IT & Cybersecurity

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Recent Discussions

SOC as a Service - Artic Wolf
I've just adopted an Artic Wolf system in a new role. Does anyone have any experience using or have any best practices to share? There is a lot of information available. Want to get a laser focus and determine what is best to focus.
Cybersecurity Weekly: Zoom-themed phish, Joker malware resurgence, Citrix flaws
A new Office 365 phishing scam uses fake Zoom suspension alerts. Joker malware apps bypass Google’s security to spread via Play Store again. Citrix issues critical patches for 11 new flaws. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Office 365 phishing scam uses fake Zoom suspension alerts…
Career Change - Cyber Security
Hi all - I'm currently a project manager for government contractor, but have lately been thinking of making a career change and specializing in Cyber Security ( Incident Response or Pen Testing). Reason for the change, is that I want to be specialized in something and also the security jobs have been on the rise in my area…
Any Certifications Focused on Endpoint Detection & Response (EDD) or EPP
Hi guys. I've scoured the internet but have not come across this info. Besides the vendor-specific certifications are there any industry certs that focus on Endpoint Detection and Response (EDR), or Endpoint Protection (EPP)? As always, thanks for the tips, comments, and participation, etc.
Anyone take eLS WAPTX?
Today is the last day to get 25% off all the eLearnSecurity red team courses. I'm on the fence if I want to pay for this out of pocket so I can start it now, or wait until early 2021 when I can have my company pay for it out of the training budget. I've already used my 2020 budget for the MASPT course. Has anyone enrolled…
Win10 build 2004 - install it overnight
I went from build 1909 to 2004 yesterday & it took a very long time to install, like 5-6hrs...on a 3yr Dell laptop, i7, 16gb RAM, SATA hard drive...This update must be YUGE! Just wanted to let you know before you update to that version that it might take awhile & probably best to do it overnight while sleeping :) Very…
role change
hi so after some thoughts here please? background is about 18 years in systems admins roles and later working with infosec people unofficially. got myself various certs sscp, ejpt, iso27001LI, cysa, sec+ in 2018 I moved into a role as an information security officer leaving technical behind but I had a good background for…
Cybersecurity Master's vs. OSCP
Hey, I'm currently deciding between two options and would like some advice. A little background about me first. Like many, I'm trying to break into the Information Security field. I have a degree in Information Systems and I work in technology as a Business Analyst (not security related at all). I also recently completed…
HTML Injection/XSS Question
I'm attempting to inject code into a form (scripts, etc.) to test for XSS and others. I've tried dozens of things including the usual <script>alert("XSS);</script>. The only things that have worked are:* <h1>test</h1> * <font color="red">test</font> * Unicode HTML Encoding (I can replace letters, but characters, such as <,…
'Sophisticated state-based' cyber attack hits Australian government and businesses
Headlines today in Australia are all about cyber attacks! The Prime Minister revealed that 'Sophisticated state-based' cyber attack hits Australian government and businesses. https://www.abc.net.au/news/2020-06-19/cyber-attack-no-australian-government-organisations-explained/12373190
Help!! Pulling My Hair Out With WireShark's Payload Section
So in the screenshot included WireSharks Payload section is always squished into a very narrow column. In my job I have to analyze information from this section all the time. The thing is that information in this section is wrapped so that what you read in one line breaks off and continues on to the lines below it. It's…
Any Reason Not To Block Malicious IPs?
We were in review of SOC playbooks a co-worker noted on one of the steps "No need to block malicious IPs. The attacker will just get a different IP address and keep attacking". Beats me, as at all the previous SOCs I worked at we always blocked the bad reputation IPs to execute containment. Ok, I wanted to be really,…
Upgrade from Win 10 Home to Pro
Good Evening All, I am wondering if you can possibly assist I want to upgrade from Win Home to Pro. When I try and setup I get the following error message:- Does anyone know how I can resolve this? Kind Regards Rob
Disabled JavaScript
This morning, while drinking my morning java, checking geek news sites for the latest and visited The Hacker News website...I had decided to disable JavaScript in my Brave browser and low and behold...it seems a hacked banner is enabled if you go to their site with JavaScript disabled...I have seen 2 different banners (one…
checking in, looks like a new website
Hey group, I managed to pass my GXPN and then passed a blackhat course. I havn't been around for a while. I'm still working on my python scripting expert and my coding skills have improved. hows life? ~J
Take a shot at some SOC Playbooks
Just going by experience which steps do y'all think should go into these SOC playbooks? The use cases are from the top 10 you would usually find in an average-sized SOC. #1 Abnormal number of failed login attempts. #2 Abnormal Number of user accounts created. #3 Abnormal Number of Distinct Emails Deleted. #4 Abnormal…
Wha are few US public universities offering Masters In Cyber Security
With such a shortage in qualified cybersecurity workers in the US population I'm baffled at why their are so few public universities offering Masters degrees in cybersecurity. For instance, all throughout the state of Texas, only UTD (University of Texas at Dallas) offers a Masters of Science in Cyber Security, Technology,…
Discounted The Cyber Mentor training on Udemy
Don't know how long these discounts will be valid, so jump on it. https://www.udemy.com/course/practical-ethical-hacking/?couponCode=AWHALEOFAWASH https://www.udemy.com/course/windows-privilege-escalation-for-beginners/?couponCode=ESCALATETHIS
RDP Honeypotting: An experiment
I came across this article today, which I thought was super interesting. The author conducted an experiment where he stood up an RDP honeypot on his experimental network with a Windows VM. He ended up sniffing out a few attackers using various methods and tools to hack their way through his VM. Super interesting stuff!…
Typical Cloud Security Career Path
I'm considering specializing in cloud security. What do you folks experienced in cloud feel the typical career path is like, and which qualifications are recommended to reach each level?
How Can You Tell If A SQL Injection Attack Is Successful
Heh guys, How can one tell if a SQL Injection Attack is successful? For all the searches I did on SQL Injection attacks they always describe how it works and how to prevent it but not how to tell if it was successful or not. Does any of you experienced folks know how to tell whether a SQL Injection attack was successful or…
AWS SAA interest while working in cybersecurity advisory
So my AWS SAA is expiring in December and I'm no longer actively involved on AWS related tasks. I still have the knowledge but I don't see the value in maintaning or upgrading a cert just for the sake of recognition. Another part of me is thinking that keeping an AWS cert can prove quite helpful as you never know what…
Anyone ever tried exporting cc Libraries from Adobe creative Cloud?
Good afternoon tech fam! Currently I'm facing a situation that's kicking my can. I have a user that was fired from one of our teams that utilize the Adobe Creative Cloud Suite. He saved everything in the cloud(Which was was advised not to do) and now I have to transfer this data to another user's account. I transferred the…
Big data science
What is Big Data? Does anybody have recommendation on books. thank you
SIEM Alerting on Successful Logins From Outside Domains
Our new SIEM tool called SecureOnix seems to be alerting on successful logins from external domains. Does anyone have a clue on what might be causing this? Our domain is ourcompany.com. So Becky Sue who, when employed with us, used to have a corporate email becky.sue@ourcompany.com has already left the company. However…
CEH vs eJPT vs Pentest+ for a (relatively) newcomer to pentesting?
I'm looking to include some dedicated effort to honing my skill as a pen tester while carrying on with the rest of my studies. At the moment I am heavily invested in Cloud Security, specifically on the governance and compliance side of things, with a big focus on cloud infrastructure security, but I'm keen to take this up…
Testing an application built with MS Access
Has anybody tested an application built with MS Access? If so, which tools did you use? What did you test for?
Best Course on Vulnerability Management/Assessment
hi guys....so who has the best course on vulnerability management or vulnerability assessment. Please do not recommend anything from Cybrary!!!
Networking problem
Hi A random networking problem I am encountering- Recently my wifi seem to be a bit off, especially on my phone and little problematic with my Laptop. The TV's seems to unaffected. When I scanned my LAN on a Network Analyser I appear to have two routers, one addressed 192.168.0.1 and 192.168.0.10, they both have different…
What Is A Good Security Awareness Training Solution For a Small Company
The new startup I work for has less than 100 employees guys. We've been hunting for a convenient security awareness training solution. Can you all recommend one that is easy and affordable? Again, it's a company with less than 100 employees. Thanks in advance for the participation, comments, and tips guys.
Basic SIEM That Isn't $plunk
Long story short, I'm in a pretty small company that likes to bite off more than they can chew. We're slated to have some corrective actions in account that we acquired compliance with ISO 27001. We don't have any log management nor any SIEM capabilities in place right now. The auditor told us before that manually scanning…
Steps to land a job
I have a Bachelors degree in Cybersecurity that I finished last fall. I am trying to make a career change from an auto technician. I also have A+, Network+, and Security+ certs. I have been unable to land a job. There seems to be no such thing as an entry level cyber job (the hope would be a SOC role). There is a skills…
What software to create a Windows 10 ISO with preinstalled software on it?
I did a quick google search and there are so many way to create a custom Windows 10 ISO. What is the easiest way to do this? Thank you
Cybersecurity Weekly: Travelex pays ransom, Maze hacks HMR, Microsoft buys corp.com
Travelex paid $2.3 million ransom to restore operations after a ransomware attack. The Maze ransomware gang discloses data from drug testing firm HMR. Microsoft buys corp.com so bad guys can’t. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Travelex paid $2.3 million ransom to restore operations…
Passed eJPT
Wanted to share my experience to help others who are coming down the same road. I started the eJPT journey while still in IT Audit. Wanted to expand into pentesting to be more technically aware of relevant risks in my org. I first became aware of OSCP and when looking at the prerequisite knowledge figured I wasn’t actually…
Fire, Fire, Fire!
as Beavis would say! https://www.techspot.com/news/84799-twitch-streamer-pc-build-goes-up-smoke.html Better get on your A+ certification buddy! LOL!
Cybersecurity Weekly: LokiBot spearphish, Marriott breach, Zoom vulnerability
A spearphishing campaign exploits COVID-19 to spread LokiBot infostealer. Marriott suffers a second breach, exposing data of 5.2 million hotel guests. A new Zoom hack lets attackers compromise Windows and its login password. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Spearphishing campaign…
Free Udemy Beginner Pentesting Course - Practical Ethical Hacking
Hey folks, In one of the Facebook groups that I manage, one of the individuals had referenced a Udemy course for beginner level pentesting. I'm going through the motions of reviewing the course since I've had more time due to the pandemic. You can find the link below. It seems overall positive as its highly rated and has…
Generic high level Cloud security risk assessment checklist
I find myself this week with a bit of free time so I want to improve my tools and checklists (for consulting purposes) I want to create a generic checklist for cloud security, like a list of questions and answers to cross check if the cloud instance followed basic security sanity. Is there a generic list that you use or a…
Cybersecurity Weekly: Carding gang busted, Tupperware suffers cyberattack, Linksys under fire
Government officials shut down a huge credit card fraud ring. A cyberattack harvests card details from Tupperware customers. Linksys routers see more frequent cyberattacks as more employees work from home. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Russians shut down huge card fraud ring Federal…
HIPAA Assessments
For you all out there doing risk assessments for businesses has any of you done HIPAA assessments? How was the overall experience and the financial rewards in conducting these type of assessments and how do they compare with the other types of traditional risk assessments?
how to fix spectrum wifi ip configuration
If you have read the information given above in the following article, you are pretty aware about how to pay Spectrum pay bills. The best method to pay your bill is to contact certified spectrum customer Support Number.
Tool to generate a CSRF POC similar to Burp Suite Pro
Are there any free/open source tools that can do this? Unfortunately, I do not get Burp Suite Pro at work. If you know of anything, please let me know. If you don't know what I'm talking about, check out this video: https://www.youtube.com/watch?v=CXyrGQ8D1tU Thanks!
learning SIEM tool
Is there a good tutorial or a way to learn some of the popular SIEM tools? i know real world experience is much more valuable but to get the foot in the door any way i can atleast get the basics
Best certifications for IT Auditor with no other IT experience?
I have been an Internal IT Auditor (Senior, Manager, and now Director) for almost 10 years, spending a lot of time with SOX ITGCs. I got my CISA a long time ago, now I am looking for another certification to make me more marketable, but it looks like a lot of them require some experience in areas other than audit. For…
Cybersecurity Weekly: COVID ransomware truce, Sodinokibi selling data, Windows EoS delayed
A hacking group promises to stop attacking medical units until COVID-19 cools down. Sodinokibi ransomware data leaks are now sold on hacker forums. Microsoft delays Windows 10 1709 end of service due to pandemic. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Hacking group promises to stop attacking…
Ever Worry Your Co-Workers Will Hack You?
So at work not everybody works in Penetration Testing. Some of us are in audits, incident response, vulnerability management, etc. Do you all ever worry that the hackers (penetration testers) will use their skills and hack you, invading your privacy, or do you just trust them willy-nilly that they'll be 100% white hats?…
Cisco free security during CCoronavirus
Hello everyone it seem Cisco offer free VPN License and Cisco umbrella https://blogs.cisco.com/security/cisco-expands-free-security-offerings-to-help-with-rise-in-remote-workers
CQURE Academy
Hello Everyone. I don't know if this is the right place or not. However, I want to ask about the Coure Academy course "30- day Windows Security Crash Course". If anyone had taken the course, how is it? Is it worth it or not.
Cybersecurity Weekly: SSL malware campaign, Intel vulnerability, PwnedLocker decrypted
A new malware campaign employs fake security certificate updates. An unfixable vulnerability in Intel chipsets allows hackers to obtain protected data. Decryption is now available for PwnedLocker ransomware. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Malware campaign employs fake security…
Cybersecurity Weekly: Walgreen's leaked PII, ultrasonic Siri hack, Clearview data breach
Walgreen's accidentally leaked sensitive user data. Hackers can use ultrasonic waves to secretly control voice assistants. The AI firm Clearview lost billions of photos of users in a recent hack. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Walgreen's accidentally leaked sensitive user data…
Cybersecurity Weekly: Puerto Rico loses millions, Paypal phishing scam, new Emotet Wi-Fi worm
The Puerto Rico government was hit by a $2.6 million phishing scam. An active PayPal phishing scam targets SSNs and passport photos. The Emotet malware now hacks nearby Wi-Fi networks to infect new victims. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Puerto Rico government hit by $2.6 million…
How to do web scraping from java based website
Hello all, I need to pull a report from a java based website into excel. The website asks for start date and end date and generates the report based on the dates supplied, but the problem is, the source of the page don't show any details wherein i can use the details to pull the report through VBA. Is there any way we can…
Cybersecurity Weekly: Jeff Bezos hacked, DDoS defense firm admits to DDoS, TrickBot steals AD creds
Saudi prince allegedly hacked Jeff Bezos using WhatsApp. The founder of a DDoS mitigation firm admits to launching DDoS attacks. TrickBot now steals Windows Active Directory credentials. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Saudi prince allegedly hacked Jeff Bezos using WhatsApp Amazon…
Best Video Feeds To Display On SOC Monitors
I'm on the hunt to research and discover the best video feeds to use in our new SOC. These are feeds that provide relevant content for the SOC monitors so they can look interesting. We've certainly played around with a few we found through google however it's always better to pick the brains of the Cybersecurity family :)…
Cybersecurity Weekly: Card details listed for sale, new phishing attack spotted, Sprint support leak
Hackers list 30 million stolen payment card details for sale from the recent Wawa attack. Microsoft detects a new phishing attack that uses HTML attachments. Sprint exposed private customer conversations to the web. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Hackers list 30 million stolen…
Good Source For Non-Malicious Malware (Used For Practice/Testing)
Hello all, We just deployed a new group of devices (Firewall, IDS/IPS, and SIEM) tool in our environment. In order to help the process of testing out all the rules is their a safe reputable place where one can get affordable non-malicious malware with harmless payloads that we can use to test out the functionality of our…
Kali Linux 2020.1 Released
https://www.kali.org/releases/kali-linux-2020-1-release/ Looks like even more changes. Seems like they just made the last release. Hope this one isn't missing software like the last one. Best bet, at least for me, is to test it on a clean install rather than upgrade my older versions. Better to test it first.
Do you have local admin rights?
This discussion came up at work recently & the majority of the admins I work with do want to have local admin rights to their wkstns. However, majority of them do have elevated admin privileges when using their token. I really don't think it is necessary to have local admin rights on your workstation as it does create a…
Is there any equivalent to SANS Courses
Hi all, Is any equivalent from other vendors to the SANS Courses such as the ones listed below or does SANS hold the monopoly for these courses? I see that the SANS prices for their courses tend to be extremely high. SANS SEC501: Advanced Security Essentials-Enterprise Defender SANS SEC503: Intrusion Detection In-Depth…
Monthly Technical Account Manager Meeting Format/Template
Owwwkayyyy, I was tasked with designing a format/template that our MSSP was gonna start using to have monthly Technical Account Manager meetings with our clients. Ok, needless to say I have no clue what to put there or even where to start. When I google "technical account manager meeting template" I come up empty. So here…
Help with PC for penetration testing
I've been thinking about buying a new PC. I want more processing power, and I want it to be faster. I'd like for it to be able to handle multiple virtual machines without bogging down. I've been looking at some custom PCs on Newegg. I want 64 GB of DDR4 and a 1 TB SSD. Regarding CPU, what's better, i7 (or other Intel) or…
Need OWASP ZAP help
Any ZAP experts here? Hope I'm asking this correctly. I'm testing a site that uses a browser cookie for redirection. Is there a way to add that cookie to ZAP so I can actually scan the site?
Kali Linux 2019.4 Released now!
Looks great! Installing now. https://www.kali.org/news/kali-linux-2019-4-release/
eLearnSecurity WAPTXv2 - New Course Announcement
For those that are interested, elearnsecurity is coming out with v2 of their web app pentesting extreme course. I understand many here were not impressed with v1. So let’s see what the syllabus shows in version 2. Like all new elearnsecurity courses, there will be new sign up discounts and upgrade discounts from v1 to v2.…
Holding Multiple Jobs In Cybersecurity
I've heard this through the grapevine but not sure how accurate it is. I heard that there are some places in the US where you can have multiple cyber security jobs. They say the system is usually to have your one main job, then have one or two more additional jobs where you're paid on 1099 (self employed). Those jobs are…
Multi-Factor Authentication - SMS or Authenticator App?
Which do you prefer to use, and which is safer? I've used both. SMS is easy and doesn't require any app installation. Authenticator apps are supposedly more secure, but getting the app to work can sometimes be a pain.
Your 2020 tax scam training guide
Hold on to your W-2s and returns because tax season is on the way! As if deductions, exemptions and return distribution wasn’t enough, tax season becomes open season for cybercriminals hunting for sensitive information, credentials and even a direct deposit of your employees’ tax returns. To help you prepare your employees…
Cybersecurity Weekly: California school ransomware, Office Sway phishing campaign, SNAKE ransomware
A ransomware attack causes a California school district to teach with pen and paper for the week. A new phishing campaign is hosting landing pages on Office Sway. A new strain of ransomware targets business networks. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Ransomware hits, but doesn’t stop,…
Data Security Book or On line CBT recommendation?
I work in the data space and would like to either take some training or read a book in regards to data security / information security. Not really committed to a certification, but if the book aligned with one that would be fine... Thanks for any suggestions, pretty noob in this space. Which is pathetic.
Company Wants Audit - Not Ready
So my company decided they wanted to pull off the ISO 27001 audit and continue on their initial schedule even though I was brought on late and had to catch up late with everything they've been doing—along with learning/growing on the job. Things seem very bleak now due to the fact that my team of two shrunk to one and the…
Top cybersecurity predictions for 2020
Alright, it's about that time for some hot takes! We just published an article on the Infosec Blog that summarizes one security researcher's top cybersecurity predictions of the 2020 year. To summarize, here's what he put in his list: * Targeted ransomware attacks on the rise * Most nation-state attacks remain unattributed…
Cybersecurity Weekly: Wyze data leak, PayPal phishing scam, prison footage leak
IoT company Wyze suffers a data leak affecting millions of customers. An ambitious phishing campaign aims for more than just usernames and passwords. Security camera footage from a prison in Thailand leaks to YouTube. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Wyze data leak exposed personal…
infosec interview
hi all - I have an upcoming in-person interview with 2 persons (CIO & COO) with a small federal agency for a GS-11 infosec position. here's duties summary: Responsibilities As an IT Specialist, you will be responsible for: * Identifying and mitigating IT system vulnerabilities through testing, audits, and network…
Digital Forensics Course Insight.
To start, I have experience with eLearnSecurity from a WAPTv3 perspective. However, my new training budget for 2020 will be released soon and I would like some insight from those who have experience with the following two digital forensics resources. The first course option is eLearnSecurity Digital Forensics Professional…
One-Person Consulting Firms? How Are These Possible
The trend I've been noticing lately is the rise of 1-man or 1-woman consulting firms. Now at the monthly security group meetings one loses count of how many people are working as independent consultants. Yet, when they present their services to you it's a very long list like that below. So how is this possible for one…
Consulting Opportunities In Healthcare Security
Hello all, I thought to inquire if any of you know about consulting opportunities in Healthcare Security. These are opportunities related to the HCISPP certification. If you know of where, how, or who can provide information for getting into healthcare security consulting you have my gratitude in advance for sharing your…
Books on Cryptography
Looking for recommendations of books on cryptography. Something beginner-friendly will be apprciated :)
Compile first C++ program with gcc.
Hi, I know Ubuntu Studio has "gcc", and I want to use it to compile my first C++ program. Can you let me know the steps to set "gcc" to work perfectly for my first program? Do we need to set any "environment variable" in the OS? Back in college, I needed to set "class path" for my Java programming, and I am guessing there…
OPSWAT security certifications
Just wondered if anyone has started their free courses, I will definitely check it out in Jan as I am on vacay from the certification realm. https://opswat-academy.teachable.com/courses
Humble Book Bundle: Data Science
I just wanted to make everyone aware of the active Humble Book Bundle right now. It's got some solid Python, JavaScript, R books, and several others - ends in 5 days! Be sure to check it out!
25 Days of Christmas Hacking Challenge
This may be a little late, as it started 18 days ago, but all challenges are still up, so there's plenty of time to do them. A new one will get released everyday between now and Christmas. Most of these are really entry level, but for someone trying to learn pentesting, it's pretty fun. Plus you can win things like an…
Pentesting in Cloud (Azure)
Good day all, I'm looking for recommendations on penetration testing tools I can use for assessments in cloud environments, specifically Azure. I know practically most tools used on-premises can be used in the cloud, but ideally something like a Netsparker for Web Applications, etc. Any recommendations?
Dumb RIPv2 question
Running through refreshers for my CCENT, and I know how to config ripv2 and get it running. But how do you turn it off? Do you just ________________________________ en config t router rip no network **** no network **** _______________________________ or is there a global command to kill it all like No Rip?
Window 10 - Password Removed but still asking for password
My son got his laptop locked again. Actually he got this problem several times for bad memory. It is no big deal as there are dozens of tools that can reset and blank the account password. However, this trick no longer worked on a new Dell laptop. The computer still asks for password, which was blanked previously. Does…
Cybersecurity Weekly: Ethiopia stops DDoS attack, Floridian city recovers from BEC, and more!
Ethiopia foils a mass cyber hacking attempt with prompt incident response. A city in Florida recovers almost all monetary losses after a BEC scam. A bug is found in a popular bug bounty platform, earning a bug hunter $20,000. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Ethiopia foils mass cyber…
Cybersecurity Weekly: Gas pump hidden cameras, insecure smart TVs, ransomware recovery
Hidden cameras found at gas station pumps in conjunction with card skimmers. The FBI warns consumers about security issues in smart TVs. The State of Louisiana prevents any data loss and pays no ransom in a recent ransomware attack. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Hidden camera above…
Azure Rights Management - Anyone using it?
Hey Folks, I'm in the middle of transitioning from my current infrastructure engineering role and pivoting to an architecture/strategy position here at my organization (enterprise) with a security lens. One of the projects that I have been placed on is to design on paper the use of Azure RMS and exploring on how we can…
Bug Bounty
Hey Everyone, I'm interested in learning more, how to make money with bug bounty. I would like to start the pen-testing side to my security career. I'm looking for a good book to get me going.
Any others Linux only?
Desktop has been on Ubuntu since 2014-ish. Work Laptop also Linux for as long as I can remember. I do have a Windows 7 instance in a VM for some Office document compatibility--though considering crossover Linux before EOL next year just take it out back and shoot it. Free as in freedom, though I've enjoyed the beer along…
Wireshark version 3
Hi Everyone, I just got a report from a client's security consultant saying that traffic going to my server is being denied. The transport listed on the report is: TCP and UDP Question: What would be a correct approach to determine the cause and come up with the fix? I'm new to Wireshark and hope someone could share the…
Question for other Penetration Testers
So, at the beginning of the year I managed to get myself into a penetration testing position. Doing red-team work is something I'd always thought had the potential to be lots of fun. I knew there would be quite a bit of paperwork, but still... I figured the thrill of popping a box / domain would more than make up for it…
Security Awareness Promo Items
After attending Inspire 19 I am interested in trying the promo "fish squeeze balls" as encouragement prizes for users who are active in participating. As an MSP this is not something I have a budget for (we provide SAT for our customers for free already). Any other companies interested possibly going in on an order that is…
DevSecOps Resources and Training
Can anybody recommend any good resources and training for learning about DevSecOps? I've read most of what Tanya Janca has written. I also know about https://devsecops.org/ I also found this recently, which is very good: https://techbeacon.com/devops/3-ways-qa-pros-can-lead-quality-driven-development-devsecops-world Would…
Free (for the next day or so) Burp Suite course
Found this on Twitter: https://twitter.com/PeritusTraining Go to their site to register: https://training.peritusinfosec.com/ Use the code DIWALIGIFT to get the course for free. Their Twitter post says it's free for the next 72 hours. They posted on October 16, so the code may expire today. I can't speak for the quality of…
Cybersecurity Weekly: Equifax default password discovered, NordVPN breach, Army retires floppy disks
A default admin password was used to “secure” sensitive data at Equifax. NordVPN suffered a data breach, exposing private encryption keys of some of its users. The U.S. Army moves on from an 8-inch floppy disk computing system. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Equifax used default…
How to satisfy this control?
Long story short: company went through a review for ISO 27001 and was recommended to employ a SIEM. We're using Symantec for our Anti-Virus and I'm thinking I might be able to find something that supports the SIEM functionality from them. There's just one problem: the auditor said the SIEM must support some protection of…
Cybersecurity Weekly: Hacker reveals black market credit cards, Linux Sudo flaw discovered and more!
An anonymous hacker reveals 30% of the stolen credit cards on the black market. A Sudo flaw has been discovered that allows all Linux users run commands as root. A cybersecurity blogger experiments with an RDP honeypot. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. When card shops play dirty,…
your go to cybersecurity framework? ISO 27001 vs NIST CSF
I've been doing more and more cyber maturity assessments lately, and this question comes up every now and then. What's your take? if you're to do a fresh assessment for an environment, would you start with ISO 27001 or NIST CSF and why? Or would you start with CIS 20 and then assess later after some baseline has been done?
WGU BS Cyber security info and assurance vs BS Net OP + security
so coming from a mostly sales/marketing/business development background, I want to finally finish my BS I had changed courses many times but ended w psychology and fell short of the the requirements(I just wasn’t as focused back then) Now that I’m looking to get into the cyber sec field which would be better a better…

Welcome!

It looks like you're new here. Sign in or register to get started.