Emails… Talk to family and friends about them…

How many emails do you get every day? Or how many email addresses do you have? I have multiple email addresses, and even though I try to limit the number of emails received by unsubscribing to newsletters the number is high.

But what is it that I want you to talk to people about? Basically, it is to be careful. Most attacks start with an email, and this can happen both in private and at work. Will these tips help? I guess not on all, but on the generic spam/phishing emails, it will help.

Please get them to check this if you receive an email(Yes on all of them)

  • Did you expect the email?
    If not why are you getting this email?
  • Do you know the person/company sending it?
    If not why are you getting this email?
  • Are there attachments? If so, what type?
    Always be careful with attachments, don’t download or open them if you don’t expect them or need them.
  • Are there any links? Do they go to legitimate domains?
    Don’t click on links, you can hover your mouse above them to see where they will take you. If there is a link you should not click it, but open a window in your browser and write manually where you want to go(if it is from your bank or somewhere else, visit the site the way you use to).
  • Does the from email address look valid?
    It is easy to fake a from address. But if the name says john doe, and the email address is jane.doe@something.com something is fishy.
  • Is the text/offer too good to be true?
    No one is offering you money, bitcoin or gold!
  • Does the text/offer try to get you to do something in a hurry?
    When doing something quick, it is easier to make bad decisions

I know there is a lot of technical stuff that can be used and is used to help us with this. You can look at the headers, stuff like spf, dkim, dmarc, etc. But for the normal not tech-savvy person I would recommend the steps above.

If you have other tips please comment below.

New to Infosec?

When I first started looking into InfoSec the biggest problem was where to start. Some things related to work was ok, but where and what for the rest?

There are some much information around; Courses, youtube, podcasts, blogs etc.
In this post I’ll create and maintain a list of what I read, watch and listen to.

WhoWhatWhere
SANSA daily short podcast.
I always try to listen to this before work.
https://isc.sans.edu/podcast.html
Is also available on Apple Podcasts etc.
twit.tvWeekly Podcast about everything happening in the infosec world. Some great episodes and some not so great.https://twit.tv/shows/security-now
Is also available on Apple Podcasts etc.
MalwareTech
Marcus Hutchins
He has some great content on different platformsYoutube
Twitter
TikTok
John HammondYouTube videos on a lot of different topics. He has some great walkthroughs on CTFs.Youtube
Bleeping ComputerA great source of newsbleepingcomputer.com
Hack the BoxCTF. I have a subscription here to get the webbased Parrot OS unlimited use.hackthebox.com
PicoCTFCTF. This is for all ages, fun but hard.picoctf.org
Try Hack MeCTF. Have some great learning tracks.tryhackme.com

If you have any recommendations for me to put in the list please comment below.

CTF’s

security logo
Photo by Pixabay on Pexels.com

When I started to work with infosec I tried a lot of different ways to learn new stuff. I took some courses, read books, watched videos, etc.

But to learn new things, with some help on the way I found out that playing CTFs is a great way. These websites make hacking into a game, by giving you systems to play with, and your job is to get the token(s).

It may be a website you have to get access to, a windows server with vulnerable samba, or maybe a router with a default username/password combination. Some of the sites often have walkthroughs you can look at if you are stuck, and they are great for learning. But remember, DO EVERYTHING yourself as well, that’s the way you learn. Another important thing to remember is that these techniques should only be used on testing like this, using it in the wild may be illegal.

Well enough chatting about, here is my list of some great CTF sites.

  • hackthebox The one I pay for atm, mostely because of great labs, and the Parrot OS you get access trough your webbrowser(a great way to make your self safe)
  • tryhackme Have some great intro tutorials.
  • picoctf For people from the age of 13 and up. But dont get fooled, some of them are real hard. Free