A Personal Guide to Data Privacy

First, what's the difference between data privacy and data security? Data security is about protecting your data from unauthorized access (basically ensuring that hackers can't access your data), while data privacy is about giving you more granular control over how (and by whom) your data is accessed, used, or shared.…

An Overview of Cyber Security Certifications

Certifications aren't strictly necessary in order to get hired as a cybersecurity analyst (with the notable exception of many government jobs), but they can help you demonstrate to an HR recruiter or hiring manager that you have a specific skillset via a third party's assessment of your skills.  The process…

An Abbreviated History of Infrastructure Attacks In Ukraine

Brief Background on Ukraine's Relationship with Russia Russia and Ukraine both originated with the medieval sate of Kyivan Rus (near modern-day Kyiv, 10th century AD). Unfortunately, Kyivan Rus was destroyed (the city razed and citizens murdered en masse) in the 13th century by Mongols from the Urals, lead by Batu…

Attacks on SSL/TLS

SSL and TLS are frequently attacked, and understanding past attacks can inform defenders' knowledge to secure current systems and to predict the direction of future attacks. As such, here's a summary of some of the most famous attacks targeting these protocols: Browser Exploit Against SSL/TLS (BEAST): BEAST (disclosed in…

The Case for Corporate (Human) Honeypots

Normally finding clearly fake profiles for a business is a huge red flag - the area of sketchy 5 star reviews and effusive praise for sushi restaurants in Kansas. However, creating fake profiles designed to draw in cybercriminals (particularly BEC actors) can be an effective strategy for corporate security teams.…

Stuxnet

What is Stuxnet? Stuxnet was one of the first examples of cyber warfare. It was a cyber weapon, attributed to collaboration between US and Israeli forces, aimed at disrupting the Iranian nuclear program. Estimates of the damage done range from a delay in Iran's nuclear program of between 1 -…

Types of Hackers

If you want to protect systems, you need to understand who you’re defending them from. Many of the hackers you’ll face will fall into several different groups. These different groups often use very different tactics, techniques, and procedures (TTPs) for attacking systems. Identifying which actors or groups of…

How to Hack

There are generally three different ways to approach hacking a target: Hacking the encryption (cryptography) This is very difficult, and time/computing power-intensive, as the algorithms we use are generally very hard to crack. Quantum computing, if cheaply and easily available, could present issues, but right now isn't at a…