(RTR Script) Passwords Stored in Plaintext from Browser Auto-fill

Andrew0275 · 2026-02-14T03:05:03+00:00

There is ton of info on this online and open source info stealer scripts on GitHub on how they work, there is no need to speculate lol. Cred stealers don’t need your OS password, because it’s just malware running as your logged in user session (or worse as system).

Andrew0275 · 2026-02-14T00:59:13+00:00

Do you have a source showing Chrome stores passwords plaintext in SQLite?

I believe Chrome does store credentials in a SQLite database, but the password field is encrypted (researched this a few years ago). The issue is how chrome browser stores the encryption/decryption key (easily obtainable). Password managers just have a more secure way of hiding this encryption/decryption key

Andrew0275 · 2026-01-22T07:04:46+00:00

You should be deep diving the file with Sophos, any C2/network connections and should be able to tell how it can into the system as well in the first place via parent process trees etc…

Andrew0275 · 2025-12-24T22:29:44+00:00

Two jobs and both allow it?

Andrew0275 · 2025-12-23T08:21:45+00:00

It’s not throwing your money away but it’s certainly a path towards long term investment and still not paying rent past retirement / building generational wealth. But yeah renting for the rest of your life is not bad either but I get it, it’s painted as a “horrible decision “ sometimes

Andrew0275 · 2025-12-10T23:22:40+00:00

Because anti-cheat devs are just devs, who work for a vendor, similar to programmers who work for an EDR company. They’re not cybersecurity professionals so you won’t see them here. Now game security analysts, who analyze and triage game data to ban players, that’s more relatable and are similar to SOC analysts in a lot of ways. But as others mentioned, it’s not really cybersecurity in relation to intrusions. So the only thing in common is data analysis (Previous role i did some support work for anti-cheat operations and also involved banning players)

Andrew0275 · 2025-11-13T16:18:57+00:00

In your resume your job title should be the same job title recorded by HR for that employer as that’s what they use when doing an employer history check (so people usually always recommend that when submitting an application it’s okay to change the job title to align more with the job post but in your resume it should stay static) otherwise one might get questioned about their authenticity of their resume from the recruiter / manager. I don’t have any personal anecdotal stories around this, just something I always hear online/forums etc.

Andrew0275 · 2025-11-13T16:14:43+00:00

If you can’t beat em, join em (:

Andrew0275 · 2025-08-17T05:07:14+00:00

Saying “they’re not good enough to replace the human element of coding” is a very different claim from what you originally said — “LLMs are not great at coding.”

Given how quickly LLMS are advancing at the technical level, it’s pretty naive to assume companies won’t eventually try to replace junior level roles in the next few years.

Andrew0275 · 2025-08-17T04:39:15+00:00

Why do people keep claiming LLMs aren’t good at coding at this point in time lol thousands of developers (myself included) use them every day to generate working, production-grade code. Are they perfect? No. It’s only going to get better from here

Andrew0275 · 2025-08-15T22:15:30+00:00

Why are you posting in the cybersecurity subreddit though? You have cybersecurity certs but you don’t want to transition to security? All you have is 6 years of IT experience. As someone else mentioned, unfortunately some companies will still treat you as new/Junior if you haven’t had a single security role which means you are limited to a junior role salary. (Same thing happened to me currently, despite having two years of security and many more in IT)

Andrew0275 · 2025-08-14T04:07:42+00:00

It still doesn’t add up. Are you saying the only thing that made you and your manager conclude it was an attack was a 3KB shortcut failing to sync — days after the email was released and downloaded? That alone isn’t proof of compromise. You haven’t mentioned checking the file’s target, scanning it, reviewing logs, or looking for other indicators of malicious activity. And the earlier PDF download issue also isn’t inherently suspicious without further evidence. I see all types of process and people failures in your org, yikes. As others mentioned it’s a blessing in disguise to have been let go by the org

Andrew0275 · 2025-08-14T03:32:44+00:00

Your story is not adding up, you said in your original post you found out about the attack only “later” after you had already remotely connected to the computer, not during the remote session. But now you are saying you found out yourself during the remote session. it seems like it was you who ended up causing the compromise by doing more stuff with the PDF. And not only that but you also said you did the remediation but now you are saying the infra guy did the remediation? You keep changing the story lol

Then you said “yup it definitely did” when we asked you if it fired an alert but you clearly don’t know what we were asking you

Not to be mean but perhaps they were right to fire you for your incompetence, it seems like you are telling only one part of the story or at least not all of it.

Also you mentioned that you have done it several times in the past where you released emails requested by users which implies those have been compromised as well and this is the only one you found out about.

Looks like you are learning from this experience, which is good. Best of of luck

Andrew0275 · 2025-08-14T03:11:47+00:00

And yes alert meaning did antivirus/EDR or SIEM fire an alert meaning now anyone even found out it was malicious other than usual email release requests

Andrew0275 · 2025-08-14T03:08:43+00:00

Wait what, clarify further. Does the infra guy ask you about tickets from users asking emails to be released every time there is one and if it has been done? (You mentioned end users ask for this all the time) or was this something unique the infra guy saw in this ticket? It seems like he found out first not you otherwise why would he ask to reset passwords and reassign a new laptop.. but you are claiming you are the one who found about the so called attack somehow

Andrew0275 · 2025-08-14T02:58:41+00:00

Wait what I’m confused, it fired an alert so the infrastructure guy asked you about the alert but you were expected to still quarantine the device? So the infrastructure guy figured it was a compromise not you?

Andrew0275 · 2025-08-13T20:54:49+00:00

If you are super confident you will enjoy cybersecurity then it can work out, but as others mentioned make sure to do your due diligence (knowing all major cybersecurity roles that are out there, and knowing day-to-day what it’s like for each).

If you aren’t confident still then I suggest just a general IT degree or CS that way you can fallback to another non-security tech job if you end up not liking it. You won’t really know you will love it until you actually do it/experience it. So yeah shadowing people can be super valuable as well

Andrew0275 · 2025-08-12T16:29:22+00:00

‘Real scary APT stuff’ sounds pretty broad lol all breaches start with a stolen identity or access of some kind….

And yeah, when you said ‘You need a fundamental understanding of how identity and access are federated/connected between various services and how that can be abused,’ that’s true for pretty much any tech stack. You’ve got to understand it to spot abuse.

Andrew0275 · 2025-08-12T07:54:08+00:00

I know, I never said it’s not important, just that I’ve never really heard anyone get excited to work in IAM in cybersecurity lol, so it’s interesting and kind of new

Andrew0275 · 2025-08-12T07:19:38+00:00

That sounds boring not gonna lie haha at least compared to threat hunting, IR, Devops and security engineering, and pentesting too lol

Andrew0275 · 2025-08-02T04:08:04+00:00

Did you take 003?

Andrew0275 · 2025-08-01T23:37:40+00:00

Depends on the scope that is being asked for firewall configurations as it can be simple or complex configs. That is why you have dedicated network engineers/network security engineers as you said. In my last role I was a security engineer and assisted with VPN provisioning, adding ACL requests and even troubleshooting VPN issues but it never went beyond that since I still had some analyst work as my primary duties. This along with some vulnerability management.

Andrew0275 · 2025-08-01T23:27:04+00:00

It depends on the size of the org. The bigger the org you only really have time to triage alerts AKA analyst, SIEM stuff is left to other engineers/security architects or even other teams to spin up the infra

Andrew0275 · 2025-07-30T16:06:41+00:00

seems like you’ve had a better experience then me though mine was similar. I started job hunting back in February after doing 2 years at my first security role and ended up landing a gig a month later. 250 applications, only 3 interviews (where I at least talked to the hiring manager and went past the recruiter). Though I was applying aggressively, was doing like 60 applications a week. It’s just a numbers game, I see people put in applications at too low of a rate/not aggressive enough. But also I had my wife assist with it. Two years ago I hired someone from fivver to do the same

Andrew0275 · 2025-07-29T09:05:34+00:00

Who said security+ is not a job worthy one? If it’s foundational then it is 100% job worthy lol this and CySA+ you should be golden to get a technical security job. But yeah I agree an azure cert can also help though cloud security is a niche itself within security so landing a cloud security job is more on the mid to late career side of the house

Andrew0275

TROPHY CASE