People keep praising them. I wonder if there are any risks to using password managers. For example, what you do if forget the master pass and the dog ate your printed emergency code?
Hello everyone 🙂
Do you think red hat certifications are relevant for a security professional?
You know the ones. Rule-abiding or not, they still get submitted.
I'll compile some of the most common into a new wiki for the subreddit. If anyone would like to volunteer to help build it, let me know.
I have recently received the opportunity to do the sans sec 504 course for free and was wanting to know a bit more about it.
What sort of a foundation does the course give in terms of cyber security? What's the course like? Good, bad etc? Anything else that sticks out, other impressions etc?
So an unknown device showed up on my wifi network yesterday I unplugged everything so I know it's not mine. I have been using WPA2-Personal security.
Other than changing my wifi ssid and using a longer random password is there anything else I can do to better secure my home wifi?
Something I've found myself scratching my head over recently, yet can't seem to get working properly. I am running a CLI application written in .NET that makes web requests. I'd like to be able to view, intercept and/or modify these requests via Burp.
I have Burp listening on localhost on the usual 8080 port. I have tried setting the proxy settings in the command line with 'netsh winhttp set proxy "127.0.0.1:8080", which didn't seem to work, I've tried setting the system proxy (Start > Proxy Settings > 127.0.0.1 8080) which also doesn't seem to work. I've tried using Proxifier and set a rule for Powershell / CMD to push traffic through 127.0.0.1 8080 which also doesn't work.
Does anyone have a method for getting this traffic pushed through to Burp?
As I understand it, apps like iMessage, Whatsapp, Facebook Messenger are end to end encrypted by having the app generate a public and private key on the users device.
The public key is sent to the servers so two users can communicate and the private keys remain on the device so they (and only they) can decrypt it.
With all this talk about “adding back doors” to messaging apps it feels like the government wants to break encryption the hard way when there’s something much easier and less noticeable they could do.
If the app generates both keys, and the user is never aware that this process even occurs, what is stopping the app from just also sending the private keys of people communicating to the server so an agency could decrypt their conversations?
Is there anything in the math of encryption that prevents this, or are all users just relying on the goodwill of app makers to not do so?
Considering any communication is occurring across HTTPS how could one verify that this key is not being sent?
This question may be mostly addressed to SOC analysts, but anyway, how many of you work one week days and the following week nights?
Honestly, I'm mostly worried about my health, scientific research is unanimous on the fact that if you go on changing your sleep schedule every week it'll mess you up basically.
Hi, I am graduating this year and as such should return my school laptop back to school. However, for some odd reason, I am the only one who does not show up for a laptop return.
If I were to hypothetically reformat my hard drive and reinstall windows, would I be in the clear to keep the laptop for personal use?
The only thing keeping me uneasy about this is how some student's laptops got locked and required to be turned back in even after they managed to factory reset their laptops. Would a reformat do the trick? Is there ways to grab a hold of a laptop even post-reformat?
Greetings! I'm a help desk employee who is wanting to get into infosec and one idea suggested to me was to setup a home lab to practice. Right now I'm thinking of ways to justify investing in a used Workstation I can use to create a virtual home lab that can be used to get my feet wet in all sorts infosec tools and systems and gain more experience that way (I would normally just buy physical equipment, but I'm not made of money, especially with the way things are right now); But due to my lack of experience I'm having a hard time thinking of projects that are worth investing in for the Workstation.
The idea so far would be to create multiple VMs and network them together from within the the Workstation so I would have a network to exploit. The question now would be what exactly should be perusing with this setup? What kind of projects are out there that I can use to cut my teeth with and where would I find them? I could practice with Kali, look into some monitoring tools, tinker with VMware somehow (Again no money for large investments). I'm looking at this from a Blue Team perspective but I wouldn't mind looking at Pentesting either since I'm sure they intermingle a lot.
What would be everyone's recommendation for learning more hands-on infosec? Is there a good central hub to get project ideas from, or should I abandon all of this and look into more online resources (TryHackMe, HTB, etc)?