MOC Cybersecurity

MOC Technology

This MOC is dedicated to things that relate to defending an organization from attacks, information about how to detect vulnerabilities in an app, cybersecurity news, etc..

There are two types of companies: those who have been hacked, and those who don't yet know they have been hacked. Question is, how do they respond?

Offensive Security vs Defensive Security

TryHackMe - Security Awareness

Offensive Security Techniques

Bug Bounty

In Hacking, Knowledge is power

Web App Security Fundamentals

Swim Swap Technique

Metasploit

Capture The Flag

PICOctf

Hacker101

https://infosecwriteups.com/beginners-guide-to-ctfs-c934a0d7f5f9

CTFS for web vuln
https://pentesterlab.com/
https://ctf.hacker101.com/

You want not try to google solutions or ask for flags online because it takes away the experience of working hard to finding solutions to yourself.

Words taken in quara or reddit

How are cracked versions of software created and why are developers not able to prevent it

IP Address and can someone hack me if they have it

An infosec worker got credit card OTP Scam

Uncategorized

I became a Chief Information Security Officer without having a college degree. Ask me anything!
https://old.reddit.com/r/hacking/comments/xqgta2/i_became_a_chief_information_security_officer/

Guides here
https://old.reddit.com/r/HowToHack/comments/izgk3s/alternatives_of_tryhackme/

Blogs are valuable for learning when it comes to information security,
as many security researchers keep a blog.

I read the news and cyber security blogs for years, so knew about attacks, the types of attacks and cyber security lingo.

a real commercial protector would make it so debugging would be pointless instead of trying to prevent debugging
https://github.com/RadonCoding/radon-protector

Secure but not private: unbreakable clear glass door
Private but not secure: curtains
Secure and private: unbreakable opaque door

https://www.gnupg.org/

How to hack google:
https://h4ck1ng.google/
P.S. It's a CTF game

Phishing
Phishing attempts you to reveal personal information -- such as credit card numbers, bank information, or passwords

Learn how to spot a phishing message

Urgent call to action or threats

Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.

Spelling and bad grammar

These errors are sometimes the result of awkward translation from a foreign language,
sometimes they're deliberate in an attempt to evade filters that try to block these attacks.

What to do after Ransomware Attack
1. Stay Calm and Collected
Most people rush into paying the ransom before analyzing the gravity of the situation they are in.

2. Take a Photo of the Ransomware Note
This will help you in filing a police report and will expedite the process of recovery.

3. Quarantine Affected Systems
Cut the affected systems from the network to contain the infection and stop the ransomware from spreading.

Ransomware typically scans the target network and propagates laterally to other systems.

4. Look for Decryption Tools
Fortunately, there are many decryption tools available online, in places such as
Decryption Tools Online:

No More Ransom

5. Disable Maintenance Tasks
You should immediately disable automated maintenance tasks, on affected systems such as

temporary file removal
log rotation,

This prevents tasks from interfering with files that might be useful for forensics and investigation analysis.

6. Disconnect Backups
Modern ransomware immediately go after backups to thwart recovery efforts.

Secure your backups by disconnecting them from the rest of the network.
You should also lock down access to backup systems until after the infection gets removed.

7. Identify the Attack Variant
Determine the ransomware strain, you can use free services such as

Emsisoft’s online ransomware identification tool
- ID Ransomware.

These services allow users to

upload a sample of the encrypted file,
any ransom note left behind,
the attacker's contact information,

The analysis of this information can identify the type of ransomware strain that has impacted the user's files.
8. Reset Passwords
Once you have disconnected the affected systems from the network
*Change all online and account passwords

After the ransomware gets removed,
you should once again change all the system passwords.

9. Report the Ransomware
The moment you notice a ransomware attack, be sure to contact law enforcement.

Ransomware is a crime and should be reported to local law enforcement authorities or the FBI.
Even if law enforcement cannot help with getting your files decrypted, they can at least help others avoid a similar fate.

10. Decide Whether to Pay or Not
Deciding to pay for ransomware is not an easy decision and comes with its pros and cons.
Only pay for ransomware if you have exhausted all other options and the loss of data is more damaging to you or your company than paying the ransom.

Hackers scan networks for devices and known vulnerabilities and increasingly use nonstandard ports to get network access. Once they have device access, it is easier to avoid detection through fileless malware or software memory on the device.

IoT Attack Surface
total number of entry points for unauthorized system access. An IoT attack surface goes beyond entry points and includes all possible security vulnerabilities for IoT devices, connected software and network connections.