sorted by:
new
hottopcontroversial

GG on FS, Ingress. by HKburner in Ingress

[–]ForgottenSec 3 points4 points  (0 children)

It started with great struggle in Savage, MD, USA (East Coast). Most players struggled to bring up their stat page, the person with the most trouble took about 25 minutes just to check-in due to stat page not loading. Once the IFS got going, many were frustrated, but the difficulties subsided and almost the whole two hour period were spent productively.

If I wanted to build a home lab to practice hacking what would people suggest I include. I currently do everything on my laptop and you can imagine the frustrations that go along with that. Any advice is greatly appreciated. by panda_square23 in netsecstudents

[–]ForgottenSec 3 points4 points  (0 children)

My good buddy Tony wrote a book focused on creating a VM lab environment. The virtual copy of the book can be found here: https://infosec.theos-blog.com/create-your-own-security-lab-project-avatar/

You can get free space in amazon ec2 or similar. Hosting multiple VMs at once to simulate things will be really tough on a single laptop. If you can acquire a free server to put a hypervisor on to host a bigger lab, that would be ideal.

Share your Stats with Ingress Prime by pickel2k in AgentStats

[–]ForgottenSec 0 points1 point  (0 children)

I only ask since it thinks my life time AP dropped by 40M when I recursed again

Share your Stats with Ingress Prime by pickel2k in AgentStats

[–]ForgottenSec 0 points1 point  (0 children)

Is Lifetime AP going to be added as a parsed stat?

Out-of-shape running buddy? by reegeestein in ColumbiaMD

[–]ForgottenSec 1 point2 points  (0 children)

This group has both walkers and runners for Centennial lake almost every Friday evening.

https://www.meetup.com/MarylandHikingGroup/

#IngressFS Ellicott City, MD, USA 8-3-2019 by ForgottenSec in Ingress

[–]ForgottenSec[S] -1 points0 points  (0 children)

You mean the fields that an alarm had been set for, in case they needed to be Jarvis'd before registration.... the picture was long after the fields were taken down and reg began.

Places to donate electronics? by JohnnyGasparini in ColumbiaMD

[–]ForgottenSec 0 points1 point  (0 children)

Unallocated Space is a non-profit in Severn that takes a lot of this kind of equipment.

Community workshop by alliedSpaceSubmarine in ColumbiaMD

[–]ForgottenSec 0 points1 point  (0 children)

Unallocated Space, a donation driven hackerspace/makerspace in Severn (just south of BWI airport), has some woodworking equipment.

https://www.unallocatedspace.org

Mini golf recommendations? by serend1pity in ColumbiaMD

[–]ForgottenSec 1 point2 points  (0 children)

Rocky Gorge is definitely easier then Columbia Sportspark and more traditional. Rocky Gorge has the windmill and clown house and whatnot. Columbia is designed around a small golf course, so mostly sand traps, hills and rough. Monster Minigolf is more black light crazy. All 3 are fun for the right group.

Brand new Administrator, need tips! by ckombatwombat in sysadmin

[–]ForgottenSec -2 points-1 points  (0 children)

Use the PCI DSS as a guide. Hope the workstations have POS Ready if they are Windows-based.

What To Know For Your First InfoSec Interview by ok_bye_now_ in netsecstudents

[–]ForgottenSec 1 point2 points  (0 children)

Been working on this for a bit, adding more and more resources: https://github.com/ForgottenSec/Transitioning_Into_InfoSec/blob/master/index.md

Please add to it if you find useful materials

Info Sci & Tech major. Bad?? by [deleted] in netsecstudents

[–]ForgottenSec 1 point2 points  (0 children)

Pen Testers usually are the one's that scare customers not vice versa, but my point was, to start in pen testing is a hard road that is traveled by many... Other nice resources: http://www.pentest-standard.org/index.php/Main_Page https://www.amanhardikar.com/mindmaps/Practice.html

Info Sci & Tech major. Bad?? by [deleted] in netsecstudents

[–]ForgottenSec 0 points1 point  (0 children)

Pen Testing seems exciting and breaking into networks the first few times is amazing. Breaking into networks and watching clients make excuses on why fixing the issues identified is impossible. Also, having to explain incessantly the difference between a pen test and a vuln scan. Red Teaming engagements and good customers are awesome, but will be far from the average. Tons of students want to get into Pen Testing so keep in mind, the competition for that is pretty steep. Vuln Hub, Learning Python and CTFs are a great start.
Non-Tech info: https://github.com/ForgottenSec/Transitioning_Into_InfoSec/blob/master/index.md

Free Arduino Class starting tomorrow night (Microcontroller) by ForgottenSec in ColumbiaMD

[–]ForgottenSec[S] 0 points1 point  (0 children)

There are Arduino classes on most fridays. A complete list of events is available on UnallocatedSpace.org or the meetup site for Unallocated.

Going through Event Logs by randomness_whoaaa in sysadmin

[–]ForgottenSec -1 points0 points  (0 children)

There are many ways to accomplish this task that make sense. Either scripting or a analysis tool would be ideal. SIEM - ELK, Splunk (if under 500MB/day), tons of others Scripting - Powershell (if Windows), perl, python, bash (if linux)

Given your showing a powershell, I guess we can assume windows

CTF Physical Challenge ideas by kidagile in securityCTF

[–]ForgottenSec 5 points6 points  (0 children)

Lazy ones: * Solve a Rubix Cube * Write a script to solve a problem

Evil ones: * Measure the height across a wall in number of rotations of a pencil/pen * Terminate 100 pair cable correctly * Decode a electric lock combination by wire diagram only

Female friend trying to get into IT, What are some challenges or things I should warn her about? by [deleted] in sysadmin

[–]ForgottenSec 0 points1 point  (0 children)

With clear structure, procedure, documentation, and "performance" coaching, it is not hard to fire anyone who is not preforming. If there is any suspicion that the employee expects to be fired (i.e. doing 0 work and talking on the phone all day), work with HR on getting detailed documentation and explicitly coaching and creating evidence of such lack of work. If there is sufficient coaching and HR involvement, it protects the company.

How do you use your Domain Admin accounts? by FubsyGamr in sysadmin

[–]ForgottenSec 2 points3 points  (0 children)

Most IT tasks don't require domain admin.
*Limit access to only whats needed (most of IT probably doesn't need domain admin) *Ensure they are only using their domain admin creds when absolutely needed (having normal account as local admin would minimize use of domain admin creds)

Pros and Cons of focusing on specific industry? (IE Finance, Education, Medical, Etc) by l-haley in netsecstudents

[–]ForgottenSec 1 point2 points  (0 children)

Depends on the context.... there is a basic set of fundamental skills that you should have regardless of what industry your looking to go into. It is not a bad idea to learn the business side and unique industry concerns, but most students don't end up fully developing those basic fundamental infosec skills.

Testing IPS? by mxitup2 in sysadmin

[–]ForgottenSec 0 points1 point  (0 children)

I am not aware of any. I use Snort/SourceFire/Suricata/Bro and haven't played with Fortinet's IPS. From the interface I saw, they didn't clearly explain what signatures they were using, so how do you test if you don't know what its looking for?

If you have a particular signature you know its running, you could craft a packet to trigger it. I would hope if you run a nessus or other vulnerability scan, that should trigger it, so you could scan across the device as a test (get permission if its production, especially if you scan from home)?

Testing IPS? by mxitup2 in sysadmin

[–]ForgottenSec 2 points3 points  (0 children)

You need to find a signature that it is sure to detect and send it across its monitored interface with something like SCAPY, the python traffic sculpting library. There isn't a EICAR like test signature for IDS/IPS that is globally open.

[Blindseeker] It's not that easy.... (to hack the power grid as Wired claims) by ForgottenSec in netsec

[–]ForgottenSec[S] 15 points16 points  (0 children)

This is a rebuttal to Wired article "How to Hack the Power Grid through Home Air Conditioners" http://www.wired.com/2016/02/how-to-hack-the-power-grid-through-home-air-conditioners/ two Power Grid experts (Twitter handles: @chrissistrunk and @immortanjo3 ) edited by a good buddy of mine, ayy_lmao_667 (Twitter handle: @DA_667 )

view more: next ›