cybersecurity

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Apocrypha667 on 2023-08-28 14:11:10+00:00.

To the CS professionals: If you had to carry around a USB stick keychain, what would it be on it?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/apainfulpilgrimage on 2023-08-28 13:43:26+00:00.

I have a job and they basically let me do whatever i want, but i bring results and save their a**es many times. However, i feel im underpaid and with the current economic situation, and the way pay raises work, i cannot fight it. I want to make a move to another company, but im petrified of losing my “liberty” and flexibility i have. I make a below 150000 not in a coast city. And i have 5+ years of IT exp (cybersec and web dev). Any suggestions on whats the move? Im mostly technical and i doubt i ll get a 20000 raise from moving upwards in any capacity.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/jbmos33 on 2023-08-28 13:34:03+00:00.

I sit on a technical advisory committee for a public school system.

We finally got them to rollout MFA with their Google Accounts.

Some teachers have balked at implementing MFA on their personal cell phones.

Are there any solutions to implement MFA that are free for public instituations?

The schools got nothing for a budget.

Over 3600 employees.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Hefty_Meringue8694 on 2023-08-28 12:58:54+00:00.

2 months ago, my boss and his boss came up to me stating they want me to get the CISSP so I can be promoted in September. I studied for 4-8 hours a day for 4 weeks straight and passed the CISSP.

I ask what the situation is looking like and they stated, “we had some things come up, your raise and promotion won’t be available until next year.” They’ve added the responsibilities already to my role with a verbal promotion when end of year reviews happen. They also told me, “don’t go waiving your CISSP around to other companies, we want you here.”

On top of this, I’m supposed to get a few thousand bucks in a bonus and they’re dragging feet getting that done as well.

One of the reasons I got this gig was due to the potential of moving up in the company and it seemed promising. The company is pretty stingy on raises, I don’t see myself getting more than a $15k bump in 6 months and I know I can get more elsewhere. I have 7 years experience with a master’s in cyber and now a CISSP.

Does this group think I should stay put and be patient or start throwing my application to places. I’ve been a cyber analyst for a while and want to start cracking into the management side.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Background-Touch-744 on 2023-08-28 12:54:15+00:00.

When you installed kali linux I'm curious what tools you first installed? What are some must have tools you can't live without? Yes, I know most apps/tools are built in but curious what additional tools you installed

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Iwnllmao on 2023-08-28 12:14:33+00:00.

Hello everyone.

So I’m kinda in an awkward position. I am a newly appointed (2 weeks in) intern in a software company, which does not have a specific security department or full-time security employee. I have been hired on a 10 weeks internship to look at IT security on a broad scale within the company.

The internship is a part of my IT security education, which only lasts 1.5 years, where the last half year is the internship and final project. I would say I’m pretty unexperienced in the field, and “only” have the 1 year of education under my belt, which I think is a decent foundation to have, but I just feel like the “real world” is something else.

In these 2 weeks, I have been looking at their GDPR and running some vulnerability tests on both their internal and external IP’s. As far as their GDPR compliance, it looks good from my perspective, as they have good and relevant security measures in place, and processes data in a good matter.

And in my vulnerability scans, I have not found anything major – I used nmap and nessus. Which I guess is good for the company? But then again, I’m just doing basic scans and not anything complicated I would assume.

Present day, I have just finished bringing up awareness (by mail) about some employees not locking their screens/computers when leaving their desks. I wrote this in a “playful” manner, but also bringing up the importance of it and also mentioning the security/risk factor.

But now, I really don’t know what to do really. I have tried to research a lot of different things to look at but have not really found anything where I thought: I could give this a go.

Have any of you had some similar experience like this, or have any tips or things I could do? Would much appreciate it! :)

This is an automated archive.

The original was posted on /r/cybersecurity by /u/TheDFIRReport on 2023-08-28 11:34:53+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/hubbyofhoarder on 2023-08-28 11:32:36+00:00.

Lately I've seen an uptick in attempted ACH and direct deposit fraud attempts aimed at my company. When folks in our AP or payroll functions receive those attempts they report them to my team. We engage with the would be scammer and get the target account information. Once we have the routing/account number, we report to the target bank. Our goal is pretty simple: to make attempting to defraud us just a little bit of a pain in the ass.

Once we report the account to the bank, we also re-engage with the scammer saying that we've made the change. However, in the change confirmation email, we always change a few digits in the routing and account numbers, if only to further make interacting with us annoying. We're not really fighting crime or anything, just hopefully making us a less attractive target. I also share the interactions with the AP/payroll teams to spread the amusement/love and encourage continued reporting.

90% of the time, the target bank is Green Dot bank. We engage with GD's fraud dept, and from what they tell us, they close those accounts as being involved in fraud.

While engaging in this effort over the last couple of months, I also have seen a few articles like this:

I can't help think that the customer account woes and the fraud attempts are somehow related.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/B6-- on 2023-08-28 11:00:53+00:00.

Hi everyone I have made a simple tool to analyze pcap files but it wasn't really doing anything but calculating mean values of IP addresses and ports and then sending the IP address results to virustotal API. Now I added some features can you consider looking and giving me some feedback?

Here is the GitHub link

This is an automated archive.

The original was posted on /r/cybersecurity by /u/aeth3rz on 2023-08-28 08:53:14+00:00.

Hi experts,

New to this field, I understand that it would be best to scan every devices in the network.

For a huge enterprise environment, what would be your approach in scanning WLCs and APs considering the fact that they are all centrally managed and updated if I am not wrong.

Is it sufficient to perform sample scans on different AP every month? What is the risk for this approach?

How to be certain of the uniformity of configuration across all APs?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/talentSA112200 on 2023-08-28 09:15:34+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/DuePraline3880 on 2023-08-28 08:11:27+00:00.

For those of you who work in Vulnerability Management. How much of a pain, if at all, is setting up a virtual scanner and corresponding segmentation firewall policy to run the scanner effectively?

Would it not be easier if the scanner were embedded in the firewall? Are there any pitfalls in doing so?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Ill-Arm-5597 on 2023-08-28 06:31:10+00:00.

I work as a cybersecurity developer. In my company, I've developed a Web Application Firewall (WAF). My daily task involves monitoring and blocking malicious IP addresses, which can be quite dull. On the side, I'm also interested in ethical hacking, where I test the security of the applications I use without proper authorization. I've successfully identified vulnerabilities in about twenty instances, including accessing sensitive data of millions of people.

Most companies don't have a formal vulnerability reporting program (Security Response Center), so I often reach out to them directly. They are usually willing to hear about the vulnerabilities I found and sometimes even reward me with a bounty. However, from what I understand, these actions could potentially be considered illegal if pursued seriously. This realization has made me uneasy, so I've decided not to continue down this path.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/rvilladiego on 2023-08-28 03:25:37+00:00.

Lockbit Black code was leaked in September 2022. We have recently seen an increased number of ransomware variants based on the original Lockbit code and TTPs. However, one particular novelty of the most recent variants is including a 'camouflage' technique to maintain persistence.

The threat actor utilizes multiple commercial VPN services to occult their actions. As a result, the direct connections observed to the identified vulnerable paths can be attributed to the VPN infrastructure employed by the attacker. This deliberate use of VPNs helps mask their true identity and location, making it more challenging to trace their activities back to their original source.

By utilizing this configuration, the attacker gains the ability to execute commands on their own machine and subsequently propagate throughout the victim’s network enabling a transparent lateral movement. The attacker employs powerful tools such as Mimikatz and Cobalt Strike to assume control of the domain controller. They initiate the final encryption phase through the compromised DC by establishing cascading RDP connections.

Some IOCs identified as C&C of a variant named COPODE 1.0 are:

194.32.120.221

43.130.75.191

45.86.200.81

194.32.120.24

Stay vigilant!

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Icy-Avocado-1634 on 2023-08-28 02:49:44+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/AutoModerator on 2023-08-28 00:00:19+00:00.

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!

Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Shields0001 on 2023-08-27 22:24:46+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/ladynerd_nz on 2023-08-27 21:42:36+00:00.

Hey everyone - I'm running a free appsec program - One Hour App Sec, for all teams worldwide and would love for you to join. We aim to help teams everywhere do 1 hour of application security every sprint. (no cost, tricks or gimmicks - promise)

Every 2 weeks we send you the following:

• Tips and tutorials to build security foundations for your projects (using open-source and free tools)
• Templates to get you started
• Videos and watch-alongs to see how things work

You can sign up and find out more (including links to previous sprints) at  https://onehourappsec.com

This is an automated archive.

The original was posted on /r/cybersecurity by /u/octacoy on 2023-08-27 20:29:16+00:00.

"Cyber Deception solutions can detect threat actors early and provide a new layer of defense", or so they say. These projects and products claim to be able to deploy decoy devices on your network which effectively identify threats before its too late.

To determine if these types of claims are legit, I've setup a CTF called The Cave Trials. It's equipped with Octacoy, my new cyber deception product, and I'm curious to see what percent of attacks it can detect.

The Cave Trials - An Octacoy Experiment

What are your thoughts on Cyber Deception, or decoys and honeypots in general? Do you have any experience with this?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Durex_Buster on 2023-08-27 17:59:29+00:00.

I'm employed at a MSP SOC that solely relies on an ELK-based SIEM tool and logs with no access to any other resources, is this normal for SOC?

This is an automated archive.

The original was posted on /r/cybersecurity by /u/EffortOk98 on 2023-08-27 16:57:47+00:00.

I have always wanted to share my knowledge and experience on my path of being a soc analyst. And some cons or tips in general. Basically , just wanting to share my experience. Is it worth it?

I suck with video editing and not the best with words. I always like talking but not sure what's the best platform to do this kind of stuff? Or would people even be interested in it.

I am no expert soc analyst but I have always like to guide or help out newbies in this field. What do you guys think would be the best way to do this or should I just discard this idea? Thanks.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/TheClassics on 2023-08-27 15:16:25+00:00.

Hey all! Long time lurker, first time poster.

I'm in my late 30s and attempting to switch careers and get into cybersecurity. I'm fully aware I'll probably wind up at a help desk for a year or two and that's ok! So please don't be negative to me about wanting to work in cybersecurity.

I'm finishing up a bootcamp at KU next week and our final project is coming due. We were asked to present a tool not covered in class or make one ourselves.

Making a tool from scratch was not in the scope of what we learned in class, but I've been obsessed with everything I'm learning and spend countless hours a week teaching myself things that aren't covered in class.

I've taught myself bash scripting and python3 at an intermediate level so I figured I'd do something with one of those skills.

I know there are awesome enumeration scripts already out there, but wanted to get a better understanding of what enumeration is by writing my own script.

I was hoping some of you could take a look at it and get some feedback before I turn this in.

I really appreciate anyone who takes time out of their day for this.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Puddile on 2023-08-27 14:58:03+00:00.

Hi everyone,

Thank you for clicking and reading if you.

Was curious if anyone could share their experiences using EMS+E5.

Currently wanting to use it for 100 employees, for general maleware and threat protection on company devices.

Also know it comes with Intune which we want to use for monitoring devices and can see apps downloaded on the devices.

So far the set up seems automatic does anyone have experience with that?

Was told by Microsoft support person this fits and is useful for our requirements.

Thank you again.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/Ano_F on 2023-08-27 11:50:39+00:00.

This is an automated archive.

The original was posted on /r/cybersecurity by /u/rached2023 on 2023-08-27 10:34:17+00:00.

I'm working on a project named "Threat Intelligence Feed Dashboard: An application that can provide a seamless dashboard to visualize and analyze the indicators of potential cyber threats obtained from various threat intelligence feeds."

I'm leveraging OpenCTI and tailor it to my needs, including potential customization of the front-end interface and integration of various modules like MISP and others.

Curious to hear your thoughts! Does anyone here have experience with a similar project?