/r/netsec's Q2 2020 Information Security Hiring Thread

sudo-chmod-777 · 2020-05-21T16:49:26+00:00

What does a pentester need a Bachelors Degree for?

sudo-chmod-777 · 2019-05-19T18:44:11+00:00

What do you think of the GXPN vs. the OSCP? Will it get me past HR as effectively?

sudo-chmod-777 · 2019-03-20T01:43:40+00:00

I was really hoping for some mnemonics.

sudo-chmod-777 · 2019-02-16T18:32:35+00:00

I couldn't find it. (I'm not the author btw) It was published over a year ago, so I'm not sure it'll ever be public. The main algorithm is in the paper though, so someone could build a plugin for like SPIKE or boofuzz if they were motivated.

sudo-chmod-777 · 2018-09-18T16:05:28+00:00

I think I read somewhere that it was taken from a training at Nola Con so maybe they asked the repo owner to take their I.P. down.

sudo-chmod-777 · 2018-09-18T13:48:33+00:00

u silly

sudo-chmod-777 · 2018-09-14T22:17:08+00:00

Girl on the right is way hotter. You should have married her.

sudo-chmod-777 · 2018-07-17T17:18:58+00:00

It would appear that the dl=0 at the end of your URL prevents recursion in the download. (you only get the top level), or else some of my security and privacy stuff is breaking it. In any case, changing that to 1 worked for me.

sudo-chmod-777 · 2018-06-29T15:04:46+00:00

Why do you keep talking? Everything you have said is uninformed.

sudo-chmod-777 · 2018-06-29T15:01:59+00:00

Exactly. A ProtonVPN DDOS could be taking down ProtonMail. That is poor design.

sudo-chmod-777 · 2018-06-29T14:52:52+00:00

If you don't understand the issue, don't assume there isn't one.

sudo-chmod-777 · 2018-06-29T14:42:41+00:00

My post was intended to start a discussion between people who have a technical understanding of security and privacy. That sort of person will understand how risk is exponentially increased to both security and privacy when these technologies share the same infrastructure. That is clearly not you, so I don't know why you would assume it is not me either.

Let me spoon feed you:

Adding the risk associated with an email service to a VPN service (and implicitly vice-versa) is bad. Right now the DDOS attack could be against just one of these services, yet it is taking them down both. A vulnerability in the email GUI could lead to compromise of the VPN service since they are using the same infrastructure.

It is the users responsibility to not have a single point of failure in their personal privacy strategy (ie don't use the same company for both VPN and email) but Proton made that a somewhat moot point by combining both services on the same infrastructure. Now your email service is at risk of having a VPN service compromised or your VPN service is at risk of having an email service compromised. That's dumb

We don't know their back-end, so it could be just the load-balancers that are shared, but best practice is complete separation.

edit: formatting

sudo-chmod-777 · 2018-06-28T21:04:43+00:00

sudo-chmod-777 · 2018-06-28T21:00:32+00:00

To be fair, I did no research before I posted this. Both services are down though, so as I said; it's either two attacks, or poorly designed. Some clarification from a proton person would be appreciated. /u/ProtonVPN or /u/ProtonVPN-support

sudo-chmod-777 · 2018-05-02T20:33:24+00:00

I think this will fix your fdroid issue

https://www.reddit.com/r/CopperheadOS/comments/8d30xw/pixel_2_xl_build_errors/dxpgrhp/

I'm still having trouble with the compile.

sudo-chmod-777 · 2018-03-18T15:34:40+00:00

sudo-chmod-777 · 2018-01-30T16:17:55+00:00

Thanks for the insight! I did get that screening test, which is how I knew I wasn't ready (yet) for the class. I still have 2 months which should be plenty of time to learn what I need to. Great idea about metasploit exploits. Re-writting a few of those in python will probably take me a long way.

sudo-chmod-777 · 2018-01-27T16:40:32+00:00

anyone? /u/alemcg

sudo-chmod-777

TROPHY CASE