Hello there - Hope you are staying safe and doing everything to protect yourself and those around you during this difficult time. After a short break, I am back with a small post and a positive news. I am happy and excited to share that I have successfully completed the MS-500 Microsoft 365 Certified Security Administrator Associate certification today.

One of the most common vulnerability assessment tool available is Nessus by Tenable. It was on my “To Do” list for a while, especially after I came across Qualys community edition scanner, which allows for unlimited vulnerability scanning for one application URL. As Qualys provides a cloud-based scanner, they only require you to register for a free account and get moving from there.

Hello there! Thank you for stopping by again. It has been a while since I updated my blog. Well, as you are already aware of the events happening around the globe, I have been (and am still) trying to hold myself up! During the summer, I was working on my master’s thesis, which was an exercise of both, success and failure (more on this later)!

Looks like spending some time on Twitter isn’t bad after all. Yesterday, I came across a tweet from @JBizzle703 who shared a link to a free VMware learning promotion. This promotion is valid for 182 days after registering which can be done from now until 6th November 2020. What do you get ?

I have decided to learn and have fun with a new tool called the Bash Bunny by Hak5. I have decided to create a series of posts dedicated to this learning journey. In this introductory post, I’ll explain what the Bash Bunny is. It looks like a normal USB device with an LED and a switch on it.

Cloudflare recently published a new site that can check if your ISP is using security measures to route the traffic over the internet. Is BGP Safe Yet checks whether your Internet Service Provider (ISP) has security filters and measures in place that can make BGP stable and secure. There are interactive diagrams on the page where you can see how a BGP request would travel under normal conditions and if it is hijacked as shown below:

Recently there has been an increase in free course offerings by various providers. Given that we are going through an unprecedented time and are coping up with the situation and staying home, this could be a good opportunity to upskill and learn something new. My favourites are:- Free Microsoft Azure certification Pluralsight - All Training AWS - All AWS technology You can find others below:-

Microsoft is hosting free 3 day training for Azure 900 fundamentals course in the month of may. Participants are required to register for all three days where in attendees can receive free voucher to take the AZ-900 Microsoft Azure Fundamentals certification exam. More details and links to register can be found here More details about the AZ-900 Microsoft Azure Fundamentals certification exam can be found here Hope you find this useful and ace that certification.

If you haven’t heard of 1.1.1.1 (or commonly known as 1 dot) before, it is a fast and secure free DNS resolver provided by Cloudflare. Its popularity has grown so much so that it has become the second largest DNS resolver after Google. Since they have become very popular, on 1st April 2020, they have launched 1 dot for families.

Learning Linux is something a developer or every security enthusiast would love to do and master it one point in their career. The most common reasons for this include the wide spread use of the platform and ease of tools available for various use cases. I recently visited a website Linux Journey recommended by a friend, that helps in learning Linux.

It’s been a while I had updated my blog. As time flew by, it was time for me to renew my website and so this post is going to be about upgrading ZySec. If you visited the first version of my site, you could tell that it was hosted on Wordpress.

I am very grateful and happy to share that I have successfully completed my CompTIA Security+ certification. It was indeed a remarkable experience to learn about different threats, tools and technologies that are used in the enterprise to defend against the bad guys from breaking in. I would suggest this certification to anyone who is interested in pursuing a career in the InfoSec industry as it gives you a wider perspective and delves deep on certain technical topics.

In the first cURL post, I wrote about how to download files using cURL. I recently got an opportunity to work with forms using cURL. In this post, I will describe about how I used cURL to send a POST request to page containing a form. The objective was to obtain the response from the server after submitting a form.

For long, penetration testers and security enthusiasts have been using tools that are natively built around the linux platform.

Cross Site Scripting (XSS) is one of the OWASP top 10 web application vulnerabilities. Although Cross Site Request Forgery (CSRF) attack has decreased (reference: OWASP 2017 ), it is one of the attack that is prominent for web applications. I recently came across an online lab Gruyere , which allows you to test and play around with XSS and CSRF attacks.