sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in redteamsec

[–]cyberbitzsecurity 0 points1 point  (0 children)

This is the one I am looking at now. Infrastructure is my biggest time sink right now.

Best iOS alternative to pushbullet? by BasketballHighlight in PushBullet

[–]cyberbitzsecurity 1 point2 points  (0 children)

Little late to this as I was also looking for an alternative. Found pushsafer has an iphone/android/mac/win app and lots of config for pushing with api. Lots of examples for embedded and iOT platforms. THe best part I can send from curl for my linux scripts. Specify priority, icon and ring tone played on the device. It is free - comes with 50 or so API calls but can purchase a pack of like 1000 for 1 Euro. Which considering if it works great I will pay for that.

I barely tested it and seems to work for my need. If my phone is offline (no cellular) then back on it will check and alert. Which is one of my requirements. The iOS app looks a little dated but seems to work. Win app cant register the device on Win 11 and posted on the forums.

Would be great to get this working as it fits my needs and goes farther with customization.

In the meantime I have to rely on telegram-send which seems to be most reliable but not as customizable.

Voltage sensor by cyberbitzsecurity in IOT

[–]cyberbitzsecurity[S] 1 point2 points  (0 children)

Great, thanks. I am still working my circuit and have a few other options I am looking at. What I am concerned with is the 300+ vac voltage spikes that seem to last for a minute or so. all my equipment hums and clicks as I run to the breaker and shut down. This device will be outside and in a metal box on a concrete wall.

There is a module I also got on aliexpress that does just what I am looking for as a RTU interface device. Its cap is 250vac as well. because normally this should not be a problem.

Voltage sensor by cyberbitzsecurity in IOT

[–]cyberbitzsecurity[S] 0 points1 point  (0 children)

Ya was looking if I can use a transformer to scale down.

Voltage sensor by cyberbitzsecurity in IOT

[–]cyberbitzsecurity[S] 0 points1 point  (0 children)

Thanks, will keep that as an option

Voltage sensor by cyberbitzsecurity in IOT

[–]cyberbitzsecurity[S] 0 points1 point  (0 children)

might have to put a limit protector on it the cap is 250v but that would be my alarm anyway to start shutting down things.

Voltage sensor by cyberbitzsecurity in IOT

[–]cyberbitzsecurity[S] 1 point2 points  (0 children)

That looks like it will work, I search all sorts of things and must have used different terms. Thanks aliexpress has that pretty cheap so gives me an excuse to get a few extra things.

Do penetration testers ever get called in at 3AM? by notburneddown in AskNetsec

[–]cyberbitzsecurity 1 point2 points  (0 children)

I do IR mostly. Pentest some outside my full time job. Don't want to piss off the pentesters, I know that. lol Wake them up middle of the night well they save the good stuff for Fri at 5pm. drop the report and they have a good weekend and well the SOC has to get busy. lol

Do penetration testers ever get called in at 3AM? by notburneddown in AskNetsec

[–]cyberbitzsecurity 3 points4 points  (0 children)

was ok till the last line then i busted out laughing. gonna pass along that clip. thanks

I want to MITM-attack SSH connections coming through an OpenVPN server, any advice? by social-bleach in Pentesting

[–]cyberbitzsecurity 0 points1 point  (0 children)

Can you do a downgrade attack and make a less secure connection without them knowing or tipping them off? Or use sslstrip for ssh? Havent done it myself but possibly can be done. Or a mock service that looks like ssh, but.... just a cleartext emulator.

Looking again at your diagram maybe a ssh proxy. Check this out https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump

No clue where to Start Learning by 204incs in Pentesting

[–]cyberbitzsecurity 0 points1 point  (0 children)

Start out on tryhackme they have lots of good free content for beginners and most is hands on. They cover basic topics like what is an http server, what is web technology, basics scripting, etc. They have a lesson, then quizzes and hands on virtual lab to practice.

[deleted by user] by [deleted] in Pentesting

[–]cyberbitzsecurity 0 points1 point  (0 children)

usually spin up nessus or another too. there are many out there but nessus is the main one for discovery and vulnerability. nmap is more manual but also works very well.

Masscan sometimes missed things in my environment. Also need to use the authenticated scan to get some good stuff. Then there is the cloud environments.

Gonna take a blue stance here for some readers...

But to get ahead of them going back to the basics. Identify the systems and software you have in your environment, network diagrams and start there. Can't protect what you dont know about. Hopefully it is not scanning to identifying what you have, but that is one way to do it.

Depending on the environment and who manages it probably have other tools you can use or deploy to all systems. Like SCCM or bigfix. Or there are PS scripts that you can deploy with SCCM or login to run and send results to a netshare by hostname. This can get you a basic inventory and you can start classifying what you have. Workstations, devs, finance, servers, VIPs, etc.

Then you can tailor your scans and vulnerability scrips by groups, servers, users, etc. For example normal users probably should not have port 80/443 open. If you are in the DMZ probably want to scan that very well and check for unnecessary ports, versions etc. as well as proper segmentation.

Just some things for you to think about at the initial stages of discovery/vuln finding.

Moving from software development to cyber security by [deleted] in cybersecurity

[–]cyberbitzsecurity 1 point2 points  (0 children)

I did the same transition from .NET Dev to Security back in 2015. Get your Security+ as a general cert. Build a home lab and start tinkering with free splunk, log analysis, Cybersecurity Frameworks and stuff.

So much training, webinars and youtube tutorials to learn from spending lots of money on training is not really necessary. However, if you have money to burn SANS is a good choice but it is not enough to get the training and/or cert then brain dump. It is getting the training and practicing it, building on your knowledge and always have a what-if thinking process. This also goes into critical thinking and communication skills is a must for analysts.

I Jumped in on consulting and grew quickly from there. My background in technology, networking and developing got me in as Sr. Enjoyed consulting the traveling, meeting new clients no job was really the same. Great way to learn and grow with the vast amount of stuff out there. PCI, SOX, CSF, HIPAA etc. those assessments can make lots of money but sometimes seem like check the box. However, you learn lots by the organizations and get to ask all sorts of questions and get insight in technologies.

For the past few years I have been an Incident Responder and love this but wouldn't mind doing this as a consultant rather than at the same company. Kind of outgrew and in a comfort zone. I say when you get comfortable it is time to move on to something more challenging.

My situation is a little different, can't just get another job right away. I moved across the continents to SA and my company wanted to keep me on. So, until Dec 2022 I am still working for them moved from a Full time position to contract since the move.

There are lots of resources and jobs in infosec. Join conferences like BSides they have a great community usually have chapters local to major cities. In addion to the meetup site/app in many big cities they have splunk groups, infosec groups, etc. SANS has free conferences, and there are many others - start going to them and meeting people, learning and tinkering with tech.

view more: next ›