• Principles (reasons for effectiveness)
    Authority When a threat actor conveys authority as part of their social engineering, it could be from someone higher in the organisation or possibly IT, people tend to want to please their company and it makes it easier to get access or information from them. Intimidation Intimidation can be used by a social engineer in…
  • Types of Attacks
    • Social engineering Phishing Phishing is a method that attackers use in which they will send emails to a user, pretending to be from reputable companies, in order to get a user to either divulge information or assist the attacker in getting access. Spear phishing Spear Phishing is phishing attack but aimed with a specific…
  • Types of Malware
    Viruses Viruses are a specific piece of malware which replicates itself to further infect other devices, file systems and shares. It generally doesnt require anything to start the replication process, but usually requires some kind of execution to infect the host device. Crypto-malware Crypto-malware is a type of ransomware, which will encrypt all of the…
  • OWASP Top Ten: Number 08
    Insecure Deserialization Insecure Deserialization is when unknown or manipulated object is injected into a web application. This could be SQL injection, path traversal or any number of types of data in order to exploit the system. Insecure Deserialization can be prevented in applications by not accepting serialized objects from untrusted sources. You could also implement…
  • Should you use a password manager?
    Does using a password manager really make you safer? There always seems to be a lot of mixed opinions on password managers, but does it really make your information safer? I would argue absolutely 110% yes it does. I get it, password managers can be a right pain, you have to log into something.. Sometimes…