Juan Gonzalez’s Post

The MITRE ATT&CK Framework started off in 2015 as just a total of 9 tactics and 96 techniques and quickly gained traction for how threats and attacks were categorized and organized in security. It has since evolved to include 14 tactics, 191 techniques, 386 sub-techniques, and 134 groups, and covers 680 pieces of software. It is presented today as multiple different models (matrices) based on operating systems and environments. Here they stand today.: #attacknow #cybernow Matthew Peterson Michael Archuleta

Ready to rethink security? Our new LabZ’s white paper unveils how real-world testing and hands-on insights bring confidence to every choice. Get the full picture of how LabZ turns ideas into reliable solutions. https://lnkd.in/eFpuKJ5a #ZBetaLabZ #RethinkSecurity

In today's world, even networked security systems face risks. Altronix’s new white paper explores how their NetWay Spectrum Series reduces vulnerability by focusing on hardware-only design. A must-read for anyone in security: https://hubs.la/Q02WYzv20 #SES #AltronixCorp #SESWayWeDo #LowVoltage

CRRUD represents a significant enhancement to existing account security measures, particularly MFA and 2FA. By adding a recovery email and OTP-based verification, this model addresses critical vulnerabilities in traditional recovery methods and makes account takeover much more difficult for attackers. As online security threats continue to evolve, CRRUD offers a comprehensive and user-friendly solution for safeguarding accounts against sophisticated ATO attacks. Incorporating this model into modern web applications will not only improve security but also provide users with peace of mind when it comes to account recovery. For developers and security professionals looking to enhance their security systems, implementing CRRUD is a practical step forward. The dual-verification mechanism ensures that both account access and recovery are protected, raising the bar for account security in the digital age. Read full article here with code implementation

Exploring the use of the hexdump command to identify hardcoded credentials. Working with binaries often involves a bit of trial and error, especially in security assessments or reverse engineering. Commands like hexdump provide a raw, low-level view, helping us spot potential vulnerabilities that might otherwise be hidden. #reverseengineering #binaryanalysis

A pentester’s all-clear is a triumph, validating countless hours of work. But it’s just a moment in time. Security validations aren't finish lines to cross, but milestones on an endless journey. They serve as fuel for continuous improvement, reminding us that in the realm of digital security, 'good enough' is a dangerous illusion. Every new feature, every system update, every line of code is both an opportunity to strengthen our defenses and a potential chink in our armor. https://lnkd.in/dmuGEqZg

A #hacktivist group, Team Arxu, is on the rampage, causing website defacements and data breaches globally. Is your business prepared? Learn more about the attacks and how to protect yourself. Read the full story here: https://lnkd.in/gwKMBman

Ready to start strengthening your embedded device security? Learn more about how MITRE EMB3D™ can help protect your critical infrastructure through the IriusRisk automated threat modeling platform. Start off with this blog from Charles Marrow https://lnkd.in/eu9RZvPh #EmbeddedSecurity #CyberThreats #ThreatModeling #MITREEMB3D

How hard is it to get a free security scan for your business through Silicon Plains? If you read that top sentence the hard part is already over! 😂 Learn more! https://hubs.ly/Q02xKYJ60 #SiliconPlains #SecurityScan #boringsentences

Threat modeling for embedded devices is a hot topic. Check out this blog to learn more around the MITRE EMB3D framework in IriusRisk!