Iran Open Source (IOS)
💎 Cybersecurity Threats, Malware Trends, and Strategies: Mitigate exploits, malware, phishing, and other social engineering attacks @iranopensource🐧
💎 Cybersecurity Threats, Malware Trends, and Strategies: Mitigate exploits, malware, phishing, and other social engineering attacks
After scrutinizing numerous cybersecurity strategies, Microsoft's former Global Chief Security Advisor provides unique insights on the evolution of the threat landscape and how enterprises can address modern cybersecurity challenges.
Key Features
Protect your organization from cybersecurity threats with field-tested strategies by the former most senior security advisor at Microsoft
Discover the most common ways enterprises initially get compromised
Measure the effectiveness of your organization's current cybersecurity program against cyber attacks
Book Description
Cybersecurity Threats, Malware Trends, and Strategies shares numerous insights about the threats that both public and private sector organizations face and the cybersecurity strategies that can mitigate them.
The book provides an unprecedented long-term view of the global threat landscape by examining the twenty-year trend in vulnerability disclosures and exploitation, nearly a decade of regional differences in malware infections, the socio-economic factors that underpin them, and how global malware has evolved. This will give you further perspectives into malware protection for your organization. It also examines internet-based threats that CISOs should be aware of.
The book will provide you with an evaluation of the various cybersecurity strategies that have ultimately failed over the past twenty years, along with one or two that have actually worked. It will help executives and security and compliance professionals understand how cloud computing is a game changer for them.
By the end of this book, you will know how to measure the effectiveness of your organization's cybersecurity strategy and the efficacy of the vendors you employ to help you protect your organization and yourself.
What you will learn
Discover cybersecurity strategies and the ingredients critical to their success
Improve vulnerability management by reducing risks and costs for your organization
Learn how malware and other threats have evolved over the past decade
Mitigate internet-based threats, phishing attacks, and malware distribution sites
Weigh the pros and cons of popular cybersecurity strategies of the past two decades
Implement and then measure the outcome of a cybersecurity strategy
Learn how the cloud provides better security capabilities than on-premises IT environments
Who this book is for
This book is for senior management at commercial sector and public sector organizations, including Chief Information Security Officers (CISOs) and other senior managers of cybersecurity groups, Chief Information Officers (CIOs), Chief Technology Officers (CTOs) and senior IT managers who want to explore the entire spectrum of cybersecurity, from threat hunting and security risk management to malware analysis. Governance, risk, and compliance professionals will also benefit. Cybersecurity experts that pride themselves on their knowledge of the threat landscape will come to use this book as a reference.
Table of Contents
Ingredients for a Successful Cybersecurity Strategy
Using Vulnerability Trends to Reduce Risk and Costs
The Evolution of the Threat Landscape – Malware
Internet-Based Threats
Cybersecurity Strategies
Strategy Implementation
Measuring Performance and Effectiveness
The Cloud - A Modern Approach to Security and Compliance
2020 | 429 Pages
@iranopensource🐧
After scrutinizing numerous cybersecurity strategies, Microsoft's former Global Chief Security Advisor provides unique insights on the evolution of the threat landscape and how enterprises can address modern cybersecurity challenges.
Key Features
Protect your organization from cybersecurity threats with field-tested strategies by the former most senior security advisor at Microsoft
Discover the most common ways enterprises initially get compromised
Measure the effectiveness of your organization's current cybersecurity program against cyber attacks
Book Description
Cybersecurity Threats, Malware Trends, and Strategies shares numerous insights about the threats that both public and private sector organizations face and the cybersecurity strategies that can mitigate them.
The book provides an unprecedented long-term view of the global threat landscape by examining the twenty-year trend in vulnerability disclosures and exploitation, nearly a decade of regional differences in malware infections, the socio-economic factors that underpin them, and how global malware has evolved. This will give you further perspectives into malware protection for your organization. It also examines internet-based threats that CISOs should be aware of.
The book will provide you with an evaluation of the various cybersecurity strategies that have ultimately failed over the past twenty years, along with one or two that have actually worked. It will help executives and security and compliance professionals understand how cloud computing is a game changer for them.
By the end of this book, you will know how to measure the effectiveness of your organization's cybersecurity strategy and the efficacy of the vendors you employ to help you protect your organization and yourself.
What you will learn
Discover cybersecurity strategies and the ingredients critical to their success
Improve vulnerability management by reducing risks and costs for your organization
Learn how malware and other threats have evolved over the past decade
Mitigate internet-based threats, phishing attacks, and malware distribution sites
Weigh the pros and cons of popular cybersecurity strategies of the past two decades
Implement and then measure the outcome of a cybersecurity strategy
Learn how the cloud provides better security capabilities than on-premises IT environments
Who this book is for
This book is for senior management at commercial sector and public sector organizations, including Chief Information Security Officers (CISOs) and other senior managers of cybersecurity groups, Chief Information Officers (CIOs), Chief Technology Officers (CTOs) and senior IT managers who want to explore the entire spectrum of cybersecurity, from threat hunting and security risk management to malware analysis. Governance, risk, and compliance professionals will also benefit. Cybersecurity experts that pride themselves on their knowledge of the threat landscape will come to use this book as a reference.
Table of Contents
Ingredients for a Successful Cybersecurity Strategy
Using Vulnerability Trends to Reduce Risk and Costs
The Evolution of the Threat Landscape – Malware
Internet-Based Threats
Cybersecurity Strategies
Strategy Implementation
Measuring Performance and Effectiveness
The Cloud - A Modern Approach to Security and Compliance
2020 | 429 Pages
@iranopensource🐧
💎 شما وقتی میخواستید راه رفتن را یاد بگیرید، دوره های آموزشی گذراندید؟
نه؛ فقط تلاش کردید، شکست خوردید و دوباره تلاش کردید و موفق شدید. الان چرا این کار را نمیکنید؟
@iranopensource🐧
نه؛ فقط تلاش کردید، شکست خوردید و دوباره تلاش کردید و موفق شدید. الان چرا این کار را نمیکنید؟
@iranopensource🐧
⭕️#خبر: وزیر ارتباطات بر ارتقای طرح محدودسازی فضای مجازی تاکید کرد
آواتودی/ عیسی زارعپور وزیر ارتباطات، ضمن بیان اینکه مجلس نظام در روز یکشنبه ۲۵ مهرماه، طرح «محدودسازی فضای مجازی» را بررسی خواهد کرد، گفت: نماینده خود را معرفی کردهایم و حضور فعالی برای «ارتقای» این طرح خواهیم داشت.
وزیر ارتباطات با اشاره به اینکه درباره این طرح نظرات جدی دارد، تصریح کرد: اکنون یک پیشنویس تهیه شده که به هیچوجه به معنای این نیست که باید اجرا شود.
این طرح با نام «صیانت از حقوق کاربران در فضای مجازی و ساماندهی پیامرسانهای اجتماعی» اوایل تیر سالجاری با همین عنوان در مجلس نظام مطرح شد و بررسی آن تا کنون ادامه پیدا کرده است.
@iranopensource🐧
آواتودی/ عیسی زارعپور وزیر ارتباطات، ضمن بیان اینکه مجلس نظام در روز یکشنبه ۲۵ مهرماه، طرح «محدودسازی فضای مجازی» را بررسی خواهد کرد، گفت: نماینده خود را معرفی کردهایم و حضور فعالی برای «ارتقای» این طرح خواهیم داشت.
وزیر ارتباطات با اشاره به اینکه درباره این طرح نظرات جدی دارد، تصریح کرد: اکنون یک پیشنویس تهیه شده که به هیچوجه به معنای این نیست که باید اجرا شود.
این طرح با نام «صیانت از حقوق کاربران در فضای مجازی و ساماندهی پیامرسانهای اجتماعی» اوایل تیر سالجاری با همین عنوان در مجلس نظام مطرح شد و بررسی آن تا کنون ادامه پیدا کرده است.
@iranopensource🐧
⭕️ #خبر: اعتراض کارمندان آیتی در چین به قوانین کار
کارمندان حوزه IT در چین کمپین مجازی با عنوان Worker Lives Matter راه انداختهاند و علیه ساعت طولانی کار و بدون مزد اعتراض میکنند.
در این کمپین کارگران در صفحه گیتهاب مینویسند در روز و هفته چند ساعت کار میکنند، بدین ترتیب شرایط کاری تمام کارخانهها و شرکتها برای افراد جویای کار مشخص میشود.
میزان کار در چین با عبارت ۹۹۶ مشخص میشود. و بدین معنی است که کارگران باید شش روز در هفته و از ساعت ۹ صبح تا ۹ شب کار کنند.
معترضان در این کمپین عبارت ۹۵۵ را پیشنهاد کردهاند، به عبارت دیگر آنها خواستار پنج روز کار در هفته از ساعت ۹ صبح تا ۵ هستند.
#کار #کمپین #کمپین_مجازی #اینترنت #تکنولوژی #امنیت
@iranopensource🐧
کارمندان حوزه IT در چین کمپین مجازی با عنوان Worker Lives Matter راه انداختهاند و علیه ساعت طولانی کار و بدون مزد اعتراض میکنند.
در این کمپین کارگران در صفحه گیتهاب مینویسند در روز و هفته چند ساعت کار میکنند، بدین ترتیب شرایط کاری تمام کارخانهها و شرکتها برای افراد جویای کار مشخص میشود.
میزان کار در چین با عبارت ۹۹۶ مشخص میشود. و بدین معنی است که کارگران باید شش روز در هفته و از ساعت ۹ صبح تا ۹ شب کار کنند.
معترضان در این کمپین عبارت ۹۵۵ را پیشنهاد کردهاند، به عبارت دیگر آنها خواستار پنج روز کار در هفته از ساعت ۹ صبح تا ۵ هستند.
#کار #کمپین #کمپین_مجازی #اینترنت #تکنولوژی #امنیت
@iranopensource🐧
⭕️ #خبر: گروه تحلیل تهدیدهای گوگل در وبلاگی که به بررسی شاخصترین گروههای هکر تحت حمایت دولتها میپردازد، گروه ایرانی ایپیتی ۳۵ را مورد بررسی قرار داد. طبق این وبلاگ، این گروه برای سالها به هک کردن حسابهای مهم و جاسوسی در جهت منافع دولت جمهوری اسلامی مشغول بوده است.
@iranopensource🐧
@iranopensource🐧
⭕️ #خبر: عیسی زارع پور، وزیر ارتباطات، اعلام کرد که پروژه اینترنت ملی در هشت سال گذشته حدود ۴۰ درصد پیشرفت داشته و این شبکه سه سال دیگر به بهرهبرداری میرسد
دولت جمهوری اسلامی از ۱۵ سال پیش به دنبال راهاندازی شبکه ملی اطلاعات و جدا کردن اینترنت داخلی از اینترنت جهانی است.
@iranopensource🐧
دولت جمهوری اسلامی از ۱۵ سال پیش به دنبال راهاندازی شبکه ملی اطلاعات و جدا کردن اینترنت داخلی از اینترنت جهانی است.
@iranopensource🐧
Iran Open Source (IOS)
💎 Ghidra Software Reverse Engineering for Beginners @iranopensource🐧
💎 Ghidra Software Reverse Engineering for Beginners
Detect potentials bugs in your code or program and develop your own tools using the Ghidra reverse engineering framework developed by the NSA project
Key Features
Make the most of Ghidra on different platforms such as Linux, Windows, and macOS
Leverage a variety of plug-ins and extensions to perform disassembly, assembly, decompilation, and scripting
Discover how you can meet your cybersecurity needs by creating custom patches and tools
Book Description
Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs.
You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You'll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you'll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project.
By the end of this Ghidra book, you'll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks.
What you will learn
Get to grips with using Ghidra's features, plug-ins, and extensions
Understand how you can contribute to Ghidra
Focus on reverse engineering malware and perform binary auditing
Automate reverse engineering tasks with Ghidra plug-ins
Become well-versed with developing your own Ghidra extensions, scripts, and features
Automate the task of looking for vulnerabilities in executable binaries using Ghidra scripting
Find out how to use Ghidra in the headless mode
Who this book is for
This SRE book is for developers, software engineers, or any IT professional with some understanding of cybersecurity essentials. Prior knowledge of Java or Python, along with experience in programming or developing applications, is required before getting started with this book.
Table of Contents
Getting Started with Ghidra
Automating RE Tasks with Ghidra Scripts
Ghidra Debug Mode
Using Ghidra Extensions
Reversing Malware Using Ghidra
Scripting Malware Analysis
Using Ghidra Headless Analyzer
Auditing Program Binaries
Scripting Binary Audits
Developing Ghidra Plugins
Incorporating New Binary Formats
Analyzing Processor Modules
Contributing to the Ghidra Community
Extending Ghidra for Advanced Reverse Engineering
2021 | 332 Pages
@iranopensource🐧
Detect potentials bugs in your code or program and develop your own tools using the Ghidra reverse engineering framework developed by the NSA project
Key Features
Make the most of Ghidra on different platforms such as Linux, Windows, and macOS
Leverage a variety of plug-ins and extensions to perform disassembly, assembly, decompilation, and scripting
Discover how you can meet your cybersecurity needs by creating custom patches and tools
Book Description
Ghidra, an open source software reverse engineering (SRE) framework created by the NSA research directorate, enables users to analyze compiled code on any platform, whether Linux, Windows, or macOS. This book is a starting point for developers interested in leveraging Ghidra to create patches and extend tool capabilities to meet their cybersecurity needs.
You'll begin by installing Ghidra and exploring its features, and gradually learn how to automate reverse engineering tasks using Ghidra plug-ins. You'll then see how to set up an environment to perform malware analysis using Ghidra and how to use it in the headless mode. As you progress, you'll use Ghidra scripting to automate the task of identifying vulnerabilities in executable binaries. The book also covers advanced topics such as developing Ghidra plug-ins, developing your own GUI, incorporating new process architectures if needed, and contributing to the Ghidra project.
By the end of this Ghidra book, you'll have developed the skills you need to harness the power of Ghidra for analyzing and avoiding potential vulnerabilities in code and networks.
What you will learn
Get to grips with using Ghidra's features, plug-ins, and extensions
Understand how you can contribute to Ghidra
Focus on reverse engineering malware and perform binary auditing
Automate reverse engineering tasks with Ghidra plug-ins
Become well-versed with developing your own Ghidra extensions, scripts, and features
Automate the task of looking for vulnerabilities in executable binaries using Ghidra scripting
Find out how to use Ghidra in the headless mode
Who this book is for
This SRE book is for developers, software engineers, or any IT professional with some understanding of cybersecurity essentials. Prior knowledge of Java or Python, along with experience in programming or developing applications, is required before getting started with this book.
Table of Contents
Getting Started with Ghidra
Automating RE Tasks with Ghidra Scripts
Ghidra Debug Mode
Using Ghidra Extensions
Reversing Malware Using Ghidra
Scripting Malware Analysis
Using Ghidra Headless Analyzer
Auditing Program Binaries
Scripting Binary Audits
Developing Ghidra Plugins
Incorporating New Binary Formats
Analyzing Processor Modules
Contributing to the Ghidra Community
Extending Ghidra for Advanced Reverse Engineering
2021 | 332 Pages
@iranopensource🐧
💎 آدمها مثل کتابند!
از روی بعضیها باید مشق نوشت، بعضی را باید چند بار خواند تا مطالبشان را درک کرد، ولی بعضیها را باید نخوانده کنار گذاشت
ویکتور هوگو
@iranopensource🐧
از روی بعضیها باید مشق نوشت، بعضی را باید چند بار خواند تا مطالبشان را درک کرد، ولی بعضیها را باید نخوانده کنار گذاشت
ویکتور هوگو
@iranopensource🐧
Iran Open Source (IOS)
⭕️ #خبر: هشدار گوگل درباره افزایش حملات سایبری نیروی سپاه @iranopensource🐧
⭕️ #خبر: هشدار گوگل درباره افزایش حملات سایبری نیروی سپاه
گوگل درباره افزایش چشمگیر فعالیتهای هکرهای حکومتی وابسته به جمهوری اسلامی و روسیه در سال جاری هشدار داده است.
بنابر گزارشی که روزنامه بریتانیایی گاردین، روز جمعه ۲۳ مهرماه، منتشر کرده است، گروه پژوهشهای سایبری گوگل، اعلام کرد: گوگل در سالجاری بیش از پنجاه هزار هشدار درباره «حملات فیشینگ» یا «بدافزارهای حکومتی» به دارندگان حسابهای این شرکت ارسال کرده است.
بر اساس این گزارش، شرکت گوگل تایید کرد: خطرات سایبری نسبت به مدت زمان مشابه در سال گذشته افزایش یکسومی داشته است.
این شرکت در گزارش اخیر خود به طور خاص بر گروهی از هکری وابسته به نیروی سپاه، موسوم به «بچه گربه ملوس»، تمرکز کرده است.
بر پایه گزارش گوگل، «بچه گربه ملوس» یکی از گروههایی است که این شرکت مجبور شده است در جریان انتخابات ۲۰۲۰ ایالات متحده به دلیل هدف قراردادن کارکنان کارزارهای انتخاباتی با آنها دست و پنجه نرم کند.
گروه «بچه گربه ملوس» متهم است که در اوایل سال ۲۰۲۱، به وبگاه «مدرسه مطالعات خاوری و آفریقایی» دانشگاه لندن، حمله سایبری کرده است.
آنها از طریق یک کارزار فیشینگ تلاش کردهاند، اطلاعات اشخاص مرتبط با این موسسه آموزش عالی مشهور را به سرقت ببرند.
@iranopensource🐧
گوگل درباره افزایش چشمگیر فعالیتهای هکرهای حکومتی وابسته به جمهوری اسلامی و روسیه در سال جاری هشدار داده است.
بنابر گزارشی که روزنامه بریتانیایی گاردین، روز جمعه ۲۳ مهرماه، منتشر کرده است، گروه پژوهشهای سایبری گوگل، اعلام کرد: گوگل در سالجاری بیش از پنجاه هزار هشدار درباره «حملات فیشینگ» یا «بدافزارهای حکومتی» به دارندگان حسابهای این شرکت ارسال کرده است.
بر اساس این گزارش، شرکت گوگل تایید کرد: خطرات سایبری نسبت به مدت زمان مشابه در سال گذشته افزایش یکسومی داشته است.
این شرکت در گزارش اخیر خود به طور خاص بر گروهی از هکری وابسته به نیروی سپاه، موسوم به «بچه گربه ملوس»، تمرکز کرده است.
بر پایه گزارش گوگل، «بچه گربه ملوس» یکی از گروههایی است که این شرکت مجبور شده است در جریان انتخابات ۲۰۲۰ ایالات متحده به دلیل هدف قراردادن کارکنان کارزارهای انتخاباتی با آنها دست و پنجه نرم کند.
گروه «بچه گربه ملوس» متهم است که در اوایل سال ۲۰۲۱، به وبگاه «مدرسه مطالعات خاوری و آفریقایی» دانشگاه لندن، حمله سایبری کرده است.
آنها از طریق یک کارزار فیشینگ تلاش کردهاند، اطلاعات اشخاص مرتبط با این موسسه آموزش عالی مشهور را به سرقت ببرند.
@iranopensource🐧
Iran Open Source (IOS)
💎 Infosec Strategies and Best Practices @iranopensource🐧
💎 Infosec Strategies and Best Practices
Advance your career as an information security professional by turning theory into robust solutions to secure your organization
Key Features
• Convert the theory of your security certifications into actionable changes to secure your organization
• Discover how to structure policies and procedures in order to operationalize your organization's information security strategy
• Learn how to achieve security goals in your organization and reduce software risk
Book Description
Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats.
The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.
By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
What you will learn
• Understand and operationalize risk management concepts and important security operations activities
• Discover how to identify, classify, and maintain information and assets
• Assess and mitigate vulnerabilities in information systems
• Determine how security control testing will be undertaken
• Incorporate security into the SDLC (software development life cycle)
• Improve the security of developed software and mitigate the risks of using unsafe software
Who this book is for
If you are looking to begin your career in an information security role, then this book is for you. Anyone who is studying to achieve industry-standard certification such as the CISSP or CISM, but looking for a way to convert concepts (and the seemingly endless number of acronyms) from theory into practice and start making a difference in your day-to-day work will find this book useful.
2021 | 272 Pages
@iranopensource🐧
Advance your career as an information security professional by turning theory into robust solutions to secure your organization
Key Features
• Convert the theory of your security certifications into actionable changes to secure your organization
• Discover how to structure policies and procedures in order to operationalize your organization's information security strategy
• Learn how to achieve security goals in your organization and reduce software risk
Book Description
Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats.
The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.
By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
What you will learn
• Understand and operationalize risk management concepts and important security operations activities
• Discover how to identify, classify, and maintain information and assets
• Assess and mitigate vulnerabilities in information systems
• Determine how security control testing will be undertaken
• Incorporate security into the SDLC (software development life cycle)
• Improve the security of developed software and mitigate the risks of using unsafe software
Who this book is for
If you are looking to begin your career in an information security role, then this book is for you. Anyone who is studying to achieve industry-standard certification such as the CISSP or CISM, but looking for a way to convert concepts (and the seemingly endless number of acronyms) from theory into practice and start making a difference in your day-to-day work will find this book useful.
2021 | 272 Pages
@iranopensource🐧
♦️#خبر: تلگرام از مرز ۱ میلیارد بار دانلود عبور کرد
🔹تعداد دانلودهای تلگرام در گوگلپلی از ۱ میلیارد بار دانلود گذشت. پیش از این نیز مدیر تلگرام اعلام کرده بود به دلیل رشد سریع کاربران، در آخرین آپدیت مهم تلگرام از معماری ۶۴ بیتی برای ذخیره سازی مقادیر استفاده شده است.
@iranopensource🐧
🔹تعداد دانلودهای تلگرام در گوگلپلی از ۱ میلیارد بار دانلود گذشت. پیش از این نیز مدیر تلگرام اعلام کرده بود به دلیل رشد سریع کاربران، در آخرین آپدیت مهم تلگرام از معماری ۶۴ بیتی برای ذخیره سازی مقادیر استفاده شده است.
@iranopensource🐧