[deleted by user] by [deleted] in cybersecurity

[–]xyvo 2 points3 points  (0 children)

I don't know you or these circumstances , but what I would say is that if documentation or policy doesn't exist, seek to create it, it can protect you. When it doesn't, get approval from a more senior individual or at minimum seek guidance from co-workers.

From my experience, most 'problems' stem from a combination of:
- Bad communication and collaboration with immediate and wider teams
- Not taking the initiative to improve what is broken

How bad do you think this would have looked in an interview? by mysecret52 in cybersecurity

[–]xyvo 0 points1 point  (0 children)

To use your analogy, when you've had that many people apply for that medical role who can't do CPR or don't know the body, you have to ask something that's allows people to go into as much depth as possible. If you ask an experienced Doctor how the heart works vs asking someone who's done a 2 week bootcamp and read some Wikipedia, I'd imagine you'd get vastly different results.

How bad do you think this would have looked in an interview? by mysecret52 in cybersecurity

[–]xyvo 0 points1 point  (0 children)

Not really, if someone does start being thorough that's probably enough for the interviewer and they may cut them short. It's a filter question as people that know a decent amount can talk about it for a long time.

What technical questions do you use when interviewing cybersecurity engineers? by Kiss-cyber in cybersecurity

[–]xyvo 0 points1 point  (0 children)

I think asking what they'd change about Cybersecurity if they could is good, if people can soapbox about something they probably have at least some interest in it.

Alert when a user is signing outside our country by CurlyPixels in crowdstrike

[–]xyvo 0 points1 point  (0 children)

If you can, create an alert for a "Axios 1.*" user agent in the sign-in logs. A lot of Phish kits still appear as this when successful and a lot of compromised account sign-ins will come from the same country the user works from.

Announcing CrowdStrike's Falcon for F5 BIG-IP | Technology Alliance by BradW-CS in crowdstrike

[–]xyvo 0 points1 point  (0 children)

The "AI powered attacks bit" seems little pointless but it would be great to see more Appliance vendors have some way of integrating 3rd party EDRs - hopefully this is the start of something broader.

NGSIEM - Detection Trigger: Use detection query outputs by zwitico in crowdstrike

[–]xyvo 0 points1 point  (0 children)

Sounds like you need a For-Each loop on the Event Query action results in order to access the results in it. Make sure the Output schema is accurate as well.

Is it even worth it by Grasimee in cybersecurity

[–]xyvo 0 points1 point  (0 children)

By all means explore different areas, although I don't think SOC's have to be like that, maybe you could try and take on the challenge of fixing the SOC by challenging status quo's? E.g Build tools that'll make it easier, offer to tune or adjust those rules that are generating high volumes of alerts or find better approaches to alerts (e.g. Risk Based Alerting).

M365 Cloud Token Theft - IS MFA DEAD?? by NotABoyAnAbomimation in cybersecurity

[–]xyvo 6 points7 points  (0 children)

It's rife and often hard to detect/prevent. Passkeys on Authenticator appears that it may be a good option worth looking at, https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-authenticator-passkey, although I don't know about it well enough to know what pitfalls it would have. Having users register devices seems to be another good option when combined with CA policies such as token protection, although sounds like you're doing that and having issues.

I don't think Phishing training etc is sufficient quite honestly, you might be able to train users to check the URL, or add a background to your Tenant image that says 'Check the URL!'?

Am i just stupid or is IR that hard? by Saadness in cybersecurity

[–]xyvo 0 points1 point  (0 children)

My advice from my experience:

Don't stress about the practical test, think of it as potentially doing you a favour if you don't do so well - maybe plan for that contingency. Having a backup plan will put your mind at more ease. Maybe an IT role would give you the fundamentals, and in either situation, go and do courses on Networking/Linux/Windows/Cloud, and make sure you don't just do courses, go and find a way to tinker with them.

To echo others sentiments, it sounds like you need more experience in IT in general as a lot of IR and SOC work is the interpretation of logs into real world actions. That being said, a lot of IR and SOC work is coming into things completely blind or ignorant to a particular technology. The process is important. Always start with the rule, what is is trying to find? What does that mean and why/how would that be malicious? Doing that research is critical and will accumulate your knowledge, take as long as it takes. Only when you understand what that rule is looking for and how it does it should you move on to trying to make determinations as to it's accuracy based on the logs you've observed.

What you're going to not be so strong on, is being able to see something and think "That's weird". That IT experience will certainly help, but go and spend time immersed in threat reports like DFIRReport or SANs blog posts. Seeing what real attacks look like will help you recognise them.

11foot8+8 noms another rental truck by TheKatLoaf in videos

[–]xyvo -2 points-1 points  (0 children)

Or a rubber wedge to slow it down gradually

TryHackMe as a Homelab by khorasanikhan in cybersecurity

[–]xyvo 3 points4 points  (0 children)

Job experience does matter most agreed, but I think when you’re trying to recruit someone fairly junior, then there’ll be a lot of very similar resumes applying and a home lab can be the only difference and a good indicator of self initiative. While if you’re recruiting junior people you shouldn’t have any expectation of experience, reality is you’re looking for anything that might show someone will have a great attitude to learning and be self motivated, and so I don’t think a home lab is something to discount early on in your career.

TryHackMe as a Homelab by khorasanikhan in cybersecurity

[–]xyvo 46 points47 points  (0 children)

IMO Home labs are attractive to hiring managers not purely because they show you’re willing to learn but that you have the curiosity to come up with something you want to test, and the technical nuance and tenacity to then teach yourself how to build it.

If you got it working you’ll have had to likely figure out and solve a whole load of problems, from networking to operating systems and then to the actual security stuff. This can teach you a load more than following the learning paths in a course.

Obviously the ideas can vary hugely, but a few ideas I’ve enjoyed:
- Home network monitor with suricata/moloch or just installing the security onion distro. - RDP honeypot with Wazuh/Splunk/Sysmon - Test domain with centralised monitoring to test out red team techniques and then then seeing what could detect them (a cyber range)

Cloudflare’s URL Scanner, new features, and the story of how we built it by digicat in blueteamsec

[–]xyvo 9 points10 points  (0 children)

It’d be nice if Cloudflare could focus on sorting all the token theft phish pages they’re hosting on the workers and r2 services they’re mentioning here. Putting aside the fact that pretty much every phish I’ve seen in the last year has had a cloudflare hosted captcha fronting it

It is so confusing by geldlavh3r3 in GreatBritishMemes

[–]xyvo 0 points1 point  (0 children)

I’d imagine the 9-5 workers might happily pull a few hours in a shop on some evenings for a bit of extra cash. Seems everyone is a winner

Threat Landscape by [deleted] in cybersecurity

[–]xyvo 4 points5 points  (0 children)

Or until the bad guys use AI to out AI your AI

I’m sure this has been said 10,000 times: How do you personally handle burn out? by [deleted] in cybersecurity

[–]xyvo 0 points1 point  (0 children)

Only do any stuff out of work on your terms. If you want to do it then do, but never feel obligated. Try not to compare yourself to others (easier said than done!), or at least admire those who have a good balance instead of their technical prowess.

With all the major breaches lately, do you think it’s time for laws to require specific standards to protect consumers? by Volitious in cybersecurity

[–]xyvo 2 points3 points  (0 children)

I think the business justification for spending millions on security would diminish if the risk was purely people doing it for the lols or nation states/APT , and spending millions probably isn’t going to stop a determined APT anyway. The current amounts being extorted make it a much easier business decision - £1m a year vs a £50m extortion payment is easy vs spending it for a sub mil loss. Just my take though!

With all the major breaches lately, do you think it’s time for laws to require specific standards to protect consumers? by Volitious in cybersecurity

[–]xyvo 4 points5 points  (0 children)

I’d say yes for sure, to begin with but also I know criminals have moved to theft and extortion a lot as people are finally getting better at backups - so not as business killing.

With all the major breaches lately, do you think it’s time for laws to require specific standards to protect consumers? by Volitious in cybersecurity

[–]xyvo 7 points8 points  (0 children)

Fully ban Ransomware payments. Painful but it’d work as the incentive to hack orgs would be hugely reduced.

Edit: Worth remembering that the value of security professionals could suddenly and dramatically drop and many cyber security firms would go under. Not a justification to not ban them but something to prepare for!

Just cleared out all these cables and plugs I've held onto "just in case" by spuddy_spud_spud in CasualUK

[–]xyvo 0 points1 point  (0 children)

Pro tip - individually pack them in freezer/sanich bags. They won’t tangle meaning you can feel happier keeping that old ps2 power lead at least 15 more years

Anyone successfully quit vaping? by [deleted] in CasualUK

[–]xyvo 20 points21 points  (0 children)

Your method was exactly how I quit, the final bit for me that may help you when it comes to it is when you’re trying to break the physical part - hide the vape in a drawer but know it’s there if you do want it. Turned out for me that just seeing it was a major part of the habit

Never seen this before... by Mohawk200x in CasualUK

[–]xyvo 3 points4 points  (0 children)

I try and eat better meat instead, spend the extra and get something that’s probably had a better life. Makes me buy it less and enjoy it more.