Phishing is getting more sophisticated

phishing 01

Standard email with a link inside the email linking back to a compromised website.

You often find phishing attacks in your email and they are sometimes removed by the antivirus software in your organisation.  One of the ways you are protected is the antivirus scanning attachments and quarantine infected emails, however they are using ‘escaped’ characters and let the browser interpret the escape characters and then interpret that as normal HTML code.

The normal emails that you see often tried to send you a link which you click on, and this will take you to a compromised site that looks similar to your bank website and try and dupe you to enter your logon credentials.

Later attempts by fraudsters adding an attachment which when you opened it with a text reader, you could easily see that it ...

Read More

CISSP Certification

The CISSP Exam sets aside six hours for individuals to write, but with our training providing a well detailed foundation and information on the domains, and the dedication of hard-working individuals, one allows for wonderful results!

Below is an e-mail our trainer Mervin received after a student who attended the CISSP Training  wrote his exam recently. The student’s name has been changed in order to keep their anonymity.

With receiving the CISSP certification, one receives the opportunity for more doors to open and provides knowledge that will always be advantageous.

“Hi there,

I passed. The boot camp was ample preparation for the task. I wrote in 90 minutes and panicked about that.

Thanks for the exceptional prep. It is greatly appreciated!

Regards,

J.R. Tolkien”

The CISSP certific...

Read More

Student Feedback

The feedback below is given by students who have taken part in various courses provided by SACS. Their anonymity has been kept as to safeguard their personal information as well as that of the companies.

“This lecturer is a motivator. He is filled with knowledge and also challenges his audiences to think. The course was an eye-opener and makes you wonder how secured is our work environment.”

– Private

“The presenter demonstrated a high level of the content knowledge and was able to communicate the knowledge across. This course is excellent. The continuous relationship after training is the best idea.”

– Financial Institution

“Mervin is extremely knowledgeable and it is good to have him as a reference. The course has opened my eyes to various new methodologies...

Read More

Some free resources for CISSP Domain 06 – Security Assessment & Testing (2015)

Going to be an exiting exercise to deliver online training as a free resource for the Security Assessment & Testing domain for the 2015 CISSP curriculum.

Go to the subscription list

Read More

A fine line between ‘Accidental Discovery’ and Hacking

A fine line between ‘Accidental Discovery’ and Hacking

Lets set the scene using a local law (ECT Act of 2002) and set the scene for a few cases and use the following definition for the Act.

Hacking and Cracking Tools

Government using cracking tools to install Windows?

“Access” includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.

Disclaimer: I do not condone any form of unauthorised access to any system.

I would like to draw attention on two previous newsletters we have raised to the relevant contacts evidence of the website that was hacked many years ago.

  • Government example
    • First public notice August 2012 however evidence of the hack was seen by us on the 9th of May 2011 due to ...
Read More

The enemy from within

The enemy from within

The Enemy within

The enemy from within

How much do you trust those that are entrusted with the accountability of securing your system?  This seems to be a huge problem with all walks of life and it is ‘The enemy from within’!

  1. Internal IT staff colluding with syndication to create remote access points into a bank to commit fraud
  2. Police services being found with hijacked (car-jacked) and stolen motor vehicles at his residence
  3. Anti-poaching spokesman to be charged with rhino poaching

Everyone of these examples has a commonality… and this is an external influence such as syndication organised crime.  Three types of staff exist and they can be qualified as follows:

  1. The first type WILL look for a fraud opportunity and commit it.
  2. The second type WILL NOT look for the opportunity, however whe...
Read More

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

CISSP Domain Changes for 2015

The number of domains are being reduced from ten to eight with some exciting adaptations.  It is important that the content of any certification is updated to be inline with real-world scenarios.  The last update was in 2012 and for 2015 there are some major changes.  The changes in 2012 were minimal and reflected more on the naming and the weight and importance of the domains.  Here is the table with CISSP Domain Changes for 2015  with 2012 as a reference as well as some personal observations.

The first domain in the list is ‘Security and Risk Management’ which is a nice update which takes many attributes into consideration such as the security function in an organisation to address the Persistent Threat Matrix (PTM)...

Read More

CISSP Boot Camp – March 2015

CISSP Boot Camp – March 2015

Time to up your personal marketability by obtaining a certification in your field.

Join me for a long term evolution on your career. Knowledge is a journey that has to be tackled everyday.   When I wrote my CISSP exam in 1997 there were very few books available to help with studies.

We will be running a instructor led CISSP Boot Camp with online lectures before and after the course with mentoring of students along the way.  This is a longterm relationship going past the boundaries of being just a student.

If you are keen to get up and running visit our CISSP information page and register at the old price and become part of the the evolution of your career.  We will have the following for old and new:

  1. Access to the eLearning site, including future enhance...
Read More

Active vs Passive Policing

Active vs Passive Policing

You may have all the boxes checked on your balance score card.  Bought the latest and greatest security software, firewalls, Intrusion Prevention Systems

cops-800x600

Police ensure that youngsters are inline with the rules

and finally have your security staff complement that you have been fighting for.  The problem you have had all along should be gone now… But is it really?

I have recently travelled to Portugal and have seen active policing in all the main cities I have travelled to.  In Lisbon you have police walking around 24-hours a day.  At night the patrol the streets alone.  Not two or more, one at a time with a radio and visible arms.  In the capital city of Madeira, Funchal, the same type of behaviour.  The end result is a much safer environment for all...

Read More

SACS Assessment Collector V1.1

SACS Assessment Collector V1.1

SACS Assessment Collector is a standalone application which assists in the collection of information on remote workstations and servers and saving this in a compressed and encrypted file which can be analysed centrally.

SACSAss

Download the application <Click Here>

Usage

  1. Copy the application to a USB or to a drive where remote users can execute it.
  2. Execute the Application – this may take a while as detailed analysis are done
  3. When the application execution is complete a .zip (compressed file) with the machine name would have been created.
  4. Send this file to the central body for import and analysis

We recommend any file that you will execute on your environment to be submitted to VirusTotal for a complete analysis on most of the malware scanning engines.

This i...

Read More