The Plebeian Dev

Dec 1st, 2024

As ubiquitous as email is in today’s day and age, it stands to be one of the older means of communication relative to the rise of the world wide web. This primes it for being one of the most sought-after targets from cyber threats, spam and phishing being the primary vectors for attack to organizations. Attackers are getting better at posing as organizations and hiding their true identities through email, and it will only get tougher with the rise of AI.

One way to start to combat this type of abuse is to use special DNS records to help identify legitimate, original and trustworthy sources of email are getting to those who we wish to reach out. In today’s blog post, I will go into some detail as to what these records are and how they can help protect you and your organization from common email impersonations. First let’s ask the simple but important question.

What Are DNS Records?

Email DNS records are DNS (Domain Name System) configuration files that help authenticate email messages. They serve as the digital verification system. They can help provide information like which servers are authorized to send emails on behalf of your domain or if the email is digitally signed through PKI (Public Key Infrastructure). Without these records, bad actors can easily spoof emails, impersonating trusted vendors or folks within the org to deceive end users.

So What Records Should I Have to Make Our Email is Secure?

SPF (Sender Policy Framework) records indicate which mail servers are authorized to send emails for a domain. When an email is sent, the receiving mail server checks the SPF record to confirm whether the email originated from an approved server. If the sender isn't listed, the email may be marked as spam or rejected.

DKIM (DomainKeys Identified Mail) adds a digital cryptographic signature to emails, ensuring its contents haven’t been tampered with during transmission. With the cryptographic keys, the sender’s domain publishes the public key in its DNS, and the private key (used by the user sending the email) is leveraged to sign outgoing messages. The recipient’s server verifies the signature which ensures the email is authentic.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on SPF and DKIM by specifying what action a receiving server should take when an email fails authentication. For example, the domain owner can choose to reject, quarantine, or monitor emails that don’t pass SPF or DKIM checks. DMARC also provides reports, helping domain owners understand and mitigate unauthorized email activity. So, we know the three most important records for protecting your email but what does this look like in action?

How These Records Protect Against Phishing and Spam

Phishing attacks often rely on email spoofing, where attackers forge the "From" address to appear as a trusted sender. Email records like SPF and DKIM help detect and block spoofed messages, making it harder for attackers to impersonate legitimate senders.

DKIM makes sure that the content of an email remains unchanged during its transit. This prevents attackers from intercepting and altering legitimate emails to insert malicious links or attachments.

Implementing email records not only reduces spam but also boosts your domain's reputation with big email providers. Emails from domains with proper authentication are less likely to be flagged as spam, ensuring legitimate communications reach their intended recipients.

DMARC reports provide valuable insights into unauthorized email activity, helping organizations fine-tune their email security policies and detect malicious actors targeting their domain. With this, you can take a proactive approach and flag and report domains that are being used in active attack campaigns.

Best Practices for Email Records

Implement all three SPF, DKIM, and DMARC. Any comprehensive email authentication strategy will use at least these three to maximize protection. Monitoring and updating regularly to evolving threats which means updating your records whenever necessary. As always, you will want to educate stakeholders. Train employees to recognize phishing attempts, as no system is foolproof.

These records are the cornerstone of email security. After reading this blog and implementing SPF, DKIM, and DMARC, your teams and organization will significantly reduce their risk to phishing and spam, safeguarding both brand reputation and users. With these configurations in place, email becomes a more secure and reliable communication channel for everyone. Even if it’s as old as the dinosaours.

Nov 24th, 2024

One of the most critical parts of secure azure VM’s is making sure that your infrastructure is secure from outside threats. Luckily, Azure offers a ton of built-in tools and configurations to help secure your scalable network. By using these features, you will be able to protect the sensitive data you ingest, reduce attack surfaces, and ensure you are compliant with security standards. Here is how you would do that.

Design with security in mind from the get-go

Creating a well-designed network, let alone a virtual network (VNet) is quite the task. First off, VNets are isolated, logical networks within Azure that serve as the foundation of your environment. Within the VNet, you will want to segment things into subnets to bundle resources based on functionality and security requirements.

Enable Azure Bastion for secure remote access to VMs without exposing RDP or SSH ports to the internet. This eliminates the need for public IP addresses on VMs, reducing potential attack vectors.

Network Security Groups (NSGs) for your VNet Firewalling

NSGs act as virtual firewalls for your VNets and subnets, allowing you to control inbound and outbound traffic. Only allow traffic you want and block everything else. For example, you can configure rules to allow only HTTP/HTTPS traffic to a web server while denying all other inbound traffic. Ensure your NSGs follow the principle of least privilege. Regularly audit rules to remove outdated or overly permissive configurations that could expose your environment.

Using Azure Firewall or Web Application Firewall (WAF)

You can enhance protection by deploying Azure Firewall to filter traffic at the network perimeter. The network perimeter is where your internal network meets the external connections. Azure Firewall provides centralized policy management and advanced threat protection capabilities, such as URL filtering and deep packet inspection.

If your VMs host web applications, integrate Azure WAF to safeguard against common threats like SQL injection and cross-site scripting (XSS). Azure WAF can be enabled through Azure Front Door or Application Gateway, providing robust protection for web-facing workloads.

Implement Private Endpoints

Using Azure Private Link helps to create private endpoints for your resources. This ensures that traffic between VMs and Azure services like Storage or SQL Database remains within the Azure backbone network, effectively bypassing the public internet. When you eliminate public endpoints, you significantly reduce the attack surface of your environment.

Secure Communication with Encryption

Always encrypt data in transit using protocols like TLS 1.2 or higher. Configure Azure resources and VMs to use encrypted communication for all internal and external connections. For sensitive workloads, turn on Azure Disk Encryption to protect data at rest and use Key Vault to manage encryption keys securely. Don’t forget to rotate your keys eventually as you don’t want those to be stale and or, in the event of compromise, they are eventually cracked.

Monitoring and Incident Respond

Enable Azure Monitor and Azure Network Watcher to track network activity and identify anomalies. Using something like Azure Sentinel, Microsoft’s cloud-native SIEM tool, to analyze logs and detect threats in real-time. You can also send network logs to a different SIEM tool, it doesn’t matter, just make sure you are tracking those logs.

Deploy Azure DDoS Protection to defend against distributed denial-of-service attacks. The Standard tier provides these types of enhanced mitigation and application-layer protection necessary to cover all your monitoring and IR activities.

Testing Security and Review recommendations from Security Center

Performing regularly scheduled security assessments using Azure Security Center is a must. Its recommendations can guide you in improving your network security posture. Conduct penetration testing or simulated attack exercises to identify and address vulnerabilities.

If you review and implement these recommendations, you can build a robust and secure network for your Azure VM environment. Having a proactive approach to securing your Azure infrastructure ensures operational resilience and helps mitigate modern cyber threats and attack vectors.

Nov 20th, 2024

When working on security incidents you will be analyzing sensitive data and interacting with potentially malicious novel software. A virtual machine (VM) is an excellent choice for this purpose due to its flexibility and security features. However, ensuring the VM is secure is critical to protect the host system and maintain the integrity of the investigation. I will show you some steps to secure a basic Linux VM for cyber investigations and some choices you need to consider. Ask yourself first and foremost.

What is a reliable and Secure Host Environment?

Before configuring the VM, ensure the host machine itself is secure. Consider using a robust, up-to-date operating system, enable full-disk encryption, and regularly apply security patches. This all sounds a lot easier said than done type of situation. Host-level security is crucial because a compromised host can jeopardize the VM's security. This means being able to quickly deploy and manage any virtual host.

For my day to day, I personally find Kali Linux to be especially helpful given all the investigation tools baked into the OS itself. Kali is also unique in that the base operating system images come configured with security measures such as rootless mode, forensics mode and support for encryption.

What’s the right Virtualization Platform?

Choosing a trusted virtualization platform such as VMware, VirtualBox, or QEMU/KVM provides you with a robust community with vast knowledge on managing and deploying vm’s. Always download the platform from its official website and verify its integrity using checksums or digital signatures. Ensure the virtualization software is updated to the latest version to protect yourself from known vulnerabilities.

Keeping a Minimal Linux Distribution

For a cyber investigation VM, use a minimal Linux distribution like Debian, Ubuntu Server, or parotOS. A minimal installation reduces the attack surface by excluding unnecessary services and software. That may be difficult since the OS’s recommended here have hundreds if not thousands of tools included in them. The principal remains, keep things simple.

Harden your virtual machine

Review and disable services not required for the investigation. Tools like systemctl or chkconfig can help manage services. Enable some Firewall rules. Use iptables or ufw to block unnecessary incoming and outgoing traffic. Restrict access to only essential ports. Always remember to install security updates whenever you can. You can write a bash script to automatically update the VM using your distribution’s package manager (e.g., apt or yum). Consider using automated tools like unattended-upgrades for critical updates. Implement AppArmor or SELinux: These tools enforce strict access control policies on processes and applications.

Network Hardening tips to consider

Configure the VM’s network interface to NAT or host-only mode. Avoid bridging the VM directly to the host’s network to limit exposure. Regularly take snapshots to preserve a clean state of the VM. This allows you to revert quickly if malware compromises the system. Disable shared folders or set them to read-only to prevent malicious files from affecting the host.

Encrypt Your Virtual Disks

When creating the VM, opt for encrypted virtual disks. This protects investigation data from unauthorized access if the VM files are compromised.

Deploy Investigation Tools in a Controlled Manner

Install only verified investigation tools from trusted sources. Consider using containers like Docker within the VM for running potentially dangerous software, providing an additional layer of isolation.

Log everything, all the time

Enable logging for the VM using tools like auditd or Syslog. Monitor logs regularly for unusual activities. Tools like fail2ban can help automate responses to repeated unauthorized access attempts.

Sandbox Environment when and where you can

If the investigation involves handling malware, deploy the VM in a sandboxed environment or use hypervisor-level isolation. Platforms like Firejail or Cuckoo Sandbox can help. Securing a Linux VM is essential for cyber investigations to ensure data integrity, protect the host system, and maintain operational confidentiality. When I need a free sandbox, I usually use any.run. Always be mindful of what samples you may be uploading; you never want to inadvertently expose private information or possible PII. By following these steps, investigators can create a reliable and secure virtual environment to carry out their work.

Nov 8th, 2024

Network certificates are an essential security measure that enables encrypted, trusted communication between devices on a network. By verifying the identity of users and devices, network certificates help ensure that only authorized individuals and systems can access sensitive resources, reducing the risk of cyberattacks and unauthorized access.

What Are Network Certificates?

Network certificates, also known as digital certificates, are digital files that confirm the identity of devices or users on a network. These certificates are issued by a trusted Certificate Authority (CA) and contain valuable information, including the public key of the entity being certified, as well as details about the entity’s identity and the CA that issued the certificate. This information enables secure communication by providing a way to verify and encrypt connections between systems, like a client and server, or between two devices within a network.

How Network Certificates Work

Network certificates rely on Public Key Infrastructure (PKI), a framework that uses a pair of cryptographic keys, a public key, and a private key to secure data transmission. A straightforward way of looking at PKI is the mail service. A mailbox represents a public key. Anyone can send mail to that mailbox but only a person with the private key can view them.

A user or device requests a certificate from a CA, this can be called Certificate Issuance. Which verifies the identity of the requester. Once verified, the CA issues a certificate containing the requester’s public key, among other details. You can view a CA as the post office from the example above. They are trusted source of issuing a mailbox and key, the Postal Office verifies each person’s identity

When a device or user wants to access network resources, the system checks the certificate against a list of trusted certificates to ensure its valid and issued by a trusted CA. This validation step prevents unauthorized devices or users from accessing the network.

Once verified, the certificate allows encrypted communication using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, which protect data as it is transmitted over the network. This encryption ensures that sensitive data like passwords, financial information, and proprietary business data are secure from interception.

Certificates have an expiration date though and must be renewed periodically to maintain security and integrity. This makes sure that outdated or potentially compromised certificates are not used indefinitely, reinforcing security.

Why Network Certificates Are Essential for Security?

Network certificates validate identities, ensuring that only trusted users and devices access the network. This trust is pivotal in preventing unauthorized access that could compromise data and lead to breaches.

By encrypting communication between devices, certificates protect data from interception and tampering. This is essential when transmitting sensitive information, such as client data or proprietary business details.

In Man-in-the-Middle (MitM) attacks, attackers intercept communication between two systems to steal or alter data. Certificates help prevent these attacks by authenticating both parties in a connection, ensuring secure transmission.

Many industries have data protection regulations that require encrypted data transmission. Certificates enable encryption and help organizations meet these standards, avoiding penalties and demonstrating commitment to data security. Some of these regulations include HIPPA, SOX, GDPR, and PCI-DSS which mention protecting data in-transit.

Best Practices for Managing Network Certificates?

Always use a reputable Certificate Authority for certificate issuance to ensure certificates are reliable and widely recognized. Some recognized CA’s would be DigiCert, Entrust, Global Sign, or for something free LetsEncrypt.

Expired certificates can disrupt network access, so implementing automated renewal processes ensures continuous security. Having dealt with this, I can tell you that taking the time to renew a certificate while customers are without access is stressful. Regularly auditing certificate usage and validity to identify any expired or unused certificates that could become security vulnerabilities.

Network certificates are a fundamental part of network security, providing authentication, encryption, and trust across network connections. By verifying user and device identities and encrypting communications, network certificates protect organizations from data breaches, cyberattacks, and unauthorized access. Implementing and maintaining a robust certificate management process is essential for safeguarding sensitive data and ensuring trusted interactions across the organization’s network.

Nov 5th, 2024

Business Email Compromise (BEC) is a sophisticated type of cyberattack that targets organizations by social engineering employees into taking actions that help the attacker, typically by transferring funds or sharing sensitive information. BEC attacks leverage trust, urgency, intimidation, authority to deceive recipients, making it one of the costliest forms of cybercrime today. Understanding BEC and how to defend against it is pivotal for organizations aiming to protect their business assets and data.

But what is Business Email Compromise?

BEC attacks often involve attackers impersonating a trusted person within the organization such as a CEO, manager, vendor, or compromising an actual employee’s email account. Once trust is established attackers use phishing techniques to manipulate employees into taking actions like wiring funds or changing payment information on invoices.

Unlike traditional phishing attacks, which rely on web links or malicious attachments, BEC attacks often involve thoughtfully crafted emails and do not present themselves with any typical signs of being a phishing attempt. Attackers do their research, gathering information about a company's operations, team hierarchies, and financial protocols to make their requests seem plausible. They may also time their emails for maximum impact, such as during peak work hours or when key executives are traveling, making it more likely employees will comply without verifying the request.

What does the attack look like?

Attackers can impersonate a CEO or other executive, often asking finance teams to urgently transfer funds or make payments. You should think, does the CEO really want me to send a gift card to him during the day?

An employee’s email account is hacked and then used to request payments from clients or internal departments, with funds redirected to accounts controlled by the attacker. Ask, always ask if the request is anticipated.

Attackers impersonate vendors, asking for outstanding payments but directing funds to new or different accounts under their control.

In high-stakes or confidential situations, attackers pose as attorneys or legal representatives, pressuring employees to act swiftly without verification. Some of these interactions can prey on admin and IT teams want to help and sense of urgency.

Attackers target HR or finance departments to obtain sensitive information like employee tax data, which can then be sold or used for identity theft.

Why BEC is So Effective

BEC attacks succeed because they exploit human psychology rather than relying on technological weaknesses. Attackers understand that employees want to act promptly, especially when responding to executives or legal authorities. BEC messages often use urgent language, emphasizing confidentiality or time-sensitivity, which reduces the likelihood of thorough scrutiny.

Preventing Business Email Compromise

MFA significantly reduces the chances of account compromise by adding a verification step that attackers are unlikely to bypass.

Regularly educate employees on recognizing BEC attacks, including how to identify unusual requests and verify communications before acting.

Encourage employees to use out-of-band verification, such as calling a known number or contacting a manager directly, before fulfilling requests involving financial transactions or data transfers. This means sometimes just giving an end user a phone call directly or a zoom call to see them online.

Be cautious about publicly sharing information about team roles, travel plans, and vendor relationships, as attackers often use these details to craft convincing BEC emails.Attackers who gain access to email accounts may set up automatic forwarding to external addresses to monitor communications. Regular audits can detect and block this activity.

Business Email Compromise is always costly and a growing threat that requires vigilance and a proactive approach to prevent. By educating and making employees aware, verifying requests, and implementing security measures like MFA, organizations can significantly reduce their risk of falling victim to BEC. As BEC tactics evolve (as they always do), staying informed and reinforcing defenses are essential steps toward safeguarding the organization’s financial and data assets.

Nov 4th, 2024

Conditional Access is a dynamic security framework that evaluates specific conditions such as user identity, device health, location, and real-time risk—to determine whether to grant, restrict, or require additional verification for access. By implementing CA policies, organizations create a flexible, security-first approach that meets the demands of today’s digital workplace while protecting sensitive data. This is often utilized within Microsoft environments to help protect legitimate user accounts from tampering.

So, what is conditional access?

Conditional Access is a set of rules applied to access requests for applications, data, and network resources. Often managed through identity platforms like Microsoft Azure Active Directory, CA enables organizations to enforce specific requirements for access. For instance, access can be allowed if users meet certain conditions, such as using compliant devices, signing in from trusted locations, or passing multi-factor authentication (MFA). This approach tailors access policies to match different security needs, making it ideal for environments with diverse devices, roles, and work locations to still be adequately protected.

What are the key benefits of conditional access?

CA helps prevent unauthorized access by enforcing security requirements based on real-time context. For example, if an employee logs in from an unfamiliar location, CA policies can require MFA or restrict access entirely. By adapting access requirements based on conditions, organizations reduce the risk of breaches from compromised credentials, phishing attacks, or unauthorized devices being present on the network. Real-time risk assessments in CA, such as Microsoft Identity Protection, detect anomalies and apply security policies instantly to keep those resources safe.

In today’s work from home or anywhere work environment, employees may log in from various locations and devices across the globe. CA allows organizations to secure remote access by enforcing specific requirements, such as ensuring devices are compliant with company security standards or limiting access to known trusted networks. These are often implemented by managing devices through Microsoft Intune and then applying policies to them. This balance of security and accessibility helps remote teams work productively while safeguarding sensitive resources.

CA can assist organizations in meeting regulatory requirements by enforcing policies that protect sensitive data and ensure controlled access. Regulations like GDPR, HIPAA, and PCI-DSS mandate secure data handling, and CA’s ability to restrict access based on location, device compliance, or identity verification is key to maintaining compliance. For instance, CA can enforce MFA for all access to sensitive data or limit access based on regional regulations, ensuring adherence to legal standards.

Conditional Access improves the user experience by only requiring additional authentication when risk conditions warrant it. For example, an employee logging in from a known device and location may not need MFA, but the same login from a different location would require it. By applying security measures dynamically, CA minimizes disruptions, letting users work without repeated verification while maintaining high security.

What are some Best Practices for Implementing Conditional Access?

Start with Clear Policies. Define security requirements based on user roles, device types, and access scenarios to target the highest-risk areas effectively.

Use Risk-Based Policies help to enable CA policies to trigger additional steps, like MFA, only when necessary, such as during unusual login activity.

Reviewing and Adapting CA policies to changing security needs and refine access requirements as the organization grows.

Conditional Access is a powerful tool that combines flexibility and security for today’s evolving workplace. By enforcing access requirements dynamically based on user and device context, organizations can secure their resources, support remote work, and meet compliance needs without compromising the user experience. With the increasing sophistication of cyber threats, Conditional Access is essential for organizations dedicated to securing their digital environments.

Nov 3rd, 2024

Controlling the flow of end-user content is essential to having a productive, secure, and compliant environment. Content filtering and monitoring is a tool that you can control inbound and outbound data helps IT teams prevent unwanted or harmful content, like spam, malware, and inappropriate material, from being on the network. By using keyword matching, URL categorization, and reputation-based filtering, your organizations can minimize those named risks. So why content filtering?

Content filtering offers significant benefits across several key areas. By blocking spam, phishing attempts, and malware-infected links, it reduces the risk of breaches and malware, sparing your organizations the costly recovery effort. With many security gateways, AI can even improve on this by learning what is normally seen in your environment and proactively protect your users. Microsoft 365 has this sort of AI that works in the background to understand User and entity behavior analytics (UEBA).

You can enhance user productivity by blocking access to non-work-related content such as social media or streaming sites. This in turn helps employees stay focused and productive during normal working hours. Although this can be helpful, you always must balance productivity with convivence. Every organization is different depending on what risks they are willing to accept based on how end-users react.

Many industries are governed by regulations requiring secure data handling. Content filtering helps prevent accidental data leaks and ensures your organization is adhering to standards, like HIPAA in healthcare and PCI-DSS in payment processing. Normally this is done through content filtering for outbound or egress data. You always want to filter both in and out of your organization to prevent even accidental storage of such data.

Blocking inappropriate or harmful content helps create a respectful, professional workspace. This filtering protects the organization’s reputation and ensures compliance with workplace standards. You don’t want to get caught in that situation of finding material that goes against company policy, so set content filters so that isn’t even a thing to begin with.

Key Content Filtering Features A robust content filtering solution goes beyond basic keyword blocking: Real-Time Filtering: Constant monitoring is essential to keep up with evolving threats. Granular Control: Organizations can tailor filtering policies by department or role, providing necessary flexibility for productivity and security.

Content Categorization: By categorizing sites and emails, organizations can apply specific filtering rules to several types of content. Allowlist and Blocklist Options: Filtering solutions allow trusted sites to be whitelisted while blocking known risky domains.

Keyword and Phrase Matching: Content filters can prevent sensitive data leaks by flagging or quarantining emails with specific keywords. This is normally achieved by utilizing regular expressions to find exact or similar matches for words or phrases.

Filtering effectively means implementing those controls

Setting clear policies helps to define acceptable usage and filtering rules aligned with security and compliance needs. These should always be reviewed and accepted by senior leadership. Customizing for roles and tailoring filtering policies to match the needs of different departments. Not everyone needs to have the same blanket controls, often times that only hampers certain departments (mostly security and IT who need to be able to view things to determine issues or causes for issues).

Update rules regularly and regular reviewing in place policies is super important as cyber threats evolve. Like they say, there is no rest for the wicked. Monitor your logs and reviewing content filtering logs can reveal access attempts or emerging security concerns. You want to get ahead of that and then start to educate employees on the risks. Training on content filtering’s purpose and policies can help employees recognize credential harvesting attempts and understand secure content use.

Content Filtering and the future workforce

As remote work grows, cloud-based filtering solutions offer flexibility and scalability, protecting employees wherever they are. AI enhancements are also helping content filters detect complex threats more accurately, reducing false positives.

Content filtering is critical for ensuring security, productivity, and compliance. Implemented thoughtfully and tested carefully, it creates an effective shield, allowing employees to work safely and efficiently without unnecessary distractions or risks. As digital threats continue to grow, content filtering remains an essential aspect of defense for yours's and every organization.

Oct 21st, 2024

Just in time for Halloween and Cyber Security Awareness Month, Imagine this: It’s a dark and stormy night. Your phone suddenly buzzes with an MFA request. Then another. And another! Eventually, feeling overwhelmed by this eerie persistence, you approve one to make them stop. But just like letting a vampire over the threshold, that approval grants the attacker access to your account, and the haunting is complete. These digital specters are especially fond of stalking high-value corporate targets, where the treasure behind the door is worth the effort. You can call this type of attack MFA ghost prompts—deceptive or fake Multi-Factor Authentication requests that haunt users' devices like digital poltergeists

What Are MFA Ghost Prompts?

MFA ghost prompts appear out of nowhere, fooling users into believing they’re authenticating a legitimate service. However, lurking beneath these ghostly requests is a malevolent scheme: hackers trying to gain unauthorized access to accounts. These chilling prompts seem innocent on the surface but serve as conduits for cyber trickery.

How Do These Ghosts Haunt Users?

(Initial Access): Attackers begin by creeping into a user's account, often through stolen credentials or crafty social engineering. (MFA Bombing): Once inside, the attacker unleashes a barrage of MFA requests, haunting the user like endless knocks on a creaky door. Frustrated or startled, the user may approve one just to stop the constant interruptions. (Exploiting Familiarity): Users place their trust in MFA as a guardian spirit, protecting their accounts. But ghost prompts prey on this trust, tricking users into granting access to their very own accounts.

Why Do These Digital Ghosts Work So Well?

Users often report that they approved a phantom prompt to escape the torment. This is called “MFA Fatigue” as attackers act like an ominous curse that relentlessly notifies users to their illegitimate access attempts. Users have also mentioned that they are so used to trusting their MFA prompts, they thought they’re simply authenticating their own activities. Outside of these two examples, many users simply don’t realize that multiple, unexpected MFA requests are the sign of a haunting and let the ghost in through the door.

How to Ward Off These Ghosts

Regular security awareness training - Teach users to recognize the signs of a digital haunting—unexpected MFA requests are often an evil omen. Reject or report unfamiliar requests - Users should be vigilant and reject any spooky MFA requests they didn’t summon themselves.

Nov 20, 2017

So I always thought it was pretty intimidating working with github. I figured I would need to learn a whole bunch of commands and spend many frustrating hours having to figure out what I am doing wrong. I came up on this codecademy video on youtube that was less than 6 minutes that helped me break through that. Here is what I learned.

First you will want to make sure that you create a repository for your project and name it how ever you would like. Then you will want to get into CLI and navigate to somewhere where you would like to download your project or repo to. The command you will want to use to download your repo will into said directory will be
git clone https://www.github.com/youruser/nameofyourrepo

Once you have gone ahead and got your repo you will want to use git init to initialize that directory so we can eventually push what is in that directory up to github.

Go ahead and make some changes. In my case I have a github.io website setup with a single index that I make updates to here. Once you are satisfied with your changes you will want to add all of the changes made so github knows what to send up to be eventually commited. the code for this will be git add . the dot or period is indicating the whole directory, so whatever changes are made in the entire directory will be commited to your repo.

Next I always use git status to check what files will be committed and what changes were made. This helps me to understand if I have made the correct code changes or if something should not be commited to the repo.

Now comes the fun part, we will now comment on our code then commit it. To comment on our repo changes you will use git commit -m "your comment here"

After this then you can push your changes up by typing git push -u master origin You will likely be prompted to enter your username and password and that is about it.