IT & Cybersecurity

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Recent Discussions

Cybersecurity Weekly: “Nice guy” hacker attacks Tom’s, programmer hacks hackers
A hacker encourages others to spend more time outside. A hacked programmer retaliates by hacking hackers who hacked him. A phishing incident results in a leak of personal information for 60,000 patients. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Toms Shoes’ mailing list hacked to tell users to…
Penetration Testers arrested while testing
Scope is everything when doing pen tests! https://www.google.com/amp/s/arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/?amp=1
Mobile security - What are you using, if any?
Just curious if you have any AV/Security Suite installed on your mobile phone. If so, what are you running or recommending? If not, you probably should, unless you put your phone in your faraday bag/pants every time you are not using it. On Android, I know that they include Lookout security on some versions. It seemed to…
Does anyone use AWS GuardDuty?
I'm looking for opinions from first-hand experience with AWS GuardDuty.
Name your fave top 10 Pen Test tools
I thought I would reach out to our fellow TE geeks and see what are your fave Pentest Tools that you use on the regular? And are they getting the info you are needing/wanting? If you know any cool pen test blogs that are worth a look, please post! CHEERS & Hi5!
Cybersecurity Weekly: Model response to cyber attack, Ecuador data leak, whistleblower phishing site
Arizona schools demonstrate the model response to a malware attack. A marketing analytics company leaks deep profiles of the entire Ecuador population. A new phishing attack targets the whistleblower submission site for The Guardian. All this, and more, in this week’s edition of Cybersecurity Weekly. 1. Arizona schools…
Marketing analytics company leaks deep profiles of entire Ecuador population
I've seen quite a few high-profile data breaches over the past few years, but none of them have really stuck fear into my heart quite like this one. The entire population of Ecuador lost data containing their name, SSN, banking information, employment information, and family members, all from a marketing analytics company!…
Webinar — The ROI of security awareness training | Do the benefits outweigh the costs?
Hey there, TechExams! We're hosting a webinar this Thursday, September 12th, and you're invited! Our very own Lisa Plaggemier will be chatting with Michael Osterman, President and Analyst at Osterman Research, about the costs and benefits of security awareness training. While you may see headlines for millions of dollars…
Cybersecurity Weekly: Worm eradication, Instagram hack demonstration, massive iPhone hack
As of this week, I've started writing a new series on the Infosec Blog called Cybersecurity Weekly! Each week, I compile ten recent news articles from the world of cybersecurity for your reading pleasure! French police remove the Retadup worm from 850,000 PCs with the help of Avast. A white hat hacker demonstrated how to…
Free Toolkit for National Cybersecurity Awareness Month
Hey there, TechExams! As you may know, National Cybersecurity Awareness Month is only a month away! To help spread the word about cybersecurity at your organization, the content team over at Infosec has been hard at work on these free employee training resources. Feel free to grab these from our site to hang up around your…
Learning Python
Just a quick question, im running through the basics concepts of Python through w3schools, but aside from that, does anyone have any good ideas on what types of programs i should know how to write in regards to networking. When i went through C++, aside from learning the concepts i stopped at shallow copy which is the…
Changing bulk .lnk target path to new one on domain pcs
I am currently in the process of migrating my file server to another file server. Each pc has a bunch of shortcuts pointing to the old server, example \\oldserver\folder\file under the C:\Users . I have looked into scripting something to change all of these target paths from \\oldserver\folder\file to…
Security around PCI, Credit Card and personal data?
Anyone know of any good training that covers PCI, Credit Card and Personal Data at the web / app layer. I am working on several projects and a huge gap for me personally is the API security layer. If it ties to a certification track that I may pursue down the road, even better. The main take away however is the knowledge.…
Are you ready for Cybersecurity Awareness Month? We got you covered!
Among many other things, October is National Cybersecurity Awareness Month! Are you ready to hype secure habits in October and beyond? If not, don’t worry — we’ve got you covered! Join our NCSAM launch party to get everything you need to motivate your employees to stay secure at work and home. Lisa Plaggemier, National…
Capital One breach demo
Check out this fantastic demo that walks you interactively through everything that led to the Capital One cloud fiasco. I'm definitely using this as a learning aid for my new-to-cloud security analysts. https://application.security/
Pearson Data Breach
https://www.fastcompany.com/90384759/pearson-data-breach-details-of-hundreds-of-thousands-of-u-s-students-hacked
Scripting training
so, I really don't have any background in programming...only a few Basic/Visual Basic courses from my AAS degree (yeah, back in 90's). I would really like to learn some scripting languages easily (Powershell, Python, Perl, etc)...I have only dabbled with batch files/logon scripts. Do you have a recommended…
Working in a SOC is so stressful that two-thirds of employees want to leave
"Inadequate budgets, a lack of visibility into network activity, and the pressures of managing a never-ending stream of operational data have turned security operations centres (SOCs) into highly stressful workplaces where 65 percent of workers are considering changing careers, according to new research that paints a…
Pushing Left, Like a Boss secure web app development tutorials by Tanya Janca
Excellent series for anyone interested in secure web app development: https://dev.to/azure/pushing-left-like-a-boss-part-1-4d9i
Getting an Error on upgrade Linux Mint
Hi, I have installed the Linux OS on my desktop. I'm trying to upgrade to Linux 19.1 however; I'm not having any luck. My computer is not recognizing the cd or the USB I made with the iso on them.Please help! Thanks Victor John
Facebook to pay $5 billion penalty over privacy breaches
Thought it deserves its own thread. Unprecedent fine apparently... https://edition.cnn.com/2019/07/24/tech/facebook-ftc-settlement/index.html Thoughts?
World's Biggest Data Breaches & Hacks
Pretty cool visualization. Something to share with teams or executives... https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
[Q&A] How the State of Kansas keeps employees & citizens cybersecure
Helping your employees stay cybersecure has its own challenges. Managing a security awareness and training program for an entire state takes those challenges and turns them up to 11. So how does the State of Kansas approach security awareness and training for executive leadership, sub-agency employees and citizens alike?…
Microsoft Excel 2010
Good Afternoon Guys, We have a spreadsheet that all users have access to but there is a issue once a user tries to open a link within the spreadsheet. Error as follows:- Run-time error '1004' - Unable to set the visible property of the Worksheet class Has anyone came across this and is there an easy fix? Thanks for you…
Infosec: A Leader in 2019 Magic Quadrant for Security Awareness CBT
Have you heard the news? Gartner named Infosec a Leader in the 2019 Magic Quadrant for Security Awareness Computer-Based Training. Get your complimentary copy of the report to learn about the top security awareness tools being used by infosec professionals this year. Download here » At Infosec, we believe knowledge is the…
Data Privacy certifications and knowledge?
Are you aware of any Data Privacy certification that's worth pursuing? I know of CIPP/E , but is there anything else? Do you have any experience with CIPP/E or CIPM? Also, certifications aside, have you done any work around 'data privacy' ? any good source of knowledge or training that you recommend? I want to get my hands…
C# - next steps after beginner phase in your opinion.
Just curious once you went through a few modules, courses etc.... What were your next steps? I've been going through some C# courses and building some really basic programs in VS. Working with branching, Methods, Classes etc... Not a strong grasp, but it's learning a language so it takes awhile. I was just curious what…
Join us today for a spirited debate on phishing training!
Are phishing simulations pentesting for humans or training? What’s more effective with those folks who can’t stop themselves from clicking on everything: “name and shame” or a private, personal coaching session? We’ve seen it all: organizations that have terminated internet access (or even employees) and employers that…
Looking for Small Business AntiVirus Solution
So I work for small business and have taken on most of the IT-related tasks by default (nobody was doing them before I arrived). The company has 19 employees with 12 having computers. As a part of beefing up our network security, I started doing some research on Business level Anti-Virus Solutions didn't get a lot of…
Security is no laughing matter. Wait…
Security awareness training is pretty notorious for being dull and boring, but what if you could find a way to get your employees to eagerly await each new lesson? Introducing the WORKed series from Infosec, which integrates humor into a live-action video series themed around cybersecurity. They’re just like your average…
Equifax CISO Jamil Farshchi's three-act, 'shared fate' security plan
Link: https://www.cyberscoop.com/jamil-farshchi-equifax-ciso-apache-struts/ New CISO has an impressive resume for sure. Interesting interview!
How to build security awareness & training to NIST standards
Earlier this week, Infosec released a new blog about building a security awareness & training plan around NIST standards. If you're looking to standardize your training program, check it out! Below is a snippet from the blog, or you can check out the full article here » Most security and IT professionals understand the…
Ways of extracting credentials from LSASS.exe ?
Do you know any other ways using one can extract credentials from Windows' LSASS? I am aware of: * Load and use mimikatz on a compromised machine * Use a c# implementation of mimikatz (to evade A/V) * Task Manager, right click on the lsass.exe process and "Create **** file". Then use mimikatz on your own machine against…
The Biggest Cybersecurity Crises of 2019 So Far
https://www.wired.com/story/biggest-cybersecurity-crises-2019-so-far/ And we're only halfway through 2019...
What have you changed with your own security posture?
Everyone is hacked...it's our daily IT news.... So, have you done anything about it? What have you improved on? Better social media security? Longer/complex passwords? Upgrade your firewall/router at home? Encrypting your own hdd's? Mobile device awareness (not jumping on free wifi, disabling bluetooth, AV), Password…
City in Florida pays hackers ransom
This is why you back up your files regularly. https://www.msn.com/en-us/news/us/florida-city-pays-dollar600000-ransom-to-save-computer-records/ar-AAD7SyN?li=BBnb7Kz
Microsoft to remove password expiration policy in Windows 10 1903
So Microsoft will be removing the password expiration policy in the 1903 May update, opting instead to simply urge users to use "more modern and better password-security practices such as multi-factor authentication, detection of password-guessing attacks, detection of anomalous log on attempts, and the enforcement of…
League of Legends can teach us a valuable lesson about cybersecurity
I stumbled across this article the other day, and was surprised to find a valuable lesson in it! For the uninitiated, League of Legends is an online "battle arena" style game that relies heavily on working as a team, and usually a loss can be attributed to a weaker link in the team. As usual, the team is only as good as…
Python Challenge 1
Write a function called "traffic_cop" for enforcing the speed limit. The function should take one parameter named "speed". The parameter "speed" shall be of type integer. * The speed limit is 75mph. * For every MPH over the speed limit, the driver is fined $12.47. * If the driver is going more than 20mph over the speed…
Learning Python
Decided to take up learning Python in-between my CCNA studies seeing as things in the networking field are moving in that direction with regards to network programmability and and whatnot. Wanted to add some extra skill sets to my arsenal and currently reading the Python Crash Course book published by No Starch Press and…
Anjuta IDE - Really Simple Python Question
I'm new to Linux, Python and the Anjuta IDE. I have created a new file called hello.py. This is the contents of that file: Code: #!/usr/bin/env python print "Hello World!" All I want to do is run this in the terminal. I go to Run > Execute but I get the following error message: Program…
Starting to dive into Linux
I have tinkered with Linux on and off over my professional career but never anything serious. Is there any particular flavor of Linux I should use or maybe Ubuntu for studying for the certs?
Qwest now LabCorp
Yes, if you have ever had blood work done from these 2 companies, well, you are possibly affected in some aspect...(info sold on black market somewhere out there) In the back of my mind, yeah, I wanna sue these two companies for "being naive" about IT security, because usually it is lack of funding of IT budgets because…
Incident Response/Incident Management
Are any of you familiar with incident response/incident management as an actual role in IT? In my experience, this type of position is less technical and mainly focuses on alert monitoring/escalation and quality control of incidents (ensuring tickets are filled out properly, has detailed notes/documentation, and ensuring…
Official Tor browser for Android - now available!
For all you privacy buffs out there, The Tor Project has finally released their Tor Browser for free on the Google Play Store! iPhone users may not be as lucky, though, as Apple restricts all third-party browsers and forces browser companies to use its own engine. That being said, the Onion Browser is still available for…
The future of the Cybersecurity Talent Gap
I found this article on Forbes this morning that talks about the current talent gap in cybersecurity, and how to keep up with demand in the future. It mentions the importance of boot camps and online learning in the short term and how we can train the next generation of cybersecurity professionals to succeed us. My…
What constitutes a security breach?
So I came across this article today, which talked about TeamViewer confirming an undisclosed breach from back in 2016. To summarize: a Chinese group exploited the Winniti backdoor to breach the company, but they failed to find any evidence of data being stolen during the incident. There was also no evidence found that…
How many ip addresses/hosts in a /32 subnet?
I had an interview recently and was asked, "How many ip addresses/hosts in a /32 subnet?" I can't remember if the interviewer said hosts or ip addresses because I was confused about the question. A /32 isn't a valid subnet as you need at least a subnet id, a subnet broadcast and addresses for hosts.. A /32 only has one ip…
Cisco Vulnerability - 😾😾😾 (Thrangrycat)
So, Cisco was hit with a pretty big vulnerability this week, dubbed "ThrAngryCat." It's a secure boot bypass vulnerability that affects millions of Cisco devices around the world. According to thrangrycat.com, "by chaining the 😾😾😾 and remote command injection vulnerabilities, an attacker can remotely and persistently…
Shocking news: IoT devices are super vulnerable
Okay, so maybe this isn't as shocking as the title implies. A group of researchers at NC State University have identified design flaws in IoT devices that allow third-parties to prevent devices from sharing information. While this might not be the weakness you were expecting, this flaw can be used to prevent security…
Executive Order Establishes New U.S. Federal Cyber Competition
For all the feds and military out there The Secretary of Homeland Security, in consultation with the Secretary of Defense, the Director of the Office of Science and Technology Policy, the Director of OMB, and the heads of other appropriate agencies, shall develop a plan for an annual cybersecurity competition (President’s…
WSUS (no dc or ad), how to add computers to download updates?
This is driving me crazy. If a WSUS server is not a DC and no AD, how can I add computers for it to download the updates approved? OR how can I just download the updates to the WSUS server?
Getting started in digital forensics
Digital forensics is the backbone of investigating cybercrime. It includes identifying, preserving, extracting, analyzing and reporting evidence across computers, mobile devices and networks. Join Keatron Evans, Infosec instructor and Managing Partner at KM Cyber Security, on April 23 at 10:00 a.m. CDT as we discuss: * The…
Cool Security Stuff for End-Users (Input needed!)
I'm working on designing a page of our intranet collaboration portal that is intended to be a "one stop shop" for end-users on security. Here's what I've got so far... what else would you add to something like this? The target is the end-user... and the vast majority of ours are non-technical, so I'm trying to keep this…
finding the Vlan on a switch port without admin access
I need to find a Vlan for a port without being able to access the switch internally. Is it possible to use an external device to ID a Vlan or a way to access it without admin access?
Nothing to see here, just public medical records!
Over 4.91 million PII documents of addiction rehab patients were found this week by Cloudflare Director of Trust and Safety Justin Paine. This data was found to be PUBLICLY ACCESSIBLE for over 2 years! Not surprisingly, the company who owns this database refused to comment. Not a great look for them!…
Implementing security awareness training
For those using KnowBe4, Wombat, etc....Who is typically responsible for sending out the phishing campaigns and trainings? I'm assuming its the infosec team, but wasn't sure if HR typically gets involved
Another large-scale breach? That makes two this week!
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ Indian IT outsourcing and consulting giant Wipro Ltd. is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. First…
How to find success in your security awareness training program - Video meetup!
https://infosecinstitute.wistia.com/medias/e2cjvd6x2x Infosec's very own @LisaPlaggemier was featured in yesterday's Spiceworks video meet-up to speak about how to find success in your security awareness training program! Joining her were Joe Pokropsi, former director of Security Education & Awareness for JPMorgan Chase,…
7 tips for an effective employee security awareness program
https://www.darkreading.com/threat-intelligence/7-tips-for-an-effective-employee-security-awareness-program/d/d-id/1334416 For anyone out there running their own security awareness program, you might find this article useful! Our very own Lisa Plaggemier was quoted asking, "Do they view security as a roadblock, a barrier…
Need for security awareness training continues to grow
https://www.cpapracticeadvisor.com/firm-management/article/21072804/lets-all-go-phishing-security-awareness-training It's no secret that financial organizations are getting hard-targeted by cybercriminals. Again and again, we're reminded that security awareness is everyone's job. Here's a quote from the article that I…
Have you been Pwned? Microsoft email accounts compromised
https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support News is starting to spread of the breach that occurred between Jan 1 and March 28 regarding personal and non-paid corporate accounts with Microsoft Outlook, however, some sources are claiming the attack…
Everyone else is doing it! Social Proof Security Awareness
https://elevatesecurity.com/social-proof-superpower/ I came across this super interesting article about applying peer pressure to your security awareness program. I think if it's done correctly, it could be extremely effective! I mean, I sure wouldn't want to know that everyone else is more educated than I am! What do you…
OWASP Vulnerable Web Applications Directory Project
Not a whole lot of activity here on the OWASP forum... Anyway, I just discovered this, and it's pretty amazing. If you're into web app security, you'll find this useful: https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
Vulnerability Scanning Windows
Guess i'll break the cherry in this section, looking for any ideas on why Nessus would take 20-40 mins to scan one box. For example testing one windows 10.3 box it sits at 0% then at the 20 min mark or so its starts to progress, these would be hardened DoD Windows images. The domain account is able to login and has domain…
Attained a couple certs, now what?
I am honestly at a loss. For the past several months, I have been studying my tail off because of some guidance I received that changing careers is tough but possible if you demonstrate a level of proficiency in IT aka "get some credentials." So I began my quest to develop my skills in IT security, and at the beginning of…
EC Council ECES. Cryptography Certification
I couldnt find anything in the forums on this cert, so starting this thread. Ive been studying cryptography for 3 months or so for WGU and CISSP. Just took the UVC2 assessment and passed today. So with all this crypto information rummaging in my brain the last few months, I was thinking to strike while its hot. Was…
Marine Lowlifes Awareness Poster Series
Hey guys! I thought a few of you here might enjoy these awareness posters from my team. They are part of our "Marine Lowlifes" awareness series (the Common Phish is my personal favorite). Here's the download link if you're interested in checking them out (no form): https://www2.infosecinstitute.com/posters-marine-lowlifes…
Interesting recap of 2019 (known) breaches
A colleague shared this article from Hackmageddon with me and I thought it was worth sharing here. It recaps 47 (known) breaches from January 2019. https://www.hackmageddon.com/2019/02/04/1-15-january-2019-cyber-attacks-timeline/
Distributing client certificates
Need some advice from the TE Family :) Our developers are working on a solution to allow outside business partners to make api calls into our ERP system. They plan to use mutual authentication using certificates. I have an internal PKI system (ADCS), so my thought is issue certificates from our internal PKI, as opposed to…
Anyone know a really good video course for Powershell?
read the title.
Password Manager? Is it really secure?
I`m looking for security professionals perspectives on password manager topic. There are many solutions out there offering the ability to generate, store, mobility, integration with phone/computer etc are these solutions really reliable? Some of them are cloud based solutions and some hardware based. The idea of keeping…
House Oversight Committee Equifax Breach Report
Just read it today, and it's pretty scathing - "Entirely Preventable" were the words used. If you are in the security field it should probably be mandatory reading as it's a laundry list of what not to do: https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf
Informational: Trend Micro 2019 Security Predictions
A good read about Trend Micro's security predictions for 2019.. www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2019 From Trend Micro - "Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and…
Phishing Simulation Training Sources
Can you recommend some good companies for phishing simulation training? I'm looking for programs similar to what SANS offers: https://www.sans.org/security-awareness-training/products/phishing If you have current pricing, that would be great. I've been looking at SANS, Proofpoint, and KnowBe4 so far.
Tips for how do make security awareness training engaging?
Just wondered how you go about doing this in your current role, any tips?
Scripts for testing Windows end-point security software
Has anyone written any scripts for testing the alerting/blocking thresholds/capability of Windows host-based security software, such as Symantec SEP, Crowdstrike Falcon, or Carbon Black? Sometimes I wonder where the lines are drawn for detection/alerting, but that is part of the proprietary, "secret sauce" of the security…
Security awareness training for CEOs
Anyone seen anything on that? Regular security awareness training is a hard sell for CEOs of large and rich companies. They tend not to think of themselves as regular people, and, to their point, their time is pretty expensive, so it's better not wasted on half-baked products. Anyone knows of a very good, short, to the…
Security news
Hi, Looking to increase my overall awareness of whats going in in the InfoSec world. I subscribe to a few sites and CPE news from ISC2 but wondering what others may use. You know the sort of daily drops into your inbox type thing of maybe light reading? Cheers. AAA
Which one to pick?? Pentest+ OR CEH
I took the Pentest+ beta (which kicked my arse)...CEH is next week for me. Here is a new video just uploaded by CompTIA about both... https://www.youtube.com/watch?v=wj3RnDOK7PA
SANS Pen Test HackFest Summit
Has anyone attended this SANS event? I would like to hear about your experience(s) if so. I see it will be in Berlin July 2019 and members of my team are interested in joining.
Decision to move into Enterprise Security Governance?
Hey Guys, There is an position that will be opening up over the next couple of weeks under the Information Security department particularly under "Network Security Governance". From what I've gathered from the discussion I had with the hiring manager, this is what understood as: - Reviewing and managing whats in the…
Cyber data breach: Marriott vs Quora
There are lessons to be learned here.... have a read and tell me what you think: Marriott: https://www.sans.org/security-awareness-training/blog/what-communicate-about-marriott-hack Quora: https://mobile.abc.net.au/news/2018-12-04/quora-hack-sees-100-million-users-data-stolen/10582126
Password Policy - Phishing Prevention
One way I've seen as an attempt to combat phishing is to have a password management policy that requires employees to enter a bad password when they are prompted to login from a link that they clicked in email. The thinking is a legitimate site will not accept a bad password but a phishing site would Any thoughts on this?…
Asking for passwords policy
How do you guys handle IT staff asking users for their passwords? Is it allowed or forbidden? I hear the helpdesk staff asking users for their passwords so they can troubleshoot issues or setup new computers Irks the heck out of me. How do we prevent attackers from social engineering passwords, if the users are use to…
IT Audit & Risk Assurance: What do I need to know?
This is a generic question for a generic title, but for those of you with experience in the field, what do I need to know to succeed in a role that involves IT Audit & Risk Assurance? The role is for an audit firm (big 4) so it's a customer facing. I have customer facing skills and communication skills. They seem to ask…
Windows Red Team Lab
Has anyone on here attempted the Windows Red Team Lab on pentesteracademy? I've previously done vendor specific courses and certs and passed CEH v9 a couple of years ago. I work in a Network Security role in a company that is very much a Microsoft house so the concept of a 'Windows Red Team Lab' seems more relevant than…
Free OWASP Top 10 Training at Lascon (Austin) 10/24/2018
I signed up. Josh Sokol of National Instruments is the instructor. Did I mention it's free? https://www.eventbrite.com/e/lascon-2018-owasp-top-10-training-free-tickets-50429433794
Remote, Patch Management, & Anti-Malware recommendation for small-medium business.
Hey guys. I'm looking for an suggestions on software to remote onto our employees machines, patch management software, and anti-malware. What we use now is provided by our Outsourced IT. None of it works well and we're going to drop them soon so I need to come up with something. Does anyone have any recommendations? The…
Incident Response tips
What a day. I had my first taste of incident response today and it didn't go so well. I received a call that an internal user was receiving emails from another internal user, only the user wasn't sending those emails. At first, they thought the email address was being spoofed. I ran some traces on O365 and looking at the…
Linux admin's, a question or 2
Out of curiosity... If you are a Linux admin of any kind weather it be FRR, data center, security or anything.. What daily tasks are you performing? Thank you!
Incident Response Reporting
Hi all, I'm curious about incident response reporting and how to find the best solution. I'm currently working with an IRT process that uses a huge, complex report that look like a security policy, and I feel that it is difficult to find an audience to look through them, and as the report is on one document, it feels like…
Malware Reverse Engineering, useful?
For a dedicated Incident Response team, how useful is Malware Reverse Engineering as a skill and what do you use it for? Do you download new Malware, reverse it, and add the IOCs to your detection alerts / block it? Is it worthwhile the efforts to actually reverse engineer the Malware vs just submitting to to online…
Patch Management
I have a question for all those who patch is there a good website that I can use to see what kind of issues the patch Tuesday patches cause so I can research before applying to my environment?
Malware Analysis - I need some malware
I work in digital forensics and also do some incident response. I'm looking to get more into a dedicated IR role and many jobs ask for some malware knowledge. I have some initial triaging and basics stuff, but would like to learn a bit more. I'd like to ideally download some malware to my VM to start looking at and…
GDPR Controls
Good Afternoon, I was asked to look into GDPR Controls that need to be assessed to prove compliance. I have spent most of the past two days looking for information. I downloaded all 265 pages of GDPR goodness, but there is nothing mentioned on controls. I am familiar with NIST.SP.800-171 and other NIST guidelines. Is…
Is Linux a good career choice?
Last week, my co-worker told me that there are too many people in Microsoft and the bubble will burst soon. As a young man (i'm 39 ..not young tho lol), you should get into Linux. I have been thinking about it since that day. I think he's right. Even though I want to get into MCSA after my Sec+, I am rethinking this now.…
My Kali Linux is losing time
Weirdest thing. Up until a few weeks ago, the clock on my Kali Linux installation kept perfect time. Then one day it started slowing down. I reset it only to find it had lost 12 hours by the next day. I looked up the problem, and they recommended running these two commands: sudo apt-get install ntpdate sudo ntpdate…
Security for SCADA/ICS
Is anyone familiar with resources for SCADA/ICS pentesting? I know SANS has a few courses for it, but at this time I'm paying out of pocket and that's not happening. I'm looking to learn all of it really, basics, security, pentesting, securing. At the moment I only work with your standard enterprise networks, but I see…
Windows Sys Admin to Linux Sys Admin --- I'm scared.
To start off -- yes, I got stuck in VIM. What mad man even created that thing?? What the hell is a : got to do with starting a command to exit?! After I have been on my AWS path, and learned I can't take AWS certification where I am currently at (overseas), I decided to pick up a Linux distro and start learning that stuff…

Welcome!

It looks like you're new here. Sign in or register to get started.