TOGAF 9.1 - Where to start?

Good place to start with TOGAF is not safaribooksonline.com nor the skillport but Youtube. Perfect jump start course can be found here: https://www.youtube.com/playlist?list=PL2FF5FCBA1AF9B8FA

From there you can switch to official documentation or books available on safaribooksonline.com
TOGAF 9.1 (90-Day Evaluation) can be found here - you must have an email verified account.
https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?catalogno=I112

Read More

WPScan Wordpress Vulnerability Scan - Installation and Usage

WPScan installation on Ubuntu

Install packages

apt-get install git
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
apt-get zliblg-dev liblzma-dev

Use git to clone branch of WPScan

git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development

Lunch it with ruby and check usage options

ruby wpscan.rb

To update WPSca

git pull

 

WPScan Scanning for Vulnerabilities

Quick Scan

ruby wpscan.rb --url http://wpsite.com

Vulnerable Plugins Scan

ruby wpscan.rb --url http://wpsite.com --enumerate vp

Vulnerable Themes Scan

ruby wpscan.rb --url http://wpsite.com --enumerate vt

User Enumeration Scan

ruby wpscan.rb --url http://wpsite.com --enumerate u

Password Scan

ruby wpscan.rb --url http://wpsite.com --wordlist passwords.txt threads 100

*password.txt is not part of the source, you can download dictionary file from many places.. for example: https://github.com/danielmiessler/SecLists/tree/master/Passwords

More information about the tool can be found here https://wpscan.org/.

Read More

Targeted Attack, The Game

The Game "Targeted Attack", puts you in the driving seat. You are the CIO of a global organization called "The Fugle", on the verge of making the first release of a biometrically authenticated mobile payment app. You will steer the project through its final stages, dealing with your internal security team, your colleagues in Marketing and PR and of course your CEO

I highly recommend it - just give it a shot.

http://targetedattacks.trendmicro.com/

Read More

How to Pass CompTIA Security+

I recently took CompTia Security+ SY0-401 exam (September 2016) and passed on my first attempt. You definitely have to prepare for the test. I finished within 60min, that gave me some time to review my questions. I changed about 5 normal and 1 interactive questions. As a non native English speaker I've received additional 30 min of time, but it wasn't needed.

 

Here is How I propose to study for the exam.

Jump start with safari video course, don't worry 10-day free Safari trial should be enough.

• https://www.safaribooksonline.com/library/view/comptia-security-sy0-401/9780133888706/part00.html?autoStart=True

Study Exam Glossaries.

• http://www.examcompass.com/comptia-security-plus-certification-exam-glossary
• http://www.examcompass.com/malware-glossary

Study common Ports.

• https://en.wikipedia.org/wiki/Port_(computer_networking)#Common_port_numbers
• https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports  
• http://www.examcompass.com/comptia-security-plus-certification-port-numbers-quiz

Study DOD and OSI model.

• https://www.google.com/search?q=osi+dod+model&source=lnms&tbm=isch

Prepare for your exam with free practice tests.

• http://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests

Read More