|
I went through a university that had an IT degree with a Cybersecurity concentration, It felt a lot like the CS degree except you could elect to do Ethical Hacking 1/2, Network Defense 1/2, and Computer Forensics. Which may as well have boiled down to "Learn to use Kali, learn to use Wireshark, and Learn to use niche software that looks like it hasn't been updated since the mid 2000's and hopefully not cop some liability for accidentally destroying evidence". If it wasn't for the ability to check a box for HR, I don't think a Cyber security degree would give you more than what you could learn by trying to cram for the Security+ and doing a bunch of lab work.
|
# ¿ Aug 8, 2019 23:43 |
|
|
# ¿ May 8, 2024 14:09 |
|
EVIL Gibson posted:On the flip, tools created in the mid 2000s are still good when you are finding systems that have not been updated since the mid 2000s. True, but I have no clue if it was because the tools are niche enough, I can't remember exactly which tools but there was some stuff for steganography and recovery of deleted/scrubbed files we played with, the company who produces it can just kinda coast on a really poor Windows 98 UI that crashes on newer systems or if the school was just cheap and using depreciated software, or both.
|
# ¿ Aug 9, 2019 20:10 |
|
Or you can get a set of one time pads, exchange them in person, and use what ever communication protocol you like.
|
# ¿ Aug 11, 2019 15:27 |
|
xtal posted:Maybe there's a better thread for this, but I have a friend who works in HR and they want to use their people skills to get hired as a social engineer. Does anyone have recommendations for certifications, courses or must-read books, or other tips about how to get a job doing soceng? They've already read the books by Hadnagy and Mitnick. I feel that doing social engineering is a part of doing pen-testing stuff, rather than a job unto itself, or at least I've never come across it scouring for security jobs/titles. I could be wrong though.
|
# ¿ Sep 18, 2019 00:38 |
|
Subjunctive posted:I think it’s called espionage. Oh. According to an FBI guy that came and gave a talk to the InfoSec department at my school; The Chinese are scouring college campuses for people like us(IT/CS nerds), and they'll give you tuition assistance, and a stipend to grab any kind of government/dod contractor job, also that they'll bribe you with northwards of 250k to pass on information, but that was being a cheap date and you should ask for more. What I'm saying is the Chinese seem to be way kinder to american entry level college grads than American companies.
|
# ¿ Sep 18, 2019 00:50 |
|
I've kinda always wanted to get a job in the cybersec part of corporate IT, but my recent experience with it atleast at $currentcompany is that its effectively running nessus and making note of the poo poo nessus finds, while me and my compatriots in the infrastructure department are the ones who handle poo poo like firewalls, vpns, user education, patching, site access control, most of the policy stuff, and a lot of other stuff that I would think would fall in the cyber security divisions lap. Is this a common thing?
|
# ¿ Nov 30, 2019 23:38 |
|
Jowj posted:i am very surprised your infra folks are doing policy creation lol. I get the feeling, and this could be completely wrong, that cybersec at my company is strictly there as a fig leaf to customers saying "Hey we have a couple of dudes with cybersec certs on our roster.", I was just curious if that was par for the course or not. Defenestrategy fucked around with this message at 02:23 on Dec 2, 2019 |
# ¿ Dec 2, 2019 02:20 |
|
Is there a good repository out there for best practice ways to fix certain security issues? Like maybe a general outline of "Hey you have a problem: x, y, and z probably need to be checked and you probably also might want to do a, b, c." I mean you can just google or research individual items like "I have a rogue AP, what do I do?" or "I've been rensenwared, how do I score enough to get my computer back?", but I haven't found a knowledge base of generalized trouble shooting/remediation/eradication best practices.
|
# ¿ Dec 16, 2019 15:43 |
|
My company has been fiddling around with adding Security Onion to our infrastructure as a kind of rolling project, where it'll be sweet once we get it working and configured properly, but we're not really investing serious time into getting it up and running. While combing through the logs today my boss came on this event that repeats every so often. code:
|
# ¿ Dec 20, 2019 21:17 |
|
Sickening posted:Far too often in my career at least, have I come across infosec personnel who aren't technical and that is kind of insane. Is that a not-technical in that they know what is a bad thing but don't know how to remediate or why? As in "Maybe we shouldn't have telnet on this machine as the only way to communicate, but I don't know how to have the machine use only SSH on it?" or in the sense of "I know telnet is bad because books say its bad, but I don't know why telnet bad"
|
# ¿ Dec 21, 2019 19:11 |
|
Subjunctive posted:this, for example, is amateurish and dangerous I can't remember, but there was some sort of thing this thread says about rolling your own crypto. I can't remember for the life of me, was it, always roll your own?
|
# ¿ Apr 8, 2020 01:23 |
|
Discussion Quorum posted:
I don't know your situation, but it sounds like if they're using the finance guy to also be the IT architect and they're also using an outside vendor as some sort of break/fix guy. Then priority 1 should probably either getting them to get rid of the contractor and spring for an actual IT dude to set you guys up or buy a better contract that allows for the contractor to basically architect, admin, and setup your infrastructure.
|
# ¿ May 16, 2020 16:21 |
|
Sickening posted:Okay folks, a business under my parent company is wanting to use a security vendor based in the Ukraine. Would you say no based on the region alone? If you do any sort of government contracting that'd be a no-no in a lot of situations.
|
# ¿ Jul 6, 2020 19:06 |
|
CLAM DOWN posted:Yeah, every single org out there has issues with Least Privilege access, and I guarantee you that every org has lower level employees with elevated rights that they shouldn't have. Twitter, Uber, MS, your own company, etc. Nope, sorry Clam, my company is perfect in its privilege access. I have access to do and see everything, and everyone else doesn't
|
# ¿ Jul 24, 2020 18:24 |
|
Combat Pretzel posted:Anyone here using Zerotier? Opinions? Toying with alternatives to Wireguard that don't rely on DDNS. Currently using Zerotier to network all of our compute. I haven't really had a problem beyond learning how to do the initial setup. The biggest annoyance is remembering to prune network entries when we shut down end points so we don't accidentally fill up our allowance of entries.
|
# ¿ Jul 25, 2020 16:21 |
|
Sickening posted:He is either lying his rear end off because he couldn't think of one or there are small companies out there they make their own. It may not be so preposterous. My company took one of our own products we developed for sat-com purposes and has a reoccurring project which we have an intern and a full time engineer transform it from a sat-com monitoring software into a gen use network monitoring software. We're currently dog fooding it and I don't know if it would have been better to have just forked out the money for solar winds or something, but I guess it gave the intern something to do. I mean, what is a siem but basically a collection depot for a bunch of your logs right?* *I have never worked with a siem, don't hurt me.
|
# ¿ Jul 28, 2020 20:41 |
|
The Fool posted:I mean, theoretically there are a bunch of analysis, alerting and reporting tools built into it as well. Wouldn't that just be graylog?
|
# ¿ Jul 28, 2020 21:17 |
|
CommieGIR posted:Insurance Companies don't like the risk of running afoul of the State Department/Treasury are you not allowed to negotiate with terrorists?
|
# ¿ Oct 1, 2020 20:16 |
|
Ah! But what if your info-sec guys are your regular admins because your company cheap AF!? What then?
|
# ¿ Oct 20, 2020 18:41 |
|
Internet Explorer posted:Then they are sysadmins first and infosec people second. I do sysadmin work and I am the most infosec minded person on my team, but I do not consider myself an infosec person. You've basically just described how we have handled infosec as an industry for the past.. well ever. So in your opinion is the actual difference in practice between an "info sec person" and a "sys-admin that just does a bunch of info sec stuff", is not violating a separation of duties concept?
|
# ¿ Oct 20, 2020 18:57 |
|
So what does MITRE ATT&CK actually entail. I went on the website and it just looks a easier to comprehend vulnerability wiki?
|
# ¿ Oct 29, 2020 03:06 |
|
droll posted:I don't like SaaS that sends emails to all my business users from their domain but with one of my user's first and last name in the From:, because that's basically how phishing attacks happen (typically the phish leverages our CEOs name). I don't think I can even whitelist/prevent the warning that Gmail slaps on the message "be careful, this matches someone in your org but didn't come from yourdomain.com". Am I wrong to be annoyed by SaaS vendors that do this? Definitely not, we got hammered hard by people doing that trick so we implemented quarantining of any message where the from line is one of our guys name, but the domain isn't @ourbussiness. While it stopped pretty much every the vast majority of phishing attempts, the only thing stopping us from just ignoring the quarantine entirely is that a lot of our cloud services do that exact thing.
|
# ¿ Nov 3, 2020 20:09 |
|
The hells a hunt team? Some sort of offensive cybersec dudes? Why would bussiness want that kind of liability?
|
# ¿ Nov 5, 2020 05:07 |
|
My follow up question: whats the path so you can get paid to do that look like because that sounds fun
|
# ¿ Nov 6, 2020 03:44 |
|
How does DLP work on the backend? Never set one up before is it basically just a hook to your mail/printer/scanner/what ever that looks for really common regex patterns for pii like ###-##-#### in the case of socials?
|
# ¿ Nov 12, 2020 16:28 |
|
drw posted:Hello Infosec, I am looking for a goon guide on privacy. VPNs, secure email, browsers, extensions, password managers. I am about to unplug my google home and I need to know where to go next. Get rid of facebook, linkedin, and twitter. Then scrub your posting history of pii
|
# ¿ Nov 13, 2020 05:08 |
|
CLAM DOWN posted:my domain is contoso.com and the shared enterprise admin account is ntP@ssw0rd! Thats my domain too!
|
# ¿ Dec 14, 2020 21:56 |
|
Sickening posted:This mess with solar winds isn't getting enough attention to be honest. Its one of the biggest security blunders in infosec history. even bigger than when a bunch of CIA tools got leaked like two years ago?
|
# ¿ Dec 15, 2020 19:41 |
|
SpaceSDoorGunner posted:What sort of entry level jobs should I be looking at as someone interested in infosec but without a CS degree or professional experience? Helpdesk/Sysadmin. My experience in the infosec job hunting market was "get bent unless you have experience with certs or a degree" edit: I have my first infosec role after a degree, two years experience, and a sec+
|
# ¿ Dec 17, 2020 21:31 |
|
What is the common perception on running 'blind' phishing tests on employee's? Wouldnt you be better off running tests against your IT team to see if they can pick up indicators of compromise or if their tech controls can pick up phishing emails and for your employees run awareness campaigns and training?
|
# ¿ Dec 24, 2020 20:59 |
|
Martytoof posted:Yeah I was flabbergasted when I saw some photo yesterday of a staffer’s unlocked desktop with Outlook open. Have remote kill switches for your desktop computers in case of rioting and evacuation?
|
# ¿ Jan 7, 2021 18:31 |
|
DrDork posted:You're mistaking the difference between what should be done for proper and correct security (toss and re-buy) vs what they will very likely do on the grounds of expediency and price (reimage and hope for the best for anything not directly connected to a classified network). Out of curiosity what is/would be the SOP for using refurbished computers from known vendors? I assume if you went and got a bunch of Refurbished Thinkpads from IBM/Lenovo that it would be as "good" a source as a brand new laptop from IBM/Lenovo. I know that you probably shouldn't source refurbs from "bobs discount laptops", but from Dell/IBM directly should be fine right?
|
# ¿ Jan 8, 2021 00:31 |
|
DrDork posted:In a secure / government application? Pretty simple, usually: So I suppose "from factory" laptops are certified not-tampered with before being boxed and sent to whom ever? I suppose you have to extend some level of trust to certain high level manufacturers that they don't have an adversary on their manufacturing line screwing with stuff, otherwise you wouldn't be able to get anything done.
|
# ¿ Jan 8, 2021 00:56 |
|
Ellipson posted:One of my favorite examples when talking about usable security is nursing station computers. Styrofoam cups over proximity sensors, anti-idle scripts, the works. A little more fun than the same slide of tire tracks/footprints going around a gate, anyway. What does Styrofoam over prox sensors do? Stop people from attempting to lift the wireless exchange?
|
# ¿ Jan 9, 2021 19:37 |
|
I was confused about what he was talking about, thought he was talking about an NFC or other some such tap to log on/enter thing, not a REX/keep alive thingy. Now to answer your second question, no I dunno how a styrofoam cup would prevent leakage of signal, but it wouldn't be the most insane thing I've seen/heard of.
|
# ¿ Jan 9, 2021 21:06 |
|
$current_company is using a security onion that's been installed on a decommissioned proxmox hypervisor as an IDS. It's the only vm on the box and its setup to have far more than minimum specs, and squert runs really slow at bringing up events. Normally, I wouldn't really care, but for my sins, I've been told I am now solely responsible for the IDS. So slow as poo poo was fine when I only had to check the thing once a week, but its aggravating at 5-10 times a week. So anyone with experience with SecOnion/SQUERT my question is: By nature does Squert always take about ten minutes to pull up events in a ~100 user environment[number of events?] If not I'm thinking it's because its on a five year old hypervisor, and see about getting a smaller, but newer box to throw it on.
|
# ¿ Jan 11, 2021 17:24 |
|
I might be able to rope together money for a budget to get an actual purpose built IDS instead of this frankensteined security onion. Anyone got recommendations?
|
# ¿ Jan 12, 2021 18:41 |
|
Internet Explorer posted:You'd be amazed at the small amounts people will fold for. Lots of people already have a hard time saying "no" to people, especially people who are nice to them. We had a dude from the FBI come speak at my college once. He said a lot of people they end up catching where cheap dates and if you[college students] are gonna be selling out the country at least aim higher than a couple hundred thousand. It was a pretty cool talk. edit: Although in retrospect, I should have asked "Wouldn't it be harder to bribe college students if we didn't start in a job market with crippling debt in the first place." Defenestrategy fucked around with this message at 19:49 on Jan 13, 2021 |
# ¿ Jan 13, 2021 19:47 |
|
Whats wrong with using hardware token auth? Not a lot of support for it?
|
# ¿ Jan 18, 2021 16:30 |
|
|
# ¿ May 8, 2024 14:09 |
|
Well, my third week of being head and only IDS janitor and I found something far more nefarious than porn dns requests, Spotify, and false positives about SQL injection. Passed it along to people who make far more money than I do. I found evidence that a client had some malware that was beaconing out to a cnc server and the cyber guys confirmed my suspicions and are currently dealing with it. I finally felt far more useful than a humble computer janitor.
|
# ¿ Jan 20, 2021 23:36 |