cybersecurity

The original post: /r/cybersecurity by /u/Main-Security-8289 on 2024-11-04 12:37:17.

For those familiar with Wiz’s DSPM capabilities - is Wiz’s DSPM strong enough to replace a dedicated DSPM solution, or does it fall short on deeper data security needs? Wiz nails it with CSPM, but DSPM requires real depth, like shadow data discovery, access monitoring, and complex data governance.

Would love to hear from anyone who’s compared it to dedicated DSPM tools.

The original post: /r/cybersecurity by /u/Conscious-Wedding172 on 2024-11-04 11:46:13.

Hi all. Does anyone have any experience in Oracle cloud server pentesting? I am completely new to this, so would like to know from someone who has done it before. Thanks

The original post: /r/cybersecurity by /u/JCTopping on 2024-11-04 11:31:06.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-04 11:24:52.

The original post: /r/cybersecurity by /u/spontaneousg on 2024-11-04 10:35:13.

Hi all

My company have tasked our team with finding a solution to lockdown Chrome Extensions.

They have requested us to block all extensions but create a whitelist for the extensions that will eventually be approved.

Does anyone have any tips or experience in this that they could share?

We are an enterprise company of 10000+!

The original post: /r/cybersecurity by /u/More_Friend1369 on 2024-11-04 10:34:08.

Hello,

I've been monitoring the DDosi target list for a while using the lists posted here: https://witha.name/. Unfortunately, they've recently implemented authorization. Do you know who I need to contact to get access?

Regards!

The original post: /r/cybersecurity by /u/escalibur on 2024-11-04 10:04:22.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-04 08:47:25.

The original post: /r/cybersecurity by /u/Kasual__ on 2024-11-04 01:39:09.

Candidates are constantly looking for ways to stand out from the crowd.

Understanding if 300 candidates linked their personal career website to their resume, that would add a considerable amount of time to the hiring process. But are website hosting resources like hostinger a turn off? What about a lay out of projects showcased on github or a similar platform.

To be clear I mean if a candidate has a link on their resume directing to a personally crafted website that shows their projects and maybe goes more in depth on their experience.

The original post: /r/cybersecurity by /u/Oscar_Geare on 2024-11-04 00:22:08.

As the US election approaches, we’re implementing a Zero Tolerance Policy for political discussions. This subreddit is dedicated to technical topics, and we intend to keep it that way.

Posts or comments discussing the technical aspects of breaches, hacking claims, or other cybersecurity topics related to the election are welcome. However, any commentary on the merits or failures of any candidate or party will be immediately removed, and participants involved will be temporarily banned.

Help us keep this space technical! If you see any posts or comments veering into political territory, please report them so we can take prompt action.

Let’s keep the discussion focused and respectful. Thank you for your cooperation.

The original post: /r/cybersecurity by /u/AutoModerator on 2024-11-04 00:00:11.

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!

Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future.

The original post: /r/cybersecurity by /u/checkthatcloud on 2024-11-03 22:59:07.

How did you figure out the area of cybersecurity that you wanted to work in, or ended up working in?

I ask as a SOC analyst currently trying to figure this out for myself, and trying to decide whether I want to pivot into a different field altogether (rather burnt out).

The original post: /r/cybersecurity by /u/Sudden_Excitement424 on 2024-11-03 22:01:01.

The original post: /r/cybersecurity by /u/ShadowSlayer1441 on 2024-11-03 21:46:51.

Unfortunately Microsoft Defender Application Guard is depreciated and will be removed at some point in the future. Even worse, I have been unable to find any guide for other forms of lightweight virtualized fully local browsing. With research I was able to find out how to do this, so I am creating this post to help others like me.

Step 1) Install docker

https://docs.docker.com/engine/install/

Step 2) install these docker containers with the following commands in your CLI:

docker run --detach --name watchtower --volume /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower //keeps firefox container up to date

docker run --name Firefox -p 127.0.0.1:8080:5800 -e DARK_MODE=1 -e WEB_AUTHENTICATION=1 -e SECURE_CONNECTION=1 -e WEB_AUTHENTICATION_USERNAME=CHOSE -e WEB_AUTHENTICATION_PASSWORD=PASSWORD jlesage/firefox

When you do this, replace CHOSE and PASSWORD with your own choices, which are just used to locally encrypt the connection between your browser and the container.

Step 3) Start the container:

docker start Firefox

Note you'll need to do this after a reboot, shutdown, logout etc.

Step 4) Accessing the GUI:

Open your web browser of choice and open https://127.0.0.1:8080/#, consider making it a bookmark. Note that it will warn you unless you add jlesage as a trusted authority, just go to advanced and connect anyway.

Step 5) Optional:

Login in with a firefox account to ensure your bookmarks, history, etc persist after watchtower reinstalls the docker container. Note you'll need to relogin every time watchtower update your firefox container.

Enjoy!

Tips

Use password manager client on host PC, NOT an extension inside the client or firefox's built in password manager. Otherwise in theory you could expose all of your credentials if the container is compromised.

If you believe your container is compromised just delete it (docker rm Firefox), and create it with the command above with your chosen password and username embedded.

Click the three dots on the left to configure the container internally and access the container clipboard.

Note: this is not like a VPN, you are still accessing the internet via your host machine.

The original post: /r/cybersecurity by /u/Snoo51352 on 2024-11-03 21:23:35.

Hi everyone,

I'm a seasoned cybersecurity professional with over 10 years of experience, specializing in security architecture for the last 3 years. I'm passionate about protecting businesses from cyber threats and have a dream of establishing my own consultancy firm.

To achieve this goal, I'm seeking guidance on:

1. Client Acquisition: Where can I identify potential clients, particularly in the charity sector? Are there specific platforms, networks, or organizations I should target?
2. Mentorship: I'm looking for a mentor with extensive experience in cybersecurity consulting. Would anyone be willing to share their knowledge and insights?

If you're a cybersecurity expert, a business owner in need of security solutions, or simply interested in helping a fellow professional, please reach out. I'm eager to connect with like-minded individuals and learn from your experiences.

The original post: /r/cybersecurity by /u/imaxxxs on 2024-11-03 20:52:42.

The original post: /r/cybersecurity by /u/gl4ssm1nd on 2024-11-03 20:23:45.

Looking for a copy of the video itself, unedited and without analysis, to show to class. Using it in a lesson on Integrity in the CIA Triad. Any leads on the video or files of the video itself would be appreciated!

The original post: /r/cybersecurity by /u/rpo5015 on 2024-11-03 19:52:18.

Just saw this one this morning — oof

TLDR; if your username is over 52 chars you could reuse the stored cache key without providing a password

https://www.forbes.com/sites/daveywinder/2024/11/02/username-over-52-characters-no-password-required-says-okta/

The original post: /r/cybersecurity by /u/Anubisgods on 2024-11-03 19:47:40.

Hello, it is a pleasure to greet you

I am preparing documentation related to ISO/IEC 27001 and ISMS.

And I have some doubts regarding the audit program, I have doubts as to how it should be structured, what should be audited and how I should divide the classification of these audits.

For example:

Should it directly avoid IT related departments or or should the scope of the audit program inhabit each of the departments of the organization?

What types of audits should you perform

If any professional related to ISO/IEC 27001 auditing or information security risk management could help me I would be very grateful.

Thank you

The original post: /r/cybersecurity by /u/KeitrenGraves on 2024-10-13 16:46:39.

I have been thinking about going for my CCNA as I don't think any networking knowledge would hurt but I am wondering if it is even worth it. As a background I currently have my A+, Network+, Google Cybersecurity Cert, AWS Certified Cloud Practitioner, and was going to Security+ before thinking about doing CCNA. So I was just wondering if skipping out on CCNA would hurt me or help in the long run.

The original post: /r/cybersecurity by /u/NISMO1968 on 2024-10-13 16:06:18.

The original post: /r/cybersecurity by /u/sasko12 on 2024-10-13 15:04:53.

The original post: /r/cybersecurity by /u/petitlita on 2024-10-13 12:32:09.

It's far too easy for an attacker to control practically every level of an LLM - the dataset, model, all parts of the prompt, and as a result, the output. Like there's attacks on agentic models that are basically as easy as phishing but can get you RCE. The fact is that responses by nature have to leak some information about the model, which can be used to find a sequence of tokens that gets a desired response. It's probably unrealistic to assume we can actually prevent someone from forcing an AI to act outside of its guardrails. Why are we treating them as trusted and hoping they will secure themselves?

The original post: /r/cybersecurity by /u/TheMuffinTops on 2024-10-13 11:49:13.

Howdy!

I'm planning to deploy openCTI for brand protection which will monitor domains, fake websites and social media impersonation instead of zerofox/recorded future. What do you think? if so, what connectors should i explore?

Thank you.

edit: typo

The original post: /r/cybersecurity by /u/KeyCommittee97 on 2024-10-13 11:01:59.

I just downloaded metasploitable 2 from https://sourceforge.net/ . I just extract it and all i can see is vmdk - with the TYPE Progold_VirtualBox.Shell.vmdk I was expecting vmdk - with TYPE Virtual Machine Disk Format. Can anyone please help?