Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
Author Archives: Aayush Goel
Metasploit Framework
Metasploit, an open-source pen testing framework, is a powerful tool utilized by security engineers around the world. Maintained by Rapid 7, Metasploit is a collection of not only thoroughly tested exploits but also auxiliary and post-exploitation tools. Throughout this room, we will explore the basics of using this massive framework and a few of theContinue reading “Metasploit Framework”
Computer Crimes
Definition Cybercrimes are defined as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using moderntelecommunication networks such as the Internet through chat rooms, emails, notice boards, groups, and mobileContinue reading “Computer Crimes”
Compliance
Compliance means conforming to a rule, such as a specification, policy, standard, or law. For example: ISO 27001, PCI DSS, GDPR, HIPAA, etc. Need For Compliance: Protect the critical information Enforce control through written policy Understand the requirements for protecting organizational information Identify requirements for protecting organizational information Avoid inadequate implementation and enforcement; this canContinue reading “Compliance”
Security Policies
Security policy is a broad statement produced by the senior management that dictates the role of security within the organization. Characteristics of Security Policy It must be generic, non technical, and easily understood It must integrate security into all business processes and functions It must be reviewed and modified periodically or as the company environmentContinue reading “Security Policies”
Some Generic Terms
Goals, Mission and Objectives Goals: Define what the organization desires to achieve Goals provide the overall context of what the organization wants to accomplish. Mission: Indicate how will you proceed to them Mission is a statement of the organization’s purpose and reason for existence. Objectives: Help in creation of long term and short term strategiesContinue reading “Some Generic Terms”
Governance, Risk and Compliance
GRC is an acronym of Governance, Risk management and Compliance. GRC of every organization is different and varies based on the type of organization. It depends on organization mission, size, industry, culture and legal regulations. Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information. Governance ItContinue reading “Governance, Risk and Compliance”
Information Security Management and Governance
ISO 27001:2013 ISO/IEC 27001 It is an internationally recognized structured methodology dedicated to information security. It is a management process to evaluate, implement and maintain an Information Security Management Systems(ISMS). It is a comprehensive set of controls compromised of best practices information security. It is applicable to all industry sectors. It emphasizes prevention. ISO 27001Continue reading “Information Security Management and Governance”
Security Controls
Security controls are the measures taken to safeguard an information system from attacks against the CIA of the information system. Security controls are selected and applied based on a risk assessment of the information system. The risk assessment process identifies systems threats and vulnerabilities, and then security controls are selected to reduce or mitigate risk.Continue reading “Security Controls”
CISSP
Certified Information Systems Security Professional The following certification is structured in 8 different domains: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security Certification Path Minimum of 5 years of work experience in any 2 domain mentioned above. IfContinue reading “CISSP”
