{"id":162,"date":"2019-12-05T12:46:37","date_gmt":"2019-12-05T12:46:37","guid":{"rendered":"http:\/\/www.cybermosaic.co.uk\/?p=162"},"modified":"2020-12-29T19:36:08","modified_gmt":"2020-12-29T19:36:08","slug":"iso-standards","status":"publish","type":"post","link":"https:\/\/www.cybermosaic.co.uk\/?p=162","title":{"rendered":"CCSP Boot Camp Capture"},"content":{"rendered":"\n<p>Here&#8217;s some of the cool stuff I captured on a CCSP boot camp in December 2019.<\/p>\n\n\n\n<p><strong>First up is a list of books, websites, and videos recommended by our instructor:<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Art of Profiling: Reading People Right the First Time Hardcover \u2013 1 Jul 2012<\/h3>\n\n\n\n<p>by Dan Korem<\/p>\n\n\n\n<p>A recommendation for red teaming. The book details a system for rapid-fire profiling people after just a few minutes of interaction. Used by USAF for gaining confidence and entry to site etc.<\/p>\n\n\n\n<figure class=\"wp-block-embed-amazon-kindle wp-block-embed is-type-rich is-provider-amazon\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"The Art of Profiling: Reading People Right the First Time\" type=\"text\/html\" width=\"840\" height=\"550\" frameborder=\"0\" allowfullscreen style=\"max-width:100%\" src=\"https:\/\/read.amazon.co.uk\/kp\/card?preview=inline&#038;linkCode=kpd&#038;ref_=k4w_oembed_BSe7qX82ahhB2B&#038;asin=0963910396&#038;tag=kpembed-20\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">CSA Security Trust Assurance and Risk (STAR)<\/h3>\n\n\n\n<p>A site to find out about major cloud service providors audits and assurance. The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.<\/p>\n\n\n\n<p><a href=\"https:\/\/cloudsecurityalliance.org\/star\/\">https:\/\/cloudsecurityalliance.org\/star\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Consensus Assessments Initiative Questionnaire v3.0.1<\/h3>\n\n\n\n<p>The \u201ccake\u201d is the defacto standard supplier assessment questionnaire.&nbsp;<\/p>\n\n\n\n<p>The CAIQ is based upon the CCM and provides a set of questions to ask a CSP:&nbsp;<a href=\"https:\/\/cloudsecurityalliance.org\/artifacts\/consensus-assessments-initiative-questionnaire-v3-0-1\/\">https:\/\/cloudsecurityalliance.org\/artifacts\/consensus-assessments-initiative-questionnaire-v3-0-1\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cloud Security Alliance \u2013 Privacy Level Agreement<\/h3>\n\n\n\n<p><a href=\"https:\/\/cloudsecurityalliance.org\/research\/working-groups\/privacy-level-agreement\/\">https:\/\/cloudsecurityalliance.org\/research\/working-groups\/privacy-level-agreement\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">STIGS<\/h3>\n\n\n\n<p>Useful security configuration guides from the Defense Information Systems Agency (DISA) called the Security Technical Implementation Guides (STIGs). 500+ guides covering all platforms and systems.<\/p>\n\n\n\n<p><a href=\"https:\/\/public.cyber.mil\/stigs\/downloads\/\">https:\/\/public.cyber.mil\/stigs\/downloads\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">OODA Loop&nbsp;<\/h3>\n\n\n\n<p>Like the Plan \/ Do \/ Check \/ Act (PDCA) cycle the OODA Loop was a military interpretation of the Demming model used by the USAF&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/OODA_loop\">https:\/\/en.wikipedia.org\/wiki\/OODA_loop<\/a><\/p>\n\n\n\n<p>Can be applied in a cyber context.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Scientists Extract RSA Key from GnuPG Using Sound of CPU<\/h3>\n\n\n\n<p>Keys can now be extracted from hardware \/ chips using microphones:<\/p>\n\n\n\n<p>\u201cIn their research paper titled RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, Daniel Genkin, Adi Shamir and Eran Tromer et al. present a method for extracting decryption keys from the GnuPG security suite using an interesting side-channel attack. By analysing the acoustic sound made by the CPU they were able to extract a 4096-bit RSA key in about an hour (PDF). A modern mobile phone placed next to the computer is sufficient to carry out the attack, but up to four meters have been successfully tested using specially designed microphones.\u201d<\/p>\n\n\n\n<p><a href=\"https:\/\/it.slashdot.org\/story\/13\/12\/18\/2122226\/scientists-extract-rsa-key-from-gnupg-using-sound-of-cpu\">https:\/\/it.slashdot.org\/story\/13\/12\/18\/2122226\/scientists-extract-rsa-key-from-gnupg-using-sound-of-cpu<\/a><\/p>\n\n\n\n<p>RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis<\/p>\n\n\n\n<p><a href=\"http:\/\/www.cs.tau.ac.il\/~tromer\/acoustic\/\">http:\/\/www.cs.tau.ac.il\/~tromer\/acoustic\/<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tau.ac.il\/~tromer\/papers\/acoustic-20131218.pdf\">https:\/\/www.tau.ac.il\/~tromer\/papers\/acoustic-20131218.pdf<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Data Protection in Outer Space<\/h3>\n\n\n\n<p>Following a discussion about cloud hosting in the ocean, the discussion turned to what happens about data protection and privacy in space. It turns out its already been thought about:<\/p>\n\n\n\n<p><a href=\"https:\/\/www2.deloitte.com\/nl\/nl\/pages\/risk\/articles\/privacy-in-space.html\">https:\/\/www2.deloitte.com\/nl\/nl\/pages\/risk\/articles\/privacy-in-space.html<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/iclg.com\/practice-areas\/data-protection-laws-and-regulations\/2-the-application-of-data-protection-laws-in-outer-space\">https:\/\/iclg.com\/practice-areas\/data-protection-laws-and-regulations\/2-the-application-of-data-protection-laws-in-outer-space<\/a><\/p>\n\n\n\n<p>There has already been a cyber crime in space!<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-the-new-york-times\"><div class=\"wp-block-embed__wrapper\">\n<iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"NASA Astronaut Anne McClain Accused by Spouse of Crime in Space\" src=\"https:\/\/www.nytimes.com\/svc\/oembed\/html\/?url=https%3A%2F%2Fwww.nytimes.com%2F2019%2F08%2F23%2Fus%2Fastronaut-space-investigation.html#?secret=b0OgaUCG5F\" data-secret=\"b0OgaUCG5F\" scrolling=\"no\" frameborder=\"0\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Common Criteria<\/h3>\n\n\n\n<p>Common Criteria (CC) is an internationally recognised certification scheme for security enforcing products:<\/p>\n\n\n\n<p><a href=\"https:\/\/www.commoncriteriaportal.org\/products\/\">https:\/\/www.commoncriteriaportal.org\/products\/<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.ncsc.gov.uk\/information\/common-criteria-0\">https:\/\/www.ncsc.gov.uk\/information\/common-criteria-0<\/a><\/p>\n\n\n\n<p>This is the source of the evaluations that give the EAL ratings (which rarely exceed 4 in civilian applications).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Public Key Exchange Videos<\/h3>\n\n\n\n<p>Public key cryptography &#8211; Diffie-Hellman Key Exchange (full version)<\/p>\n\n\n\n<p>The history behind public key cryptography &amp; the Diffie-Hellman key exchange algorithm.<\/p>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Public key cryptography - Diffie-Hellman Key Exchange (full version)\" width=\"840\" height=\"630\" src=\"https:\/\/www.youtube.com\/embed\/YEBfamv-_do?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>From Art of the Problem<\/p>\n\n\n\n<p>Also (not shown on the course)<\/p>\n\n\n\n<p>Public Key Cryptography: RSA Encryption Algorithm<\/p>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Public Key Cryptography: RSA Encryption Algorithm\" width=\"840\" height=\"630\" src=\"https:\/\/www.youtube.com\/embed\/wXB-V_Keiu8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Distrusted Certificate Authority<\/h3>\n\n\n\n<p>Symantec\u2019s SSL \/ Certificate Authority \/ PKI business was sold to Digicert following Googles decision to not trust Symantec certs in Chrome:<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/DigiCert\">https:\/\/en.wikipedia.org\/wiki\/DigiCert<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">OWASP Top Ten Proactive Controls Project:<\/h3>\n\n\n\n<p>The Top 10 Proactive Controls<\/p>\n\n\n\n<p>The goal of the OWASP Top 10 Proactive Controls project (OPC) is to raise awareness about application security by describing the most important areas of concern that software developers must be aware of.&nbsp;<\/p>\n\n\n\n<p>The list is ordered by importance with list item number 1 being the most important:<\/p>\n\n\n\n<p>C1: Define Security Requirements<\/p>\n\n\n\n<p>C2: Leverage Security Frameworks and Libraries<\/p>\n\n\n\n<p>C3: Secure Database Access<\/p>\n\n\n\n<p>C4: Encode and Escape Data<\/p>\n\n\n\n<p>C5: Validate All Inputs<\/p>\n\n\n\n<p>C6: Implement Digital Identity<\/p>\n\n\n\n<p>C7: Enforce Access Controls<\/p>\n\n\n\n<p>C8: Protect Data Everywhere<\/p>\n\n\n\n<p>C9: Implement Security Logging and Monitoring<\/p>\n\n\n\n<p>C10: Handle All Errors and Exceptions<\/p>\n\n\n\n<p><a href=\"https:\/\/www.owasp.org\/images\/b\/bc\/OWASP_Top_10_Proactive_Controls_V3.pdf\">https:\/\/www.owasp.org\/images\/b\/bc\/OWASP_Top_10_Proactive_Controls_V3.pdf<\/a><\/p>\n\n\n\n<p>Also of use is the OWASP The Ten Most Critical Web Application Security Risks<\/p>\n\n\n\n<p><a href=\"https:\/\/www.owasp.org\/images\/7\/72\/OWASP_Top_10-2017_%28en%29.pdf.pdf\">https:\/\/www.owasp.org\/images\/7\/72\/OWASP_Top_10-2017_%28en%29.pdf.pdf<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Fallacy of the &#8220;Zero-Trust Network&#8221; Video&nbsp;<\/h3>\n\n\n\n<p>Funny and usual vitriolic content about de-perimeterisation. Basically the Jerico foundation anger brought up to date for the cloud and zero trust age:<\/p>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"The Fallacy of the &quot;Zero-Trust Network&quot;\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/tFrbt9s4Fns?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Some useful content.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Privacy-first &#8211; DNS service<\/h3>\n\n\n\n<p>The 1.1.1.1 is a free Domain Name System (DNS) service that is supposed to protect privacy. There is also a mobile app. Run by cloudflare.<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/1.1.1.1\">https:\/\/en.wikipedia.org\/wiki\/1.1.1.1<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Chaos Engineering<\/h3>\n\n\n\n<p>Netflix have developed resilience testing tools that initiate process kills, network failurse and other issues that test resiliency of services:<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Chaos_engineering\">https:\/\/en.wikipedia.org\/wiki\/Chaos_engineering<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Network and Security Monitoring<\/h3>\n\n\n\n<p>Zeek is the new name for the long-established Bro system. Bro was used by the instructors business to monitor multiple businesses along with Zabbix.<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-zeek\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"vS7xEyD3Mf\"><a href=\"https:\/\/zeek.org\/\">Home<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Home&#8221; &#8212; Zeek\" src=\"https:\/\/zeek.org\/embed\/#?secret=vS7xEyD3Mf\" data-secret=\"vS7xEyD3Mf\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Security Onion<\/p>\n\n\n\n<p>Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!<\/p>\n\n\n\n<p><a href=\"https:\/\/securityonion.net\/\">https:\/\/securityonion.net\/<\/a><\/p>\n\n\n\n<p>Zabbix<\/p>\n\n\n\n<p>Monitor anything with Zabbix. Solutions for any kind of IT infrastructure, services, applications, resources.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.zabbix.com\/\">https:\/\/www.zabbix.com\/<\/a><\/p>\n\n\n\n<p>Kibana<\/p>\n\n\n\n<p>Kibana is an open source data visualization dashboard for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster.<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Kibana\">https:\/\/en.wikipedia.org\/wiki\/Kibana<\/a><\/p>\n\n\n\n<p>Snort NIDS<\/p>\n\n\n\n<p><a href=\"https:\/\/www.snort.org\/\">https:\/\/www.snort.org\/<\/a><\/p>\n\n\n\n<p>Critical Stack<\/p>\n\n\n\n<p>Capital ONE\u2019s secure container orchestration&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/criticalstack.com\/\">https:\/\/criticalstack.com\/<\/a><\/p>\n\n\n\n<p>PSTools<\/p>\n\n\n\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/pstools\">https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/pstools<\/a><\/p>\n\n\n\n<p>Also Mark Russinovich is now CTO of Microsoft Azure&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Mark_Russinovich\">https:\/\/en.wikipedia.org\/wiki\/Mark_Russinovich<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Gray Hat Hacking: The Ethical Hacker&#8217;s Handbook, Fifth Edition<\/h3>\n\n\n\n<p>The group remembered the contribution of Shon Harris and apert from her CISSP book the following book was recommended:<\/p>\n\n\n\n<p>Gray Hat Hacking: The Ethical Hacker\u2019s Handbook, Fifth Edition explains the enemy\u2019s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-try testing labs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Cathedral &amp; the Bazaar<\/h3>\n\n\n\n<p>The book on open source software is by Eric S. Raymond. Interesting point made \u2013 how come with no central leadership can open source be better? Many eyes means less faults.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Daily News Feeds<\/h3>\n\n\n\n<p>Bleeping Computer &#8211; Website<\/p>\n\n\n\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/\">https:\/\/www.bleepingcomputer.com\/<\/a><\/p>\n\n\n\n<p>The 443 &#8211; Security Simplified &#8211; Podcast<\/p>\n\n\n\n<p><a href=\"https:\/\/www.secplicity.org\/category\/the-443\/\">https:\/\/www.secplicity.org\/category\/the-443\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Windows Logging Recommendation<\/h3>\n\n\n\n<p>The best windows logging resource recommended on the internet is Randy\u2019s:<\/p>\n\n\n\n<p><a href=\"https:\/\/www.ultimatewindowssecurity.com\/\">https:\/\/www.ultimatewindowssecurity.com\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SPAM and Scam Beating:<\/h3>\n\n\n\n<p>Comedian James Veitch \/ Veech: The agony of trying to unsubscribe | James Veitch \u2013 TED Talk on Youtube (and other related videos)<\/p>\n\n\n\n<p>Also \u2013 good old:<\/p>\n\n\n\n<p><a href=\"https:\/\/www.419eater.com\/\">https:\/\/www.419eater.com\/<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.419eater.com\/html\/john_boko.htm\">https:\/\/www.419eater.com\/html\/john_boko.htm<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cloud Infrastructure as Code<\/h3>\n\n\n\n<p>Use Infrastructure as Code to provision and manage any cloud, infrastructure, or service with Terraform:<\/p>\n\n\n\n<p><a href=\"https:\/\/www.terraform.io\/\">https:\/\/www.terraform.io\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">General Bits and Pieces<\/h3>\n\n\n\n<p>Blackhat Europe Keynote \u2013 Malwaretech&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Black Hat Europe 2019 Keynote: Blue to Red: Traversing the Spectrum by Amanda Rousseau\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/WhSrLk6vWgQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Bluetooth Vulnerability for Android and IOT<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/BlueBorne_(security_vulnerability)\">https:\/\/en.wikipedia.org\/wiki\/BlueBorne_(security_vulnerability)<\/a><\/p>\n\n\n\n<p>Police using dogs to sniff out thumb drives<\/p>\n\n\n\n<p><a href=\"https:\/\/www.theverge.com\/2018\/6\/11\/17449002\/police-k9-training-thumb-drives\">https:\/\/www.theverge.com\/2018\/6\/11\/17449002\/police-k9-training-thumb-drives<\/a><\/p>\n\n\n\n<p>Insider Threat: US Military example<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/John_Anthony_Walker\">https:\/\/en.wikipedia.org\/wiki\/John_Anthony_Walker<\/a><\/p>\n\n\n\n<p>Google random rewards and recognition<\/p>\n\n\n\n<p>Oracle \/ Sun Micro Systems ZFS file system<\/p>\n\n\n\n<p>George Gilder: Visionary \u2013 Highly Recommended Author by the Instructor<\/p>\n\n\n\n<p>Life after Television (1985) by George Gilder \u2013 for told the way we use the internet today<\/p>\n\n\n\n<p>Life after Google (2018) \u2013 predicts the shift away from current advertising driven model<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Feynman Technique Model<\/h3>\n\n\n\n<p>To memorise things, write them down then say them out loud. More detail at:<\/p>\n\n\n\n<p><a href=\"https:\/\/mattyford.com\/blog\/2014\/1\/23\/the-feynman-technique-model\">https:\/\/mattyford.com\/blog\/2014\/1\/23\/the-feynman-technique-model<\/a><\/p>\n\n\n\n<p>Kali Linux Adds &#8216;Undercover&#8217; Mode to Impersonate Windows 10<\/p>\n\n\n\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/kali-linux-adds-undercover-mode-to-impersonate-windows-10\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/kali-linux-adds-undercover-mode-to-impersonate-windows-10\/<\/a><\/p>\n\n\n\n<p>Agile Manifesto<\/p>\n\n\n\n<p>Bill Gates \u2013 \u201cThe source code is the documentation\u201d<\/p>\n\n\n\n<p>Exploits of a Mom \u2013 XKCD<\/p>\n\n\n\n<p>Innovators Dilemma \u2013 Book<\/p>\n\n\n\n<p>Carbon Black \u2013 VM Ware tools<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ISO References<\/h3>\n\n\n\n<p>27001<\/p>\n\n\n\n<p>27002<\/p>\n\n\n\n<p>27017<\/p>\n\n\n\n<p>27018<\/p>\n\n\n\n<p>27050<\/p>\n\n\n\n<p>27037<\/p>\n\n\n\n<p>31000<\/p>\n\n\n\n<p>15408<\/p>\n\n\n\n<p>19086-1. -2.&nbsp;&nbsp;-3<\/p>\n\n\n\n<p>19941<\/p>\n\n\n\n<p>19944<\/p>\n\n\n\n<p>19933<\/p>\n\n\n\n<p>27036<\/p>\n\n\n\n<p>22237<\/p>\n\n\n\n<p>19441<\/p>\n\n\n\n<p>11889<\/p>\n\n\n\n<p>17788<\/p>\n\n\n\n<p>27034-1<\/p>\n\n\n\n<p>22301<\/p>\n\n\n\n<p>27031<\/p>\n\n\n\n<p>27034<\/p>\n\n\n\n<p>20000<\/p>\n\n\n\n<p>20050<\/p>\n\n\n\n<p>18788<\/p>\n\n\n\n<p>270017<\/p>\n\n\n\n<p>270018<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here&#8217;s some of the cool stuff I captured on a CCSP boot camp in December 2019. First up is a list of books, websites, and videos recommended by our instructor: The Art of Profiling: Reading People Right the First Time Hardcover \u2013 1 Jul 2012 by Dan Korem A recommendation for red teaming. The book [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-162","post","type-post","status-publish","format-standard","hentry","category-sec"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=162"}],"version-history":[{"count":3,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/162\/revisions"}],"predecessor-version":[{"id":284,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/162\/revisions\/284"}],"wp:attachment":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}