Reference

Reference (8)

Reference guides and links to cheat sheets for common commands or code in standard languages.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, financial information, (including but not limited to credit card and banking information), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication, however as an extension there can be communication via telephone to add legitimacy to the transaction.

The following tips are intended to assist in the prevent of malicious emails

  • Put an anti-spoof filter on the MTA, this means nobody from the outside can spoof an organizations domain
  • Put a flag in the subject line to identify external e-mails, user can optionally create an outlook filter or rule to color code it , example [EXTERNAL] or [Ext]
  • Phish your employees to test employees understanding of phishing risks
  • Have security awareness training and campaigns
  • Block IPs and domains that are used for phishing
  • Block Dynamic DNS
  • Use Proofpoint MTA & TAP product to rewire all external url’s
  • Secure communications: implement SPF, DKIM, TLS, DMARC protocols to the fullest extent possible
  • Manage executive social media accounts
  • Securely configure executive social media accounts
  • Implement social media policies and guidelines
  • Enable multi-step or multi-factor guidelines

 

 

 

Monday, 04 April 2016 21:43 Written by in Reference

The Phishing Task Force Research Sub Group is currently involved in providing comments to several Cybersecurity related NIST Special Publications. One area we will be continuously focused on is any content in the NCCOE Energy Sector: https://nccoe.nist.gov/projects/use_cases/energy_sector. This page hosts documents we are currently reviewing. Our feedback may or may not be aligned to open feedback loops due to our relationship with NIST.

 

If you would like to participate our coordinated efforts to provide feedback to NIST, please contact: the PTF Research team at This email address is being protected from spambots. You need JavaScript enabled to view it. for additional information.

 

Identity and Access Management (IdAM)

Situational Awareness

  • Mechanisms to capture, transmit, analyze, and store real-time and near-real-time data across energy companies’ networked systems.
  • Find out more about this project.

 

 

Saturday, 14 November 2015 21:58 Written by in Reference

SANS QUICK Reference TCP/IP and tcpdump - http://www.sans.org/security-resources/tcpip.pdf

Sunday, 16 August 2015 11:42 Written by in Reference

This is more a community than a tool. Think of it as a human toolbox. Specifically, it's the home of the largest collection of information about security in the Python programming language.

OWASP says of the effort, "Our mission is to make Python the most secure programming language in the world, ensure hackers never break a Python-based application, and make security breaches a thing of the past."

The site is organized into two sections:

--Security topics and how they relate to Python as a whole

--The security of specific software such as frameworks and template engines

Sunday, 16 August 2015 11:21 Written by in Reference
Sunday, 16 August 2015 11:19 Written by in Reference

Unix / Linux Command Cheatsheet

Sunday, 28 June 2015 21:38 Written by in Reference

Cheatsheet to Intel Assembly Code

Friday, 26 June 2015 12:42 Written by in Reference

A new security risk assessment (SRA) tool to help guide health care providers in small to medium sized offices conduct risk assessments of their organizations is now available from HHS.

The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Friday, 26 June 2015 12:18 Written by in Reference

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.