Skip links

Video Tutorials

The Rise of AI Driven Cyberattacks and Strategies for Mitigation

The Rise of AI Driven Cyberattacks and Strategies for Mitigation – Free Training Course 2024

Artificial Intelligence and its impact on Cybersecurity. We’ll uncover AI’s potential to both revolutionize our cybersecurity defenses but also the associated risks it introduces. By the end, you’ll have a clearer grasp of how to harness AI’s power while mitigating its dangers.

AI is a broad field that covers a range of technologies, from machine learning to natural language processing. AI systems can analyze large amounts of data and make decisions based on that data. They can also learn from their mistakes and improve over time.

Sosyal Mühendislik ve Siber Güvenlik Stratejileri

Sosyal Mühendislik ve Siber Güvenlik Stratejileri

Sosyal Mühendislik ve Siber Güvenlik Stratejileri 2024’ü cok guzel bir etkinlik ve sunum ile bitirdik izlemek icin 🙂 Sosyal mühendislik nedir ? Sosyal mühendislik, psikolojik manipülasyon kullanarak kullanıcıları güvenlik hataları yapmaları veya hassas bilgileri vermeleri için kandırmak için kullanılan bir terimdir. Saldırganlar, güven, stres ve açgözlülük gibi doğal duyguları kullanarak dikkatinizi dağıtmak ve sağlıklı düşünmenizi […]

Holistic Cybersecurity Strategy

Holistic Cybersecurity Strategy : Free VIDE0

Holistic Cybersecurity Strategy : Free Video Here is the recording from the webinar which was deleivered by EC Cuncil and EC Council University Holistic Cybersecurity Strategy : Integrating Pen Testing and Forensics for CISOs’ Decision-Making As threat landscapes evolve, holistic security strategies are essential for modern organizations to protect their data and business. At the core of […]

Hacking Trends 2023

Cybersecurity Predictions for 2023 : free video tutorial

Cybersecurity Predictions for 2023

The world of cybersecurity is rapidly changing, and it’s important for the industry to accurately forecast the trends of the future in order to stay ahead of evolving threats in the new year. Predicting the future might seem hard and inaccurate but not Cybersecurity. Grab your drink and watch this session to have a more secure year 🙂

Cybersecurity Predictions for 2023 based on Hacking Trends of 2022 …

Hacking Trends of 2022

So, what happened last year, in summary :

  • Cyber Attack on Australia’s largest telco’s Telstra, Optus (and even TPG – Vodaphone) 

Australia telecoms giant Optus said current and former customer data was accessed following a cyberattack on its systems. The telco giants have confirmed the attacks, about 1.2 million Optus customers were compromised.  The breach affected 10 million customers, equivalent to around 40% of Australia’s population, attracted harsh criticism from the government.

The other giant Telstra were also “breached” and more then 30.000 employee details has been shared in a Hacking Forum 🙁 You can read more about it here

  • NewsCorp hit with cyberattack, allegedly from China

NewsCorp confirmed that their data was taken by a foreign government. Mandient is alleging China is involved.  Read more about this incident here 

  • Cash App data breach

More than 8 million users of the mobile payment application CashApp have been impacted by a data breach, according to a filing through the U.S. Securities and Exchange Commission by parent company Block Inc. Based on the filling those details has been breached : full names and brokerage account numbers as well as stock activity on Cash App .

  • Binance , bitcoin stolen in ‘large scale’ hack

Cryptocurrency exchange Binance has confirmed a “large scale” data breach, In a statement, the company said hackers stole API keys, two-factor codes and other information in the attack.

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”

“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said. You can read the statement here 

  • PressReader Suffers Cyber-Attack

World’s largest digital newspaper and magazine distributor Pressreader were a victim of a cyber breach too. Here is a summary of their statement

“Our security teams have now classified this as a cyber security incident. This situation comes as companies across North America have seen an increase in security incidents over the past several weeks.” You can read the full statement here 

  • Samsung confirms data breach, personal customer data stolen

Samsung has confirmed it suffered a data breach which led to the personal information of customers being leaked online, In a blog post. Samsung shared that added that an “unauthorized third party” had acquired information from some of Samsung’s US systems, including names, contact information, dates of birth and product registration details. However, no credit card numbers, or social security numbers were breached. You can read the full blog post here 

  • Uber CISO has been arrested over failure of disclose a cyber breach

Uber’s former security chief has been found guilty of not disclosing a data breach at the ridesharing giant, in what is believed to be the first time a company executive has been charged over a hack. Joe Sullivan, the former security lead at Uber, guilty on two counts in relation to the covering up of a breach of customer data in 2016.

  • US govt: Iranian hackers breached federal agency using Log4Shell exploit

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability. Read the details in Bleeping Computer’s web site 

  • The North Face Credential Stuffing Attack Compromises 200,000 Accounts

The North Face suffered a credential stuffing attack that compromised over 194,905 accounts. The North Face sent out data breach notification letters and initiated password resets for impacted accounts, according to Bleeping Computer. You can read the details here 

  • Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies’ Data Leak

“This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services,” Microsoft it in this alert.

  • Cisco Hacked: Ransomware Gang Claims It Has 2.8GB Of Data

Cisco confirms hacking as Yanluowang ransomware group publishes a partial list of files it claims to have exfiltrated.

  • Okta Cyber Attack: Another Major Supply Chain Incident

On March 21st, 2022, the digital extortion group Lapsus$ claimed it had gained access to an administrative account for Okta, the identity management platform. According to Okta, thousands of organizations worldwide use its identity management platform to manage employee access to applications or devices. A breach of Okta’s systems represents a significant risk to Okta’s customers and the broader supply chain.

  • What is Spring4Shell?

Spring4Shell is a vulnerability in VMWare’s Spring Core Java framework – an open-source platform for developing Java applications. Spring is a highly-popular framework with 60% of Java developers depending on it for the production of their applications. Because of the framework’s dominance in the Java ecosystem, many applications could potentially be impacted by the Spring4Shell zero-day. In comparison, the Log4J framework is used by almost all Java-based web apps and cloud services, so though Spring4Shell is categorized as a critical vulnerability, it’s still significantly less dangerous than Log4Shell. The Spring4Shell vulnerability is being tracked as CVE-2022-22965.

  • Microsoft Digital Defense Report 2022

“Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure.”. Download the report here

Cyber Attacks Per Minute

  • Password Attacks 34.740
  • IoT Based Attacks 1.902
  • DDoS Attacks 1.095
  • Phishing Attacks 7
  • Malware Treats 18.265
  • Brute Force Authentication Attacks 48.706
  • SQL Injection Attacks 1 per 2 minutes
  • New threat detection 1 per 35 minutes
  • Supply Chain Attacks 1 every 35 minutes
  • Ransomware Attacks 1 Every 195 minutes

Cost of Cybersecurity Per Minute

  • Worldwide economic impact $1,141,553
  • Global cybersecurity spends $ 285,388
  • E-commerce payment fraud loss $38,052
  • Global ransomware damages $38,051
  • Amount lost to cryptocurrency cost $4,566
  • Average cost of breach $8
  • Average cost of a malware attack $5

Cybersecurity Highlights from 2022

  • There have been more than 6.3 billion attack attempts
  • White hat hackers earned over $19 million in bounties
  • You can purchase a consumer account for
  • Hackers create 400,000 new pieces of malware daily
  • $1 on the dark market
  • Phishing attacks make up over 80% of reported security activities.
  • Russian hackers can infiltrate a computer network in 18 minutes.
  • More than 6,000 online criminal marketplaces sell ransomware products and services.

Predictions for 2023

  • Web Application and API Attacks will rise
  • Ransomware business models will continue to evolve
  • Misconfiguration attacks will not go away
  • Supply Chain attacks will be increased
  • Data privacy laws are getting more strict
  • Cloud Attacks will not decrease
  • Social Engineering is also not going anywhere
  • APIs will cause Unforeseen Breaches
  • Hackers will find a way to breach MFA
  • Firmware attacks will be even more popular

Summary of Cyber Recommendations for 2023 

  • Adopt Assume Breach mentality
  • Implement Defense in Depth
  • Adopt Zero Trust
  • Utilize AI
  • Build a better Cyber Reslince Program
  • Think like a hacker
  • DevSecOps will become business-critical
  • Use EDR where possible if not use Open EDR
  • Invest in Cyber Threat Intelligence
  • Adopt a Vulnerability management which is risk-based
  • Invest in Security Awareness Training

Continue reading Cybersecurity Predictions for 2023 : free video tutorial

Sosyal Mühendislik Ayaküstü Sohbetler

Sosyal Mühendislik Ayaküstü Sohbetler

Sosyal Mühendislik Ayaküstü Sohbetler

This post will be in Turkish about our new “Social Engineering ” book 🙂

Türkiye Siber Güvenlik Kümelenmesi olarak bu yıl üçüncüsü düzenlen Siber Güvenlik Haftasında Sosyal Mühendislik kitabımiz ve DIFOSE hakkinda sohbet ettik, begenmeniz dileklerimizle.

Sosyal Mühendislik

Sosyal Mühendislik İnternet ve Telefon Dolandırıcılığı

Meslekleri, görevleri ve eğitimleri gereği siber güvenlik, siber saldırı ve karşı tedbirleri konularında uzman olan 3 yazarın kaleme aldığı bu eser, yazarların daha önce karşılaştıkları sorunların çözümlerinden, kendilerine gelen sorulardan ve mesleki tecrübelerinden oluşmaktadır.
Gelişen teknoloji, yaygınlaşan internet kullanımı ve haberleşme yöntemleri ile kişiler hakkında bilgi edinmek ve bu bilgileri kötüye kullanmak artık çok daha kolay bir hale gelmiştir.
Kitapta, teknolojinin sağladığı imkânları kullanarak insanları kandırmak suretiyle özel veya gizli bir bilgi, para veya başka değerli metaları haksız yere elde edenler, sosyal mühendisler ve kullandıkları teknik, taktik ve yöntemler bütün yönleriyle ele alınmıştır.
Bu kapsamda, sosyal mühendislik kavramı içerisinde yer alan tanımlamalar ve sınıflandırmalar yaşanmış örneklerle açıklanarak genel resim ortaya konulmuş, ardından bu tuzaklara düşmemizin arkasında yatan psikolojik hususlar, duygusal zekâ, beden dili ve feraset ilmi anlatılmıştır.
Kavramsal bilgilendirmeyi tamamladıktan sonra, kendimizi dolandırıcının yerine koyarak bir sosyal mühendislik saldırısı incelemeci ve öğretici bir yaklaşımla ele alınmış, açık kaynak istihbarat toplama yöntemleri, saldırıda kullanılacak bilgisayar ve diğer araçların hazırlanması, internet üzerinde bıraktığımız izler, dark net dahil internetin tüm katmanları açıklanmış ve son aşamada örnek iki sosyal mühendislik saldırı adım adım anlatılmıştır.
Bilişim teknolojisinin kullanıldığı dolandırıcılık yöntemi olan “Sosyal Mühendislik” konusu Türkiye’de ilk defa bu derecede, “geniş, detaylı ve örnekli” olarak, konun uzmanları tarafından bu kitapta anlatılmıştır.

Sosyal Mühendislik İnternet ve Telefon Dolandırıcılığı
Sosyal Mühendislik İnternet ve Telefon Dolandırıcılığı

Kitabın Konu Başlıkları

  • Sosyal Mühendisliğe Giriş
  • Sosyal Mühendislik Saldırısı Aşamaları
  • Bilgisayar Temelli Sosyal Mühendislik Saldırıları
  • Telefon Temelli Sosyal Mühendislik Saldırıları
  • İnsan Temelli Sosyal Mühendislik Saldırıları
  • İnternet – Sosyal Medya Temelli Sosyal Mühendislik Saldırıları
  • Sosyal Mühendisliğin Psikolojik Boyutu
  • İkna, Etkileme ve Hedef Seçimi
  • Saldırı Hazırlığı ve Sosyal Mühendislik Araçları
  • Açık Kaynak İstihbaratı
  • İnternet Katmanları
  • Tor (The Onion Router)
  • Dark Web Erişimi
  • Bilgi Toplama ve Saldırı
  • Teknik Bilgi Toplama Yöntemleri
  • Teknik Olmayan Bilgi Toplama Yöntemleri
  • Sosyal Mühendislik Saldırısı Örnekleri

Satin Almak icin :

Seckin Yayin evi , Sosyal Mühendislik
Index Kitap Sosyal Mühendislik
Pelikan Kitabevi Sosyal Mühendislik
Kitab hakkinda daha cok bilgi icin , link

Continue reading Sosyal Mühendislik Ayaküstü Sohbetler

OpenEDR Fundamentals

Free EDR Certification Training

Free EDR Certification Training

Endpoint detection and response or EDR solution is an endpoint security solution that monitors end-user devices to detect and respond to cyber threats, it also records and stores endpoint-system-level behaviors (logs), uses various data analytics techniques to block malicious activities and provides remediation suggestions to restore affected systems to a clean state.

EDR is essential in securing end points, but unfortunately, it’s not cheap. So, what if I tell you that EDR is now free via OpenEDR via Open-Source community.

And I am proud to announce that I have teamed up with Valentine Sirghie to create a Free Open EDR training, and certification which will award you with a Certificate.

What will you learn?

OpenEDR Fundamentals training course has 5 modules and a final exam, and the Duration is 1 hour 29 minutes

Module 0 – Welcome to OpenEDR Fundamentals Training

Module 1 – Cyber Landscape

Module 2 – EDR Fundamentals

Module 3 – Introduction to OpenEDR

Module 4 – Account Creation and Agent

Certification Exam

We’ve worked together with the OpenEDR community to bring you a world-class learning experience. At the end of the course, please complete an evaluation of today’s experience. We value your feedback! Please contact us with any additional requests for additional training or exam keys.After completing the course, you will be able to answer the below questions:

What is the current Cybersecurity landscape? What is EDR vs antivirus? The difference between Open Source EDR and Full EDR and much more…

How to complete certificate curriculum?

To acquire the OpenEDR certificate, please complete the following steps:

  1. Log into Xcitium Academy and access the OpenEDR Fundamentals Training curriculum
  2. If you do not have an Xcitium Academy account, click on create new account and enter your information
  3. Complete each of the five (5) courses in the OpenEDR Fundamentals Training curriculum and successfully complete each exam in the individual courses
  4. Once all course exams have been completed, successfully complete the OpenEDR certificate exam at the end of the curriculum
  5. To access your new certificate, go to Training & My Achievements in the academy and click on the OpenEDR Fundamentals Training completion. This will open up a PDF copy of your certificate for printing.

OpenEDR is an Open-Source initiative started by Xcitium

We at Xcitium believe in creating an open-source cybersecurity platform where products and services can be provisioned and managed together. EDR is our starting point. Open EDR is a full blown EDR capability. It is one of the most sophisticated, effective EDR code base in the world and with the community’s help it will become even better. The Open EDR consists of the following components:

  • Core Library: the basic framework.
  • Service: service application.
  • Process Monitoring: components for per-process monitoring.
  • System Monitor: the genetic container for different kernel-mode components.
  • File-System Mini-Filter: the kernel component that hooks I/O requests file system.
  • Network Monitor: monitors processes creation/deletion using system callbacks
  • Low-Level Registry Monitoring Component: monitors registry access using system callbacks
  • Self-Protection Provider: prevents EDR components and configuration from unauthorized changes
  • Low-Level Process Monitoring Component: network filter for monitoring the network activity

Join the Open EDR Community

Enroll to the online forums via visiting

Have questions about our Open EDR open-source code? Join our open community! The community allows members to ask and respond to questions, interact with other users, and review topics related to Open EDR.

Continue reading Free EDR Certification Training

The Art of Breach Detection

Learn The Art of Breach Detection – Free Video 4

Learn The Art of Breach Detection

Do you want to learn the key secrets of Breach Detection? Then this free video is right for you:


Hackers will never stop their attack attempts, and organizations must be aware they could be breached any second! So, tune into this presentation to discover:
• How to best prepare against those attacks?
• What tools to leverage?
• How can your security team detect even the latest, more sophisticated foes and, most importantly, how can you respond to their attacks?

Join Dr. Erdal, corporate CISO at Comodo and president of the Global CISO Forum, to learn how you can master your breach detection learning from real-life examples.

Continue reading Learn The Art of Breach Detection – Free Video 4

Why Dynamic Businesses Should Embrace Digital Transformation

Embrace Digital Transformation – Free Webinar Recording -22

Embrace Digital Transformation Why Dynamic Businesses Should Embrace Digital Transformation There is no “one-size-fits-all” transformation manual when it comes to changing the way we do business, and never will be. In this dynamically changing environment, hybrid multicloud architectures offer flexibility and scalability, and an answer to the challenges faced by evolving IT infrastructures in companies […]