The blog of a cybersecurity student

  TryHackMe is a website that offers hands-on labs for learning different cybersecurity topics. The platform is organized into “rooms,” with each room focusing on areas like Linux, networking, or web security. Each room includes explanations along with tasks you complete as you go. One thing I liked about TryHackMe is how simple it is to get started. After creating a free account and answering a few basic questions, it immediately places you into a recommended learning path, which makes it easy to start without having to decide where to begin. The site is easy to use, and everything runs directly in the browser, so there isn’t much setup involved. The tasks feel very realistic since you’re often working in a terminal and entering commands, rather than just clicking through questions. The rooms explain what you’re doing as you work through them, and there are questions throughout to check your understanding. Overall, the experience feels very similar to our online labs, just orga...

  New Phishing Scams Are Getting Smarter A recent article from Cybersecurity News explains how hackers are using a new phishing kit-as-a-service to steal login information from users of popular platforms like Google, Microsoft, and Okta. These tools are sold to criminals, making it easier for almost anyone to launch advanced phishing attacks. What makes this scam more dangerous than older phishing emails is that it works in real time . When a victim enters their username and password on a fake login page, the information is instantly sent to the attacker. The fake page can even change to match multi-factor authentication (MFA) prompts, making the scam look legitimate. Attackers often combine this with fake phone calls, pretending to be IT support and convincing users to approve login requests. This can trick people into giving attackers access to their accounts, even if MFA is enabled. To stay safe, organizations should use stronger MFA options like passkeys, train users to be...

I will be discussing what I believe is a useful resource for anyone looking to further their education and skills in cybersecurity. The resource I am referencing is https://www.sans.org/   the official website of the SANS Institute . Who are they? SANS is an acronym for SysAdmin, Audit, Network, and Security . It is a United States–based organization that specializes in cybersecurity education. SANS is widely known for providing high-quality training programs and industry-recognized certifications. What do they offer? SANS offers a wide variety of professional training courses and certifications covering many areas of cybersecurity. In addition to paid content, they also provide an extensive collection of free resources that can benefit anyone interested in information technology and security. Some of these free resources include: Podcasts Webinars Blogs Newsletters While exploring these resources, I listened to one of their podcasts from the OUCH! Podcast series titled “The Hidd...