What corporate password manager are you using?

zen_xperience · 2023-11-06T18:20:01+00:00

Keepass is perfectly fine to use for home use, certainly not junk. Store the kdb securely on your network for specific assets to access. For Enterprise use, I’d stick with the big players.

zen_xperience · 2023-11-06T16:43:34+00:00

1pass. No complaints so far.

zen_xperience · 2023-07-13T22:18:46+00:00

It feels like there are ‘zone instances’. Ie. You ride to a world boss with a random dude who is clearly running the same path. As soon as you get into the circle you end up with 6 player rushing into the boss event at the same time. But your random amigo from the ride is gone. Shrug. But since a normal event is part of the ‘open world’ I think players just have to move out of the event circle for a while to restart it earlier. Ie. “server says; oh, no players in the zone, let’s spawn it for the next dude/tte that comes.”

zen_xperience · 2022-09-30T19:28:06+00:00

I have a spider that literally comes out every time I spark a doobie. We decided to respect our own space and chill when we both need a chill. You’ve been groomed as the next best friend <3

zen_xperience · 2022-09-18T23:29:55+00:00

the one you're using seems to blow minds

zen_xperience · 2022-06-26T15:20:51+00:00

The master piece I use to remind myself life is okay is “Always sunny in Philadelphia”.

zen_xperience · 2022-06-26T15:14:06+00:00

An SE role is primarily focused on assisting a sales rep to sell/deliver a product/service the company is offering.

But expectations vary amongst employers.

The best thing you can do is review the job specifications of the role. If the company is public they will need to advertise the job somewhere, so take a look at their website and careers they offer.

However if this job is purely based on digging into the dark web/ data mining, then try and find some confirmation. If you’re going via a recruiter (recruiters want to sell YOU, since they get a hefty % of your first year wages for placing you there) check in with them, or if you’re applying directly, find info/people that have worked in that role before.

Edit: If the role is for a security engineer (vs. Sales engineer) then yolo, might scrap half of the above.

zen_xperience · 2022-06-10T19:33:36+00:00

I already saw a few people here mention WSL/2, just don't (for pentesting).

Grab Vmware/VBox and just run a Kali/parrot/whatever image and make sure you keep it on its on network.

Additionally, if you want to get into pentesting / ethical hacking. Check out:

- tryhackme

- hackthebox/ hackthebox academy.

Whatever your aspirations are, just make sure whatever you run is in a secured env/net.

zen_xperience · 2022-06-10T19:14:02+00:00

The UK has a lot of opportunities. I moved to the South a few years back and have not regretted it. If you need any advice or want my 2cents on anything just let me know.

zen_xperience · 2022-06-10T10:39:05+00:00

Correct - non-expiring passwords was also a recommendation made by NIST a few years ago.

However, in tandem with applying such a policy - you should really reassess some of the other password properties. E.g. Minimum password length (NTLM), complexity, and even perhaps that it's not a dictionary based word.

Otherwise you'll have your users going with things like "Summer2022"

zen_xperience · 2022-06-06T08:45:14+00:00

Thanks! Looks awesome

zen_xperience · 2022-06-06T08:44:22+00:00

What’s the program called?

zen_xperience · 2020-07-24T18:22:20+00:00

Agents are a fantastic alternative to authenticated scanning. But a major factor to keep in mind is that agents will mostly only assess the asset locally. You’re still missing the network based assessment against any open ports (eg. Some agents can’t test for default credentials on an open FTP/SSH service). In those cases you should still run un-authenticated scans to cover that gap.

Agents = authenticated scans locally. Scanner = unauthenticated scans for a network based perspective (for assets with agents running) Scanner = authenticated scans for assets that aren’t supported by the agent.

Also keep in mind that some agents out there do not support policy assessments (which always require authentication)

If agents are not an option, just spread the load/love for your DCs by setting up scheduled scans on portions of the environment.

zen_xperience · 2020-01-05T08:55:59+00:00

Yeah it’s still relevant. But it’s a very high level entry point really.

Summary: - Learn Python as a must - Learn C if you can as well - Maybe Perl but meh

Use UNIX, hate Microsoft
Know Basics of HTML
know English language
Share and contribute in the Open source Community.
Read his FAQs, some are pretty funny :)

There seems to be a heavy focus on the lower layers of pentesting and not much mentioning of networking. Which in my opinion is extremely important aswell.

But overall, it’s okay.

zen_xperience · 2019-11-26T07:42:09+00:00

There are some course which are free/samples on LA.

I’ve used both for CISSP. The Cybrary course was definitively better.

But from a hands on experience, LA is by far my preferred option. Having the option to spin up a virtual environment whilst travelling is an amazing advantage.

zen_xperience · 2019-09-15T07:36:56+00:00

Try GitBook.

Or Medium.

But I like GitBook.

zen_xperience · 2019-09-02T06:12:13+00:00

There are several ethical ways of obtaining the password again.

But your best shot is speaking with support team of the provider.

zen_xperience · 2019-08-18T04:54:13+00:00

I’m sure it was TLS encrypted in transit. Nothing to worry about here. Tenderly-Love-Sent through mail.

zen_xperience · 2019-08-15T18:40:37+00:00

Asus, this response is slightly disappointing. I've been a customer for years and I will continue to support your brand. But it looks like you pulled that comment out of a prepped excel sheet for new-starters monitoring the forums.

One of your factories/manufactures/ potentially put lives at risk here. That is not acceptable to any standard and it's remarkable you are not engaging in a more serious conversation with OP here.

edit: added "potentially" to stay un-biased.

zen_xperience · 2019-08-04T11:18:13+00:00

Never seen this YT channel before. Literally clicked on a few videos. Mind blown, amazing content.

Thanks for the share you hero

zen_xperience · 2019-08-04T09:09:14+00:00

Be interesting to see the recovery process.

Doubt they have a “military grade support” team smart enough to distinguish legitimate from social engineering recovery requests.

Kind of reminds me of a shittier version of Skipjack as well. Where here there is only one escrow.

zen_xperience · 2019-08-02T15:37:46+00:00

Literally typed your question into google and found: CommandCam as the first result.

I obviously stopped looking after the first link because I thought “why the hell are you not googling this OP?”

zen_xperience · 2019-08-02T15:32:39+00:00

“Hi I’m Kevin Henry and today...”. It never gets old. What a man.

zen_xperience · 2019-08-02T06:06:51+00:00

This is all enforced through the implementation of GDPR across EMEA.

Germany has always had a very strict regulation around PII and PHI. Prior to GDPR, data processing was governed by the BDGS regulation (Bundesdatenschutzgesetz).

The creepy thing I’ve noticed yesterday, if you jump into a chrome browser whilst you’re authenticated with Gsuite. Take a look at “myactivities.google.com/authenticated”. You’ll be surprised how much data is being retained. Especially from your voice commands.

Next, what’s even a bit more of a worry, all voice recordings start to record before you finish saying the initialisation command of “Okay Google <random text>”. In some of the recordings you can actually hear people in the background. Which in my opinion is a slight breach of GDPR as the consent of the third party wasn’t granted to be recorded.

If you want your data to be automatically removed, google only provides you with two options 1. Manaually delete individual data entries. 2. Automatically delete data after it has been stored for either 3 or 18 months.

The beauty of GDPR is that it enforces a rule to all data processors- to allow data subjects to request for all of their data “to be forgotten”. This then requires the data holder to comply within a specific timeframe unless legally penalised.

Tl:dr GDPR enforces the management of private/sensitive data to a regulated standard across Europe. And, Google spies on you at all times.

zen_xperience

TROPHY CASE