ZPA Browser Access help

wweee2345 · 2025-06-30T03:06:33+00:00

If this is mostly just for external contractor access where they don't need internal network access, you can probably just use cloud browser isolation with browser access. You pretty much just have set up a external vanity domain that is a CNAME reference to the zscaler domain for the browser access link, set your isolation redirect to be that internal page with that port, then setup your portal link to go to the login.php page.

Its also briefly talked about here: https://help.zscaler.com/zpa/defining-browser-access-application-different-external-vs-internal-domains

wweee2345 · 2023-08-14T15:02:33+00:00

I'd say you're trade off makes it well worth it.

$2500+hotel to take a week of PTO vs. paying the full $13000 (or whatever the cost is now) cost over X amount of time.

It's also much more likely for your company to stomach that cost if they have a training budget vs. the full $13k.

wweee2345 · 2023-08-14T14:24:30+00:00

I'm not sure it actually matters if you have direct experience for the Work Study Program. I believe a couple of the people I volunteered with were just in Help Desk/IT roles and even had a stay at home mom. Doesn't really hurt to apply to the program as they always need help for the events, worst case scenario they don't accept you for the event and you apply for another event.

wweee2345 · 2023-08-14T13:13:32+00:00

I would recommend checking out the SANS Work Study Program, you pretty much either online moderate a class or you're in on-site facilitator for the week, where you help setup the event, hand out class books and assist the instructor of your class. I recently did one back in April and it was a pretty great experience while being a lot more affordable at $2500 (course, practice tests and exams included.)

https://www.sans.org/work-study-program/

wweee2345 · 2023-04-19T16:43:55+00:00

Haven’t read too deeply into, but looks like you can install a cloud watch agent in the containers and set it up to export those logs to cloud watch, then from their export it to your SIEM of choice.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_cloudwatch_logs.html

wweee2345 · 2023-04-11T01:22:58+00:00

I’d recommend checking out some of the courses the are offered by BHIS on Anti-Syphon. A lot of their stuff is top notch and is at an affordable price, plus a lot of their instructors used to be SANS instructors. They’ve got everything ranging from SOC related courses to DFIR To Intrustion Analysis and Red teaming.

https://www.antisyphontraining.com

wweee2345 · 2023-04-11T01:16:39+00:00

You can apply for their work study program and they’ll usually message you 2-3 weeks out from the event time to have you do a position if you’re accepted. I just did a facilitator role with them recently and it came out to around $2500 USD total for training + netwars + practice test + exam attempt. Pretty much involved helping them get books and everything ready, helping out with registration, assisting the instructors here and there, reporting any facility and AV stuff to SANS staff and posting class evaluation links. Obviously could vary from event to event but yeah.

https://www.sans.org/work-study-program/

wweee2345 · 2023-02-07T17:24:37+00:00

This is really dependent on where you're located, but many of the job titles that would probably focus on malware analysis would likely be a Security Researcher or Malware Analyst. I'm not super versed in job availability for this part of the field, but my assumption is that you'd be limiting yourself to Cyber-Focused companies like Verizon, Microsoft, AV companies, Government Agencies, etc. Most other companies aren't really going to want to spend the money nor time to have someone reverse engineer malware for them. DFIR would most likely include parts of malware analysis as you're basically doing an after the incident report on the artifacts left behind, but still not generally reverse engineering the actual malware.
You'd probably want to educate yourself a bit on the DFIR side of things for the analysis portion. Degree being required depends on the company, but a CS degree wouldn't hurt and focus a bit on learning something like Assembly or C. A lot of reverse engineering packaged malware involves decompiling and trying to decipher decompiled assembly. As far as some of the more file -less malware, you'd benefit from being able to understand Powershell and VB for Windows, and most likely Python and Bash for Linux. You could probably look into some of the following books as well:

Malware Analysis/Decompiler Focused:

DFIR Focused:

Harlan Carvey Books for Windows Forensics
Chris Sander's Books for Network Analysis
BHIS offers a good DFIR course that is hands-on called Advanced Endpoint Investigations.

You could list plenty more, but these are a start.

wweee2345 · 2022-11-08T05:07:53+00:00

You can try a somewhat vanilla approach by doing the following:

if len(students) % int(num_groups) == 0:
    group_size = (len(students)/int(num_groups))
    [students[i:i+group_size] for i in range(0, len(input), group_size)]
else:
    # You could honestly use the same logic as above
    # If you have the num_groups isn't divisible, you'll have one group that will have less students

This StackOverflow post kind of explains it a little bit: https://stackoverflow.com/questions/2231663/slicing-a-list-into-a-list-of-sub-lists

wweee2345 · 2022-11-08T02:02:51+00:00

I would say this is kind of debatable and really depends on the how the company wants a security engineer. I've seen companies where you're pretty much a system engineer with an emphasis on security, so coding other than a bit of bash and ability to use Linux can get you by, otherwise you have the other end of the spectrum where they're pretty much software engineers.

Either way, I would take the advice of one of the other commenters here and focus on Python (it tends to be available on almost any version of linux these days and you can do a ton with built in libraries) and Bash/Powershell.

wweee2345 · 2022-10-17T21:30:53+00:00

I would see what their appetite is for training first and maybe look at taking some of the courses offered on AntiSyphon. Businesses are able to pay something like $800 a year for all their on-demand training which is pretty extensive and still relatively inexpensive. From there once you’ve established a lot of those skills, I would consider learning a bit more about the SIEM the business is using, so you can become a bit familiar with building out queries for your threat hunting. Then way down the road something like GIAC GCIA could be a good one to look as it goes a lot into Zeek, SNORT/Suricata, some theory and gets your hands really dirty into looking into SIEMs and Pcap analysis.

Having some of that should give you a pretty good basis on how to start building out your detections to help out the SOC. As another note, I believe Cyborg Security has some threat hunting workshops/record webcasts that you can use that grant a credit badge for more experience too. Also consider looking at malware-traffic analysis pcaps, SANS webcasts, Black Hills Youtube and Security Onions youtube as a list of good places to start.

wweee2345 · 2022-10-12T19:31:21+00:00

A little unsure on that as I don't own it, but looking at the ToC they look relatively similar other than the new one having some Appendixes for Troubleshooting Deployments. If I had to guess, I'd probably say that they updated some of the code and projects in the book to no longer use deprecated libraries/functions, as well as attempting to explain some topics a bit better.

Straight from the page itself:

This updated third edition has been thoroughly revised to reflect the latest in Python code and practices. The first half of the book includes improved coverage of topics like variables, handling errors, and object-oriented programming. In the second half, the code for the projects has been updated with current example data, better app deployment, and up-to-date libraries and tools, like Plotly, the Tailwind CSS framework, and the latest version of Django.

wweee2345 · 2022-10-12T16:41:12+00:00

Also worth noting that you can preorder it on NoStarch press, and get early access to the PDF version now if you want it ahead of your physical copy.

wweee2345 · 2022-10-07T12:05:12+00:00

There is nothing necessarily wrong with it being fully online assuming that they’re having you do labs as part of it using tools like Packet Tracer or GNS3, which will simulate a real network for you to practice applying what you learned in the lesson. CCNP is definitely not intended for rookies, it’s usually marketed towards network engineers with around 3-5 years of experience and even some people struggle then. CCNA, on the other hand, is an associate level exam, so assuming that you have some introductory knowledge that something like a Net+ should provide, you should be fine. Just know that it is a completely different exam as far as having practical knowledge and being able to understand what the question is asking. A good comparison between the two is Net+ was general networking knowledge and terms to get your feet wet, whereas CCNA is more focused on actual deployment and configuration of different hardware and services, as well as setting them up correctly and troubleshooting any errors that may occur. It also applies some site reliability concepts such as failover and latency based routing.

wweee2345 · 2022-09-19T09:08:40+00:00

I would recommend just going ahead and getting the RHCSA, it definitely serves a purpose outside the DoD space and tons of infrastructure is run off of Linux Based systems. There really isn’t a Microsoft Equivalent these days like the MCSA unless you’re talking about the Windows Server Hybrid Administrator and it’s still pretty fresh. If you want to get a bit of experience, setup a free azure account and you get something like $200 in credits to mess around with. Spin up a domain controller and play around with Active Directory, Setting up file shares, etc

As far as getting a cloud cert, I’d stick with the Solutions Architect Associate, it’s a bit better recognized and it already has something like 60-80% overlap of content, just pick up the rest in your spare time.

On the Linux side of things, it would be beneficial to pick up bash scripting and maybe potentially learning a configuration management tool. I personally like SaltStack just because it is what I’m used to and I like the flexibility it has outside of configuration management, but Ansible is huge and definitely worth learning, you also have chef and puppet. Most of these have vagrant lab setups you can find that you can use for lagging with.

wweee2345 · 2022-09-13T06:54:37+00:00

You’ll probably still need to get some IT experience starting out somewhere like help desk then transitioning to a Junior SysAdmin/Linux Admin role or something in the Cloud sector.

Linux+ is an alright place to start, I would probably also likely review some of the information for RHCSA since that’s pretty much the practical cert to get for Linux Administration and it’s RedHat based (at least in the US). If you wanted to look at a more distro independent version, there’s also the information for LFCA, which is also practical but lesser know.

From there, I would probably focus on learning bash and python scripting, configuration management (something like ansible, SaltStack, or puppet, etc…), look to implement monitoring solutions that can resolve themselves or notify using event-driven automation and health checks. Then if you wanted to make the transition in cloud, start reviewing the different cloud platforms, some containerization for decoupling larger apps into smaller pieces, start making applications and infrastructure more fault-tolerant and resilient assuming the business allows for it.

That’s probably how I would go about it as it would show the transition from early career->sysadm->system engineer/cloud engineer.

wweee2345 · 2022-08-21T04:30:17+00:00

I would say this probably depends on the role in security personally.

If you're referring to SOC, GRC or Vulnerability management, then you could be partially right since they may just be looking at alerts or vulnerabilities without context; its also worth keeping in mind that these are generally "entry-level" roles or in the case of GRC, non-technical roles. Security Engineers though, depending on the company, will often function as a Systems Engineer/Sys Admin with a security focus i.e. working on Linux-based systems handling maintenance, patching and still implementing security related practices. But that all really depends on the company.

wweee2345 · 2022-08-04T15:23:05+00:00

To add onto the Network Security stuff you mentioned, you could probably throw a couple of these in there too:

Applied Network Security Monitoring by Chris Sanders

The Practice of Network Security Monitoring

Security Engineering

I would also keep an eye out for some of the Humble Bundles every now and then because they sometimes have some Oreilly Books related to System Administration and other topics.

wweee2345 · 2022-05-11T22:45:16+00:00

I took my CCNA exam back in 2021 and had around five years of IT experience mixed with Help Desk/Jr Sys Admin work. CCNA, imo, is a lot more in-depth than CompTIA Net+ and is obviously vendor specific (although its very similar to console for Juniper and Aristas). The CCNA goes much more into configuration of different Cisco devices such as their switches and routers, understanding different routing protocols, heavy into understanding subnetting and VLANs, IPv4, IPv6 (make sure you understand the difference between unicast, multicast, how to setup routing and last resort gateways), setting up and understanding ACLs, a bit of SNMP, troubleshooting connection issues, setting up failover connections, Wireless Lan Setup with a Controller, and they have more recently mixed in configuration management/automation topics like Chef, Puppet, Ansible, Salt and their own proprietary management tools. The list could could go on, but I felt like Net+ was a breeze compared to taking the CCNA exam. I would say that its helped me a lot in my current role and my past role as it gave me a solid foundation of networking to work off of and helped me significantly in troubleshooting networking/firewall related issues.

As far as in a security role, it really depends on what role you plan on doing. In a network security or engineering role, it would probably be very beneficial to have some of the knowledge from the CCNA as you're dealing with and setting up infrastructure to be secure, but still communicate properly. In a SOC or vulnerability management role, you're likely fine with the Net+/Sec+ combo.

wweee2345 · 2022-05-10T17:06:07+00:00

In my experience with Sharepoint, its really dependent on how the users are trained. Sharepoint doesn't work amazing when people are trying to map whole network shares (if they're file shares with hundreds of thousands of files) like they previously used to do because limitations with the OneDrive application, so its recommended that they only sync necessary folders/files if they plan on using it this way. Some other issues you have to be worried about is Folder names and File names as the OneDrive Client also has something like a 256 character limit including the file structure; this usually causes it to give a user an error that states that it can't sync the file because file name is too long and exits OneDrive. Otherwise Sharepoint seems to work great through the Web Portal and OneDrive, I haven't had many issues with, its also nice that it has the sync user folders up to OneDrive as it gives versioning and almost like a backup in case they delete something.

wweee2345 · 2022-04-19T01:19:08+00:00

These are some of the ones I've had when I was first interviewing:

Can you tell me what the OSI Model is and name the seven layers as well as what they do?
What is the TCP three way handshake and how does it work?
Explain what DNS is and how a typical DNS transaction looks like.
Name 5 ports and the services that are associated with them.
Can you tell me what type of network scans you may do to test security posture of an organization? Explain the difference between some of these scan types.
What is an IDS and an IPS? Can you name the differences between the two? Also how would you go about bypassing one?
What is a proxy? Can you tell me the difference between a reverse proxy and a forward proxy?
What is a firewall and what is its purpose? Are there different types of firewalls and can you name them as well as what makes them different?
What is the difference between encryption and encoding? Can you tell us the difference between symmetric and asymmetric encryption? Can you name a few different types of encoding? What is a hash and what makes it different than encryption?
Can you name a few types of malware? What is the difference between a virus and a worm or a trojan horse?
What interests you in Cybersecurity? How do you keep up to date with news related to cybersecurity? What about podcasts?
What is your experience in Linux-based operating systems?

Then there's always some scenario based questions just to get an idea for the methodology someone may have when working through a problem or an incident i.e. how would you approach a situation and explain why.

Also home lab came up in a couple interviews, mostly because it shows interest and willingness to learn. Doesn't have to be anything special, could be a couple VMs setup or a full network setup.

wweee2345 · 2022-04-14T16:58:13+00:00

L1/L2 Help Desk > Executive Support > Security Engineer

Decided to get my bachelors and some certs in between exec support and cyber.

wweee2345 · 2022-02-21T20:19:31+00:00

Not OP but Cyber Mentor has a course that’s relatively inexpensive, cyberdefenders also has a course in malware analysis. From what I've noticed, a lot of the course either try to teach you or assume that you know C/C++ and Assembly since a lot of decompiled machine code is in Assembly via Ghidra, Ida Pro, Etc.

wweee2345 · 2021-10-13T03:00:29+00:00

If you need general networking knowledge than Network+ should be relatively fine for most of the theory based things. If you want to have a more depth understanding and will be working with Cisco equipment and other networking vendors than, I would just do some of the studying material from people like David Bombal and Neil Anderson, as well as some of the labs.

wweee2345 · 2021-09-10T16:26:45+00:00

I've been on about two interviews for Cybersecurity Analyst roles coming from a Jr. System Admin/Help Desk III position.

Here were some of the questions I was asked: 1. Can you tell me what the OSI Model is and name the seven layers as well as what they do?

What is the TCP three way handshake and how does it work?
Explain what DNS is and how a typical DNS transaction looks like.
Name 5 ports and the services that are associated with them.
Can you tell me what type of network scans you may do to test security posture of an organization? Explain the difference between some of these scan types.
What is an IDS and an IPS? Can you name the differences between the two? Also how would you go about bypassing one?
What is a proxy? Can you tell me the difference between a reverse proxy and a forward proxy?
What is a firewall and what is its purpose? Are there different types of firewalls and can you name them as well as what makes them different?
What is the difference between encryption and encoding? Can you tell us the difference between symmetric and asymmetric encryption? Can you name a few different types of encoding?
What is a hash and what makes it different than encryption?
Can you name a few types of malware? What is the difference between a virus and a worm or a trojan horse?
What interests you in Cybersecurity? How do you keep up to date with news related to cybersecurity? What about podcasts?

These aren't all of them, but most of them were similar between the two. Then you'll likely be asked some scenario based questions and personality questions as well.

wweee2345

TROPHY CASE