TeamMentor is focused on enduring principles and preventative/remediation/compliance solutions. There is clearly demand for information about active threats and a blog seems like a more appropriate medium for it than TeamMentor. Carrying out attacks often involves tools, but often custom tools and exploits have to be developed, so again focusing strictly on the existing and mature tools isn’t very practical. Generally speaking, preventing vulnerabilities is not accomplished by tools, but rather by following simple and proven methods during application development. Information about tools is another popular request. In practice, they are actually very simple, especially for web application. There is a strange appeal to talking about exploits and attack techniques for some reason these things tend to draw a lot of attention.
There may be some value to describing some attack scenarios so that people understand the threats better and how to defend from them, but it’s not necessary to describe any specific exploits or techniques to do that. Preventing vulnerabilities makes exploits and offensive techniques irrelevant. It doesn’t seem like an appropriate place for that type of information, because the focus is on preventing vulnerabilities. Sometimes people ask if there are exploits or the latest offensive techniques in TeamMentor. Managing system configuration standards is a common requirement and a web portal to manage them may have value Posted in InfoSec | Leave a reply IISCrypto – Configure IIS SSL/TLS Suites + TeamMentor can be used to manage system configuration standards. + The UI works okay for content collaboration, but there are a lot of minor annoyances. + TeamMentor can certainly get the job of sharing InfoSec/AppSec information done.
It’s a useful basic skill for people that use Windows and should be effective for detecting and eliminating >90% of malware. Tonight’s lesson was about removing Windows malware using Process Hacker and Autoruns. This process should be similar to what would take place within an organization as they raise their infosec awareness level. As people use the tools, they take notes. To support the activity, some bare-bones TM articles (stubs) are created in the beginning with links to tools, tutorials, etc. The idea is to then convert these notes into TM articles. Non-technical people get hands-on training in basic infosec skills and then take notes on their experience. This process should help improve TeamMentor usability. The results are some observations and some issues filed in GitHub. Umm, yes this tool does trigger anti-virus (infected by a brute force tool) Not that I'm telling you to turn off your anti-virus though :-) How well do you trust your sources of brutus :-) Anyway, your antivirus is probably getting in the way (ie.
I’ve used TeamMentor to mentor a team for the first time tonight hehe.