stevedidwhat_infosec

@stevedidwhat_infosec@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Mentorship Monday - Discussions for career and learning!⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Forgot to mention the NIST Framework, oy vey. This one is pretty good and is an excellent resource, albeit rather scary lookin’ on the cover. Very good resource, and will definitely net you some cred in your org.
⁨Comment⁩ on ⁨Mentorship Monday - Discussions for career and learning!⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
You’re in luck! Cybersec people, for the most part, love sharing what they know/have done with each other. Many believe in freedom of information and find value in open collaboration. We just wanna show you the whacky thing we did with what we had.

The biggest resource I’ll share with you is membership with ISAAC. Find whatever category you fit into here and push to get your org membership, if you don’t already. This puts you into a huge working group with your industries’ peers and they will have all sorts of resources for you to use including discussions, meetings with pros, etc.

There’s also SANS who has some free stuff (check their Reading Room) but also has classes (paid, expensive, but veeery worth it imo, again if you can get buy-in)

Outside of the paid membership options, there’s still a lot of good options:
- MISP is a great threat intel sharing platform, but will require some setup as a product (free && opensource). Take this one slow, you don’t want data leakage. Start small and locked down, gradually open up as you gain buy-in/trust/confidence.
- Cybrary IT is a free+paid learning platform, good stuff here - lots of diversity including business stuff
- OWASP - more so for web-app security, still good knowledge to add to that toolbox
- OpenSecurityTraining - heard some good things about this site, I think you may enjoy it - I have not used it myself, but please let me know if you have any problems/reasons you don’t like it.
Then there’s always the classic CTF/Hack Challenges websites out there which let you get real experience with red-teaming/bolstering your knowledge of attacker TTPs (Techniques, Tactics, Procedures):
- HackTheBox - challenges for practicing your skills. No hand-holding, just a sandbox for you to play in. They have academy offerings (paid, and a new service, recommend skipping unless you can get buy in from the company/have a team who would benefit from a bulk-license purchase), regular free boxes to challenge yourself with, etc
-TryHackMe - this one is also CTFs but its more so lesson based/training stuff
- Heard good things about (KC7)[kc7cyber.com] as well, seems to be more threat hunting/blue team focused (blue team = defend, red team = attack)
- (Lets Defend)[www.letsdefend.io] - Free + paid options, more blue team stuff, great for SOCs which may or may not hit your mark.
Hope this helps you out, biggest thing is getting integrated with the community, reading the news (religiously), and managing burn out. Security is an uphill battle, but we roll this boulder for others who cannot. Respect your body and take care of your mental, or you will burn out and scar yourself. LMK if you need anything!
⁨Comment⁩ on ⁨Off-Topic Friday (experimental)⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
I think so too tbh, kinda seems like the course for any new technology tbh. Implementations come and go as we refine the tech itself - not sure if you’ve read it before but “How We Got To Now” was a pretty good read. Talks about tech in general all the way from the inventions of glass to modern tech and discusses the social reception along the way. Think they made a tv show about it too IIRC
⁨Comment⁩ on ⁨Off-Topic Friday (experimental)⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Interesting take - you mention AI pretty broadly here, is there a specific sector/use-case you have in mind specifically? Or do you truly mean the technology itself?
⁨Comment⁩ on ⁨Off-Topic Friday (experimental)⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Been playing around with Image generation for a little while now - so much fun. I’d never want to monetize off my work, mainly because I know that a lot of the image training is stolen (specific verbiage ‘stolen’ is my opinion, not legal damnation)

With that being said, does anyone know of any specific projects/models which are solely trained on consensual training/sharing? I know if my own artistic abilities were better, I’d want to share with the community and would have interest in training my own models to generate new, creative stuff with my unique stroke added.
⁨Comment⁩ on ⁨Request: Guidance from Staff+ Security Engineers⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
<3 Threat Modeling <3
⁨Comment⁩ on ⁨Request: Guidance from Staff+ Security Engineers⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
I’m an InfoSec guy (cybersec, intel, risk)

The biggest thing I attribute to my various success are mostly personal growth. You can learn everything in the world about technicality, but it means squat if you can’t get buy in, don’t have trust, etc. As much as we hate to see it, silos are still very real and InfoSec can be hard to communicate sometimes. I look at it like this: most departments can hang up their jackets at the end of the day and say “im done working” and not have to worry about it from there. With security, it’s constant and affects pretty much every aspect of your life. Information/strats/etc are changing constantly, by the hour and that means we have to take a different approach to things.

However, for the purposes of this discussion, I’d have to say OSINT frameworks and being one with the intel community are huge. You can learn a lot from peoples failures, success, and what threat actors/hacktivists/etc are doing. MISP is pretty cool, but it can be a bit unwieldy to the uninitiated. My recommendation would be to lock it down as much as you can off the bat, run it in a vm, and learn the inter-workings from youtube and their documentation/other sec. companies documentation until you feel more comfortable. I’d also recommend going to some conferences, competing in some ctfs, etc to not only network, but to also work on skills and learn from others and their techniques/paths/routes.

Automation and scripting are also huge, of course. Learn Python (I can’t stress how much I fucking love python and it’s syntax - genuinely enjoyable to use for 99% of your ‘I need a thing that does this for me quick’), JavaScript (I know, I know, but the bad guys loooooove obfuscating JS - like it or not, these be yo’ vegetables. The faster you eat your vegetables, the faster you get to desert.), etc.

There’s always certs too - I have mixed feelings about them, but I would recommend only going for certs you know are in high demand in your area. So many people shell out hundreds of bucks for what are essentially paperweights. I think Thor (youtube shorts guy aka piratesoftware) mentioned something about only going for keys that you know will unlock doors you want to open.

Don’t feel like you have to everything at once either. Cybersec is fucking massive, and there are maaaaany facets for you to get snuggy inside. Pick whats interesting, and run it into the ground. Don’t stop until you get bored. When you’re bored, pivot into other areas that may now be more interesting to you.

Which brings me to Cryptography. This is huge today, and it will become more important as we progress towards commercialization of quantum computers. This area is a bit book heavy, because its an intricate process, but push through it. Embrace the Chaos Theory! If math isn’t your thing, thats okay too. Like I said, there’s a lot of other areas you can become an expert/advanced in.

As I also mentioned, networking and being social with the Cybersec/IT community is huge. Back in the day, hackin was about fuckin around with what you had and doing whacky stuff to show your buddies. Share with each other, be kind to each other, never stop learning and let those creative juices fly. Find what inspires you and love the fuck out of it.

Hope this helps anyone who’s interested. Might not be the best advice, but it’s what has worked for me. Looking forward to any conversation!
⁨Comment⁩ on ⁨Too soon?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
idk if you can call image generation derived from colored static based on preexisting statistically common knowledge/examples “planning” per se xD

Humans have come up with plenty worse, this is just more of the same at worst imo haha
⁨Comment⁩ on ⁨Too soon?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Factual haha. Tbf I’d be a bit disturbed if the AI was good at drawing dead bodies tho
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Reviewing docs/playbooks mostly. Trying to make sure I can pay whatever I can forward.
⁨Comment⁩ on ⁨Too soon?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
The double tails things is sometimes normal, but that missing end quote fs tho. Still, pretty good all things considered. Wonder what model was used
⁨Comment⁩ on ⁨Too soon?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
This is AI, right? Some much cursed shit when you zoom in lol
⁨Comment⁩ on ⁨Checkmate⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
(It was a joke)
⁨Comment⁩ on ⁨How Counterprotesters at U.C.L.A. Provoked Violence, Unchecked for Hours⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Violence and extremism are almost always a plot to ruin the optics of your movement.

Call these people out and separate them from you. They have been doing this shit for decades now.
⁨Comment⁩ on ⁨God help us.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Is it? I feel old if so. Sunshine was one of the best imo
⁨Comment⁩ on ⁨Anon revisits early youtube⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
ITT: anon realizes the world doesn’t stop changing for everyone, what once was will soon cease to be

You’ll be alright OP
⁨Comment⁩ on ⁨FreeBee: AT&T Unix PC emulator⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
You what?
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
How come? What didn’t you like about it?
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Have you fucked around with Rust yet? Supposedly its ‘better’ C/C++ - whatever that means lol. Tried it a bit myself but find it hard to stick with a lot of the heavy-hitter languages. I usually just use scripting languages like python or ruby to get what I need accomplished or just to solve a quick problem. Pretty rare that I need a whole ass Object-Oriented lang but definitely see the value in the career world. I sorta wonder if Java will be the new Fortran
⁨Comment⁩ on ⁨What are You Working on Wednesday⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Little, personal wins are still wins! Glad to hear you’ve accomplished what you set out to do <3

Whats your go to language?
⁨Comment⁩ on ⁨Boredom births creativity⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I think organization of intel is always a good idea - wasn’t aware of this “area” per se tho! Thank you for sharing
⁨Comment⁩ on ⁨Boredom births creativity⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
You guys have rules for when the govt targets you for intelligence?

\meme
⁨Comment⁩ on ⁨A Konami code variant in Castlevania has been discovered after a quarter of a century⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
C-up x4 C-down x 4 C-left x 2 C-right x 2 C-left x 2 C-right x2 N64 pad’s L+R shoulder + Z-trigger
⁨Comment⁩ on ⁨Amazon's Fallout TV Series Renewed For Season 2⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
PICNIC
⁨Comment⁩ on ⁨Amazon's Fallout TV Series Renewed For Season 2⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
There were some plot points in the very beginning I questioned (the hostage scene didn’t quite make sense. Overall I still really enjoyed the plot, the rising action was alright

When alls said and done, this was a good Prime original. It ain’t HBO, it ain’t Sundance, but for prime originals? Pretty good imo
⁨Comment⁩ on ⁨Former Blizzard boss reckons you should be able to tip developers 'another $10 or $20' on top of $70 games⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Like I’d take advice from a company known for their sexual harassment problems lmao
⁨Comment⁩ on ⁨XZ backdoor story – Initial analysis⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Just imagine this could’ve been another solarwinds attack.

I’m really interested to see any and all threat correlations behind this. Was it a failed nation state attack? What, and by extension who, were they targeting, etc.

The choice to specifically target Fedora and Debian is interesting, but maybe it was purely due to user base size and maybe not something more specific than that
⁨Comment⁩ on ⁨The start to a trusting, supportive relationship...⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
It’s probably not that deep fam 😂

everybody works at different “depths” don’t forget
⁨Comment⁩ on ⁨Please hold⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Bro this is so extra, you KNOW this place is a toxic shit hole if dude went to protest with a whole ass electric griddle lmao
⁨Comment⁩ on ⁨don't tell iceland⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Honestly makes sense

Looking at a dolphins brain is enough to convince me they’ve known what’s up for far longer than we have