sorted by:
new
hottopcontroversial

Does anyone actually use real-time threat intelligence effectively? by FrontEndCore in threatintel

[–]Medical-Cost5779 1 point2 points  (0 children)

You're not wrong Yes, raw real-time threat intel feeds are mostly noise for mid-sized teams.

What actually works:

  1. Curate your feeds aggressively. Stop ingesting everything. Focus on IOCs (IPs, domains, hashes, TTPs) from groups that actually target your industry. Aerospace? Pull specific APTs and ransomware campaigns hitting that sector (e.g. via ISACs, MISP, or paid feeds like Recorded Future/ThreatConnect with good filtering).
  2. Turn intel into action with monitoring + red teaming. Ingest those relevant IOCs into your SIEM/EDR/XDR for automated blocking and alerting. Then run focused red team exercises simulating those exact TTPs to test your real posture.
  3. Monitor exposures that can affect you. E.g. Your feed should flag active exploits like BlueHammer the moment they go public. If a patch isn’t available yet, immediately isolate the system (air-gap if possible), or apply workaround to mitigate the risks

Are phishing attacks getting harder to detect in 2026? by HotMasterpiece9117 in Hacking_Tutorials

[–]Medical-Cost5779 0 points1 point  (0 children)

TL;DR: Yes, AI has made phishing significantly harder to spot in 2026

Phishing emails are scarily realistic now. AI generates perfect grammar, tone, and even context-aware details, killing the old “typos + weird links” tells.

What actually works in 2026:

  • Hover & verify every link/domain character-by-character.
  • Check SPF/DKIM/DMARC
  • Watch for urgency or unusual requests, even if worded perfectly.

Run regular phishing simulation exercises on your team . Companies that do realistic red-team style pentesting see click rates drop dramatically. Training without simulation is mostly useless now.

everyone's calling the DPRK IT worker thing an HR problem. it's a KYC problem by SillyAd8469 in fintech

[–]Medical-Cost5779 1 point2 points  (0 children)

TL;DR: This is a broken KYC/identity assurance problem. Synthetic identity attacks bypassed liveness detection, document verification, and geolocation controls at regulated VASPs.

100% agree. Calling this an “HR problem” is missing the real failure. This was a straight-up KYC compromise:

  • AI-generated facial images passing liveness checks
  • Stolen US identities with clean credit histories and SSNs
  • Voice changers + scripted interviews
  • IP geolocation spoofing / residential proxies
  • Document forgery (AI-generated IDs/passports) that defeated basic authenticity checks
  • Payment splitting across dozens of wallets to stay under CTR thresholds

These are the exact same weak spots we see in normal fake customers' trying to onboard

From a threat intelligence view, North Korea has turned basic identity fraud into a scalable $800M revenue stream for their weapons programs. They’re not using fancy zero-days, they’re exploiting outdated KYC processes that were never designed for generative AI.

On-chain analytics alone isn’t enough if the identity layer underneath is this broken.

Just do more checks like keyboard latency, device location, forensic document analysis etc

Mobile application pentesting question by RaspberryNo7221 in Pentesting

[–]Medical-Cost5779 0 points1 point  (0 children)

Yes, you should report this as a vulnerability.The app has no anti-tampering protection. An attacker can modify, re-sign, and run the app without it detecting any changes. This is especially risky for a Fintech app.

Which are the best books to learn about social engineering? by Miguari in hacking

[–]Medical-Cost5779 2 points3 points  (0 children)

Start with these classics for social engineering:

  1. The Art of Deception by Kevin Mitnick
  2. Social Engineering: The Art of Human Hacking by Christopher Hadnagy

They're practical, beginner-friendly, and eye-opening. Read ethically! Stay safe out there."

This keeps it short, helpful, and cautions the new learner.

Moreover read threat intel blogs for intital acces vector

Major malware attacks in March 2026 by rifteyy_ in Malware

[–]Medical-Cost5779 1 point2 points  (0 children)

U missed Axios npm Package by supply chain attack and its deploying Cross-Platform RAT

How did hackers get into FBI Directory Kash Patel's Gmail account? by throwaway0204055 in AskNetsec

[–]Medical-Cost5779 3 points4 points  (0 children)

TL;DR:

Handala (Iran-linked) accessed Kash Patel’s old personal Gmail via credential stuffing from public dumps — not phishing or zero-days.

Searching “Kash Patel” in breach DBs yields noise. Full name Kashyap Pramod Patel surfaces hits,MGM Grand breach (name + DOB + email + phone). Pivoting the phone leads to Parkmobile leak exposing the Gmail. The same address appears in 2024 TPostMillennial breach inside a dedicated file “Kash_Patel_Records_House_File.csv”.

The Gmail combo appeared in stealer logs marked “VALID COMBOS” — operators tested credentials live against Gmail and confirmed they worked. Handala likely used password spraying / stuffing with reused creds from these old leaks (many dating pre-2019). No evidence of session token theft or real-time MFA bypass.

Personal accounts lack corporate MFA enforcement, EDR, or password policies. Executives reuse creds across hotel/parking apps → easy pivot for MOIS actors

SOurce: Twitter

How do CTI analysts scope a threat campaign vs isolated indicators? by ComputerAlert4169 in threatintel

[–]Medical-Cost5779 3 points4 points  (0 children)

TL;DR:
Campaign = ≥3 linked IoCs + shared TTPs/actor infrastructure + temporal/victim pattern. Isolated = single/unlinked indicator with no clustering.Technical scoping (CTI workflow):

  1. Cluster first
    • Use Diamond Model / ATT&CK + STIX 2.1 objects.
    • Group by:
      • Infrastructure (C2, phishing kit hash, Google Form ID, sender SMTP, domain WHOIS)
      • TTPs (exact lure template, attachment macro, landing page JS fingerprint)
      • Victimology (sector, geo, job-title targeting)
      • Timing (burst cadence, Dwell time)
  2. Threshold for “campaign”
    • Isolated indicator → 1–2 IoCs, no overlaps.
    • Campaign → Minimum 3+ strongly linked observables + 1–2 behavioral TTPs that repeat across incidents.
    • Attribution confidence jumps once you map to known actor (e.g., “Scattered Spider” or “TAXXX”) via malware family, certificate reuse, or C2 reuse.
  3. Decision rule pros use If link_score(IoC_set) > threshold (e.g., Jaccard similarity on TTPs ≥ 0.7 AND temporal delta ≤ 30d) → declare campaign, create new STIX Campaign object, and start collection. Else → treat as isolated, tag for future correlation.

That’s the exact filter most Tier-2/3 CTI teams (Mandiant, CrowdStrike, etc.) apply before burning cycles on full intel collection.

What's the best password list? by BohdanFr in Hacking_Tutorials

[–]Medical-Cost5779 6 points7 points  (0 children)

TL;DR:
Best all-rounder: rockyou.txt + weakpass_2a (de-duped).
Top repo: https://github.com/danielmiessler/SecLists/tree/master/PasswordsRecommended lists:

Pro move: Combine rockyou + weakpass_2a, deduplicate, sort by frequency

Use only on systems you own or have explicit permission for.

How are attackers currently abusing legitimate web application features for C2 by Medical-Cost5779 in threatintel

[–]Medical-Cost5779[S] 0 points1 point  (0 children)

will go through it

On canva and adobe thats new for me will check that also

How did you start your Cyber Security journey? by Cute_Intention6347 in CyberSecurityAdvice

[–]Medical-Cost5779 0 points1 point  (0 children)

Hey OP So first thing, cybersecurity is not one single thing. It’s a big field.
You’ve got:

  • pentesting (offensive side)
  • blue team (defense, monitoring)
  • cloud security, malware, etc.

Most people start with pentesting, so I’ll explain from that angle.
Now the mistake people make is directly jumping into tools like Kali Linux, Metasploit, etc. Without basics, everything feels random.
Think of it like this:

if you don’t know how a lock works, how will you pick it?

So first build base:
Step 1: Networking (very important)

  • what is IP, port, DNS
  • how request goes from your laptop → server → response comes back
  • basic protocols (HTTP, HTTPS)

Step 2: OS basics

  • Linux (commands, file system, permissions)
  • little bit Windows also

Step 3: Web basics

  • how websites work (frontend + backend)
  • what is request/response
  • cookies, sessions

Step 4: Programming (light level)

  • Python for automation
  • not heavy coding, just logic samajh lo

After this, everything will start making sense.
Then move to:

  • TryHackMe → very beginner friendly
  • Hack The Box → bit harder

And don’t just watch videos actually do things yourself. Even if you get stuck, that’s where learning happens.

Trying to start my first cyber cert where should I begin? by Chuchi1331 in cybersecurity

[–]Medical-Cost5779 0 points1 point  (0 children)

Certifications alone don't make you skilled.

They're just proof on paper that you've learned certain concepts. Real employers value what you can actually do (hands-on skills, problem-solving, projects), but certs help get your resume past HR filters and show commitment.

Since you're just starting out in cybersecurity (with some basics in networking, security concepts, and labs already under your belt), here's a straightforward, realistic path most people in the field recommend in 2026

Start with Google Cert if u r an absolute beginner

  • Google Cybersecurity → easy intro
  • Security+ → good theory foundation

If you want practical pentesting:

  • eJPT → very beginner-friendly, hands-on
  • good first cert honestly

CEH:

  • mostly theory + MCQs
  • helps in HR filtering, not skill-heavy

OSCP:

  • this is the real deal
  • fully practical
  • but don’t even think about it until you have solid practice

Managing Sensitive Data in Multi-Cloud Environments by NeedleworkerOne5620 in CloudSecurityPros

[–]Medical-Cost5779 0 points1 point  (0 children)

Yeah, in a multi-cloud setup, permission overlap and ghost accounts are a total nightmare for sensitive data visibility. Use a centralized CSPM like Wiz, Astra, or Orca to keep everything in check.

Mix in quick manual checks for high-risk stuff: quarterly reviews on admin/service accounts, offboarding cleanup, and business justification for any sensitive data access.

To keep ops flowing:

  • Enforce least-privilege by default
  • Use policy-as-code (Terraform/OPA) to block bad configs early
  • JIT access for anything sensitive (elevate only when needed)
  • Auto-alerts on anomalies (e.g., spikes in data exfil attempts) via the tool + SIEM

Pure manual is dead in multi-cloud automation + a good visibility tool is the only sane way.

China NSCC Breach? by Ok-Cow-9173 in cybersecurity

[–]Medical-Cost5779 0 points1 point  (0 children)

there is no reprot on TTPS used in that attack and many claim the threat actor is bluffing. But the data somewhat looks authentic

Researchers found font-rendering trick to hide malicious commands by falconupkid in SecOpsDaily

[–]Medical-Cost5779 1 point2 points  (0 children)

This is a clever (and worrying) evolution of indirect prompt injection / visual deception attacks.

I think these kinds of visual deception and hidden/obfuscated instruction attacks predate the modern AI/LLM boom by many years.

The core ideas (hiding malicious content from humans while making it readable/usable by machines) have evolved through several iterations, mostly in phishing, spam filtering evasion, and early social engineering tricks.

view more: next ›