CYBRARY.IT | Advance Penetration Testing | FREE IT and Cyber Security Training Revolution

Cybrary.it  is a site dedicated to bringing you free lectures on your desired IT subject. You could attend online lectures on cybrary.it and go ahead and write that exam.

It presents very concise and explicit videos, which present you with real world lecture scenario and the videos are self paced. The videos are explanatory to a large extent and present you with practical learning experiences on your desired IT choice.

One big plus for cybrary.it is the revolutionary change they bring to the IT world – the courses are FREE. Another plus is that completion badges and certificates of completion are awarded successful students.

As may be thought, that anything free is of no value, the vision of cybrary.it is that IT should be taught free as we are in an information age.
On cybrary.it, so many learning paths exist. Some of the courses offered include Comptia Security+, MCSA, CISA, CISSP, Advanced Penetration Testing, Python for Security Professionals, Metasploit e.t.c.

One thought which may now be ringing in your head is how can the above courses be taught free?
I make it bold to tell you that the lectures are free. Simply watch the course videos and learn.
Having taken the Advance Penetration Testing , it was a great experience so far and i learned a ton from the instructor Georgia Weidman. Videos are lengthy and explained very clearly. I am very happy that they made such a course and providing for free.

If you have plans to take OSCP in future, this course is definitely recommended along with books she mentioned.

You can access the course here.

Waiting for other courses from Cybrary. :)

Happy learning All !!

Excellent resource for Security Learners

I have been using the SANS site for quite some time and they have abundant amount of resources on security & forensics. You can have a look at their webcasts by sans authors definitely before going to attend sans live courses and get a feel of it. The good thing is that they are downloadable using softwares like IDM for offline viewing. Even the size of the webcast video file is less with good quality. For Forensics related webcasts check here.
You may also try podcasts from them for latest security trends and articles, just in case you find it difficult to read the theoretical stuff everyday.

Stay tuned for more goodies !!

Free Courses on Pentesting and many others-Newdemy.com

This site seems to have copied from Udemy. They also have some free and paid courses if you want to have a look. But the site has only few technologies covered so far unlike udemy, which is heavily flooded with so many courses. I am not sure how long udemy survives with that number of people registered.

Anyways, lots of free resources to study. Enjoy learning !!

Don't forget to register and follow my blog. I only share good ones for studying.

Free Certifications and Video Courses on Various Technologies-Udemy.com

I am using this site www.udemy.com for quite some time and they have amazing courses for both beginners and advanced learners on various technologies. Some of them are free and very good. Grabbed a few courses on new year for just 10$ each. So you might have to check for discount or free coupons authors provide occasionally.

I stumbled upon learning programming but this site really made me learn from basics. As checked, there are more than 2.5 Lakh courses as of now and the number is still growing everyday. They not only have courses on technoloiges but also on so many other things needed in life.

I hope you enjoy their site. Stay tuned for more like these.

Mind Reading Techniques used Now-a-Days that are Very Successful

Check this amazing video that shows powerful mind reading techniques by a gifted man.
Infact they are not that difficult and you can also practice it with your own hands.
Give it a Try.

Share your comments below.

Sharing Free ISO 27001 Implementation Master e-Learning Course

The purpose of this course is to enable information security practitioners to successfully implement an ISO 27001 compatible information security management system in their respective organizations. This course is made freely available to interested candidates and is modeled on ISO 27001 Lead Implementer courses.

 

Note: This course consists of visually rich videos with an audio commentary. The course is taught from the perspective of Mike, the information security manager and Secureman, an information security superhero. The learner learns along with Mike as Secureman provides guidance on implementing each phase of the ISO 27001 ISMS (Information Security Management System).

 

Authors of the course: The principal author of this course is Anup Narayanan. This course was created with the inputs and support of Vinod Kumar Puthuseeri.

 

 

Chapter 1: Introduction to information security

Module 1: Video – Mike’s introduction to information security and Secureman.

Module 2: Video – Introduction to information security. (Download audio transcripts)

Chapter 2: Introduction to ISMS and ISO 27001

Module 1: Video – Secureman gives Mike an introduction to ISMS and ISO 27001

Module 2: Video – Introduction to ISMS and ISO 27001 (Download audio transcripts)

Module 3: Video – Introduction to structure of ISO 27001 (Download audio transcripts)

Module 4: Video – Quick overview of ISO 27001 implementation (Download audio transcripts)

Chapter 3: Before you start ISO 27001 implementation

Module 1: Video – Secureman teaches Mike about gap analysis

Module 2: Video – Introduction to gap analysis (Download audio transcripts)

Module 3: Video – Secureman teaches Mike about information security management forum

Module 4: Video – Information security management forum (Download audio transcripts)

Chapter 4: The PLAN phase

Module 1: Video – Secureman introduces Mike to the PLAN phase

Module 2: Video – Defining the SCOPE of the ISMS (Download audio transcripts)

Module 3: Video – Defining the ISMS policy (Download audio transcripts)

Module 4: Video – Defining the risk assessment approach (Download audio transcripts)

Module 5: Video – Performing the risk assessment (Download audio transcripts)

Module 6: Video tutorial: Performing MACRO level RA (Can also be used for Gap Analysis)

Module 7: Video tutorial: Performing MICRO level RA (Asset based risk analysis)

Module 8: Video – Preparing the “statement of applicability” (Download audio transcripts)

Download tools: Macro-level or gap analysis tool, Micro-level or asset based risk analysis tool, Statement of applicability template

Chapter 5: The DO phase

Module 1: Video – Secureman introduces Mike to the DO Phase

Module 2: Video – The DO phase – Implementing the risk treatment plan (Download audio transcripts)

Chapter 6: The CHECK phase

Module 1: Video – Secureman introduces Mike to the CHECK phase

Module 2: Video – The CHECK phase – Monitor and review the ISMS (Download audio transcripts)

Chapter 7: The ACT phase

Module 1: Video – Secureman introduces Mike to the ACT phase

Module 2: Video – The ACT phase – Maintain and improve the ISMS (Download audio transcripts)

Chapter 8: The ISO 27001 Certification Audit

Module 1: Video – Secureman introduces Mike to the ISO 27001 certification audit process

Module 2: Video – ISO 27001 certification audit process (Download audio transcripts)

Feedback & questions: For any queries regarding this course, please contact support@isqworld.com.

Fuente: http://www.isqworld.com

 

Happy Learning !! 

Sharing Free Short Course: Information Security Incident Handling

This University offers free short course and certifications on Incident Handling, Ethical hacking and various other technologies. Register on their site so you will be sent a notification when a new course is going to be started. They also offer Masters and various graduation programs in distance mode which you might be interested to take.
All the best.

Sharing: Step by Step Guide to Learning Python: Free Edition from Hakin9 

Click here to download this book.

Happy Learning.

 

Sharing: Free Video Training on Networking & Security by Indian Instructor from a famous Training Institute

Check this link for free video training recorded from Live Online classroom sessions with the participants interacting with the instructor. Courses range from MS, Cisco, Vmware, Linux to Ethical hacking.

Information Sharing: A Threat to Social Engineering

Society is the group of people interlinked to each other through some relation. Wikipedia defines society as “A society, is a group of people involved with each other through persistent relations, or a large  Social grouping sharing the same geographical or social territory, subject to the same political authority and dominant cultural expectations” [1]. Now if we look at the modern day definition of society we will notice that the Society has evolved drastically and now we can see an entirely new side of society i.e. the online society or the Social Media. Social media allows individuals to live a virtual life online and facilitating interpersonal communications in various forms. One of the major reasons why these online information systems became popular other than being fast, cheap, easy to use and readily available is their capability to hold data or what in technical terms we can call documenting data online. Also these serve as a tool where any individual can broadcast whatever he/she feels like without caring about the audience, because it doesn't matter if he/she requires the audiences or not, they are getting them.

A recent picture released by Facebook depicting the entire worlds interconnected friends network reveals the extent to which people are connected to each other through the online society which makes it easier for anyone to gather information about anyone online.

Sharing Information Online: Falling Prey to Social Engineering

Information forms the very basis of any criminal activity, the more intimate and personal it is, the more critical & the more potential it has to cause damage. While sharing information online it’s very much difficult to decide that what information you should choose to share and what not to, even if you chose not to share any of your information you will leave traces of information about yourself unknowingly while surfing through the internet. To cut the long story short when you go online you can control some of the information and some of it, you simply cannot. So the question that needs to be answered is “What information should be shared?” – I will say NO. Actually if you look at it from the security perspective sharing any type of information can put you in harm’s way, an incident happened in Nashua area of New Hampshire where three burglars robbed over a dozen houses based on the victims Facebook status who flagged it on Facebook that at what time they were not going to be at home [2]. This incident clearly emphasizes the fact that it’s up to the audiences that how they perceive the information that you share online. For example in this case for some it was just that the victims were going on a vacation and for some it was an invitation to rob their houses while they were not at home. Thus I believe that when one goes online sharing information they should know how much can be too much and what should be protected or in simple words what information must not be shared. Attackers use a variety of techniques to extract information from their victims and that too on selected victims. What makes a person prone to become a victim to such attacks, the answer is the fashion in which these individuals share their information online. Sometimes the attacker easily get the information that they require from blogs, social media etc. but sometimes they don’t get all of it or they get a part of the information and the remaining they need to acquire.

One of the common techniques used now a day by attackers to infiltrate the privacy of people and exploiting it for their personal gain, for causing damage to the victims falling prey to this technique is Social Engineering. Social Engineering usually refers to the technique of gaining access by manipulating the human behavior. It basically involves fooling the individual and gaining confidential information without letting the person know that he has been conned. This technique involves psychological manipulation for acquiring required information. Social Engineering is typically a technique that has not been evolved from computer crimes rather it is related to social sciences but due to its ability to gain information it has found its application in information related crimes as well.

A Social Engineering technique involves studying the target for weeks, analyzing his patterns, gathering relevant information and then conducting the attack. With social media rising and becoming a necessity with each passing day, gathering information about an individual is no big deal. The more people post online the easier it becomes for a social engineer to victimize them. A recent survey by Trend Micro [3] reveals six major risks that can occur to any individual due to the information they post online, Social Engineering being the top of them poses the biggest threat. Social media being the easiest and most effective way to share information becomes the major information repository for attackers. 

Social Engineering is one of those attack vectors which does not have any r

igid or in other words appropriate technical preventive or corrective solution. The USP of this attack is that it can bypass all the technical controls that were invested for ensuring security and sometimes non-technical ones also. To stay safe from such threats there is only one solution i.e. “Awareness”. In order be safe it is really essential to understand that how an attacker gathers the information and how he/she uses it against an individual, an organization or any social or corporate body. An attacker usually gathers all the necessary information about the victim, this information can come from different sources like social media, blogs, and forums being the top of them. In order to extract information the attacker might use various tactics like to begin with trying to get email or phone number of the victim from any social media website, blog, forum or he might create a rogue web page just to get this information based on the interest of the victim, after getting this information he might search for other relevant information using the pieces of information he already has. He might also use techniques like phishing to get more confidential information like username and password of the victim for some social networking sites etc. from where he can get a lot of information, also in this process the attacker utilizes the information that he has gathered from the online resources to the maximum. Once the attacker has gathered all the relevant information he now proceeds further on and gets into contact with the chosen victim. Now it’s up to him how he wants to exploit the victim. Social Engineering is such a sophisticated attack which when done correctly and properly has the capability to cause severe losses. The attacker can cause monetary loss, social loss, defamation, loss of confidential information and much more.

As mentioned earlier the only effective solution to be safe from Social Engineering attacks is Awareness. Everything that you post online remains on the web forever, no matter even if you delete it. The best practice to stay safe would be to post information which cannot be harmful to you, like you must not post real information about yourselves, family, and your social life on public domains. Also you must lock down your profile on Facebook, twitter and LinkedIn and other social platforms to the maximum and must not allow any unknown entities to view that information.

Separate email Id’s must be used for blogs and forums and for subscribing newsletters and updates from websites like YouTube, LinkedIn etc. Also if possible use a different mail ID for Facebook as if you are using your regular mail id for logging into face book then you might face severe repercussions if your mail Id is compromised which can also result in a compromised Facebook profile. Many apps and services also prompt users to allow them to share their photos, location information etc. and post on their profiles, such applications must be used with caution, also users must lay less social trust online while talking to strangers or even known ones if they sound or seem suspicious.

The bitter truth about the Social Engineering attacks is that, there is no technological solution available that can prevent these attacks effectively. The only solution available that can prevent you from falling prey to Social Engineering is awareness. If the user proceeds with caution while posting any information online and does not respond to malicious and suspicious looking invitations, mails, apps, links etc. he/she can stay safe from such attacks.