CYBER ARMS – Computer Security – Cybersecurity News and Business Computer Tips

“Mastering Command & Control” Author’s Book Review

My newest book, “Mastering Command & Control – Exploring C2 Frameworks with Kali Linux” is out!

In the ever-evolving landscape of cybersecurity, proficiency in Command and Control (C2) frameworks is not just advantageous – it’s essential. Introducing “Mastering Command & Control,” a comprehensive guide created for security students and professionals looking to increase their knowledge of C2 platforms.

Dive deep into the world of red teaming and penetration testing as you embark on a journey through the industry’s most potent C2 frameworks. From Sliver and Empire to the depths of the renowned Metasploit framework, and more, this book is your path to mastery!

C2’s Covered:

Villain
Havoc C2
Sliver
Empire & StarKiller
Covenant
Silent Tritiny
PoshC2
Metasploit
With an overview of Merlin, Mythic, Cobalt Strike and Caldera!

You’ll navigate the installation and utilization of each framework, learning quickly with hands on tutorials utilizing the Kali Linux platform. Gain invaluable insights into obtaining remote shells, executing commands on target systems, and exploring similar modules on each framework. With a focus on practicality, each chapter equips you with the skills and knowledge needed to navigate the complex terrain of command and control with confidence.

Whether you’re a novice seeking to lay a solid foundation or a seasoned practitioner aiming to broaden your expertise, “Mastering Command & Control” is your definitive companion.

I wrote this guide as so many students were struggling with learning C2s. Also, many professionals in the field were looking for something to get them up to speed quick on C2 platforms. Thus, this book was born. I try to use similar commands, modules and techniques across each one. That way the reader can gain familiarity rapidly with each. Using the step by step, learn by doing process that my readers have enjoyed for years.

C2 platforms are so critical and more so now with the huge explosion of Artificial Intelligence. Though the current C2’s aren’t dependent on AI, they soon will be. Make no doubt about it, C2s and AI ARE the future of security. The more you are familiar with them, know how to use them, the better prepared you will be for the future!

“Mastering Command and Control – Exploring C2 Frameworks with Kali Linux”, available now on Amazon.com!

The Threats of AI in CyberSecurity

In AI the great threat to security that everyone thinks? Let’s find out …

I’ve been watching AI in Security develop over the years and have been a supporter since the very beginning, telling all – AI is the future of security, because, it is. But is it the big scary threat that many think?

In the foreseeable future, the handover of cyber defense to AI seems inevitable. We stand on the precipice of a digital battleground where Offensive AI will engage Defensive AI at speeds surpassing human capability. This reality is not a mere fantasy; it’s actively under development and testing. Nations lacking in this technological prowess risk swift obsolescence in the face of emerging threats.

Yet, amidst this potential upheaval, concerns linger regarding the impact of publicly available Generative AI, exemplified by platforms like ChatGPT. While they hold promise in code generation, their security implications are nuanced. Yes, they may aid in crafting attack vectors, but their output often necessitates human intervention due to inaccuracies or inadequacies.

At this point, they are not as big a security threat that is commonly thought. Will they help generate code and be used in phishing attacks and other similar attacks, yes! But ask any coder or security professional that has actually used it, they will tell you that frequently it is wrong or creates code that needs modification.

AI engines like ChatGPT aren’t fail proof. For example, I was using it to generate some attack code for a project and it literally came out and told me that I couldn’t use PowerShell in that certain type of attack. I had to tell it, “Yes I can”, because I have done it many times. ChatGPT literally came back with an apology, that I was correct and offered the code I needed.

Two things from this should be concerning – first, ChatGPT was wrong and after being corrected, admitted it was wrong. Secondly, it was helping me generate attack code!

Think of those that are trying to use Generative AI, like ChatGPT to create code for critical systems. It frequently needs to be corrected or modified. AI isn’t the know all magic genie that many think it is. What if the human programmers don’t check or edit the code? That thought is very concerning.

Yes, there are safety measures put into place that will try to stop people from using ChatGPT from generating malware. But there are ways around it, and no, I will not tell you how to do it. But know, the code I used for my latest project – using LoRa for creating a long-range Raspberry Pi (up to 20km over RF!) hacking device was 100% coded by ChatGPT. With much editing, of course, because it didn’t work the first try – see the previous point.

Is AI the future of cybersecurity, oh, absolutely. It already does many things very well. Check out the deepfake videos and its audio capabilities. I attended a government conference on AI and they demonstrated using an AI to impersonate a corporate executive and call the company help desk for a password reset. It was unreal, it was so believable, and, it worked.

It will revolutionize everything from Red Team operations to military drones, and will take away many people’s jobs. For example, programmers – ChatGPT can generate code and convert it to multiple languages faster than any human being.

But is AI going to end the world today? No, just ask it to generate 3D art…

It tried,

Again, and again.

And AGAIN!

After telling it that it has a bug, it finally admitted it can’t do it.

Is it impressive? Oh yes, AI is and will change everything. It will touch every area of our lives. Make no doubt about it, AI is the future of CyberSecurity.

Is this Skynet? Will it take over the world and make all humans into slaves. Absolutely not.

Not, yet…

Stay tuned!

Security Testing with Raspberry Pi – Training Class

My New Video Training Class Is LIVE!

“Security Testing with Raspberry Pi – Weaponizing the Pi” is now on Udemy! I have been working on converting my books to video training classes and my first class is done!

Based on my, “Security Testing with Raspberry Pi, Second Edition” book, the video class covers many of the same topics and some new. The book has been very popular over the years and used for training by multiple branches of the military and the Special Forces.

My video training covers:

Installing Kali Linux on a Pi
Basic Network Scanning
webApp Security Scanning
Wireless Scanning and Attacks
Intelligent Ducky Script attacks with P4wnP1 ALOA
Using the Pi for Command and Control – Starkiller Empire and PoshC2
SDR with Dragon OS
Building a Custom attack Platform with PiOS or Ubuntu
Future uses of Pi, and much more!

Though a separate class, it goes along very well with the book and covers several of the same topics.

Looking to take your security skills to the next level? Check it out on Udemy!

NEW BOOK: “Password Cracking with Kali Linux”

My #1 New Release, “Password Cracking with Kali Linux” is out! The latest addition to my Security Testing with Kali Linux series is here!

Unlock the secrets of Windows password security with “Password Cracking with Kali Linux,” your ultimate guide to password cracking using Kali Linux. This book provides a comprehensive introduction to the fundamentals of Windows security, offering readers an in-depth exploration of tools, techniques, and strategies for password cracking.

From understanding the basics of Windows security to creating powerful wordlists for cracking tools, this book is a must-have for both novice and experienced cybersecurity enthusiasts. Learn the art of password cracking as you explore the tools, tactics, and techniques used by both security professionals and real-world attackers. This learn by doing book will help you gain hands-on experience in cracking Windows and Linux passwords using Kali Linux.

The latest in my, “Security Testing with Kali Linux” series, this book focuses solely on cracking password hashes, a critical skill for all Red Team members, Offensive Security Professionals, Pentesters, and Security Enthusiasts. It is a complete collection of all my writings on Password Cracking, taken from my books and articles, modified with additional new information and tools, and formed into a beginning to end book on password cracking.

Key Features:

Fundamental Windows Security Insights: Gain a solid understanding of Windows security protocols, providing a foundation for effective ethical hacking.
Tool and Technique Exploration: Dive into the world of ethical hacking tools and techniques, exploring Kali Linux’s powerful arsenal to crack Windows passwords.
Wordlist Creation Mastery: Master the art of crafting custom wordlists, a crucial skill for optimizing password-cracking success.
Linux Password Cracking: Extend your knowledge beyond Windows and explore the techniques used to crack Linux passwords, adding versatility to your ethical hacking toolkit.
Defense Strategies: Equip yourself with the knowledge to defend against password attacks. Learn essential cybersecurity practices to secure Windows systems effectively.

Whether you’re a cybersecurity enthusiast, IT professional, or aspiring ethical hacker, “Password Cracking with Kali Linux” empowers you to navigate the complex world of password cracking responsibly and ethically. Take your skills to the next level and become a proficient defender against cyber threats with this comprehensive guide.

Check it out on Amazon.com!

Check out the other books in the series!