Diesl



























  1. It was fun while it lasted Roy

  2. I'm also planning to do a masters in cybersecurity and would probably give OSCP does this help me land that job as a fresher?

  3. It definitely wont hurt, but how much edge it gives could be up for debate

  4. An associates shouldn’t limit your initial prospects but it could limit them down the road if you wanted to become like a manager. For now though, I would say the degree would be as impactful as a bachelors to most hiring teams for any roles you look at.

  5. Why not leverage security groups for controlling who can reach the AWS instance? Allow your companies IP inbound over whatever port you want and then boom, no need for a bastion and they can still scan outbound

  6. Now, how many times has the NSA hoarded 0 days of Cisco, Microsoft, Apple, etc.? Are they also complicit? Because nobody in the world was or is able to match their use of those "security flaws".

  7. You're trying to draw a parallel between the US gov and Russian gov and it's a false dichotomy

  8. Why? Both are governments. Both are waging wars in other countries. Both are using their full arsenal to project and maintain influence, be it officially or in some pretty dirty ways.

  9. Its less about how much time is needed in blue team and more about how much time you spend currently doing things like pentesting. If you can finagle it somehow into your current role, youll probably hear more callbacks. No one wants to spend time training other people unfortunately so youre stuck in a shitty position.

  10. That article is pretty tenuous. Their main argument is 1) that Radio Free Asia gave Signal the initial seed money and 2) that FANG companies back it and they hate privacy so why would they support this. But those same FANG companies have gotten into very public spats with the government over refusing to weaken their own encryption so I dont think the second point holds up and the first point could just be that the government wants a new method for secure communication. They made TOR after all, and the encryption there isnt weak.

  11. Regulatory and law compliance comes down to policies, not a simple tool. OneTrust is a pretty popular GRC tool for instance but how its used is as a compliment to company policy. For example, by hosting the software and vendor approval process in there. Define strong policies that comply with the regulatory body youre in.

  12. So, I'm a sophomore in highschool, and I don't want to get the wrong impression of cybersecurity, but I've always been interested in the field. I barely understand much, but I want to be a part of it. I've always had the dream of being a penetration tester, but from what I know that's closer to freelance work, but it's still an open option.

  13. You can totally be a pentester for a company in a normal role! A lot of security teams will have some compliance requirement that their companies applications and network are tested so you can quickly find a niche doing that.

  14. Its akin to Backstab but less efficient

  15. Theres plenty of evidence that this happened

  16. Im sorry that youre not interested in reading the investigative journalism that went into discovering it. The TLDR is Kaspersky admitted that they were used to access an NSA contractors computer by Russia. Israel uncovered this while breaking into Kaspersky. Pretty simple.

  17. Browser passwords are generally easier to exfiltrate data from than 3rd party tools. Mimikatz is one example of a tool to achieve this.

  18. Firefox, if you use a master password, has the same level of protection of your data that a password safe like keepass would provide.

  19. So make the author create a GitHub account and then give him access? You know that KeePass doesn't even have a public repo, because the author doesn't want to use GitHub etc.? The source code is always released as a zip file. That's why community creates and maintains a mirror separately.

  20. “Make the author” - its not a difficult thing to do and would aid the community

  21. Are you sure the PoC author could have done something differently? What would you suggest?

  22. You can make projects private to you and whomever you share it with which would solve this issue

  23. You may enjoy knowing Tanner Haas from Converso also made this

  24. Black listing IPs is an always losing game of whack a mole.

  25. I always used fail2ban, then had a script parse the log and add it to a permanent drop list for my firewall.

  26. In the age of constantly rotating IP's, that's probably a bad idea. You'll eventually wind up in this persons position where you have banned a legitimate service.

  27. the issue is comms tools interpreting .zip as a tld and automatically linking staff.zip to

  28. That didnt happen in the linked article though did it?

  29. You're coming up with increasingly unlikely scenarios to make this seem like more of an issue. In your above scenario, wouldn't you link them the whole file path? And if it's on the share, why have it in a zip? Just hold all the files in the directory.

  30. I've explained why these are non issues in the context of a domain ending in .zip. Outlook doesn't auto format it into a domain, you shouldn't have it set to auto open downloaded zip files, and really the only time you should mention a zip file is in the context of one you have linked in the email. Such as with a new hire with relevant documentation:

  31. To be honest, I don't know, but is what the client requires.

  32. Why are spam emails analyzed? It shouldnt take an analyst more than a glance to recognize its spam and move on.

  33. Will Krebs issue an apology or acknowledgement he, at best, mislead the community about this?

  34. https://krebsonsecurity.com/2022/08/final-thoughts-on-ubiquiti/

  35. Oh, fair enough then. I missed this update, thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Author: admin