If you have been following the news in the world of Cybersecurity lately, you’ve probably seen, heard, or read a thing or two about SolarWinds, FireEye, or Microsoft amongst many others being targeted by an unknown threat actor. While not the first, this threat actor uses an interesting algorithm to generate sub-domains for its SUNBURST malware to pull down the next stage of execution on the target systems.
When an attacker implements a DGA, the result allows an attacker to avoid detection altogether or evade blocklists and IP blocking. Attackers can quickly switch domains, evade security practices and blocks, and…
Throughout some of my classes and work environments, I have found Jupyter notebooks to be particularly helpful in laying out my code and ideas in Python. I figured writing an article on how to get setup might bring new techniques and ideas into the world for someone, so here it is! Jupyter notebooks are easy and fun to use, and they look pretty nice as well. Setup is easy and quick, but honing your setup to have specific qualities makes up most of the time after the initial installation.
Jupyter Notebook and its flexible interface extends the notebook beyond code…
Lately, I have been studying network protocols and authentication schemes in my free time. In order to get a deeper grasp on Kerberos, I figured what better method than trying to explain it in a Medium article. While it may not be super in-depth or advanced, I figured this would be a good executive summary or debrief for anyone looking for an easy explanation on the authentication service and how it is used.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography
You’ve probably heard the the following buzzwords at least a thousand times: blockchain, DevOps, DevSecOps, artificial intelligence, machine learning, and so much more.
Without some research, we never really learn what DevSecOps is.
To get a better idea, RedHat sums the idea behind DevSecOps
To do: Maintain short and frequent development cycles, integrate security measures with minimal disruption to operations, keep up with innovative technologies like containers and microservices, and all the while foster closer collaboration between commonly isolated teams — this is a tall order for any organization. …
Are you still reusing passwords between sites?
Unfortunately, password reuse is oftentimes what leads to compromised accounts, whether it be from password dumps or brute-forcing. In order to avoid this habit, I figured a fun way to go about this would be to create a password generator.
Then, I thought to myself, what better language to use than Rust?
To start, let’s make a new project with cargo and then move into the newly created directory:
$ cargo new password-generator
After that, we should have a few files in our project directory, namely Cargo.toml and src/main.rs.
The first thing that developers do once their project is ready for the staging environment is focus on security right? Wrong.
For a better view into the automated testing world, I wanted to use Snyk to detect vulnerabilities in software with known CVEs and CWEs. It can be used via CLI, Git integration, and even checks runtime efficiency and dependencies with vulnerabilities as well.
Quick Note: I am using Snyk.io because I recently stumbled upon it while browsing LinkedIn and thought it was super interesting. I am currently playing around with the CLI to learn more about the tool.
This article is geared towards beginners in networking/security who wish to learn a bit more about how port scanning works and how to write their own custom port scanning utility in Python for diagnosing/testing.
For this tutorial, we need to get familiar with a specific Python library: socket (documentation found here: https://docs.python.org/3/library/socket.html)
The Python interface is a straightforward transliteration of the Unix system call and library interface for sockets to Python’s object-oriented style: the
socket()function returns a socket object whose methods implement the various socket system calls.
To begin, let’s import the socket library and also declare any variables…
I study computing and a bit of cybersecurity