Articles by "Information Security"
Showing posts with label Information Security. Show all posts

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

This sample deploys a Lambda function that monitors IPv4 utilization for Amazon VPC Subnets and published the metrics to CloudWatch as custom metrics.

 



The following metrics are published.


IPUsage/AvailableIPs

Gives a count of the total number of IPv4 addresses available in the subnet.


IPUsage/TotalIPs

Gives a count of the total possible IPv4 addresses in the subnet CIDR (based on the prefix, not usable IPs).


IPUsage/UsedIPs

Gives the count of IPv4 addresses current used including reserved IP addresses and IP addresses used by ENIs.


IPUsage/Utilization

Shows the percentage (as a float, not decimal representation of the percentage) of IPv4 space unusable in the subnet. 


Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

Prompt engineering (PE) is the process of communicating effectively with an AI to achieve desired results. As AI technology continues to rapidly advance, the ability to master prompt engineering has become a particularly valuable skill. Prompt engineering techniques can be applied to a wide variety of tasks, making it a useful tool for anyone seeking to improve their efficiency in both everyday and innovative activities.

This course is tailored to beginners, making it the perfect starting point if you're new to AI and PE. However, even if you're not a beginner, you'll still find valuable insights within this course. This course is the most comprehensive prompt engineering course available, and the content ranges from an introduction to AI to advanced PE techniques.

This course is open source, and built by a diverse community of researchers, translators, and hobbyists. We believe that AI should be accessible to everyone, and that it should be described clearly and objectively. To this end, we strive to produce a comprehensive and unbiased course that is free of excessive jargon and hype.





Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

Software has bugs, and catching bugs can involve lots of effort. This book addresses this problem by automating software testing, specifically by generating tests automatically. Recent years have seen the development of novel techniques that lead to dramatic improvements in test generation and software testing. They now are mature enough to be assembled in a book – even with executable code.

You can read chapters in your browser. Check out the list of chapters in the menu above, or start right away with the introduction to testing or the introduction to fuzzing. All code is available for download.

You can interact with chapters as Jupyter Notebooks (beta). This allows you to edit and extend the code, experimenting live in your browser. Simply select "Resources → Edit as Notebook" at the top of each chapter. Try interacting with the introduction to fuzzing.




You can use the code in your own projects. You can download the code as Python programs; simply select "Resources → Download Code" for one chapter or "Resources → All Code" for all chapters. These code files can be executed, yielding (hopefully) the same results as the notebooks. Even easier: Install the fuzzingbook Python package.

You can present chapters as slides. This allows for presenting the material in lectures. Just select "Resources → View slides" at the top of each chapter. Try viewing the slides for the introduction to fuzzing.


Continue reading

The Secure Planet at 2
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

Software has bugs, and finding bugs can involve lots of effort. This book addresses this problem by automating software debugging, specifically by locating errors and their causes automatically. Recent years have seen the development of novel techniques that lead to dramatic improvements in automated software debugging. They now are mature enough to be assembled in a book – even with executable code.

This work is designed as a textbook for a course in software debugging; as supplementary material in a software testing or software engineering course; and as a resource for software developers. We cover fault localization, program slicing, input reduction, automated repair, and much more, illustrating all techniques with code examples that you can try out yourself.



Part I: 

Whetting Your Appetite

Tours through the Book

Introduction to Debugging

Part II: 

Observing Executions

Tracing Executions

How Debuggers Work

Asserting Expectations


Check Free Debugging Book

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.



Features

  • Multi-client Vulnerability Management
  • Security Report Generation
  • Jira Integration
  • Team-based Roles Authorization
  • API Key & Management
  • Email Integration
  • Markdown Support

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

Emirates NBD has announced that its customers can now have their ID verified using contactless NFC technology when opening a bank account via the bank’s Mobile Banking App.

Emirates NBD is a banking group in the MENAT (Middle East, North Africa, and Turkey) region. Solution is called the TruID solution, the bank uses NFC technology to read information from embedded chips in the documents and extract data to autofill a digital account application. The customer is then prompted to take a selfie within the app to complete the process.




Emirates NBD’s TruID digital identity verification solution was developed as part of the bank’s collaboration with two fintechs – VisionLabs and Smart Engines. Apple users can have their biometric passports read using the NFC technology, while Android users can avail electronic reading of both Emirates ID and their biometric passports.

New customers of Emirates NBD can now have their identity documents verified using contactless NFC technology when opening a bank account via the bank’s Mobile Banking App. 

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

40 courses & 1079 YouTube videos.





Year 1:

Semester 1

Structured Programming (Programming in C)

Discrete Mathematics Part 1

Calculus Part 1

Introduction to Computer Science and Programming

Intro to Python Programming


Semester 2

Calculus Part 2

Discrete Mathematics Part 2

Introduction to C++ and Object-Oriented Programming

Computer System Architecture

Introduction to Web Design (HTML + CSS)


Year 2: 

Semester 3

Probability

Statistics

Algorithms and Data Structures

Intro to Client-Side Development

Linear Algebra


Semester 4

Operating Systems

Artificial Intelligence

Software Engineering

Advanced Algorithms

Dynamic Programming


Year 3: 

Semester 5

Databases (SQL)

Web Application Development

Machine Learning

Client-Side Development with React

Distributed Computing & Systems


Semester 6

Non-Relational Databases

Introduction to Deep Learning

Practical Implementation of Neural Networks

Mobile Applications – iOS Development

Mobile Applications – Android Development


Year 4: 

Semester 7

Signals and Systems (Digital Signal Processing)

Natural Language Understanding

Intelligent Mobile Applications

Computer Vision

Robotics


Semester 8

Natural Language Processing with Deep Learning

Reinforcement Learning

Introduction to Bioinformatics

Self-Driving Cars

Machine Learning for Healthcare


Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Microsoft has started offering free Memory Forensics and Rootkit Detection Service.

 It is a road map toward trusted sensing for the cloud that can allow enterprises to engage in regular, complete discovery sweeps for undetected malware.

 No commercial cloud has yet provided customers the ability to perform full memory audits of thousands of virtual machines (VMs) without intrusive capture mechanisms and a prior forensic readiness.

 This Project intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button—no setup required.

Project Freta is opening public access to an analysis portal capable of automatically fingerprinting and auditing a memory snapshot of most cloud-based Linux VMs; over 4,000 kernel versions are supported automatically. Hyper-V checkpoint files captured from a modern enterprise can be searched for everything from cryptominers to advanced kernel rootkits. 

 The prototype portal supports many types of memory snapshots as inputs. Currently, only a Hyper-V checkpoint has been evaluated to provide a reasonable approximation of the “element of surprise” necessary to achieve trusted sensing:

  • Use the Hyper-V checkpoint feature to produce a VMRS file
  • Convert a VMWare snapshot to produce a CORE file
  • Extract memory from within a running system using AVML
  • Extract memory from within a running system using LiME
The Project Freta analysis engine consumes snapshots of whole-system Linux volatile memory and extracts an enumeration of system objects. Some kernel hooking identification is performed automatically; this can be used by analysts to detect novel rootkits.


Continue reading

The Secure Planet at 9
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
I have been on learning spree during weekends due to COVID Lockdown. 

 These are some of the best courses available for FREE OF COST

 Thanks to many Technology companies & online learning platforms for offering them free. I am sharing direct links. I do not get any referral or monetary commission when you complete the course. Of course, you will get knowledge.

 You can bookmark this URL. I will keep updating this page whenever I come across a new course. All courses are available for FREE at the time of posting.

 #HappyLearning #FreeCourses #COVID #StayHome #StaySafe


# UPDATED On 15 May 2020

 1. Microsoft - Azure certification
The course will cover general cloud computing concepts as well as general cloud computing models and services such as public, private, and hybrid cloud and infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS). It will also cover some core Azure services and solutions, as well as key Azure pillar services concerning security, privacy, compliance, and trust. Finally, it will cover pricing and support services available with Azure.
Link - https://info.microsoft.com/US-AzureApp-CATALOG-FY20-05May-12-TrainingAzure900fundamentalsforeducation-SRDEM15957_CatalogDisplayPage.html?fbclid=IwAR0E3ahbcZfbyiTLhHMS_AAYGUTULGetPLfSb55eLRQMZVobgnBeronXTY0

 2. ICS Security training by Homeland security - 
Link - https://ics-cert-training.inl.gov/learn

 3. Fortinet Certification
Cybersecurity professionals, IT professionals and teleworkers can take advantage of Fortinet’s complete online, self-paced curriculum of cybersecurity training courses at no cost, until the end of 2020. Courses cover everything from basic cybersecurity awareness training to advanced training on security-driven networking, dynamic cloud security, AI-driven security operations and zero-trust network access.
Link - https://www.fortinet.com/training/cybersecurity-professionals.html

4. Free Vulnerability management training
On-demand course topics range from Vulnerability Assessment to Compliance, Auditing to Assurance Report Cards® (ARCs). Available for all Tenable.io™, Nessus®, Tenable.sc™ (formerly SecurityCenter®) and Nessus® Network Monitor products, the on-demand courses are ideal for security analysts, knowledge workers and other professionals using or evaluating the Tenable product suite.
Link - https://www.tenable.com/education/on-demand-courses

 5. SAN's free cyber security course
This course develops the knowledge and skills needed to master the core concepts in cyber security. Course material is updated regularly to keep pace with changes in technology and threat landscape. Students come away with a solid foundation for building a career in cybersecurity or just strengthening their own home network.
Link - https://www.cyberaces.org/courses.html

 6. Cisco on Cyber Security
Cisco Networking Academy. Build your skills today, online. It’s Free!
Link - https://www.cisco.com/c/m/en_sg/partners/cisco-networking-academy/index.html

 7. IBM Security Learning Academy
Link - https://www.securitylearningacademy.com/local/navigator/index.php

 TheSecurePlanet.com

9. Coursera
Developing AI Applications on Azure
Link - https://www.coursera.org/learn/developing-ai-applications-azure

 Machine Learning for Business Professionals
Link - https://www.coursera.org/learn/machine-learning-business-professionals

 Getting Started with AWS Machine Learning
Link - https://www.coursera.org/learn/aws-machine-learning

 10. Mobilyze Tool Training
Mobilyze Tool Training is a software-specific tutorial course, offered both as self-paced and in-classroom formats. During the two hours allocated for Mobilyze Tool Training, students learn the functionality of Mobilyze and how to use the tool to quickly triage and acquire Android and iOS (iPhone and iPad) device data. As with other BlackBag courses, Mobilyze Tool Training is designed with a hands-on approach, helping to ensure that students walk away feeling confident and proficient as Mobilyze users.
Link - https://www.blackbagtech.com/training/courses/mobilyze-tool-training/

 11. Free Short Course: Digital Forensics
This short course was designed to provide you an accelerated high-level view of the emerging and evolving digital forensics field. Students will develop an understanding about the role of digital forensic investigator and learn about the forensics process without going into the details of complex legal aspects of the field. One of the salient features of the course is the use of some popular forensic and data acquisition tools and performing hands-on exercises to acquire and validate data from various sources which include cloud, mobile devices and online social networks.
Link - https://www.itmasters.edu.au/free-short-course-digital-forensics/

12. Machine Learning
This course provides a broad introduction to machine learning, datamining, and statistical pattern recognition. Topics include: (i) Supervised learning (parametric/non-parametric algorithms, support vector machines, kernels, neural networks). (ii) Unsupervised learning (clustering, dimensionality reduction, recommender systems, deep learning). (iii) Best practices in machine learning (bias/variance theory; innovation process in machine learning and AI).
Link - https://www.coursera.org/learn/machine-learning

 13. Machine Learning with Python
This course dives into the basics of machine learning using an approachable, and well-known programming language, Python. In this course, we will be reviewing two main components: First, you will be learning about the purpose of Machine Learning and where it applies to the real world. Second, you will get a general overview of Machine Learning topics such as supervised vs unsupervised learning, model evaluation, and Machine Learning algorithms.
Link - https://www.coursera.org/learn/machine-learning-with-python

 14. Neural Networks and Deep Learning
you will learn the foundations of deep learning. When you finish this class, you will:
- Understand the major technology trends driving Deep Learning
- Be able to build, train and apply fully connected deep neural networks
- Know how to implement efficient (vectorized) neural networks
- Understand the key parameters in a neural network’s architecture
Link - https://www.coursera.org/learn/neural-networks-deep-learning?

 15. Advanced Machine Learning Specialization
Deep Dive Into The Modern AI Techniques. You will teach computer to see, draw, read, talk, play games and solve industry problems. This specialization gives an introduction to deep learning, reinforcement learning, natural language understanding, computer vision and Bayesian methods. Top Kaggle machine learning practitioners and CERN scientists will share their experience of solving real-world problems and help you to fill the gaps between theory and practice.
Link - https://www.coursera.org/specializations/aml

 # UPDATED On 25th May 2020

 16. TCS Career Edge - Knockdown the Lockdown
Tata Consultancy Services (TCS) is offering 15 days course *Free of cost* so that students can utilize the lockdown period  productively to sharpen their skills.

This course comprises the following modules:
DAY 1: Communicate to Impress
DAY 2: Deliver Presentations with Impact
DAY 3: Develop Soft Skills for the Workplace
DAY 4: Gain Guidance from Career Gurus
DAY 5: Write a Winning Resume and Cover Letter
DAY 6: Stay Ahead in Group Discussions
DAY 7: Ace Corporate Interviews
DAY 8: Learn Corporate Etiquette
DAY 9: Write Effective Emails
DAY 10: Learn Corporate Telephone Etiquette
DAY 11: Understand Accounting Fundamentals
DAY 12: Gain Foundational Skills in IT
DAY 13: Understand Artificial Intelligence (AI) - Part 1
DAY 14: Understand Artificial Intelligence (AI) - Part 2
DAY 15: Assessment

To Register Click: https://learning.tcsionhub.in/courses/career-edge/

 17. Free Autopsy Training
Autopsy® is a digital forensics platform that was first released in 2000.  It was first as the graphical interface for The Sleuth Kit® (TSK), but has expanded to be a full end-to-end forensics suite.

 This course is also free to US Law Enforcement agents (local, state, and federal) through the end of the year.

Link - https://www.autopsy.com/support/training/covid-19-free-autopsy-training/

 18. 96 Online Courses from Harvard University
Link - https://online-learning.harvard.edu/catalog?keywords=&paid%5B1%5D=1&max_price=&start_date_range%5Bmin%5D%5Bdate%5D=&start_date_range%5Bmax%5D%5Bdate%5D

 19. Red Hat Courses
Red Hat Enterprise Linux Technical Overview (RH024) - 
https://www.redhat.com/en/services/training/rh024-red-hat-linux-technical-overview

Red Hat Agile Integration Technical Overview (DO040) - https://www.redhat.com/en/services/training/do040-red-hat-agile-integration-technical-overview

Ansible Essentials: Simplicity in Automation Technical Overview (DO007) - https://www.redhat.com/en/services/training/do007-ansible-essentials-simplicity-automation-technical-overview

Deploying Containerized Applications Tech Overview (DO080) - https://www.redhat.com/en/services/training/do080-deploying-containerized-applications-technical-overview

 Red Hat Satellite Technical Overview (RH053) - https://www.redhat.com/en/services/training/rh053-red-hat-satellite-technical-overview

 Red Hat OpenStack Technical Overview (CL010) - https://www.redhat.com/en/services/training/cl010-red-hat-openstack-technical-overview

Virtualization and Infrastructure Migration Technical Overview (RH018) - https://www.redhat.com/en/services/training/rh018-virtualization-and-infrastructure-migration-technical-overview

 20. (ISC)2 - Utilizing Big Data Course - $USD 200 Worth Course

 In light of current challenges, (ISC)² is offering non-members reduced pricing on timely online training courses to make continuing education credits easily accessible. For a limited time, get free access to our Utilizing Big Data Express Learning course so you can become familiar with our trainings before you commit.

 Link - https://www.isc2.org/Development/PDI-Promotion#

 21. Microsoft Certified: Azure IoT Developer Specialty
Microsoft has launched a new course for developers who are looking to venture into the Internet of Things (IoT) domain. Microsoft has announced Azure IoT Developer Speciality training, a certification course which is free. This new course was announced during the Microsoft Build conference. Microsoft had introduced the platform in beta in the month of January.

 It will enhance knowledge on know how to implement the Azure services that form an IoT solution, including data analysis, data processing, data storage options and platform-as-a-service options.

 The free online learning to support this certification is available on Microsoft Learn. Candidates who want an instructor-led course can achieve it for a fee.

 Link - https://docs.microsoft.com/en-us/learn/certifications/azure-iot-developer-specialty

 23. Stanford University - CS 253 Web Security

 This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.

 Topics include: Principles of web security, attacks and countermeasures, the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-origin policy, cross site scripting, authentication, JavaScript security, emerging threats, defense-in-depth, and techniques for writing secure code. Course projects include writing security exploits, defending insecure web apps, and implementing emerging web standards.

 Link - https://web.stanford.edu/class/cs253/

# UPDATED On 6th June 2020

 24. AccessData Forensics Certifications
AccessData offers industry-leading solutions that put the power of forensics in your hands. For more than 30 years, AccessData has worked with more than 130,000 clients in law enforcement, government agencies, corporations and law firms around the world to understand and focus on their unique collection-to-analysis needs. 

 The AccessData Certified Investigator 
Link - https://training.accessdata.com/exam/accessdata-certified-investigator

 AccessData Summation Certified Administrator (SCA) 
Link - https://training.accessdata.com/exam/summation-certified-administator

 AccessData Summation Certified Case Manager (SCCCM) 
Link - https://training.accessdata.com/exam/summation-certified-case-management-sccm

 25. CS 771A: Introduction to Machine Learning 
2019-20 winter offering of the course CS 771A (Introduction to Machine Learning) by Purushottam Kar, IIT Kanpur, India
Link - https://github.com/purushottamkar/ml19-20w

 26. Digital Forensic - Training Materials by CIRCL Luxembourg
CIRCL is the CERT (Computer Emergency Response Team/Computer Security Incident Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
Link - https://www.circl.lu/services/forensic-training-materials/

 27. CS285: Deep Reinforcement Learning, UC Berkeley | Fall 2019
Link - https://www.youtube.com/playlist?list=PLkFD6_40KJIwhWJpGazJ9VSj9CFMkb79A

 28. NLP with Deep Learning, Stanford | Winter 2019
Natural language processing (NLP) is a crucial part of artificial intelligence (AI), modeling how people share information. In recent years, deep learning approaches have obtained very high performance on many NLP tasks. In this course, students gain a thorough introduction to cutting-edge neural networks for NLP.
Link - http://web.stanford.edu/class/cs224n/index.html#schedule

 29. MIT 6.S191: Introduction to Deep Learning | 2020
MIT's introductory course on deep learning methods with applications to computer vision, natural language processing, biology, and more! Students will gain foundational knowledge of deep learning algorithms and get practical experience in building neural networks in TensorFlow. Course concludes with a project proposal competition with feedback from staff and panel of industry sponsors. Prerequisites assume calculus (i.e. taking derivatives) and linear algebra (i.e. matrix multiplication), we'll try to explain everything else along the way! Experience in Python is helpful but not necessary.
Link - http://introtodeeplearning.com/

 30. Juniper Networks Associate Certifications
Juniper is offering free voucher for below exam.You have to complete the learning path to get free pearson voucher. Practice set has unlimited attempt and assessment need to complete to get voucher (only 3 attempt).
Junos, Associate (JNCIA-Junos)
Security, Associate (JNCIA-SEC)
Cloud, Associate (JNCIA-Cloud)
Automation and DevOps, Associate (JNCIA-DevOps)
Design, Associate (JNCDA)

 Link - https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478


 More coming soon....

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
TechSagar – India’s Cybertech Repository was conceptualized by Government of India in partnership with Data Security Council of India (DSCI).

 TechSagar is a consolidated and comprehensive repository of India’s Cybertech capabilities and provides actionable insights about capabilities of the Indian Industry, Academia & Research; across 25 technology areas like IoT, AI/ML, Block Chain, Cloud & Virtualisation, Robotics & Automation, AR/VR, Wireless & Networking, and more. It allows targeted search, granular navigation and drilldown methods using more than 3000 niche capabilities. 

 As of now, the repository features 4000+ entities from Industry, Academia & Research including large enterprises and start-ups providing a country level view of India’s Cyber competencies. In addition to entities, the repository also provides information about over 5000 products & solutions and 3500 + services from start-ups and large enterprises.



Discover Start-ups, Companies, R&D Labs, Academia and Individuals Building India’s Cyber Capabilities

 - 25 Technology Areas, 
- 3000+ Capability Definition, 
- 2100+ Companies 
- 350+ Academic Institution, 
- 1200+ Individual Researchers
- 40+ R&D Institutes 
- 5000+ Products & Solutions

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
A network traffic tool for measuring TCP and UDP performance. 

 The goals include maintaining an active iperf 2 code base (code originated from iperf 2.0.5), preserving interoperability with iperf 2.0.5 clients and servers, preserving the output for scripts (new enhanced output requires -e), adopt known 2.0.x bug fixes, maintain broad platform support, as well as add some essential feature enhancements mostly driven by WiFi testing needs. 

 It also added python code to centralize test control.




Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Hello all,
There has been a great silence on this website from few months. 

 I have been very busy in professional & personal life. It was a fantastic 2018 with executing some of the best projects professionally, learning new things on IoT Product Cyber Security, meeting brightest founders of new start-ups and personal commitments.

 Few friends reported that this site was crashing on latest version of few browsers after Mozilla & Google updated their source codes. I have been working on fixing the code of this website from last few months. All errors are resolved now. This website is working fine on all versions of desktop & mobile browsers.

 You will see more updates on this website now. Hope to learn & share more with all of you.

 Please contact me in case you come across any bugs on this website.

 Regards,
Prakash


Continue reading

The Secure Planet at 16
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Taipan is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. 

 This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner agent to run on specific host. 

 Here is a screenshot of the Taipan dashboard:


Taipan can run on both Windows (natively) and Linux (with mono). To run it in Linux you have to install mono in version >= 4.8.0. 
Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
A tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment.

 PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is also useful to search for misprints and Copy-Paste errors. Examples of such errors: V501, V517, V522, V523, V3001.


The analyzer can be run at night on the server and warn about suspicious code fragments. Ideally, these errors can be detected and fixed before getting into the repository. PVS-Studio can automatically be launched immediately after the compiler for the files that have been just modified. It works in Windows and Linux.

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Microsoft's 23rd bi-annual Security Intelligence Report (SIR) focuses on three topics: the disruption of the Gamarue (aka Andromeda) botnet, evolving hacker methodologies, and ransomware. 

 It draws on the data analysis of Microsoft's global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together with the telemetry collected from the 1.2 billion Windows devices that opt in to sharing threat data with Microsoft.


In partnership with ESET, Microsoft had been researching the Gamarue infrastructure and 44,000 associated malware samples, since December 2015. Details on 1,214 C&C domains and IPs, 464 distinct botnets and more than 80 malware families were collected and handed to law enforcement agencies around the world.

 A significant volume of phishing-based email messages at the very end of the year 2017. Phishing was the #1 threat vector (> 50%) for Office 365-based email threats in the second half of calendar year 2017.

 Ransomware is the third major topic discussed in SIR. Last year was rocked by WannaCry, NotPetya and Bad Rabbit. The first two of these rapidly became global in extent using an exploit known as EternalBlue; code publicly released by the Shadow Brokers.

 Three most commonly encountered ransomwares in 2017 were Android LockScreen, WannaCry and Cerber. LockScreen is interesting since it is Android malware that crosses to Windows devices when users sync their phones or download Android apps, usually side loading from outside of the Google Play store, via Windows.

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Srikrishna Committee on data protection issued a white paper on 27 November 2017. The nine-member expert committee, headed by former Supreme Court judge Justice BN Srikrishna, was set up on July 31 by the Union government. 


The white paper covers wide range of issues and asks questions related to the protection and ownership of citizens’ data and its use by interested parties.

 The white paper lays out seven key principles for a data protection framework:

 1. Technology agnosticism- The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance.

 2. Holistic application- The law must apply to both private sector entities and government. Differential obligations may be carved out in the law for certain legitimate state aims.

 3. Informed consent- Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria.

 4. Data minimisation- Data that is processed ought to be minimal and necessary for the purposes for which such data is sought and other compatible purposes beneficial for the data subject.

 5. Controller accountability- The data controller shall be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing.

 6. Structured enforcement- Enforcement of the data protection framework must be by a high-powered statutory authority with sufficient capacity. This must coexist with appropriately decentralised enforcement mechanisms.

 7. Deterrent penalties- Penalties on wrongful processing must be adequate to ensure deterrence.

 The members include 
  • Ajay Bhushan, CEO of the Unique Identification Authority of India; 
  • Ajay Kumar, additional secretary, Ministry of Electronics and Information Technology; 
  • Aruna Sundararajan, secretary of Department of Telecom; 
  • Gulshan Rai, National Cyber Security Coordinator; 
  • Arghya Sengupta, research director, Vidhi Centre for Legal Policy; 
  • Rama Vedashree, CEO of Data Security Council of India, 
  • Rishikesha T. Krishnan, Director of IIM Indore, 
  • Rajat Moona; and director of IIT Raipur.

This is a very well written 243 page document. The paper includes questions to which stakeholders can respond by 31 December 2017, after which the panel will go ahead with drafting the data protection law.

 You can submit responses to this whitepaper on below URL or physical address.

 https://innovate.mygov.in/data-protection-in-india/

OR

 Shri Rakesh Maheshwari
Scientist G & Group Co-ordinator, Cyber laws
Ministry of Electronics and Information Technology (MeitY),
Electronics Niketan, 6, CGO Complex,
Lodhi Road, New Delhi- 110003.

 The deadline for submission of responses is 31st December, 2017.

Copy of White Paper on Data Protection is embedded below.
Continue reading

The Secure Planet at 1
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Google launched new Beta program developed over the past years with the Core Infrastructure Initiative community. This program will provide continuous fuzzing for select core open source software.

 Errors like buffer overflow and use-after-free can have serious, widespread consequences when they occur in critical open source software. These errors are not only serious, but notoriously difficult to find via routine code audits, even for experienced developers. That's where fuzz testing comes in. By generating random inputs to a given program, fuzzing triggers and helps uncover errors quickly and thoroughly.

 Google's OSS-Fuzz has a goal to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scalable distributed execution. OSS-Fuzz combines various fuzzing engines (initially, libFuzzer) with Sanitizers (initially, AddressSanitizer) and provides a massive distributed execution environment powered by ClusterFuzz.
Graphics Credit: Google

 OSS-Fuzz has already found 150 bugs in several widely used open source projects (and churns ~4 trillion test cases a week). OSS-Fuzz is launching in Beta right now, and will be accepting suggestions for candidate open source projects. In order for a project to be accepted to OSS-Fuzz, it needs to have a large user base and/or be critical to Global IT infrastructure.

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting

 The final version of the 2017 OWASP Top 10 is released. One significant change compared to the 2013 OWASP Top 10 is the fact that the types of flaws that made it into the 2017 list have been selected based on the risk they pose.



The OWASP Top 10 vulnerabilities are injection, broken authentication, sensitive data exposure, XML external entity (XXE), broken access control, security misconfiguration, cross-site scripting (XSS), insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring.

 The 2017 OWASP Top 10 is based on data from 23 contributors covering more than 114,000 applications.
Full Copy of OWASP Top 10 - 2017

Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
GCHQ calls it as Cyber Swiss Army Knife. It has simple interface with a drag-and-drop feature to allow both technical and non-technical people to analyze encryption, compression and decompression, and data formats.  

 This tool will be useful for anyone involved in data analysis, including mathematicians, analysts, software developers. GCHQ shared that tool is not 100 % ready & has invited developers to contribute as much as possible.

 CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.


The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Every effort has been made to structure the code in a readable and extendable format, however it should be noted that the analyst is not a professional developer.
Continue reading

The Secure Planet at 0
The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure.

Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. All the informations are stored in an Elasticsearch database.



Skydive is SDN-agnostic but provides SDN drivers in order to enhance the topology and flows informations.

Key features
  •     Captures network topology and flows
  •     Full history of network topology and flows
  •     Distributed
  •     Ability to follow a flow along a path in the topology
  •     Supports VMs and Containers infrastructure
  •     Unified query language for topology and flows (Gremlin)
  •     Web and command line interfaces
  •     REST API
  •     Easy to deploy (standalone executable)
  •     Connectors to OpenStack, Docker, OpenContrail
Continue reading
Subscribe to: Posts (Atom)