SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
[vc_row][vc_column][vc_column_text]To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files…
Security Information and Event Management (SIEM) is the foundation of Security Operations Center (SOC) as it can be used for several purposes. SIEM delivers actionable alerts that provide context and data to help investigate a potential incident or unusual behavior to detect something never seen before. SIEM organizes data of timeline, systems, and affected users…
As with any security assessment, risk is what moves an organization to act. Operational Impacts are a Red Team’s tool to demonstrate risks. This is one of the most effective methods of show risk to an organization’s senior leadership. Operational Impacts are actions or effects performed against a target designed to demonstrate physical, informational and…
Alongside the development of the world, organizations have started to interface more of their processes to the cyberspace. A company’s reputation, intellectual property (IP), staff, and customers are at risk of being compromised. To properly protect their assets, enterprise businesses need a solid cybersecurity strategy installed. New threats are emerging regularly; estimations show 300,000 new…
[vc_row][vc_column][vc_column_text]Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how it was executed. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as…
An ocean of data and security alerts are dispatched to organizations on a regular basis. According to the Achieving High-Fidelity Security research by EMA, 92% of organizations were receiving up to 500 events per day, and 88% percent of respondents said they were receiving up to 500 severe/critical alerts per day. To make the matters worse,…
To emulate an adversary or their TTPs, planning is key. Without planning, modeling a sophisticated actor can become extremely difficult, time-consuming, and costly. We have too often seen requests to emulate a highly sophisticated actor such as ‘APT group X’ or a ‘Nation State’ with little to no time or budget. Sophisticated actors have time,…
The term ‘hacking’ and ‘hacker’ first originated in the 1960s at MIT. Nowadays, the word hacker is associated negatively and mostly refers to thieves and cybercriminals. There is no official definition of a hacker, rather a vague idea among the masses. Originally, society viewed hackers as a clever or expert programmer whose sole purpose was…
Any business launched online in the cyber network is inevitably at risk of vulnerabilities — bugs and issues that can endanger the business infrastructure as well as public information and create irreparable damage. Consequently, many organizations are now using vulnerability rewards programs (VRP) such as Bug Bounties in order to have a safer business online…
[vc_row][vc_column][vc_column_text]File and directory permissions are commonly managed by discretionary access control lists (DACLs) specified by the file or directory owner. File and directory DACL implementations may vary by platform, but generally they are explicitly designated so that users/groups can perform actions ie.read, write, execute, etc. Adversaries may modify file or directory permissions/attributes to evade intended…