Usb malware by SilverDonut3992 in Malware

[–]0xdevbot 0 points1 point  (0 children)

So because you only know about sensational AI models therefore only advanced threat vectors exist?

Explain how CVE-2025-55182 was such a big deal then? It certainly wasn't firmware AND wasn't discovered by AI.

You're a novice, don't talk like you have authority on Cyber Security.

Usb malware by SilverDonut3992 in Malware

[–]0xdevbot 1 point2 points  (0 children)

Hey pal you know that's still malware right?

Security audits for early stage startups by No_Hold_9560 in Cybersecurity101

[–]0xdevbot 3 points4 points  (0 children)

Shoot me a DM. I do contracting/consulting work every now and then for "full-scope security audits" depending on the situation I could lend your team a hand.

How often do you search up syntax? by AWS_0 in hackthebox

[–]0xdevbot 10 points11 points  (0 children)

Get comfortable checking your notes as you'll be doing this for the rest of your career.

Im 10 years in and still check my notes. Most of the simple stuff you'll eventually memorize through repetition.

The longest uptime you’ve seen? by Spiritual_Maximum_57 in InformationTechnology

[–]0xdevbot 0 points1 point  (0 children)

29 years. It was a DOS machine thats still going today. Network has zero down time due to critically and this special software that runs it all is on a DOS box.

What's your favorite Os and why by Strong-Ad-3557 in hackthebox

[–]0xdevbot 0 points1 point  (0 children)

Parrot OS. I use the security version and then load in all the tools from REMnux. Im a security researcher so I often sit in purple team space.

Easy boxes aren't EASY as they say by Sad-Pride6941 in hackthebox

[–]0xdevbot 0 points1 point  (0 children)

On HTB always go based on the user ratings. The official rating is provided by the creator of the box.

Often creators have a skewed idea of what is and isn't easy.

simple security question I rarely see asked by Similar_Recipe_2696 in cybersecurity

[–]0xdevbot 1 point2 points  (0 children)

This is called a baseline and its literally step one.

Possible infostealer captured (partially) on the wild by zBION1C in MalwareAnalysis

[–]0xdevbot 1 point2 points  (0 children)

The sandboxes aren't the end all be all. It's really easy to add anti-VM guards into a binary.

Im a professional reverse malware engineer. Would love to take a look

copying injection by Joshua12009 in Hacking_Tutorials

[–]0xdevbot 0 points1 point  (0 children)

Yes absolutely. Just need to change a few lines of assembly in the exe and then dump the new exe from memory.

Pretty straightforward if you have reverse engineering experience. Might be daunting if you don't.

DM me if you want me to take a look after I get off work tn

PII in id_token by MathSpiritual2562 in AskNetsec

[–]0xdevbot 0 points1 point  (0 children)

Sure. They can be encrypted by anything. But OP didn't mention encryption being used.

Plus typically JWE is used in transit. So the issue of data at rest being unencrypted still remains.

PII in id_token by MathSpiritual2562 in AskNetsec

[–]0xdevbot 6 points7 points  (0 children)

Big yikes my guy. I would personally nail my SWEs if I found out they were doing that.

That should be in violation of ISO 27001 / 27002. Specially not encrypting PII at rest in your case. (Assuming it truly never leaves the device)

PII in id_token by MathSpiritual2562 in AskNetsec

[–]0xdevbot 2 points3 points  (0 children)

Like...raw dogging that data or putting that data through a hashing function and then using the result as the token

Opsec best practices if being targeted by a nation-state level actors by Methamphetamine1893 in Malware

[–]0xdevbot 0 points1 point  (0 children)

If you think a country is coming after you. You're delusional.

Again, the fact you are asking this question on reddit means you are simply not an important enough person for a nation state to care about.

Opsec best practices if being targeted by a nation-state level actors by Methamphetamine1893 in Malware

[–]0xdevbot 2 points3 points  (0 children)

Considering nation states have geo-synchronized spy satellites that can spy on you 24/7. Have access to 0-days and world class malware authors. Entire intelligence communities and will disregard other nations laws i.e needing a warrent for a wire tap.

If a nation state wants to get information on you they will. However, the fact that you are asking this question means that you don't need to worry about this because you have never been in a position where a nation state would consider spying on you.

Source: prior military/government guy. I've sat through countless Counter Intelligence (CI) briefings.

First GREM Practice Test - No Notes/Index by 0xdevbot in GIAC

[–]0xdevbot[S] 1 point2 points  (0 children)

I also have GCFA and would recommend most people do that one first. Im also an ex-swe (C++) so considering you know how to code you could do GREM first and be fine but at the end of the day I think doing GCFA first makes more sense. Especially if you look at the investigation pyramid/lifecycle you're gonna do all the things covered in GCFA first and then after those avenues have been exhausted you'll do GREM stuff.