The original post: /r/cybersecurity by /u/Chipdoc on 2024-09-27 15:48:42.

The original post: /r/cybersecurity by /u/629sparks on 2024-09-27 15:22:42.

---

If you're actively messaging & working with a Recruiter and they arrange a call to make that initial or followup call with you....but they DON'T call as they've planned, do you give up & find another recruiter/company/role? Or still take their call when the original recruiter finally calls days later, and talk about the original role? And for additional factors, let's say the role sounds decent but has had trouble getting filled for two months (keeps getting reposted). Interested in hearing others' take.

The original post: /r/cybersecurity by /u/Main-Gap-3155 on 2024-09-27 15:16:23.

---

Hello r/cybersecurity community,

I'm a freelance web developer currently enrolled on HTB Academy with the goal of pursuing certifications like OSCP and eventually transitioning into offensive security as a career. To build up my portfolio and enhance my skills, I'm looking to create an open-source offensive security tool using Rust.

My goals for this project are to:

1. Create a useful tool for the security community
2. Avoid duplicating existing tools unless significant improvements can be made
3. Practice and showcase Rust programming
4. Build a relevant portfolio piece for my transition into offensive security

Some initial ideas I've considered:

• A faster alternative to dnsenum
• An improved version of gobuster

I'm open to completely new ideas or suggestions for existing tools that could benefit from a Rust implementation with performance improvements.

I appreciate any insights, ideas, or feedback you can provide. Thank you!

The original post: /r/cybersecurity by /u/Live_Context_1331 on 2024-09-27 15:09:33.

---

I need to implement a SIEM solution in my enterprise for contractual obligations. I have pitched Splunk and Sentinel to the COO and is 100% on board but we both get shut down by the CIO who truly doesn’t know what he is doing and probably doesn’t even know what a SIEM is.

We are required to have something that can ingest logs and give us a centralized dashboard for all endpoints, network, etc.

I have used both Wazuh and Security Onion for their endpoint agents but never have set them up for log ingestion.

Question for risk / vulnerability experts: What are the risks involved in using open source SIEMs for enterprise? Could the fact that they are open source be a flaw in itself given that vulnerabilities in the software could be publicly know before patch? Would clients assessing our organizations stack see Wazuh and prefer not to use us due to lack of security?

The original post: /r/cybersecurity by /u/CISO_Series_Producer on 2024-09-27 14:35:08.

---

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines.

If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Jason Elrod, CISO, Multicare Health System.

To get involved you can watch live and participate in the discussion on YouTube Live https://youtube.com/live/43No0WDkIPk?feature=share or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover:

NIST drops password complexity, mandatory reset rules

In the second public draft version of its password guidelines, the National Institute of Standards and Technology is making two changes. The first is that credential service providers stop requiring that users set passwords that use specific types or characters, and the second is to stop mandating periodic password changes (commonly every 60 or 90 days). This first suggestion actually paves the way for longer passwords of between 15 and 64 characters and that they include ASCII and Unicode characters. The second supports the idea that password resets should only occur in the case of a credential breach. Making people change passwords frequently was resulting in people choosing weaker passwords.

(Dark Reading)

Airline executive’s lawsuit exposes hack-for-hire practice

According to The Record, aviation executive Farhad Azima “settled litigation this week against the law firm Dechert and two of its former attorneys who he alleged were involved in the hacking of his personal accounts in order to smear his reputation.” This case is drawing attention to a practice conducted by some law firms, private investigators, and mercenary companies to steal information through cyberattacks. Azima is based in Missouri. The law firm Dechert practices globally, with a head office in Philadelphia. The Record states that on behalf of their United Arab Emirates-based client, the firm allegedly hired a private investigator in North Carolina, who then hired India-based hacking firms. Dechert representatives told Reuters the case had been settled “without admission of liability.”

(The Record)

Dismissed German cyber chief falsely accused of associating with Russian spies

Arne Schönbohm was the head of Germany’s federal cybersecurity office until he was dismissed two years ago, following a scandal that suggested he had connections to Russian spies. The allegations were made on a late-night satirical program, ZDF Magazin Royale. The Munich Regional Court has now made a preliminary assessment against the program. Schönbohm is suing ZDF as well as pursuing a separate case against his former employer, the Federal Office for Information Security (BSI) for unfair dismissal.

(The Record)

Public Wi-Fi hacked at some of the UK's busiest train stations

Train passengers connecting to free WiFi at many major rail stations in England were greeted by an Islamophobic message on their devices when logging on and connecting to the WiFi network’s landing page. The incident is now being investigated by Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, along with the network’s operator, a company called Telent, also UK based. Muhammad Yahya Patel, lead security engineer at Check Point Software, pointed out how public Wi-Fi is often unencrypted and easily accessible, and provides an ideal entry point for attackers. He further pointed out how "outdated hardware and software create exploitable vulnerabilities, which is a growing concern for systems as vital as public transport.”

(The Register)

GenAI malware spotted in phishing attacks

While investigating a malicious email back in June, HP researchers discovered a malware likely created by generative artificial intelligence.The phishing message used an invoice-themed lure and an encrypted HTML attachment that uses HTML smuggling to avoid detection. The attacker embedded the AES decryption key in the attachment’s JavaScript which is unusual. Upon decryption, the attachment mimics a website but runs a VBScript to deploy the AsyncRAT infostealer. The researchers said that based on the structure of the comments found throughout the malware’s code, “we think it’s highly likely that the attacker used GenAI to develop these scripts.”

(Security Affairs)

Critical ATG bugs threaten critical infrastructure

Automatic tank gauge (ATG) systems are commonly found in gas stations and airports but also at other critical facilities (like hospitals and military installations) that require large backup generators. Researchers have discovered 11 new vulnerabilities across six ATG systems from five different vendors. The vulnerabilities could allow an attacker to gain full control of an ATG to make fuel unavailable or wreak environmental havoc. The bugs were discovered six months ago, with Bitsight, the US Cybersecurity and Infrastructure Security Agency (CISA) working with some of the affected vendors to mitigate the problems. However two vendors (Proteus and Alisonic) have yet to engage with CISA in remediation efforts. Experts recommend disconnecting ATGs from the public Internet, even if they’ve been patched.

(Dark Reading andSecurityWeek)

Telegram updates policies to expose ‘bad actors’

Telegram, the popular messaging service, has changed its terms of service to state that the IP addresses and phone numbers of anyone who violates the app’s rules will be turned over to the authorities. Telegram founder Pavel Durov emphasized that this change aims to discourage ‘bad actors’ from abusing the platform, especially those involved in selling illegal goods through the app’s search feature. This update comes as Durov faces an investigation in France for facilitating illegal activities on the platform.

(The Record)

The original post: /r/cybersecurity by /u/xxxSsoo on 2024-09-27 13:53:55.

---

Hey all, I've been around in cybersecurity for some time and am currently working in this sphere. I was wondering if Bachlor's degree in SANS (as I don't have it) is worth it? I have read alot of good about it and wanted to hear your opinion about it :)

The original post: /r/cybersecurity by /u/Net_admin_questions on 2024-09-27 12:15:19.

---

How does everyone upload their STIGs into EMASS?

I was chatting with out cyber department the other day, and from what he showed me, he is uploading every single STIG that our department submits one by one. Every single file, one by one. We are talking probably close to 200 ckl files total, every quarter.

He was showing me that there are other formats that EMASS will accept, other than ckl files.

Is there an easier way to do this? Like as a network admin, is there maybe a summarized report of all of our networking devices and their open/closed findings that could be uploaded into EMASS and be accepted? Or is everyone litterally uploading individual CKL files?

Just trying to find a way to make things easier for everyone.

The original post: /r/cybersecurity by /u/heartgoldt20 on 2024-09-27 12:08:32.

---

Which Mobile THreat Defense do y'all recommend. I already have M365 E3 and E5 licenses but I don't want that to be the only reason I should go for Microsoft Defender. I also have TrendMicro full suit. But I want to explore more options without spending too much on a solution. I am most likely going to use Intune for MDM/MAM

The original post: /r/cybersecurity by /u/PlusSizeRefrigerator on 2024-09-27 12:05:23.

The original post: /r/cybersecurity by /u/barakadua131 on 2024-09-27 12:04:12.

The original post: /r/cybersecurity by /u/MoneyVirus on 2024-09-27 11:22:22.

---

hi,

today, a consultant/sales person of a network technic/equipment company said to us, encryption of SAN traffic (over WAN!) is not needed, because no attacker can do something with the block Storages data. Our regulation internal prompt us to encrypt end-end connections. my stand was, that encrypting SAN traffic end-to-end ist state of the art and a normally logical decision.

where can i get more info's to this topic? What i have found, the unencrypted data in SAN networks is always a vulnerability (data in rest and transition). in my opinion, with enough unencrypted traffic captured, an attacker could get information (like a full sync of one storage to an other). is my assumption wrong or the statement of the partner company customer wrong?

thx

The original post: /r/cybersecurity by /u/IamOkei on 2024-09-27 10:13:47.

---

I am shortlisting for trainers that publish their own courses without affiliate with those big companies like sans

The original post: /r/cybersecurity by /u/Permit_io on 2024-09-27 09:28:13.

The original post: /r/cybersecurity by /u/jukkahautala on 2024-09-27 06:15:22.

The original post: /r/cybersecurity by /u/Large-Recording6856 on 2024-09-27 04:58:40.

---

Uso CryFS para guardar bajo llave contenido confidencial, pero me pregunto si puede haber alguna vulnerabilidad en esta pieza, para mas detalles uso la app DroidFS que se puede encontrar en F-Droid y en GitHub, el algoritmo de cifrado es Serpent-256-Modo Galois Contador, y la contraseña es compleja, pero igual puede haber alguna vulnerabilidad en ese sistema de archivos cifrado que permita algun atacante o el gobierno descifrar o alterar el contenido sin saberse la clave?

The original post: /r/cybersecurity by /u/ShinyPika-Pika on 2024-09-27 04:39:55.

---

Hi Everyone,

I am not sure if this is the right place but I am hoping set up the Kali SOC in a box for my understanding and learning. I have been looking at the write ups and videos of people who have done this. I have been looking at the hardware requirements that they have proposed, and I unfortunately don't have the memory or storage listed by those resources.

I am hoping to get your advice on the way forward. I am not sure if I have to go to Amazon EC2 service or if my hardware requirements don't meet it.

What I am planning on getting.

Beelink SER7 7840HS AMD Ryzen™ 7 7840HS 65W TDP 8 Cores/16 Threads, 5. (bee-link.com)

Link - What I am hoping to get up

Kali Linux / kali-purple / Documentation · GitLab

What I have been looking at trying to understand requirements

Q / VSphere Kali Purple SOC-in-a-Box · GitLabKali-Purple : SOC In A Box Lab Series - YouTube

Would really appreciate your help on the matter.

The original post: /r/cybersecurity by /u/MaximumJunket486 on 2024-09-27 04:03:37.

---

I have about 40 devices, 3 printers, 2 hardwares, 1 WiFi. We are working towards nist 800 171. We can scan from the printers using the native windows scan application but there has to be a better way I would think. It seems unreliable at time. Any suggestions? Thanks.

The original post: /r/cybersecurity by /u/Head-Association521 on 2024-09-27 00:43:27.

---

Sorry, I know I am being pedantic and it matters little compared to the great content that NIST CSF 2 is. However if you are someone like me who does cybersecurity top to bottom and is expected to kind of do everything, any bit of gameability helps.

I took a look at the colours chosen for the various functions and I just can't ratify any them. They are not even aligned with 1.1.

I humbly submit that the colours should mean something. And thus to me the NIST CSF 2 colours for domains should be as follows:

GOVERN - grey...since governance is across all of the other functions as it were, thus having a generic colour.

IDENTIFY - yellow...since this about visibility, highlighing what is where

PROTECT - blue...since this is about establishing the necessary trust

DETECT - purple...since well RESPOND is red and PURPLE means alert. I suppose one could argue the other way around too for those two, still...

RESPOND - red...action time

RECOVER - green...because green means go

...and why can't I attach an image here to show?! Aaaah bugbear...

The original post: /r/cybersecurity by /u/Free-Sky7365 on 2024-09-27 00:32:07.

---

My research is on Tools on Detecting Malware (wireshark and machine learning) but I can’t find good sources as well as a question. If yall can give me new research topics or provide me with a question to my current research.

The original post: /r/cybersecurity by /u/Cyber_Coach on 2024-09-26 22:49:45.

---

Hi everyone 👋

Happy to be here in this community. I'm from the UK and have over 8+ years of experience in cybersecurity, specifically in governance, risk, and compliance (GRC) and third-party risk management, IT Risk assessment & IAM space too.

In my current role at a Big 4 firm, I focus on risk assessment and helping organizations manage their cybersecurity risks effectively. I also enjoy sharing my knowledge through article writing, where I cover various topics related to cybersecurity and it's awareness and risk management on Medium, Quora & LinkedIn platforms

I’m looking forward to connecting with all of you, sharing insights, and learning from your experiences.

Feel free to reach out with any questions or discussions about any of the topics above.

I have been volunteering a lot on cyber coaching as well to the students who are interested to break into cyber careers or any individuals interested in career changing.

Let's talk and share the insights!

Thanks 👍

The original post: /r/cybersecurity by /u/CyberSecurityIs on 2024-09-26 21:32:42.

The original post: /r/cybersecurity by /u/CyberSecurityIs on 2024-09-26 21:31:45.

The original post: /r/cybersecurity by /u/Odd_League_1728 on 2024-09-26 16:53:54.

---

A First-Hand Account of SentryPC: The Ultimate Tool for Monitoring and Control

In an increasingly digital world, having control over our devices and managing how they're used has never been more important. Whether you’re a parent trying to ensure your kids are safe online, an employer looking to maintain productivity, or even just someone who wants to keep their own digital habits in check, monitoring software is crucial. When I first started searching for the perfect tool to help me manage and monitor usage across multiple devices, I stumbled upon SentryPC, and to be honest, it’s been a game-changer.

My Initial Search for Monitoring Software

A few months ago, I was at my wits' end trying to find an effective way to monitor online activity in my household. My younger siblings were spending far too much time on the internet, often late into the night, and my constant reminders about limiting screen time were falling on deaf ears. I needed a way to control their access to specific websites, track their overall screen time, and ensure they weren’t diving into the more questionable corners of the internet.

I explored various parental control and monitoring programs, some free and others paid. But many of these programs either lacked the comprehensive features I needed or were overly complicated to set up. That’s when I came across SentryPC, and after reading several positive reviews, I decided to give it a shot.

First Impressions and Setup

When I first visited the SentryPC website, I was impressed by its clean, professional design. Everything was straightforward, from the pricing to the detailed feature descriptions. It was clear this software had been designed with ease of use in mind, yet it boasted an extensive set of features that promised total control over the devices it was installed on.

The signup process was simple. After purchasing a subscription (I went with the Premium plan, which offered everything I needed for multiple devices), I quickly downloaded the software onto each of the computers in my house. SentryPC supports both Windows and macOS, so compatibility wasn’t an issue.

The installation was seamless and took only a few minutes. Once installed, SentryPC ran discreetly in the background, allowing me to monitor activity without any disruptions to the users. One of the first things I appreciated was how lightweight the software was—it didn’t slow down any of the computers, something that can’t be said for some of the other monitoring programs I’d tried in the past.

User Interface and Dashboard

Once I logged into the SentryPC dashboard, I immediately knew I was dealing with a well-thought-out product. The interface is intuitive and user-friendly, which is crucial for people who aren’t necessarily tech-savvy but need a powerful tool to manage their devices. The dashboard is web-based, meaning I could access it from any device with an internet connection—whether I was at work, traveling, or just away from home.

The layout was clean, with easy-to-navigate menus on the left-hand side that broke down the various monitoring options—screenshots, keystrokes, applications, and website history, to name a few. Each section was neatly organized, and I could quickly dive into detailed reports without needing to sift through unnecessary data.

Real-Time Monitoring and Activity Logs

What really sold me on SentryPC was the depth of monitoring it offered. I could track literally everything that happened on the computers in real-time. The activity logs were incredibly detailed, providing an accurate snapshot of what each user was doing at any given moment.

The software tracked every keystroke, website visit, application used, and even clipboard activity. But what I loved most was the real-time screenshots feature. Every few minutes, SentryPC would take a screenshot of the computer screen and upload it to the dashboard. If I ever wanted to see exactly what was going on, I could access these screenshots instantly and review any suspicious or concerning activity.

The activity logs were also presented in a way that made it easy to digest. I could filter the logs by user, device, or even specific activities like website visits or file downloads. This level of control was precisely what I needed to keep my siblings’ online activity in check without feeling like I was constantly policing them.

Customizable Filters and Restrictions

One of the standout features of SentryPC is its ability to customize filters and restrictions. This was a lifesaver for me when it came to managing screen time and ensuring that my siblings weren’t accessing inappropriate content.

Website filtering was my favorite tool in this regard. I could block access to specific websites (social media, video streaming sites, etc.) during school hours, and I could also create exceptions for educational sites. The flexibility of this feature was remarkable—I could block entire categories like gambling or adult content, or simply blacklist specific URLs.

But it wasn’t just about blocking websites. I could also restrict access to certain applications. If I didn’t want my siblings playing video games or chatting with friends during homework time, I could easily block those programs for a set duration. This gave me peace of mind, knowing they weren’t being distracted by non-essential activities when they were supposed to be focused on their studies.

Time Management Features

Before using SentryPC, I had no real way of enforcing screen time limits. Sure, I could nag them to log off, but unless I was physically watching over them (which no one wants to do all the time), they’d often just ignore me. That’s where SentryPC’s time management features became a game-changer.

I could set daily limits on how long each user could be on their device. Once their time was up, the software would automatically log them out or lock the device. I could also create schedules for when they were allowed to use the computer in the first place. For example, I set a rule that allowed them two hours of free time after school and another hour before bed, but nothing after 10 PM.

This feature alone has saved me hours of headaches. No more arguments, no more sneaking onto the computer in the middle of the night—it was all automated, and the kids knew the rules were firm.

Reporting and Alerts

Another aspect of SentryPC that I found incredibly useful was the reporting and alert system. I could generate detailed reports on any activity I wanted to track—whether it was keystrokes, website visits, or application usage. The reports could be customized for specific time frames, which made it easy to see patterns over a week or a month.

In addition to the detailed reports, I set up real-time alerts for certain activities. For example, I configured the system to notify me via email whenever a blocked website was attempted or if suspicious behavior, like searching for certain keywords, occurred. These alerts were incredibly helpful because they allowed me to address potential issues immediately, rather than waiting until after the fact.

Remote Management

One feature that surprised me was the level of remote control that SentryPC offers. Not only could I monitor activity from anywhere, but I could also make adjustments to the settings remotely. If I wanted to update the website filter list or adjust the screen time limit while I was away from home, I could do so with just a few clicks.

This remote flexibility came in handy several times when I was traveling or at work and needed to ensure that the rules were still being enforced. It gave me a sense of control, no matter where I was.

Flexibility for Different Use Cases

While I initially bought SentryPC for home use, I soon realized its potential for other environments, particularly for businesses. The software’s ability to track and manage multiple users simultaneously made it an ideal solution for monitoring employee productivity as well.

If you’re a business owner or manager, SentryPC could easily be adapted to ensure employees are staying on task, using work-related applications, and not wasting company time on non-essential websites. The same features that make it great for parental control also translate perfectly to the workplace.

Support and Updates

Throughout my time using SentryPC, I’ve been incredibly impressed by their customer support. Whenever I had a question about a feature or needed help with something, the support team was quick to respond and always provided helpful, clear solutions.

Additionally, SentryPC is consistently updated with new features and improvements. It’s evident that the developers are committed to keeping the software current with the latest trends in monitoring and device control.

A Balanced Approach to Monitoring

One thing I want to emphasize is that SentryPC isn’t about being overly intrusi...

---

Content cut off. Read original on https://old.reddit.com/r/cybersecurity/comments/1fq0zkk/a_firsthand_review_of_sentrypc_the_ultimate_tool/

The original post: /r/cybersecurity by /u/AdministrativeBuy723 on 2024-09-26 16:46:58.

---

Hi,

I'm looking for USB flashdrives with built-in functions for crypto erasure (or something of that sort). But all I find are giant and expensive encrypted flashdrives with self-destruct functions.

SSD's are so much more simple when it comes to various methods and available documentation for reasonable secure data erasure.

* Enable TRIM

* Use available built-in erasure functions like enhanced secure erase / sanitize / manufacture method / PSID-revert

* Overwrite with SHREDos or anything else really (only on drives that support lots and lots of writing)

* Enable passwordless (keyfile/TPM) software-based trusted encryption FDE from start and just delete disk or reset TPM.

* Enable TCG hw encryption with sedUTIL and reset it via command at boot.

But functions like this seems to be missing for normal thumb sticks or am I missing something? Is there really no utilities like "hdparm" for flashdrives?

Are there any hardware projects that automates LUKS-based encryption on a usb bridge device thats located between the stick and the computer?

Any suggestions? I guess I can deal with some data remanence, but I cannot deal with password based encryption.

I kindly and respectfully ask people not to go off-topic and criticize SSD hw erasure and encryption methods as it seems to be somewhat of a trend, and for good reasons. If there is hard evidence of newly found research regarding this, then by all means, feel free to criticize just as long as a primary source given. And please dont talk about that you cannot use overwrite for ssd, you can, but it is more effective for hdd. Thank you <3

The original post: /r/cybersecurity by /u/BigChombo on 2024-09-26 16:24:14.

---

I was contacted by a senior recruiter from what seems to be a legitimate agency in Canada. The recruiter asked if they could use my cv in a digital transformation proposal stating that I "would" get first dibs if the client accepts the proposal.

I do not currently work for the recruitment agency and the position is listed as a senior role. I do have a formal education in infosec and have some work experience as a Cybersecurity analyst for a large consulting firm (8 months).

This seems a little sketchy without a solid agreement, is this normal procedure? I have never worked contract work aside from sub-contracting for a telecommunications company. What is your take? How should I proceed?