:
https://cybernews.com/security/mgm-cyberattack-claimed-alphv-blackcat-ransomware-group/
#socialengineering #cybersecuritytraining #cybersecurity #cyberattack #cybernews #infosec #infosectraining #ransomeware
Debunking Cybersecurity Myths
Cybersecurity expert Eva Galperin — @evacide — helps debunk some common myths about cybersecurity.
☑️ Is the government watching you through your computer camera?
☑️ Does Google read all your Gmail?
☑️ Does a strong password protect you from hackers?
☑️ Will encryption keep my data safe?
☑️ Are all hackers bad people?
Eva answers all these questions and much more using clear language that's easy to understand.
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation — @eff
Rather read than listen? A helpful transcript is available.
https://www.wired.com/video/watch/expert-debunks-cybersecurity-myths
#Infosec #Cybersecurity #BeCyberSmart
#MoreThanAPassword #InfosecTraining
#DiceWare #Encryption #Passwords
#PasswordManagers #PublicWiFi #VPN
#EFF #ElectronicFrontierFoundation
You clicked on what?
Check out this piece of conference swag.
An infosec vendor gave out these T-shirts at a conference last year.
Initially this shirt made me laugh, but just wondering if we should try not to make fun of “the stoopid users” so much.
Are "people" really the weakest link in the cybersecurity chain?
Lance Spitzner prefers the phrase:
"People are the primary attack vector."
This subtle change in messaging reframes the conversation, and moves the blame away from the user.
He encourages all of us to stop *blaming* others and figure out how to *enable* instead.
"After all, how many operating systems do you know of that self-report when they've been hacked?"
Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel “less than” for their lack of technical skillz?
Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.
#Infosec
#Cybersecurity
#BeCyberSmart
#InfosecTraining
Lance Spitzner is a board member of the National Cybersecurity Alliance and Director, SANS Security Awareness.
You clicked on what?
Check out this piece of conference swag.
An infosec vendor gave out these T-shirts at a conference last year.
Initially this shirt made me laugh, but just wondering if we should try not to make fun of “the stoopid users” so much.
Are "people" really the weakest link in the cybersecurity chain?
Lance Spitzner prefers the phrase:
"People are the primary attack vector."
This subtle change in messaging reframes the conversation, and moves the blame away from the user.
He encourages all of us to stop *blaming* others and figure out how to *enable* instead.
"After all, how many operating systems do you know of that self-report when they've been hacked?"
Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel “less than” for their lack of technical skillz?
Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.
#Infosec
#Cybersecurity
#BeCyberSmart
#InfosecTraining
Lance Spitzner is a board member of the National Cybersecurity Alliance.
And the answer to the poll is . . . 1882!
Yup, it’s true. Asking someone to disclose their “mother’s maiden name” as a security technique was first publicly described in 1882.
That’s the year Sacramento, CA banker — Frank Miller — published his book titled "Telegraphic Code: To Insure Privacy and Secrecy In The Transmission Of Telegrams."
This was the same book which described the first concept and implementation of the One-Time Pad.
Frank and his fellow banker buddies conducted high finance over the Internet of their day, the Telegraph, which was considered by many to be completely insecure; about as private as sending a postcard.
How did you transfer loads of your employer’s money securely over an insecure means of communication?
You used a telegraphic code book and combined it with other layers of security. Big $$$$s were involved, and no one wanted — then or now — to be the one who screwed up a transaction.
So “mother’s maiden name” became one of the layers of security used in money transfers.
As they said on Battlestar Galactica: “All this has happened before, and all this will happen again.”
Interesting how things seem to repeat over and over.
Thanks to everyone who voted in the Poll!
#Infosec
#Cybersecurity
#MothersMaidenName
#InfosecTraining
#OneTimePad
Debunking Cybersecurity Myths
Cybersecurity expert Eva Galperin -- @evacide -- helps debunk some common myths about cybersecurity.
☑️ Is the government watching you through your computer camera?
☑️ Does Google read all your Gmail?
☑️ Does a strong password protect you from hackers?
☑️ Will encryption keep my data safe?
☑️ Are all hackers bad people?
Eva answers all these questions and much more using clear language that's easy to understand.
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff
Rather read than listen? A helpful transcript is available.
https://www.wired.com/video/watch/expert-debunks-cybersecurity-myths
#Infosec #Cybersecurity #BeCyberSmart
#MoreThanAPassword #InfosecTraining
#DiceWare #Encryption #Passwords
#PasswordManagers #PublicWiFi #VPN
#EFF #ElectronicFrontierFoundation
Mother’s Maiden Name?
This was one of the most common security questions. Thankfully we don’t encounter these as often as we used to.
But for at least two decades, during online account setup, sites frequently asked us to enter our mother’s maiden name as a way of identifying ourselves.
Take a guess!
When do you think asking for this tidbit of personal info (as a security technique) was first publicly described?
You clicked on what?
Check out this piece of conference swag.
An infosec vendor gave out these T-shirts at a conference last year.
Initially this shirt made me laugh, but just wondering if we should try not to make fun of “the stoopid users” so much.
Are "people" really the weakest link in the cybersecurity chain?
Lance Spitzner prefers the phrase:
"People are the primary attack vector."
This subtle change in messaging reframes the conversation, and moves the blame away from the user.
He encourages all of us to stop *blaming* others and figure out how to *enable* instead.
"After all, how many operating systems do you know of that self-report when they've been hacked?"
Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel “less than” for their lack of technical skillz?
Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.
#Infosec
#Cybersecurity
#BeCyberSmart
#InfosecTraining
Lance Spitzner is a board member of the National Cybersecurity Alliance.
Debunking Cybersecurity Myths
Cybersecurity expert Eva Galperin -- @evacide -- helps debunk some common myths about cybersecurity.
☑️ Is the government watching you through your computer camera?
☑️ Does Google read all your Gmail?
☑️ Does a strong password protect you from hackers?
☑️ Will encryption keep my data safe?
☑️ Are all hackers bad people?
Eva answers all these questions and much more using clear language that's easy to understand.
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff
Rather read than listen? A helpful transcript is available.
https://www.wired.com/video/watch/expert-debunks-cybersecurity-myths
#Infosec #Cybersecurity #BeCyberSmart
#MoreThanAPassword #InfosecTraining
#DiceWare #Encryption #Passwords
#PasswordManagers #PublicWiFi #VPN
#EFF #ElectronicFrontierFoundation
And the answer to the poll is . . . 1882!
Yup, it’s true. Asking someone to disclose their “mother’s maiden name” as a security technique was first publicly described in 1882.
That’s the year Sacramento, CA banker — Frank Miller — published his book titled "Telegraphic Code: To Insure Privacy and Secrecy In The Transmission Of Telegrams."
This was the same book which described the first concept and implementation of the One-Time Pad.
Frank and his fellow banker buddies conducted high finance over the Internet of their day, the Telegraph, which was considered by many to be completely insecure; about as private as sending a postcard.
How did you transfer loads of your employer’s money securely over an insecure means of communication?
You used a telegraphic code book and combined it with other layers of security. Big $$$$s were involved, and no one wanted — then or now — to be the one who screwed up a transaction.
So “mother’s maiden name” became one of the layers of security used in money transfers.
As they said on Battlestar Galactica: “All this has happened before, and all this will happen again.”
Interesting how things seem to repeat over and over.
Thanks to everyone who voted in the Poll!
#Infosec
#Cybersecurity
#MothersMaidenName
#InfosecTraining
#OneTimePad
