Been working on a malware analysis tool called AssemblyLine 4. I'm trying to set it up to collect artifacts from an s3 bucket and trigger alerts if malicious
Used to have a Linux homelab. Finally got Windows experience at a job for some years before moving to my current role at another org. Built a new homelab that’s organized around Windows Server because I’ve spent years managing it but never set it up from scratch. Learning small pitfalls of doing so. Just got VMs on the Win domain the other day; will be focusing on certificates shortly. It’s probably not that interesting to most, but it’s valuable learning for me. I’ll start trying to break in with Kali and similar tools once the infra is all setup.
Unless things have changed, North Korea doesn't have a whole lot by way of Internet. I think they used to have two Class C netblocks, 256 IP addresses each.
His feat did not go unnoticed. Over the next year he had meetings with officials from the United States Cyber Command, the branch of the armed forces dedicated to this field. He also met with officers from the Marines, the Space Operations Command and intelligence (NSA). Cáceres shared with them the keys to his successful operation and told them that, in his opinion, similar operations could be carried out with small commandos of two to four hackers. That would give them agility, autonomy and the ability to react.
Me, a cyber-commando, dressing up in full tactical gear, ready for anything, for the trip from my gaming chair to my refrigerator to get beer while I watch my rented Azure servers send spam to a small country's routers
He tried, but failed. “To do anything you need authorization, which takes six months to get. And when you get it, what you wanted to do no longer works. That is the reality here in the U.S.: we have very, very good people working on our cyber defense, but they are hogtied. They can’t do anything, even though I know we have the resources to do a lot.”
Smh our bureaucratic government won't approve my request to start a war with the DPRK from my couch
If he did this to any other small nation, especially a US-aligned one, he would be charged with a serious crime. The US can't openly do electronic warfare but they can stand by and watch this clown do what basically amounts to cyber-terrorism, a least for a little while
Anyway, now that he doxxed himself I hope the DPRK actually gives him something to fear lol
Also
And ever since he took down the internet in North Korea, he has also been approached by the National Security Agency (NSA). Everyone wanted to know how he did it.
Lmao
This is peak journalism, they obviously took him at his word
What normal people hear: "He took down the routers with some crazy complicated algorithms. He's Neo in the matrix."
What IT professionals hear: "He hired a bunch of people to keep sending spam letters to their tiny mailboxes until they were so stuffed that they couldn't receive any legitimate mail."
Has anyone here ever worked a tutoring job from Varsity Tutors? I keep seeing them on linkedin with tutor jobs focusing on security. I was thinking it might be a good side hustle tutoring for just a couple of hours a week for some extra income.
Never heard of 'em. I'd say most of those things, while not necessarily "scams", are probably not worth the time you would put into them. That said, if you have free time and they pay, then it is what it is. If you go down that path, make sure to report back!
I'm a late-40's life-long IT guy, working as a cybersecurity architect / deputy CISO for a state govt agency the last few years. I have my CISSP and bachelor's in IT mgmt from WGU.
I have access to free microsoft classes & cert tests through my employer. Thinking about going back and getting some certs. Does it make sense to do the security certs in order?
SC-900, SC-100-200-300-400, AZ 500
Or am I overthinking it and I should just jump in and try a test to see how I do?
Also off work today, so it's pet-project time: I have some scripts that collect local housing rental prices. I've been collecting this information in a sqlite db using python webscraping libraries, so I can chart the effects of gentrification and homelessness in my (small, rural) community.
Big consulting firms (e.g. Accenture) and the like. Government jobs too if you're close to where those are. Outside that, it's very random which companies have such openings. The bigger the company the more likely it would have a higher diversity of roles and seniority openings.
cybersecurity
Hot