I’m just wondering how I can transition my career while also feeling like I’m not wasting my time OR going to be responsible for the inevitable breech where I will be held responsible, or at least unable to fix the problem.

We use a 3rd party SOC for our infosec/monitoring, they want to install this Velociraptor agent on all servers/endpoints, we're 99% RHEL based Linux for servers, SELinux enabled on all.

But if this tool if ever hijacked(supply chain attack? It happened to Kaspersky), it has unfettered remote code execution against all servers with root/admin privileges, with a nice little GUI to make it even easier for the attacker. I remember back in the day of ms08_067_netapi, it was the exploit to use when giving a demo of metasploit, but even then it didn't always work. This tool on the other hand...

You may have tight VLANing over what can talk to what, but now all your servers create a tunnel out to a central Velociraptor server. You'd have to be less restrictive with SELinux(disabling is probably easier in this case, the amount of policies I'd have to make to let this work as intended wouldn't be fun) to allow Velociraptor to push or pull files from any part of the filesystem, to execute any binary, stop/start networking(for host isolation?), browse filesystems, etc. All of these things weaken your security.. so we're trading security for visibility and making the SOCs job easier when the time comes.

Am I the crazy one not wanting this on our systems?

Hi, was a quick question since i was scrolling thought Twitter and almost clicked on a fake image as an accident (i saw it had the link behind so thats what saved me).

But let's say i clicked it, could i have gotten a virus from it?

I recently found out about SS7 exploit and I'm a bit confused at how easy it is?

So any hacker can just buy SS7 access to a carrier in the targets region, when the target gets an SMS from a friend, the hacker can just pretend to be the targets phone and therefore get the SMS.

But why would the network prioritize the hackers phone over the targets phone even if the hacker is pretending to be him the real phone is still connected to the network or am I wrong?

Also is it critically for the attacker SS7 access to a celltower near the friends phone that sends the SMS?

I'm really confused by this and how to protect myself from it other than using App based 2FA.

Hi. I'm a bit of a newbie at this and I was wondering if someone could help me please. Through site:drive.google.com you find many articles, books..in PDF. When you search for the title you want from google you get a link and when you open it online you see in google documents the book you are looking for. Is it safe to download the PDF of this? If not, is there any way to download it safely?

Thank you very much!

Translated with DeepL.com (free version)

Let's assume that there is an initiative in that all external websites/apps needs to have security scans in place.

1. Is there a way to enforce say SAST scans in pipelines for new and existing repos in ADO? Devs have full power of the yaml pipelne, maybe there is a way to add default jobs?

2. Is there a way to define a policy that when you kick off a build in a certain repo it will trigger a warning asking you to add a job/task for the security scanner? And is there a way to apply that policy to certain repos or teams/projects

3. If this is not possible, is there is a way to add a security gate such that before deploying into production, there is a check that a SAST has been added as a job. I understand that you could define a policy or parameters to fail upon say 1 critical, 1 high, etc... But developers have control of the yaml pipeline and can be cheeky into modifying these or omitting them entirely. Furthermore, I was discussing offhand with an appsec person that they use a solution like Octopus deploy which can have a security gate, can anyone share if its a possible solution and what they used for it?

Hi, What would be needed to create a report that is compliant with frameworks like HIPAA, GDPR, ISO 27001, and PCI DSS? Specifically, how can I obtain a vulnerability report that is directly aligned with HIPAA standards as an example? How do companies generally handle this? Are there any sample vulnerability reports, policies, converters, or conversion rules available for this purpose?

noob here looking for advice

• small business with 75 devices, they have firewalls already in place, they just want to protect computers (90% mac 10%pc) no servers
• admin wants simple solution where we can cheaply purchase a plan that protects 75 devices under one account/ login and i can install the software on every computer.
• ideally there is a control panel that shows the software is running on each computer.

Thank you!

I looked at bitdefender gravity zone, not sure if that's right as it seems more involved but maybe if i can just install their antivirus/ malware protection is could work. Control center looked complicated.

I’m fairly privacy conscious but I really would like text messages on my computer. I’m somewhat trying to figure out how to secure ms operating systems for fun I guess. I have OneDrive syncing and was wondering what people thought of phone link, threat modeling wise, or the pros and cons of.

Hey y’all, I just found a job posting (in Albany NY private sector) that requires 8 years of programming experience in SAS, SQL, Tableau, Python, and R. I feel like this is a lot of experience for a job that pays “only” 80k. I get that 80k is great money, but I feel like that is not enough for someone with so much experience. I am not applying for this position (as I am still in school for cyber), but I am worried because I am seeing all these postings requiring so much experience for a relatively small amount of compensation in return. Is this the tech industry in general now a days? Working for almost a decade to maybe make $80k? What should I do? I am almost done with my degree.

I'm borrowing a laptop from them at the moment and I wanna sign into my Google account to watch stuff on YouTube at home, and I'm guessing they wouldn't see my password but I wanna be sure.

And would they be able to see what I'm watching and stuff too? Or would a simple history wipe sort that?

Hi

What are different ways using which we can hunt down the C2 hidden behind a virtual hosting provider such as hostinger, etc.

There are was recent CTF scenario in which the implant communicated with an IP address. Reverse IP lookup pointed the IP to hostinger, and it was a dead end.

Would love to know your insights on this. Thanks.

Hi, we just got some computers we are trying to set up for employees.

We've tried to disable windows installer for standard users through the group policy editor, but it still allows them to install anything they want. The only thing it seems to prevent is the standards use installing something on every user profile.

I look online and lots of people seem to be asking this question and the answer is consistently this can't happen.

This confuses me, because I've seen this type of prevention at previous workplaces.

Any thoughts would be appreciated

Working on a report for class and wanted to focus on the recent attack on the Internet Archive. Ive gotten that it was a series of DDOS attacks, the website being defaced with the popup, and how personal information was compromised. I wanted to dive deeper into the technical aspect of the attack and write about how the DDOS was carried out and how some confidential information was breached. If anyone could help me out or direct me to some resources, Id really appreciate it. Thanks!

Which is better for a quick setup for a security monitoring and logging demo with a vulnerable web app, splunk or elk?

I'm trying to make a script that makes inbound rules that disable certain programs from getting traffic. I don't know how to test whether the rules are actually working or not. They are showing up in firewall but I don't know how I can verify that they work as intended. Nothing seems to change when using any of the programs. Please provide me some guidance.

netsh advfirewall firewall add rule name="Block msedge.exe" program="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" protocol=tcp dir=in enable=yes action=block profile=any

netsh advfirewall firewall add rule name="Block Microsoft.Msn.Money.exe" program="C:\Program Files\WindowsApps\Microsoft.BingFinance_4.53.61371.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.exe" protocol=tcp dir=in enable=yes action=block profile=any

netsh advfirewall firewall add rule name="Block Microsoft.Msn.News.exe" program="C:\Program Files\WindowsApps\Microsoft.BingNews_4.55.62231.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe" protocol=tcp dir=in enable=yes action=block profile=any

netsh advfirewall firewall add rule name="Block Microsoft.Msn.Weather.exe" program="C:\Program Files\WindowsApps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe" protocol=tcp dir=in enable=yes action=block profile=any

netsh advfirewall firewall add rule name="Block Microsoft.Photos.exe" program="C:\Program Files\WindowsApps\microsoft.windows.photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" protocol=tcp dir=in enable=yes action=block profile=any

netsh advfirewall firewall add rule name="Block XboxApp.exe" program="C:\Program Files\WindowsApps\microsoft.xboxapp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.exe" protocol=tcp dir=in enable=yes action=block profile=any

What are some vulnerable web applications with accessible logs that I can use as a demo for setting up security monitoring? I've tried finding the logs for owasp juice shop to no avail

Recently I came across two cross-platform, opensource & free encryption software:

S.S.E. - Secret Space Encryptor => https://paranoiaworks.mobi/download/

and Rohos Mini Drive => https://rohos.com/products/rohos-disk-encryption/rohos-mini-drive/

This might seem silly but in comparison to Cryptomator and Veracrypt, how good are these softwares, and are they really secure to use on Android and Windows 10 PCs?

I'm on a home wifi network. Orbi brand router. Default passwords were never used and were changed upon setup.

I have a lot of devices, from Chromecasts to printers to game consoles to five PCs.

Lately many websites require me to prove that I am human. AutoZone.com, just today, had me do a captcha-like activity. Gamefaqs.com, a few days ago, straight up blocked my IP. I submitted a ticket and they unblocked me, I asked for an explanation as to why they did and was not given one - neither block nor unblock rationale. Reddit did one time as well, but it has not happened in a while.

I'm concerned that maybe a device in my network, or my network itself, is compromised somehow. The only real candidates for compromise on my network are the laptops. I've checked each one, ran windows defender (or whatever it's called), and none come up with any issues. I'm also careful and very rarely download anything off the internet. In the last year, a single download of a single game. But I checked this laptop twice, and even simply turned it off, and I still get captchas galore. I have security cameras, but those dont even have default passwords -- they are connected to an account which is password secured and has email based 2fa (wyze brand).

Does anyone have any suggestions as to how I can diagnose why I keep getting these, or am I just overthinking this and everyone gets these all the time?

Thank you.

The CISO is having the Infosec team line up penetration tests on SaaS vendors we purchased licenses from (M365, knowbe4,Atlassian,etc.)

Is this something businesses do? Should I have them revisit their MSA/agreements first? I honestly never heard of this and think there will be negative impacts on the services ability to the IP these attacks come from (they are doing it from a static office ip).

Edit: I'm going to take this up with legal after I float the contractual lingo in front of them.

I'm considering grad school, my undergrad was in Cybersecurity.

I don't want a Master's in that as it feels redundant.

I am in the Systems Engineering field (think Defence Contractors, Systems Designs, Program Requirements).

However, I am also interested in technical degrees such as the new Cloud Engineering degree at UMD. While, I could do certifications I feel like I could benefit from being on-campus and networking with professors and my colleagues. My plan is to make my community, work and live in MD hopefully near Fort Meade or Washington DC.

I am considering a Master's in Systems Engineering as well from GWU or JHU. Leaning towards JHU because I can get internship either at the Hospital or at their Applied Physics Laboratory and leverage connections there or study abroad.

There is also the MCIT degree at UPenn which is geared towards non comp-sci majors and working professionals which is more of a computer science degree.

There is also a Cloud Computing Management Degree at GWU which blends Project Management and Cloud developing leadership capabilities but the program is completely online and well.. it seems sort of niche.

If I really want to go technical then there is the Cybersecurity in Computer Science Masters degree and they have a bootcamp to catch up on math and pre-req and it's in person and close to work.

Money is not an issue. My employer has tuition reimbursement.

A business account was email bombed. After painstakingly going through all emails during the scope of the bomb, we identified that the threat actor made payroll changes and wanted to hide that - fun!

Good news though, all changes have been reverted, and all passwords have been reset. Vendors have been contacted, and the user is getting retrained.

Bad new - they are still enrolled to thousands of news letters, and we can't just block them one by one. Our spam filter offers bulk email block, but the user also relies on senders marked as bulk.

With all thay said, how does one in enroll from all these subscriptions? are services like unroll.me or delete.me legit and above board?

Update: MS365 through GoDaddy is the mailing services.

Trying to decide between the two. There are pros and cons to both. GT a more renowned school where I think I will learn more but the program is a bit longer (looking between 2-3 years). WGU can finish quicker(1-1.5 years) but not as renowned and may not have as strong of a network. They are both fairly cheap so price isn't a factor.

Any of you went to either and have any relevant advice/experiences?

I've been instructed to get another set of fingerprints to renew my license, and they use Fieldprint. There is an obscene amount of personal data required (for obvious reasons), but their website doesn't appear as secure as I'd like. They still ask for three security questions, which I've heard is basically meaningless these days. I'm no expert, which is why I'm here; just hoping someone has knowledge of this company/website and can ease my fears.

Currently in a demo of BlackFog. Marketed to us as a data exfil prevention product. We are mostly a macOS house but I installed it on a dozen windows clients of people who regularly fail our phish tests and other high-value target machines. Does anyone else have insight or feedback on this product? Only 48 hr. in and don't have enough data yet to draw a conclusion. Trying to make sure I'm not wasting my time?

I wanna know what are the main and detailed differences between Sysmon and Event Viewer, yes I know sysmon is betterbut there is gotta be more

Topic,
I'd like to run a program in sandbox environment however I can't run windows sandbox and I have tried activate hyper-V and Hypervisor via windows features and also to enable the service with re-start but it doesn't work. So at this point is there any valid free alternative to use?

Update: Thank you everyone for your responses - I have met with the team and have finally gotten them onboard with a 3rd party e-discovery firm. We have not picked one yet, but at least it is a stressful load off of me!

A Global Admin in MS365 account was compromised in a BEC event. Backup software installed on the tenant indicates that all mail was replicated to the threat actors system. While a million things that should have happened leading up to this event did not happen, it was not my problem/role until the incident. While the outbound mail containing ePHI was encrypted, because of the level of access, all the mail is still backupable, and viewable, as the mail is plain text in the sent folder, but encrypted from external access.

I know the rules say to provide evidence, so I can provide the following findings:

• Logins form users account from foreign countries
• Installation of Backup software the company does not use
• Actions taken by accounts from foreign IPs in recent user audit logs

Before I get torn apart:

• The situation is stable, and the company is going to be implementing services that could have prevented this, and taking a more secure approach, and start following best practices
• I do not need help with getting the situation stable
• I do not need help with "what do I do to prevent breaches"
• Up until now, I have had zero say or control in the system, so please do not tear me a new one for things like "the user should not have been a GA"

I do want help with a specific task that I have been given, but before I am told to seek professional assistance, I am trying to get the party to do this. I do not want to be the one doing this, but until I convince the uppers, it is my job.

I need to determine who has been involved in the breach. it is not as simple as identifying to addresses, as the to addresses are other business - the emails contain PDFs containing ePHI sent to partnering businesses. For example, Bob sent an email with a PDF containing Alice's prescription to Jane at a difference company.

I do have PST of all emails with potential ePHI in them, and need to identify whos ePHI is in it, so they can be properly notified.

Is there a tool that specialty parties normally use to analyze the emails, and use OCR on attachments to pull this data? or it is truly a manual process?

Through spot checking, we know the scope of data potentially stolen, I just need a good way to determine who is involved and needs notice, and I have not come up with much in my searches. I will hopefully be able to change my efforts into finding a specialized party instead, but for now would like to have at least something - even if its a pile of trash that acts as fodder for why we need a third parties involvement.

Sorry for being vague, but it is a serious breach with HIPAA protected info, so I'm trying to stay vague, and prevent me or my party from being identified.

I'm using reaver 1.6.6 on a Kali Linux VM and I have the ALFA AWUS036AXML so it handles packet injection and it has no issues other than when I'm trying to do a WPS attack on reaver but it just keeps giving me the "send_packet called from resend_last_packet() send.c:161" and eventually just keeps trying the same "12345670" pin everytime. I can't seem to figure it out. I'm using aireplay-ng for the fakeauth. I redacted the MAC address so it is an actual BSSID. I've read the reaver troubleshooting thread and I dont have any of those issues, I'm right next to my AP.

If anyone can give me some pointers, I've tried everything, almost tried all of the arguments included with reaver... I was never successful using wifite either but I'm not sure how to use it.

Reaver v1.6.6 WiFi Protected Setup Attack Tool

Copyright (c) 2011, Tactical Network Solutions, Craig Heffner cheffner@tacnetsol.com

[+] Switching wlan0mon to channel 11

[+] Waiting for beacon from XX:XX:XX:XX:XX:XX

[+] Received beacon from XX:XX:XX:XX:XX:XX

[+] Vendor: Unknown

WPS: A new PIN configured (timeout=0)

WPS: UUID - hexdump(len=16): [NULL]

WPS: PIN - hexdump_ascii(len=8):

31 32 33 34 35 36 37 30 12345670

WPS: Selected registrar information changed

WPS: Internal Registrar selected (pbc=0)

WPS: sel_reg_union

WPS: set_ie

WPS: cb_set_sel_reg

WPS: Enter wps_cg_set_sel_reg

WPS: Leave wps_cg_set_sel_reg early

WPS: return from wps_selected_registrar_changed

[+] Trying pin "12345670"

[+] Associated with XX:XX:XX:XX:XX:XX (ESSID: XXXXXXXX)

[+] Sending EAPOL START request

send_packet called from send_eapol_start() send.c:48

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

[+] Received deauth request

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

send_packet called from resend_last_packet() send.c:161

Hey everyone,

I’m a cybersecurity student currently exploring training programs specifically for NETSCOUT. I’ve been searching for something beyond what is offered through NETSCOUT University, but I haven't had much luck.

The only other option I came across was from CyberTraining 365, but after digging into it, it turns out it was likely a scam (mixed reviews and suspicious domain history). I was hoping to find something more reliable or at least a community-approved alternative.

Does anyone here know of any other legit training programs or certification paths for NETSCOUT technologies? Ideally, something accessible and not overly expensive.

Any help would be greatly appreciated! Thanks in advance!