Cybersecurity, Cyber, IT, news, computer, security, hacker, whitehat, blackhat, gray hat, education, penetration tester, information security, hacking, video, operating system, OS, google,googledork, VM, online safety, internet security research, article, ethical, elearning, security+, technology, google hacking, windows administrator, tools, free tools, networking resources, SMB,help, cyber-security

Articles

cybersecurity articlesWelcome to the KMBL Security Public Article Archive.  Please feel free to review these publically released papers on a wide range of topics.  Due to the ever changing nature of security and forensics, this archive will grow as the need arises, so please check this area often.

Archive (Date Published Order)

Title Description
   
Leveraging SCAP Analysis to Achieve Host Hardening Security Content Automation Protocol (SCAP) Purpose, Measurements, and Expected Outcomes
Validating 3rd Party Providers meet your Cyber Protection Standards In light of the numerous high visibility hacks, maybe its time to look a bit closer to home.  Do you know if your contracted 3rd party vendors are meeting your organizational Cyber Protection Standards?  Review the suggested checklist and find out.
OPM and Breach Notifications, A Study in Execution Paralysis Months after the theft of highly sensitive personal information, well beyond the federal notification timelines, OPM still has not notified the over 21 million impacted users.  Review the issue and recommended courses that could serve as a road map for any organizational breach notification solution.
Suggested Solutions for Fixing Federal Government
IT
Ten recommendations for identifying and fixing Government IT Security (many of which apply to any organizations).
Unified Threat Sharing and its Consumption via Machine-to-Machine (M2M) Analytics - A Possible Future Scenario The cyber information sharing discussion has been a hot topic lately.  For those unfamiliar with how this sharing is likely to occur, MITRE is developing the STIX, TAXI, and CybOX standards.  If properly implemented, they will change the way everyone manages cybersecurity.  In this document I attempt to tie these standards to a conceptual incident, demonstrating how their tight integration could be woven together to enhance overall cyber security.
FREAK SSL Exploit and Detection Script This presentation covers the Factoring Attack on RSA-Export Keys (FREAK) issues providing a brief overview and provides methods for self detection of the susceptibility.  A NSL script and its usage is provided as well.
Reaffirmation - Defense in Depth strategy key to detection and prevention – A story of Social Media Link-baiting and Malware Targeting An overview of the importance of a Defense-in-Depth strategy including the practical application of a real-world link-baiting attack walkthrough.

Excerpt - Protecting Sensitive Information on State Networks This paper contains a quick walk through on how to classify data, the first step needed to assign the appropriate security controls for its protection.  The paper provides a workflow and several charts, some of the data is not easy to locate.  References include NIST 800-53, 800-60, and FIPS 199.
Cyber Defensive Operations and Incident Response Lessons Learned This paper addresses the core basics of Cyber Defensive Operations (DCO) within an organizations.  The paper is broken down into logical areas and provides a high level of detail.  Following this section is summarizing key lessons that can be taken away from one of the national cyber Incident Response (IR) exercises.  This lessons can be universally applied to any incident responder team, whether at the organization or national level.
Understanding Social Networking and its associated Risks This article addresses 5 key organizational goals and their associated risks.  The paper goes on to provide recommended topics to address to reduce risks associated with social media usage.
UML Class Diagrams Tutorial This article provides a step-by-step tutorial on how to create UML Class diagrams using Visio
Reducing Computer Compromise in Small to Medium (SMB) Business This article details the 7 important steps to identify, mitigate, and reduce risk and liability associated with the Information Security threats faced by small to medium sized businesses.
Black Friday and Cyber Monday Online Shopping Safety Tips 2011 This article covers the 10 things online shoppers should consider prior to online shopping.  These tips are designed to reduce the likelihood of identity and credit card theft.
Cloud-based Sensitive File Sharing A case study of how to share personally identifiable information between customers and business while reducing the risk to data breach.  Based on the California Privacy Laws.
Resetting Windows Passwords If you have lost or forgotten your Windows Password, have no fear, Hiren's is here.  Following this simple step-by-step article I found for a friend.  A copy of the utility is located on this website.

Warning - only perform this procedure on a system that you own or otherwise have the permission of the owner (recommend in writing), else this procedure my be illegal in some states.
Computer Memory Concepts This papers overviews the concepts of Main Memory, Secondary Memory, Virtual Memory, Memory Management, and Replacement Algorithms. This papers discusses how these mechanisms interact with each other and how the computer leverages them to obtain teh best perform possible with the given resources.
CPU Scheduling and Memory Management This papers overviews the symbiosis between central processing unit (CPU) scheduling and memory management handling processes. The First Come First Served (FCFS), Round Robin (RR), Shortest Process Next (SPN), and Shortest Remaining Time (SRT) scheduling algorithms are briefly discussed along with Rate Monotonic Scheduling and its applicability to both single processor and multitasking implementations.
Microsoft OS to Hardware Interaction Correlations A direct correlation of the concepts of memory management, processor scheduling, input / output, interrupts, system integrity, file system implementation, and security enforcement with regards to how Microsoft Operating Systems interrelate to the physical hardware.
Compacting a Microsoft VHD A Step-by-Step guide to modifying and compacting Static and Dynamic Virtual Hard Drives (VHD).
 
Google hacking Guide A guide to Google hacking also known as Googledorks.  This guide steps you through the concept and provides all the resources needed to get started in one summary article.
 
Conflicker (and Variants) A Summary of Tactics and Techniques A Summary of the tactics, Techniques, and impacts of the Conflicker Worm and its variants.
Becky Waring's Complete Guide to Windows 7 Keyboard Shortcuts A collections of highly useful time saving keyboard shortcuts for Windows 7
 
Mac OS Trojan Horse code now publically available Hackers are now beginning to target Mac OS X, ending the misinformed attitudes that Mac's can't get malware.
 
IPv4 Addressing Simplified A scenario based walk through of IPv4 addressing and subnetting (excellent educational resource).
 
Sample Defense-in-Depth White Paper Covers the concept of Defense in Depth in ten context of a fictitious company briefing to the CIO.
 
Sample User Computer Security Training Presentation A general computer user Security Awareness Training sample
 
Security Information and Event Management (SEIM) Appliances A business case for every medium to large-sized company
 
Windows Operating System Overview Understanding the symbiotic relationship between the User Interface (OS) and the Hardware platform
 
Social Networking Sites and their Associated Risks to the Enterprise An overview of the risks to your business and recommendations to avoid issues later.
 
Forcing a password Reset How to force the Administrator password to reset on non-domain Windows systems
 
Stuck on XP, Why? A Business Case for migrating from Windows XP to Windows 7
 
Beyond the 4GB Memory Barrier on 32-bit systems Using PAE Extensions to allow 32-bit Windows systems to see more than 3.5GB of system memory.