Friday Freebie - 500 hours of Cybrary & Space Summit Conference

 Cybrary has launched a significant initiative to address the global cybersecurity skills shortage by offering over 500 hours of premium training content for free through its "Cybrary Free Access" program. This move aims to bridge the gap between the high demand for cybersecurity professionals and the limited availability of accessible, high-quality training resources. The free content includes a range of courses, labs, and certification preparation materials designed to equip learners with the necessary skills to enter and advance in the cybersecurity field. (cybrary.it, cybrary.it)

The program caters to individuals at various stages of their cybersecurity careers. Beginners can benefit from foundational courses that introduce key concepts and practical skills, providing a clear starting point for those new to the industry. For those preparing for certifications, Cybrary offers access to industry-recognized certification prep courses, helping learners to not only pass exams but also understand the underlying principles required for real-world application. Advanced practitioners can explore specialized content, including courses on threat actor campaigns and common vulnerabilities, to stay updated on the latest threats and enhance their defensive strategies. (cybrary.it)

Cybrary's initiative addresses the challenges faced by aspiring and current cybersecurity professionals, such as the lack of affordable, comprehensive, and up-to-date training resources. By providing free access to a vast array of high-quality content, Cybrary empowers individuals to develop the skills needed to meet the evolving demands of the cybersecurity landscape. This effort not only supports personal career growth but also contributes to strengthening the overall cybersecurity workforce.

click the image to go check it out

Do Unmanaged Switches Break Trunk Ports? Lab Testing the Myth

 

There's a long-circulated myth in networking circles that plugging an unmanaged switch into a trunk port will "break" the network or disrupt VLAN configurations. To test this claim, I set up a lab environment using 2 #Ubiquiti EdgeSwitches configured with an active trunk port, a #TP-Link unmanaged switch, and my trusted #NetAlly LinkRunner to test connectivity. The goal was to see whether the unmanaged switch caused any real-world issues when connected to a trunk, or if this was just another piece of network folklore.

During testing, I connected the TP-Link unmanaged switch directly to an 802.1Q trunk port on the EdgeSwitch. Using the NetAlly LinkRunner, I monitored what VLANs were being received and whether DHCP responses were appropriately tagged. As expected, the unmanaged switch passed all traffic it received, treating the VLAN tags as opaque data. Devices behind the unmanaged switch only saw the native VLAN unless manually configured otherwise, but at no point did the switch “break” the trunk or interfere with tagged VLANs upstream. The trunk port continued functioning as designed, and VLAN isolation was preserved.

This test clearly demonstrates that unmanaged switches don’t inherently “break” trunk ports — they simply don’t interpret VLAN tags. The risk isn’t in network failure, but in misconfiguration or misunderstanding. If you plug a device expecting VLAN 88 into an unmanaged switch that's connected to a trunk with VLAN 1 as native, it won't behave as expected. But that's a design oversight, not a hardware failure. 

My test confirms: unmanaged switches won’t crash your trunk ports — they just need to be used wisely.

What Happens When IPs Run Out? Why You Should Test Your Network Gear to Find Out

Understanding how your network equipment behaves when it runs out of IP addresses is critical for preventing service disruptions. In a dynamic environment—especially one that uses DHCP—it's not uncommon to exhaust a pool of IPs due to misconfiguration, long lease times, or unexpected device growth. In this blog post, I share a video where I put my own equipment to the test, intentionally running out of available IPs and using both Wireshark and the device logs to observe what happens behind the scenes. The results offer valuable insight into how your tools respond under pressure—and where potential failure points might lie.

Wireshark is a powerful ally during this kind of testing. By capturing the packet exchange between devices trying to obtain an IP and the DHCP server’s responses (or lack thereof), you can see the exact sequence of discovery, request, or any failures. This helps identify whether clients simply stop trying, whether they send repeated requests, or whether the server gives any clues about what’s going wrong. In my test, Wireshark confirmed DHCP requests were being made but no responses were coming back once the pool was depleted—a clear indicator of exhausted resources.

Logs from the equipment itself provided a second layer of confirmation. My router log showed a DHCP message. Together, the packet data and device logs painted a full picture of what went wrong and how long it took to recover once addresses became available again. Testing like this helps network technicians preempt issues in real deployments and refine their monitoring and alerting setups. Don’t wait until a user reports connectivity problems—simulate them, study the response, and be ready.

some of the gear you see

NetAlly Linkrunner 

https://amzn.to/4ls8Rrh

Ubiquiti EdgeRouter 4 (ER-4)

https://amzn.to/4en9sIs

Ubiquiti EdgeSwitch 8, 8-Port Managed PoE+ Gigabit Switch

https://amzn.to/45HOYrK

Friday Freebie - Introduction to Dark Web, Anonymity, and Cryptocurrency

 I'm trying something new, so if you like it, give us a LIKE

The EC-Council's "Introduction to Dark Web, Anonymity, and Cryptocurrency" course offers a foundational exploration into the concealed segments of the internet, emphasizing the dark web's structure and functionality. Participants learn about the dark web's reliance on overlay networks like Tor, which utilize onion routing to maintain user anonymity and access to .onion domains. The course also addresses common misconceptions, distinguishing between the dark web and the broader deep web, and discusses the dual-use nature of these technologies, highlighting both their legitimate applications and potential for misuse.(en.wikipedia.org)

In addition to exploring the dark web, the course delves into tools and practices for achieving online anonymity. It covers the use of anonymizing browsers such as Tor, the importance of VPNs, and the role of secure communication platforms. These tools are essential for users aiming to protect their identities and maintain privacy in digital interactions. The curriculum emphasizes the significance of operational security (OpSec) and educates learners on how to safeguard their digital footprints against potential threats.(en.wikipedia.org)

A significant portion of the course is dedicated to understanding cryptocurrencies, with a focus on their role in anonymous transactions. It examines how cryptocurrencies like Monero and Bitcoin are utilized within the dark web for various purposes, including illicit activities. The course also introduces concepts such as cryptocurrency tumblers, which are used to obscure transaction trails, thereby enhancing user anonymity. By the end of the course, participants gain a comprehensive understanding of how anonymity and cryptocurrency intersect within the context of the dark web, equipping them with the knowledge to navigate and analyze these complex digital landscapes.(en.wikipedia.org)

click on the image to access the course

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

 Here’s a concise three‑paragraph summary of the article from The Hacker News about the TP‑Link router vulnerability:

1. Discovery and SeverityOn June 17, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw—CVE‑2023‑33538—to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, which carries a high CVSS score of 8.8, is a command injection bug in multiple models of TP‑Link routers (TL‑WR940N V2/V4, TL‑WR841N V8/V10, TL‑WR740N V1/V2). Attackers can exploit it by sending specially crafted HTTP GET requests using the ssid1 parameter to trigger arbitrary command execution on the device (thehackernews.com).

2. Exploitation & Support StatusCISA’s inclusion in the KEV catalog indicates that the flaw is actively being exploited. However, details remain scarce regarding the scale of attacks or the threat actors involved . Complicating remediation, TP‑Link has officially ended support for the affected models, meaning no firmware patches are forthcoming. Consequently, CISA recommends discontinuing their use or applying mitigations where possible (thehackernews.com).

3. Wider Context & Compliance DeadlineThis development follows earlier research into OT‑centric malware (like FrostyGoop/BUSTLEBERM) that suggested but didn’t confirm exploitation via this vulnerability (thehackernews.com). Additionally, CISA has set a compliance deadline—by July 7, 2025, federal agencies must remediate or phase out vulnerable devices (thehackernews.com). The article also draws parallels to similar ongoing threats, such as exploits targeting Zyxel firewalls (CVE‑2023‑28771), which have been weaponized for DDoS botnets (thehackernews.com).

click the image for the article