|
I sure hope that Twitch leak contains tons of internal communication, because it would sure be nice to see the rationalization behind some of their moderation decisions.
|
# ? Oct 6, 2021 17:32 |
|
|
# ? May 26, 2024 05:51 |
|
Combat Pretzel posted:I sure hope that Twitch leak contains tons of internal communication, because it would sure be nice to see the rationalization behind some of their moderation decisions. Seeing these gits is just confirming what I already knew, devs are poo poo everywhere and nobody knows what they are doing.
|
# ? Oct 6, 2021 17:40 |
|
So far their IR team is handling this well as far as public communication, so there's that.
|
# ? Oct 6, 2021 17:40 |
|
I want to see the leaked Twitch source code just to do the same thing I do every time I look at the source for any big product -- grep for curse words.
|
# ? Oct 6, 2021 17:52 |
|
Martytoof posted:I want to see the leaked Twitch source code just to do the same thing I do every time I look at the source for any big product -- grep for curse words. e: Yeah, this is too close to filez. If you want to find it, you can. CommieGIR fucked around with this message at 20:05 on Oct 6, 2021 |
# ? Oct 6, 2021 18:07 |
|
CommieGIR posted:Nope. Recommend checking out stuff like Hack The Box and grabbing a book like Hands On Hacking if you want to dive head first into this field.
|
# ? Oct 6, 2021 19:28 |
|
Ehhhhhh, that is really skating the line.
|
# ? Oct 6, 2021 19:48 |
Edit: nevermind
|
|
# ? Oct 6, 2021 19:52 |
|
Sickening posted:Ehhhhhh, that is really skating the line. Agreed, edited.
|
# ? Oct 6, 2021 20:06 |
|
CommieGIR posted:Agreed, edited. Yeah, the best course I can suggest to people is to search for the "Magnet" of the breach. That gets the best results. The powers of the internet are making a bit hard to find otherwise just due to the hear number of articles.
|
# ? Oct 6, 2021 20:09 |
|
Don't touch the poop. Especially Amazon owned poop. Have no fear, someone else will touch it for you and tell you about it.
|
# ? Oct 6, 2021 20:10 |
|
Doc Fission posted:Hi, I am considering beginning a cybersec bootcamp soon because it has always fascinated me as a field and I'm bored in my current database management & analytics role. Is this a terrible idea? i wouldn't pay for this sort of thing, there are poo poo-tons of free resources online
|
# ? Oct 6, 2021 20:22 |
CommieGIR posted:e: Yeah, this is too close to filez. If you want to find it, you can. The people who can recognize a magnet SHA1 hash presumably also know how to make one into a complete magnet URI.
|
|
# ? Oct 6, 2021 21:27 |
|
BlankSystemDaemon posted:I'm actually curious - not that I'm going to, but couldn't one just share a magnet hash? I think the point of the rules are that you shouldn't share a way to get illegal stuff, not that it should be cleverly disguised. It's like not clicking a spam mail, but copy pasting the target URL into your browser to get around the technicality of clicking.
|
# ? Oct 6, 2021 21:31 |
This reminds me of all the instances of 09 F9 sharing, as well as the DeCSS haiku.BonHair posted:I think the point of the rules are that you shouldn't share a way to get illegal stuff, not that it should be cleverly disguised. It's like not clicking a spam mail, but copy pasting the target URL into your browser to get around the technicality of clicking.
|
|
# ? Oct 6, 2021 21:38 |
|
The original tweet mentions specific 4chan boards, so maybe check there.
|
# ? Oct 6, 2021 21:48 |
|
BlankSystemDaemon posted:I'm actually curious - not that I'm going to, but couldn't one just share a magnet hash? ddossecrets almost always has whatever leaked the latest, easy enough to find and fairly reputable. They generally don't share anything they have not verified is legit.
|
# ? Oct 6, 2021 22:10 |
CommieGIR posted:ddossecrets almost always has whatever leaked the latest, easy enough to find and fairly reputable. They generally don't share anything they have not verified is legit. I didn't know about ddossecrets, though - so thanks!
|
|
# ? Oct 6, 2021 22:18 |
|
BlankSystemDaemon posted:I saw what I assumed to be the hash roll by in several IRC channels already just today, I'm sure if I wanted it I could manage it. Welcome. We used it to verify some threat actors we ran into with a couple clients that came from larger leaks.
|
# ? Oct 6, 2021 22:34 |
|
Achmed Jones posted:i wouldn't pay for this sort of thing, there are poo poo-tons of free resources online i know but i am a poo poo garbage self-paced learner and i have a perfectly serviceable 9-5 and nothing else to burn big piles of US dollars on
|
# ? Oct 7, 2021 02:26 |
|
Doc Fission posted:i know but i am a poo poo garbage self-paced learner and i have a perfectly serviceable 9-5 and nothing else to burn big piles of US dollars on If you really, really want to light eyewateringly large piles of cash on fire, look into training from SANS.
|
# ? Oct 7, 2021 02:33 |
|
Kreeblah posted:If you really, really want to light eyewateringly large piles of cash on fire, look into training from SANS. alright maybe the piles aren't THAT big
|
# ? Oct 7, 2021 02:42 |
|
Which bootcamps are you considering? Cybersecurity is a huge topic in general with tons of specialization.
|
# ? Oct 7, 2021 03:58 |
|
Tryzzub posted:Which bootcamps are you considering? Cybersecurity is a huge topic in general with tons of specialization. It's hosted by GA Tech. https://bootcamp.pe.gatech.edu/cybersecurity/
|
# ? Oct 7, 2021 04:38 |
|
Doc Fission posted:It's hosted by GA Tech. https://bootcamp.pe.gatech.edu/cybersecurity/ So I just finished this bootcamp, mine was through University of Denver but they are both through Trilogy Education. I just graduated mid-September. I can’t recommend or not recommend it yet since I haven’t gotten a job., but if you want to PM me I’ll give you an overview and my experiences. The upshot is that I really enjoyed the class and learned a lot and if I can parlay it into any kind of Infosec job I’ll consider it the best money spent since LASIK. If not, I guess it’s back to the covid mines until my knees and or back give out.
|
# ? Oct 7, 2021 06:13 |
|
I was gonna suggest the Solaris sysadmin certs just to be dumb, but it looks like oracle actually lowered the price on a product for once
|
# ? Oct 7, 2021 07:52 |
That's clearly a mistake on their part.
|
|
# ? Oct 7, 2021 10:30 |
|
navyjack posted:So I just finished this bootcamp, mine was through University of Denver but they are both through Trilogy Education. I just graduated mid-September. I can’t recommend or not recommend it yet since I haven’t gotten a job., but if you want to PM me I’ll give you an overview and my experiences. The upshot is that I really enjoyed the class and learned a lot and if I can parlay it into any kind of Infosec job I’ll consider it the best money spent since LASIK. If not, I guess it’s back to the covid mines until my knees and or back give out. Oh yay! I definitely will.
|
# ? Oct 7, 2021 11:47 |
|
RFC2324 posted:I was gonna suggest the Solaris sysadmin certs just to be dumb, but it looks like oracle actually lowered the price on a product for once I smell desperation on Oracles part
|
# ? Oct 7, 2021 13:07 |
|
CommieGIR posted:I smell desperation on Oracles part As someone who works with Oracle [REDACTED DUE TO NDA] and then I put a cigarette out on their forearm and went back to the office. e: Thoughts on the content of that Cybersec course -- it seems like a good potpourri of things you will want to know in this field and probably a good kickoff into figuring out WHAT you want to do in infosec. I'm not going to guess at the quality of education you get in that short timeframe but I will say -- I do like that you get a little exposure to everything. Often I find that governance and audit have very poor understanding of networking or testing activities, etc. As an employer in this field I would probably like to see a little more than just a bootcamp on a resume absent any other previous IT experience, but I could see it parlaying into an internship, (very) junior analyst or SOC role. I'm being honest just based on what I read -- there's positives and negatives to the bootcamp aspect -- obviously an individual interview would flesh out capabilities or learned experience much better. some kinda jackal fucked around with this message at 13:55 on Oct 7, 2021 |
# ? Oct 7, 2021 13:49 |
|
Getting an Oracle Solaris cert in late 2021 probably gives you a strong inside track on a lot of jobs you absolutely do not want.
|
# ? Oct 7, 2021 16:44 |
|
Zorak of Michigan posted:Getting an Oracle Solaris cert in late 2021 probably gives you a strong inside track on a lot of jobs you absolutely do not want. Want a cushy government job for half of market rate and no possibility of promotion? Like the comforting idea of a pension, but with the anxiety that it may go bankrupt before you draw a cent? How about coworkers that would be literally unhireable anywhere else? System administration for a local government may be for you!
|
# ? Oct 7, 2021 17:20 |
|
Doc Fission posted:It's hosted by GA Tech. https://bootcamp.pe.gatech.edu/cybersecurity/ As someone who completed a web development boot camp in the year 2020 (it was marketed as software development), be sure to check with people who do the actual hiring like the poster above. The job market changes. A lot of people I talked to had gotten their jobs after bootcamps and highly recommended them. What they were unaware of is that the market for web developers got much more competitive in 2015ish and it was no longer a sufficient qualification unless you happened to come from a professional background that jived with the job you were going for (like an accountant applying for a junior dev role with a company that makes accounting software). It took much longer than I anticipated, but I eventually landed a job that was more data and modeling related than web dev. I work almost exclusively with Python, which wasn't even covered in my course. It was useful to be exposed to JavaScript and backend technologies if only to understand how they interact, but I didn't need to spend 12 weeks and thousands of dollars to do it. If I had waited a few months, I would have a) collected unemployment because I quit my job at the beginning of covid and would have been laid off two months later and b) discovered that I was much more interested in cyber security and that, while a notoriously difficult field to get started in, the market was much better for job seekers at the time. So do your research, talk to appropriate people in your network, and if you still want to do it, move on it as soon as possible to get the maximum benefit from the qualification. Unlike a formal degree, it has a shelf life after which you will need good professional experience to make up for not having a more traditional qualification. On this subject but separately, the impression I get from ''''influencers"'' in the field is that mid and late career people tend to fall in to one of two categories: former military or high school nerd who liked to "hack". Is this accurate, or does it apply more to red teamers/researchers than the field in general (or am I entirely mistaken)?
|
# ? Oct 7, 2021 18:32 |
|
Somebody's going to get in trouble, I think: https://twitter.com/cybergibbons/status/1445804632274505729
|
# ? Oct 7, 2021 18:43 |
|
BrianRx posted:On this subject but separately, the impression I get from ''''influencers"'' in the field is that mid and late career people tend to fall in to one of two categories: former military or high school nerd who liked to "hack". Is this accurate, or does it apply more to red teamers/researchers than the field in general (or am I entirely mistaken)? eh there's also a good grip of people that transitioned from general IT or dev as part of career growth/specialization, but both of those groups you mentioned are certainly represented
|
# ? Oct 7, 2021 18:55 |
|
BrianRx posted:As someone who completed a web development boot camp in the year 2020 (it was marketed as software development), be sure to check with people who do the actual hiring like the poster above. I also did a career transition with a boot camp late 2019 and ended up with multiple offers in fields unrelated to my former industry. One piece of research that I think was very helpful in reducing the risk was that I chose my particular boot camp partially based on how many alumni I could find on LinkedIn actually working in the field. If you do this and reach out to recent grads that will give you some good knowledge as well as make some connections in the industry.
|
# ? Oct 7, 2021 19:19 |
|
Absurd Alhazred posted:Somebody's going to get in trouble, I think: Yup, and frankly if they have no other POC its disclosure time.
|
# ? Oct 7, 2021 19:25 |
|
CommieGIR posted:Yup, and frankly if they have no other POC its disclosure time. Personally this annoys me. If you're gonna vague post about a company flipping you the finger after finding a vuln instead of naming and shaming what good are you exactly as an independent researcher looking for vulns? Atleast when sickening doesn't name and shame, it's because goons will go out and ruin a "good" thing for them.
|
# ? Oct 7, 2021 19:49 |
|
I have an extremely basic question about the way VPNs and Chromecast interact with each other. Let me know if this isn't the thread for it. So, I recently did an interstate move, and have resorted to :files: to get a stream of my hometown sports games in my new house. I sprung for NordVPN (much cheaper than the legit alternative, thanks a lot NFL) for security reasons, and my process is: 1) Run NordVPN on my PC 2) Open stream in browser on my PC 3) Cast tab to Android set-top box (Nvidia Shield) so that I can watch on my TV instead of my computer screen I've been thinking about this, though, and it strikes me that the way casting works doesn't necessarily involve actually routing the stream through my PC at all. Is NordVPN actually doing anything to help protect me if I'm streaming to the Shield via Chrome anyway? What would be the best way to protect myself while doing this process? If I install NordVPN on the Shield, would I still be able to cast the tab to it?
|
# ? Oct 7, 2021 20:07 |
|
|
# ? May 26, 2024 05:51 |
|
loquacius posted:Is NordVPN actually doing anything to help protect me if I'm streaming to the Shield via Chrome anyway? All the VPN is doing is routing your traffic from your desktop to a server located in what ever city you chose before it goes off to what ever website you chose. So if you're casting from your desktop, the chain is still Streaming website -> VPN server -> Your Desktop -> possible intermediary service or not depending on your streaming method -> Nvidia Shield
|
# ? Oct 7, 2021 20:46 |