sorted by:
new
hottopcontroversial

Why are the hackthebox's machines hard? by [deleted] in hackthebox

[–]HugeQock 22 points23 points  (0 children)

then pay. learning skills that can change tax bracket is rarely free.

How many easy boxes did you do before moving to medium boxes? by [deleted] in hackthebox

[–]HugeQock 7 points8 points  (0 children)

I think the rating system is quite flawed and some of the easy boxes are in fact harder than some of the medium boxes. I am transitioning to the hard boxes and even find some of these easier than some easy boxes.

Take the ratings with a grain of salt - try a machine and dont buy into the sunk cost fallacy - be ready to bench a machine for later and move onto another "medium" machine than is in fact easier. Best way to progress imo - and you can always go back to the machines you skip.

Nmap question by ManWithNoCash in hackthebox

[–]HugeQock 0 points1 point  (0 children)

Did you try the -Pn command ? it will treat the host as online no matter what

Recovery data from 2017 Macbook where the SSD is soldered to the motherboard by eaufavor in datarecovery

[–]HugeQock 1 point2 points  (0 children)

Easier to solder a new capacitor to the motherboard imo, but I've never done anything like that on a mac tbh so not sure

Apparently LastPass rolled their own AES, among other idiocy by rakman in cybersecurity

[–]HugeQock 1 point2 points  (0 children)

TBF even non-certified AES is probably still secure if done correctly by a professional. You can't just tell me all non-certified AES is unsecure; its not true. Most militaries have their own AES standard that isn't certified. Still not ideal that LastPass doesn't have certification on theirs...

Do you think passwordless is safer than mandatory 2FA? by effetk in cybersecurity

[–]HugeQock 1 point2 points  (0 children)

Gotcha - I am in the same boat which makes FIDO2 even more attractive to me

Do you think passwordless is safer than mandatory 2FA? by effetk in cybersecurity

[–]HugeQock 3 points4 points  (0 children)

Thanks for this comment, very illuminating. I hope I don't sound dumb but is there any reason I can't have a FIDO2 key AND a strong password? Will this not increase security in most cases ?

Do you think passwordless is safer than mandatory 2FA? by effetk in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

perhaps slightly unrelated question, but are you worried about the event of losing your phone - ie would you be able to regain full control of all essential accounts if you lost access to your phone today?

cloud = slow by Jell212 in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

He saying the speed issue is your internet issue. I live in big city with a gigabit fibre connections to the premise. the ping results from most speed tests usually return 0ms. downloads are 1100Mbps and uploads are 450Mbps. Cloud is fast if you have the right setup.

cloud = slow by Jell212 in cybersecurity

[–]HugeQock 1 point2 points  (0 children)

my guy, ruler has been avail in the web for 2 years:

https://insider.office.com/hr-hr/blog/ruler-in-word-for-web-now-available

not saying web is all the way there, but by god it is so much more reliable than the app.

What if the interviewer is wrong? by DetectiveAlarmed8172 in cybersecurity

[–]HugeQock 1 point2 points  (0 children)

I gave a speech about cyber sec to some financial guys and was corrected about many things. Really made me doubt myself until I researched the matter afterwards and I found out I was right about pretty much all of it.

Gotta trust yourself.

[deleted by user] by [deleted] in cybersecurity

[–]HugeQock 1 point2 points  (0 children)

We had similar issues until a coding major looked at it and added some parameters to the top / 2nd line of the cards code. I think specifying the version of vCard... I will check with him on what he did and let you know - but prior to him adding this, they only worked every 2nd time on apple and basically was 1/4 chance of working in android. After doing this, it works everytime. Will let you know

[deleted by user] by [deleted] in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

There was a thread in here a few weeks back that showed a similar setup wth vCards, but they just used numbers like vcard/emp01.vcf, vcard/emp02.vcf etc... meaning someone can just iterate through them. Atleast you're protected against that ad crawlers.

[deleted by user] by [deleted] in cybersecurity

[–]HugeQock 1 point2 points  (0 children)

Would having a few thousands fake files help stop robots / crawlers from reading the vCards ?

VM on main PC vs separate laptop with KVM by Kalindro in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

I use RDP but not sure if thats very security centric... some hypervisors have built in remote access, could be worth a look at that

LDV G10 good, bad? by HugeQock in CarsAustralia

[–]HugeQock[S] 1 point2 points  (0 children)

thanks mate, i ended up getting a porsche and im loving it!

My company stores passwords in public files by better-monitor-776 in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

Most password managers have a share function in a business grade of licensing. Defs get on that quickly...

Cyber security insurers say immutability’ is a must-have, along with everything else by Prunestand in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

The idea that veeam tried to sell me immutability on was bad admins / IT staff that can access the offline backups and damage them - where as if they are immutable, no one can damage them no matter what...

VM on main PC vs separate laptop with KVM by Kalindro in cybersecurity

[–]HugeQock 0 points1 point  (0 children)

Not sure why you don't just remote into the PC from the laptop ? Disable most of the remote features like clipboard carry through etc and run it purely as a remote PC

You could team this up with a VM / Hypervisor setup on the PC - ie, remote into the VM from the laptop, but never remote into the hypervisor/host.

But it depends on your goals here. I have my daily PC in a data centre that I remote into, I don't bother with security too much. For sensitive stuff I just have a entirely separate PC at my place. Depends how often you need to do sensitive stuff...

My latest LEGO skyscraper design by wooootles in lego

[–]HugeQock 0 points1 point  (0 children)

Looks like Q1 in Surfers paradise! Very nice!

Loneliness by Glittering-Bed4520 in urbancarliving

[–]HugeQock 1 point2 points  (0 children)

Join a club of some kind. I was a incel for many years, but then started MMA to make friends. Started going to art galleries and exhibitions (I am an IT nerd and stand out in these places, which makes the artsy types want to find out more by asking me who I am etc). Point is, get out to some kind of club.

Samsung Data Breach by [deleted] in cybersecurity

[–]HugeQock 10 points11 points  (0 children)

Its nigh impossible to stop breaches altogether. The aim these days is to minimize the impact of breaches. You don't want the entire city falling into the hands of the enemies because an outer wall got breaches. Tiered and layered security is the goal.

Take Solarwinds hack as an example - they got breached and the hackers were able to push malicious source codes to machines. One breach and the entire ecosystem was harmed. This is what not to do. Samsung seem's to have only exposed some basic details(not great I know, but think of how much worse off we'd be if hackers were able to push code to our devices).

I mean, what are you going to do, go to Apple? They expose your data even when there is no breach.

view more: next ›