A quick look at Phishing Threats

A quick look at Phishing Threats

Fraudsters are getting more desperate and using increasingly more advanced hacking techniques and using zero-day attack.  In this example we have a look at, the threatening tone of non-payment of invoices and perform a very high-level analysis showing how some users can be easily duped.  In our Phishing exercises at large enterprises, we do find that using a cleverly crafted email, we have an average success rate of 15%.

Practice Safe HEX!

Read More

CISSP CBK Update effective 15 April 2018

Changes to the CISSP CBK content – April 2018

Every now and then the (ISC)2 changes the Common Body of Knowledge (CBK) content and over the years we have seen going from 10 domains to 8 domains. ‘Gone’ is the domain that many feared called Cryptography. Well it is not really gone, it was just ‘hidden’ inside the Security Architecture and Engineering domain.
We at SACS make sure that the training we deliver is current and it is updated and confirmed before any training session that is delivered. So, the May 2018 delivery will have the latest content included. We also address the content based on the actual distribution as in the examination. These are the spread of the domains in the examination.

  • Security and Risk Management 15%
  • Asset Security 10%
  • Security Architecture and Engineer...
Read More

Phishing is getting more sophisticated

phishing 01

Standard email with a link inside the email linking back to a compromised website.

You often find phishing attacks in your email and they are sometimes removed by the antivirus software in your organisation.  One of the ways you are protected is the antivirus scanning attachments and quarantine infected emails, however they are using ‘escaped’ characters and let the browser interpret the escape characters and then interpret that as normal HTML code.

The normal emails that you see often tried to send you a link which you click on, and this will take you to a compromised site that looks similar to your bank website and try and dupe you to enter your logon credentials.

Later attempts by fraudsters adding an attachment which when you opened it with a text reader, you could easily see that it ...

Read More

CISSP Certification

The CISSP Exam sets aside six hours for individuals to write, but with our training providing a well detailed foundation and information on the domains, and the dedication of hard-working individuals, one allows for wonderful results!

Below is an e-mail our trainer Mervin received after a student who attended the CISSP Training  wrote his exam recently. The student’s name has been changed in order to keep their anonymity.

With receiving the CISSP certification, one receives the opportunity for more doors to open and provides knowledge that will always be advantageous.

“Hi there,

I passed. The boot camp was ample preparation for the task. I wrote in 90 minutes and panicked about that.

Thanks for the exceptional prep. It is greatly appreciated!


J.R. Tolkien”

The CISSP certific...

Read More

Student Feedback

The feedback below is given by students who have taken part in various courses provided by SACS. Their anonymity has been kept as to safeguard their personal information as well as that of the companies.

“This lecturer is a motivator. He is filled with knowledge and also challenges his audiences to think. The course was an eye-opener and makes you wonder how secured is our work environment.”

– Private

“The presenter demonstrated a high level of the content knowledge and was able to communicate the knowledge across. This course is excellent. The continuous relationship after training is the best idea.”

– Financial Institution

“Mervin is extremely knowledgeable and it is good to have him as a reference. The course has opened my eyes to various new methodologies...

Read More

Some free resources for CISSP Domain 06 – Security Assessment & Testing (2015)

Going to be an exiting exercise to deliver online training as a free resource for the Security Assessment & Testing domain for the 2015 CISSP curriculum.

Go to the subscription list

Read More

A fine line between ‘Accidental Discovery’ and Hacking

A fine line between ‘Accidental Discovery’ and Hacking

Lets set the scene using a local law (ECT Act of 2002) and set the scene for a few cases and use the following definition for the Act.

Hacking and Cracking Tools

Government using cracking tools to install Windows?

“Access” includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.

Disclaimer: I do not condone any form of unauthorised access to any system.

I would like to draw attention on two previous newsletters we have raised to the relevant contacts evidence of the website that was hacked many years ago.

  • Government example
    • First public notice August 2012 however evidence of the hack was seen by us on the 9th of May 2011 due to ...
Read More

The enemy from within

The enemy from within

The Enemy within

The enemy from within

How much do you trust those that are entrusted with the accountability of securing your system?  This seems to be a huge problem with all walks of life and it is ‘The enemy from within’!

  1. Internal IT staff colluding with syndication to create remote access points into a bank to commit fraud
  2. Police services being found with hijacked (car-jacked) and stolen motor vehicles at his residence
  3. Anti-poaching spokesman to be charged with rhino poaching

Everyone of these examples has a commonality… and this is an external influence such as syndication organised crime.  Three types of staff exist and they can be qualified as follows:

  1. The first type WILL look for a fraud opportunity and commit it.
  2. The second type WILL NOT look for the opportunity, however whe...
Read More

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

The number of domains are being reduced from ten to eight with some exciting adaptations.  It is important that the content of any certification is updated to be inline with real-world scenarios.  The last update was in 2012 and for 2015 there are some major changes.  The changes in 2012 were minimal and reflected more on the naming and the weight and importance of the domains.  Here is the table with CISSP Domain Changes for 2015  with 2012 as a reference as well as some personal observations.

The first domain in the list is ‘Security and Risk Management’ which is a nice update which takes many attributes into consideration such as the security function in an organisation to address the Persistent Threat Matrix (PTM)...

Read More

CISSP Boot Camp

CISSP Boot Camp

Time to up your personal marketability by obtaining a certification in your field.

Join us for a long term evolution on your career. Knowledge is a journey that has to be tackled everyday.   When our lead trainer wrote his CISSP exam in 1997 there were very few books available to help with studies.

We will be running a instructor led CISSP Boot Camp with online lectures launching soon where we mentor students along the way.  This is a long-term relationship going past the boundaries of being just a student.

If you are keen to get up and running, visit our CISSP information page and register to become part of the the evolution of your career.  We will have the following for old and new:

  1. Access to the eLearning site, including future enhancements and development;
  2. Acce...
Read More