AND A FREELANCE SECURITY CONSULTANT APART FROM MY WORK AT THE ORGANIZATION, I PERFORM SECURITY RESEARCH AND IN MY FREE TIME I CODE. MY RECENT ACHIEVEMENTS INCLUDE FINDING CRITICAL FLAWS AT CENTRAL INDUSTRIAL SECURITY FORCES, SEEDLMS AND CISCO . APART FROM THAT, I HAVE SECURED CANVA, MASTERCARD, OLD-GAMES, ISC2, DELL, LENOVO AND OTHER COMPANIES
IN CURRENT SITUATIONS 2) THE MAIN QUESTION WITH CONCERN : WHY OFFENSIVE SECURITY...????🤔 🤔 🤔 3) ARRANGEMENTS OF SECURITY WITH RESPECT TO ORGANIZATIONS. 4) OFFENSIVE SECURITY CONTRIBUTION : PUSHING FOR OPTIMUM SECURITY 5) THREAT INTELLIGENCE : OUTSIDERS, AS WELL AS INSIDER THREAT INTELLIGENCE 6) KEY LEARNINGS FOR GETTING STARTED IN OFFENSIVE SECURITY..?? 7) AREAS OF JOB OPPORTUNITY IN OFFENSIVE SECURITY IN DEVELOPED AND DEVELOPING COUNTRIES TOPIC OF DISCUSSIONS
YOU BELIEVE THAT THIS ALONE IS OFFENSIVE SECURITY, THEN YOU MIGHT BE ABSOLUTELY WRONG.... OFFENSIVE SECURITY IS A MINDSET, WHERE EVERY STEP TAKEN BY THE ORGANIZATIONS AND ITS CORRESPONDENCE ARE TESTED FOR WEAKNESS, EXPLOITED ETHICALLY AND IS THEN REPORTED TO THE ORGANIZATION FOR MITIGATION. IT CONSISTS OF A COMPLETE SECURITY CHECK
PERSONALLY IDENTIFIABLE INFORMATION LEAKAGE THAT TOOK PLACE IN ORGANIZATIONS (THAT WERE PROMINANT IN NATURE) HCL PII BREACH(2019) DOMINOZ BREACH (2021) ACCENTURE MASSIVE PII (2021)
SECURITY INFRASTRUCTURES. SOME LAY STRESS ON DEFENSE WHILE SOME OVER STRENGTHENING THERE PRODUCTS MORE COMPARED TO DEFENSE MECHANISM -> THERE MIGHT BE SOME KEY DIFFERENCES (DEALING WITH SDLC) BUT MOST OF THEM HAVE SIMILAR MECHANISMS. -> CURRENT AND NEWLY FOUND ZERO-DAY VULNERABILITIES ARE TAKEN CARE BOTH WITH RESPECT TO AUTOMATED TOOLS AND MANUAL TESTING. -> DIFFERENT ORGANIZATIONS HAVE DIFFERENT TOOLS TO WORK ON FOR INFORMATION SECURITY. IBM Q-RADAR AND INFOSEC LIFE CYCLE PWC SECURITY LIFE CYCLE HONEYWELL INFOSEC LIFE-CYCLE +
GOD-FATHER OF ALL THE ASSETS OF THE ORGANIZATION. IF THAT IS LOST, EVERYTHING IS BREACHED 2) CLIENTS RELY ON ORGANIZATIONS WITH LATEST UPDATES AND FEATURES WITH STRATEGIC TESTING. CLIENTS HAVE ALL THE RIGHT TO KNOW ABOUT FEATURES AND END GOALS. 3) USING FIREWALLS FROM DIFFERENT VENDORS IS GOOD, BUT THE ORGANIZATIONS SHOULD HAVE THE IDEA OF IMPLEMENTATION FROM CORE, SO THAT AFTER A BREACH (REAL LIFE OR WHILE TESTING), TEAMS SHOULD HAVE THE IDEA OF SECURING ITS ASSETS (AFTER THE EFFECTS) 4) DIFFERENT TEAMS WITH EQUAL SHARE OF RESPONSIBILITY AND RIGHT DISTRIBUTION IS THE KEY FEATURE OF OPTIMUM SECURITY. 5) DOCUMENTATIONS ABOUT PRODUCTS FEATURES SHOULD BE PRESENT, BUT NOT ABOUT ITS IMPLEMENTATIONS.
ARE THE VERY BIG TROUBLE THAT WE DEAL IN OUR LIFE. IT IS LIKE, IF ONE HAS DEFAULT FIREWALLS, THEN IT CAN BE DDOS'D EASILY. IMPLEMENTATION OF MANUAL CONFIGURED FIREWALLS IS THE KEY STEP FOR OPTIMUM SECURITY. -> INSIDER THREAT INTELLIGENCE (ONCE IN A BLUE MOON, BUT CURRENTLY AT VERGE) IS OPTIMISED IN DIFFERENT WAYS, SUCH AS RESTRICTION POLICIES, AUTOMATED END-UP FEATURES OF USER ACCOUNTS AND MANY MORE. -> THREAT INTELLIGENCE IS NOT ONLY RESTRICTED TO TOOLS AND FIREWALLS, BUT IS ELABORATED TO DIFFERENT AREAS, STARTING FROM PROGRAMMING THE PRODUCT / INFRASTRUCTURE ARCHITECTURE BUILD-UP TO DEPLOYMENT. TEAMS NEED TO BE ATTENTIVE AND NEED NOT TO BE ALWAYS DEPENDED OVER AUTOMATED TOOLS AND TECHNIQUES.
THE BASIC KNOWLEDGE OF NETWORK ARCHITECTURES AND IMPLEMENTATIONS, OPERATING SYSTEMS AND DATABASE MANAGEMENT SYSTEMS. 2) START TO DEAL WITH MACHINES THAT ARE PRESENT AT VULNHUB, HACKTHEBOX AND TRYHACKME THAT ARE ABSOLUTELY FREE OF COST 3) ONE CAN ALSO TRY OWASP MACHINES FOR GETTING STARTED. 4) PORTSWIGGER, KONTRA ARE YOUR FRIEND FOR LEARNING OFFENSIVE SECURITY TESTING 5) ALWAYS REMEMBER : READ THE DOCUMENTATIONS OF TESTING PRODUCTS OF ORGANIZATIONS , AS MUCH AS POSSIBLE 6) REMEMBER TO WORK IN TEAMS MORE WITH RESPECT TO ORGANIZATIONS, TO ELIMINATE THE PROBLEM.
chenzhen
cbtlibrary
pnuslide
nonxxxizm
martine
signer
utokyoissr2360
matleenalaakso
codeforeveryone
d_date
ikefukurou777
asial_corp
sonatard
brad_frost
vanstee
kastner
philhawksworth
mza
jonyablonski
caitiem20
zenorocha
paulrobertlloyd
samanthasiow
shpigford
