cybersecurity

The original post: /r/cybersecurity by /u/farahrushdy on 2024-09-24 13:59:50.

I started my learning process three years ago in cyber security and every day I learn something new and I enjoy the process. Lately I spent 3 months solving machines and challenge labs for the OSCP Exam day and night, but I did not pass the exam on my first trial.

Now I am back to solving machines on HTB and I learned to follow a methodology but it doesn´t always work and eventually I give up and look for a writeup, and as soon as I do I realize how easy it was and that I just needed to try harder.

I feel like I am in an endless loop and my darkest thoughts tell me that maybe this field is not for me.

The original post: /r/cybersecurity by /u/ReadeDEdwardson on 2024-09-24 12:10:27.

Last week was a rollercoaster for cybersecurity! North Korean hackers lured victims with fake "dream jobs" to infect systems with new malware, and Apple faced new challenges in its legal struggle with the NSO Group. These developments reflect the evolving nature of digital threats and highlight the importance of staying informed.

Check out the full recap for a deeper dive: THN Cybersecurity Recap

What are your thoughts on the Apple vs. NSO Group battle?

The original post: /r/cybersecurity by /u/Top-Pianist926 on 2024-09-24 12:05:04.

Hey guys, sharing the summary of this new podcast episode. Hope you find it useful! Let me know what you think in the comments below. See summary here

The original post: /r/cybersecurity by /u/AverageAdmin on 2024-09-24 18:43:12.

Hello all!

I am very interested in the idea of purple team. I’m sure other people are very interested as well. Does anyone do that for a living and willing to share what the day to day is like?

The original post: /r/cybersecurity by /u/ShadowDV on 2024-09-24 18:42:50.

I've been doing a deep dive into 5.9.5, and it looks to me that with the move to requiring MFA, they have done away with the 20 character thing, and are moving to the new 8 character minimum NIST MFA memorized secret standard, as I can find no reference to the old 20 character/annual change verbiage. Am I reading it correctly?

(5.6.IA-4 and 5.6.IA-5 of the 5.9.5 policy)

The original post: /r/cybersecurity by /u/RequirementFamous729 on 2024-09-24 18:21:28.

Hey r/cybersecurity,

We're all familiar with the common security automation use cases - phishing triage, incident response, threat hunting. And we've probably all faced the same dilemma when it comes to implementation:

1. Roll our own Python scripts
2. Go with a no-code SOAR platform

Python gives us flexibility, while no-code SOARs offer speed and simplicity. But why should we have to choose just one?

After wrestling with this problem for a while, I decided to take a crack at solving it. The result is an open-source project called Admyral (https://github.com/Admyral-Security/admyral). It aims to bridge the gap between custom scripts and no-code solutions.

I'm curious to hear what the community thinks. Does this address the Python vs. No-Code debate? What potential issues or improvements do you see?

Looking forward to your thoughts and feedback. And yes, constructive criticism on the code is welcome - we're all here to learn and improve, right?

The original post: /r/cybersecurity by /u/ny_soja on 2024-09-24 17:27:46.

The more and more I traverse this space and share these concepts the more I realize that this is not a wildly understood nor accepted concept, not nearly as much as it needs to be.

How people in the broader CyberSecurity spaces don't know this is frankly, troubling if not embarrassing. However, it explains so much when you use these insights as a lens to view the current posture of Global Enterprise Security.

Identity is the bedrock of CyberSecurity. Without it, there's no way to secure access to systems, data, or networks. When we talk about CyberSecurity, we're really talking about making sure the right people or entities are getting access to what they need—nothing more, nothing less. Identity Security handles this by ensuring access is based on verified identities and properly managed permissions.

Whether it's IAM for basic user access or PAM for more sensitive, privileged roles, it's all about controlling who gets in and what they can do. This is where principles like Zero Trust come into play—trust is earned through verification every time.

At the end of the day, if you don't have a strong handle on identity, you're leaving the door wide open. Access is everything, and Identity is at the heart of how we manage it.

The original post: /r/cybersecurity by /u/CyberRabbit74 on 2024-09-24 17:23:51.

Not even sure if I call this a "breach". More like an IT ten T error. They left a Database with all this information public on the internet with no password. At some point, some Attorney General needs to charge a company with negligence. https://www.itpro.com/security/data-breaches/100-million-americans-just-had-their-personal-information-leaked-in-the-massive-mc2-data-breach-and-human-error-could-be-the-cause

The original post: /r/cybersecurity by /u/pancakebreakfast on 2024-09-24 16:58:59.

A new ransomware uses the executable for the popular video game “Honkai: Star Rail” to help launch itself while avoiding detection.

The ransomware, dubbed “Kransom” and discovered by analysts from ANY.RUN, employs a technique known as dynamic-link library (DLL) side-loading to hijack the execution flow of the legitimate "Honkai: Star Rail" executable, StarRail.exe.

"Honkai: Star Rail" is a popular roleplaying game with about 21 million players. StarRail.exe possesses a valid certificate from the game’s publisher, COGNOSPHERE PTE. LTD., and is not harmful on its own.

However, when the malicious file StarRailBase.dll is installed, launching the game executable will trigger the ransomware to load and begin encrypting the victim’s files. Kransom uses a simple XOR encryption algorithm with the encoder key 0xaa to lock files, the ANY.RUN analysts said in a blog post published Monday.

The ransom note left behind after encryption instructs the victim to contact the game’s developer, Hoyoverse, in a further attempt at impersonation.

The original post: /r/cybersecurity by /u/Significant-Army-502 on 2024-09-24 15:31:34.

We're wanting to simulate a ransomware test on an endpoint, ideally one that will run against a network share to test how our AV handles it.

The only simulations I've found are ones that use their own files (such as KnowBe4), does anybody know of one that will let you simulate it against your own files?

The original post: /r/cybersecurity by /u/Mongoose_Radio on 2024-09-24 15:30:37.

I am looking for any decent cyber daily news shows or podcasts on YouTube or any other streaming services.

Thank you for the suggestions!

The original post: /r/cybersecurity by /u/mlobodzinski on 2024-09-24 15:30:15.

I’m the founder of a mental health startup, and one of our larger clients just asked us for SOC 2 compliance. We’re a team of 8, fresh off a small seed round.

What compliance software are you all using? I’m trying to get our SOC 2 controls in place, but they’re asking for things like board meetings, which we don’t even have.

Is all this really required to get certified?

The original post: /r/cybersecurity by /u/macjaf on 2024-09-24 15:25:15.

I'm wondering about what measures are DSPM service providers take to ensure that customer data that is pulled from the customer's cloud environment is safe and secure when feeding it to their models for analysis?

Seems very risky, especially for "agentless" companies such as Cyera

The original post: /r/cybersecurity by /u/jaydee288 on 2024-09-24 15:01:48.

I have almost 8 years' experience in security starting out as a SOC analyst and have been in engineering for about the past 5. The company I work for uses Azure and I've dabbled in it some and are familiar with the concepts/services. Eventually I'd like to get into DevSecOps/cloud security. I'm struggling to narrow down which certs I should go for in Azure land or which to start with. Below is the list of ones I'm considering. I'd like to get AZ-500 being that it is security focused, but I've heard its not a push over. So I'm considering starting with AZ900 even though its probably very basic and then going for AZ104. Maybe that would give me a solid foundation to work with before attempting AZ500?

Azure Fundamentals (AZ-900)

Azure Administrator (AZ-104)

Azure Developer Associate (AZ-204)

Azure Security Engineer (AZ-500)

The original post: /r/cybersecurity by /u/klieret on 2024-09-24 14:29:15.

Hi! I'm part of the SWE-agent team from Princeton University. We're super excited to launch EnIGMA, our new AI agent that solves cybersecurity CTF challenges and beats the current state-of-the-art by a factor of 3.3x on the NYU CTF benchmark. It uses tools like Ghidra & pwntools, can debug, connect to servers, etc. It's all free and open-source and available here: https://github.com/princeton-nlp/SWE-agent/. You can also find our paper and more stats on our website: https://enigma-agent.github.io/ Happy to answer questions here as well!

The original post: /r/cybersecurity by /u/miller131313 on 2024-09-24 13:19:02.

Hey all,

I've been working in cybersecurity for several years now, mainly across the energy sector in some very large enterprise environments. I have always been on the blue team side of things and have spent a considerable amount of time grinding at each employer; continuous learning through obtaining many certs, attending conferences, and striving to be a high performer in the workplace by taking on as much work as I could so I'd be recognized as somebody of importance and value to the org. I want to be someone people can trust and depend on to get things done.

Through this, I found myself reaching the top of the pay scale as an individual contributor at my current org with a few years and transitioned into a cyber management role over a year ago. I was not necessarily prepared for this. I had no prior management experience and I did not really have a mentor, or a boss willing to share their knowledge with me.

Within the last 6 months I'm feeling so incredibly burned out. It's to the point where I don't care if I get fired/laid off. In fact, I long for it. All I think about is work, how much is one my plate and how much I can't stand it. Even when I am productive I get no enjoyment or fulfilment out of it. None of the projects interest me and it's so hard to push through.

What are some things I can do to get myself out of this? I've taken time off to try and "recharge", yet I come back feeling worse and filled with existential dread. I'm very grateful for my career, but it is weighing very heavily on me. Any advice from those that have experienced this?

The original post: /r/cybersecurity by /u/PM-ME-UR-CUTE-SMILE on 2024-09-24 11:32:23.

Hi all,

I'm hosting my first TTX next week for a client. I have done a lot of research already but as it's my first time ever hosting it, I'm looking for a few tips to make it as smooth as possible.

Things I'm thinking about:

• Should I do the first 'scenario' with or without injects? It's their first TTX as well. Would it be too soon to work with injects for the first scenario? I'm planning on hosting multiple scenario's, seeing that we have booked a 3hr slot.
• What are the key questions to ask during a scenario?
• I also have 'Backdoors & Breaches' so we can always play that game to have a gamified version of the TTX.

In general I just want to see and read your experiences! Scenario examples are welcome as well. Thanks in advance.

The original post: /r/cybersecurity by /u/JCTopping on 2024-09-24 11:30:51.

The original post: /r/cybersecurity by /u/JCTopping on 2024-09-24 10:52:36.

The original post: /r/cybersecurity by /u/PlannedObsolescence_ on 2024-09-24 10:27:32.

The original post: /r/cybersecurity by /u/maki23 on 2024-09-24 10:08:30.

The original post: /r/cybersecurity by /u/hacknewstech on 2024-09-24 09:28:28.

The original post: /r/cybersecurity by /u/maryteiss on 2024-09-24 09:26:56.

I'm writing an article and am looking to include *anonymous* first-hand accounts of what your worst day as an IT security/cybersecurity pro has looked like, and what lessons the wider cybersecurity community can take away from that.

Thank you in advance!

The original post: /r/cybersecurity by /u/notrednamc on 2024-09-24 04:44:18.

Has anyone made the leap from a corporate employer to independent contracting? What were your motivations? What were your troubles? How do you find work?

I was recently presented with an offer, I can't accept at the moment, but it got me thinking of what the pros and cons might be.

The original post: /r/cybersecurity by /u/zr0_day on 2024-09-23 20:35:53.