Are non western countries suffering from the same amount of ransomware that the west is?

Pretty much title.

I know normally its the other way around, but i gotta imagine the east has some rip companies that could easily be victims of it. Most of what i could find was referencing attacks in the east.

Touch here for the full post on Network Security Noblemen tumblr

Advertisements

Can not connect telnet from virtual machine to router

My virtual box is on bridge with and is set to allow all. I’m able to ping the router correctly, but when I use telnet it can’t connect and wireshark does not show it. I disabled the ufw firewall and it still won’t work.

Touch here for the full post on Network Security Noblemen tumblr

Put certifications that are in progress in your resume?

My current company purchased 2 licenses for certifications for me, though I am in the process of looking for a new job. I plan on getting them before I leave but I don’t want this to halt my job hunt. In the meantime, is it a good idea/the standard to put the certifications you are currently working towards on your resume as “in progress”?

The downsides I see are 1) if I end up leaving before I compete them, I’m sure my company will revoke the licenses so I’ll probably not end up getting them. 2) I don’t actually have them so I don’t want this to reflect poorly on me to future employers.

But I want to use this as an opportunity to show prospective employers that I do know a fair amount in these particular areas.

What do you all think?

(Edit: if not on my resume, this could be something to mention in first round interviews with HR?)

Touch here for the full post on Network Security Noblemen tumblr

Pentest Engagement) What happens if no employees click on your phishing email?

I have heard that for penetration test engagement, which starts externally, it is common to use a phishing email / spear-phishing email campaign in order to establish the foothold.

In nowadays where users are quite about checking their email (still bad, but much better than 10~15 years ago), what do you do if your phishing campaign fails? Did this ever happen to you; as a pentester, or a blue team member?

What would be the next step? Physically visit the site for wireless pentesting? Researching and dropping zero days (which I think is impossible for 2~3 week engagement window)? Pray for web-app penetration testing to find command injection? Go back to the client and admit that initial foothold was a failure?

Touch here for the full post on Network Security Noblemen tumblr

SOC Analyst Real World Progression

My company is currently expanding our SOC to encompass a more broad scope of what a SOC could/should be. In this expansion the role titles were reviewed. I was hired as a SOC Engineer(primarily due to 7 years of past CyberSec experience), but after reviewing the general responsibilities between an Engineer and an Analyst, my supervisor and I agreed that my ambitions were in line with an Analyst.

Im wondering what those who have been in an established SOC have experienced as far as progression. Is it viable to remain as an analyst for a career or is an evolution into an Engineer inevitable? Based on an AlienVault SOC analyst Tier system(Tier 1 basic analyst, Tier 2 incident response, Tier 3 threat hunter and Tier 4 SOC manager) I believe I am proficient in a Tier 3 role.

Touch here for the full post on Network Security Noblemen tumblr

Question regarding a potential IT procedure/policy vulnerability…

First off, I'm not in the infosec domain, which is why I'm asking this here.

Members of an organization, completely outside of the IT domain, are given Macbook Pros with standard non-admin accounts and no root access, for various reasons that seem justifiable even if I don't agree with it. I noticed the other day that a person's computer, from this organization, on my network was listening for incoming SSH connections. I asked to take a look, and while it says that remote login is disabled for their account under settings, running

sudo systemsetup -getremotelogin 

returned

Remote Login: On 

I was also able to attempt connecting to their machine via SSH and prompted for a password, and when I asked to look at their /etc/ssh/sshd_config, I found that password authentication was enabled. These machines have access (over VPN) to very protected data that, if breached, would be a huge scandal. This person did not enable SSH server, and I have good reason to believe that this is the standard configuration for all the Macbook Pros given to members of this organization.

This organization is quite large, so a very large number of people are walking around, connecting to different networks potentially all over the world, with machines that are running SSH server with password authentication enabled. Furthermore, these people are not even remotely in a tech domain, and they have minimal to no security hygiene training. Given the organization, it is conceivable to me that they could have shoddy IT policy.

I don't know OSX very well, am I missing something here? Is there something about OSX that renders it hardened in this instance?

Touch here for the full post on Network Security Noblemen tumblr

Legal basis for the use of vulnerabilities by law enforcement in the UK

Hi all,

As I'm from a different jurisdiction and had a hard time finding the actual legal basis I was wondering whether someone could point me in the right direction. Does anyone know what the legal basis is (the law and perhaps the provision) that allows police and intelligence agencies to conduct technical reconnaissance, exploit a known vulnerability or even create one. Any of you have a good paper (from a legal point of view) on the warrant regime concerning this topic?

I'm grateful for your replies.

Touch here for the full post on Network Security Noblemen tumblr

Incident response and digital forensics a good starting point for IT security?

Hello,

I received a job offer a few days ago for a job as a junior consultant for incident response and digital forensics at one of the Big4. So far, most of my experience is in application development from internships or working student jobs, but I'm about to finish my masters degree in a month. I've always been very interested in IT security topics and the interview went great – people were very nice and the projects sounded fun. Now I'm wondering: Is that job a good starting point for IT security and will I be able to do the job without any practical experience? Does anybody have some insights how such a career could go in the future?

Touch here for the full post on Network Security Noblemen tumblr

Strange FW connections

Hello all I face a strange situation that I don't have the knowledge to explain/resolve and I need your help.

I am working on a SOC. There was a test server on our environment that was reaching the internet.

This server was scanned by multiple scanners that is normal imo The server is now decommissioned.

The issue is that we keep receiving alert about built tcp connections from scanners.

I checked FW to realize if this is our SIEM issue but I also see allowed connections on firewall.

Why is this happening? Do u have any clue? The server is down 100%

Thanks in advance

Touch here for the full post on Network Security Noblemen tumblr