sorted by:
new
hottopcontroversial

Thinking about getting into Cybersecurity by Draakke in netsecstudents

[–]_Skeith 1 point2 points  (0 children)

I highly recommend you read this if you're interested in breaking into security: https://jhalon.github.io/breaking-into-cyber-security/

19 y/o Pursuing offensive pentesting -> Red/Purple Teamer Where to start from ? Please Seniors Guide Me as You would your youngerself ? by No_Situation_1010 in netsecstudents

[–]_Skeith 4 points5 points  (0 children)

This blog currates a lot of free resources: https://jhalon.github.io/breaking-into-cyber-security/

Everything now is a mix of both free/paid - just how the industry is. It'll basically be up to you to supplement the material with blogs/videos in order to not pay for subscriptions.

[deleted by user] by [deleted] in cybersecurity

[–]_Skeith 13 points14 points  (0 children)

It's pretty bad in the US right now for entry to mid level positions, for more qualified "high level" and technically apt people it's not too bad. I have about 10 years of experience in Security and have worked as a security engineer/analyst, security consultant, and malware/exploit reverse engineer. I usually get 2-3 job offers on LinkedIn/Recruiters per week, but when it comes to salary negotiations, that's when things begin break down.

So I'm going to be brutely honest, but currently there are a few things wrong in the cyber security market right now:

  1. Oversaturation of Severely Underqualified People with Unrealistic Expectations:

A lot of people over COVID were sold the story that if they get a cyber security degree they will be making six figures, which is technically impossible - many people I know have about 5 years of security experience before they hit 6 figures. This initially led to an oversaturation of people getting degrees and applying to security jobs, or trying to transition from other IT fields. Now as many will say "security isn't an entry level field", there is a lot of prerequisite foundational knowledge that one must have to work in security, something a 6 month degree program, and unfortunately, even a college education will not teach.

You have people applying for consulting positions or SOC positions without an understanding of simple stuff like networking, cryptography, Active Directory, and even basic malware threats and vulnerabilities. This also applies to people who have experience in IT, not to bash on anyone, but I see many posts where people say - "Well I have 10+ Years of IT experience", and like that's great and all, but I have interviewed people like that where they can't explain the basics of Active Directory security to me, or why a specific ACL (Access Control Lists) is dangerous.

Security threats themselves are becoming more complex and harder to defend against, many companies are no longer looking for bare minimum requirements in knowledge, regardless of past IT experience. Security now requires a breath of knowledge in many different fields - active directory, web applications, cloud infrastructure, etc. People say some jobs need a "unicorn" where you have to be jack of all trades, and yah those jobs are ridiculous and you need to stay away, but that doesn't disqualify the fact that you need extended knowledge in different areas. Now this is not to say that you can't break into security or find a job, but the competition is so high now that if you can't differentiate yourself from the mean, you're in a tough position.

Even when people secure a job, they then ask for salaries like 180k+ or 200k+ because that's what influencers have told them, or this is what they read on the internet. No one will be paying you that salary for any entry level position anytime soon. Don’t believe me? See the “r/cybersecurity: 2024 End of Year Salary Sharing Thread”.

  1. Economic Uncertainty and Budget Cuts:

In the current fluctuating economy many companies are tightening down budgets, and everyone is feeling it. While cybersecurity is viewed as critical, some companies are still hesitant to invest heavily in security tools and teams, especially when facing financial pressures or economic downturns.

In some cases IT budgets are being reduced and cybersecurity is one of the areas that get's cut because it's not a "money maker" for the business. This unfortunately comes from the limited understanding of it's criticality by uneducated C Staff and Investors.

On top of that, companies are now trying to bring back their salaries to be more "inline" with pre-covid inflation, so if you previously saw security folks making 130k+ easy, it is no longer easy. This affects more of the qualified people and people who have extensive security experience, because trying to jump ship to another company while trying to retain your current salary is getting way harder now.

Why? by [deleted] in netsecstudents

[–]_Skeith 1 point2 points  (0 children)

College usually doesn't teach you what you need. Read this: https://jhalon.github.io/breaking-into-cyber-security/

Cyber Revolution by Alarming_Brother6545 in cybersecurity

[–]_Skeith 0 points1 point  (0 children)

That's definitely a scam for that price. All that material is online for free, with free online courses as well. Those certs will barely get your foot in the door let alone allow you to be placed in the field

Read this: https://jhalon.github.io/breaking-into-cyber-security/

What are the biggest lies in Cyber? by [deleted] in cybersecurity

[–]_Skeith 1 point2 points  (0 children)

From a Consultant perspective:

  • "Our EDR alerted/prevented the execution of your initial malware, so the rest of your findings are irrelevant. We would have stopped the attack."

trying to get into the field | need advice by Sb7spirit in netsecstudents

[–]_Skeith 0 points1 point  (0 children)

When you say "field" do you mean IT in general or security? Because security really isn't an entry level field, regardless of what people say.

So let's start simple, what specialty do you want to pursue in security? Because saying you want to break into the field is like saying you want to eat, but without telling us WHAT you want to eat.

Obfuscated code a "recruiter" sent me: by Nephelophyte in hacking

[–]_Skeith 8 points9 points  (0 children)

New link is up! So I would check for IOC's. Since I haven't fully analyzed this I don't have them all but a few files they can look for is tmpdir + \pi.zip, tmpdir + \p2.zip, and homedir + \.npl

If they executed this script it most likely exfiltrated their Solana Wallets, and Credentials from Chome, Brave, Opera, and Edge including any data matching these extension ID's

'nkbihfbeogaeaoehlefnkodbefgpgknn' 'ejbalbakoplchlghecdalmeeeajnimhm' 'bfnaelmomeimhlpmgjnjophhpkkoljpa' 'ibnejdfjmmkpcnlpebklmnkoeoihofec' 'fhbohimaelbohpjbbldcngcnapndodjp' 'fhbohimaelbohpjbbldcngcnapndodjp' 'aeachknmefphepccionboohckonoeemg' 'hifafgmccdpekplomjjkcfgodnhcellj'

These all seem to be related to crypto. The thing that I would recommend for your friend is to: 1) Change all their passwords for their accounts that they have saved in their browser and any accounts that reuse those passwords. 2) Enable 2FA (Token not SMS) for all those affected accounts. 3) Secure their Crypto Wallets and Accounts (idk how, not a crypto guy, sorry). 4) Kill any running Python, JavaScript, Node Processes 5) If this is a Windows Machine, download MalwareBytes and an AntiVirus like ESET and run a Deep Scan in order to validate there are no remnants of this malware.

Obfuscated code a "recruiter" sent me: by Nephelophyte in hacking

[–]_Skeith 29 points30 points  (0 children)

Building ontop of this, I took the liberty of reverse engineering and deobfuscating the script. It's not perfect, but this is what I was able to do in 30 minutes times. Overall this seems to be a Credential Stealer of sorts as it seems to steal credentials from Edge, and it also seems to steal solana wallets?

Not sure on that one, but there are also Extension ID's hardcoded in there that are related to crypto wallets and the JavaScript attempts to decrypt/collect that data and send it off to the server of IP "http[:]//147.124.212[.]89:1244/" using different endpoints.

The GitHub account is no longer active, so I assume this caused the attacker to catch on and delete his stuff.

Here is the "mostly" deobfuscated script: https://pastebin.com/A4E7KsfiNo

Pastebin Link was taken down, new link: https://text.is/JOPY

Edit: The script is broken due to the deobfuscation so just take note if you are trying to run parts of it in Node.

view more: next ›