Time to start looking into cyber security frameworks. For this episode we’re looking at the the NIST Cyber Security Framework. We’re also explaining what a cyber security framework is and how they can help.

LINKS

1. NIST Cyber Security Framework (CSF)

FIND US ON

1. Twitter - DamienHull

2. YouTube

Time for another maintenance episode where we review our systems and management process. This time were looking at our Digital Ocean servers, Automox patch management, Fortinet Firewalls, and the password manager Bitwarden.

FIND US ON

1. Twitter - DamienHull

2. YouTube

Almost roasted our VMware server to death. Don’t do what I did. Enjoy!

LINKS

1. VMware Server: Super Micro SYS-E300-9D-8CN8TP

2. Fans: Noctua NF-A4x20 PWM

FIND US ON

1. Twitter - DamienHull

2. YouTube

LastPass was hacked last year. As LastPass customers we need to evaluate the impact that has on Section 9. Should we continue to use the product? Should we migrate to a different password manager? How do we evaluate a password manager?

Consider this the start of a longer conversation about LastPass and password managers.

FIND US ON

1. Twitter - DamienHull

2. YouTube

Found some really interesting and helpful videos. One walks you through an Active Directory hacking lab. Another talks about default configurations and bad passwords as a way to hack into systems. The last one is about building a home lab.

These are just what I needed.

LINKS

1. SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains

2. The Top $ num Reasons You Got Hacked in 2022 with Kent & Jordan | 1 Hour

3. How to Build a Home Lab for Infosec with Ralph May | 1 Hour

FIND US ON

1. Twitter - DamienHull

2. YouTube

Found a video that walks you through the process of setting up an Active Directory Lab for hacking. I wouldn’t be able to do this without a starting point.

LINKS

1. Mitre ATT&CK Matrix

2. How to Build an Active Directory Hacking Lab

FIND US ON

1. Twitter - DamienHull

2. YouTube

Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works.

FIND US ON

1. Twitter - DamienHull

2. YouTube

Last episode was about my crazy study plan, or lack of one. Time to put together a proper study plan. One that works.

FIND US ON

1. Twitter - DamienHull

2. YouTube

Time to jump into my crazy, unorganized study process. Trying to study or learn the CISSP, pentesting, risk assessments, and keep up with my current certification requirements. I’ve also signed up for two Antisyphon classes.

Beginner Classes

1. SOC Core Skills

2. Getting Started In Security With BHIS and Mitre Att&ck

3. Active Defense & Cyber Deception

Advanced Classes

1. Introduction to Pentesting

2. Red Team: Getting Access

3. Professionally Evil CISSP Mentorship Program

FIND US ON

1. Twitter - DamienHull

2. YouTube

Time to create a policy for asset inventory. This will help us define what we need in our asset inventory. It will also help us define what we need in our procedures. The process we use to manage the inventory.

LINKS

1. Enterprise Asset Management Policy Template

FIND US ON

1. Twitter - DamienHull

2. YouTube

We’re scanning our network with runZero to get an inventory of devices. What did it find? What can we learn from this inventory? How well does it work?

LINKS

1. runZero - Active discovery tool for asset inventory

FIND US ON

1. Twitter - DamienHull

2. YouTube