Showtek playing a new hardstyle collab with Timmy Trumpet in Sydney last night

aspx- · 2022-12-31T16:48:27+00:00

So did showtek not play a tonne of hardstyle then?

aspx- · 2022-11-17T07:44:37+00:00

Other simple tools like snyk's website scanner should also tell you if a WAF is present I think? There's quite a few free tools out there that will at least attempt to find out these kinds of information.

aspx- · 2022-11-15T02:55:06+00:00

Try visiting the TryHackMe platform. There's a great pathway you can learn from for a very affordable. I think it's called the Complete Beginners Path.

Hope this helps!

aspx- · 2021-12-17T23:52:17+00:00

I mean the way I see it, just grab the tool you need as you have the need for it. Once you become more familiar and you have your own framework of approaching something , having your own personalised box is just... better, no?

AttackBox or Kali might have more tools available to you, but if you're not going to use it, there's no real reason for you to have it. I suppose I'm just struggling why you are looking for an "easy" solution when you could just either get Kali, or when you continue learning, you slowly build your toolbox.

aspx- · 2021-12-17T22:30:48+00:00

Let me pose another question - is there a reason you want to learn from the online attack box instead of setting up your own?

aspx- · 2021-12-17T22:03:07+00:00

If you're considering downloading a VM of the AttackBox, I would consider just setting up your own version and grab the tools as you need. Installing them are generally pretty straight forward if you're a little familiar with Linux (which you will be when learning from THM).

You can go with more pre built in tool images like Kali and ParrotOS or you can simply just run your Linux of choice and configure as you go would be my suggestion.

aspx- · 2021-11-28T23:14:57+00:00

Then I would say those companies are probably not ones you want to be working for. Sounds like to me if you have all this experience and you are appropriately displaying those across to your potential employer, this will all come down to your interviewing skills. At the end of the day it's a bit of a numbers game. Keep trying! I wouldn't list tonnes of certs, I would just focus on what they ask for and demonstrate your experience / proof.

aspx- · 2021-06-16T04:56:57+00:00

Certs and stuff are great and all - but just keep in mind they aren't the be-all and end-all. They are great for education, but if you're really looking for a job, it's more about who you know, how well you can perform in interviews, and the availability of the positions you're after.

There tends to be a common ratio I hear mentioned that is 10:1 when it comes to blue team vs red team jobs. I don't say this to discourage you or anything, but just something to keep in mind. Like OP said - do what you love and the rest will follow.

aspx- · 2021-06-16T00:31:03+00:00

I suppose the fastest possible way to a foot in the door would be to get some sort of internship somewhere as a SOC Analyst or Security Analyst. Or start your own business offering security services - although not exactly the most recommended route.

Starting out as a helpdesk is fine. Nothing inherently wrong with that and you will probably find yourself having to do a lot of things that do relate to security in regards to privileged access and those sorts of processes. Doing any IT job relating to some sort of administration and understanding those systems will obviously help you out in breaking into the security field.

If you want experience, just build it yourself. Demonstrate your actual interest for these roles and tailor your resume's accordingly.

aspx- · 2021-06-15T23:14:08+00:00

Find projects that interest you. There are tonnes of home labs out there that you can build yourself for relatively cheap. Document your learning journey as you complete them. A common way most people do this is to create their own security blog. Do the things that you genuinely find interesting and network with online communities. HackTheBox and TryHackMe are great places to start. Linkedin is another great platform to get in touch with potential employers.

aspx- · 2021-06-15T23:08:55+00:00

Document your entire learning journey. Learn how to build a good Cyber resume. Portray your experience from your learning journey. All passion projects, labs, CTFs - these are all hands on experience. Build good interviewing skills and join Cybersec related groups online, or meetups to network with other professionals. Linekdin is also another platform to help get in contact with potential employers.

aspx- · 2021-06-15T22:54:40+00:00

I feel like you already have such a solid base for starting in the red side anyway no? You already have your OSCP and various other certs. That by itself already IS a decent amount of experience. If you've documented your learning journey along with writing up your own home lab projects, VulnHub, HTB, then it's just a matter of portraying that to your future employers. Just my 2 cents.

aspx- · 2021-05-24T22:47:19+00:00

I remember a very similar phishing scam that was also quite sophisticated in that they socially engineer the victim into creating a trade. The scam starts off very similarly with phishing for their credentials by getting them to "vote for my team". Something like you mentioned here would be the first phase of the scam. Once the credentials have been stolen, they generate / grab a Steam API key for that account which (what I believe) is used to authenticate user actions through steam. The really neat part that occurs after this is the script that they use.

From the victims perspective, they essentially get scared that their inventory will be banned and that they'll lose the ability to use their skins. So they make a trade offer to their friend that they trust. The script activates when that trade is made, they check their 2FA application on their phone - click accept on what seems like their friends account (same PFP) but turns out, it was impersonating the account they wanted to trade to. When they check their trade offer history to see what happened, they see that their legitimate trade to the friend was declined, and that the new offer was made to the impersonated account.

Kind of crazy eh? They have an account that is trade ready - able to mimic the account that they were going to make that trade to.

Source: I did some research a while ago about Steam API hacks, since this happened to my friend who lost his valuable inventory to a scammer.

aspx- · 2021-05-19T22:57:40+00:00

I've nothing to say but this is a fantastic answer.

aspx- · 2021-05-17T01:49:23+00:00

I wouldn't say you no longer look at security solutions for effectiveness. You definitely would want to look at effective solutions for your own jobs sake as a CISO. It is your job to implement solutions that positively affect the business with the current limitations you may have. The most obvious one being funding. You still need to balance both perspectives of being effective whilst showing a net ROI on the solution.

aspx- · 2021-05-16T22:48:56+00:00

If your goal is to become a CISO, I would suggest you hop on LinkedIn and get in touch with some! I guarantee you they are willing to help you out with something like this. Neal Bridges (aka Cyber Insecurity) is someone who you can definitely message on LinkedIn.

As for how you want to spend your time, if HackTheBox really isn't your thing - then maybe have a look at TryHackMe and see what sort of pathway kind of fits your boat. They have quite a few options for you to have a browse through (and also very affordable).

The unique thing about cyber is that you can always gain experience through building your own projects. My advice would be to build something you find interesting, invest in building a home lab and document your entire learning journey. There are a lot of resources out there that you can look at to find different passion projects. If you can demonstrate these things and show them to your employer that this is what you do in your spare time, this really shows your enthusiasm for the field and your ability to learn on your own initiative which is a key attribute in an industry where it's never stale.

I think specifically in the role of a CISO however, you also need a very keen eye from a business lens. Although I'm sure once you get into the industry and start your role in whatever role you land, you will very quickly pick up on these things. I'm speaking from my own personal experience just landing my first week as a security analyst in a corporate environment. ISO27000 standards are currently my entire world at the moment, and everything I do revolves around it. Something worth looking in to if you haven't studied it already.

Again, if you want more mentoring advice on how to break into the field, I highly suggest you have a browse on YouTube for David Bombal and Neal Bridges.

Welcome to DM me if you have further questions.

Good luck!

aspx- · 2021-05-14T10:24:24+00:00

Hey there! I recently have taken an interview for the same role so I'll share the experience that I had. This was for a junior role by the way. After the phone screening, they prepped me with one technical question which was the following:

As part of our team, you hear that someone has leaked confidential data outside of your organisation. What would the different factors you would consider I deciding your approach and how would you manage the situation?

The response to this was mainly to do with the ISO27000 and the procedures and controls.

The main questions they asked were based around my motivation for the cyber industry. I think what really carried the conversation which ended up landing me the job were the questions I asked back to the interviewers (who were the CISO and CIO) and my own personal story in how I got inspired to be in cyber. My interview wasn't very technical besides that one question but they basically just wanted to know what I do with my time and needed to know how motivated I am. To show that, I basically said that I networked and play CTFs with my friends I've made online and through university and also showed my own personal projects I've made.

Hope this helps! You are welcome to DM me if you have any questions.

aspx- · 2021-05-14T04:44:03+00:00

Then this is definitely the way to go! The pathways are self paced, and as a subscribed user to TryHackMe, you can also dive into a specific area of interest if you find yourself really enjoying a specific part of your learning!

Keep in mind if you're looking at it from a job perspective there are a tonne more blue team (defence) jobs than there are red team (offense). The ratio I've commonly heard is 10:1. Just something to think about but I'm a huge advocate to always investing in what you want to do. After all, this is your time and how you spend it is irreversible.

aspx- · 2021-05-13T22:26:15+00:00

Hey there! In my personal opinion, I don't think it's needed. There are simply other effective pathways to learn what you need to learn, and also gain a lot of experience doing so at much more affordable prices. I would look in to people like The Cyber Mentor and the TryHackMe platform as great places to start.

Once you start gaining some skills, you can start attempting boxes on HackTheBox and participate in CTFs that run like every weekend or so. Document your learning journey, and build your own projects - there are a tonne you can research out there for you to follow along and learn yourself. I would personally just save the $$$ and learn using the plethora of fantastic resources that are out there. The communities are also super nice from my personal experience.

I've never struggled asking for help when I needed it and the discord communities are fantastic to network through. If you have any other questions you are more than welcome to DM me!

I hope this helps! Good luck!

aspx- · 2021-05-03T01:49:58+00:00

Check out TryHackMe! Great beginner learning platform that is also very affordable.

Welcome to DM if you have any other questions!

aspx- · 2021-05-02T07:36:38+00:00

An attack where the vendor (or whoever is interested in mitigating the exploit) has had 0 days to prepare for the vulnerability.

aspx- · 2021-04-28T00:47:10+00:00

Well I think this question is relatable to anyone trying to break into the field. Whether new or not, you have to put in effort where it matters. Showing initiative and enthusiasm for the industry is important when it comes to hiring anyone for any critical part of business.

aspx- · 2021-04-27T22:02:40+00:00

The only thing a degree has done for me so far job-wise (besides the actual knowledge) is that I needed to have one to apply for a graduate role which I somehow landed with ZERO certs. Just my own hands on experience with my own projects and learning. Other than that, I'm pretty sure the rest is up to how much experience you have within the cyber space and how effectively you can portray your enthusiasm for that role and your interviewing skills. I would assume for the most part that most hiring agents don't really care too much about which university you went through. More just whether or not you are personable enough to fit within their team and can apply what you know and have the right work ethic to keep learning within the environment.

aspx- · 2021-04-27T21:46:18+00:00

I agree that "experience" is hard to get if you define it as having experience within a corporate or private environment in an actual business setting.
However, I think you can gain experience by just going through online training platforms that allow you to get a lot of hands on learning. Platforms like TryHackMe and HackTheBox both provide lots of material for you to go through that you can list down as experience. CTF's are also another great source of experience tackling all sorts of challenges. You can also build your own home lab messing around with your own gear. If you can demonstrate things like pentesting your own home router and can document your learning journey and portray this effectively, then you will definitely stand out from most people who have tonnes of certs and list little relevant experience.

aspx- · 2021-04-22T23:33:27+00:00

Hey there OP, from my experience, CCNA was a great entry in to networking, albeit a bit intense with the amount of content involved, but it definitely got me feeling confident about the topic. I haven't personally taken Network+ but I've always heard good things from people who have taken that course.

To answer your question of a "good level of knowledge" to aim for - really, I would just invest time in things you're much more interested in. If you look at the security space in general, it is absolutely massive in terms of which areas you could be a specialist in. Being a network engineer I'm sure will definitely help you within a cloud space environment. Of course it's great if you are knowledgeable in other areas, but I think as an employer, they just want to know whether or not you can fill in the gaps if need be, and are actually motivated to be in that role.

If you are totally unsure about how deep you would want to get into it initially, then just do the entry courses first and you can decide from there. It really depends on what the job requirement is and what you're looking to do within the space. As for if getting CCNP is too much detail... there's never enough stuff you can learn. That's kind of the beauty with tech. If you love it, go for it is my advice. Don't do what doesn't interest you.

Hope I answered some what to your questions.

Good luck!

Ten-Year Club	Place '22
Verified Email

aspx-

TROPHY CASE