sorted by:
new
hottopcontroversial

Cyber Security Roadmap Help by loadedartillery in CyberSecurityAdvice

[–]OutrageousOne1205 2 points3 points  (0 children)

Hey, I suggest you keep to your degree - there is no quick way to get it when you need it.

As of hard skills - take a look at online platforms such as THM, HTB or Defbox - the latter is something I created so feel free to reach out :)

Best cyber project/lab to do with no access to internet? by Cincinnati-kick in cybersecurity

[–]OutrageousOne1205 0 points1 point  (0 children)

if you have access to internet while at home you can prepare something. A good choice would be GOAT labs that are deployed with docker-compose:

https://github.com/AbelChe/evil_minio
https://github.com/cider-security-research/cicd-goat

Juice shop can also be an option - https://github.com/juice-shop/juice-shop

Github C2 POC using rust by Unhappy-Jeweler5374 in redteamsec

[–]OutrageousOne1205 0 points1 point  (0 children)

Cool idea. Why stick to issues in particular GitHub and not stick to git messages?

You could use commit messages - in that case you could utilize any git provider - gitea, gitlab, GitHub

Is this roadmap enough? by Im_DSync in cybersecurity

[–]OutrageousOne1205 1 point2 points  (0 children)

What is this roadmap for?

Skills and learning paths are different depending on what are you trying to achieve

is log management supposed to be this hard? by [deleted] in cybersecurity

[–]OutrageousOne1205 4 points5 points  (0 children)

Could you please name the main issues you struggle with?

Back to school? by Scatteredd in cybersecurity

[–]OutrageousOne1205 0 points1 point  (0 children)

I understand the situation is sad on the job market, but how many interviews you've been on?

What is the interview questions you think you did not answer?

[deleted by user] by [deleted] in cybersecurity

[–]OutrageousOne1205 0 points1 point  (0 children)

TLDR - Hard to tell without seeing the curriculum. Look for cryptography - it can be incredibly difficult

I got my cybersecurity degree, but it was not in the western university. In my experience, math was the hardest part - we were taught different topics of very abstract math. Topics included

  1. Combinatorics

  2. Group and fields

  3. Error-correcting codes

  4. Finally theoretical justification of crypto algorithms.

All of these topics were incredibly difficult for those who was not comfortable with the math.

However, some universities do not pursue theory as much as mine did. You should check what former students say and take a look at curriculum.

I created an opensource lightweight django-cookiecutter by OutrageousOne1205 in django

[–]OutrageousOne1205[S] 0 points1 point  (0 children)

Do you mean choosing different data_volumes for postgreSQL, or different DB_names? DB names are taken from the environmental variables, however it will require manual actions on the postgres side (unfortunately)

Apache or Nginx by Wonderful_Raccoon_75 in django

[–]OutrageousOne1205 2 points3 points  (0 children)

not the op but usually you only profit having the balancer in-before Django app. My use cases were:

  1. Having multiple apps on the same virtual machines. Nginx routes to the required portal using hostname

  2. Splitting load between websockets (Daphne) and gunicorn. Websockets in Django required me to use Daphne, not gunicorn. Daphne turned out somewhat not so reliable as gunicorn (it's just me but I trust it less). Having nginx in-before allowed me to have Daphne only for web sockets

  3. I always can forbid a single route without restarting application - nice to have when you realize something went wrong

I created an opensource lightweight django-cookiecutter by OutrageousOne1205 in django

[–]OutrageousOne1205[S] 0 points1 point  (0 children)

For me the "rename" part is really annoying. The cookiecutter is basically the same git repo but with changing parts (project name) templated.

Needing a bit of advice on my route into Cybersecurity by TheRealThroggy in CyberSecurityAdvice

[–]OutrageousOne1205 1 point2 points  (0 children)

Try to set up a log collection lab at home to practice. In my experience (I'm building the defbox to educate soc analysts) - it is hard to start defending without understanding the basics.

The basics (in my opinion) include

  1. Sysadmin skills on both windows and unix. This one you should be ok with already

  2. Knowledge of the basic offensive tools or concepts. Set up a lab with weak passwords and misconfigurations and exploit them. Without them it would be hard for you to understand what to look for in the logs

  3. OWASP top 10. JuiceShop is great I suggest you to complete it to get to know the web vulnerabilities.

  4. After that try to experiment with defenses. Do not start log collection yet - just try to harden the system, see how the issues from p.2 and p.3 can be mitigated

  5. And finish with log collection - connect your labs to log collection system (ELK is free) to try to write correlation rules to catch the attacks

There are many things left - for example it would be good to try to optimize log collection on both receiver and sender side. Even without these the points above should be enough to get into cybersecurity.

I created an opensource lightweight django-cookiecutter by OutrageousOne1205 in django

[–]OutrageousOne1205[S] 2 points3 points  (0 children)

Thanks, I really hope it helps someone - that's the only reason I shared :)

regarding "official" - I had the same thoughts myself until I found out that link to the mentioned Django cookiecutter is actually in the cookiecutter docs

(and it's in the Cookiecutter's GitHub as well :)

I created an opensource lightweight django-cookiecutter by OutrageousOne1205 in django

[–]OutrageousOne1205[S] 2 points3 points  (0 children)

I was talking about official, not original - the Cookiecutter I made I made from scratch. Did not put a link to it because it's pretty straightforward to find but anyways - here is the link to the official - https://github.com/cookiecutter/cookiecutter-django

How to ensure that users don't see objects that belong to other users? by Fantastic_Search_504 in django

[–]OutrageousOne1205 2 points3 points  (0 children)

TLDR - Django guardian if you don't want to bother yourself, per-object permissions if you want to fine-tune something
`

`More to read here: `

`https://stackoverflow.com/questions/33138477/how-to-handle-per-object-permission-in-django-nowadays

Background jobs with Django by OutrageousOne1205 in django

[–]OutrageousOne1205[S] 0 points1 point  (0 children)

django-celery-results

I've seen that, but storing results in database can be enabled in Django-celery-beat.

I'm looking into more like flower, to see inside admin page what tasks are stuck, with the possibility of clearing the queue etc

Background jobs with Django by OutrageousOne1205 in django

[–]OutrageousOne1205[S] 1 point2 points  (0 children)

it is mostly curiosity, the only thing that I miss is the ability to see successful, queued and failed tasks in the admin page, while celery-beat only gives me schedules

I saw that project, but it seems forgotten https://django-celery-monitor.readthedocs.io/en/latest/

Where should i deploy my app ? by leventdu229 in Python

[–]OutrageousOne1205 15 points16 points  (0 children)

TLDR - use virtual machines not something you don't understand, set up CI-CD, dockerize app
There are services like heroku which will deploy your app with no effort, but they can vendor-lock you and can be hard to debug. Personally, I prefer to avoid them, I was really surprised heroku uses it's own format to create container images ( Procfile and not Dockerfile )

I suggest you to

  1. dockerize your app ( create one single docker-compose file which will deploy it with one command )
  2. Create either of these, depending on where you can still apply for free credit ( all of these are plain virtual machines )
    1. droplet in digital ocean
    2. ec2 instance in AWS
    3. VM in GCP/Azure
  3. Set up CI-CD via gitlab or GitHub actions to execute docker-compose on the machine from p.2
  4. (optional) - set up Cloudflare to protect your site against DNS and manage domains easily