cybersecurity

The original post: /r/cybersecurity by /u/poxmasini on 2024-10-08 06:15:46.

So i get multiple kerberoasting alerts. I don't know how to investigate them and find the reason why am I getting this alerts I will share the logs but will censor the sensetive information. I would like your help.

"A Kerberos service ticket was requested.

Account Information:

Account Name: svc_[email protected]

Account Domain: X.LOCAL

Logon GUID: {EADE7575-6166-3E86-5045-524DDB563693}

Service Information:

Service Name: svc_x

Service ID: S-1-5-21-1850975175-3636707609-1082838313-1122

Network Information: Client Address: ::ffff:10.100.10.13

Client Port: 53372 Additional Information:

Ticket Options: 0x40810000

Ticket Encryption Type: 0x17

Failure Code: 0x0

Transited Services: -

The original post: /r/cybersecurity by /u/AlienMajik on 2024-10-08 05:51:26.

Hey everyone, I’m excited to share a project I’ve been working on – SnoopR! 🚀

What is SnoopR? SnoopR is an open-source tool designed to track Wi-Fi and Bluetooth devices in real-time using Kismet data. It alerts you to potential Wi-Fi attacks like deauthentications and rogue access points while helping you monitor device movement across multiple locations. Perfect for security researchers, network admins, and enthusiasts!

Features: ✅ Detects snoopers and devices around you ✅ Real-time alerts for security threats ✅ Tracks device movement via GPS ✅ Customizable and easy to use

I developed SnoopR using a Raspberry Pi 5, GPS adapter, and powerful Wi-Fi & Bluetooth adapters. If you’re into cybersecurity or wireless tracking, I’d love to hear your thoughts or see how others might use it!

Check it out on GitHub: https://github.com/AlienMajik/SnoopR

Let’s discuss how this can be improved or ways you’ve set up your own wireless monitoring tools! 🔥

The original post: /r/cybersecurity by /u/un_consciousman on 2024-10-08 04:10:36.

My company will pay for the SANS course, I also have the option to take a company paid GIAC cert, however, I don't know if it's worth the time investment I'd need to make to also study for the exam. My question is, should I just take the course or should I take the course + exam?

Edit: Cert: GWAPT, Course: SEC542

The original post: /r/cybersecurity by /u/Nord-2025 on 2024-10-08 02:00:14.

Original Title: Which resources have you used to prep for CISSP? I use SANS training, not sure if this is a good one? Took once, didn't pass...prepping again, bought some practice questions banks to practice questions, majority of questions are more tech then I saw on the exam though....

The original post: /r/cybersecurity by /u/MR_TR1 on 2024-10-07 23:07:04.

Hello, I have started my new position as CTI Analyst. My boss asked me to track APTs targeting our organisation. Right now we have bunch of feeds throwing iocs into MISP which I feel is not that intelligent. Can you help me where to start? How to collect threat intelligence and how to track down APTs.

Ideas I have

1. Get some paid feeds and analyse them
2. Go to OSINT and track posts related to specific APT.

Any suggestions are really helpful.

The original post: /r/cybersecurity by /u/a_d-_-b_lad on 2024-10-07 23:02:12.

So I've been working in cyber for a while and really enjoy what I do. That said I've been at it for a while and am looking to be less on the keyboard and more behind the team in the sense that I want to manage a team in cyber and help them achieve their goals. Recently an IM position has become available and I am considering it as I think it would provide me with visibility and new skill set. Am I nuts?

The original post: /r/cybersecurity by /u/Zroach121 on 2024-10-07 22:03:57.

Ok so I work for a vehicle dealer. We pay someone to tune our vehicles. He remote desktops the laptop we use for tuning but some how hides his mouse and keystrokes, we're starting to think nothing is actually being done. Is there a way to record what's actually happening or isn't it possible? Thank you in advance if anyone does answer.

The original post: /r/cybersecurity by /u/arunsivadasan on 2024-10-07 20:55:28.

Here is the official SAP post:

https://community.sap.com/t5/security-and-compliance-blogs/we-did-it-sap-confirmed-it-is-nist-csf-tier-3/ba-p/13876375

A couple of things that caught my eye:

• The journey began in 2021 under the guidance of SAP’s Chief Security Officer. According to their blog post, they managed to close the gaps by the end of 2023, which means it took them about two years to reach this milestone.
• The starting point remains unclear. Given SAP’s existing adherence to many compliance standards, it’s likely that they started at a relatively high level of maturity, but there are no specific details about their initial position.
• No specifics on the challenges. SAP hasn’t disclosed which areas had the most significant gaps or were the most challenging to address during this process. Perhaps they will reveal it in their planned webinar.
• Custom self-assessment methodology. SAP hired EY to do the assessment and developed their own self-assessment methodology. They even went further. Here is a direct quote from the site:

• According to their brochure, if you are an SAP customer, you can get the assessment methodology from your SAP representative. I wish they just made it public. Also, I am sure you could also check with your local EY partner

The original post: /r/cybersecurity by /u/SadCryptographer7976 on 2024-10-08 01:52:17.

The original post: /r/cybersecurity by /u/witherfrost97 on 2024-10-08 00:54:39.

Would someone be able to get into the cia if all they had was a masters in cybersecurity?

The original post: /r/cybersecurity by /u/arandomswe on 2024-10-08 00:30:32.

I apologize if this is against the rules, but I think this (in my personal opinion) relevant to cybersecurity professionals. Please remove if not. Some of this is second hand from those were affected. disclosure: I'm a former Veracode employee but was not affected by this layoff.

Just wanted it to be known that there was another large round of layoffs at Veracode and this time was the most dramatic restructuring yet. All of dynamic and SCA products were offshored. Static was also affected by layoffs. Some onshore were moved to a different teams but many were laid off. The replacement offshore were brought on only a few months ago so the institutional knowledge loss is immense. Many prominent engineers and management have left in the last year or so as Veracode has struggled financially.

The reason why I'm posting this is, in my personal opinion, it's potentially dangerous that cybersecurity professionals may rely on Veracode's products for security but may be unaware that those actually making, managing, and maintaining the product are essentially now gone and the keys have been handed over to a brand new inexperienced offshore team.

If you use the product, just be aware of this. I also welcome discussion from other people who have seen this happen and how it did (or did not) actually end up affecting the quality / security of the product.

The original post: /r/cybersecurity by /u/Background-Hand-3025 on 2024-10-08 00:04:51.

I'm developing a native Windows app/exe with a gui connected to a database in AWS.

I don't want anyone in my company to have access to the client's database. I want to say to the client that their EXE file has a key in it (or somthing) that will give them and only them access to their database. And if they lose their private key then there is no way to get their data back.

So when someone goes through the sign-up process and have an EXE file sent to them that exe file contains a key for them and only them.

The thing is I have no idea how to do this or Even how to find a third party to do it. I don't even know what to ask for to do a Google search. Trust me I've tried.

Can anyone shed some light on what this is called or how it is implemented? Any recommendations of a third party that can do this? Or is this just left to the developers?

Many thanks.

The original post: /r/cybersecurity by /u/Realistic-Parsley924 on 2024-10-07 21:42:31.

What are some azure offensive/defensive certs that would be good to do?

There's a few on the market so far like from altered security, pwnedlabs, cloudbreach, hacktricks, xintra. I'm looking for something that isn't too highly priced. I find xintra interesting but way too expensive.

The original post: /r/cybersecurity by /u/MisterEmotional on 2024-10-07 21:07:46.

Is it smart for a small business to go with a NGFW? I see the justification for a large business.

The original post: /r/cybersecurity by /u/yash13 on 2024-10-07 20:49:55.

The original post: /r/cybersecurity by /u/Awkward-Relief-9475 on 2024-10-07 20:34:02.

Is claiming automated pentesting replaces humans dangerous?

It certainly doesn’t understand context and business logic in web apps and APIs.

It can find technical vulnerabilities and exploit but do you want an automatic system to do that against a production system unsupervised ?

Are folks opting for automated pentesting buying into a false sense of security?

The original post: /r/cybersecurity by /u/SpeakerConstant441 on 2024-10-07 19:22:33.

Any ideas of topics or highlights on Deepfakes that I can use in a comms(communications) for employees? Letting them know “what is a deepfakes?” and what they should be aware of. I know I can try AI to generate one but I’m curious to know if anyone has send any emails/training recently and would like to share it with me? Thanks

The original post: /r/cybersecurity by /u/Itchy_Animator_9519 on 2024-10-07 19:15:28.

Hey everyone,

With Cybersecurity Awareness Month in full swing, I wanted to share something cool I’ve been working on—a cybersecurity awareness challenge. It’s all about sharing practical tips and best practices to help people protect themselves online from common threats like phishing and data breaches.

I’ve found a great blog that breaks down key steps to stay secure, and it’s been really helpful in getting the word out. It’s not a promotion, just a good resource for anyone wanting to level up their online security. Feel free to check it out if you’re interested!

Let’s make cybersecurity a habit, not just a once-a-year thing. Stay safe! 🔐

The original post: /r/cybersecurity by /u/tc2k on 2024-10-07 18:44:09.

I've been recently tasked with reconciling an authorization ticket if a new user is created in a server, automatically.

Whenever a new user is added to a server, I want to be able to reconcile it automatically to a ServiceNow ticket. So far I have the data coming in from Splunk with the ID and the origin server.

How would I be able to reconcile these two together using Python?

I am able to ingest the data already from Splunk but my main concern is finding this data in ServiceNow. Is this best approached through an API call or a report generated daily/weekly?

Or if there is another avenue to reconcile the authorization ticket, I am open to suggestions.

The original post: /r/cybersecurity by /u/tkr_2020 on 2024-10-07 18:42:40.

I'm planning to conduct an NDR (Network Detection and Response) POC and would appreciate any advice or recommendations on what should be verified. Your insights are welcome!

The original post: /r/cybersecurity by /u/SecretSilence69 on 2024-10-07 18:23:19.

SOC Manager wants to implement SOAR. What security use cases do you have?

Obvious one would be validating SIEM IOC matches, but what else?

The original post: /r/cybersecurity by /u/Wasique111 on 2024-10-07 17:47:35.

Hey everyone 👋, I've completed several courses in cybersecurity and penetration testing. Recently, while testing my skills, I realized that I need to strengthen my computer networking concepts. Can you suggest some good resources (books, YouTube channels, courses, etc.) to help me improve my networking knowledge? I'm open to anything that can help me get better at the fundamentals.

Thanks in advance!

The original post: /r/cybersecurity by /u/Shujolnyc on 2024-10-07 17:17:15.

I was just writing one and am thinking that I am giving away too much information about out stack. At the same time, I need people who know my stack. Do I list out our MDR, NDR, SIEM, SOAR plaform, Phishing testing vendor, etc. etc.?

The original post: /r/cybersecurity by /u/antdude on 2024-10-07 16:59:58.

The original post: /r/cybersecurity by /u/ElorionX on 2024-10-07 16:38:28.

If you had an hour as a primer on what an incident commander does during incident response, how would you go about "training" them? I thought it might be cool to have a scenario to run through or some sort of exercise to show rather than tell what it is and how to become one. Thoughts?