Posted on 19 Sep 2023 by Ray Heffer
For those of you interested in cybersecurity, or perhaps if you work in the field, you’ll face the massive topic of cryptography sooner or later. I wouldn’t call myself a cryptography expert by any means. The subject is vast, fascinating, and can be quite intimidating, especially with all the math involved! I prefer to learn complex topics by breaking them down into smaller parts, which, by the way, is the essence of Shamir’s Secret Sharing. Segmenting a topic into more manageable chunks makes it easier to grasp the concepts.
During my endeavor to expand my cryptography knowledge, I decided to write this post on Shamir’s Secret Sharing. Don’t worry, you don’t need a master’s degree in cryptography to grasp the essence of this brilliant algorithm. I’ll do my best to ensure you walk away from this blog post with a good understanding of its inner workings as well as its real-world applications!
I’ve also included some Python script here which you can use along with the example in the blog, to reconstruct the secret.
Posted on 07 May 2023 by Ray Heffer
In the ever-evolving world of cybersecurity, Chief Information Security Officers (CISOs) play a crucial role in safeguarding organizations against threats and ensuring compliance with various regulations. To help CISOs navigate the challenging cybersecurity landscape, I have put together a series of articles that delve into essential insights and best practices. Here I introduce to you, the CISO Mindset series.
As you saw in my previus blog post, I decided to leave Twitter, so I have been experimenting with sharing my insights on LinkedIn. So far I must say the engagement has proven to be far better! If you enjoy my posts, please consider following me and leaving a comment over on LinkedIn. Your feedback will encourage me to continue sharing more articles!
Posted on 10 Apr 2023 by Ray Heffer
Welcome to episode three of The Lockdown - Practical Privacy and Security podcast.
This episode was recorded on March 9, 2023
Follow Ray on Twitter @rayheffer
Intro music: The Lockdown by Ray Heffer
The case of Zachary McCoy: https://12ft.io/proxy?q=https%3A%2F%2Fwww.westernjournal.com%2Finnocent-man-discovers-google-tracked-location-gave-info-police%2F
Tracking Phones, Google Is a Dragnet for the Police: https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html
Denmark frees 32 inmates over flaws in phone geolocation evidence: https://www.theguardian.com/world/2019/sep/12/denmark-frees-32-inmates-over-flawed-geolocation-revelations
This week’s episode:
“The rights of one are as sacred as the rights of a million.” - Eugene V. Debs
Posted on 16 Mar 2023 by Ray Heffer
I’m constantly seeking new opportunities to enhance my expertise and broaden my understanding in the field of cyber. In 2021, I successfully completed the Certified Ethical Hacker (CEH) exam offered by EC-Council, followed by the CISSP last year—both of which showcased diverse aspects of cybersecurity. In my day-to-day work, I collaborate with both security engineering teams and CISOs, as I hop from one meeting to the next, which requires me to transition between technical and strategic discussions. This skill has proven to be incredibly valuable in my career.
As someone who has always been deeply immersed in the technical aspects of cybersecurity, I find it essential to maintain and nurture that passion, even as I continue to evolve in my career. Participating in Capture The Flag (CTF) challenges during my evenings allows me to stay up to date with my hands-on skills. This is why I find the Offensive Security Certified Professional (OSCP) exam so appealing.
Posted on 04 Feb 2023 by Ray Heffer
Note: Once the exam is finished, you will have a further 24 hours to upload your documentation.
Pass: 70/100 points to pass the exam
60 points: BOF (Buffer Overflow), 1 Easy, 1 Hard
40 points: Active Directory Set
Thanks to TJ Null, for this awesome list of Hack The Box an Proving Grounds OSCP like machines to practice with. The first link below for his blog outlines OSCP boxes for both Proving Grounds and HTB, plus there is an updated HTB list by Rana Khalil, so thanks also to Rana!
Here is the order that I’d recommend based on other people experiences with the OSCP exam. Start with TryHackMe, especially if you are new to this. TryHackMe will be a much easier point of entry for beginners. Then, when you are more comfortable with Kali Linux and have the basics down, move on to the rest on this list.
Create a new Udemy account for each course to get the discounts, otherwise if you use an existing account you’ll end up paying full price.
You cannot use any of the following on the exam: