This is an automated archive.

The original was posted on /r/cybersecurity by /u/ConditionOk1875 on 2023-08-29 04:00:02+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Ready_Smile_4651 on 2023-08-29 01:57:17+00:00.

Has anyone here worked at Sophos or is currently working at Sophos? If so what are your thoughts? Is it a good place to work? Pay, benefits, etc?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/DealerForward4322 on 2023-08-29 00:26:35+00:00.

Any Amazon pen test security engineers out there that can provide some deets about the technical / behavioral questions for the virtual onsite interviews? Curious what the scripting challenge and code review could look like. TIA!

This is an automated archive.

The original was posted on /r/cybersecurity by /u/DonKhairallah on 2023-08-29 00:14:41+00:00.

Hello all,

I have around 2 years of experience as a SOC analyst but outside USA and Europe

Obtained bachelor degree in Computer science and recently master degree in management in enginerring with specialization in Consulting form a University in France.

Currently looking for a job in France so my question which certificate out of those 2 are more known for HR that can help me land an interview more is it Google Cybersecurity Professional Certificate or Microsoft Cybersecurity Analyst Professional Certificate.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Smile_Open on 2023-08-29 00:03:03+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Sigma-Aurelius on 2023-08-28 23:52:44+00:00.

Does anyone have examples, templates, and resources they use for the following:

• Data Breach Security Plan
• Business Continuity Plan/Disaster Recovery

Thank you guys for sharing!

This is an automated archive.

The original was posted on /r/cybersecurity by /u/BadAthMOFO on 2023-08-28 23:37:15+00:00.

Hi y'all,

I have started a project that I currently call DeepTrust, and I am trying to solve the problem of detecting deepfakes in this world of misinformation, especially with it's harmful potential with malicious use as this technology becomes more accessible.

I have an ML Engineering background, and I spent the last few weeks building out this toy:

I am looking for people to mess around with it, and get some feedback. My next iteration is going to allow people to fact check videos on their Twitter feed. What do you guys think?

And if r/cybersecurity isn't the place to post this, may anyone kindly point me to communities that might be just as interested?

Thanks!

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Dry_Environment_9254 on 2023-08-28 22:46:51+00:00.

What’s everyone using to watch what executables, MSIs and malicious documents are doing in a secured environment? Preferably free, looking to show our end users that are actually curious about what excel, word or PDF documents can do once executed.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Unprotectedtxt on 2023-08-28 22:07:47+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Mirda76de on 2023-08-28 21:43:25+00:00.

Cybersecurity incident at NSF’s NOIRLab

Does anybody have

some more details about this situation?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/antdude on 2023-08-28 21:22:37+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/West-Hippo-535 on 2023-08-28 21:18:15+00:00.

The Day the Digital Tides Swelled In the annals of cybersecurity history, there was a day when the digital tides swelled, threatening to engulf an organization's online presence. This is the story of how a dedicated team of defenders faced down a Distributed Denial of Service (DDoS) attack of unprecedented scale.

Unleashing the Digital Storm The attackers' arsenal was vast – a massive botnet of compromised devices under their control. Like a digital storm, the DDoS attack unleashed a torrent of malicious traffic, overwhelming the organization's servers and rendering their services inaccessible to users.

The Sentinel Response As the storm raged on, the organization's cybersecurity team sprang into action. Drawing on their expertise and fortified by meticulous planning, they initiated a multi-pronged defense strategy.

Traffic Analysis: The defenders analyzed the incoming traffic to identify patterns and anomalies, separating legitimate requests from the malicious flood. Rate Limiting: They deployed rate-limiting measures to throttle incoming traffic and prevent server overload. Cloud Scrubbing: With agility, the organization shifted traffic to a cloud-based DDoS protection service, effectively filtering out malicious traffic.

The Triumph of Vigilance Through unwavering determination and technical prowess, the defenders weathered the storm. Gradually, the digital tempest subsided, and the organization's services were restored. The DDoS attack had been repelled, leaving the cyber assailants thwarted.

A Lesson in Resilience This chronicle stands as a testament to the power of preparedness, collaboration, and cyber resilience. The organization emerged from the ordeal stronger, armed with invaluable insights to fortify their defenses against future threats.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/0xh0russ on 2023-08-28 20:59:18+00:00.

TLDR: Having multiple years of security professional experience as a prerequisite to apply for penetration testing jobs is an outdated idea because resources today are significantly better than they were ten years ago.

I'm a recent college graduate. I did an internship for a company, got a return offer for a full time position, worked for them for a couple of months and then they had a large round of layoffs. Now I am looking for new pentesting roles but it seems like most companies do not view penetration testing as an entry level role. The mostly require 3+ years of experience. (*Cough* Amazon *Cough*)

My opinion is that there was a time where most penetration testers were previously sys admins or software devs but that does not have to be the case today because training and resources have gotten much better over the last 10 years. There are also many opportunities for students to develop their skills that were not available in the past like CTFs, Bug Bounties, platforms like TryHackMe and HackTheBox, and collegiate competitions like CPTC and CCDC in the US.

Experience is definitely very valuable but I don't think "3+ years professional non-internship experience" has to be a hard requirement to begin anymore.

How long have you been in the field? and what do you think?Also, if you're involved in hiring. What do you look for on a resume?

Thanks.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Professional-Ad6429 on 2023-08-28 18:22:21+00:00.

Hello y'all. I recently started a cybersecurity newsletter that mainly focuses on talking about new and interesting developments in malware, vulnerabilities, data breaches, and new technologies in the industry. It's free to subscribe and I would love some feedback on it.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/too_fat_to_dance on 2023-08-28 19:48:51+00:00.

Hello everyone,

I'm in the process of launching a weekly cybersecurity newsletter and would love to get some feedback from the community.

What's the Idea?

The newsletter aims to provide actionable insights, up-to-date news, and expert advice specifically tailored for cybersecurity professionals. The format would include:

From the Analyst's Desk: Weekly themes or high-profile incidents

Data Deep Dive: Metrics or data trends

Tools: Reviews or tutorials on commonly used tools

Case Study: Detailed analysis of recent cyber incidents

Something like an Analyst Academy: Educational resources

Expert Interview: Conversations with industry leaders

Analyst of the Week: Spotlight on interesting professionals

Community Corner: Reader questions and discussions

Extras: Quick links to webinars, job openings, and more

What I'd Love to Know

Would you be interested in a newsletter like this? I'm not sure if I would keep all of this in. My goal is to provide as much real value as possible.

Specialized or General?

Would you prefer a newsletter specialized for roles like 'Cybersecurity Analysts' or 'Cloud Security Specialists'?

Or would you rather have something more general that covers various aspects of cybersecurity?

Any other features or topics you'd like to see?

I'm all ears and genuinely appreciate any feedback you can provide.

Thanks for taking the time to read this!

This is an automated archive.

The original was posted on /r/cybersecurity by /u/yankmywire on 2023-08-28 19:37:13+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Paiet on 2023-08-28 18:48:53+00:00.

I hope you're all doing fantastic. I'm reaching out to this incredible community to find new cybersecurity opportunities.

Background:

• Current Role: Associate DFIR Analyst at ReliaQuest (4 months). My responsibilities include comprehensive analysis of security-related data, utilizing various EDR tools and SIEM platforms (CS Falcon, CarbonBlack, SentinelOne, Splunk, LogRhythm, IBM QRadar, Devo, Google Chronicle), and supporting critical Incident Response (IR).

• Education: Double majored graduate from Champlain College in Computers and Digital Forensics and Networking and Cyber Security (Class of 2023).

• Achievements: Secured second place in the North Eastern Collegiate Cyberdefense Competition (participated in nationals) and served as a Digital Forensics Research Assistant at Champlain College, focusing on Microsoft Office 365's forensics aspects.

• Experience: I've had the privilege to work in various roles, from a Forensics Analyst Intern at Arete to a Cybersecurity Summer Program TA at Dartmouth College and a Computer Forensic Researcher at The Leahy Center.

Skills: My skill set includes mostly forensics and malware analysis.

For a more detailed look at my experience and skills, please check out my LinkedIn profile (on request).

Request:

If anyone is aware of open positions that align with my skills and experience or can refer me to potential employers (specifically in the Las Vegas, Nevada area), I'd be immensely grateful.

Please feel free to DM me or comment below if you have any leads, suggestions, or if you'd like to see my full resume.

Thank you for taking the time to read my post.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/StrikingInfluence on 2023-08-28 18:46:37+00:00.

It's that time of year where many people are enrolling in programs and starting / have just started college. As a part-time instructor I want to share some knowledge of students and their successes and failures along with the state of the industry.

Disclaimer: I teach for a medium sized community technical college in the Midwest and so we only award diplomas, AAS, AS, and AA degrees. Our most popular program is Cyber Security and we also have a Network Administration and IT Support program.

The Industry

I'd like to start off by saying right now is a very odd and difficult time to be looking for a job in tech. I had been passively looking for newer roles out of curiosity but I'm probably going to hunker down for a while. Layoffs are everywhere and in every industry. We are in a weird spot economically. Unemployment remains low, but inflation is high and people are realizing their buying power has diminished greatly. I work for a F500 company and have many contacts in tech and the overall tone is that companies are kind of tightening the latches. If a position is open - it gets removed or put on hold and a lot of money for new projects has seemingly been slashed. I will not mince words for you all - it's difficult. This past month I've seen more layoff and looking for work posts on LinkedIn than I ever have in my entire career. A few years ago applying for roles was like shooting fish in a barrel for me. I had people non-stop reaching out asking me if I wanted to interview with them. Fast forward to now and it's crickets. I've been actually ghosted by a few recruiters because they just don't have anything and I'm a Senior Security Engineer with 8 years of experience + a CISSP and degrees. So if you're out there struggling - it's most likely not your fault.

Success Stories

Now onto some unlikely but very welcome success stories from students. I saw a few of my AAS students recently got placed in SOC Analyst positions with NO prior tech experience or knowledge other than our AAS program. To be honest, this is quite rare because as many here are aware - security positions aren't necessarily entry-level tech positions. Most of our students start in Support Analyst or Help Desk type roles but a lucky few beat the odds. What I noticed differently about these students is the following:

• They all attended and were heavily involved in CCDC (Official college activity but not required - volunteer).
• A few of them were very active with TryHackMe (not required or part of our coursework)
• A few of them actually went at sat for the Security+ (The Security+ class is required but getting the cert is not).
• All of these students asked questions during and even outside of class.
• All of these students were very personable and approachable. You don't have to be a total extroverted socialite but being able to communicate with people and just overall be approachable goes so far.
• These students were humble and knew what they did not know. They were also not afraid to say they were wrong or just say that they didn't understand something.

Failures / Lessons to Learn

I really need to preface this with: these particular students are NOT entirely failures and are NOT bad people. I just observe that there are some notably different behaviors and actions taken between students who immediately got jobs and those who didn't. Now obviously this is all anecdotal and some people may have connections or family and there are so many other variables. However, contrasting the first list, I saw some patterns that emerged.

• Unwilling to put in effort outside of class. Whether this was simply asking questions or being involved in activities like the CCDC - most students simply do the minimum and this is a reality of most community colleges and that's okay. Just understand that other students are doing a lot more than you so you better make up for it.
• Unprofessional demeanor - as an instructor I'm not your colleague and I'm not really your boss. You pay money to learn from me. However, showing up late, swearing a lot, interrupting me, and just overall not being respectful tells me you probably take this behavior outside of the classroom. Treat college like your job because for a lot of students - it kind of is (at least temporarily).
• Arrogance - my least favorite and probably the most unattractive to any potential employer. If you don't know something, that's okay. However, if you don't know something and instead try to convince someone you know it - that's just dumb.
• Do not lie or resume fluff. If you took a CCNA class and list that as a course on your resume that is OKAY. If you took a CCNA class but did not pass or even sit for the exam - do not put CCNA on your resume or LinkedIn. I see it on LinkedIn and resumes where people list a smorgasbord of certifications that they don't have. They took a udemy or college course for that cert but never sat for it. Having the certifications and going through the coursework are very different. If a company cares about that cert we will ask for your ID and verification - it will not end well.
• Do not give yourself a job title on LinkedIn if you do not have that job. When people like me and hiring managers see that - we skip. It is okay to say you are open for a position of a certain type or looking for a "SOC Analyst" role but do not give yourself a title.
• Present a unified and professional image. Get a good professional picture for yourself on LinkedIn, don't trash talk people or employers. Do not share personal channels of social media unless you are okay with the world seeing your life. Discord and Insta have been notorious places where students share stuff that is way way NSFW even though they advertise these on their college contacts. Make your profiles private - honestly.
• Be nice to your instructor(s) - I work a full-time job and I understand it's frustrating to get adjuncts but without me this class wouldn't exist. I also happen to have a lot of contacts and know people. If you're cool to me and treat me like human being - odds are I will gladly help you when asked.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/WashingtonPass on 2023-08-28 18:30:38+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/LuckyAd4953 on 2023-08-28 17:13:55+00:00.

User clicked a phishing email and emails went out to all of her contacts. We reset her password, reset her MFA, and the user received a new computer. This all happened Friday.

User called the helpdesk (I sometimes pick those calls up) stating that none of her emails are appearing. After a quick search I discovered all emails were being forwarded to her RSS feed and therefore she was not notified. Thinking this was just some weird quirk with her new computer, I cleared the rules, and it fixed the problem. AS SOON as I did this, she goes "oh ya [your boss] told me to look to see if there's any rules and not to touch them until he looks". I get that I screwed up and made that mistake of clearing this right after she was phished... but man, her telling me the second after I cleared it really irked me.

I'm sitting here trying to resolve this. Is there a way to recover these rules? im thinking we can go into her old computer (which has been off since friday) and grab the PST files - they should be there cause it was offline when I did this.

Also - why would they forward them to the RSS to begin with? my system admin thinks it's because they didn't want the user ro receive a bunch of emails stating she sent a phishing email out. How big of a deal is it that I deleted these? my boss is traveling right now so I can't tell him for a few hours.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Mindless_IT_Pesant on 2023-08-28 16:45:45+00:00.

Been doing some reading on HTML smuggling () .

trying to figure out how to implement HTML/HTM blocking (we are using Mimecast) to block attachments but not "in line" HTML sections of emails and emails signatures?

Obviously HTML files are extremely high risk, but how do you implement this without causing major disruptions to business email?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/fredagsguf on 2023-08-28 15:33:09+00:00.

Hi everyone,

I'm currently in a position where see a lot of flaws inside our company.

However each time I've tried to point them out or let the security team know they exist, I always feel like i'm saying it's their fault or that they should fix it immediatly.. which is not what i'm trying to do.

How do i come up with something concrete and useful for the security team, like what is the best way?

Reports? documents? detailed explanation of the situation?

I would like to be a teamplayer rather than a enemy for the security team.

and if a little noticing comes with it, i'll take it gladly :D

This is an automated archive.

The original was posted on /r/cybersecurity by /u/TheDFIRReport on 2023-08-28 15:18:09+00:00.

In this case a threat actor delivered a password protected ZIP file via HTML smuggling. Within the password protected ZIP file, there was an ISO file that deployed IcedID which led to the use of Cobalt Strike. Nokoyawa ransomware was deployed domain wide within 12 hours of initial access.

Report:

This is an automated archive.

The original was posted on /r/cybersecurity by /u/QuestionFreak on 2023-08-28 14:58:32+00:00.

Has anyone implemented the following GPO in your infrastructure? If yes, could you please inform me if you took any backups before making the mentioned changes? Also, I'm concerned about potential issues with the domain controller.

should I copy the ADMX files to one of the domain controllers, or can I copy them to any member server which I use to administer GPO settings for the domain using Group Policy Management Console.

Could you advise on the best practices for rolling back these changes if needed?

Your assistance in this matter would be greatly appreciated.

Option 2: UAC Token-Filtering

An additional control that can be enforced via GPO pertains to the usage of local accounts for remote administration and connectivity via a network logon. If the full scope of permissions (referenced above) cannot be implemented in a short timeframe, consider applying the UAC token-filtering method to local accounts for network-based logons.

To leverage this configuration via a GPO setting:

Download the Security Compliance Toolkit () to utilize the “MS Security Guide” ADMX and ADML files.

Once downloaded, the "SecGuide.admx" and "SecGuide.adml" files must be copied to the “\Windows\PolicyDefinitions” and “\Windows\PolicyDefinitions\en-US” directories respectively.

If a Centralized GPO store is configured for the domain, copy the “PolicyDefinitions” folder to the “C:\Windows\SYSVOL\sysvol\Policies” folder.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/KolideKenny on 2023-08-28 14:19:37+00:00.