Advice on if this job is worth it

So I’m graduating in 2 weeks with a degree in cyber security and have been looking for jobs as you do.

I was recently offered a job here in San Antonio, Texas for an internship for $15 /hr with a max of 10 hrs a week. And if it goes well then a full time job still at $15/hr 40hrs per week.

Here are my problems:

During the internship I’m told that I’m expected to come in much more than 10hrs per week unpaid to “be successful”

There’s no set timeline on when I’d become full time as it depends on my internship

Even when I do become full time I’m only making $30k a year with a bachelors in cyber security

Is this worth it as a first job out of college or should I keep looking? I don’t want to be without a job at all but this seems like I’m selling myself short when the avg starting income for my degree out of college is about double.

Edit:I also have a secret clearance already underway from a previous internship if that changes anything.

Touch here for the full post on Network Security Noblemen tumblr

Advertisements

cisco FTD root access not a vulnerability

Some of you may work with Cisco firepower threat defense (FTD) and other NGFW. I was wondering why Cisco allows the customer to have full root access to the underlying LinuxOS and other vendors closed their clish and consider it as a vulnerability if you somehow gain root access.
Does anybody know why Cisco still allows this?

Touch here for the full post on Network Security Noblemen tumblr

How does free internet work through http injection?

Hi,

I've seen many tutorials about an app called "HTTP injector" which gives free 3G internet if configured correctly, there was even a facebook group where the users exchanged configuration files for the app to grant free internet(most of the users I've known personally are Vodafone users but there are configuration files for alot of carriers world wide in this site and others).

now I don't know how this work or what kind of an exploit they use and how can i test for the exploit(I don't have an exploitable network to test on), I would be very thankful if someone can explain to me how this works, how i can test for the vulnerability and maybe design an exploitable network to test on.

this was asked before with more details on stackexchange but didn't gain any detailed or satisfactory answers

more information about how to configure the app: https://www.techfoe.com/2016/09/how-to-configure-http-injector-for-free.html

just to be clear, after watching many tutorials on how to setup this it requires the following:

1- the mobile network should allow you to connect to some site for free even when you don't have a data plan or balance, this site can be a company site, for example vodafone.com.eg on vodafone egypt or it can just be a public service that the company provides access for free (free facebook.com without images) or many other free sites on the freebasics.com project, this free site is used as a payload.

2- a public vpn over ssh

3- a public proxy server( this is optional if i understand correctly)

somehow the app manipulates the headers to convince the company firewall that the user is connecting to a free service (free facebook.com for example) but what it actually does is establish a connection to the ssh vpn server so that subsequent traffic will be tunneled through this vpn

PS: I'm not trying to hack the network,I'm actually trying to simulate the vulnerability in a virtual lab but I don't know what the exploit is so i can't simulate it, that's why I'm trying to test it on my phone carrier hoping it has the vulnerability and if it connects successfully I might be able to understand how this works by sniffing the http injector connection in wireshark and looking at the packets, unfortunately I was never able to get this to work on the two networks that I have sim cards for (Zain and Asiacell).

Regards

Touch here for the full post on Network Security Noblemen tumblr

Any source to find phishing/spam/malware emails?

I need to test the effectiveness of O365 Email Security. I have tried sending a few obviously spammy and phishing emails. Half of them made it through but these were low caliber, "mild" as compared to what professional fraudsters are capable fo generating now a days.

I have also been asked to evaluate effectiveness of another spam filter product we have .

The question is – Where can I find some example email with known virus/malware attachments. phishing links, fake URLs etc. so as to run a more conclusive and practical test?

Those of you who do this quite often, how else do you measure the effectiveness of anti phishing/spam/malware protection of your email security products?

Touch here for the full post on Network Security Noblemen tumblr

Simple questions about generating self signed certs

I was wondering what is the significance of using a challenge or pass phrase while generating a CSR?

Secondly how do we define where the private key of the cert is supposed to be residing? Is it in the CSR or PEM and how is it specified? FQDN maybe?

Can someone please help me understand how self signed certs are generated and used in enterprise environments?

Thank you for your time.

Touch here for the full post on Network Security Noblemen tumblr

Best password manager for my use case?

So I'm kind of tired of having more than one password, as anyone would be. But at the same time, I'm way more paranoid about security than I am knowledgeable about computer security.

Passwords must be encrypted and not decryptable without my password (obviously, can't imagine a password manager without this).

It needs to run on at least both Windows and Linux. I would also appreciate if it runs on BSD and MacOS in case if I ever try them for personal devices. Also Android if that's possible, but that's low priority, I don't log into stuff on my phone often.

It needs to be as close to 100% open source as possible, strongly preferably at 100% and under a FOSS license like the GNU GPL or MIT licenses.
As I said, I'm paranoid, and this means if they have proprietary code, I can't trust it.

It would also be nice if it has sane defaults making it simple to use, but this isn't a requirement since I'm willing to take the time to learn what I'm doing if it means more security.

I'd also appreciate anything you all think I should know when it comes to security with password managers.

Touch here for the full post on Network Security Noblemen tumblr

Analyzing Web Browser Extensions

Recently, this article came down the pipeline on r/netsec : https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/

As someone with browser extensions enabled, how can one run a test on extensions to test whether they are adhering to their ToS and/or see how much information they're collecting?

Specifically, the article stated, "We observed two extensions employing dilatory tactics — an effective maneuver for eluding detection — to collect the data" and "By deploying a honeypot to monitor web traffic, we discovered near-immediate visits to URLs collected by the extensions."

How can I do this? The report reveals such an egregious breach of information, that it seems imperative that there be some sort of guide/methodology for other users to start testing their own browser extensions so that they can fester out more bad weeds.

Touch here for the full post on Network Security Noblemen tumblr

Did anyone else experience a massive credential scan on July 19?

New alt account, because I'm paranoid and I don't like to mix pain and pleasure.

July 19, 2:00-5:00 PM GMT

Traffic on our site went up 600%. I'm being discreet with the details, but it's obvious several clients were testing usernames+passwords. All or nearly all of the traffic came from various VPN services.

It was very high profile, so I'm wondering… Did anyone else see this?

Touch here for the full post on Network Security Noblemen tumblr

SANS/GIAC boost?

Hello everybody

simple and easy question to whom it may concern.

After obtaining a GIAC certificate(whichever that cert is and whatever your current position is e.g soc analyst,cybersec consultant etc whatever) did you actually see any difference when it comes to job offers,good salary offers,internal raises coming easier when negotiating with a GIAC under your belt,"more doors opened for you" etc?

I would appreciate it,if you could present real examples from your life/experience.

Main reason i am asking is because:

a)I applied for sans work study program and i am hyped af (in case i get accepted) because i believe it wil boost my career tremendously.

b) i would like to know the real reflection of a GIAC cert in the cybersec industry as you experienced it so far.Of course i know that is considered one of the top(if not the top) trainings+certs and that 99% of the industry acknowledges/desires it but is there an actual reflection when it comes to money/offers/leverage ?

I am seeing some crazy job ads that "desire" GIAC certs for tier 1-2 soc analysts with average looking salaries(could be another HR filtering tactic to "filter"the noobs and minimize the CV load ??) or looks like companies want you to have a GIAC cert but are not willing to reward it with an appropriate salary. At least in my area..(Eastern Europe)

Thanks a lot for your input!

Touch here for the full post on Network Security Noblemen tumblr

What’s a day like as a cyber risk analyst?

Hi all,

Currently I'm an information security analyst with ~5 years of experience, started in Threat Intelligence, moved to Content Development, and as of about 1.5 years ago I've switched to more of a generalist role at a smaller company. I'm realizing I enjoy bigger picture/planning more than I care about being the guy on the ground doing the technical work myself. I'm about to knock out my CISSP and am considering CRISC next. Whether that's relevant or not, I'm curious, for any of you that are cyber risk managers or analysts, what does a typical (relative) day look like? Does information security work translate well? I know it helps, but I'm curious if finding a job would be a struggle. Appreciate any feedback! I haven't found much on the cyber aspects, anytime I search, it's more for financial or operational risk management as opposed to cyber/technical risk.

Touch here for the full post on Network Security Noblemen tumblr