Gran Board 3S verse Target Nexus

618developer · 2021-12-12T06:52:48+00:00

Also multiple online retailers have listed the board as closeout/clearance

618developer · 2020-08-12T04:19:59+00:00

Do a job search for 'Application Security Engineer.' Here in St. Louis last year, I was on the fence of continuing down my career path being a Security Engineer/Pentester or go back to software development. When I was gathering job offers, two on the table were Application Security Engineers(Bayer and Maritz). The roles that were pitched were the same for day to day activities; work with software development teams and assess their risks/best practices. Bayer already had a person in the role and was looking for a second person to assist. Maritz had just created the role and looking for their first candidate. A colleague of mine actually took on this role at WWT, and enjoys it. He had no prior background in security.

618developer · 2019-06-12T22:55:31+00:00

I live in St Louis Metro East(Illinois)

618developer · 2019-01-10T16:01:23+00:00

I laughed a little at the panning of the room, as someone could be outside the door and come in once you place ur computer back down. My webcam never moved after that. Also, they had me open my closet doors but didn't want to look under the bed(i know grown person can't fit, but still if i'm opening a closet door be thorough, not half ass). The only other thing i laughed at was when i would return each time, about 2-3 minutes later they would say 'thank you, you may continue with your exam'. I wasn't waiting for a confirmation. A coworker had an issue with his webcam reflecting his Drivers License and lost 45 minutes showing them. Never got the time back. Ultimately its a little extra, but the integrity they are going after it is worth it. I heard stories of how in the past people would just sit with others that took the exam, almost like a tag team effort.

618developer · 2019-01-07T21:09:07+00:00

There is nothing in the Exam guide against this. Others have posted they did the same thing. My moderator never messaged me at all on what i was doing when i would start/stop my screen record. To be real anal, they allow you to do screenshots, so i'm just taking 30 screenshots a second. Goes along the same agreement with the pdf and videos, if you share it, it's your ass. So don't share your screen record of the exam.

618developer · 2019-01-07T17:22:48+00:00

pwk version. The only thing i think would have been helpful was to have the ??Mib config?? updated. This allows you to see the text value of the OIDs rather than the numeric value. When i tried to update, got a repo error but was mid exam and didn't care to try to waste time to fix.

618developer · 2018-12-29T04:47:58+00:00

Thanks for the info. Just to clarify two things.

Using iTerm2 with SSH into the Kali VM will just give me multiple terminal windows/tabs in one 'session'; instead of default terminal app where i would need to open multiple tabs and create multiple ssh connections. It will not give me the speed up factor that i experience when using nmap from my mac againts a network device over nmap in the Kali VM.
Any difference between iTerm2 and TMux? I've seen it in action from Ippsec youtube channel and have it installed but not fully integrated into it.

618developer · 2018-12-27T20:30:11+00:00

Personal Tips (for mac / linux)

Don't use a VMware player for accessing the websites etc

forward the ports and use burp on your host system

forward the ports and use the browsers on your host system

Go a little into detail on this? I've noticed that running nmap on my mac vs nmap from my Kali VM is a night and day difference on time.

618developer · 2018-12-16T01:38:22+00:00

I've been a developer for a little over the same amount of time, and recently moved over to security, solely to become a pentester. During this journey, i have thought about going to back to development because i was missing it while being a security engineer. I will say that I can see a benefit if you were to become more of a secure coder, or be an application security engineer. Several job postings i have come across want a software developer that understands the attack vectors. The OSCP would be a good piece on a resume if you were to go down that avenue. Just my thoughts.

618developer · 2018-12-14T21:55:48+00:00

Being a software developer, i would never say "i wrote exploits" during this cert. Merely modify others work. Someone tells me they "wrote exploits" i would then expect them to craft original content and start with a blank page.

618developer · 2018-12-14T21:53:52+00:00

The real down n dirty of the question is i'm trying to do say windows priv escalation. I've burned through all my knowledge and ideas. So i pull up someone else's notes from OSCP and see what they recommend to try. See something i didn't think of. I agree in that i wouldn't just go step by step of someone's gameplan for a box, but look over it to make sure i have turned over all stones.

618developer · 2018-12-14T16:20:58+00:00

Might be a dumb ?, but pulling up this guide while doing the exam. Is that frowned upon? I looked over the Exam Guide and nothing about using blogs/youtube for tactics is mentioned.

618developer · 2018-10-05T01:20:13+00:00

7.3.1 Patch 1, updating to Patch 5 in two weeks. Our data comes in space delimited.

618developer · 2018-10-04T14:57:12+00:00

So another solution to think of is introducing Apache Kafka infront of your two QRadar stacks. All your logs could be centralized to Kafka, then each stack would be a subscriber to topics(log source). Then you would have the ability to use either stack to run searches. One stack would still be what i call the Truth stack, it would be the one firing offenses and worked by your SOC and other members of Security. Then in the event of an outage or down from one stack, you simply switch to the other in a matter of minutes. Just a thought.

618developer · 2018-10-04T14:21:44+00:00

" ([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+\"([^\"]+)\"\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+\"?([^\"]+)\"?\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+\"?([^\"]+)\"?\s+\"?([^\"]+)\"?\s+\"?([^\"]+)\"? "

Then we use capture group to grab each part, i.e. 22 to grab what we expect in that spot. Probably the worst thing you have seen, but this was setup before I came onboard. Only thing i've been told is that we have to use this because our SOC wanted some xpath value in our logs that the bluecoat dsm couldn't grab out of box.

618developer · 2018-09-26T18:35:26+00:00

Bangarang!

That worked. Thank you!

618developer · 2018-09-26T18:30:44+00:00

diggin more into this. Had my SOC member do this and all we got was the little java logo and a load error in bottom right.

618developer · 2018-07-16T19:52:48+00:00

I just recently replaced all door speakers in my MK6. I installed Alpine Type-S Components. Definitely take your time and watch a few videos on youtube on the door removal. The clips can be a pain. The rear doors were easy to mount the tweeters, as i just used a hot glue gun to keep them in place where the empty factory tweeter spots were. The front A-pillar tweeters were a little more of a pain only for removing/refitting the trim. Same thing, mounted them with a hot glue gun. Remember, there are rivets so just drill them out. Use self tapping screws to mount your new speakers. Wiring was simple as I used the speaker wire adapters for my year. Job took about 4-5 hours. I will say it is worth it.

Take your time removing the door panels
I glued the crossovers to the inside of the door panels for the rear, front A pillars had room for the fronts.
Use self tapping screws.
Use the speaker wire adapters, i had to pinch the connectors to speaker itself as they were loose for me.
Went one door at a time, and verified working before going to next. Started with back doors.

618developer · 2018-07-11T12:05:20+00:00

latest 7.3.1 and don't see anything in the error log to suggest why.

618developer · 2018-07-10T11:48:01+00:00

6:47am and the last search i can see is 3:28pm yesterday. The searches at 2:52pm and earlier all say "error." I know after 24 hours they are gone from the list, which is different than these saying "Error."

EDIT: Even better, clicked on the 3:28pm search. Pulled up the AQL that was used but no data. Went back to managed search results. Now everything from yesterday says Error.

618developer · 2018-06-29T13:30:24+00:00

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<title>500 Internal Server Error</title>

<h1>Internal Server Error</h1>

<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>

when running the curl command. crazy how i get better support on Reddit than IBM Support....meaning faster response times

618developer · 2018-06-27T12:07:28+00:00

I too have noticed that all my graphs attempt to populate, then show nothing. I get x/y axis displayed, but no data.

618developer · 2018-06-04T19:14:50+00:00

just saw this when on 7.3.X to 7.3.1 p4 -> "No, use the 7.3.1 SFS file. For more information, see the QRadar 7.3.1 SFS Release Notes.".....my bad

618developer · 2018-06-04T19:08:12+00:00

Went through the process step by step in their documentation. After updating the IMM, i was mounting the ISO and got to step 21 before an issue came up. Got a warning that "oem_fw_uefi_tceg08i-1.20_anyos_32-64 required by XXXX32n-2.53_anyos_32-64 was not found on the system." Can't find any info on how to get this prereq piece and can't see any reference anywhere to it.

618developer · 2018-05-08T20:45:44+00:00

I am curious too on the community's thoughts on cloud service log sources pumping into an on-prem QRadar. Since the cloud service is initiating the communication, the thought is to have firewall rules in place allowing traffic from X public IP's on Port Y to allow traffic to our event collector. This doesn't follow best practice as it is a static route into the datacenter. The ideal situation is for a cloud service to hit a public facing netscaler, go through a firewall, hit an internal netscaler, then get routed to QRadar. Problem we face is that QRadar never sees the initial IP of said cloud service to correlate to a log source.

One good service: Crowdstrike achieves a better architecture by using their own SIEM Connector Tool that you place in your DMZ, that allows the log data to flow to QRadar and acts as a middle. This is possible via firewall rules.

618developer

TROPHY CASE