Try Hack Me – Advent of Cyber 3 – Day 2 – Cookies

HTTP(S) For your computer and a webserver to communicate with each other, an intermediary protocol is required. This is where the HTTP (Hypertext Transfer Protocol) is introduced! The HTTP protocol is a client-server protocol to provide communication between a client and a webserver. HTTP requests are similar to a standard TCP network request; however, HTTP adds specific…

Try Hack Me – Advent of Cyber 3 – Day 1 – IDOR

What is an IDOR vulnerability? IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability. An access control vulnerability is when an attacker can gain access to information or actions not intended for them. An IDOR vulnerability can occur when a web server receives user-supplied input to retrieve objects (files,…

HIPAA Simplified {Part 2 – Definitions & Lexicons}

Authorization A Covered Entity (CE) is not allowed to share or disclose Protected Health Information (PHI) for reasons other than those specifically allowed by the HIPAA Privacy Rule. The Privacy Rule covers allowable usage and disclosure of PHI including to whom the information can be disclosed and under what circumstances the information can be shared….

HIPAA Simplified {Part 1 – Timeline & Overview}

Having worked in the healthcare industry for almost a year now, I feel compelled to simplify the requirements of HIPAA compliance. I hope this and the upcoming articles in the series will help you to better understand these requirements. The purpose of this series is to give an introduction to the HIPAA (Health Insurance Portability…

All AWS Concepts and Services for AWS Cloud Practitioner Exam (Simplified)

Cloud Computing – storing your data at someone else’s computer / using someone else’s CPU to perform processing / both Infrastructure as a Service (IaaS) – Hardware, bare-metal Platform as a Service (PaaS) – Infrastructure + Operating System Software as a Service (SaaS) – Infrastructure + Operating System + Software Scalability – Easily grow based on demand Elasticity – Easily shrink…

How I passed CGEIT in the first attempt and you can too!

ISACA’s CGEIT certification is aimed at IT professionals responsible for directing, managing, and supporting the governance of IT. I passed the ISACA’s CGEIT exam on Apr 26, 2020. Here’s a brief of my preparation strategy and the resources I used. Strategy: Like previous ISACA and (ISC)2 certifications, I started with the CGEIT Review Manual from ISACA…

Microsegmentation & Machine Learning

What is Microsegmentation? The idea behind Microsegmentation is to split a single corporate network into lots of multiple application/workflow networks that are separated by a firewall to achieve better speed and security. This process of having a dedicated microsegment also helps reduce the attack surface on a network and make the trust regions smaller. Though…

Vulnerability Management, Vulnerability Management v/s Penetration Testing, Vulnerability Management Lifecycle

Vulnerability Management (VM) is one of the most important exercises for keeping a system secure. In his post, I would sum up the different phases of Vulnerability Management. But before that, I would like to clarify the distinction between Vulnerability Management and Penetration Testing (PT). Difference between VM and PT VM is the practice of…

Difference between Accreditation and Certification

Many people use ‘Accreditation’ and ‘Certification’ interchangeably, but they are not the same. Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official acceptance of the information in the certification process findings. For example, if a company is planning to undergo an ISO 27001 certification. The company…