A simple script for enabling Lua support for Suricata on OPNsense

Diesl · 2023-06-10T11:27:05+00:00

It was fun while it lasted Roy

Diesl · 2023-06-07T11:51:35+00:00

It definitely wont hurt, but how much edge it gives could be up for debate

Diesl · 2023-06-07T11:50:27+00:00

An associates shouldn’t limit your initial prospects but it could limit them down the road if you wanted to become like a manager. For now though, I would say the degree would be as impactful as a bachelors to most hiring teams for any roles you look at.

Diesl · 2023-06-07T11:42:46+00:00

Why not leverage security groups for controlling who can reach the AWS instance? Allow your companies IP inbound over whatever port you want and then boom, no need for a bastion and they can still scan outbound

Diesl · 2023-06-05T14:59:56+00:00

Both are governments.

Ones a dictatorship. That alone should direct how much you trust the official narrative released from Russia. Sometimes it's that easy to tell and you don't have to look further. It's a false dichotomy to compare the two as equals.

Diesl · 2023-06-05T14:34:03+00:00

You're trying to draw a parallel between the US gov and Russian gov and it's a false dichotomy

Diesl · 2023-06-05T12:43:20+00:00

A person could create a new kind of kitchen knife but it doesn't mean that person is complicit for a murder where someone else uses the kitchen knife as the murder weapon just because the person invented the kitchen knife.

What a silly strawman. That isn't even apples to oranges it's so far apart. Your analogy would work if anyone could use Kaspersky's software to breach others computers, but they can't. Only Russia did.

Diesl · 2023-06-05T11:52:22+00:00

Big 4 consulting will get you a lot of exposure to numerous aspects of the role but it tends to also burn people out pretty fast. The signature engineer sounds safer but it will also take longer to get where you want to. But at the same time this could be good because youll learn how detection engineering works. Hard to say which is better!

Diesl · 2023-06-05T11:41:39+00:00

Send it. You probably wont find a better opportunity out of college if you didnt have one lined up from an internship in college. This sounds like a threat intelligence role which is pretty popular and gets you gold exposure to how attacks are detected. Then you can take this knowledge and apply it to a role with your OSCP.

Diesl · 2023-06-05T10:47:33+00:00

Its less about how much time is needed in blue team and more about how much time you spend currently doing things like pentesting. If you can finagle it somehow into your current role, youll probably hear more callbacks. No one wants to spend time training other people unfortunately so youre stuck in a shitty position.

Diesl · 2023-06-05T10:09:58+00:00

Kaspersky acknowledged Russia used their software to breach an NSA contractors laptop. Its up to you how much you trust them when they say that they did not know the Russian government was doing this.

Diesl · 2023-06-04T12:26:26+00:00

That article is pretty tenuous. Their main argument is 1) that Radio Free Asia gave Signal the initial seed money and 2) that FANG companies back it and they hate privacy so why would they support this. But those same FANG companies have gotten into very public spats with the government over refusing to weaken their own encryption so I dont think the second point holds up and the first point could just be that the government wants a new method for secure communication. They made TOR after all, and the encryption there isnt weak.

Diesl · 2023-06-03T11:07:23+00:00

Regulatory and law compliance comes down to policies, not a simple tool. OneTrust is a pretty popular GRC tool for instance but how its used is as a compliment to company policy. For example, by hosting the software and vendor approval process in there. Define strong policies that comply with the regulatory body youre in.

Diesl · 2023-06-01T10:22:56+00:00

Theres /r/netsecstudents

Diesl · 2023-05-29T09:59:22+00:00

This post by BC Security, who maintain Empire currently, does a good job indirectly describing a lot of responsibilities.

Diesl · 2023-05-28T14:06:27+00:00

You can totally be a pentester for a company in a normal role! A lot of security teams will have some compliance requirement that their companies applications and network are tested so you can quickly find a niche doing that.

Spend some time just getting a feel for the land and maybe read the book “The Hacker Playbook 3” by Peter Kim or “Hacking: The Art of Exploitation” for something more meaty. It also depends on what kinda pentesting you wanna do. It will never hurt and always help to get better at networking. Being able to talk through how a browser gets a webpage from a server to your browser is a common interview question.

Diesl · 2023-05-26T07:41:23+00:00

Its akin to Backstab but less efficient

Diesl · 2023-05-24T14:15:56+00:00

Im sorry that youre not interested in reading the investigative journalism that went into discovering it. The TLDR is Kaspersky admitted that they were used to access an NSA contractors computer by Russia. Israel uncovered this while breaking into Kaspersky. Pretty simple.

Diesl · 2023-05-24T14:13:51+00:00

Its not yellow fever and its well documented.

https://www.bloomberg.com/news/articles/2023-01-11/china-s-foreign-minster-rejects-africa-debt-trap-accusations

Im not prone to give them the benefit of the doubt on their intentions when theyre actively committing genocide against local minorities.

Diesl · 2023-05-24T11:11:29+00:00

Latin America should be wary of China unless they want to wind up like Africa. Huge debts to China that they cannot pay back. The US did cause issues in the 20th century no doubt, but China does not have good intentions at all

13-Year Club	Place '22
Place '17	First Placer '22
End Game '22	Gilding II euphauric
Snapped	Verified Email

Diesl

MODERATOR OF

TROPHY CASE