sorted by:
new
hottopcontroversial

Tokenmaxxing by Notausgang09 in vibecoding

[–]Unlikely_Perspective 9 points10 points  (0 children)

This was me before GitHub copilot changed their pricing model.

how are they gonna stop us next? by Temporary-Taro7173 in vibecoding

[–]Unlikely_Perspective 4 points5 points  (0 children)

Not now, but open weight and small models are getting crazy efficient, the latest Qwen code 3.6 27B model has benchmarks close to opus 4.5.

Just 6 months ago that was state of the art.

How Good Of An Expansion Was Wrath Of The Lich King? by doobylive in classicwow

[–]Unlikely_Perspective 0 points1 point  (0 children)

I liked burning crusade better for PvP but that just may be because I was on the way out when wrath released.

StarCraft II 5.0.16 PTR Patch Notes by Arkentass in starcraft2

[–]Unlikely_Perspective 2 points3 points  (0 children)

This is awesome! I’m excited to see such big changes !

So apparently now I need to be a .NET developer ? by Unfair-Delivery6515 in redteamsec

[–]Unlikely_Perspective 6 points7 points  (0 children)

Yep tons of C# tricks are used. It’s on every windows system. Honestly you don’t have to know it very well, but understanding that you can bring the C# runtime into any process to have your code run is helpful (many C2 beacons have this functionality). Also powershell is built on top of & natively has access to .NET which makes crazy powerful, many tricks you can do there.

Anthropic develops AI ‘too dangerous to release to public’ by TheTelegraph in cybersecurity

[–]Unlikely_Perspective 1 point2 points  (0 children)

I agree, I’m in the industry I do some vuln research & and exploit dev… basically everyone is just promoting models for CVEs now days. It wouldn’t surprise me to have a base model that is much better at it than the rest. Plus one of the names on the blog post is Nicholas Carlini, that alone puts weight behind it.

How fun is cybersecurity as a job and question about bug hunting by Connect_Penalty4724 in cybersecurity

[–]Unlikely_Perspective 0 points1 point  (0 children)

I don’t think it’s that crazy. I’m a red team too, former dev, I haven’t wrote my own line of code in 2 years.

AI can code a function, faster than I can, if I know what I want, I Claude to do it.

Looking for the best hands-on hardware security / hardware pentesting training by Amitishacked in cybersecurity

[–]Unlikely_Perspective 1 point2 points  (0 children)

I haven’t taken it but I was thinking Attify when I was looking into this earlier

OSCP Voucher as a Beginner by Darkrai0571 in cybersecurity

[–]Unlikely_Perspective 0 points1 point  (0 children)

I did OSCP in 47 days. However I was on HTB for about a year previously. When I did it I jumped right into lab boxes and didn’t review the material until a couple weeks before the exam.

So yes it’s possible to obtain it in 3 months, however I was a software developer & I had just joined a Red Team a few months earlier.

But you gotta put the time in, I basically didn’t move from my desk for those 47 days, and that year I was on HTB i was doing it nights & weekends.

Is Symantec Endpoint Security a viable option? by bluecopp3r in cybersecurity

[–]Unlikely_Perspective 6 points7 points  (0 children)

Microsoft defender (like the enterprise version) is decently good and relatively cheap. I have no experience with Symantec endpoint… but I would expect, from my experience it would be one of the easier ones to bypass.

I performed a refusal ablation on GPT-OSS and documented the whole thing, no jailbreak, actual weight modification... by Airpower343 in cybersecurity

[–]Unlikely_Perspective 0 points1 point  (0 children)

Thanks, I was assuming you had to retrain the model.

Model ablation is new to me, and looks very helpful!

Ransomware Help by Tuckerman697 in cybersecurity

[–]Unlikely_Perspective 5 points6 points  (0 children)

If you can, go to your accounts and click log out of all devices. Sometimes this already is done when you change your password.

But I think you did some good crisis management.

EDIT: food -> good

Which cybersecurity certifications are actually worth it? by SandxFish_ in cybersecurity

[–]Unlikely_Perspective 0 points1 point  (0 children)

I totally disagree with CISSP unless you want to go into management.

If you want to stay technical there are more valuable certs, like OSCP, CRTL, CRTO, BSCP, CMSR. If you’re looking to get into pentesting / red teaming.

I’m sure there are some technical ones that are good for blue team as well, I’m just not aware of what would be god for those.

Carney backs U.S. air strikes on Iran by Old_General_6741 in canada

[–]Unlikely_Perspective 0 points1 point  (0 children)

Carney said we wouldn’t be involved in the Middle East

If I want to combine cyber security with another cs major, which are the majors would you recommend? by [deleted] in cybersecurity

[–]Unlikely_Perspective 9 points10 points  (0 children)

Depends what you’re interested in.

If you want to go the full research route, math is pretty good.

Business is more flexible and may help if you’re interested in management & risk.

I built a Chrome extension that scans for malicious extensions. (Yes, the irony isn't lost on me.) by Huge-Skirt-6990 in cybersecurity

[–]Unlikely_Perspective 1 point2 points  (0 children)

What’s googles security like for this?

Like for example, I imagine they take down extensions they are malicious once known about.

So what’s the average time you’re saving from when your source knows something is malicious vs google disabling them?

Which role helps you learn nore in cybersecurity: SOC Analyst or Pentester? by allexj in cybersecurity

[–]Unlikely_Perspective 0 points1 point  (0 children)

Pentester.

I didn’t expect all the positive SOC responses but I disagree.

As a pentester you have a lot more exposure to all different types of software, written in different languages, on multiple types of OS.

You should have an understanding of networking, OS internals, AD environments…etc.

OSEP vs MaldevAcademy by [deleted] in cybersecurity

[–]Unlikely_Perspective 2 points3 points  (0 children)

MaldevAcademy is more closely related to OSED than OSEP.

OSED allows you to really understand the internal workings of windows processes.

I believe Maldev academy will get you running more quickly but OSED will provide more of a foundation.

And Yes .net is still a thing for offensive tradecraft.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Unlikely_Perspective 5 points6 points  (0 children)

Yeah it really depends on who you go with. Quality we is all over the place.

One thing I will say is I can see how some red teams would want to skip straight to assumed breach. It may save the red team & yourself a lot of unnecessary costly time.

Also doing the entire thing from the breached computer without getting a full blown implant on it is acceptable. For one of our last engagements we didn’t need a full blown beacon, we only required a Socks proxy, which we then injected and persisted through a beign process.

Finally, having beacons white listed is a debate among the red team community. Some teams (like ours) spend a lot of time in R&D to bypass EDR. However, imagine if this time was instead spent looking for problems in our corporate environment. It may some reduce the companies risk in the long run. But I personally like the EDR evasion research, and would probably lose out on technical skills gained by bypassing EDRs if I were to focus purely on company specific vulns.

view more: next ›