D: “Did the attackers exfiltrate any data?”

M: “I can’t say for sure, but most likely based on—”

D: “—but did you find any undeniable evidence of it?”

M: “Keep in mind that the absence of evidence isn’t necessarily evidence of absence. There was very limited logging to begin with and the attacker erased artifacts and logs.”

D: “If there’s no evidence, then there was no exfiltration.”

M: “If a business doesn’t have cameras on its front door and then gets robbed, it can’t claim there was no robbery just because they didn’t video-record it.”

D: “That’s a poor analogy. Nothing’s missing here. I couldn’t care less if a robber made a *copy* of my money. That isn’t robbery.”

M: “... If the Titanic really hit an iceberg, then how come no pieces of an iceberg were ever found in the wreckage?”

Here's a list of unpopular stuff which I agree with:

1) I love Java more than any other programming language.

2) I love sleeping more than working.

3) I'm not a night owl. I thrive the most during daylight.

4) I don't like or need coffee. Tea is fine.

5) Webdev is a huge clusterfuck which I secretly wish that could just die already.

6) Cybersecurity is a meme and actually not that interesting. Same passes for Cloud, Machine Learning and Big Data.

7) Although I'm a huge fan of it Linux is too unstable and non-idiot proof to ever become mainstream on the desktop.

8) Windows is actually a pretty solid OS.

9) The real reason I don't use macos is because I'm a poorfag that can't afford an overpriced laptop.

10) I don't like math and I hate that people push math shit into random interview questions for dev jobs which have nothing to do with math.

Post yours.

Protecting credentials from eavesdropping using HTTP Basic Authorization header:

You think a junior dev pushing his code onto a production server is bad? Wait till you have that admin who is illegally mining Bitcoin on your production server. 😂

I went for a Cyber Security conference today with one of managers and this was one of the life experiences some of the speakers shared.

Especially painful being a cybersecurity engineer;

Did something wrong with an if-statement.

Caused authentication to break completely; anyone could login as any user.

Was fixed veeeeeeery quickly 😅 (yes, was already live)

Cybersecurity:
>nothing happens
>I can't believe we pay your useless ass to sit around doing nothing all day!
>something happens
>this is your fault

I'M STARTING GRAD SCHOOL!!!!! I'm so excited I can't think properly. I started screaming in Latin and German mixed with English because I couldn't remember enough words in any one language to express myself, and I'm still certain I was incoherent.

Doing cybersecurity and forensics because I hate having a social life 😎

Russia removes windows from all government computers to "show that they're serious about cybersecurity"....

What's the perfect job for someone who both loves socks and cybersecurity?

SoC analyst.

Hahahaha WTF...

You: fuck me in the ass
Me, an intellectual: penetrate me in the vulnerabilities

I'm soon graduating from a tech/IT school which recently specialized in cybersecurity.
Today when I changed my password on their website, it displayed the old one in clear text.
God damn it people, THIS is the reason why our school's reputation has been slowly but steadily going down.

!dev - cybersecurity related.

This is a semi hypothetical situation. I walked into this ad today and I know I'd have a conversation like this about this ad but I didn't this time, I had convo's like this, though.

*le me walking through the city centre with a friend*
*advertisement about a hearing aid which can be updated through remote connection (satellite according to the ad) pops up on screen*

Friend: Ohh that looks usefu.....
Me: Oh damn, what protocol would that use?
Does it use an encrypted connection?
How'd the receiving end parse the incoming data?
What kinda authentication might the receiving end use?
Friend: wha..........
Me: What system would the hearing aid have?
Would it be easy to gain RCE (Remote Code Execution) to that system through the satellite connection and is this managed centrally?
Could you do mitm's maybe?
What data encoding would the transmissions/applications use?
Friend: nevermind.... ._________.

Cybersecurity mindset much...!

My family supported me all the way. Not per definition by buying me stuff but they always 'pushed' me to do what I love doing and I am now doing that!

But, I'm a huge privacy/cybersecurity freak and my family mostly migrated to Signal and stuff like that so that's awesome :)

Working with JavaScript is like trying to have protective sex with condoms with millions of holes.
- a cybersecurity perspective

C: “Look, I agree that these are likely leading practices, but we really don’t need all that.”

M: “These aren’t even leading practices, these are the bare minimum practices to help ensure secure login sessions and that account passwords aren’t trivially compromised.”

C: “How do I put this...? You’re trying to secure us against the hacker. That’s a noble goal. But my only concern is the auditor.”

M: “...”

Someone is trying to launch a brute force attack on one of my servers that I set up for an old project. According to the logs, they've tried Jorgee, they've tried directly accessing the MySQL database (with the laziest passwords), and they're now on day 4 of their brute force attack against my SSH server. I'm fairly certain that they won't be getting in (not that there's anything worth getting in the first place), but what's the standard protocol for this? Do I just wait this out, or is there something I can do to break their bot? I have fail2ban enabled, and it is doing its job, but the attacker is changing their IP address with every attack.

How to get investors wet:

“My latest project utilizes the microservices architecture and is a mobile first, artificially intelligent blockchain making use of quantum computing, serverless architecture and uses coding and algorithms with big data. also devOps, continuous integration, IoT, Cybersecurity and Virtual Reality”

Doesn’t even need to make sense

Got released from the miltary after 3 years of CyberSecurity/Sysadmin role.

2 weeks layer I got a job as security sysadmin in a large telco company.

Still wish to be dev instead though

Many people / engineers around me talk about trendy stuff like Cybersecurity or AI and show off what great encryption and neuronal networks they 'have built' ( I would rather say 'using').

I kinda get the feeling of 'Everbody talks about it - no one really knows what's goin' on inside (especially those guys who hate math and even algorithms).'

Am I just stupid or does somebody else here feel the same way? I mean people have been doing serious research about this stuff for years. And currently many kids are coming up with it as if it is easy stuff like the bubble sort.

Did successful XSS in a website.
Later on, found out that the web was built on laravel.
Still trying to figure out the level of negligence required to make a xss vulnerable laravel website

According to the report of Reuters: The United States Navy banned the social media app TikTok from government-issued mobile devices, saying the popular video app represented a "cybersecurity threat." A bulletin issued by the Navy on a Facebook page saying users of government issued mobile devices who had TikTok and did not remove the app would be blocked from the Navy Marine Corps Intranet.

The Navy would not describe in detail what dangers the app presents, but Pentagon spokesman Lieutenant Colonel Uriah Orland said in a statement the order was part of an effort to "address existing and emerging threats...." The U.S. government has opened a national security review of the app's owner ByteDance.

I think I figured where to draw the line when trying to learn cybersecurity.

Learning ActiveDirectory.

No fucking thanks, I’d rather eat a big steaming pile of dog shit.

!rant

So today I had an initial interview for a tier 1 analyst position (it's a student position). The interview went really good, and I pretty much landed it and my next one is going to be next week. It sounded pretty awesome, but a part of me thinks it's going to be a tech support position more than anything else. Nevertheless, I hope I'll get the job, it seems like a nice gateway to more awesomererer jobs.

So here's my question: can any of you guys tell me more about this type of job? How mundane or interesting is it? I'm probably not going to decline the position, I just want to be ready for what's coming.

Freshly failed gloriously my degree in interaction design. Now I stumbled into a new job, doing a fullscale company advertisment campaign on cybersecurity for 6500 employees. Alone. Writing concept, gathering stakeholder, requirements and shit. I'm scared.

They call it security questions.
I call it social engineering backdoor.

I'm supposed to enter those questions after logging into my account and I'm not able to skip it nor to set a proper two factor method.

Well, fuck you. Did you ever thought about dying by a two factor method? Ever watched a Saw movie? You got the idea.

Stop developing and become a cybersecurity analyst.

What the best way to learn about hacking and cyber security??

Sad how the easy to make softwares are already flooding the market and making millions so now we actually need to work a lot and innovate on something if we wanna a few bucks.

Also sad how in the 80s you could rob banks with just sql injection and now its almost impossible unless you’ve been devoting you being to cybersecurity for years.

Basically I feel it would have been cooler to be a computer scientist 30 years ago :/

Privacy is a myth, just like democracy

Any professional pentesters or someone working in cybersecurity as a profession? I need some advice. The company I intern with right now wants me to test their web applications for security (they really don't care so much about security). I just wanted to know is there a standard set of procedures or a checklist that is usually followed? I know automated testing is not all that effective against web applications but what are the steps you usually take?
As of now, I have run tests and am now performing a code review but it's in PHP and I'm not really good with it. I'd like to know what more is done as a standard please.

Fucking job recruiters or whoever the fuck.

If the first line on my resume is under "Objective" and it states, "To obtain a job, internship, or Co-op in the field of Networking, Cybersecurity, or Administration." You can clearly see the world sales and customer service are not in there.
If you take 5 seconds to read that or search for the words customer service or sales YOU WON'T FUCKING FIND ANYTHING​.
SO WHY THE FLYING FUCK DO YOU CUMBUCKET FILLED PIECES OF SHIT KEEP OFFERING SALES AND CUSTOMER JOBS TO ME.
I even got a senior sales position before. :|
Yet I can't even get a call back from an internship that's related to what I want to do lol. Smh.

My office WiFi is freaking fast upto 25mbps, should I download Torrents using it. Is there a possibility that corporate networks are under more surveillance ?

I feel i need to be specialized in something coz everyone can code now... like u have machine learning engineers and devops/cybersecurity but im not really into either. What other sub fields are there?

How did your quest into the dev world look like? That's mine:

First time: Age 12, was in a C++ evening class for like 2 weeks, I undetstood nothing.

Second time: Age 16-18
Fiddled with scripts for steam games and jailbroken my iPhone while fiddling with aystem configs. Nothing major.

Third time: Age 19, learned Python in a Cybersecurity course. Failed miserably because the tutors were shit, thought I hated programming.

Fourth time: Age 21, developed a lot of scripts in my sysadmin job, one of them needed a GUI so I leanred C# and WPF. Enjoyed it so much I eventually enrolled in a Java 10 month course.

Fifth time: Now, age 22, learning Android and Fullstack javascript by myself. Enjoying every moment.
I still work as a sysadmin though.

Given how much talk there's around security, I think it'd be grand idea to dedicate a weekly rant to cybersecurity. Could spark an interesting discussion, especially in today's heated climate. Thoughts?

E.g. Best way to increase security/privacy?

Ever been phished?? 😉😉

Do you ever wish you got into cyber security over being a dev?

When you have God complex but are just a dumb clown.

When your cybersecurity departement gets back your hacked servers but then the whole network is DDoSed!

whenever i get into something with default credentials, i leave a note or change a name to say something like 'IMPROVE YOUR SECURITY'

today i did it on a printer in the library, one day i'm gonna be in cybersecurity :d

I want to switch careers from 3.5 years of IT and cybersecurity to development. I have no CS degree and am 22 years old.

Do you think companies treat someone like me differently compared to some college graduate with no tech experience? Or that the only experience that matters is dev experience?

Canadian government being cheesy!

Okay so I'm back at ranting now cause I got a reason in my useless life to rant lmao. I started college recently, I'm majoring in Computer Science so the thing is that, my University provides specialization in cybersecurity and stuff to third year students and our Mr. HOD of applied sciences, who is basically an ass, in charge of conveying all the details to students, puts a complete mailing list of freshmen in the 'To' box rather than using BCC... smh. *Evil laughter*

I am trying to start my career in the world of web development currently I am 16 and in 2 years I have to move out (moms orders) what would be the first move into getting a job as a web developer is it best to freelance or work full time for a company and what certification's would you recommend getting I am already very good with computers both windows and Linux (windows can kiss my ass tho ) and I know html css as well as some php and jquery I even know a little MySQL (I am also very talented at cybersecurity mainly infosec and OSINT )

(I know this question probably sounds stupid but I would like some advice from people in the area recently I told my dad I want to be a web developer my dad then told me I should get a real job )

Any advice would be great

Hello devrant, I have a question:

What can you tell me about cybersecurity? is it worthwhile? I mean, could I get a nice job with it? Where should I begin to start learning about it?

Have you ever wondered why the developer part of the tech world is so rich and full of community? Devrant is one example.

Coming from a background of IT and cybersecurity I've never felt this way before. Why the IT and security world isn't as rich?

What RSS feeds are you guys subscribed to? My reader is so damn empty all the time. Preferrably CyberSec and Linux related (English or German).
I'm currently subscribed to Heise Security (German), Hacker News, NixCraft and Linux Journal

Reading Geekonomics (silly title for the book) and seriously considering that maybe we should all be licensed/certified since so much software is broken, looking at you Equifax.

Hey guys, I want to do a cyber security career. For me it's the most interesting field in CS. How can I get started? Is it worth to do some online courses where you get certifications (asking this because they are kind of pricey). I'm a QA Tester with 1 year of work experience, don't know if I should just apply to jobs or acquire skills/certificates first. Thanks for all the incoming answers. :D

I'm starting to really regret not meeting more professors in school. I'm trying to found a ctf team at my university and can't get a single professor to agree to advise the club (it's required to use school resources) loads of interested students but I can't find a single staffer. All the computer science professors talk about how important cybersecurity is but they don't want anything to do with it.

I'm so desperate I'm about to reach out to... information systems professors from the college of business

I'm tempted to join a cybersecurity challenge and give it a shot. The only problem is that the dates for the admission tests are fully overlapping with my exam period at university, and I *need* to pass some exams this time.
Why does it always have to be so complicated?

AWS y u no let me make folders!!!!????

Which one comes first? vulnerability or threat? 🤔🤔 I would go with vulnerability how about you guys?

Really really frustrated with constant changes to webapps from business teams lol .. made major code changes to a product 6 times the last 6 months 🙄

Any suggestions on how to transition into a security engineer job (I manage DevOps for the company as well, and I am currently studying cybersecurity engineering too)

I'd like to one day work on security consulting/advising (incident response, opsec, SOC, etc). For those of you here that are currently in or have worked with people in that field: what advice do you have for handling cyber risk situations?

Bought a Rubber Ducky today. Anyone got some cool scripts I can run on it?

Hey all, I'm currently getting a job offer for a risk advisory position (my stepping stone into cybersecurity), and I'm extremely excited.

It would be my first tech job, and in the tri-state area (NJ/NY/PA).

Do you have any advice on salary negotiation before I decide whether or not to accept the position? Trying to do my research on glassdoor, but I also want to hear from the pros on this board.

hey guys. I want to explore the field of cybersecurity as it is THE field of my interest. Help me?

Has anyone played with new flash CVE? 4171?
Any cybersecurity people?