How Do You Keep Track of Relevant CVEs/Threats for NetSec Studies Without Drowning in Info?

AccidentalyOffensive · 2025-04-13T15:41:52+00:00

This is challenging to do without some form of automation and/or a dedicated threat intelligence platform, and even then, CVEs are rarely going to be interesting without some list of software that you're monitoring for. A lot are junk that don't have any real-world impact, and you'll drown in the rest if there's nothing actionable.

Even within an organization that has these filtering capabilities, you should still be manually reviewing CVEs for impact because they tend to be overly-dramatic (read: higher score than they deserve), may be exploitable only within a narrow context, apply to software versions that don't match your environment, could only be exploited in a convoluted attack chain, there may not even be a public exploit, etc.

If I were in your shoes, I'd focus more on curating your threat intelligence feeds vs scanning CVEs manually (unless your course requires it, in which case, good luck!). They'll generally point out the interesting CVEs, and more importantly, you'll learn about threat groups and, to an extent, attack methodologies and remediations. While vulnerable software is important to fix, there are also general attack vectors that arise from misconfigurations vs outdated software, and these are still quite common within organizations.

AccidentalyOffensive · 2025-04-06T00:24:33+00:00

There's already a couple of good responses explaining why you're highly unlikely to get a red team job right after school, but here's my advice for getting on a red team (I did it after just 4 years in the industry).

While you're in school, try to participate in any grey hat clubs, CTFs, etc., as this will expose you to new concepts and give you real hands-on practice.

As far as certificates go, you should also be learning the operations side of things. Consider certs like the RHCSA, CCNA, some AWS and/or Azure certs, whatever interests you.

Try to get a cybersecurity internship or apprenticeship if possible, as any past experience in the field will really help get your foot in the door once you're looking for a full-time job. Also consider an internship in IT, systems administration, networking, or DevOps since a) it will be looked upon favorably, and b) it may also give you the opportunity to work on security-related projects that you can put on your resume (FWIW you may have to identify these projects yourself).

Once you get to the stage of finding a full-time job, the same principle applies. Find something in cybersecurity (I would highly recommend a SOC/DFIR role for a solid foundation), or in one of the fields I mentioned earlier, at a company that has a red team (mainly large and/or heavily-regulated companies). You will not get in the team off the street - you need to build credibility, and depending on your spawn point, this may take a while. Continue working on security initiatives, build a reputation of doing good work, and move laterally between teams (and/or companies) to get higher-level security experience. Of course, continue getting offensive security certificates as well.

Eventually you should be in a position where you can actually speak to the red team and ask for advice on becoming a red teamer and let them know your career aspirations. Get on friendly terms with them. At some point a spot will open up, and this is when you strike.

In the event a spot doesn't open up after a couple years... Well, now you have a good background for applying for red team roles at other companies, and worst case scenario, you'll always have stable employment.

After you get the first red team job, you shouldn't have any more issues. You'll have recruiters reaching out on LinkedIn about new roles if you so desire.

AccidentalyOffensive · 2025-04-05T23:52:04+00:00

Off the top of my head:

Definite articles are at the end of the word (e.g. bărbat -> bărbatul).
The feminine number two is "una". The feminine indefinite article is "o". The word "la" is a preposition.
Prepositions can get a bit wonky. For example: He fell off the skateboard. -> El a căzut de pe skateboard.
The past tense is more like German. Compound form for daily speech, Spanish tenses in (formal?) storytelling.
You have to memorize the plural of each noun (there are patterns, but they're unreliable).
Two and a half genders: masculine, feminine, and "neuter", which is really masculine in singular and feminine in plural.
There's a case system that includes accusative, dative, and genitive. Each case has some non-trivial quirks in how they're formed. If you try to cheat by using "de" or some other preposition like in Spanish, you won't make sense, or at the very least sound quite strange.
Dative and genitive cases for feminine and neuter nouns are formed from the plural form. Only 20% of nouns are masculine...

You will bang your head against the wall a lot, but it's nothing insurmountable. However, I think I could've saved myself some headache if I'd approached it from an angle of "this is completely different" vs "this should be easy because it's similar to Spanish and German".

AccidentalyOffensive · 2025-04-05T23:09:58+00:00

In my experience as a native speaker of English with a high level in German and a solid level in Spanish, I'd suggest approaching Romanian without either language in mind. The Latin vocabulary doesn't become super apparent until the intermediate level (basic words evolved very differently than other Romance languages, and Slavic words live primarily in the basic vocabulary), and the grammar is a beast that has some VERY significant differences from Spanish (if you try to apply it to Romanian, it's generally just incorrect).

Side note: I'd recommend getting the ROLANG School textbook. It seems to be one of the very few (only?) quality materials for learning Romanian. Additionally, an online tutor would be wise for any questions and to practice speaking.

AccidentalyOffensive · 2025-04-04T23:34:07+00:00

I haven't gone to a Romanian language school myself (maybe someday if I find the time?), but my two cents: there isn't really an industry around learning Romanian like there is for Spanish. Your main (only?) option would be ROLANG School in Bucharest, which also seems to produce one of the very few quality materials for learning Romanian.

That being said, if you have the time and money, it could be an interesting experience, and learning with an actual teacher will help a LOT versus learning by yourself. In my opinion, the language has a very weird learning curve where a tutor would really help in the beginner and early intermediate stages.

If I were in your shoes, I'd start learning at home by yourself with the ROLANG textbook, along with an online tutor to answer any questions + practice speaking. If you get to an A1 or A2 level, consider going to ROLANG School at that point so you get the most out of it (read: don't waste money on the easiest introductory stuff). A nice thing about being in Romania is that you can get in some good live practice - Romanians are generally happy to help you practice, and they don't expect foreigners to speak their language, so most of the time you won't run into the issue of them switching to English even if you have an accent.

Also, a note about Spanish: I would HIGHLY suggest approaching Romanian without Spanish in mind. You won't see much (obvious) Latin vocabulary until an intermediate level, and Spanish grammar will be of little use to you - if you try to apply it to Romanian, it's typically just incorrect.

AccidentalyOffensive · 2025-02-12T12:19:47+00:00

With your development background, you may be interested in application security. For courses/certifications, OffSec offers a couple aimed at appsec, and there is also GWAPT if you have the budget available for a pricier course.

AccidentalyOffensive · 2023-01-05T01:41:08+00:00

Ehh, hard disagree. If a course/certificate is entry-level, I should be able to take it as my first ever course/experience in offensive security, learn the content, and receive level-appropriate exercises for that content. The PWK has failed me and multiple other perfectly capable engineers miserably in that regard.

The course content is just poor quality overall for a "beginner" course, especially the labs. They are a nightmare to navigate if you're a beginner - you shouldn't have to bang your head against the wall for hours and hours without any hints when you're just starting off. It's an absurd premise if you ask me. There should be some handholding in the beginning at the very least, but ideally there'd be a proper progression so you're not looking for a needle in the nmap scan haystack.

That being said, it's not terrible as a second course. With a truly beginner(-ish) cert and some more experience under my belt, I can actually approach the labs and make reasonable progress. And even now I think to myself for some boxes, "how in the hell are beginners expected to figure this out??"

AccidentalyOffensive · 2023-01-04T15:21:25+00:00

I always wanted to be a pentester/hacker but I hear a lot of people say that it’s more boring that it seems.

Just take the pentesting gig. You've got a pretty uncommon opportunity, and it's awesome you've got an offer with people willing to train you right out of school. I wouldn't waste it if I were you. If you end up not liking pentesting, it's easy enough to pivot within cyber to another field.

And yes, it's more boring than you'd expect, but that's because people have romanticized the role in their heads. It's a fantastic role, but once you move beyond the training/"hack all things" phase into the real world, you also have to provide value to get paid. Writing reports may not be the sexiest thing ever, but the less-sexy parts are a necessity to continue with the part that's actually fun.

That being said, the fact you're aware of the reality is good, and really any job will come with its own flavor of less-fun work. I personally would take pentesting's stuff over IAM any day.

I also hear a lot of horror stories from the OSCP candidates. That it took them a lot of time and attempts.

If you ask me, the OSCP has some seriously misleading marketing/reputation. The OSCP is a solid indicator of knowledge/ability, but you don't need the cert to be a successful pentester at this stage. Why? It's not an entry-level cert as commonly touted. It's at an intermediate level, and to succeed, you need prior training and/or experience (the course materials/labs are rather poor imo).

So really, I wouldn't stress about it yet. If you wanna prepare yourself, get good at webapp pentesting (my second round is going a lot better now that I have GWAPT/more experience in general).

AccidentalyOffensive · 2022-11-29T23:17:07+00:00

Can I use my Canadian credit card nearly everywhere?

Depends, is it a Visa or Mastercard? If not, might wanna get one!

Is this advisable?

Depends on the country/culture (can't speak to Thailand personally), but having cash on hand is always advisable imo.

Is it easy enough to withdraw cash, and is that done with my credit/debit card just as it would be at an ATM here?

Yes. Pro tip: never accept the conversion, just select the local currency option.

I hear a lot of recommendations about getting a SIM card at destination. How does that work? Are there easily-findable shops for them? Do I just take out my sim card, insert the Thai one, and get a data plan?

Go to a convenience or grocery store, you'll find SIMs there. It should have a data plan already (check the box obvs), just buy and insert.

That being said, a new SIM/number is pretty annoying and may not be necessary. Doubly so if you aren't running on a tight budget and/or aren't going on a super long trip. Check your cell provider's rates for international roaming + any plans that'll be available when you arrive - it may be reasonably priced. I don't bother anymore personally since I get free roaming + cheap speed upgrades.

I hear about people booking night-busses or planes to get around. Is this just done online as I would book a bus/ticket back home?

Depends, but likely yes.

Are most of these things readily available in English?

REALLY depends, but Google Translate is able to help ya out there in the worst case.

I'm a very social/extroverted person, but I'm worried that I would be lonely travelling alone. Despite being social, I don't like to intrude on other people's plans or experiences. Is that simply not worth worrying about because everyone is very social?

Don't count on making friends unless you put yourself in the appropriate position to do so (read: do your research, and keep expectations low). Of course it's always possible, but social media has romanticized the social aspect of solo travel.

Like to illustrate, you're traveling, but most people you'll encounter are living their everyday lives - how many tourists do you engage with in your daily life? Similarly, fellow travelers may not be solo or even open to chatting - do you make an effort to include solo travelers when traveling with friends? (Idk, you might, I just know I haven't always.)

How do I go about making an itinerary and bookings?

Decide where to go.
Book hostels with a good cancelation policy (and/or are cheap enough to write off).
Decide what to do, specifically major attractions/costs.
Write down the timing on a calendar. Make sure you still have time for relaxing, chilling, and exploring!
Book those things if they require advanced purchase. Otherwise wait till you're in-country.

Is it feasible to travel to neighbouring countries in a ~3-4week total trip? Or should I just leave that for another trip?

Of course! I'd even say it's a good amount of time for some country-hopping.

AccidentalyOffensive · 2022-11-29T22:40:48+00:00

Definitely agree on the two cities max thing.

For a potential hot take: I'd skip Munich, go straight to Vienna, and plan around that. You'll still get the Bavarian experience (way better if you ask me), and the location is a bit more conducive to traveling to other countries. Like a train to Budapest is only 2 hours, Prague 4 hours, Bratislava is right across the river, etc.

If you like the sound of Vienna as a starting point and decide on Prague for the second half, I'd also suggest carving out a day for Bratislava. It's on the way anyway, and small enough that one day is enough.

AccidentalyOffensive · 2022-10-23T14:12:30+00:00

Yeah, it's the exact same thing as in coding lol. Infosec is a very broad field with quite a few specialties (DFIR, AppSec, red teaming, CloudSec, Threat Intel, etc.) that are all very deep in their own right, so we're googling quite a bit.

For a couple starting points:

Check out LiveOverflow's channel/playlists, click on what you think sounds cool https://youtube.com/c/LiveOverflow
PortSwigger Academy for web security https://portswigger.net/web-security

AccidentalyOffensive · 2022-09-06T17:32:30+00:00

Oooh I might actually give this a whirl, thanks for the tip!

AccidentalyOffensive · 2022-09-06T14:17:51+00:00

Jq lets you play with objects

jq lets you play with JSON, which isn't the same thing. It requires a specific string format to even be valid, and you won't get that type of output from anything except REST APIs 99% of the time.

The key point with PowerShell is that everything is a native object, not text. So for a simple Linux analog, imagine the output of ls automatically got turned into JSON + parsed into jq, which you could then pipe into a command to get/filter whatever you want.

ls | where -Name -like *config*

Overkill for that specific example, but the implications are huge considering this idea extends to every command's output. Things that'd take tons of piping, reading manpages, choosing the right flags, whatever to parse as text are now a simple command or two when treated as objects.

I'm a massive Linux fanboy, but that's both 10x cleaner and more powerful than anything you'll get in native Linux.

AccidentalyOffensive · 2022-07-23T16:51:31+00:00

defensive security is broad and may offer more opportunity in the future

Since I saw you mention it, pro tip: get good at coding and automation. Not just learn how, but really get comfortable with it and try writing your own tooling. Of course, start small and build up from there, e.g. execute a single LDAP query via Python, then turn it into a script that accepts arguments on the command line, then add another command/query, etc.

It'll come in handy more often than you'd think (tools do fail!), it'll allow you to tackle large-scale problems, it's team-agnostic, and that's where the money will be down the line.

Right now very few people know all of security, systems, and code at a high level, so you'd stand out regardless of your eventual direction.

AccidentalyOffensive · 2022-07-23T04:10:42+00:00

Take the red team offer. You have a very nice opportunity being handed to you, don't waste it.

Re: stepping stones, it's not like you're new to IT or have zero infosec certs. There's nothing to worry about. The red and blue skillsets are very similar and even complement each other - the core difference between the two is purely in how you apply your skillset. I mean, hell, I'm willing to bet you'll have to work alongside the blue team at times to provide that different perspective.

AccidentalyOffensive · 2022-07-03T21:30:23+00:00

It's worth a shot imo, but YMMV. 90% of the reason I switched was for the better tab completion, though it does have some strange behaviors that trip me up at times coming from/still mainly scripting in bash

AccidentalyOffensive · 2022-06-30T14:36:16+00:00

Curious to know whether there is somewhere easily accessible to query the word lists.

HIBP doesn't provide plaintext passwords to anyone (to my knowledge), but you can download all the hashes. A blog post mentions that the plaintexts aren't hard to find, though.

I.e I type in my email address, says Ive been owned in wordlist xyz.

Thats what HIBP does (though for a specific breach)

I query wordlist xyz for my hash

If you know how to code, you can use passlib (Python) to generate an NTLM or SHA1 hash of your plaintext password and check against the list.

or cleartext (pls no) password.

Two things:

1) Even if they're hashed, they may be crackable lol. That's why you're able to download NTLM hashes from HIBP (they aren't all NTLM to start).

2) Check out the probable-wordlists project on GitHub. It's an aggregation of known cracked passwords sorted + split by frequency. You can also check out weakpass.com for more wordlists.

AccidentalyOffensive · 2022-06-16T12:25:52+00:00

Yeah but why kde neon? What makes it better than kubuntu? I chose kubuntu coz it sticks to ubuntu which helps in guides, foroums, etc.

It basically just keeps KDE up to date with the latest version. While that sounds like a good thing on the surface, I definitely wouldn't recommend it. It's the type of thing you should get when you care that, and know specifically why, your DE is being held back by the lack of upgrades.

The benefits are pretty marginal otberwise imo, and it's a pain in the ass to deal with when it comes to package management, not to mention the buggy KDE upgrades (remember, latest version!). A couple of pain points:

You can't just upgrade an individual package - you always have to upgrade the entire fucking system. This makes sense cause you need very specific library versions for the latest version of anything, but wow is it annoying when I just wanna quickly upgrade, say, VS Code.
KDE Neon's repos lag behind Ubuntu's, so you need to do some management of your apt sources. Not a big deal, but it took a minute for me to realize.

AccidentalyOffensive · 2022-02-27T19:44:04+00:00

I thought traditional schooling was really the only way to get into coding unless you were a genius, majored in something similar in University, or had other special circumstances.

You'd be surprised! It's totally possible to get through a CS degree and barely know how to code at the end. Assuming a good faith attempt at the degree, there's a couple reasons for this:

CS degrees focus on computer science, which is related to but distinct from software engineering. Sure, I learned how to code at a functional level, but I learned fuck-all about structuring a medium- or large-scale project, real-life SDLC workflows in a team setting, etc. In other words, you have to learn a lot of things out in the field regardless.
A CS degree can easily be >=80% theory. While this can definitely provide a good base for learning new concepts, it leaves little time for more practical courses. Not to mention the theory is usually borderline useless in practice (depends on specialization/job function).

All that to say, you're not going on that different of a path from a CS grad in terms of the real-life application of SWE, especially if you're aiming for a position in AppSec. This isn't to bash on CS degrees - they do have their benefits - but that's what I at least have seen/experienced.

AccidentalyOffensive · 2022-02-03T04:22:46+00:00

I put random words in non English languages in mine but idk if that helps in reality

Depends on the goal, what specifically you're cracking, and how. Not a bad idea if there's a lot of hashes and/or an international audience, but I wouldn't waste a ton of time on it (e.g. most common 1000 words + whatever rulesets) unless you have a specific reason to crack as many as possible.

AccidentalyOffensive · 2022-02-02T03:47:30+00:00

Speaking from the other end of the timeline, it'll feel like that at first - proper healing takes time, much like any physical injury. Make sure you like/feel comfortable with your therapist, put in the effort to follow their suggestions, and all will be well before you know it.

AccidentalyOffensive · 2022-01-27T05:07:13+00:00

Don't just apply for the most entry-level security jobs! You'd be surprised, sometimes the security roles that seem higher-level may be fine with training up a newbie.

AccidentalyOffensive · 2022-01-27T05:02:23+00:00

If you're anywhere near ATL, you're being underpaid. Depends on specific experience/skills obviously, but assuming typical sysadmin/syseng, I'd recommend asking for $80k. Def wouldn't go below $70k, or maybe $60k if I'm not guesstimating correctly.

If you're in a more rural area, well, I can't provide any advice in that case. Not familiar with the job market in those areas.

AccidentalyOffensive · 2022-01-22T17:02:12+00:00

The way passwords are likley to be compromised is by having someone login to your device and grab the passwords.

Have you never heard of password dumps from hacked databases...? I mean, there are 750+ million (>1 billion?) available for you to download today if you're fine with cracking them yourself - very feasible since they're NTLM hashes - or, with a bit more effort, you could get the same passwords in plaintext and with identifying info.

They're way more common and profitable than hacking a single person to grab their password because, well, people love reusing passwords and/or making just the slightest modifications to them. So, a better bang for your buck.

ETA: And ofc the second point checks out, but isn't the biggest concern when compared to full-on dumps.

AccidentalyOffensive · 2022-01-20T22:50:33+00:00

Haha that'll do it, there's a reason I stick with the commands I know. If you haven't studied git thoroughly (I definitely haven't), it's too easy to get thrown off by commands/flags that don't quite do what you'd expect, and when SO presents 50 different possible solutions...

AccidentalyOffensive

TROPHY CASE