Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.
Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.
Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:
1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.
Check it out:
c) Don't know? Network+, Security+, then the Udemy course. Nice, inexpensive exposure to the field. Read up on the CISSP, even if you can't write the exam yet. The mile-wide, inch-deep nature of that beast also happens to be a great way to get exposure to the size of our field, and give you an idea on where you may want to spend your time.
Oh, and take that writing class at the local college or whatever. We all need better communication skills in this field.
Overall my current strategy for getting people into things is as follows:
1. Offensive, Defensive, or just curious?
a) Offensive - The Cyber Mentor's course on Udemy, then TryHackMe, then HTB/VulnHub. then eLearnSecurity/OSCP.
b) Defensive - Splunk Academy and try to get a job as a SOC analyst. That's the best advice. Want a course? Network+ and Security+, then maybe one of the eLearnSecurity Blue Team courses. Maybe CompTIA CySec+ or whatever it's called now.
I would tell people to start more formalized education afterwards, maybe eLearnSecurity or one of the CompTIA certs like Security+ or PenTest+ afterwards if they really wanted to get into the offensive side, but take a damn Creative Writing course first so you can learn to write reports!
There's plenty of crap on THM, but the machines and environment are easier to get into than HTB, which is just hard-core, but also in a lot of ways more "realistic" IMO.
Today I reached "G0D" status on TryHackMe.com. Nice. Do I feel like it was earned? Not really. Seems an easy way to game the system if you persevere enough.
Also, WAY too many CTF authors on there are obsessed with stego and Vigenère ciphers. I certainly see why people aren't fans of CTFs for security work.
Truth be told it's not a bad place to send someone who wants a low-cost means to learn something new and more importantly practice the craft.
My first time being quoted in "print"! Very exciting! It was for an article on Password Management. So exciting!
So after running `apt update ; apt upgrade -y ; apt autoremove -y` on my Kali install on Virtualbox, I have managed to bork my install. I can reach the login prompt, but can't connect. Seems this time it's a disk-space issue (how I ran out of disk space, I have no idea).
Rather than fight with the damn system by booting into a rescue terminal or anything else, I'm just moving to Parrot OS to see what the hype is about.
The chrome port of What Campaign has gone live!