cybersecurity

The original post: /r/cybersecurity by /u/AutoModerator on 2024-10-07 00:00:12.

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!

Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future.

The original post: /r/cybersecurity by /u/DependentVegetable on 2024-10-06 23:01:51.

Rolling out some IoT devices and am looking for suggestions for BIOS / firmware analysis. Would like to make sure there was no obvious tampering by low level criminals to gain persistence along the way. Dont have any experience in the space and looking for companies who specialize in this we could send the device or firmware to who could then look for anything sketch. Using something like efiextractor is an interesting rabbit hole, but other than scanning all the individual binaries for anything really obvious is beyond my skillset.

Its a couple of hundred devices for a one time project and would like to get a baseline analysis of the batch. I am not looking for a long term service at this point.

The original post: /r/cybersecurity by /u/DesperateForever6607 on 2024-10-06 22:38:40.

Hey everyone, We're about to kick off the SOCaaS service project with an MSSP for 24/7 monitor of security operations including IR, Forensic etc.

What key steps should we take first initially to ensure a smooth and successful start?

Looking for advice from those who have been through this process. Thanks!

The original post: /r/cybersecurity by /u/ImagineAUser on 2024-10-06 21:14:53.

I spend 80 minutes on the bus daily and I would like to spend that time productively

The original post: /r/cybersecurity by /u/spencer5centreddit on 2024-10-06 20:15:56.

The original post: /r/cybersecurity by /u/BoldlySilent on 2024-10-06 19:23:19.

This could really be two posts so be kind if I should have done that instead, but I have two separate but semi-related questions.

1. In recent years data classification advances in machine learning have been deployed to threat surveillance in network systems to great effect. These implementations, AFAIK, mostly use abundant computing, memory, power, and cooling resources whether they be local or cloud based. What I want to ask the crowd is what opportunities "tiny ML", or machine learning on resource constrained hardware, have for more localized threat detection. I sort of already see the value in something like an industrial control system, or a car, where you dont necessarily want to be streaming data to a cloud based service for analysis, but are there other non-obvious applications that are going to become important? How mature is this use of the technology?
2. Second question is sort of related, but I have been trying to learn more about space-domain cyber risks and have actually had a hard time finding technical details on specific threat vectors to satellites. I could just be bad at searching, but so far all I have been able to find are some of the starlink ground-station examples like where that guy performed a fault injection on the ground terminal. What else is there? An example question is that most satellites have used MIL-STD-1553 data bus for a long time. What kinds of external threat vectors exist to that platform? Can someone for instance send up a signal at the same receiving frequency as the normal communications system and just upload a virus? What protections exist and are there any public examples of lessons learned with the technical details of the incidents?

The connection here being a future where small scale ML implementations are used for threat detection on satellites which are like the definition of resource constrained operating environments

Would love to hear some professional perspectives on this and of course appreciate the time

Edit: Wanted to make clear that I have seen a lot of media and content around space cyber threats, but have had a hard time with actual specific technical details about what that could mean or has meant in the past

The original post: /r/cybersecurity by /u/nick313 on 2024-10-06 19:07:41.

The original post: /r/cybersecurity by /u/theicf on 2024-10-06 17:38:30.

Hi Thinking about attending blackhat london 2024 this December for the first time.

About the different passes,

So that option one - is well over budget

Whats the difference between OPTION 2 (619£)— ON-DEMAND – RECORDED, 30-Day On-Demand Access Available beginning December 18. Includes access to all recorded Briefings, Sponsored Sessions, Arsenal and Business Hall content, accessible for 30 days.

And

BUSINESS PASS (FREE)

BUSINESS HALL HOURS Wednesday, December 11, 10:00 AM - 6:00 PM (Reception 4:30 - 6:00 PM) Thursday, December 12, 10:00 AM - 4:00 PM

I get it that the free pass is only for the last two days but does it include actual sessions? All vendors or also technical? Or only actual access to the lounge area?

Will the free pass be a good option for it being the first time i attend ?

Thanks

The original post: /r/cybersecurity by /u/E_Howard_Blunt on 2024-10-06 16:54:58.

I find myself writing a lot best practices documents in addition to policy docs. The best practices docs give tech details on what encryption standards/strengths to follow, or what IT Security processes to follow for building out a new servers.

Is this common with a lot of you?

The original post: /r/cybersecurity by /u/BamBam-BamBam on 2024-10-06 15:22:52.

The original post: /r/cybersecurity by /u/Koala-gem on 2024-10-06 14:22:27.

Not sure if this is the right place to post my question.any guidance would be much appreciated.

How would you define a process/best practices/dos & don'ts for a development team that needs to share credentials and other sensitivedata for both non-production and production environments as part of their work (integrations, development, testing, etc.)? Currently, the team is not using a password manager due to budget constraints. What alternative methods can be employed to ensure that the data being shared protected?

P.S: sharing is now happening through channels like Slack, email, and sometimes video calls and it's not allowed to use any free tools now.

The original post: /r/cybersecurity by /u/Hairy_Apartment8821 on 2024-10-06 12:12:45.

Hello all,

I was working on an investigation of a PC that appeared to be compromised, and several findings pointed it out as possibly involved in nation-state-level APT activity.

One of the suspicious files that I uploaded to VirusTotal had a comment linking it to an APT campaign reportedly targeting India, allegedly linked to actors from Pakistan. The comment pointed out an article by Seqrite Labs-link here-discussing continuous cyberattacks against the Indian government conducted by Pakistani APT groups. That would seem to point to a confirmation of the hypothesis that this file belongs to a greater scheme of some sort.

Article link : https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/

Utilizing VirusTotal's FinFisher relationship graph showed me that another file from the same compromised PC shared its hash with a file already flagged as Gamma Group's FinFisher spyware. That led me deeper into an investigation, finding potential connections to command-and-control servers involved in FinFisher, raising very valid red flags regarding the nature of this compromise.

These findings lead me to conclude that FinFisher was used in-illegally-unsanctioned surveillance conducted in my region(East asia).

I would also appreciate any insight or advice from the community, particularly in respect to involvement by FinFisher in APT campaigns or deployment to conduct unauthorized surveillance. Any insights into further investigation or recommendations on deeper analysis will be greatly appreciated.

Thanks in advance for your inputs!

The original post: /r/cybersecurity by /u/OpenSecurityTraining on 2024-10-06 11:42:04.

The original post: /r/cybersecurity by /u/haithamaljabbari on 2024-10-06 08:20:43.

Which is the better big crowd program to work with?

The original post: /r/cybersecurity by /u/PumpkinSpriteLatte on 2024-10-06 06:56:35.

Other than the Play store, which mirroring service do you trust to have unmodified apks?

Received a notice from a vendor today they plan to add ads to their mobile app unless a subscription is purchased. Of course when we spent thousands on priority hardware years ago this wasn't even a consideration.

Id like to store a local copy of their current release in case the ads become truly problematic in the future.

Their application is largely static and I am not worried about missing it on future features.

The original post: /r/cybersecurity by /u/Serious-Summer9378 on 2024-10-06 05:49:09.

I just want to tell you thank you to each and every one of you. I love the r/cybersecurity space and thank you to guys for helping to provide news, insightful questions and events, and everyday of protecting data and just to let you know i appreciate all you guys do in the world today. You are enough and keep doing what you do. Always remember put yourself first, and you're mental health matters. It's okay to not be an Einstein in cybersecurity just always remember you are smart and enough.

The original post: /r/cybersecurity by /u/Upstairs_Present5006 on 2024-10-06 05:34:13.

Is this true?

The original post: /r/cybersecurity by /u/ocrusmc0321 on 2024-10-06 03:04:58.

Is replacing a SIEM something companies have an appetitie for? Or is a SIEM the kind of technology that once it's in place, it's difficult to rip and replace?

The original post: /r/cybersecurity by /u/Jagal11 on 2024-10-06 02:02:45.

Hi all!

I'm a programming teacher with little to no experience in cyber-security (Australian based), I've been tasked with teaching a 10 week unit (roughly 5 x 50 minute lessons per week) on Cyber-Security.

My question to this sub is: if you were in grade 10 again, what would you find enjoyable and useful in terms of being introduced to this Cyber-Security world? Further, what could be a possible week-by-week structure that would flow well?

I have begun building a program that exposes students to much of the introductory curriculum on Tryhackme, however, I cannot rely on this single source.

I am doing plenty of browsing and playing around with the various online modules, YouTube videos etc, but I'd love to hesr some input from those who have a passion for this subject here.

The original post: /r/cybersecurity by /u/Tasteful_Tart on 2024-10-06 00:49:52.

What kind of events do you think we should host, capture the flag is an obvious one, but if you guys can be a bit more specific that would be great.

The original post: /r/cybersecurity by /u/Upper-Wash7148 on 2024-10-05 22:46:53.

Hello all, Trying to understand Security Posture more, from what I hear it an organizations measure on threat readiness. I was wondering for a single org, one with multiple different teams; Would security posture vary? Or Is what it is listed under security posture more of a general level of tool use/policies. (If possible, please provide examples on popular tools listed with Sec Posture, just curious)

The original post: /r/cybersecurity by /u/8jinx8 on 2024-10-05 21:49:07.

Does anyone know of any free or relatively inexpensive threat intel feed? ideally IP's, domains or urls.

The original post: /r/cybersecurity by /u/Realistic-Level-2429 on 2024-10-05 16:47:55.

Which tool would you recommend to a beginner who wants to learn how to do web application attacks? I don't know a lot about web application attacks and cybersecurity in general so I have no idea how to navigate this specific branch. I would appreciate some guidance, any links/sources to learn more about this or anything else please! I'm so confused right now.

Thank You!

The original post: /r/cybersecurity by /u/menacetwoosociety on 2024-10-05 19:02:06.

Hey guys we are currently in the market for a MSSP.

Anyone currently using AW or RC? Would you recommend or re-sign a contract with them again? What is your experience like with them? What do you think the live up to their standards? Anyone gotten breached while working with them?

Give me all the good, bad and ugly 😂

The original post: /r/cybersecurity by /u/Chipdoc on 2024-10-05 18:37:27.