/r/netsecstudents

Photograph via snooOG

A place to share resources, ask questions, and help other students learn Network Security specialties of all kinds.

Please read the rules before posting: https://www.reddit.com/r/netsecstudents/about/rules/

A place to share resources, ask questions, and help other students learn Network Security specialties of all kinds.

Please read the rules before posting: https://www.reddit.com/r/netsecstudents/about/rules/

Wiki contains all the links in one place! Feel free to post in the threads, or message the mods to add more to the lists!

FAQ:

Resources:

Related Subreddits:

/r/netsecstudents

125,103 Subscribers

0

Microsoft Azure Sentinel 101: Automatically add TLP(Traffic Light Pattern) to Incidents with logic apps/playbooks and automation by query tagging

0 Comments
2024/06/15
16:29 UTC

2

Microsoft Azure Sentinel 101: Update alert descriptions dynamically without limits — Unlimited meta data options with helpful content

0 Comments
2024/06/15
14:56 UTC

4

Microsoft Azure Sentinel 101: Dynamically update and change Alert/Incident Severity — based on query results with automation or logic apps for all alerts

0 Comments
2024/06/14
12:18 UTC

8

As stupid as this might sound... how do you retain the information you've learned in school?

Struggling a lot with the technical questions within the interview because I've had a long 8 month gap where I was supposed to find a co op but I've never ended up finding one because the job market is extremely rough in Canada. I want to retain the information I've learned over the last 2 years, because it seriously seems like I'm about to forget it all. How do I retain information, let alone learn new things? This gap has had a big effect on me and not in a good way.

6 Comments
2024/06/13
16:16 UTC

2

how is the routine when working with cyber security?

I don't have any knowledge in IT, but I read that it pays well and you don't have to talk to people (introvert here haha)

I know it's probably stressful, but, honestly, what job isn't stressful this days?

So I want to understand how much stressful can be, how much time of your week you put into the job.

You have to achieve goals (as in the sells field)? It's more autonomous or you can be part of the company?

Also, do I need to have a degree in some technology field or I can start working after doing some courses in the internet (with certificate ofc)?

22 Comments
2024/06/13
14:43 UTC

1

Digital Nomad Visas in the Cybersecurity Industry

r/cybersecurity seems to have removed my post, so maybe this is the place to ask?

I am currently working as a security engineer for a small MSSP in the U.S.

The lease is ending on my rental unit, and I'd like to explore my options abroad. I am relatively young and currently have no wife, children or home keeping me in one spot, and have very little attachment to any of the places I've lived in the U.S. thus far.

I have traveled extensively since the end of covid, and while doing so, have learned about many of the digital nomad visa's that countries are offering to bring highly skilled labor (and tax revenue) into their borders. I have been mainly looking at the Czech Republic.

This idea began as a seed, but has since sprouted into something that I'm highly interested in. So much so that I've spoken to the embassy, the Czech Ministry of Trade, and have consulted with immigration lawyers to better understand the laws and tax implications related to such a move.

My biggest questions would be: is this even allowed within the industry? Would I still be abiding by U.S regulations if accessing client data and infrastructure from within the EU? ( All of our clients are U.S based; I am also a U.S citizen. )

I basically want to get all my facts straight before presenting such an idea to the owner of the company. I'd also be going from full-time back to contractor status and pay taxes quarterly in the Czech Republic. This would provide me access to their national health care and public services as well. So basically, taxes, PTO, and health / dental would be completely off my employers plate.

The time zone is also optimal for me. I have been a night owl my entire life and tend to do my best thinking later in the day. I would also be renting a fully furnished apartment, so I would just be bringing a duffel bag full of clothes and my computers. Anything else I could just purchase there.

Has anybody else presented an idea like this to their company, or had a coworker / employee do something similar? If so, what was the outcome?

2 Comments
2024/06/11
19:19 UTC

0

How to get into CyberSecurity

I am finishing my Master's in Applied IT this September and am currently exploring job opportunities. However, because my degree covered such a broad range of topics, I feel like a jack of all trades but a master of none. I particularly enjoyed the machine learning and network courses during my studies.

I am interested in exploring the field of cybersecurity but was hesitant to take an optional course that required extensive knowledge of x86 architecture. I'm not sure where to start, but I'm considering pursuing an online certificate to gain knowledge and demonstrate my capabilities.

Does anyone have tips or ideas on how to proceed?

12 Comments
2024/06/10
19:06 UTC

2

Automating Alert/Case Creation and Assignment in TheHive Based on Teams

Hi everyone,

I’m working on a project where I need to automatically create alerts and cases in TheHive based on CVE data. Here’s a brief overview of my setup and the challenges I’m facing :

>> Project Overview :

  • Script Functionality : I’ve written a script that pulls CVE details from Elasticsearch and generates alerts in TheHive based on a specific condition ( specific affected product for example). The script then converts these alerts into cases.

  • Team-Based Assignment : I want to assign cases to specific teams (e.g., Apps team for WordPress CVEs, Networking team for Cisco CVEs) based on the nature of the CVE.

  • Email Notifications : I need to notify all members of the relevant team when a new case is created.

>> The Problem :

1. Case Assignment : TheHive doesn’t seem to support direct assignment of cases to multiple users or groups based on tags or other criteria. I can create user profiles and organizations, but the API doesn’t allow assigning cases to multiple users in a straightforward way.

2. Notification : I need an efficient method to notify all members of a team about new cases.

>> What I’ve Tried :

1. Multiple Organizations : Creating separate organizations for each team and assigning users accordingly. This allows team members to see only their relevant cases.

2. Tags and Profiles : Using tags to identify teams and manually assigning cases based on these tags.

3. Email Notifications : Considering using an external script to send email notifications to team members.

What can I do to fix my issue or does anyone suggest any alternative solutions or tools that might be better suited to this requirement.

Thanks in advance for your help!

1 Comment
2024/06/08
01:53 UTC

5

Cisco Cybersecurity Essntials

I am currently going through the course above and it requests that I download Ubuntu 16.04 LTS onto a virtual machine which I have done but the specific requirements of the labs lead me to belive that it wants a specific download as it asks for files which do not exist on the standard download. For example, Lab 5.1.2.4 - Password Cracking presupposes that I have accounts other than the superuser that have passwords to be cracked but I don't. Any help would be greatly appreciated.

1 Comment
2024/06/06
21:48 UTC

9

From network to cybersecurity

I am currently working as Network & Security engineer. I have the CCNA exam and experience with checkpoint and palo alto FWs.

I've been doing some courses on THM.

I want to buy the learning fundamentals subscription in OffSec and build my path from there to learn and develop my skills, and after that maybe upgrade the subscription to prepare myself for OSCP.

My questions are:

1- Is my network experience enough to go on the learning fundamentals?

2- Does the learning fundamentals certifications gets me an opportunity to swap from network to cybersecurity, professionally speaking?

3- Is it a good plan to build a path into OSCP level?

8 Comments
2024/06/06
12:56 UTC

1

Searching for some guidance

Hi there I'm new to this , like really new I can't do shit with my computer but I really would like to lern a few skills that could come Handy in this age 😅 Does anyone have some tips on how and where to start ? I could really see myself to get into this stuff Hope it doesnt bother you guys to much 😁🤘

1 Comment
2024/06/05
22:59 UTC

0

Cuber Security Language Journey

Hello Everyone, I hope you all are well.. I want to be a Pentester, so want to be know that which language i have to be learn to be a professional in this field. Like : Python, Bash or any other?

  • Can you guide me from which source i can learn them in free of cost.

And is the normal Python and Python used in Cyber Security field are same? And 1 more thing from where i will come to know about Python function? Like : python3 -c 'import pty;pty.spawn("/bin/bash")' Like this call function or other alot function. How can i learn about them? Thanks.

2 Comments
2024/06/05
14:55 UTC

4

For anyone who has taken the CCST, is the free Skillsforall course enough?

Hello! I am currently preparing for my CCST Networking exam and have been using the SkillsForAll course for the past couple of days. I am curious if anyone who has taken the test after studying with this course found it to be preparing, or if there is a better course out there. Thanks!

2 Comments
2024/06/05
01:06 UTC

0

CS or SWE degree?

I've read that people with strong coding skills are valuable in cybersecurity spaces. Would it be better to get a degree in SWE and acquire a couple cyber certs?

4 Comments
2024/06/04
09:45 UTC

8

Guidence Related Web Pentesting Career

Hello Everyone,

I hope you all are well. This note might be a bit lengthy, but I hope you will guide me to the best of your abilities.

I have some doubts and questions related to a career in Penetration Testing. I have been learning about Cyber Security for about 8 to 9 months from various resources such as:

  • YouTube
  • TryHackMe (started 3 months ago)
  • Following some Cyber Security professionals

I am currently a 19-year-old student pursuing a BS in Software Engineering in Pakistan. Unfortunately, the syllabus we are studying is outdated (10-15 years old) and quite boring for me because I have no interest in software development. To pass my degree, I must become a coder, which means leaving behind my true interest. As you know, no university can truly teach you about Cyber Security; you have to learn it yourself and obtain certifications separately, which can be quite costly.

As I am not from a wealthy background, I have to make a choice. This has led me to consider leaving my university studies to focus on learning about Cyber Security. Certifications like OSCP are expensive, and I would have to pay for them myself. I don't want to burden my parents with this expense.

After researching which certifications to pursue, I found that many people consider the CEH certification to be of little value despite its high cost:

  • $1200 for the theoretical CEH
  • $500 for the practical CEH Total = $1700 + tax

I have also learned about eJPT, which is considered comparable to OSCP and far better than CEH at an affordable price. It provides practical skills knowledge but is not listed in any job listings.

In comparison, the OSCP costs around $1800 without tax and is considered far better, providing practical skills and being recognized in job listings. I am considering selling my gaming setup and using my savings to cover the cost.

Once I get a job, I may pursue a BS in Cyber Security since I will be able to afford the fees at that time.

Here are some of my questions:

  1. Will I be able to get a Cyber Security job without a degree? Some people say that no one will hire me without a degree because I am too young.
  2. While learning on TryHackMe and solving challenges, I sometimes get stuck and have to watch walkthroughs. Is this normal?
  3. Sometimes I find it boring and give up, but I always return to studying after a few hours. Is this common?
  4. Is it a good decision to pursue the OSCP as my first certification?
  5. How much do I need to learn to crack the OSCP? How do I know that yes, now I am ready to crack the OSCP?
  6. Is there any more source to learn Pentesting fully free?
  7. Is the OSCP difficult to pass?
  8. Will I be able to get a job as a Web Penetration Tester after obtaining the OSCP?
  9. If I don't need to pursue a degree after getting a job, which certifications should I focus on next?

Your advice and guidance will be greatly appreciated. Also, please share your journey and the resources from where you have studied.

Thanks.

4 Comments
2024/06/02
03:50 UTC

8

CompTIA Network Plus to Cisco CCNA

When you have the Network+, how long would it take to learn and pass the CCNA. Also, what YouTube videos and practice exams would you recommend.

7 Comments
2024/06/02
01:59 UTC

3

Computer setup for cyber projects?

I just bought a laptop for cheap at a garage sale. Lenovo ideapad, not great specs but I’ll likely upgrade it. It was a steal so I figured I’d buy it and I suppose I can use it solely for cybersecurity projects separate from my personal/school computer. What should I add and configure right off the bat?

3 Comments
2024/06/01
22:10 UTC

1

Undergrad Research Advice

Can I turn this into research?

Hi, I am a new CS/Math major, and decided to start learning machine learning, have a plan for study and some ideas for undergrad projects.
It got me thinking about research in security.
I am sure many people do, but I have a good knowledge of how fraud works in the financial industry. I was wondering if you had ideas on how I can turn that into a research project as an undergrad?
A lot of these frauds I cannot believe work bc they seem so simple to avoid, others (like spoofing live camera verification) are something I'm sure can be fixed but take more effort.
And others amount to regulations and varying country practices that create loopholes.

There's one company with a HUGE flaw that would be so easy to stop but many people Ive encountered thankfully aren't aware of it!

I don't really know how to turn this into "research"? My goal is to transfer into a school for CS/math after community college and if I can I'd like to publish/present something to help my resume.

Also, as a felon, maybe it will help me with a job in the future, though for now I really just enjoy learning and the idea of research.

4 Comments
2024/05/31
00:02 UTC

11

is there any Anti Jamming Wifi Frequency hopping?

I'm taking a class and I was required to analyze a scenario and determine vulnerabilities as well as mitigations.

I listed jamming as a vulnerability and by reflex I wanted to suggest frequency hopping as a mitigation technique. I have a military background and so many things we dealt with had Anti-jamming frequency hopping (AJFH) that I assumed some WIFI devices should also have that capability. I've been googling like a mad man but the closest I can get is FHSS used in Bluetooth.

So my question: is there any Commercial or civilian AJFH technology that is or can be used with WIFI?

Thanks in advance.

6 Comments
2024/05/29
20:05 UTC

1

CTF challenge for staff

Hi all, so I was suggested to run a demo for our staff which involves technical and non technical people and some are senior staff members. I have given social engineering demos before. But I want to do something more engaging something around phishing and social engineering but involve the staff into a challenge that will be fun and a learning experience for them. So I was thinking explaining some techniques first and then giving them a CTF challenge to solve. Any suggestions or new ideas are welcome. Thanks.

0 Comments
2024/05/29
14:46 UTC

Back To Top