I was busy in class this week and there ware a LOT of articles published about this new bug affecting a lot of systems and devices. See this two minutes video from Norton giving you a great overview of what the attack is all about.

This is the official VUPEN Vulnerability Research Team blog covering technical analysis and advanced exploitation of critical vulnerabilities on Windows, Linux, and Mac OS X. They are the one of the most active team in the world when it comes to finding zero day vulnerabilities.

The first step in any penetration testing or ethical hacking exercise is to find out what hosts are alive on the network and what services they are running. One of the best tools for carrying out such enumeration is NMAP. Here I show you some of the basic uses of NMAP in a clear, easy to follow format.

Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be.

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.

The Critical Security Controls focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness. The actions defined by the Controls are demonstrably a subset of the comprehensive catalog defined by the National Institute of Standards and Technology (NIST) SP 800-53.

This is a magazine published in Egypt and it has great content. The magazine is totally free and you don't need to go through registration and loops to get it, simply click on the link and download it. The way it should always be.

A small video interview made by SecureNinja TV at Defcon this year. Alicia Webb speaks with Blackphone CSO Dan Ford about the company's new phone, it's security features, and gives SNTV a demo of how the custom Android-based PrivateOS and custom hardware work together.

https://cccure.training/forum/?action=goto&search=1#topic/Question-about-types-of-evidence.htm

A cram study guide is a resume of all ten domains in only about 35 to 60 pages. It is an essential read the night before the exam to go over all of the key points you must remember for your exam. See below some of the best Cram Guides contributed over time.

Contrary to some book authors and instructors opinions, the TCSEC rating are still within the exam for sure and you can expect some questions about the rating of the TCSEC rating on your exam. You do need to be familiar with the topic. We have created a one page resume for you.

Some neat utilities that can help in making your day brighter. Tools to permanently delete files, diagnostic tools, file recovery tools, and a whole lot more. Let us know about your best tool by leaving a comment.

CompTIA, the leading provider of vendor-neutral skills certifications for the world’s information technology (IT) workforce, today introduced a new version of its CompTIA Security+ exam. The new exam (SY0-401) is available immediately worldwide in an English language version. German and Japanese language exams will be introduced in the coming months.

(ISC)²® (“ISC-squared”), the largest not-for-profit membership body of certified information and software security professionals with over 100,000 members worldwide, today announced the formation of its Application Security Advisory Council (ASAC), with representatives from Asia-Pacific and the Americas.

This is our CBT for the BCP and DRP Domain. It is very well covered and you will not only learn terms but also learns what those terms means and how they can be applied. It is 2 hours 6 Minutes in length. With this domain we now have a total of 38 hours of thorough coverage for the CISSP exam.

This is our CBT for the Information Security Governance and Risk Management Domain. It is very well covered and you will not only learn terms but also learns what those terms means and how they can be applied. It is 5 hours 13 Minutes in length.

Interesting paper from HP along with an article from SOPHOS about the state of security with internet enabled devices. Everything is becoming IP enabled and this is very scary. There is a total lack of security within those networks.

Great presentation on DNS from Defcon done by Robert (Rob) Stucke.

This is PART FOUR of our CBT for the Telecommunication and Network Security Domain. It is very well covered and you will not only learn terms but also learns what those terms means and how they can be applied. It is 6 hours 5 Minutes in length.

This is PART THREE of our CBT for the Telecommunication and Network Security Domain. It is very well covered and you will not only learn terms but also learns what those terms means and how they can be applied. It is 3 hours 47 Minutes in length.