If I encrypt my hard drive, are mounted encrypted partitions ever harder to read by hackers over a network by a system which has direct access to those partitions, or is the encryption abstraction layer readability by user processes absolute across the system. I wouldn’t think it’d make a difference, but I’m not sure.

I’m currently working as a security engineer in an AppSec team. Don’t get me wrong, I like the job I do, but I feel like trying out new experiences in other companies or even starting one myself one day.

One issue I have when applying for other AppSec/security engineer or product security jobs I find interesting is that I don’t really have any other certifications that can be seen as interesting or that make me stand out. I have seen, however, some weird job descriptions for AppSec that list OSCP as a nice to have. My opinion on OSCP is that it’s a nice certification, but I feel like its contents are not really connected to AppSec or even applicable as more and more companies move to a cloud infrastructure.

This being, my question is: do you guys think that OSCP is elevant for AppSec related jobs? If not, what can I do to differentiate myself from other candidates?

My background: I have some offsec knowledge, as I worked as a pentester for a couple of years. I’ve been on AppSec and security engineering for 5 yrs now. I code mostly in go and python, but I know my way around in Java and some other languages due to so many code reviews 😅

Is it safe to use Shodan just by going to google without any time of security?

The built-in sslstripping feature (http.proxy.sslstrip) in bettercap is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are not HSTS preloaded https://hstspreload.org/?domain=cygwin.com https://hstspreload.org/?domain=winzip.com.

I am using bettercap v2.32.0 (built for linux amd64 with go1.21.0)

my os is

```

Distributor ID: Kali

Description: Kali GNU/Linux Rolling

Release: 2024.1

Codename: kali-rolling

x86_64

```

I am using --caplet script.cap as a command line argument

script.cap contains:

```

net.probe on

set http.proxy.sslstrip true

http.proxy on

set arp.spoof.fullduplex true

set arp.spoof.targets 192.168.0.100

set net.sniff.local true

arp.spoof on

net.sniff on

```

Full Debug output: https://pastebin.com/qZF21fdY

Steps to Reproduce

Run the script.cap provided above make sure to change the IP address accordingly

Go into an HTTPS website on the victim machine

Expected behavior:

Successfully ARP spoof the victim

Successfully sniff data from http websites

Successfully downgrade HTTPS into HTTP

When downgraded successfully sniff data from HTTPS websites

Actual behavior:

Successfully ARP spoofed the victim

Successfully sniffed data from http websites

Couldn't downgrade HTTPS into HTTP (loads as HTTPS)

Since I could not downgrade HTTPS I was not able to sniff any data from HTTPS websites

--

Now as I final note I want to add my own interpretation of this; Generally when bettercap detects HTTPS websites while running SSLstrip it logs something like spoofing the domain or HTTPS detected downgrading etc. but in this instance it is not so maybe this is a bug where it is not correctly detecting HTTPS pages therefore not even trying to downgrade them???

BTW ofcourse I cleared all the web browser cache, I tried both chrome and edge, also I disabled secure DNS on both.

Hardening up our group policy. What are your recommended Kerberos user/service ticket lifetime values for a more secure environment and why?

Yes its AD so secure is not a thing, I'm not ignorant to that.

​

Group Policy Settings:

• Computer Configuration\Policies\Windows Settings\Security Settings\Account Policy\Kerberos Policy\Maximum lifetime for user ticket
• Computer Configuration\Policies\Windows Settings\Security Settings\Account Policy\Kerberos Policy\Maximum lifetime for service ticket

​

I am able to block the IP address for failed attempts detected by the failregex. However, I want to block the further request which contain an email address which should be detected by the failregex. I am able to block the requests manually by setting up the firewall rules using iptables. But not sure how to filter out the email address and pass it on to actionban to block further via fail2ban.

I tried setting up various configurations, such as failure-id. But instead fai2ban passed the failure-id as an IP address. Further tried using the configuration is not detecting the failed attempts and also I am not aware how can this detected email can be passed t block the requests.

We have been having the same discussion for a few years where I work. I was in charge of patch management for all workstations and the server team for servers.

The tool that was in place when i arrived is horrendous. We've had a lot of issues with it and the software support is about garbage.

Over the last few years, I've POC'd a few different tools and in the end, we (security team, myself, my boss at the time) all really liked one tool particularly.

Since we are an Intune shop, we use Microsoft's Autopatching and app management for all windows and office patches. After trialing PatchMyPC, we felt it delivered on everything we needed for 3rd party patching.

Years end comes around, budget was made and like all the previous years, talk comes up about a unified management system for workstations, servers and other devices. So for another year, we're stuck with a multiple point failure of a system. Some people want the magic bullet all in one to do everything. My argument is workstations and servers should be managed separately. This is based off previous experience where another job we used SCCM. When that went down forever how long it was, we couldn't manage workstations or servers.

The patchMyPC is actually cheaper for the enterprise license than what our current 3rd party system is by about $20k. I don't want it as "another tool" but as an addon that is heavily touted as a great experience by those who use Intune. Seems everyone is pushing PMC for 3rd party patching.

​

So the question is, iit better to have a unified system, that may require more workload to manage hardware, software, patching? Or would it be better for two separate systems that does it?

​

Since switching to Intune, we've been able to patch our workstations to roughly 85-90% complete in 7-10 business days. That's roughly 3,000 computers. And we're adding another few hundred each month as new locations open up. Previously, we would be lucky to get to 75-80% during the same time frame due to multiple fail points that were always failing.

​

Hey guys! I am urgently looking for alternative or Truecaller, basically a service that extracts information about the use from his phone number. If you have any suggestions, please help! Thank you!

Sort of new to the entire cyber thing but to set the scene - I work for an insurance company and got a call about how one of our insured is saying that my company's been contacting them about a claim they're entitled to but their claim number doesn't exist. Caller forwarded a pdf file with relevant information about the claim they're entitled to including names from people in our company so it looks pretty legit and boss wanted me to look into it. I'm confused as to how to proceed because is this even a security issue? Crowdsourcing ideas on how to proceed with this one.

Hi,

Recently got a report that if an attacker has local root access to a system then they can do a memory dump of an app and find the login details (user/password) used to login to that app.

Given that this exploit pre-supposes that an attacker already has root local access which it requires to perform the exploit, should this even be considered an exploit? It has a CSSV of 3.7 on the CCSV version 3. , but appears to be just 1.2 on the CCSV version 4.0 scale.

What's your guys opinion on "exploits" that pre-suppose a user has root local access? what's the typical way of evaluating these?

[FW] IPTABLES [Pkt_Illegal] entries in Firewall Log CR1000A router

I am currently studying for the CompTIA A+ and Network+, and I decided to checkout my router thoroughly. I viewed the firewall log and was shocked to notice entries dating as far back as the logs were created back on March 31, 2024, every 3 minutes or so a new entry is created.
I have spent the past days trying to figure out why I am getting these log entries on my CR1000A. I have contacted Verizon to no avail; I was told they do not have access to the router and cannot view the logs due to "very sensitive data". I call complete BS but now we're here. The logs appear as follows:

[FW] IPTABLES [Pkt_Illegal] IN=eth1 OUT= MAC=78:67:0e:XX:XX:XX:00:31:46:XX:XX:XX:08:00 SRC=159.192.104.79 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=236 DF PROTO=TCP SPT=12515 DPT=37663 WINDOW=0 RES=0x00 URG ACK PSH RST SYN FIN URGP=26852

There are also entries of internal devices attempting to connect externally as well:

[FW] IPTABLES [Pkt_Illegal] IN=br-lan OUT=eth1 MAC=78:67:0e:XX:XX:XX:c8:d3:ff:XX:XX:XX:08:00 SRC=192.168.1.235 DST=50.19.144.248 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=14055 DF PROTO=TCP SPT=11741 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 MARK=0x262

I have no port forwarding rules set and no static IPs listed. I do however still have upnp enabled. I'm going to disable that tomorrow when the internet is t being used for telework.

If anyone can assist it will be greatly appreciated. I will respond as soon as humanly possible.

Hi,

I'm using safing portmaster on vanillaos, liking it very much so far (is there anything better/more secure? ).

I default deny everything and allow only http, https, dns, dns over tls and openvpn both outgoing and incoming, is that the correct way to do it? or should i just allow outgoing traffic?

Thanks for any help

My employer has been less than helpful when it comes to employee training over the past several years. Every year I submit a request that I expect will be refused, and this year I was thinking about web application security.

What sort of training do you wish you had from your employer? Anything but sans training because that will be auto declined.

Bonus points if it helps me develop my bug bounty side hustle.

Already paying for hackthebox academy

Hey everyone,

I'm trying to get a better understanding of the CVEProject/cvelistV5 repository on GitHub: https://github.com/CVEProject/cvelistV5. Could anyone explain how it operates behind the scenes? Specifically, I'm curious about who is responsible for publishing and updating CVEs, and whether it provide an API that allows fetching the latest CVEs published every 24 hours.

I've already managed to get the latest CVEs with a simple Python script using the deltaLog.json file in the repo, but I'm wondering if there's a more streamlined API available. I prefer not using the NVD API because the CVE list provides more detailed information about product names, versions, etc.

Thanks for your help!

Hello,

I have the pleasure to be teaching students about malware in a short workshop. The students have some computer science skills, but they're not yet able to program or read code. I'd love to present a practical example of malware. My idea would be to set up a VM and infect it with WannaCry, Petya/NotPetya or a similar malware. Then I'd analyse the situation and explain how to act in such a case. Finally, I'd like to decrypt the data again.

Does anyone know of any ready-made VMs or good instructions for creating one? I'd love to hear your thoughts on the idea and any suggestions for improvement and alternatives.

Thanks!

Hey everyone!

I was wondering if there is a platform or a tool that can help in terms of password and account management and safety for my team? We are a team of 12 people and I dont want to change passwords and manually clean up all platforms and accounts we use anytime anyone wants to leave. Is there a platform where I can bulk change passwords and remove accounts? It should have the concept that when i change the passwords on this software the passwords change on all accounts and platforms. For example if I have canva, github, AWS, google, google ads, facebook - if i edit the passwords on this tool the password changes across all these websites and tools without me having to individually login to each and change them too. Does that make sense? are there any relevant softwares or sites like that? In a sense a corporate management software. please help!!!

The two tools that have had some renown in the past, powersploit & powershell empire, have both been deprecated. What are some reliable tools that you guys use and recommend?

Hello, I have a question

I need to connect to the internet network at our school. Before the pandemic I was able to connect to the network with vpn, but now I cannot connect to the network no matter how many different vpns I try.

I checked a few internet forums and found out that the Ministry says I need to download their CA certificate

When I was downloading the certificate, I saw that it said "The issuer of this certificate can inspect all traffic to and from your device" and I got a little nervous

Is this thing safe? excuse my ignorance

I was watching a YT short when i came across this video where the person showed a firewall called little snitch but it is only available on mac. I want the same for windows where i can visually see where exactly is my data going on a map. This will help me make sure that i am not connected to a unknown server that could be collecting my data.

Do you guys know about any such software?

[image.png](https://postimg.cc/FfTg139y)

Hi, i just got hired in cybersecurity and was tasked with setting up the scheduled external scans of the vulnerability scanner. The issue is that the list of public facing IPs are incomplete for the firms we are working with and i have to find out what they are. My senior mentioned i could use Connectwise automate to find out but only see router IP addresses. I did cross reference it to the IPs provided which they got from the Meraki portal and are different. Thanks in advance!

https://github.com/positive-intentions/chat

i am working on a chat app so it's important for it to be as secure as possible. i have a proof-of-concept that is working as described in a previous post here.

i have open sourced it, but it is still obsured by complexity. my existing documentation needs to be updated so id like to know from a netsec perspective, what details i should document to make it more clear for the security conscious?

id like to create some github project issues based on the feedback.

Malware that disables EDR or AV. In the attack chain - is this an example of "Execution" or "Evasion"?

Hello Everyone ,

We are in n the process of selecting a vendor for Vulnerability Assessment and Penetration Testing of our web applications and APIs. We have a few questions that we'd like to get the community's input on before making a decision:

Do you typically ask potential VAPT vendors about the specific tools they plan to use in their technical proposal? If so, what are some key tools we should expect them to mention?

Between white-box, grey-box, and black-box testing, which do you find most effective for web applications and APIs?

Is it better to have the VAPT vendor conduct tests on-site or remotely? What are the security implications of each approach?

Thanks in advance

Is it good to use GitHub copilot for corporate development? We performed the basic risk assessment of GitHub Copilot and the result did not come out with any discrepancies. But checking on forums on the internet few of the companies do not allow the use of GitHub copilot assuming it is an AI tool and it might steal user data or the enterprise code. What is your thought on it?

64 character length hexadecimal "password", or 63 ASCII characters that can use more variation than hex. (Special characters, big and small alphabetic letters etc)

Hi everyone!

I'm currently working on a project titled "Implementation of a Vulnerability Management Solution." I write a Python script to extract CVEs and filter them based on specific products, then saving the data in CSV format. Additionally, I've set up Elasticsearch and Kibana on my machine.

I'm considering using the Eland API to integrate my script with Elasticsearch. The goal is to leverage Elasticsearch for analyzing data, and for product comparison and filtering... Are there any alternative approaches or enhancements you could suggest?

Also, I'm fairly new to Elasticsearch and would appreciate any advice on how to enhance this project or implement new features.

Thanks in advance for your help!

Hello Friends,

We often read about incidents where threat actors exploit unpatched vulnerabilities in VPN servers and acquire VPN credentials through phishing emails with malicious attachments or social engineering.

However, I'm trying to deepen my understanding of what happens after they gain access to a victim's VPN.

Once inside the network via VPN, how do attackers typically move laterally to access other systems? How do attackers manage to access internal servers via SSH or RDP? I'm curious how they discover server IPs and how they obtain credentials to access these servers.

I'm looking to get a clearer picture to better understand the security measures that can be implemented to prevent and improve our org security posture.

Thank you and have a nice day.

I’ve been on the hunt for a new job and have had two interviews so far for cybersecurity analyst/engineer roles. I have a few years of experience out of college and it’s been awhile since I’ve had an interview. I thought I was well prepared but the technical questions were extremely basic, and I ended up not remembering most of them! A lot of them were things I had learned in the past but it’s been years since I’ve recalled them. So now my main goal besides applying is studying, but in have a hard time trying to figure out what to study! I’ve got the basics on my flash cards: OWASP top 10, any possible questions about the OSI model, http response codes, common port numbers. These were all questions I was asked and I felt so dumb! I vaguely remembered learning them but I never fully memorized them. I was more prepared for advanced questions. So I clearly need to go back to the basics! Does anyone recommend any subjects to study?

I have been reading a bit about WPA3 in general, but i am still a bit confused about SAE like iin genral https://vulnerx.com/wpa3-sae-protocol-forward-secrecy/ what big diffrernece it adds from 4-way in WPA2?

I hold my OSCP, BA in Cybsecurity and a few other certifications. I am new to penetration testing. Is it possible to run your own small business as a penetration tester and survive only working 25 hours a week or so?

If not as a pen tester, what cybersecurity roles MIGHT this be possible for?

I have major depression and it fucks with my ability to work. Just trying to figure something out in my personal life. My ultimate goal is to start my own business or some sort, but it’s just a dream at the moment.

Any thoughts or advice would be very appreciated.