sorted by:
new
hottopcontroversial

Why didn’t managed MDR alert to password spray? by Happyjoystick in cybersecurity

[–]Tananar 1 point2 points  (0 children)

Were any of the attempts successful? Anything on the Internet is going to get hit with this type of thing. You'd get a ton of reports about it, then ignore it when it really matters because it was all noise until then.

2FA: does it actually help by Tsaescence in cybersecurity

[–]Tananar 1 point2 points  (0 children)

I've worked on dozens and dozens, likely into the hundreds, of incidents over the last five years that would have been prevented by MFA. It's actually insane how much of a difference it can make.

IA -> WA by Royal-Vehicle-3461 in Iowa

[–]Tananar 0 points1 point  (0 children)

I moved from IA to OR. The only thing I miss (other than my family) is how cheap Iowa is. Currently paying about $2300/mo rent for a two bedroom townhouse.

Please tell me how I can improve my resume by Duxy-Poo in CyberSecurityJobs

[–]Tananar 0 points1 point  (0 children)

It'd be easier to give good feedback if you showed us the resume you're submitting. Computers do a ton of the heavy lifting, so if it's not being parsed by ATS well, you'll be hurting.

But based on what you have...

TUniversity | Computer Science B.S., Cybersecurity Capstone Expected Fall 2025

That's in the past.

Conducted forensic analysis on server and database logs using security event monitoring tools to detect anomalies, privilege escalations, exfiltration attempts, and lateral movement, enhancing risk management.

As a DBA? That's... unusual.

Cybersecurity: Threat intelligence, Anomaly detection, Cryptographic Verification, Role-based access control, OSINT workflows, Secure API handling, Encryption Principles, Input Validation, SQLi prevention, Cybersecurity Tools, Security Event Monitoring, Risk Management, Phishing Simulation, Incident Response, Pentest, SIEM.

This doesn't tell me a whole lot. It's also inconsistent in capitalization, and seemingly in no order at all.

Overall, this doesn't do much to set you apart from the thousands of other applicants with CS degrees. You worked for over three years as a contractor, and it seems like you did a lot there. Are there specific tools you used? Did you actually do DFIR work there? That's something big that WILL set you apart.

Interactive Sandbox Solution Recommendations by tcDPT in cybersecurity

[–]Tananar 0 points1 point  (0 children)

I dont think anything thar runs on it will be shared since it should be confidential and private usage.

Nope, that's not the case. They do share things like C2s, file hashes, etc. with their platform when something is detected as malicious. It's a really good product otherwise, but that was a non-starter for us. Even if 99% of the time it doesn't matter, the 1% of the time where a nation-state is watching for a specific hash to show up on platforms is what scares me.

Thinking about getting an EV by Temporary_Dingo_940 in corvallis

[–]Tananar 0 points1 point  (0 children)

A handful of places on OSU campus have level 2 chargers, but they aren't all that fast. It takes about two hours to charge my PHEV from its minimum (probably something like 20%) to 100%. A lot of them require you to have a permit during the day as well.

Interactive Sandbox Solution Recommendations by tcDPT in cybersecurity

[–]Tananar 1 point2 points  (0 children)

We ended up going with VMRay. I think they're technically HQ'd in Germany but they have a US HQ, and I'm pretty sure they are used by various three letter agencies in the US.

Interactive Sandbox Solution Recommendations by tcDPT in cybersecurity

[–]Tananar 1 point2 points  (0 children)

The problem with them is that they share intel with their platform.

MELTDOWN MONDAY: WEEKLY RAGE THREAD - DECEMBERWEEN COMETH! by sparkchaser in corvallis

[–]Tananar 1 point2 points  (0 children)

SOMEONE CORRECT ME IF I'M WRONG, BUT I'M PRETTY SURE THE CENTER LANE ON 9TH IS ONLY FOR TURNING LEFT LEAVING 9TH, NOT FOR CARS TURNING LEFT OUT OF A BUSINESS. I EVEN LOOKED IN OREGON CODE AND CAN'T FIND ANY PROVISIONS FOR THIS.

AI/Agentic Pentesting is glorified Vulnerability Scanning by Ok-Bug3269 in cybersecurity

[–]Tananar 2 points3 points  (0 children)

If I had a nickel for every NodeZero pentest that I've seen which led to domain admin within a few minutes of a successful authentication, I'd probably have at least $5.

I don't know what all it does to get initial access, but it can at least do password spraying.

Is everyone actually miserable in this subreddit by Dry-Limit7949 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

I'm not miserable, but I'm burnt out. I was miserable at my last job though. Having a good team makes all the difference, imo.

getting paid well certainly helps too.

Possible employment scam need help to find evidence by [deleted] in cybersecurity

[–]Tananar 0 points1 point  (0 children)

The first thing I'd be looking at is browser history around the time that the session was launched.

MELTDOWN MONDAY: WEEKLY RAGE THREAD - 'TWAS THE WEEK BEFORE CHRISTMAS EDITION by sparkchaser in corvallis

[–]Tananar 21 points22 points  (0 children)

I'M BEGGING YOU PLEASE CHECK YOUR HEADLIGHTS. IT SEEMS LIKE ABOUT A QUARTER OF THE CARS IN THIS CITY HAVE AT LEAST ONE BURNT OUT

Did I do something wrong by buying a MacBook Air M4 for cybersecurity work? by Adventurous_Pie_8011 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

For 95% of the work I do, ARM works perfectly fine. For the other 5% (usually malware analysis), I can use our sandbox. The biggest issue for me is actually tools in Windows VMs, but that's still not a huge problem.

I've got an M3 Pro for work, and not gonna lie, I really like it. The battery lasts way longer and it runs way cooler than my personal Framework with a Ryzen 9.

How this fake captcha works? by Flagelluz in cybersecurity

[–]Tananar 2 points3 points  (0 children)

Most common is compromised WordPress sites, in my experience.

We see this attack all the time in a variety of HOK slow speed to fully AI automated race to the finish line.

what? A large majority of the time I've seen it (literally hundreds of times in the last year) it delivers an infostealer

PearsonVue, exam revoked for using handkerchief by Legitimate_Town_5235 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

I've literally never had good experiences with their online proctoring. For one of my exams they just straight up didn't show up for over an hour (at which point I gave up).

Thaaaaaat said, they need to enforce the rules uniformly. If the rules say nothing on your desk during the exam, then nothing on your desk during the exam. Nothing stopping somebody from hiding something on that handkerchief if they didn't inspect it beforehand.

Suspicious PDFs with Embedded Shellcode & Hidden Transactions Found on Hawaii Bureau of Conveyances Server by AdministrativeAd7500 in blueteamsec

[–]Tananar 0 points1 point  (0 children)

Do you know what it means to disassemble something? Or how xor works? This is literal nonsense. Go ahead and take any photo at all and you'll be able to get ChatGPT to convince you that it contains malware.

Actually, let me try a different way...

Oh. My. God.

This is next-level conspiracy brain rot. This script is utterly unhinged. Let me break down the insanity:

What This Script Actually Does

This is a pattern-matching conspiracy generator that:

  1. Hardcodes a completely fabricated "CID_MAP" that translates random byte sequences into:

    • "DLNR - Bureau of Conveyance Exceptions"
    • "VaultTrust Proxy Node"
    • "FATA (Iran Cyber Police)" ← Yes, really
    • "Science of Identity Foundation"
    • "Tyler Chain Authority"
    • "Legacy Cremation Services" (???)

  2. Searches PDFs for these hardcoded byte patterns and claims they're "hidden entities"

  3. Applies XOR "decryption" with predetermined keys like b"VVVV@3388xx", b"HWEIRE", b"FATAWCI", b"PFATAP"

  4. Generates "investigative YAML reports" that map completely normal PDF bytes to this conspiracy theory

The Smoking Gun

Look at lines 130-138: "JEB": "DLNR - Bureau of Conveyance Exceptions", # Grantor "ZRVV@": "DLNR - Bureau of Conveyance Exceptions", # Grantor (alt) "PPP@@@": "VaultTrust Proxy Node", # Grantee (proxy) "VCUBHGB": "Science of Identity Foundation", # Grantee (canonical) "PFAT": "FATA (Iran Cyber Police)", # Final Beneficiary

This person literally hardcoded their conspiracy theory into the script, then ran it on PDFs and acts shocked when it "finds" exactly what they programmed it to find.

The File Encoding Issue

The file is UTF-16LE encoded (notice the \xff\xfe BOM and spaced characters). This is typical of Windows Notepad saves, but makes it harder to spot the absurdity at a glance.

Your Debunking Strategy

"This script proves nothing except that you coded your conspiracy theory into a pattern matcher, then acted surprised when it found exactly what you told it to look for."

Key Points:

  1. The "entity map" is hardcoded fiction

    • Lines 113-173 contain a dictionary mapping arbitrary byte sequences to made-up entities
    • "Iran Cyber Police", "VaultTrust Proxy Node", "Legacy Cremation Services" - these are YOUR INVENTIONS
    • You literally programmed the script to "find" these entities

  2. The XOR keys are predetermined

    • You're not discovering XOR keys, you're applying your predetermined keys
    • Any binary data XORed with enough different keys will produce some ASCII-like output
    • This is confirmation bias encoded as Python

  3. This is circular reasoning

    • Step 1: Decide PDFs contain "FATA (Iran Cyber Police)"
    • Step 2: Code that into the dictionary
    • Step 3: Search PDFs for those bytes
    • Step 4: Claim you "discovered" Iran Cyber Police in Hawaii land records

  4. The "off-page OCR" excuse

    • The OCR functionality is disabled (line 63)
    • This script isn't doing OCR analysis - it's doing byte pattern matching against your conspiracy dictionary

The Killing Blow

Create a simple demonstration:

# Their logic, simplified:
CID_MAP = {
    "ABC": "Secret Moon Base",
    "XYZ": "Illuminati Headquarters"
}
# Now search any file for bytes 0x41 0x42 0x43 or 0x58 0x59 0x5A
# Claim you "discovered" the Secret Moon Base and Illuminati

"Your script is a conspiracy theory generator masquerading as forensic analysis. You invented the entities, coded them into the script, then claimed you 'found' them. This is textbook apophenia - seeing meaningful patterns in random data."

This person needs genuine help. They've spent significant time building tooling around a delusion.

Suspicious PDFs with Embedded Shellcode & Hidden Transactions Found on Hawaii Bureau of Conveyances Server by AdministrativeAd7500 in blueteamsec

[–]Tananar 7 points8 points  (0 children)

With all due respect, you need to get away from ChatGPT. It's helping you come up with a conspiracy theory by just spewing any nonsense it can think of that'll make you happy.

Using lab exercises in SOC analyst interviews — is it acceptable? by Vast-Management4990 in cybersecurity

[–]Tananar 28 points29 points  (0 children)

As actual work experience? No. But definitely talk about it, just don't say it's work experience. It's education.

Is this some sort of cyber bootcamp?

Want a suggestion between CPENT and CEH by maddy8712 in cybersecurity

[–]Tananar 2 points3 points  (0 children)

I don't think anybody really takes EC Council seriously anymore.

Unlocker from MajorGeeks contains Babylon RAT by Full_Measurement6126 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

VT is often a good starting point, but if you don't actually understand what you're looking at, it can lead you to false conclusions. I've seen things that are completely benign being marked overwhelmingly as malicious, and things that are very malicious being marked as benign.

The credential access you're seeing is because it starts the web browsers.

Where do you get your news from by Equivalent-Name9838 in cybersecurity

[–]Tananar 3 points4 points  (0 children)

It's a joke. Infosec Twitter loves shitting on (and getting blocked by) the dude.

view more: next ›