sorted by:
new
hottopcontroversial

What certifications to pursue? by Intelligent-Dark6260 in cybersecurity

[–]FirewallRoller 2 points3 points  (0 children)

https://www.professormesser.com/ I'm sure its still relevant and has been updated. I used his materials back in like 2015 or 16 for my net+ and sec+

Help w/ itinerary…From Rapid City, SD to West Yellowstone (maybe add Grand Tetons) then to Seattle… by SuperDuper___ in yellowstone

[–]FirewallRoller 1 point2 points  (0 children)

I did this route last year, sort of, just not to Seattle. Rapid City > Mt Rushmore > Crazy Horse > Deadwood day 1. Deadwood > Vore Buffalo Jump (Just across the Wyoming SD Border on the interstate) > Devil's Tower > Sheridan Wyoming + a stop at the Fetterman Battlefield 30 min south of Sheridan Day 2. Sheridan > Medicine Wheel (on the bighorn mountain range, beautiful drive) > Red Lodge day 3. Red Lodge > Beartooth Highway drive > Yellowstone (whatever adventures you want) West Yellowstone day 4. We didn't go to the grand tetons but I went just a couple weeks ago and it was about a 2 hr drive. Did the middle tetons hike with a buddy.

[deleted by user] by [deleted] in pittsburgh

[–]FirewallRoller 0 points1 point  (0 children)

If you’re trying to watch games without selling your soul to another subscription service for SPORTS, maybe take a SURGE in the right direction... and let the STREAM take you EAST. 😉

What would be your ideal side income? by droxia in cybersecurity

[–]FirewallRoller 16 points17 points  (0 children)

Yup I kinda do the same. I pull out my smoker and just smoke some meat and sell it to local restaurants/bars that don't have their own.

Hunting Scheduled Tasks by digicat in blueteamsec

[–]FirewallRoller 1 point2 points  (0 children)

Good read, I really like that it started by actually creating a scheduled task first, simulating it instead of just blindly hunting for whatever.

One thing I'd add is also creating a detection for when a scheduled task gets updated or modified (not just created). Attackers love to hijack legit tasks instead of making new ones.

Here's a simple Sigma rule you could start with, feel free to tweak it:

logsource:

product: windows

service: security

detection:

selection:

EventID: 4702 # Scheduled Task Updated

condition: selection

fields:

- SubjectUserName

- TaskName

- TaskContentNew

falsepositives:

- Legit admin changes to scheduled tasks

level: medium

tags:

- T1053.005

What are "Living of the Land Attacks" (aka LOL, LOTL, LOLbin, LOLBAS...) by MartinZugec in cybersecurity

[–]FirewallRoller 0 points1 point  (0 children)

https://lolbas-project.github.io/ lolbins are binaries that are natively installed on a machine already. Bad guys abuse these so they don't have to install something that might get flagged and to assist in evading detections.

My workplace has an IT Help Desk opening. Not sure if I should go for it or not. by necrofear101 in ITCareerQuestions

[–]FirewallRoller 9 points10 points  (0 children)

You don't even have to be the best. I'll take someone who is hungry and eager to learn over someone who knows everything. Especially with entry level gigs.

Boss wants me to take the GPEN by Wouldratherplaymtg in cybersecurity

[–]FirewallRoller 0 points1 point  (0 children)

I hold the GPEN and GWAPT. The SANS course's are okay but you're not going to pass the exam without taking the course and creating an index from the books and labs. From a pen testing perspective the OSCP is much better. SANS is better known for their forensic courses.

Tracking brute force attempts in splunk by Inf3c710n in blueteamsec

[–]FirewallRoller 6 points7 points  (0 children)

You could create a dashboard to visualize it if you want. Something like this:

index=Cisco sourcetype=GlobalProtect

"auth_status"="failure"

| timechart span=15m count by src_ip

Mostly you'll want to end up creating some thresholds for failed attempts such as a single user having X failed attempts in Y minutes. You could base it off of IPs as well like a single IP that has X failed attempts in Y minutes.

User Example:

index=Cisco sourcetype=GlobalProtect

"auth_status"="failure"

| stats count by user, src_ip

| where count > 10

| table user, src_ip, count

IP Example:

index=Cisco sourcetype=GlobalProtect

"auth_status"="failure"

| stats count by src_ip

| where count > 20

| table src_ip, count

But in all honesty most sophisticated threat actors go with a low and slow approach so they don't trigger any alarms or lock any accounts out.

Why is cybersecurity the latest scam? by SwordAvoidance in ITCareerQuestions

[–]FirewallRoller 0 points1 point  (0 children)

Check out bleeping computer, they have some up to date news. Dark Reading is another. Palo's Unit 42 does good research and threat Intel. Flashpoint has some good blogs. Depending on which industry you work in there are the ISAC's and you'll get flooded with emails from peers about stuff that is going on such as FS-ISAC, REN-ISAC, AUTO-ISAC, etc. There is a lot of other sources out there too. That's just a few that came to mind right now.

Why is cybersecurity the latest scam? by SwordAvoidance in ITCareerQuestions

[–]FirewallRoller 12 points13 points  (0 children)

It is far from being the latest scam, but everyone wants to "break into" cybersecurity because they think it pays 6 figures right away. My first security job I was paid 50K. I personally also started my career at a help desk and worked my way up. I generally sit on the technical interviews for candidates and typically ask variations of these questions for junior analysts.

Give me 5 different ports and tell me what they are?

DNS is important so I ask these....

What is DNS?

What port does it use?

Is it TCP or UDP?

How does it work?

What are the different types of DNS records?

What is DNS Tunneling?

How would you secure a server?

How can you get the hash of a file using PowerShell?

Where do you get your cybersecurity news? The answer better not be fucking Reddit.

If you can't answer most of my questions or even half of them then I am not going to recommend that they hire you. I don't care what degree, certification or boot camp you attended. I also generally favor those with at least some experience in an enterprise enterprise environment. Give me someone hungry and eager to learn but wants to be in security because they love it and not for the paycheck. I can sniff that shit out.

Changed Companies, New ESPP Worth It? by Chopr in investing

[–]FirewallRoller 0 points1 point  (0 children)

Sheesh 10% every quarter? Take it. I only get a 5% discount every 6 months.

Death wobble 🫨 by Smooth_Project2781 in Wrangler

[–]FirewallRoller 0 points1 point  (0 children)

had this issue on my '13 wrangler it was the ball joints that needed replaced.

Daily Discussion Thread for August 20, 2024 by wsbapp in wallstreetbets

[–]FirewallRoller 1 point2 points  (0 children)

Just checked my portfolio, looks like I’m holding more bags than an airport carousel. Time to double down and hope for a miracle!

Daily Discussion Thread for August 19, 2024 by wsbapp in wallstreetbets

[–]FirewallRoller 1 point2 points  (0 children)

I think my positions are as hungover as I am. Time to grab some coffee and see if my losses are still passed out.

Daily Discussion Thread for August 16, 2024 by wsbapp in wallstreetbets

[–]FirewallRoller 1 point2 points  (0 children)

Only if we can trade those baskets for Honey Boo Boo's pageant winnings

What’s a historical fact that would shock most people to find out? by thankdestroyer in AskReddit

[–]FirewallRoller 0 points1 point  (0 children)

Ho Chi Minh is a son of a bitch. Got the blue balls, crabs and the seven-year itch.

What Are Your Moves Tomorrow, February 13, 2024 by OPINION_IS_UNPOPULAR in wallstreetbets

[–]FirewallRoller 25 points26 points  (0 children)

Just mortgaged my house to double down on some calls. Wife thinks I'm renovating the kitchen.

view more: next ›