Risky Business: A Down-Low on Risk Management Basics

Estimated difficulty: πŸ’œπŸ€πŸ€πŸ€πŸ€ First thing’s first! Let’s talk definitions. So, what actually is risk management? To put it simply, it is the management of the risk within an organisation (doh!). The risk management process involves identifying security risks and creating and implementing plans to mitigate them. Defining Risk Risk is Continue Reading

I Spy With My Little Eye: A Guide to Social Media OpSec

Estimated difficulty: πŸ’œπŸ€πŸ€πŸ€πŸ€ Happy Friday and happy (continued) cybersecurity awareness month! For those of you that don’t know, October is renowned for being cybersecurity awareness month – a month dedicated by security professionals to raise awareness in cybersecurity, specifically to the everyday user of technology that may not be security-savvy. Continue Reading

Hax and Furious: An Introduction to CAN Bus Hacking with ICSim

Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ€ Recently I have been approached by many folks on how to get started with automotive hacking. After completing my dissertation in automotive hacking (and achieving a whopping 90% – yippee!) I decided to write this blog post as an introduction into the one of the many ways Continue Reading

Locked Out: What is Ransomware?

Estimated difficulty: πŸ’œπŸ€πŸ€πŸ€πŸ€ Ransomware can be a costly attack to organisations of all sizes. Recently Garmin fell victim to a ransomware attack, with reported ransoms of up to US$10 million in exchange to reinstate company files. According to a The State of Ransomware 2020 by Sophos, the global average cost Continue Reading

Grounded: A High-level Overview on Aviation Industry Security

Estimated difficulty: πŸ’œπŸ’œπŸ’œπŸ’œπŸ’œ For the folks that follow me on Twitter, you may remember me exclaiming for help a few months back for information on the security within the aviation industry for my Information Assurance (IA) assignment. Firstly, a huge thank you to everyone that reached out – applying professional Continue Reading

You Shall Not Pass: Authentication 101

Estimated difficulty: πŸ’œπŸ’œπŸ€πŸ€πŸ€ Authentication. A familiar “buzzword” we see that is parroted in all things security, a selling point for many vendors, and a well-known term written (quite a lot) by pen-testers in their final reports. But what exactly is authentication? Well, in reality authentication is a complex and sizeable Continue Reading

STOP! In the Name of Web: Intercepting Traffic with BurpSuite (A Beginner’s Guide)

Estimated Difficulty: πŸ’œπŸ’œπŸ’œπŸ€πŸ€ Another song themed blog, this blog will mostly cover BurpSuite interception basics (including how to setup BurpSuite). We will be demonstrating BurpSuite using Kali Linux, using the Community Version (1.7.35). As always, constructive criticisms and feedback are always welcome! Back to Basics Before we dive into the Continue Reading