2020 is a tough year for everyone. For me, there is some months like house arrest alone. A year passed by and we are in 2021 with changes in our daily life style and the way we live, work and enjoy life. People are fighting for this virus outbreak but most people believe in our survival instinct and health system. As for burmese citizens including me, 2021 Feb military coup is another misery added up to already-been messed up sitiation. It’s a sensitve topic to discuss for non-political minded like me, however this is a big upset and unethical approach taken by the junta militray to the pu...

Why CISSP Well, this is the credential for security practioners like us that hard to prove the market that “I kinda of know what I am doing and would like HR personnel to make their job easier”. A bit of morale dellima in taking this exam but I have to say the learning experience and knowlege gain is worth the pain. This is a bit of extension on what I jot down at reddit post. Since I am already in ISC2 circle with SSCP, this is economical since the annual fee is fixed for no matter how many ISC2 credentials you hold. A good alternative can be CISM from ISACA with another 150 bucks more. ...

Introduction Firstly, Let start with the difference between Indicator of Compromise (IOCs) and Indicator of Attacks (IOAs). In daily security operations, we are using these terms interchangeably, however it is better to understand the accurate meanings. IOAs can describe the active attack series by adversary that is occurring in real time which is via real time monitoring and detection. The security sensors and security analysts can detect and escalate IOAs such as malicious IPs probing network, repetitive malware infection on a particular host, established inbound/outbound connections t...

A state of Mind Unlike other penetration testing techniques, business logic testing gives a headache to most beginner testers. This is an a testing area that the testers with application mind can find a way in better than professionals comes from network & system background. This post is not a “know-how” techniques of how to exploit the web application. This is more of ideas that what the developers might do wrong in their application design, forgotten security requirements and implementation issues. Mythical MitM MitM attacks or attempts is something developers think it is not gonn...

Intro If you are a new Mac user and looking for a list of MacOS apps to install, this piece might help you into doing that. It is not an easy job to find the best of the best tools out there that will help your job. After I bought my first MacBook, I spent sometime looking on internet setting up their MacOS and I didn’t find a general article of the essential apps that I normally use and it triggers me to write this blog piece and the tools are just a selection based on my preferences. Initial Cleanup After the initial setup, MacBook comes with pre-loaded softwares. Some of them are usef...

Background It is important to know about “DevOps” culture before starting to understand “DevSecOps”. The reason behind this is that DevOps is an underlying building block of DevSecOps which brings the attribute of speed, precision and automation. The core principles of DevOps is to deliver software faster and more reliable by designing automated integration and delivery pipeline with collaboration of Development and Operation team. Even with reliable process and technology, people plays a critical part to adopt DevOps mindset and culture. The need for Security in the DevOps pipeline itsel...

I passed SSCP certification exam from ISC2 recently. The post is to share preparation tips and reasons to take this exam. There is not a lot of posts on Internet about SSCP prep since it’s not quite a popular exam and I hope this article helps people who decided to take SSCP. Why SSCP The first thing is to understand SSCP exams and its nature. IMO, it’s entry-mid level exam with focusing to examine technical/administrative thinking for security practitioners. It’s also a very good starter exam for those who can’t obtain CISSP due to lack of working experience or knowledge. I decided to ta...

I am writing this after a year using Pebble Time. I bought it the day I heard company is gone but still it's going this far. I shout out to pebble team and a bit to Fitbit for making it happen. Pebble server will down at 30th June 2018. Features that requires online services will be lost for pebbler. Some can live with that but most people might not satisfy with partial malfunction devices. Fibit offering all pebble users $50 discount for Fibit Ionic. It is a budget choice for a good smartwatch but what are the alternatives out there? I get rid of watches with Apple & Andriod Wear ec...

AV is not enough protection for the new era of cyber attack paradigm Recently, I’ve been using more than AV for my work PC to tighten the security. The landscape of the attackers is expanding to more scary things like ransomware attacks and I think it is important for everyone to understand what is ransomware. ESET Ransomware Explained(vid) is also a short nice video of what ransomware capable of. AV can’t detect and prevent them. The attackers are more clever than ever to construct a payload that can exploit the system without the knowledge of AVs. Behavioral monitoring is necessary to det...

A question of “what to possess and why I have them?” Women buy things they fancy. The same applies to men. Men even fall into the category of buying things that are useless and not make life more organizing and productive. I am the kind of guy beat myself up when I end up owning some stupid things. I believe in minimalism and the concept of “buying less” and live simply. It makes my life easy and declutter without chaos in your room. I only buy things I really need, I find it elegant and beauty in it. This is more of a personal note of why I own and planning to buy. Of course, I have more...