I'm compiling a list of interview questions & links of q&a for people trying to get into infosec roles. What are some basic/moderate/advanced questions you'd expect to ask or be asked on an interview? From what is port 25? How does a reflection attack work and how can you mitigate it? Over which port does ICMP function? Please give me your questions, your links, your huddled masses.
Over 485,000 Ubiquiti devices vulnerable to new attack.
Ubiquiti devices could be exploited to launch DDoS attack. Exploitation attempts detected.
@stuarttempleton how'd your game jam go?
#gamedev Unity folks:
I know this sounds really dumb, but is there a way to open the Inspector window via script?
Anyone on the fediverse have any experience with unity's new input system? #gamedev
I'm curious about recommended documentation specifically on API best practices. OWASP seems to have a dead project and some other REST risk documents. I found NIST 800-95 circa 2007. I'm just wondering if a NIST document or other resources are eluding my first attempts. I'm looking to set up a high level policy on API/API gateway requirements.
If you're trying to do digital #forensics in the #cloud on #AWS, there's a really good PDF on this web page that lays out high level principles. https://aws.amazon.com/mp/scenarios/security/forensics/. It's also worth it to go take a look at https://threatresponse.cloud/ for a lot of free tools.
Dumb question for anyone with experience with Mac OSX STIGs. I have 10.13 High Sierra I need to apply STIGs to. NIST and DISA are for 10.12 Sierra. Can those be applied to 10.13 or will something break? Looks like CIS has 10.13; might just go with that. My experience with Apple is limited hence the question.
Above doesn't require priv escalation. You could also run netstat -naob as admin to get the process name from the start along with other variations of the commands. Some require priv escalation. Listing parentprocessid helps follow the trail of what invoked that process. Some services run under svchost process and you need service details to figure out what it is. Know what's normal to find the bad.
Some helpful blue team commands?:
TCP [Local address]:55824 [Dest address]:443 ESTABLISHED 5748
What's that lil guy connecting out under Process ID PID 5748?
C:\wmic process where processid=5748 get name, parentprocessid
Cool. My browser IS running right now. But what's that other guy LISTENING on port 5040?
C:\wmic process where processid=3392 get name, parentprocessid
PCI-DSS 8.1.8 lists 15 min but I'm assuming this is related to anything in scope of processing, storing, etc PCI data. 12.3.8 goes into automatic disconnect of sessions for remote-access technologies, but doesn't establish a timeframe; just that a timeframe exists.
Maybe I'm looking in the wrong places?
@FlyingLawyer found these blogs related to backup tapes not being included in scope of erasure with certain stipulations. Opinion provided by French data protection authority (CNIL).
Must find time to dig into this. Maybe I'll set an OOO. That'll surely prevent new work from coming in.
A Mastodon instance for info/cyber security-minded people.