Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why

Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why

Our organization currently uses CrowdStrike as our primary EDR tool and has Microsoft Defender disabled. We'll be obtaining a Microsoft E5 license and plan to use Defender Endpoint DLP together with CrowdStrike. CrowdStrike will still be our main AV/EDR for all endpoints. I'm curious if anyone here is running both Microsoft Defender for DLP purposes and CrowdStrike. Are there any known conflicts, performance issues, or other concerns we should be aware of? Thanks in advance! submitted by /u/callme_e [link] [comments]

Three years ago I was a high school English teacher. Today, I'm a cybersecurity engineer. This is how I did it (and what mistakes to avoid). Shameless plug (My video series: https://www.youtube.com/@Kyle.Marvin/) Cybersecurity Overview Three questions to start us off: 1. What is Information Technology and what other IT jobs besides security pay well? What is cybersecurity and what your job duties would be? And what is this about red/blue/purple teams that make up IT Security? Main IT Domains 1. Networking. Network engineers design, implement, and manage network infrastructure, such as routers, switches, and firewalls. 2. Cloud. Cloud engineers do the same, but with cloud-based infrastructure and services. System Administration. System administrators handle user account management, data backups, and system updates. 4. Help Desk. Help Desk technicians serve as the first point of contact for users seeking assistance. Cybersecurity Analyst / Engineer Job duties: Investigating security alerts, such as potential malware on a machine 2. Reviewing emails for indicators such as malicious links or attachments 3. DNS Filtering so that if a user does click a link, it doesn’t have a malicious effect 4. Conducting vulnerability assessments to find weaknesses in our infrastructure 5. Developing security policies, like Acceptable Use documents 6. Implementing security controls like MFA and EDR Incident response during a data breach 8. Training users to have a security mindset Audit for compliance to industry regulations such as HIPAA and PCI DSS 10. Identity Protection to ensure only authorized users gain access to company resources Red vs. Blue vs. Purple Blue Team: Their job is to set up a company’s defenses. Like mentioned earlier: they do email security, endpoint protection, DNS filtering, and respond to alerts. Their job is to try and keep all the bad actors out. Red Team: These folks get paid to be “ethical” or “white hat” hackers. Yes - companies pay people to try and break through the blue team’s defenses. They may use social engineering (the act of manipulating people) or they may use technical skills, such as finding exploits and vulnerabilities in defenses. Purple Team: Sometimes, the red and blue teams come together for military style exercises where the red team tries to break into something and the blue team defends. These are called purple team exercises. A few companies will even have a dedicated role for purple teamers to manage these exercises. Why Choose Cybersecurity? 1. I work more with things now than I do with people. There are people-centered security positions, but there are also positions that focus on (non-coding) tech skills. 2. Median pay is $120,000 a year Information Security Analysts : Occupational Outlook Handbook: : U.S. Bureau of Labor Statistics (bls.gov) 3. Job growth of 32% into 2032 Cybersecurity Salary Guide: How Much Can You Earn? – Forbes Advisor 4. Cybercrime is MASSIVELY profitable. Companies need digital police. They need YOU. 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics (cybersecurityventures.com) 5. Make a positive impact on the world by thwarting cybercrime. Security (and IT) Certifications Certification: CompTIA A+ Why: It helped me get interviews and ultimately land an entry-level IT role. Who’s it for: Folks with no background in tech looking to break into the industry. Certification: CompTIA Network+ Why: You may need more than A+ on your resume to land a job. Also, you NEED to know how networking works. Who’s it for: Folks with no background in tech looking to break into the industry. If you already have an IT job, skip the test, but study the material! (CCNA is a good alternative IF you want to do network security). Certification: CompTIA Security+ Why: Allows you to apply for secret and top secret security positions (DoD certified). Gives a good theoretical understanding of security. Who’s it for: Folks with tech background looking to break into cybersecurity. Then I would get one of the following: Certification: BTL1 Blue Team Level 1 Certification » Security Blue Team Why: Good entry-level certification to build hands-on defensive skills Certification: eJPT eJPT Certification - INE Security Why: Good entry-level certification to build hands-on offensive skills Certification: PNPT Practical Network Penetration Tester (PNPT) - TCM Security (tcm-sec.com) Why: Good entry-level certification to build hands-on offensive skills Honorable Mentions Google IT Support Professional Google IT Support Professional Certificate | Coursera Google Cybersecurity Professional Google Cybersecurity Professional Certificate | Coursera Why Honorable only? They did not help me land a job, but have excellent content. CompTIA moved the needle for me in terms of interviews of job offers. Security Projects Email Security Buy a domain and get yourself a personalized email address. Configure the DNS records (SPF, DMARC) to ensure it’s secure. You can add this address to your resume and highlight it as a skill you now have experience with! SO many companies do not have DMARC setup correctly and this is a HIGH demand skill. Email is the number 1 path for threat actors to compromise accounts. Knowing how to secure email is a must. Antivirus Find and install a free antivirus program, such as MalwareBytes on virtual machine. Look through all the configurations and see what changes you can make. While on the virtual machine, download Potentially Unwanted Programs (PUPs) and see how the AV reacts. Try downloading EICAR (European Institute for Computer Anti-Virus Research) and testing with that. See if you can block files by hash. If you can, create a .exe file with some code from ChatGPT (maybe a PowerShell script that grabs system info and writes it to a .txt file), grab its hash, block it in the AV by adding the hash, then try to execute the file. Security Awareness Training Go through your personal email, hit your spam/junk folder, and you won’t have to dig long. Find out how to determine what malicious indicators are, and then create thorough walk-throughs on a few emails, highlighting what evidence you found, and how that evidence led to your conclusion. Post these on Medium for visibility. Create a mini-course on educating users to not click on links, input their credentials, download files, verify if an email is from a trusted sender, etc. You can take this to the next level by automating portions of this process: have a python script scan the headers, pull just the info you require, and then utilize APIs to analyze that data. Network Security pfSense is an open source firewall that you can setup in your home environment. OR if you have a spare Raspberry PI, then setup OpenWRT. Either are great options. If you are not an active administrator of your home network, now is the time to start! Learning to secure your home environment will go a long way to securing an enterprise environment. Frankly you can just start off with the gear you have and see what options you can enable to increase security. DNS Filtering You can set up OpenDNS for 20$ a year or free! Download, install, setup, and test. Can you get to websites you shouldn’t? What can you block? What should you block? What should an organization block to increase productivity and security? Up your DNS filtering game by setting up multiple profiles that allow certain users access to some sites that others don’t have access to. For instance, allow Facebook for someone and block it for another user. Document this process! Create a write-up or video or podcast. Post it online and share it with the community. Password manager Managing passwords is a pain. Do you know how many accounts you have? do you know if any have been compromised? So many folks use multiple open-source PWMs, such as chrome, firefox, edge…and more. Consolidate your passwords into a single location, update them to be secure, delete old/unnecessary accounts, enable MFA where you can. Do you already pay for Nord VPN? Well they include a PWM. Or there’s a ton of options out there that are really affordable. Do some research: should you use a cloud PWM? Or should you setup an on-prem Raspberry PI PWM? Find the option that suits your needs and get it going! Bonus Projects 1. Eric Capuano wrote a 4-part blog series that details how to set up a homelab SOC Analyst style. https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro 2. Reverse Malware Analysis by TCM Security https://academy.tcm-sec.com/ Wargames Capture-the-Flag (CTF) events are cybersecurity competitions designed to test participants' skills in various aspects of information security. They involve solving a series of challenges that simulate real-world security scenarios. Participants are often organized into teams and compete to uncover hidden flags or solve puzzles to score points. Six Reasons to Compete in a Wargame 1. CTF challenges cover a wide range of technical areas, including network security, cryptography, web security, reverse engineering, forensics, and more. 2. Participants must apply problem-solving techniques, analyze vulnerabilities, devise strategies, and explore different approaches to overcome obstacles. 3. Events often require participants to work together to solve challenges and maximize their score. The ability to work well in a team is highly valuable in real-world cybersecurity scenarios. 4. CTFs put participants under pressure to solve challenges within a limited timeframe, which helps develop time management skills, improve decision-making under pressure, and enhance your ability to prioritize tasks effectively. 5. Engaging in the CTF community allows participants to network, exchange knowledge, and build relationships that can be beneficial for career advancement and future collaborations. 6. Placing in the top 3 in a CTF is an accomplishment worth noting on your resume and demonstrates to employers that you have the previously mentioned skills. Types of Wargames Jeopardy In this type of CTF, teams are given a board that looks like jeopardy with certain categories, such as OSINT, PWN, Crypto, etc. and there are multiple tasks worth varying points, for instance, PWN for 500. Completing these tasks awards points to a team. Attack-Defense A “gameserver” is provided by the organizers and runs throughout the competition and periodically stores flags on your Vulnbox The Vulnbox is your running instance of the virtual machine given to you by the organizers. It runs all the services that the gameserver uses to store flags. Your job is to protect your flags by securing the services and ensure your VM is not exploitable (the Defense part of the game). The other teams all have their vulnboxes, and after about an hour, the network will open up so that the other teams can start exploiting (aka the Attack phase) your machine and find flags. Successfully stealing and submitting flags from the Vulnbox of other teams determines your attack score! Technical Preparation College Is college required? No. Does it help? Yes. I have a B.A. in English – not tech related at all and this was more than sufficient to get a job. Many of my coworkers do not have degrees at all. WGU has a popular program - Cybersecurity Courses Online – Bachelor’s Degree | WGU Bootcamps Required? No. Helpful? Maybe. Check out pay-what-you-can training from SANS instructors at Antisyphon https://www.antisyphontraining.com/ or Popular YouTuber and Security Engineer Josh Madakor also has a bootcamp. https://www.youtube.com/@JoshMadakor Technical Skills Development Defensive Skill Building 1. Blue Team Labs Online BTLO (blueteamlabs.online) Offensive Skill Building (ethical hacking, penetration testing, application security) 1. Hack the Box a. Academy (for beginners) Best Online Cybersecurity Courses & Certifications | HTB Academy (hackthebox.com) b. Labs (beginner to advanced) Hack The Box :: Login 2. TryHackMe TryHackMe | Cyber Security Training Podcasts Darknet Diaries – True stories from the dark side of the internet by Jack Rhysider (SO GOOD). Darknet Diaries – True stories from the dark side of the Internet. Daily Cyber Threat Brief - Do You Know How EPIC Simply Cyber Is? (Max Nitro Edition) (youtube.com) Books 1. Dark Territory: The Secret History of Cyber War by Fred Kaplan Dark Territory recounts the history of cyber warfare in the United States before the word “Cyber” was even coined. It covers a comprehensive understanding of how America began its cyber programs from the Cold War up through the Obama administration. It is less about specific cyber attacks or exploits, although it does cover many, and more about the history behind the CIA, NSA, FBI, and all the other alphabet soup of the American government. 2. You’ll See This Message When It’s Too Late by Josephine Wolff The first section recounts 3 major financially motivated cyber incidents: TXJ breach, South Carolina Department of Revenue (SCDOR) and the Zues botnet / Cryptolocker. You’ll get a good understanding of some defensive measures to thwart financial cyber crimes, along with a great history lesson. The second section deals with cyber-espionage: DigiNotar (a certificate authority), China’s PLA Unit 61398, and the breach to the US Office of Personnel Management (OPM). The defensive measures one might take to counteract these crimes has some overlap, but is interestingly more difficult to prevent. The third section highlights cyber acts of public humiliation: Spamhaus’ DDoS, Sony’s Breach (one of many), and the adulterous Ashley Madison website. These crimes are perhaps the most difficult to thwart and as the motivations and information required are different. The final section is something of a review. It focuses on potential solutions to issues, the underlying economic costs, and the legislative agenda tied to these issues. 3. Cybersecurity and Cyberwar by P.W. Singer & Allan Friedman The book delves into the history and current state of cyber warfare, providing a detailed look at the players, the technology, and the politics involved, from state-sponsored hackers to cybercrime syndicates, the authors take readers on a journey through the dark corners of the internet. It also offers practical advice on how to protect yourself and your organization from cyber-attacks. From understanding the basics of computer security to implementing advanced security measures, it’s packed with actionable tips and tricks to help you stay safe online. Defense in Depth There are four types of controls (OK – there’s actually more) that, when combined, help create a defense in depth strategy. For instance, locking your front door, installing a camera and flood light, owning a big dog, and having a silent alarm is a defense in depth strategy to keep your home safe. - The floodlight and camera are deterrents, which reduce the likelihood of being attacked. - The lock on the front door is preventative, intended to make an attack unsuccessful. - The big dog can reduce the effect of a break in, a corrective control. - The silent alarm, a detective control, can signal the cops to come investigate. Learn more here: https://www.linkedin.com/pulse/3-types-security-controls-expert-explains-purple-sec/ So what? Cybersecurity has multiple domains where we implement multiple control types. Each of these can be a sub-specialty within security. Email Security According to Deloitte, 91% of all cyber attacks begin with a phishing email. Therefore, email security is a top priority. 91% of all cyber attacks begin with a phishing email to an unexpected victim | Deloitte Malaysia | Risk Advisory | Press releases As a security analyst, you’ll have two jobs: 1. Review user submitted emails to see if they are malicious, spam, or legitimate 2. Create email security policies to prevent malicious emails. Endpoint Protection As a Security Analyst, you’ll likely be responding to many AV or EDR alerts. For instance, your AV may be configured to block, quarantine, ignore, or delete files and processes. Depending on the situation, you’ll need to figure out if the file or process is malicious and how did it get to the endpoint in the first place. Did the user click a link? Did they download something they shouldn't have? Did they plug in a USB they found on the street? A company’s worst nightmare is ransomware. This is a primary tool to prevent that. Security Awareness Training Backstory before we discuss this one. Stuxnet was a computer worm that was discovered in 2010 and is believed to have been developed jointly by the United States and Israel. It was designed to target industrial control systems and specifically the centrifuges used by Iran in their nuclear program. The worm was able to infiltrate these systems by exploiting zero-day vulnerabilities and spread to other systems through removable drives and network connections. What that means is, no security controls that we as analysts could configure would have prevented this malware. The question remains, how did this malware get into their system in the first place? After all, Iran’s nuclear program was air-gapped (not connected to the internet). So how did malware get on a system if there was no network connected to it? User error. USB drives were dropped into the Iranian parking lot surrounding the nuclear facility. Users would have had to pick one up, take it inside, pass security check points, and plug it into their work computers. Now, you may think to yourself, “what idiot is dumb enough to do that?” My answer would be: it takes a very special type of tinfoil paranoia and extreme distrust to be immune to trickery. But it still begs the question, how could this have been prevented? (Hint: it’s in the section title). DNS Filtering People like to click things. Things they shouldn’t. This is why phishing emails are so successful. People are click happy. So how do we protect against happy-clickers? DNS Filtering. SIEM/SOAR The tool of all tools. The SIEM gathers logs from everywhere and generates alerts for analysts to investigate. You can extend the functionality with SOAR but automating investigations. Identity Access Management With users now working remotely and using their own devices, how do we ensure that only legitimate users gain access to the correct resources? Volunteering Need experience to get a job? Need a job to get experience? Need experience to get a…well shit. How do we hack the cycle? You can find volunteering opportunities at your local non-profits (food bank, community centers, libraries) or you can ask to work on security projects at your current company (for those of you who are currently entry-level IT, this is the best way to get experience). If you need IT experience, check out ITDRC where you can volunteer in person or remotely. https://www.itdrc.org/ Additional Resources Certifications Security Certification Roadmap https://pauljerimy.com/security-certification-roadmap/ CompTIA A+ https://www.comptia.org/certifications/a CompTIA Network+ https://www.comptia.org/certifications/network CompTIA Security+ https://www.comptia.org/certifications/security BTL1 https://www.securityblue.team/why-btl1/ eJPT https://security.ine.com/certifications/ejpt-certification/ PNPT https://certifications.tcm-sec.com/pnpt/ Google IT Support https://www.coursera.org/professional-certificates/google-it-support Google Cybersecurity https://www.coursera.org/google-certificates/cybersecurity-certificate? CompTIA Training Professor Messer https://www.youtube.com/@professormesser Mike Meyers https://www.udemy.com/courses/search/?q=mike+meyers&src=sac&kw=mike+meyers Jason Dion https://www.udemy.com/courses/search/?src=ukw&q=jason+dion Books Cybersecurity and Cyberwar https://www.amazon.com/dp/1515950247/ Dark Territory https://www.amazon.com/dp/B010MHABUY/ You’ll See This Message When It Is Too Late https://www.amazon.com/dp/0262038854/ Atomic Habits https://www.amazon.com/dp/B07RFSSYBH/ Speak to Win https://www.amazon.com/dp/B001LV3UTK/ The Compound Effect https://www.amazon.com/dp/0306924633/ Meaningful Small Talk https://www.amazon.com/dp/B07WTWBVK8/ Podcasts Darknet Diaries https://darknetdiaries.com/ SimplyCyber https://www.youtube.com/@SimplyCyber Other Podcasts https://www.sans.org/blog/cybersecurity-podcast-roundup/ Reddit Mentorship Monday https://www.reddit.com/r/cybersecurity/ Freemium Training TryHackMe https://tryhackme.com HackTheBox – Labs https://app.hackthebox.com/ HackTheBox – Academy https://academy.hackthebox.com/ Blue Team Labs Online https://blueteamlabs.online/ Over The Wire https://overthewire.org/wargames/ Projects So you want to be a SOC analyst https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro TCM Security https://academy.tcm-sec.com/courses/ TCM Malware Analysis https://academy.tcm-sec.com/courses/enrolled/1547503 Online Degrees https://www.wgu.edu/online-it-degrees/bachelors-programs.html Bootcamps Antisyphon https://www.antisyphontraining.com/course-catalog/ Josh Madakor https://joshmadakor.tech/cyber/ YouTubers John Hammond https://www.youtube.com/@_JohnHammond The Cyber Mentor https://www.youtube.com/@TCMSecurityAcademy David Bombal https://www.youtube.com/@davidbombal Kyle Marvin (shameless plug) https://www.youtube.com/@kyle.marvin Volunteering ITDRC https://www.itdrc.org/volunteer CTFs HackTheBox – CTFs https://ctf.hackthebox.com/ PicoCTF https://www.picoctf.org/ CTF Time https://ctftime.org/event/list/upcoming Conferences DEF CON https://defcon.org/ Black Hat https://www.blackhat.com/us-24/ Wild West Hackin’ Fest https://wildwesthackinfest.com/ I created this post and YouTube channel because I see the same questions in Mentorship Monday every week. I hope to update this resource and keep it as a go-to guide for new folks looking to break into the industry. Please ask questions, recommend content to add/remove, and help make this post awesome. I appreciate y'all! submitted by /u/_r00d [link] [comments]

Talking to peers, we're comparing how much we spend on cybersec products, but they all scale by endpoint or user, so the total doesn't really help companies of different size. Is anyone calculating per employee per year/month cost to get an idea of what one employee costs a company? I'm a little over halfway through inventorying our products/services and we're over $18/mo per user already. Calculating firewall, email filter, EDR, security awareness training/testing, SIEM, password manager, endpoint patching, etc Not including our actual MS tenant and licenses for user products, only dedicated cybersec purchases. submitted by /u/ranhalt [link] [comments]

Accrochez-vous à vos claviers, car Meta vient de lâcher dans la nature une nouvelle créature nommée Llama 3. Oui, vous avez bien compris, je parle de la dernière génération de modèles de langage « open source » (ou presque, on y reviendra) de la société de Mark Zuckerberg. Si vous pensiez que ChatGPT, Claude ou Mistral étaient les rois de la savane, attendez de voir débarquer ces nouveaux lamas survitaminés ! Avec des versions allant de 8 à 400 milliards de paramètres (pour les non-initiés, disons que c’est l’équivalent de leur QI 🧠), les Llama 3 atomisent littéralement la concurrence sur de nombreux benchmarks standards, que ce soit en termes de connaissances générales, de compréhension, de maths, de raisonnement ou de génération de code. Mais qu’est-ce qui fait de Llama 3 un tel monstre par rapport à son petit frère Llama 2 ? Déjà, un entraînement de folie à base de 15 000 milliards de tokens (7 fois plus que Llama 2 !) pompé depuis le web (!!), avec beaucoup plus de code et de données non-anglaises pour préparer le terrain à une IA multilingue. Ajoutez à ça des techniques de parallélisation à gogo pendant la phase de pré-entraînement, et vous obtenez des lamas dopés qui apprennent à une vitesse supersonique. Et ce n’est pas tout ! Les Llama 3 ont suivi un programme d’éducation complet, avec du fine-tuning à base de rejection sampling, de PPO et de DPO (si vous ne connaissez pas ces acronymes, ne vous inquiétez pas, moi non plus 😅). Résultat : des modèles ultra-fiables qui refusent rarement une tâche, font preuve d’un alignement exemplaire et sont capables de suivre des instructions complexes sans sourciller. Bref, ce sont des cracks en raisonnement et en génération de code ! Mais au fait, comment on met la main sur ces petites bêtes ? Facile, il suffit de se rendre sur le site de Meta AI et de les télécharger ! Enfin, quand je dis facile… Les Llama 3 sont bien « open source », mais sous une licence maison qui impose quelques restrictions, notamment pour les entreprises de plus de 700 millions d’utilisateurs mensuels (suivez mon regard vers Mountain View et Redmond 👀). Mais bon, rien ne vous empêche de vous amuser avec si vous n’êtes pas une multinationale ! Et en parlant de s’amuser, sachez que Meta a aussi concocté un chatbot maison (pas encore dispo en France) baptisé sobrement « Meta AI« , disponible sur le web (www.meta.ai) et directement intégré dans les barres de recherche de Facebook, Instagram, WhatsApp et Messenger. Sous le capot, c’est bien sûr du pur Llama 3, avec en prime un modèle de génération d’images nommé « Meta Imagine« . Au programme, de la discussion, de la recherche web via Bing et Google, et bien sûr de la création d’images en un clin d’œil. Seul hic, pas encore de mode multi-modal façon ChatGPT pour uploader vos propres documents ou images, mais ça ne saurait tarder ! Alors, que penser de ce nouveau coup d’éclat de Meta dans la bataille des IA ? Personnellement, je trouve ça plutôt chouette de voir un poids lourd du Net jouer le jeu de l’open source (ou approchant) et mettre à disposition de tous des modèles de cette qualité. Bien sûr, on peut toujours discuter des arrière-pensées de Zuck et sa volonté de garder un œil sur ce qu’on fabrique avec ses lamas. Mais au final, c’est toujours ça de pris sur les GAFAM et leurs vilains modèles propriétaires ! Allez, je vous laisse, j’ai un lama à aller dompter moi ! 🦙 Et n’oubliez pas, comme le dirait l’autre, « le monde appartient à ceux qui codent tôt ». Ou tard, c’est selon. Source

Three years ago I was a high school English teacher. Today, I'm a cybersecurity engineer. This is how I did it (and what mistakes to avoid). Shameless plug (My video series: https://www.youtube.com/@Kyle.Marvin/) Cybersecurity Overview Three questions to start us off: What is Information Technology and what other IT jobs besides security pay well? What is cybersecurity and what your job duties would be? And what is this about red/blue/purple teams that make up IT Security? Main IT Domains Networking. Network engineers design, implement, and manage network infrastructure, such as routers, switches, and firewalls. Cloud. Cloud engineers do the same, but with cloud-based infrastructure and services. System Administration. System administrators handle user account management, data backups, and system updates. Help Desk. Help Desk technicians serve as the first point of contact for users seeking assistance. Cybersecurity Analyst / Engineer Job duties: Investigating security alerts, such as potential malware on a machine Reviewing emails for indicators such as malicious links or attachments DNS Filtering so that if a user does click a link, it doesn’t have a malicious effect Conducting vulnerability assessments to find weaknesses in our infrastructure Developing security policies, like Acceptable Use documents Implementing security controls like MFA and EDR Incident response during a data breach Training users to have a security mindset Audit for compliance to industry regulations such as HIPAA and PCI DSS Identity Protection to ensure only authorized users gain access to company resources Red vs. Blue vs. Purple Blue Team: Their job is to set up a company’s defenses. Like mentioned earlier: they do email security, endpoint protection, DNS filtering, and respond to alerts. Their job is to try and keep all the bad actors out. Red Team: These folks get paid to be “ethical” or “white hat” hackers. Yes - companies pay people to try and break through the blue team’s defenses. They may use social engineering (the act of manipulating people) or they may use technical skills, such as finding exploits and vulnerabilities in defenses. Purple Team: Sometimes, the red and blue teams come together for military style exercises where the red team tries to break into something and the blue team defends. These are called purple team exercises. A few companies will even have a dedicated role for purple teamers to manage these exercises. Why Choose Cybersecurity? 1. I work more with things now than I do with people. There are people-centered security positions, but there are also positions that focus on (non-coding) tech skills. 2. Median pay is $120,000 a year Information Security Analysts : Occupational Outlook Handbook: : U.S. Bureau of Labor Statistics (bls.gov) 3. Job growth of 32% into 2032 Cybersecurity Salary Guide: How Much Can You Earn? – Forbes Advisor 4. Cybercrime is MASSIVELY profitable. Companies need digital police. They need YOU. 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics (cybersecurityventures.com) 5. Make a positive impact on the world by thwarting cybercrime. Security (and IT) Certifications Certification: CompTIA A+ Why: It helped me get interviews and ultimately land an entry-level IT role. Who’s it for: Folks with no background in tech looking to break into the industry. Certification: CompTIA Network+ Why: You may need more than A+ on your resume to land a job. Also, you NEED to know how networking works. Who’s it for: Folks with no background in tech looking to break into the industry. If you already have an IT job, skip the test, but study the material! (CCNA is a good alternative IF you want to do network security). Certification: CompTIA Security+ Why: Allows you to apply for secret and top secret security positions (DoD certified). Gives a good theoretical understanding of security. Who’s it for: Folks with tech background looking to break into cybersecurity. Then I would get one of the following: Certification: BTL1 Blue Team Level 1 Certification » Security Blue Team Why: Good entry-level certification to build hands-on defensive skills Certification: eJPT eJPT Certification - INE Security Why: Good entry-level certification to build hands-on offensive skills Certification: PNPT Practical Network Penetration Tester (PNPT) - TCM Security (tcm-sec.com) Why: Good entry-level certification to build hands-on offensive skills Honorable Mentions Google IT Support Professional Google IT Support Professional Certificate | Coursera Google Cybersecurity Professional Google Cybersecurity Professional Certificate | Coursera Why Honorable only? They did not help me land a job, but have excellent content. CompTIA moved the needle for me in terms of interviews of job offers. Security Projects Email Security Buy a domain and get yourself a personalized email address. Configure the DNS records (SPF, DMARC) to ensure it’s secure. You can add this address to your resume and highlight it as a skill you now have experience with! SO many companies do not have DMARC setup correctly and this is a HIGH demand skill. Email is the number 1 path for threat actors to compromise accounts. Knowing how to secure email is a must. Antivirus Find and install a free antivirus program, such as MalwareBytes on virtual machine. Look through all the configurations and see what changes you can make. While on the virtual machine, download Potentially Unwanted Programs (PUPs) and see how the AV reacts. Try downloading EICAR (European Institute for Computer Anti-Virus Research) and testing with that. See if you can block files by hash. If you can, create a .exe file with some code from ChatGPT (maybe a PowerShell script that grabs system info and writes it to a .txt file), grab its hash, block it in the AV by adding the hash, then try to execute the file. Security Awareness Training Go through your personal email, hit your spam/junk folder, and you won’t have to dig long. Find out how to determine what malicious indicators are, and then create thorough walk-throughs on a few emails, highlighting what evidence you found, and how that evidence led to your conclusion. Post these on Medium for visibility. Create a mini-course on educating users to not click on links, input their credentials, download files, verify if an email is from a trusted sender, etc. You can take this to the next level by automating portions of this process: have a python script scan the headers, pull just the info you require, and then utilize APIs to analyze that data. Network Security pfSense is an open source firewall that you can setup in your home environment. OR if you have a spare Raspberry PI, then setup OpenWRT. Either are great options. If you are not an active administrator of your home network, now is the time to start! Learning to secure your home environment will go a long way to securing an enterprise environment. Frankly you can just start off with the gear you have and see what options you can enable to increase security. DNS Filtering You can set up OpenDNS for 20$ a year or free! Download, install, setup, and test. Can you get to websites you shouldn’t? What can you block? What should you block? What should an organization block to increase productivity and security? Up your DNS filtering game by setting up multiple profiles that allow certain users access to some sites that others don’t have access to. For instance, allow Facebook for someone and block it for another user. Document this process! Create a write-up or video or podcast. Post it online and share it with the community. Password manager Managing passwords is a pain. Do you know how many accounts you have? do you know if any have been compromised? So many folks use multiple open-source PWMs, such as chrome, firefox, edge…and more. Consolidate your passwords into a single location, update them to be secure, delete old/unnecessary accounts, enable MFA where you can. Do you already pay for Nord VPN? Well they include a PWM. Or there’s a ton of options out there that are really affordable. Do some research: should you use a cloud PWM? Or should you setup an on-prem Raspberry PI PWM? Find the option that suits your needs and get it going! Bonus Projects 1. Eric Capuano wrote a 4-part blog series that details how to set up a homelab SOC Analyst style. https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro 2. Reverse Malware Analysis by TCM Security https://academy.tcm-sec.com/ Wargames Capture-the-Flag (CTF) events are cybersecurity competitions designed to test participants' skills in various aspects of information security. They involve solving a series of challenges that simulate real-world security scenarios. Participants are often organized into teams and compete to uncover hidden flags or solve puzzles to score points. Six Reasons to Compete in a Wargame CTF challenges cover a wide range of technical areas, including network security, cryptography, web security, reverse engineering, forensics, and more. Participants must apply problem-solving techniques, analyze vulnerabilities, devise strategies, and explore different approaches to overcome obstacles. Events often require participants to work together to solve challenges and maximize their score. The ability to work well in a team is highly valuable in real-world cybersecurity scenarios. CTFs put participants under pressure to solve challenges within a limited timeframe, which helps develop time management skills, improve decision-making under pressure, and enhance your ability to prioritize tasks effectively. Engaging in the CTF community allows participants to network, exchange knowledge, and build relationships that can be beneficial for career advancement and future collaborations. Placing in the top 3 in a CTF is an accomplishment worth noting on your resume and demonstrates to employers that you have the previously mentioned skills. Types of Wargames Jeopardy In this type of CTF, teams are given a board that looks like jeopardy with certain categories, such as OSINT, PWN, Crypto, etc. and there are multiple tasks worth varying points, for instance, PWN for 500. Completing these tasks awards points to a team. Attack-Defense A “gameserver” is provided by the organizers and runs throughout the competition and periodically stores flags on your Vulnbox The Vulnbox is your running instance of the virtual machine given to you by the organizers. It runs all the services that the gameserver uses to store flags. Your job is to protect your flags by securing the services and ensure your VM is not exploitable (the Defense part of the game). The other teams all have their vulnboxes, and after about an hour, the network will open up so that the other teams can start exploiting (aka the Attack phase) your machine and find flags. Successfully stealing and submitting flags from the Vulnbox of other teams determines your attack score! Technical Preparation College Is college required? No. Does it help? Yes. I have a B.A. in English – not tech related at all and this was more than sufficient to get a job. Many of my coworkers do not have degrees at all. WGU has a popular program - Cybersecurity Courses Online – Bachelor’s Degree | WGU Bootcamps Required? No. Helpful? Maybe. Check out pay-what-you-can training from SANS instructors at Antisyphon https://www.antisyphontraining.com/ Popular YouTuber and Security Engineer Josh Madakor also has a bootcamp. https://www.youtube.com/@JoshMadakor Technical Skills Development Defensive Skill Building 1. Blue Team Labs Online BTLO (blueteamlabs.online) Offensive Skill Building (ethical hacking, penetration testing, application security) 1. Hack the Box a. Academy (for beginners) Best Online Cybersecurity Courses & Certifications | HTB Academy (hackthebox.com) b. Labs (beginner to advanced) Hack The Box :: Login 2. TryHackMe TryHackMe | Cyber Security Training Podcasts Darknet Diaries – True stories from the dark side of the internet by Jack Rhysider (SO GOOD). Darknet Diaries – True stories from the dark side of the Internet. Daily Cyber Threat Brief - Do You Know How EPIC Simply Cyber Is? (Max Nitro Edition) (youtube.com) Books 1. Dark Territory: The Secret History of Cyber War by Fred Kaplan Dark Territory recounts the history of cyber warfare in the United States before the word “Cyber” was even coined. It covers a comprehensive understanding of how America began its cyber programs from the Cold War up through the Obama administration. It is less about specific cyber attacks or exploits, although it does cover many, and more about the history behind the CIA, NSA, FBI, and all the other alphabet soup of the American government. 2. You’ll See This Message When It’s Too Late by Josephine Wolff The first section recounts 3 major financially motivated cyber incidents: TXJ breach, South Carolina Department of Revenue (SCDOR) and the Zues botnet / Cryptolocker. You’ll get a good understanding of some defensive measures to thwart financial cyber crimes, along with a great history lesson. The second section deals with cyber-espionage: DigiNotar (a certificate authority), China’s PLA Unit 61398, and the breach to the US Office of Personnel Management (OPM). The defensive measures one might take to counteract these crimes has some overlap, but is interestingly more difficult to prevent. The third section highlights cyber acts of public humiliation: Spamhaus’ DDoS, Sony’s Breach (one of many), and the adulterous Ashley Madison website. These crimes are perhaps the most difficult to thwart and as the motivations and information required are different. The final section is something of a review. It focuses on potential solutions to issues, the underlying economic costs, and the legislative agenda tied to these issues. 3. Cybersecurity and Cyberwar by P.W. Singer & Allan Friedman The book delves into the history and current state of cyber warfare, providing a detailed look at the players, the technology, and the politics involved, from state-sponsored hackers to cybercrime syndicates, the authors take readers on a journey through the dark corners of the internet. It also offers practical advice on how to protect yourself and your organization from cyber-attacks. From understanding the basics of computer security to implementing advanced security measures, it’s packed with actionable tips and tricks to help you stay safe online. Defense in Depth There are four types of controls (OK – there’s actually more) that, when combined, help create a defense in depth strategy. For instance, locking your front door, installing a camera and flood light, owning a big dog, and having a silent alarm is a defense in depth strategy to keep your home safe. - The floodlight and camera are deterrents, which reduce the likelihood of being attacked. - The lock on the front door is preventative, intended to make an attack unsuccessful. - The big dog can reduce the effect of a break in, a corrective control. - The silent alarm, a detective control, can signal the cops to come investigate. Learn more here: https://www.linkedin.com/pulse/3-types-security-controls-expert-explains-purple-sec/ So what? Cybersecurity has multiple domains where we implement multiple control types. Each of these can be a sub-specialty within security. Email Security According to Deloitte, 91% of all cyber attacks begin with a phishing email. Therefore, email security is a top priority. 91% of all cyber attacks begin with a phishing email to an unexpected victim | Deloitte Malaysia | Risk Advisory | Press releases As a security analyst, you’ll have two jobs: 1. Review user submitted emails to see if they are malicious, spam, or legitimate 2. Create email security policies to prevent malicious emails. Endpoint Protection As a Security Analyst, you’ll likely be responding to many AV or EDR alerts. For instance, your AV may be configured to block, quarantine, ignore, or delete files and processes. Depending on the situation, you’ll need to figure out if the file or process is malicious and how did it get to the endpoint in the first place. Did the user click a link? Did they download something they shouldn't have? Did they plug in a USB they found on the street? A company’s worst nightmare is ransomware. This is a primary tool to prevent that. Security Awareness Training Backstory before we discuss this one. Stuxnet was a computer worm that was discovered in 2010 and is believed to have been developed jointly by the United States and Israel. It was designed to target industrial control systems and specifically the centrifuges used by Iran in their nuclear program. The worm was able to infiltrate these systems by exploiting zero-day vulnerabilities and spread to other systems through removable drives and network connections. What that means is, no security controls that we as analysts could configure would have prevented this malware. The question remains, how did this malware get into their system in the first place? After all, Iran’s nuclear program was air-gapped (not connected to the internet). So how did malware get on a system if there was no network connected to it? User error. USB drives were dropped into the Iranian parking lot surrounding the nuclear facility. Users would have had to pick one up, take it inside, pass security check points, and plug it into their work computers. Now, you may think to yourself, “what idiot is dumb enough to do that?” My answer would be: it takes a very special type of tinfoil paranoia and extreme distrust to be immune to trickery. But it still begs the question, how could this have been prevented? (Hint: it’s in the section title). DNS Filtering People like to click things. Things they shouldn’t. This is why phishing emails are so successful. People are click happy. So how do we protect against happy-clickers? DNS Filtering. SIEM/SOAR The tool of all tools. The SIEM gathers logs from everywhere and generates alerts for analysts to investigate. You can extend the functionality with SOAR but automating investigations. Identity Access Management With users now working remotely and using their own devices, how do we ensure that only legitimate users gain access to the correct resources? Volunteering Need experience to get a job? Need a job to get experience? Need experience to get a…well shit. How do we hack the cycle? You can find volunteering opportunities at your local non-profits (food bank, community centers, libraries) or you can ask to work on security projects at your current company (for those of you who are currently entry-level IT, this is the best way to get experience). If you need IT experience, check out ITDRC where you can volunteer in person or remotely. https://www.itdrc.org/ Additional Resources Certifications Security Certification Roadmap https://pauljerimy.com/security-certification-roadmap/ CompTIA A+ https://www.comptia.org/certifications/a CompTIA Network+ https://www.comptia.org/certifications/network CompTIA Security+ https://www.comptia.org/certifications/security BTL1 https://www.securityblue.team/why-btl1/ eJPT https://security.ine.com/certifications/ejpt-certification/ PNPT https://certifications.tcm-sec.com/pnpt/ Google IT Support https://www.coursera.org/professional-certificates/google-it-support Google Cybersecurity https://www.coursera.org/google-certificates/cybersecurity-certificate? CompTIA Training Professor Messer https://www.youtube.com/@professormesser Mike Meyers https://www.udemy.com/courses/search/?q=mike+meyers&src=sac&kw=mike+meyers Jason Dion https://www.udemy.com/courses/search/?src=ukw&q=jason+dion Books Cybersecurity and Cyberwar https://www.amazon.com/dp/1515950247/ Dark Territory https://www.amazon.com/dp/B010MHABUY/ You’ll See This Message When It Is Too Late https://www.amazon.com/dp/0262038854/ Atomic Habits https://www.amazon.com/dp/B07RFSSYBH/ Speak to Win https://www.amazon.com/dp/B001LV3UTK/ The Compound Effect https://www.amazon.com/dp/0306924633/ Meaningful Small Talk https://www.amazon.com/dp/B07WTWBVK8/ Podcasts Darknet Diaries https://darknetdiaries.com/ SimplyCyber https://www.youtube.com/@SimplyCyber Other Podcasts https://www.sans.org/blog/cybersecurity-podcast-roundup/ Reddit Mentorship Monday https://www.reddit.com/r/cybersecurity/ Freemium Training TryHackMe https://tryhackme.com HackTheBox – Labs https://app.hackthebox.com/ HackTheBox – Academy https://academy.hackthebox.com/ Blue Team Labs Online https://blueteamlabs.online/ Over The Wire https://overthewire.org/wargames/ Projects So you want to be a SOC analyst https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro TCM Security https://academy.tcm-sec.com/courses/ TCM Malware Analysis https://academy.tcm-sec.com/courses/enrolled/1547503 Online Degrees https://www.wgu.edu/online-it-degrees/bachelors-programs.html Bootcamps Antisyphon https://www.antisyphontraining.com/course-catalog/ Josh Madakor https://joshmadakor.tech/cyber/ YouTubers John Hammond https://www.youtube.com/@_JohnHammond The Cyber Mentor https://www.youtube.com/@TCMSecurityAcademy David Bombal https://www.youtube.com/@davidbombal Kyle Marvin (shameless plug) https://www.youtube.com/@kyle.marvin Volunteering ITDRC https://www.itdrc.org/volunteer CTFs HackTheBox – CTFs https://ctf.hackthebox.com/ PicoCTF https://www.picoctf.org/ CTF Time https://ctftime.org/event/list/upcoming Conferences DEF CON https://defcon.org/ Black Hat https://www.blackhat.com/us-24/ Wild West Hackin’ Fest https://wildwesthackinfest.com/ I created this post and YouTube channel because I see the same questions in Mentorship Monday every week. I hope to update this resource and keep it as a go-to guide for new folks looking to break into the industry. Please ask questions, recommend content to add/remove, and help make this post awesome. I appreciate y'all! submitted by /u/_r00d [link] [comments]

HarfangLab et Filigran, deux leaders dans le domaine de la cybersécurité, unissent leurs forces pour renforcer la réponse aux incidents et la gestion des menaces. Leur nouveau partenariat vise à optimiser la détection et la réaction face aux attaques informatiques. Le but étant d'offrir une solution complète et efficace aux équipes cyber de toutes tailles. Renforcement de la cybersécurité Filigran et HarfangLab annoncent avec fierté leur partenariat stratégique. Au cœur de cette alliance se trouve un connecteur entre OpenCTI, la plateforme de gestion des menaces de Filigran et l'EDR (Endpoint Detection and Response) d'HarfangLab. Cette collaboration vise à créer un lien technologique essentiel pour améliorer la détection des menaces et accélérer la réponse aux incidents afin de renforcer la sécurité des organisations face aux cyberattaques. Une courte information à propos d'OpenCTI : Un connecteur adapté à toutes les tailles d'entreprises Ce partenariat s'adresse à toutes les équipes cyber, des PME aux grandes institutions publiques et entreprises multinationales. Le connecteur entre OpenCTI et l'EDR d'HarfangLab est spécifiquement conçu pour les équipes CTI, les analystes cyber, ainsi que les CERTs et les SOCs. Cela offre une solution complète pour intégrer et automatiser la gestion des données sur les menaces. Une collaboration axée sur l'efficacité et la performance Grâce à ce partenariat, les deux entreprises s'engagent à fournir des solutions toujours plus performantes et efficaces aux équipes cyber. Le connecteur développé facilite l'échange d'informations critiques sur les menaces. Ce dernier renforce ainsi la posture de sécurité des organisations face aux cyberattaques complexes. Les avantages clés de ce partenariat Amélioration des capacités de détection de l'EDR grâce à l'exploitation d'un référentiel d'indicateurs d'OpenCTI. Automatisation et efficacité accrues pour permettre une réaction plus rapide et une gestion plus efficace des incidents. Une réponse à incident enrichie par la data. Cela favorise une meilleure compréhension et gestion de la menace par les analystes. Intégration et facilité d'usage grâce à une interopérabilité entre OpenCTI et HarfangLab. Témoignages des dirigeants Grégoire Germain, CEO et co-fondateur d'HarfangLab, exprime sa satisfaction quant à cette collaboration : “Chez HarfangLab, nous sommes fiers d'apporter notre expertise de la sécurité des endpoints au service d'un objectif commun de lutte contre les cybermenaces. Ce connecteur offre aux organisations la capacité d'anticiper, de détecter et de répondre aux incidents de sécurité avec une précision et une rapidité sans précédent.” Samuel Hassine, co-fondateur et CEO de Filigran, souligne l'impact significatif de ce partenariat : “Ce partenariat avec HarfangLab renforce significativement la capacité des équipes de cybersécurité à mieux appréhender, anticiper et répondre aux cybermenaces. L'intégration des deux plateformes accroît considérablement la couverture de détection, permettant une identification plus complète des menaces actuelles.” En somme, cette alliance entre HarfangLab et Filigran représente une avancée majeure dans le domaine de la cybersécurité. Elle offre aux organisations les outils nécessaires pour faire face aux menaces numériques les plus sophistiquées. Article basé sur un communiqué de presse reçu par la rédaction. Cet article Cybersécurité, des leaders réagissent aux incidents les plus sophistiqués a été publié sur LEBIGDATA.FR.

I think I don't know a single company who handles GDPR / privacy in general correct and truly is up-to-date in security. Hence I throw privacy and security together for this post. It feels like most companies think "well there was this IT-guy here 5 years ago and he made everything secure so we are good". The same for individuals who don't want to listen if you tell them their 10yo password which they use for 20 accounts should be replaced, and that saving them in the browser is not that good of an idea. These are just examples, you probably can write books of more. How are you not desparate? And if you are, how do you handle it? Edit: I'm not in cybersecurity, just switching jobs (horeca/retail) often submitted by /u/EstablishmentLeft50 [link] [comments]

Lorsqu’un utilisateur consulte un site Internet ou une application qui contient un espace publicitaire, les entreprises, courtiers et plates-formes publicitaires, qui représentent des milliers d’annonceurs, peuvent enchérir en temps réel, en coulisse, pour obtenir cet espace publicitaire, afin d’y afficher des publicités adaptées au profil de l’utilisateur (Real Time Bidding). Lire la suite L’article Mise aux enchères de données personnelles : la CJUE clarifie les règles du RGPD … est apparu en premier sur Le blog de l’information stratégique.