Testing Damn Vulnerable Web App (DVWA) with OWASP ZAP on Windows Cybersecurity threats are always evolving, making it vital for developers and security professionals to be updated with the latest tools and techniques. This guide introduces you to using OWASP ZAP for testing the Damn Vulnerable Web App (DVWA) on a Windows 11 environment. Introduction to DVWA The Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application intentionally designed with vulnerabilities.

Linux Rootkit Development University Project Introduction Welcome to an intriguing university project video that delves into the secretive realm of Linux Rootkit development. In this project, the focus is on Linux Kernel version 4.4.0 running on Ubuntu 16.04. The goal? To unravel the functionality of a Rootkit and its potential real-world applications. While this endeavor may raise eyebrows, it’s crucial to emphasize that this project is purely for educational and research purposes, with no intention of endorsing or promoting illegal activities.

OSINT and Cloud Services Discovery Tools In the ever-evolving landscape of cybersecurity, staying ahead of potential threats and vulnerabilities is paramount. As organizations increasingly migrate their operations to the cloud, the need to secure cloud services and infrastructure has become more critical than ever. In this blog post, we delve into the world of Open-Source Intelligence (OSINT) and Cloud Services discovery tools, shedding light on a powerful code designed to uncover potential attack vectors within Azure/Microsoft 365 tenant cloud services.

Navigating the Complex World of Malware Analysis: A Personal Journey Introduction In a recent video, I jumped into the intricate world of Malware Analysis. This engaging project involved diving into the depths of cybersecurity, exploring the stages, challenges, and invaluable learnings that arose along the way. In this blog post, we’ll take you through the highlights of this project and provide insights into the fascinating realm of malware analysis.

A Different View: Exploring the Certificate Store via PowerShell While many turn to the certificate MMC to observe their certificates, I opted for a different angle using PowerShell. Here’s how you can harness PowerShell to extract information about your certificates: 1. To List All Trusted Root CA in the Local Machine: $LocalMachineRootCA = (Get-ChildItem Cert:\LocalMachine\Root\) | Select-Object FriendlyName, Subject, Issuer, NotAfter, NotBefore, HasPrivateKey, Name, Thumbprint $LocalMachineRootCA | Export-Csv -Path .\LocalMachineRootCA.csv -NoTypeInformation 2.

Australian Banks: A Deep Dive into Cipher Security Australian Banks: A Deep Dive into Cipher Security In a world increasingly reliant on online banking, the security protocols and ciphers adopted by banks are more critical than ever. Curiosity led me to investigate which Australian banks might still be operating with outdated ciphers. My method? A PowerShell script, albeit a straightforward one, to parse outputs from SSLSCAN and collate them into comprehensible CSV files.

Introducing PicoProject-Ducky: A DIY Rubber Ducky with Raspberry Pi Pico In the realm of cybersecurity and ethical hacking, the “Rubber Ducky” has long held a legendary status. Originally created by Hak5, this innocuous-looking USB device possesses the power to execute payloads when plugged into a computer. Today, the spirit of the Rubber Ducky is reborn in a new avatar, thanks to the versatility of the Raspberry Pi Pico. I’m thrilled to introduce PicoProject-Ducky, a step-by-step guide to transforming your Raspberry Pi Pico into a custom, potent, and budget-friendly Rubber Ducky alternative.

Recovering and Securing Data from an Old USB Drive In the age of cloud storage, we often forget about the treasure troves of data stored on physical media. This guide walks you through the process of recovering data from an old USB drive, and subsequently, ensuring the data can’t be retrieved again. For this task, I’ll be using a 16 GB USB drive and Kali Linux as the recovery environment.

Over the last few years I have worked with Microsoft Intune, and AzureAD. I always get the request; “We can do this on-premise, why doesn’t it work now in the cloud”. Most of the time it is just a mindset change. Once you understand how cloud native solutions work. One issue that has appeared over and over again is local administrators on workstations that are AzureAD joined only. On-premise we would use LAPS to control administrator accounts, for AzureAD joined devices it’s different, we don’t have a domain or group policy.

The final day at Ignite. This is the shortest of the conference but is always the longest for me. The conference finishes at 2 pm, then it’s the long flight home, 30+ hours of travel. Ignite still has sessions running right up the 2 pm, the HUB area is still open, but the vendors or swag guys are gone. The lunchrooms are cut in half. It was good to see Microsoft providing assistance to attendee that have social issues or disabilities.