|
EDITED.
BaseballPCHiker fucked around with this message at 21:07 on Feb 2, 2022 |
#
¿
Oct 5, 2020 20:09
|
|
|
|
| # ¿ Apr 24, 2024 08:57 |
|
|
CommieGIR posted:I mean, your AWS experience is in big demand for Security Engineers/Analysts, and yeah Homelab is actually a valuable discussion point because it shows that you actually enjoy what you are doing rather than just being a 9-5 guy. Thanks for the info. I'm going to just apply to jobs as if their requirements are wish lists and see how I interview if I get to that step. In the meantime I'll work on brushing up my coding a bit.
|
|
#
¿
Oct 5, 2020 20:52
|
|
|
Martytoof posted:According to my weekly LinkedIn reminder email that I can't remember how to turn off there is a huge demand for security architecture and engineering, focusing on the cloud space specifically. Granted no previous paper "security" experience might be a question mark for employers. Thanks for all of the advice. I am starting to realize/accept that I may need to take a paycut to pivot, hoping that it pays off in the long run. Right now I'm making around $88K with good benefits as a network engineer. I may need to drop down to that $70-80k range for a year or two I suppose. Now that I've finished CISSP my focus has been on taking on or starting some security tasks at my current job and trying to use that as a launching board as well. My company paid for an outside group to conduct an internal and external scan of our network and the followup has largely been lacking so I'm going to make an effort to try and do some remediation based on those scan results. Another thing I'm trying to do is compile a list of good news outlets to follow. So far I've mostly just followed Brian Krebs and Daniel Messiers RSS feeds as I dont have a twitter account and would like to keep it that way if I can.
|
|
#
¿
Oct 6, 2020 14:15
|
|
|
Ive had a few interviews for IT security roles now and one of the things that has come up a few times is MITRE and writing reports based on MITRE. I've been honest every time that I've never done any formal incident write ups based on any sort of framework. Every place I've worked has been more of a panic and wildly speculate while foaming out the mouth sort of employer. So I am trying to train myself in this area now. Does anyone have any recommendations on reading, YouTube, etc that do a good job going over formal incident response? So far I've just been reading up whatever I can find online and trying to find some decent videos on it. Also is MITRE attack that widely used?
|
|
#
¿
Oct 28, 2020 18:47
|
|
|
Internet Explorer posted:MITRE isn't an attack, it's a knowledge base and framework for analyzing attacks. https://attack.mitre.org/ Sorry should've been more specific MITRE ATT&CK. I guess how widely used is it? Is this a widespread standard or did I just happen to interview at the two places that use it?
|
|
#
¿
Oct 28, 2020 18:59
|
|
|
Thanks for the info. Watching some YouTube presentations on it now and I like what I see to my untrained eyes so far. Seems like a really good way to show we identified X issue, detected with Y, and will mitigate with Z.
|
|
#
¿
Oct 29, 2020 00:06
|
|
|
Oct posted:For free content, I would typically point someone here: https://www.dfir.training/. A lot of the really good training is still paid unfortunately. SANS is kind of a 900 pound gorilla for training, especially for forensics and incident response. The site I linked is pretty much driven by the DFIR community, so there are a lot of decent resources to dig into. Thanks a TON for the links and info! Yeah one of the jobs I was interviewing for was in a SOC. I had to be upfront and say while I was slightly familiar with MITRE from studying for my CISSP I've never actually used it in a professional setting. I'm going to try and learn as much as I can about it and also try to start using it in some format at my current position.
|
|
#
¿
Oct 29, 2020 18:31
|
|
|
Bob Morales posted:My grip with KnowBe4 is that their "phishing campaigns" are not realistic. They force you to whitelist etc so your messages look authentic...when normally they would not. You can pretty easily make your own custom ones that look much more like traditional spam. I've used KnowBe4 at three different places now and in the end, theres always about 5-10% of people who will click on literally anything despite all the training in the world. At my last place we we're able to place them in a custom high risk pool for spam filtering that was MUCH more aggressive and basically whitelisted senders if I recall correctly.
|
|
#
¿
Nov 4, 2020 18:28
|
|
|
Biowarfare posted:Why are they not being reeducated or terminated instead? I've never worked anywhere that would fire someone for failing a training. The same small subset of users will continuously fail, get the same refresher training or 1-on-1 with some poor IT staff member, and then immediately click on whatever stupid poo poo comes their way. Has anyone seen someone fired for falling for phishing emails?!?
|
|
#
¿
Nov 4, 2020 19:29
|
|
|
We use basically every single FireEye product in existence. Our rep called right away to assure that customer data was safe but my gut tells me otherwise...
|
|
#
¿
Dec 9, 2020 03:02
|
|
|
droll posted:Security team at my company are talking about rumors that Microsoft's patches/windows update service was compromised. From what I've seen this isnt true. Its more like some companies were using Azure so some Microsoft tenants got hit not Microsoft corporate or their services. Again just from what I've read so far.
|
|
#
¿
Dec 18, 2020 17:26
|
|
|
EDITED.
BaseballPCHiker fucked around with this message at 21:19 on Feb 2, 2022 |
|
#
¿
Jan 7, 2021 22:16
|
|
|
I worked at a medical device manufacturer, and even after the Sunshine Act, our sales people were all sorts of shady. Salespeople were first hired on the basis of how good looking they were, male or female. Somehow someway the company got away with doing "trainings" at fancy golf resorts. So long as the doctors attended what amounted to a 1hr sales pitch/demo they could play golf and eat free meals.
|
|
#
¿
Jan 14, 2021 21:42
|
|
|
We had a couple of salespeople who were actually both good looking and incredibly knowledgeable about the product in a very niche way so that they could actually provide advice on how to use the product to a degree. Like they knew the device really well and the doctor knew medicine well and they could bounce ideas off of each other, but that was rare, and they tended to be higher up sales management types that had been promoted a few times. On topic. I've been playing around with Canary Tokens for a while, I've setup free tokens for a past employer and found them really beneficial. Trying to talk my current company into buying the paid version. Has anyone here used Thinkist Canary paid token software before?
|
|
#
¿
Jan 22, 2021 20:41
|
|
|
Internet Explorer posted:The Linux world never gets to make fun of Windows ever again. This explains why my Mint computer at home had an update for Sudo which I had never seen before. Question for people here who have a CISSP. How many credits do you get from getting other certs? Im going to go for my AWS Security cert in the next month or two and I am wondering if that will cover me in credits for the next year or if I need to start hitting up webinars left and right down the line.
|
|
#
¿
Jan 27, 2021 15:16
|
|
|
Martytoof posted:I've actually never given this much thought and now I'm worried I might be passing up CPEs for just GETTING a new cert. I've always counted the training time as CPEs but nothing for the actual achievement. I didnt know I could list the training for CPEs, I figured since its all self guided, I'm just labbing on my own and watching ACloudGuru videos that I would get zilch until I get the cert.
|
|
#
¿
Jan 27, 2021 15:46
|
|
|
rafikki posted:Other than the age old "OT is a secfuck nightmare" advice, are there are good resources I can start following about industrial/manufacturing specific infosec concerns? Doing some work for a customer in that space and anything I could start following with topical news would be appreciated. First off good luck! I fought that battle for a while at a previous employer and there was always such a divide between IT and the wrench turners that it was hard to get anywhere. NIST has/had some generic guidelines that are a good starting off point - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
|
|
#
¿
Feb 2, 2021 20:07
|
|
|
I havent done it, but your experience with the CISSP mirrors mine. I guess I learned some useful manager speak and how to frame security decisions within the larger context of the whole business but that was about it. I've felt better about more technical training like the AWS security cert I am going for now, or even my old CCNA. But the CISSP did open some doors for me jobwise and got me a raise which was nice.
|
|
#
¿
Feb 4, 2021 15:45
|
|
|
EDITED.
BaseballPCHiker fucked around with this message at 21:20 on Feb 2, 2022 |
|
#
¿
Feb 10, 2021 14:15
|
|
|
knox_harrington posted:Total amateur here. I'm working from home 100% and would be interested to know how my work computer is spying on me. It only needs a VPN if I'm accessing the corporate intranet, so presumably I can see where it's sending packets to across my home network? I'm sure others will have better ideas but I would run Wireshark, take a good long packet capture, then see where your traffic is going. If you arent able to install Wireshark you could put in more effort by getting an old fashioned hub, and connecting your work computer to it, then another computer to the hub running Wireshark.
|
|
#
¿
Feb 11, 2021 15:01
|
|
|
Space Gopher posted:The answer to this is going to be "to the corporate VPN," whether it's logging and transmitting every single click and keystroke, or just phoning home once a day to see what updates are whitelisted by their MDM setup. The entire point of the VPN is that the traffic is opaque to anybody using, say, Wireshark to sniff and analyze it. Not necessarily, lots of places are running split tunnel VPNs these days. Unless I am totally misreading the question. I thought this was something along the lines of "I have a work computer running the VPN but it only talks back to corporate for intranet traffic, not google" sort of thing. Maybe I'm assuming to much.
|
|
#
¿
Feb 11, 2021 18:07
|
|
|
CLAM DOWN posted:I personally don't think you can succeed or be of any quality in security unless you are passionate about it. So, in my opinion, yes. Personally I disagree. You can be good at your job and not passionate about it. I have a few people on my SOC team that have just had decades of experience from enterprise networking or server management they can lean on in addition to their security skills and be excellent. Those same people are more than happy to just punch in and out at the end of the day without caring deeply about the field. What you do need to be passionate about is being good at your job regardless of what it is.
|
|
#
¿
Feb 19, 2021 14:40
|
|
|
Im only like 3 months into my InfoSec job coming over from a full time network engineer role. I work way less hard than I use to. My job seems to involve talking other teams into fixing their poo poo, then escalating to management as the fixes go unimplemented, before moving onto the next broken thing. Its not nearly as fun as my old job but it pays a ton more at least.
|
|
#
¿
Feb 23, 2021 14:46
|
|
|
CyberPingu posted:Infosec is mostly delegating I've found. True in my experience as well. Most places big enough to have a full time security staff are also big enough to be bogged down by necessary bureaucracy and management making changes slow and tedious enough as it is.
|
|
#
¿
Feb 23, 2021 15:05
|
|
|
BlankSystemDaemon posted:They're basically someone who's paid to be the one who gets the blame when security is found to be lax. Previous job had a "virtual" CISO as part of a security package we bought from the firm. Ours flat out told us that one of their services was being a glorified fall guy for when something bad eventually happened.
|
|
#
¿
Feb 23, 2021 23:40
|
|
|
God drat, infosec people are like their own worse enemy. We have a single dumb alert, literally just suspected Adware on a Mac host. The detection is all messed up but it keeps quarantining these files on a developers computer. We know the detection is wrong but everyone is to chickenshit to sign off on marking this as a false positive so we can update our detection rules and let the user actually work. This isnt even something new, we've seen it before, our rules just suck for MacOS. Instead of just fixing it for the user though everyone cowers behind the vendor until they make some fix in the next update.
|
|
#
¿
Mar 8, 2021 19:11
|
|
|
DrDork posted:I think this is the key part. If you want to page me for some legitimately serious issue, ok, sure--pay me sufficiently and it's all fine. If you're paging me at 2am because someone locked themselves out of their account, then no, gently caress off, unless you are paying me a lot. Last job had the worst on-call setup I've ever experienced and it was a major factor in me burning out and looking to move on from a job I otherwise enjoyed. No extra pay, on call 24/7 for 1 week a month. We could informally flex time spent on call by leaving early but were starting to get major pushback on that from HR and had a few times on the end where we couldnt take our flex time and were just forced to work extra hours for nothing. I do not miss staying up to 3AM to deal with fiber cuts to some police/fire station anymore.
|
|
#
¿
Mar 12, 2021 17:57
|
|
|
This latest round of Exchange CVEs has been interesting to watch develop. My org was able to get patched within 24 hours of the patch release thankfully. But we've seen a HUGE increase of incoming mail from known vendors/users that have had their Exchange servers compromised. We've broke the news to probably 5 other orgs that were vendors for us within the past week. Every single one of them has said some variation of "Yeah we know we need to patch just hadnt gotten to it yet". For one particular vendor at least this was the last strike and corporate has said we will no longer be doing business with them.
|
|
#
¿
Mar 18, 2021 16:37
|
|
|
Sickening posted:Its not really interesting. We acquired some companies and one of them have a few of these ancient shitters. I have researched this a bit before, but outside of the cve's posted by Microsoft, I feel like vulnerabilities of EOL servers just goes dark from the community at large when they go EOL. Have fun: https://nvd.nist.gov/vuln/search/results?adv_search=true&form_type=Advanced&query=cpe:/o:microsoft:windows_2003_server I think CIS or NIST might have some benchmarks or something at least published out there if you do have to keep using it for some dumb reason.
|
|
#
¿
Mar 22, 2021 19:33
|
|
|
Yeah I would want to know what the expectations out of you are. SOC response type? Making big picture security policy decisions like a CISO? A bit of both? Are you expected to be hands on with firewalls, DLP, AV, etc?
|
|
#
¿
Mar 24, 2021 20:36
|
|
|
I was still able to grab that deal today for anyone else interested in it.
|
|
#
¿
Mar 30, 2021 16:17
|
|
|
HexiDave posted:I think the problem was less "they made a mistake" and more "they pretended they didn't make a mistake, but the mistake was very big." Yes I would agree. See for instance how FireEye handled their initial announcement of the whole Orion/SolarWinds debacle as an example of how to handle things well.
|
|
#
¿
Apr 1, 2021 15:12
|
|
|
RFC2324 posted:how are you checking phone numbers? Would be curious to know as well. I saw one shady site that claimed to be checking numbers but that was it - https://www.thenewseachday.com/facebook-phone-numbers-us Have I been pwned has added the breach to their database as well - https://haveibeenpwned.com/PwnedWebsites#Facebook but im not sure if they're just checking emails associated with the breach or letting you search for numbers.
|
|
#
¿
Apr 5, 2021 15:19
|
|
|
BlankSystemDaemon posted:No, but Facebook have a profile for you anyhow. The EFF has a privacy badger plugin for Firefox that will accomplish this.
|
|
#
¿
Apr 5, 2021 19:45
|
|
|
I have read, and Im not 100% sure on this, that the above was limited to the "major" carriers in the US, meaning some podunk regional providers might still be affected.
|
|
#
¿
Apr 7, 2021 18:57
|
|
|
Cabbages and Kings posted:I came here to post this. This is super worth the read and is also one of the funniest things I've read all month, the wink-wink nudge-nugde "fell off a truck" and the parting paragraph are loving fire. Yeah this was fantastic, well worth a read for anyone.
|
|
#
¿
Apr 22, 2021 21:07
|
|
|
I use SEP at my current gig. It works well enough I suppose. Maybe this is the wrong attitude for someone working InfoSec, but its fine. The reporting and management works well enough for us and I dont really care to look into it anymore. Its just another layer of security. We dont have E3 licensing so Defender isnt an option for us. Im sure its also fine. We do actually have the resources though to have people follow up on detections in SEP, see how the detections were triggered, how they were delivered, what the malware was trying to do, etc. I think just having the man hours to do that follow up work makes SEP work well for us.
|
|
#
¿
Apr 23, 2021 13:54
|
|
|
Does anyone here use AWSs Firewall service with a partner integration like FireEye, CrowdStrike, CheckPoint, etc? We're just starting to set it up and I was curious what people were using for the IPS/IDS integration. EDIT: Weird copy/paste/I have no clue in this post. BaseballPCHiker fucked around with this message at 23:42 on May 10, 2021 |
|
#
¿
May 10, 2021 20:38
|
|
|
Sickening posted:Is it much harder than just having a flat network? Of course. The issue is more in that it requires more effort from your network engineers more so than cost. Its like you've read my mind. There is so much inertia in larger networks. Companies that were early adopters 20-30 years ago to computer networks have huge hurdles to overcome in redesigning their networks. Who wants to pay for people to come in and totally redesign their OSPF or EIGRP network which will involve either a ton of downtime or a ton of cost in extra equipment, engineers, etc? And I cant bang this drum loudly enough. InfoSec people who have done nothing but InfoSec straight out of school dont have good network skills, in my experience at least. They cant just look at a topology or routing tables and point out what should be done or how.
|
|
#
¿
May 11, 2021 15:11
|
|
|
|
| # ¿ Apr 24, 2024 08:57 |
|
|
Has there been any real news on the Kaseya attack about how they got hit? Last I read it wasnt a supply chain attack but some 0 day exploit of their software.
|
|
#
¿
Jul 6, 2021 19:58
|
|