DNS Privacy: Minimizing end-to-end Exposure
The Domain Name System (DNS) is one of the most important services running behind the scenes that allows the Internet to work effectively every day. Also, it’s one of the most forgotten and abused which was covered previously in the “DNS attacks” article. Today we’ll address some of the ins and outs of its inner workings and review some helpful resources that will help minimize the chances of traffic sniffing (password leaking anyone?).
Zero Trust Model: What’s a Zero Trust Network in Cyber Security?
We often highlight an important philosophy, a particular mindset that should be taken when dealing with security. Organizations shouldn’t sit around wondering whether or not they’ll fall victim to a cyber attack or data breach. Instead, it’s important to actually anticipate one. Don’t ponder the “if” but ask yourself “when.”
IVRE: A Versatile Network Reconnaissance Framework
Being an infosec researcher requires more than just installing Kali Linux and watching a few YouTube tutorials. Being able to navigate the hundreds of tools available at your fingertips and knowing which tool is best for the job requires a good amount of self-learning or, at the very least, finding in-depth reviews to help you figure things out.
Security Automation: Definition, Benefits, Best Practices and Tools
Even if some people believe that robots and automation will replace the entire workforce and machines will do everything for us, the truth is that automation helps us to be more productive and work more efficiently. It relieves us from the most tedious and monotonous tasks in our daily work and lives.
Gophish: An Open-Source Phishing Framework
If you or any friend, family member, or acquaintance has ever used an email account, chances are that at some point, they’ve received a phishing email. And while during the early stages of the internet, such deception usually looked so fake and misaligned that you could spot it right away as an attempt to mislead you, this isn’t so true anymore.
Top 9 Internet Search Engines Used by Security Researchers
We all know what internet search engines are, and why they’re used. Even when you want to search for the most mundane thing ever, you can go to Google, Bing, Safari, or any of the other traditional web browsers. But what if you need access to information not usually found on those popular search engines?
DMitry: Diving Into an Old-School Information Gathering Tool
How much information about a target can you possibly get? Is there an invisible barrier that delimits when enough information is gathered? What about cross-checking results and looking for differences? Data retrieval results may vary, depending on the location source you’re running for the analysis.
Declaring War on Surface Area Sprawl
SecurityTrails got a big gut check at the beginning of last week. One of our Elasticsearch servers was unintentionally left open when an engineer was trying to fix an outage. This caused a series of self inflicted drama.
Top 30+ Best Blue Team Tools
We’re back to enriching your security toolkit, and this time we’re moving to the defensive side of security. Whether the best defense is a good offense, or the other way around, the truth is one can’t work without the other. That’s why the importance of having both red and blue teams in place and challenging each other, as well as maintaining an organization’s security posture, is crucial.