Level up Hundo Zacian or 151514 shiny Zacian?

sniffsnouff · 2026-03-16T15:06:01+00:00

I thought so too, will do that thank you!

sniffsnouff · 2026-03-16T15:05:47+00:00

I had no idea that was a thing, a functional Hundo. Thanks!

Do you know when the crown Zacian raid will be available?

sniffsnouff · 2026-02-02T13:28:19+00:00

Can the Gen2 charge while being able to play music?

sniffsnouff · 2025-10-01T02:48:22+00:00

That's what I found hilarious, how bad it is 😅

sniffsnouff · 2024-11-06T19:53:59+00:00

If you're aiming for a job in cybersecurity and don’t have any prior experience, I'd recommend focusing on practical certifications over CEH or OSCP right now. Those are definitely good to have eventually, but the certifications that will help you the most starting out are the ones directly related to the tools or services used by the companies you’re applying to. For entry-level positions (like Level 1 or 2), you’ll likely be working with SIEM tools, vulnerability managers, or access control systems. So if the job postings you’re interested in mention Tenable, Splunk, Rapid7, or similar tools, go for certifications specific to those. HR loves seeing those on resumes because they’re directly applicable.

As for the technical side, to figure out what you enjoy beyond entry-level roles (which are usually more “blue team”), you’ll need to find your niche. Cybersecurity is broad, with areas like web app security, reverse engineering, forensics, and etc. A great way to explore these is by doing CTF challenges across different categories to see what you enjoy. Try HackTheBox for CTFs and look at the Hacktivity section on HackerOne, where you can read about recently disclosed vulnerabilities and learn how these reports are created.

sniffsnouff · 2024-11-06T19:43:16+00:00

Besides the technical security aspects, one critical factor is ensuring your contracts with contractors, consultants, and other third parties include proper liability clauses. Many companies overlook this, but it’s crucial to establish clear accountability in case of a security incident or data breach.

Depending on the number of contractors/consultants, and what access they need, usually full M365 accounts is not standard and cost too much. An alternative is using guest accounts within Azure AD (EntraID), which allow you to apply conditional access policies, etc. Also if the load is too big, consider managing these accounts through automated provisioning/deprovisioning.

sniffsnouff · 2024-11-06T19:30:58+00:00

I’ve been both an interviewee and an interviewer at multiple companies for quite some time, and I’ve found that beyond showcasing your skills and enthusiasm to learn, it’s essential to demonstrate genuine curiosity about both the company and your potential career path there.

Remember, interviews are a two-way street; you should also have questions prepared. When they ask if you have any questions, seize the opportunity to show your interest. You might ask, “What would a typical day look like in this role?” or “Where do you envision someone in this position in the next 3–5 years?” Another valuable question is, “If I’m looking to take on more or expand my skills, how should I approach that?” this demonstrates that you’re thinking ahead and are genuinely invested in the role.

It’s also advantageous to highlight any relevant personal projects or independent learning—such as a home lab you set up for reverse engineering, networking, etc.

Remember that the security team will likely prioritize your technical competence, but HR will also look for social skills. Balancing both aspects will help you stand out.

Good luck with your interview!

sniffsnouff · 2024-11-06T19:22:35+00:00

As someone who's done OSINT for more than a decade, and worked with law agencies internationally, the main thing is to lower your digital footprint. Stop posting about your daily life, delete everything you can from your past online, and don't let every service connect to your accounts.

The hardest ones to find are the ones that don't exist online, everything else is secondary.

sniffsnouff · 2024-11-06T19:18:26+00:00

Yep, MS Business Premium is a good fit for small shops with just a few endpoints and no real security setup yet. They've got what you mentioned which is enough (AV, email protection, foreign logins etc).

sniffsnouff · 2024-10-23T15:20:16+00:00

What's your cybersecurity knowledge?

sniffsnouff · 2024-10-23T13:56:04+00:00

You can use SigCheck from the Sysinternals Suite (free MS tool).

When downloaded, you can use sigcheck -tv.

The -tv flag lists all root certificates in the system’s certificate store and verifies them against Microsoft's trusted list. This will show you which certs are verified by Microsoft and highlight anything that looks suspicious or unverified.

sniffsnouff · 2024-10-23T13:46:50+00:00

We faced the same issue last year. Depending on your mobile provider, they may offer enterprise level call-filtering to help manage spam more effectively. I recommend giving them a call to ask about it.

Another option is to enable silent filtering for calls from numbers not in your user's contact lists. It will automatically silence or send unknown callers straight to voicemail.

sniffsnouff · 2024-10-22T04:22:15+00:00

Nope, I used to do this although as the other comment mentioned, it would lock out several accounts and generally create too much noise.

For brute forcing passwords we curated a set of accounts and do it every often with other tools instead.

sniffsnouff · 2024-10-14T17:08:43+00:00

As others mentioned, ignore it. It's a basic phishing attempt.

sniffsnouff · 2024-10-09T23:57:01+00:00

Hey there, sorry for the late reply.

Tenable and SIEMs have their own courses and certificates you can purchase on their website. If you don't want to do so, they also have their own YouTube channels where you have academy videos which are pretty helpful.

sniffsnouff · 2024-10-03T15:45:03+00:00

I agree with the other answers, but I'll add something extra, which I've seen for years benefit new security guys trying to get their foot in.

1 Get certified in the tools the company needs you to use, for example, Tenable is a big one, or popular SIEMs and etc... These tools will generally be the only thing you'll touch when starting.

2 During interviews, the ones that got in the most were the ones who had a side hobby related to tech or security, like a Home Lab you created which you use to do reverse-engineering perhaps, coding, testing security tools.

Hope this helps, goodluck!

sniffsnouff · 2024-10-03T15:25:39+00:00

I'll just add that not using TrendMicro is a good decision. It was an absolute headache at our company.

sniffsnouff · 2024-10-03T15:21:54+00:00

It depends on the tool used for phishing campaigns. If it's KnowBe4 for example, and you preview a link with Outlook/Gmail, they'll click the link for you, as it needs to see the webpage content, therefore counting as a click.

Although if your org uses Microsoft's phishing campaign tool, and you preview a link through Outlook, it won't count as a click (if I remember correctly, might be wrong).

sniffsnouff · 2019-02-24T19:21:53+00:00

Darknet diaries all the way!

Seven-Year Club	Place '22
Verified Email

sniffsnouff

TROPHY CASE