Security

Tools

• CodeQL: An analysis engine used by developers to automate security checks, and by security researchers to perform variant analysis.
• The CVE List = How's My SSL?
• How Secure Is My Password?
• MSRC Security Update Guide

Articles

• Brute Force Web Logins
• Down the Security Rabbit Hole
• How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users
• How to Brute Force Websites & Online Forms Using Hydra
• The Untold Story of NotPetya, the Most Devastating Cyberattack in History
• They’re back: inside a new Ryuk ransomware attack
• Using Burp to Brute Force a Login Page
• What Is a CVE?

Papers

• Forensic analysis of instant messengers: Decrypt Signal, Wickr, and Threema

Videos

• Uplifting AWS service API data protection to TLS 1.2+

Offline Threats and Vulnerabilities

A threat is a person, event, or anything else that could harm information assets or infrastructure or violate physical security controls.

A vulnerability is a weakness or flaw in a security system's design or implementation that could result in a breach of security, such as untrained end-users.

Physical Security

Entry control involves controlling access to facilities, just as one might control access to their home with locks and keys.

Done at/with:

• Gates and doors: tailgating/piggy-backing
• Windows and other access points
• Badges

Secure work area:

• Locking your desktop
• Proper information disposal
• Shared meeting spaces

Clear desk policy

Social Engineering

• Targeted attack
• Best practices

Online Threats and Vulnerabilities

Phishing

• Spear phishing
• Business email compromise
• Identifying malicious URLs
• URL padding
• Other vectors

Secure Storage and Transmission

• File passwords
• File encryption
• Backups
• Encrypted email
• Wi-Fi

Malware

• Viruses and worms
• Bots and zombies
• Spyware and adware
• Fake antivirus software
• Trojan horses
• Ransomware
• Cryptojacking

---

Children

1. Certificates
2. OAuth
3. Privacy
4. Single Sign-On (SSO)
5. Syslog