|
Oct posted:For free content, I would typically point someone here: https://www.dfir.training/. A lot of the really good training is still paid unfortunately. SANS is kind of a 900 pound gorilla for training, especially for forensics and incident response. The site I linked is pretty much driven by the DFIR community, so there are a lot of decent resources to dig into. Thanks a TON for the links and info! Yeah one of the jobs I was interviewing for was in a SOC. I had to be upfront and say while I was slightly familiar with MITRE from studying for my CISSP I've never actually used it in a professional setting. I'm going to try and learn as much as I can about it and also try to start using it in some format at my current position.
|
#
?
Oct 29, 2020 18:31
|
|
|
|
| # ? May 12, 2024 17:45 |
|
|
Oct posted:For free content, I would typically point someone here: https://www.dfir.training/. A lot of the really good training is still paid unfortunately. SANS is kind of a 900 pound gorilla for training, especially for forensics and incident response. The site I linked is pretty much driven by the DFIR community, so there are a lot of decent resources to dig into. Yeah, anything MITRE does is top notch and generally great framework for Policy, Governance, and DFIR/IR stuff.
|
|
#
?
Oct 29, 2020 18:31
|
|
|
https://twitter.com/dnvolz/status/1321447353975513094
|
|
#
?
Oct 29, 2020 18:39
|
|
|
Yup, unsuprisingly, we're as bad as everyone else with government backdoors. And this is why Barr's plan to backdoor encryption is loving insane.
|
|
#
?
Oct 29, 2020 18:44
|
|
|
CommieGIR posted:. And this is why Barr's plan to backdoor encryption is loving insane. Didn't the aussies already try this and get mocked excessively for trying to outlaw math?
|
|
#
?
Oct 29, 2020 19:04
|
|
|
RFC2324 posted:Didn't the aussies already try this and get mocked excessively for trying to outlaw math? Every couple of years a Five Eyes country tries to outlaw math and learns nothing from the resulting mess.
|
|
#
?
Oct 29, 2020 19:06
|
|
|
RFC2324 posted:Didn't the aussies already try this and get mocked excessively for trying to outlaw math? Yup, and now Barr/Pompeo are putting pressure on the EU to do it again. Its going to be both a nightmare and hilarious since it'll just result in a hundredfold increase in breaches.
|
|
#
?
Oct 29, 2020 19:13
|
|
|
Great (IMO) video about the whole Dual EC saga from the perspective of the ScreenOS firmware code: https://www.youtube.com/watch?v=CPHLvx6jbOc
|
|
#
?
Oct 29, 2020 19:45
|
|
|
CommieGIR posted:Brian Krebs is an ex Windows Admin who plays security and regularly says poo poo that is based on little evidence. He's a pariah in the Infosec community, especially because he doesn't take criticism well. Kinda like Kevin Mitnick but Kevin does actually know a lot of things, even though he sold his soul.
|
|
#
?
Oct 29, 2020 19:53
|
|
|
wyoak posted:my impression of him was that he was a reporter, not an infosec professional, but i haven't really paid much attention to him lately so if he doxxed people that's good to know This is true, but he bills himself as more than a reporter professionally.
|
|
#
?
Oct 29, 2020 19:55
|
|
|
wyoak posted:my impression of him was that he was a reporter, not an infosec professional, but i haven't really paid much attention to him lately so if he doxxed people that's good to know https://www.itwire.com/security/86867-infosec-researchers-slam-ex-wapo-man-krebs-over-doxxing.html
|
|
#
?
Oct 29, 2020 19:56
|
|
|
https://twitter.com/troyhunt/status/1321889826711298048?s=21
|
|
#
?
Oct 29, 2020 20:57
|
|
|
super happy for the next 3 pages of password manager chat.
|
|
#
?
Oct 29, 2020 21:00
|
|
|
Diva Cupcake posted:super happy for the next 3 pages of password manager chat. 
|
|
#
?
Oct 29, 2020 21:33
|
|
|
I'm so happy for the bougie security reporter man who defends victim blaming and enjoys long walks shilling for the shady VPN company that he gets to shill for another service with an unnecessary subscription fee.
|
|
#
?
Oct 29, 2020 21:39
|
|
|
I like Troy :/ Elaborate on the victim blaming?
|
|
#
?
Oct 29, 2020 21:41
|
|
|
The Fool posted:I like Troy :/ When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame quote:"You're victim blaming. Stop victim blaming." With doubling down here and this one within the last week.
|
|
#
?
Oct 29, 2020 21:54
|
|
|
Kerning Chameleon posted:When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame He certainly has an interesting.... perspective. Honest, I feel like he is looking for rage clicks and is getting them. Nobody is reading that poo poo except to hate on it.
|
|
#
?
Oct 29, 2020 22:35
|
|
|
Kerning Chameleon posted:I'm so happy for the bougie security reporter man who defends victim blaming and enjoys long walks shilling for the shady VPN company that he gets to shill for another service with an unnecessary subscription fee. I bought 1Password 4 and may never update, lol.
|
|
#
?
Oct 29, 2020 23:08
|
|
|
I pay for a 1Password family subscription and it is worth it
|
|
#
?
Oct 29, 2020 23:10
|
|
|
imagine paying for decent software e: troy is a landlord
|
|
#
?
Oct 29, 2020 23:36
|
|
|
Jeoh posted:e: troy is a landlord 
|
|
#
?
Oct 29, 2020 23:39
|
|
|
Jeoh posted:imagine paying for decent software Paying for software is ok, I personally wouldn't do it, but I think you only subscribe to 1password, not even buying it
|
|
#
?
Oct 29, 2020 23:40
|
|
|
I subscribe to 1Password and think it's great 
|
|
#
?
Oct 29, 2020 23:41
|
|
|
So far they haven't been as bad as LastPass but I'm pretty confident it's just a matter of time until something happens just like them
|
|
#
?
Oct 29, 2020 23:42
|
|
|
xtal posted:So far they haven't been as bad as LastPass but I'm pretty confident it's just a matter of time until something happens just like them things can only be good for so long before they get hosed in the name of profit 1Password has been around long enough that corners are surely being cut now
|
|
#
?
Oct 29, 2020 23:44
|
|
|
Kerning Chameleon posted:When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame He's not wrong? God forbid anyone take responsibility for their choices these days. There are dozens of options for password managers and many are integrated into browsers, desktops and phones. If your to lazy to use one in 2020 and your password of 'Maga2020!' kicks off world war 3 then yes, you share responsibility.
|
|
#
?
Oct 30, 2020 00:15
|
|
|
xtal posted:Paying for software is ok, I personally wouldn't do it, but I think you only subscribe to 1password, not even buying it Yea, I am not paying a subscription for something I used to be able to buy before someone figured out how to make more money off it. Adobe-tier poo poo
|
|
#
?
Oct 30, 2020 00:17
|
|
|
Cup Runneth Over posted:Yea, I am not paying a subscription for something I used to be able to buy before someone figured out how to make more money off it. Adobe-tier poo poo Complaining about this for a security product that needs constant maintenance is some galaxy brain poo poo. The times of buying SOFTWARE VERSION 2.0 and being able to use it for a decade are over. Updates are critical and they cost money. Having people stuck at older versions is a massive risk and a huge burden for developers. It's gone. Let it go.
|
|
#
?
Oct 30, 2020 00:27
|
|
|
Internet Explorer posted:Complaining about this for a security product that needs constant maintenance is some galaxy brain poo poo. I didn't subscribe to Linux to post this, you don't need to buy any software, much less buy it more than once. Separately from that, storing your passwords in the cloud is a bad idea whether it's a subscription or not.
|
|
#
?
Oct 30, 2020 00:30
|
|
|
1password’s watchtower is worth the money and it has warned me about passwords on two separate occasions.
The Fool fucked around with this message at 00:34 on Oct 30, 2020 |
|
#
?
Oct 30, 2020 00:32
|
|
|
xtal posted:I didn't subscribe to Linux to post this, you don't need to buy any software, much less buy it more than once. Separately from that, storing your passwords in the cloud is a bad idea whether it's a subscription or not. Storing your passwords anywhere is a risk assessment with security and convenience trade offs that you need to make your own decision about.
|
|
#
?
Oct 30, 2020 00:33
|
|
|
xtal posted:I didn't subscribe to Linux to post this, you don't need to buy any software, much less buy it more than once. Separately from that, storing your passwords in the cloud is a bad idea whether it's a subscription or not. I keep my keepass archive in cloud storage, but in addition to the longass password I also composite that with my yubikey challenge-response. All my emails and variants are subscribed to hibp and I reroll my all my passwords annually so something like Watchtower is unnecessary for me. Kerning Chameleon fucked around with this message at 00:41 on Oct 30, 2020 |
|
#
?
Oct 30, 2020 00:38
|
|
|
xtal posted:Separately from that, storing your passwords in the cloud is a bad idea whether it's a subscription or not. It's not. There are many ways to do it as safely as reasonably possible, and as said it's about assessing the convenience and other areas of improved security against your own personal risk posture.
|
|
#
?
Oct 30, 2020 01:06
|
|
|
Diva Cupcake posted:super happy for the next 3 pages of password manager chat. Also this was prophetic lmao
|
|
#
?
Oct 30, 2020 01:06
|
|
|
if you say "password" in the bathroom mirror three times, the CEO's nephew will come out of the mirror and tell you about their custom password management setup involving six types of authentication, three different open source syncing services, and a ham radio tuned to a soviet numbers station
|
|
#
?
Oct 30, 2020 01:14
|
|
|
Achmed Jones posted:if you say "password" in the bathroom mirror three times, the CEO's nephew will come out of the mirror and tell you about their custom password management setup involving six types of authentication, three different open source syncing services, and a ham radio tuned to a soviet numbers station God if only
|
|
#
?
Oct 30, 2020 01:46
|
|
|
In reality you'll just get a pin number in a text message.
|
|
#
?
Oct 30, 2020 01:54
|
|
|
xtal posted:Paying for software is ok, I personally wouldn't do it, but I think you only subscribe to 1password, not even buying it Cup Runneth Over posted:Yea, I am not paying a subscription for something I used to be able to buy before someone figured out how to make more money off it. Adobe-tier poo poo You can buy a standalone 1Password license.
|
|
#
?
Oct 30, 2020 02:05
|
|
|
|
| # ? May 12, 2024 17:45 |
|
|
Achmed Jones posted:if you say "password" in the bathroom mirror three times, the CEO's nephew will come out of the mirror and tell you about their custom password management setup involving six types of authentication, three different open source syncing services, and a ham radio tuned to a soviet numbers station as the prophecy foretold.
|
|
#
?
Oct 30, 2020 02:13
|
|