|
Here we go...
|
# ¿ Feb 2, 2021 21:20 |
|
|
# ¿ May 11, 2024 10:00 |
|
From what I've heard from people who have the CISSP is that is it far more of a "managerial cert" than it is a technical one. If you are looking for high value (vendor agnostic) technical certs I think beyond the basic Security+ and SSCP, you're going to be looking at the SANS or GIAC track of certs (GSEC, CEH, GCIA, etc) I have heard good things about the CCSP, but then again if you pump CCSP into indeed or linkedin or whatever then you're going to see less matches than if you search of the comparable AWS or Azure cert.
|
# ¿ Feb 4, 2021 18:14 |
|
CLAM DOWN posted:Oh weird, yeah each class includes a day-long CTF now. It's so much fun, I won the SEC530 one and got a rad coin (it was Blade Runner themed) Holy gently caress that's cool
|
# ¿ Feb 4, 2021 22:05 |
|
CommieGIR posted:Speaking of ICS and Infosec quote:The computer system was setup with a software program that allows for remote access I bet you $100 it was the free version of TeamViewer
|
# ¿ Feb 9, 2021 01:02 |
|
spaced ninja posted:“These days”. It was probably installed 15 years ago, but yeah it was teamviewer. TeamViewer has gotten better about their lovely swiss cheese program, but we're talking about ICS infrastructures here. They're frozen in time for 10+ years because they run on some way outdated protocol.
|
# ¿ Feb 9, 2021 01:31 |
|
|
# ¿ Feb 9, 2021 06:39 |
|
Internet Explorer posted:I'm really struggling recently. Not exactly a new phenomena for me, but I guess like CLAM, I I fluctuate. I don't work strictly in infosec, but I have generally been the most infosec-minded person in my travels. I'm at the point where I don't know what I want to do next in my career, but I really wish I could just get away from anything even remotely user facing. Security seems like a logical next step, but I'm starting to realize that I think I've had ADHD my entire life and the idea of studying for a cert is just absolutely dreadful. The general depression that this world is bringing on isn't any help. Let me ask you this, outside of the idea of studying for a cert being dreadful, if you actually sat down to do it, do you think you could get through a whole chapter in a single sitting and walk away from it knowing what that chapter was about?
|
# ¿ Feb 12, 2021 06:33 |
|
Volmarias posted:I'm not a lawyer, but I assume that since it's his product, he's pretty publicly announcing this, and the onus is on Celebrate to fix their poo poo, they have no leg to stand on. In the other hand, their clients are cops so he might get raided and have his entire everything ransacked and stolen as revenge and then be shot for "resisting arrest" so who knows. There's an interview with Moxie where he says he is often detained at airports for hours at a time often for no reason at all other than who he is. He seems pretty unfazed by it at this point.
|
# ¿ May 20, 2021 19:23 |
|
KillHour posted:The new place my SO works for implements two factor on their VPN with an automated phone call. To a softphone. On the same computer you're connecting from. if it's Duo, then go into the Duo settings and change the number to your cell phone and set it as the primary contact.
|
# ¿ Nov 3, 2021 00:00 |
|
CLAM DOWN posted:That's not true. We've dealt with similar issues for our provincial privacy requirements in BC. The legal owner of Azure here is Microsoft Canada, not Microsoft USA. We do not fall under the Patriot Act for exactly that reason. It's safe to assume there's a similar setup in Europe. If you're referring to FIPPA or PIPEDA, it should also be noted that both regulations originally covered data in transit and data at rest for data residency, however had to be amended to cover only data at rest since no service provider or ISP could guarantee data in transit not being routed through the US (It would cost the big 3 some amount of money to expand and make their network more resilient so they outright refused). So yes while Canadian data does reside inside Canadian data centres (one in Toronto, and one in Quebec City), it is almost guaranteed to be routed through the US to get to you. And let's not pretend that the US gov't isn't willing to do shady things to collect data It's not a great solution, but blame our lovely telecommunications cartel. MustardFacial fucked around with this message at 19:06 on Sep 23, 2022 |
# ¿ Sep 23, 2022 19:03 |
|
CLAM DOWN posted:which as you can guess severely limits our options for a lot of products/vendors. I have to yell at people everyday to stop using trello and slack because they're not compliant so I feel your pain.
|
# ¿ Sep 23, 2022 19:17 |
|
CLAM DOWN posted:We recently discovered a team using WhatsApp and I was just like, wtf Someone told me yesterday that Slack shouldn't be on the ban list because they're a Canadian company.
|
# ¿ Sep 23, 2022 21:08 |
|
I applied for Cybersec Analyst position and got it (been a sysadmin for years and always security-first, but never actually done an infosec job). I was hyped for it from the beginning but then when my future manager called me to tell me that I got it and what to expect he mentioned that I'd be enrolled in a couple SANS courses, some SEIM training, I'd have to get my CISSP at some point, what my colleagues specialize in and mentioned that one of them has a SANS Challenge Coin. Since then imposter syndrome has hit hard and now I'm wondering if I am even capable of doing this to their level. I'm 2 years younger than the manager and at least 5 years older than everyone else on my team. I haven't even started and I'm already feeling behind an unable to catch up. There is so much stuff I don't know how to do, and even more that I only have a general understanding of.
|
# ¿ Aug 15, 2023 16:43 |
|
Nuclearmonkee posted:Extremely this. Just like in any part of IT or any job really, there are a lot of people going through the motions and the minority of them will be those individuals you are comparing yourself to in your head. some kinda jackal posted:Every day I'm amazed I've managed to trick people into believing I have a marketable skill, going on a decade plus now. Welcome to the gang. Internet Explorer posted:Congrats! And also, you'll be fine. Deep breaths. After a few weeks you'll be wondering why everyone you work with is so bad at their job. :-D Thanks for trying to put me at ease and also for the welcomes. Ultimately, while I realize that I just have to take it slowly, one challenge at a time it's still going to be a big mountain to climb. I'll probably be posting in this thread a hell of a lot more to ask for advice lol. Sickening posted:The CISSP is an anomaly among certifications. It isn't technically challenging at all but holds more water than it should because its price and adoption. Sans stuff pricing is also extreme but seems less embarrassing from a difficulty perspective. From what I've heard, the CISSP is more of a management cert than it is for any real technical skills. I was going to try to get it a couple years ago, but the requirement for industry experience plus you need to know another CISSP to sign off on your work stopped that. CLAM DOWN posted:I'm extraordinarily proud of my SANS challenge coin, not just because I got 1st place in the CTF but because it's blade runner themed which rules That is so loving cool.
|
# ¿ Aug 15, 2023 18:53 |
|
I has been suggested to me by the IT Director that he would like to see me be the SME for M365 cybersecurity. I am less enthused about this.
|
# ¿ Aug 23, 2023 17:25 |
|
some kinda jackal posted:It should be suggested to the IT Director by you that you would like to see all the required Microsoft training in your calendar. I want the cool training in my calendar. I hate M365 and as someone who is extremely privacy conscious I do not like the idea of MS's push into AI services like CoPilot and Bing Chat Enterprise.
|
# ¿ Aug 23, 2023 22:22 |
|
If you don't mind spending the money, a Synology device with a couple NAS HDD's in it is probably the most privacy-centric method there is as the data does not leave your house, and you still get Drive-like features. Otherwise, an S3 bucket can be really cheap if it's only for documents and stuff but that's literally just storage, and it comes down to how much you trust any cloud provider to not OCR or scan your data (I'm sure you could encrypt it before you send it up to S3 to be extra safe.) Ultimately, we all pay to play. Be it in money, time, or privacy.
|
# ¿ Aug 29, 2023 17:11 |
|
Sickening posted:De-googling yourself is just choosing another party to sell your data at this point. Unless you build it yourself.
|
# ¿ Aug 29, 2023 22:47 |
|
Subjunctive posted:This is a recent thing though, since you used to be able to abuse gmail/gdrive for free to store a couple TB of data, if you went through the right hoops. You were doing so at the cost of your own data privacy though, that's Sickening's point. To expect free cloud storage that isn't going to siphon off all of your data is a fool's errand. When you're not paying for the product, you are the product.
|
# ¿ Aug 30, 2023 17:00 |
|
THESE MOTHERFUCKERS DON’T HAVE A WAF!!
|
# ¿ Aug 31, 2023 21:24 |
|
some kinda jackal posted:Not even a whiff of a waf? Not even a waft of a whiff of a waf.
|
# ¿ Sep 1, 2023 08:26 |
|
No, I am not.
|
# ¿ Sep 17, 2023 05:11 |
|
Anybody know of any good guides or info I can read about hardening Linux for PCI-DSS? I'm being included into a team to talk about it and while I'm not in charge for this group, I would at least like to have a general idea of which direction we should be going. [edit] I think it's Red Hat and Ubuntu. No idea on the versions.
|
# ¿ Sep 19, 2023 19:19 |
|
We use passwordstate and it kinda sucks. The core functionality works well, it’s just missing all of the quality of life features of a 1password or bitwarden.
|
# ¿ Sep 23, 2023 17:56 |
|
Tryzzub posted:https://static.open-scap.org/ssg-guides/ssg-rhel8-guide-pci-dss.html Thank you for this. It has been a lifesaver even if I have had to modify the built in PCI-DSS profile to more accurately fit our deployment.
|
# ¿ Oct 13, 2023 17:50 |
|
People need to stop using Wordpress. That is my conclusion from 2 weeks on SOC.
|
# ¿ Nov 4, 2023 04:52 |
|
Thanks Ants posted:Pass the token back and forth )) <token> ((
|
# ¿ Nov 20, 2023 07:34 |
|
TIL: Defender for Endpoint will send an informational alert to the dashboard if you plug in a Flipper Zero.
|
# ¿ Nov 22, 2023 00:51 |
|
Defenestrategy posted:My biggest headache this year has been navigating microsoft licensing and being pissed off that our current set of licensing doesn't include something and that requires an upcharge to PISS3 license or a Buttz1 license Oh hey we must work at the same place. Our PISS3 license used to be sufficient for everything, but now all new features are being moved up one tier.
|
# ¿ Dec 20, 2023 19:40 |
|
BonHair posted:It's almost like Microsoft has more or less a monopoly on a lot of stuff and they just keep upping the price, because your alternative is starting from scratch, and that's not going to happen. Also you would still need your PISS3 license to get all your bits to talk together and use your AD. Microsoft’s early investment in a GUI LDAP is still paying off today. Everyone used AD because it was easier to manage than the command line Linux LDAP and we’re all running off the skeletons for those original orgs to this day.
|
# ¿ Dec 21, 2023 18:35 |
|
Does anybody know if MS Defender XDR or Sentinel support YARA rules? And if so can you point me to some docs on how to enable them? Without going into too much detail, I found an Ivanti VPN instance on our network that nobody else seems to know existed before. So while they are tracking down who owns it/why/update it, I need to do some threat hunting for IOCs and all I've found so far are YARA rules. I don't really want to spend 2-3 hours translating these into KQL queries (if I even can, I don't think KQL will even support some of this logic).
|
# ¿ Jan 16, 2024 18:01 |
|
Mustache Ride posted:Yeah this has worried a few of our customers. The device has been remediated already according to those steps, and I had the IOCs from the Mandiant blog and it didn't look like the device was compromised. Thanks for the CSV though I hadn't seen those before, I'll run these against our firewall logs. Thanks again!
|
# ¿ Jan 19, 2024 06:12 |
|
Mustache Ride posted:Oh hey that Ivanti fix doesn’t actually work: https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/ Yes, I saw this. After my initial IR, it has been taken out of my hands and the higher ups have it now. we'll see what they choose to do.
|
# ¿ Jan 29, 2024 22:33 |
|
lol new Ivanti zero day just dropped. https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US Maybe just migrate to another VPN appliance at this point.
|
# ¿ Jan 31, 2024 19:02 |
|
I guess Ivanti is doing a full code review in light of the multiple 0-days, and are uncovering all of the bugs: https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
|
# ¿ Feb 9, 2024 18:52 |
|
Hed posted:I WISH I could get my flipper to do something useful like be an opener for my garage door or car doors I use mine to emulate amiibo’s. I tried to get it to unlock my car, but I guess the flipper can’t do rolling code or something 🤷
|
# ¿ Feb 14, 2024 08:21 |
|
Vibe check this statement for me:quote:I am always going to assume breach in all circumstances. Hedging your bets on "well the attackers would have to already be on the inside to exploit this" is in my opinion, an irresponsible stance for a cybersecurity professional. It's not 2012, perimeter security is dead.
|
# ¿ Feb 15, 2024 20:46 |
|
Internet Explorer posted:That's just a way of saying zero trust. I might be a little nicer about how I said it, but on the technical side it is good and true. While yes it is a proponent of zero trust, I've always used to in the sense of assuming an attack will happen, or is presently happening. I think of it more as a mindset to approach the field, and not necessarily as part of a framework. Sickening posted:Countless breaches happen because the "perimeter" was bypassed for the sake of employee personal convenience and delicate feelings. Yes I am bitter. Yes I had a developer so angry they almost cried because random loving terminal app their installed on their mac book pro automatically uninstalled and they weren't consulted/warned weeks in advance. While I totally agree with you, I don't have enough dedicated cybersecurity experience to make a statement like that. corgski posted:Perimeter security is dead and the average user is going to find workarounds for anything you do, well-intentioned or not, if they at all perceive you as being the enemy of them getting their job done. Yes that includes if their workflow depends on their special snowflake terminal application and suddenly it goes away. It's always the loving developers.
|
# ¿ Feb 15, 2024 21:13 |
|
Internet Explorer posted:That's just a way of saying zero trust. I might be a little nicer about how I said it, but on the technical side it is good and true. I could not think of a nicer way to say it while still being succinct so I had Copilot do it for me quote:In light of our evolving security landscape, I believe it is prudent for us to adopt a proactive approach in protecting our organization's data. Rather than assuming our current security measures are foolproof, it is essential to remain vigilant and consider the possibility of breaches occurring from both internal and external sources. Sickening posted:I wish it were true, they are just throwing the biggest baby tantrums lately. The industry small pivot away from kissing the feet of devs isn't being taken so well. My entire sysadmin, devops, and cloud admin career has been fighting against developers wanting some stupid bullshit approved, or complaining that SonarQube rejected their lovely insecure code, or demanding they be exempted from update policies because it "disrupts their workflow"
|
# ¿ Feb 15, 2024 21:23 |
|
|
# ¿ May 11, 2024 10:00 |
|
https://www.youtube.com/watch?v=fiCZP09F6FQ
|
# ¿ Feb 15, 2024 23:06 |