Browsed by
Category: phishing

treetop cybersecurity awareness training slide deck
Cybersecurity Awareness Slide Deck v.1.1 & Video

Cybersecurity Awareness Slide Deck v.1.1 & Video

Comments 2 comments

After spending months putting together our cybersecurity awareness training, in September of 2019 we released version 1.0 of our slide deck. We released the slide deck as free, open-source for anyone to download the content and take it back to their own community (organization, library, and other events). Since then, it has been recommended/shared by numerous security professionals on social media and at some of the world’s largest security conferences. By March 2020, it was downloaded thousands of times and…

Read More Read More

Quad9 and pfSense
Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Comments 41 comments

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

Slide deck for cybersecurity awareness training
Cybersecurity Awareness – Open Source Presentation & Slides

Cybersecurity Awareness – Open Source Presentation & Slides

Comments 0 Comment

Get Active In Your Community My company spent months putting together high-quality cybersecurity awareness training material. We reached out to numerous professionals for feedback — information security, IT, and otherwise. We presented the material several times both publicly and behind closed doors. We continued (continue) tweaking the material based on attendee and professional feedback. Now… We’re giving it away for free!  Why? At the end of the day, we are just one company. No matter how awesome we think we…

Read More Read More

Quad 9 DNS
Quad9 – First Thoughts & Benchmarks

Quad9 – First Thoughts & Benchmarks

Comments 12 comments

Quad9 is the collaboration of IBM X-Force, PCH, and Global Cyber Alliance. It provides a DNS platform that combines high performance with security by blocking known malicious domains. At the time of this writing, Quad9 was using 19 threat feeds. I’m not going to get into the marketing speak because quite frankly, enough folks cover that well enough. Quad9 <- Main Site New “Quad9” DNS service blocks malicious domains for everyone <- Ars Technica Instead, I’ll provide the bare essentials…

Read More Read More

SPF, DKIM, and DMARC testing
Testing SPF, DKIM, and DMARC

Testing SPF, DKIM, and DMARC

Comments 2 comments

If you are interested in a step-by-step implementation of SPF, DKIM, and DMARC, there’s a post for that! It’s on this site as well and it will walk you through the entire process. https://linuxincluded.com/implementing-spf-dkim-and-dmarc/ Changelog 17Nov2017 – Originally posted 25Mar2018 – Added more SPF tests specifically for lookups 19Nov2018 – Clarified some test steps and added a site Before you jump into testing SPF, DKIM, or DMARC, you need to verify where your authoritative DNS nameservers are. The easiest way…

Read More Read More

No SPF, DKIM, or DMARC = Bad Time
Implementing SPF, DKIM, and DMARC

Implementing SPF, DKIM, and DMARC

Comments 0 Comment

If you made it here, you might not be interested in the why’s of implementing the holy trinity – SPF, DKIM, and DMARC – of anti-email spoofing. However, if you’re still uncertain whether you should or shouldn’t, just do it! With the guide below, you’ll see it isn’t all that difficult and when used together, they provide great benefits like brand protection, reducing a phishing attack vector, less chance of your legitimate marketing emails ending up in spam, etc. It also…

Read More Read More

Stop CEO/CFO Domain Spear Phishing

Stop CEO/CFO Domain Spear Phishing

Comments 4 comments

Pretty bold title… While it is nearly impossible to stop any motivated attacker/phisher, I also believe in doing every bit you can to improve your environment and these steps will go a long way to helping your situation. I will talk about two primary ways to put an end to CEO/CFO spear phishing. Realize upfront that you should not do one step without the other. I will also talk about the ins and outs of these techniques as well as some of…

Read More Read More