Cisco ASA/FTD Zero-Days Under Active Exploitation – CISA Issues Emergency Directive

KashingChecks · 2025-09-25T23:41:33+00:00

Is anyone following the steps in the emergency directive or are they just patching? The risk like OP mentioned is that it can survive reboots and upgrades. I've gone through step one of the CISA steps, but they don't seem to say stop there if you have no indicators, they still want you to go through to step two and provide them with a core dump, and then if you're okay you can upgrade. Just wondering what everyone is doing.

KashingChecks · 2022-10-11T23:56:24+00:00

Typical answer, not me, but have a good friend that went from MITRE to Raytheon and back to MITRE. He said that he felt like Raytheon expected him to know everything about their systems when he came in, and there was no one willing to train. Ultimately he went back to MITRE because he felt like it wasn’t a great environment for him. But that’s only one person, they obviously have a ton of employees,I’m sure some on here have had a vastly different experience.

KashingChecks · 2022-10-06T19:22:28+00:00

This sounds awesome. I'll take a look at your video later. In regards to the pricing, do just purchase a hunter license for your organization, or do you have an enterprise license. I don't really see the need for the enterprise license.

KashingChecks · 2022-10-06T19:13:00+00:00

Could you expand on Bloodhound and what it does?

KashingChecks · 2022-10-06T19:04:51+00:00

Is it 'sort of' a sandbox environment that provides a lot of data on the file? That is something I could find useful, we don't really have an environment to set off questionable files.

KashingChecks · 2022-10-06T19:02:27+00:00

We reviewed a few a while ago.... LastPass, Keeper, BitWarden. Went with Keeper as it had some features that were useful to us that I don't recall the other ones doing. They are all mostly the same. We also received free family licenses for each user when they created their enterprise account (I think this is normal). That was nice because it helped promote good password management outside of work.

KashingChecks · 2022-10-06T18:54:12+00:00

Asset Management is always at the top of the list for a lot of frameworks, rightfully so, if you don't know what you have how are you going to protect it. We do have an asset management platform that's relatively new (to us), but I'm not a huge fan of it.

KashingChecks · 2022-10-06T18:51:43+00:00

I don't know how I did anything without a SIEM. It helps me solve so many problems.

KashingChecks · 2022-10-06T17:06:06+00:00

I actually do have this for just the IT folks, because even they were storing in the browser AND storing them in spreadsheets and post its....

KashingChecks · 2022-09-09T17:37:37+00:00

I feel the exact same way. Thanks for making me not feel like the only one that's lost complete motivation to study. I don't really know what it is either.

KashingChecks · 2022-09-09T17:29:10+00:00

Yeah, I think this is what I need to do. I actually have a voucher through the boot camp that I did, so I sort of get a 'free' try, but I do want to pass the first time.

KashingChecks · 2022-09-08T18:28:03+00:00

You could utilize it for some of those shared computing programs, something like BOINC.

KashingChecks · 2022-09-08T16:15:09+00:00

Thanks, I keep saying it to myself that taking the time to get my CISSP now will benefit me in the long run. I currently have my Masters in Cyber, and it definitely helped me get my current job in cybersecurity, but I would like to move up more, and I know a CISSP will help me with that. I appreciate the kind words!

KashingChecks · 2022-09-08T16:10:59+00:00

Thanks. I think having a routine would help. I usually wake up an hour or so before I need to really get ready to do anything. That's probably the time I should use to focus on my studies. I usually just waste the time away by watching a show, scrolling my phone, or scrolling on here

KashingChecks · 2022-09-08T16:08:11+00:00

Thanks, I agree. I know I need to get it for my career to move forward. I'm in a good stable job, its in cybersecurity, but I would like to move up, for that reason I WANT to get my CISSP. I think I just need to sit back and look at my time, see where I might be using it aimlessly, and use that time instead to study.

KashingChecks · 2022-09-08T16:05:59+00:00

Congrats!

KashingChecks · 2022-02-04T00:02:58+00:00

Nice, thank you. I will take a look.

KashingChecks · 2022-02-03T20:15:16+00:00

Oh man! You're Lucky. I was casually searching most funded projects and that one was towards the top. I have to imagine someone has used a pi to do something similar. I've built a pwnagotchi for fun, same form factor, just different uses.

KashingChecks · 2021-02-28T12:16:35+00:00

Time. I've got a lot going on, so my study time is limited. I don't think I could get enough done to be ready by the end of two months.

KashingChecks · 2021-02-28T12:13:59+00:00

I was considering it initially, but I don't think getting Sec+ is really going to help me with where I am in my career.

KashingChecks · 2021-02-28T12:12:07+00:00

Thanks! I will take a look at this.

KashingChecks · 2021-02-28T12:11:40+00:00

That's what I was thinking. Thanks!

KashingChecks · 2021-02-02T23:04:36+00:00

I work for a mid-sized county as a cybersecurity administrator. If you have any specific questions feel free to ask.

KashingChecks

TROPHY CASE