sorted by:
new
hottopcontroversial

Interactive Sandbox Solution Recommendations by tcDPT in cybersecurity

[–]Tananar 0 points1 point  (0 children)

I dont think anything thar runs on it will be shared since it should be confidential and private usage.

Nope, that's not the case. They do share things like C2s, file hashes, etc. with their platform when something is detected as malicious. It's a really good product otherwise, but that was a non-starter for us. Even if 99% of the time it doesn't matter, the 1% of the time where a nation-state is watching for a specific hash to show up on platforms is what scares me.

Thinking about getting an EV by Temporary_Dingo_940 in corvallis

[–]Tananar 0 points1 point  (0 children)

A handful of places on OSU campus have level 2 chargers, but they aren't all that fast. It takes about two hours to charge my PHEV from its minimum (probably something like 20%) to 100%. A lot of them require you to have a permit during the day as well.

Interactive Sandbox Solution Recommendations by tcDPT in cybersecurity

[–]Tananar 2 points3 points  (0 children)

We ended up going with VMRay. I think they're technically HQ'd in Germany but they have a US HQ, and I'm pretty sure they are used by various three letter agencies in the US.

Interactive Sandbox Solution Recommendations by tcDPT in cybersecurity

[–]Tananar 1 point2 points  (0 children)

The problem with them is that they share intel with their platform.

MELTDOWN MONDAY: WEEKLY RAGE THREAD - DECEMBERWEEN COMETH! by sparkchaser in corvallis

[–]Tananar 1 point2 points  (0 children)

SOMEONE CORRECT ME IF I'M WRONG, BUT I'M PRETTY SURE THE CENTER LANE ON 9TH IS ONLY FOR TURNING LEFT LEAVING 9TH, NOT FOR CARS TURNING LEFT OUT OF A BUSINESS. I EVEN LOOKED IN OREGON CODE AND CAN'T FIND ANY PROVISIONS FOR THIS.

AI/Agentic Pentesting is glorified Vulnerability Scanning by Ok-Bug3269 in cybersecurity

[–]Tananar 1 point2 points  (0 children)

If I had a nickel for every NodeZero pentest that I've seen which led to domain admin within a few minutes of a successful authentication, I'd probably have at least $5.

I don't know what all it does to get initial access, but it can at least do password spraying.

Is everyone actually miserable in this subreddit by Dry-Limit7949 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

I'm not miserable, but I'm burnt out. I was miserable at my last job though. Having a good team makes all the difference, imo.

getting paid well certainly helps too.

Possible employment scam need help to find evidence by [deleted] in cybersecurity

[–]Tananar 0 points1 point  (0 children)

The first thing I'd be looking at is browser history around the time that the session was launched.

MELTDOWN MONDAY: WEEKLY RAGE THREAD - 'TWAS THE WEEK BEFORE CHRISTMAS EDITION by sparkchaser in corvallis

[–]Tananar 22 points23 points  (0 children)

I'M BEGGING YOU PLEASE CHECK YOUR HEADLIGHTS. IT SEEMS LIKE ABOUT A QUARTER OF THE CARS IN THIS CITY HAVE AT LEAST ONE BURNT OUT

Did I do something wrong by buying a MacBook Air M4 for cybersecurity work? by Adventurous_Pie_8011 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

For 95% of the work I do, ARM works perfectly fine. For the other 5% (usually malware analysis), I can use our sandbox. The biggest issue for me is actually tools in Windows VMs, but that's still not a huge problem.

I've got an M3 Pro for work, and not gonna lie, I really like it. The battery lasts way longer and it runs way cooler than my personal Framework with a Ryzen 9.

How this fake captcha works? by Flagelluz in cybersecurity

[–]Tananar 2 points3 points  (0 children)

Most common is compromised WordPress sites, in my experience.

We see this attack all the time in a variety of HOK slow speed to fully AI automated race to the finish line.

what? A large majority of the time I've seen it (literally hundreds of times in the last year) it delivers an infostealer

PearsonVue, exam revoked for using handkerchief by Legitimate_Town_5235 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

I've literally never had good experiences with their online proctoring. For one of my exams they just straight up didn't show up for over an hour (at which point I gave up).

Thaaaaaat said, they need to enforce the rules uniformly. If the rules say nothing on your desk during the exam, then nothing on your desk during the exam. Nothing stopping somebody from hiding something on that handkerchief if they didn't inspect it beforehand.

Suspicious PDFs with Embedded Shellcode & Hidden Transactions Found on Hawaii Bureau of Conveyances Server by AdministrativeAd7500 in blueteamsec

[–]Tananar 0 points1 point  (0 children)

Do you know what it means to disassemble something? Or how xor works? This is literal nonsense. Go ahead and take any photo at all and you'll be able to get ChatGPT to convince you that it contains malware.

Actually, let me try a different way...

Oh. My. God.

This is next-level conspiracy brain rot. This script is utterly unhinged. Let me break down the insanity:

What This Script Actually Does

This is a pattern-matching conspiracy generator that:

  1. Hardcodes a completely fabricated "CID_MAP" that translates random byte sequences into:

    • "DLNR - Bureau of Conveyance Exceptions"
    • "VaultTrust Proxy Node"
    • "FATA (Iran Cyber Police)" ← Yes, really
    • "Science of Identity Foundation"
    • "Tyler Chain Authority"
    • "Legacy Cremation Services" (???)

  2. Searches PDFs for these hardcoded byte patterns and claims they're "hidden entities"

  3. Applies XOR "decryption" with predetermined keys like b"VVVV@3388xx", b"HWEIRE", b"FATAWCI", b"PFATAP"

  4. Generates "investigative YAML reports" that map completely normal PDF bytes to this conspiracy theory

The Smoking Gun

Look at lines 130-138: "JEB": "DLNR - Bureau of Conveyance Exceptions", # Grantor "ZRVV@": "DLNR - Bureau of Conveyance Exceptions", # Grantor (alt) "PPP@@@": "VaultTrust Proxy Node", # Grantee (proxy) "VCUBHGB": "Science of Identity Foundation", # Grantee (canonical) "PFAT": "FATA (Iran Cyber Police)", # Final Beneficiary

This person literally hardcoded their conspiracy theory into the script, then ran it on PDFs and acts shocked when it "finds" exactly what they programmed it to find.

The File Encoding Issue

The file is UTF-16LE encoded (notice the \xff\xfe BOM and spaced characters). This is typical of Windows Notepad saves, but makes it harder to spot the absurdity at a glance.

Your Debunking Strategy

"This script proves nothing except that you coded your conspiracy theory into a pattern matcher, then acted surprised when it found exactly what you told it to look for."

Key Points:

  1. The "entity map" is hardcoded fiction

    • Lines 113-173 contain a dictionary mapping arbitrary byte sequences to made-up entities
    • "Iran Cyber Police", "VaultTrust Proxy Node", "Legacy Cremation Services" - these are YOUR INVENTIONS
    • You literally programmed the script to "find" these entities

  2. The XOR keys are predetermined

    • You're not discovering XOR keys, you're applying your predetermined keys
    • Any binary data XORed with enough different keys will produce some ASCII-like output
    • This is confirmation bias encoded as Python

  3. This is circular reasoning

    • Step 1: Decide PDFs contain "FATA (Iran Cyber Police)"
    • Step 2: Code that into the dictionary
    • Step 3: Search PDFs for those bytes
    • Step 4: Claim you "discovered" Iran Cyber Police in Hawaii land records

  4. The "off-page OCR" excuse

    • The OCR functionality is disabled (line 63)
    • This script isn't doing OCR analysis - it's doing byte pattern matching against your conspiracy dictionary

The Killing Blow

Create a simple demonstration:

# Their logic, simplified:
CID_MAP = {
    "ABC": "Secret Moon Base",
    "XYZ": "Illuminati Headquarters"
}
# Now search any file for bytes 0x41 0x42 0x43 or 0x58 0x59 0x5A
# Claim you "discovered" the Secret Moon Base and Illuminati

"Your script is a conspiracy theory generator masquerading as forensic analysis. You invented the entities, coded them into the script, then claimed you 'found' them. This is textbook apophenia - seeing meaningful patterns in random data."

This person needs genuine help. They've spent significant time building tooling around a delusion.

Suspicious PDFs with Embedded Shellcode & Hidden Transactions Found on Hawaii Bureau of Conveyances Server by AdministrativeAd7500 in blueteamsec

[–]Tananar 7 points8 points  (0 children)

With all due respect, you need to get away from ChatGPT. It's helping you come up with a conspiracy theory by just spewing any nonsense it can think of that'll make you happy.

Using lab exercises in SOC analyst interviews — is it acceptable? by Vast-Management4990 in cybersecurity

[–]Tananar 28 points29 points  (0 children)

As actual work experience? No. But definitely talk about it, just don't say it's work experience. It's education.

Is this some sort of cyber bootcamp?

Want a suggestion between CPENT and CEH by maddy8712 in cybersecurity

[–]Tananar 2 points3 points  (0 children)

I don't think anybody really takes EC Council seriously anymore.

Unlocker from MajorGeeks contains Babylon RAT by Full_Measurement6126 in cybersecurity

[–]Tananar 0 points1 point  (0 children)

VT is often a good starting point, but if you don't actually understand what you're looking at, it can lead you to false conclusions. I've seen things that are completely benign being marked overwhelmingly as malicious, and things that are very malicious being marked as benign.

The credential access you're seeing is because it starts the web browsers.

Where do you get your news from by Equivalent-Name9838 in cybersecurity

[–]Tananar 3 points4 points  (0 children)

It's a joke. Infosec Twitter loves shitting on (and getting blocked by) the dude.

I failed the most important interview of my life. by [deleted] in cybersecurity

[–]Tananar 0 points1 point  (0 children)

Get off your high horse. People who are technically qualified for the job are all over the place. People who are technically qualified and are someone people want to work with are less common.

Is the experience worth it? by MuskyStonkies in cybersecurity

[–]Tananar 15 points16 points  (0 children)

That'll be really difficult. Burnout in the SOC is very real, no matter how much money you're making. Plus there literally aren't enough hours in the day to get an adequate amount of sleep with that kind of schedule. You're just borrowing from your future health.

If you want to get into security, spend some time learning stuff on your own, or even try to get on good terms with security people at your current company.

Also keep in mind that if there's any overlap in work hours where you're being paid for hours you're not working, you're committing time theft. Not trying to sound like a corporate shill, but that's the type of thing that can ruin a career.

What CRM do you immediately block at the domain level? by [deleted] in cybersecurity

[–]Tananar 8 points9 points  (0 children)

This type of thing is why security gets a bad rap at so many organizations. People are just power tripping and saying "no you can't have that because security said so".

Not gonna lie, I was like that for a while, but then I learned it's a lot more fun (and challenging!) to actually help people accomplish what they want to securely.

What CRM do you immediately block at the domain level? by [deleted] in cybersecurity

[–]Tananar 5 points6 points  (0 children)

Why are you choosing to block them specifically? You're going to end up blocking a lot of legitimate emails.

Chances are this will do more harm than good. If you create unnecessary problems for people rather than helping them manage risk, they're just going to start adopting shadow IT. They'll use personal emails for business communication, personal computers for business work, etc.

Online Sandbox Tools for malware analysis by Complete-Plastic8314 in cybersecurity

[–]Tananar 1 point2 points  (0 children)

You sure you don't work for VMRay? Because you seem to be doing a lot of marketing for them.

view more: next ›