I'm compiling a list of interview questions & links of q&a for people trying to get into infosec roles. What are some basic/moderate/advanced questions you'd expect to ask or be asked on an interview? From what is port 25? How does a reflection attack work and how can you mitigate it? Over which port does ICMP function? Please give me your questions, your links, your huddled masses.

SandPaper boosted

Over 485,000 Ubiquiti devices vulnerable to new attack.
Ubiquiti devices could be exploited to launch DDoS attack. Exploitation attempts detected.

SandPaper boosted
SandPaper boosted

Copying from Emacs via PuTTY 

SandPaper boosted

#gamedev Unity folks:

I know this sounds really dumb, but is there a way to open the Inspector window via script?

SandPaper boosted

Anyone on the fediverse have any experience with unity's new input system? #gamedev

I'm curious about recommended documentation specifically on API best practices. OWASP seems to have a dead project and some other REST risk documents. I found NIST 800-95 circa 2007. I'm just wondering if a NIST document or other resources are eluding my first attempts. I'm looking to set up a high level policy on API/API gateway requirements.

SandPaper boosted

i put together a ton of one-image beginner-friendly drawing tutorials that folks here might find helpful, including this one! megathread below 👇
#creativetoots #mastoart #gameart #conceptart #tutorial #arttut

SandPaper boosted

If you're trying to do digital in the on , there's a really good PDF on this web page that lays out high level principles. aws.amazon.com/mp/scenarios/se. It's also worth it to go take a look at threatresponse.cloud/ for a lot of free tools.

Dumb question for anyone with experience with Mac OSX STIGs. I have 10.13 High Sierra I need to apply STIGs to. NIST and DISA are for 10.12 Sierra. Can those be applied to 10.13 or will something break? Looks like CIS has 10.13; might just go with that. My experience with Apple is limited hence the question.

Above doesn't require priv escalation. You could also run netstat -naob as admin to get the process name from the start along with other variations of the commands. Some require priv escalation. Listing parentprocessid helps follow the trail of what invoked that process. Some services run under svchost process and you need service details to figure out what it is. Know what's normal to find the bad.

Hmmm svchost.exe?

What's running under svchost besides everything?

C:\wmic service where processid=3392 get name, servicetype, pathname

Name CDPSvc PathName C:\WINDOWS\system32\svchost.exe -k LocalService -p ServiceType Share Process

Ok. CDPSvc syncs mail, calendar, contact info.

Some helpful blue team commands?:

C:\netstat -nao

TCP [Local address]:55824 [Dest address]:443 ESTABLISHED 5748

What's that lil guy connecting out under Process ID PID 5748?

C:\wmic process where processid=5748 get name, parentprocessid

Name Firefox.exe

Cool. My browser IS running right now. But what's that other guy LISTENING on port 5040?

C:\wmic process where processid=3392 get name, parentprocessid

Name svchost.exe

PCI-DSS 8.1.8 lists 15 min but I'm assuming this is related to anything in scope of processing, storing, etc PCI data. 12.3.8 goes into automatic disconnect of sessions for remote-access technologies, but doesn't establish a timeframe; just that a timeframe exists.

Maybe I'm looking in the wrong places?

I'm curious what people would recommend for VPN session lengths and timeout periods for remote workers and why.

Looking at NIST SP 800-53r4 AC-11, it goes into session lock in general as defined by org by risk; sometimes no session lengths if org determines a session is mission critical.


When you submit IP ranges involved with coinmining malware to a cloud security company and they categorize it as "financial services." That's some "next-gen" right there. 🤔

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.