buzzword translations:

"cloud" -> someones computer

"big data" -> lots of somewhat irrelevant data

"ai" -> if if if if if if if if if if if if if else

"algorithm" -> something that works but you don't know why

"secure" -> https://

"cyber security" -> kali linux + black hoodie

"innovation" -> adding something completely irrelevant such as making a poop emoji talk

"blockchain" -> we make lots of backups

"privacy" -> we store your data, we just don't tell you about it

Our designer (and frontender) just saved my ass big time. Had to do a tiny project involving design and frontend so I gave it a try and it looked like crap, deadline in a week. The designer made the most beautiful thing in like two days.

Kudos to all designers for doing what they're good at and ensuring that we, backenders (and cyber security people for that matter), can do our thing without having to worry about knowing how to design stuff and create interfaces because we might hate doing that and sometimes just really suck at it.

Kudos designer guys/girls!

Running from my job to my bus stop while having my phone in my hands trying to fend off a cyber attack while my hands are nearly freezing and its raining like hell.

Sometimes my job is just fucking awesome.

The cyber police...

I have this one friend who thinks he is a tech guru just because he plays video games a lot and started to study cs for one year. Now he got a job as sysadmin and it is funny to hear him brag about the job in front of non-tech people because he sounds like a CSI Cyber episode, just throwing tech words at the people and I know that he talks bullshit.
But I have to admit, he knows how to sell himself. Probably that's how he got the job in the first place because it cannot be his experience.
Yesterday he called me, to help him edit something on a linux server. I told him "To edit the file type 'vi FILENAME' and then you can edit. I have to go now, I have a meeting." :]

A while ago (few months) I was on the train back home when I ran into an old classmate. I know that he's a designer/frontend/wordpress guy and I know that he'll bring anyone down in order to feel good. I also know that he knows jack shit about security/backend.
The convo went like this:

Me: gotta say though, wordpress and its security...
Him: yeah ikr it's bad. (me thinking 'dude you hardly know what the word cyber security means)
Me: yeah, I work at a hosting company now, most sites that get hacked are the wordpress ones.
Him: yeah man, same at my company. I made a security thing for wordpress though so we can't get hacked anymore.
Me; *he doesn't know any backend NOR security..... Let's ask him difficult stuff*
Oh! What language did you use?
Him: yeah it works great, we don't get hacked sites anymore now!
Me: ah yeah but what language did you use?
Him: oh it's not about what language you use, it's about whether it works or not! My system works great!
Me: *yeah.....right.* oh yeah but I'd like to know so I can learn something. What techniques did you use?
Him: well obviously firewalls and shit. It's not about what techniques/technology you use, it's about whether it works or not!

That's the moment I was done with it and steered the convo another way.

You don't know shit about backend or security, cocksucker.

After it was revealed that the Equifax hack was even bigger yet again, the US government said something that really made me say/think something in the trend of "WHAT the actual FUCK?!"

"This data is in the hands of cyber criminals anyways".

You run the biggest mass surveillance program in the world, sucking up more than a million terabytes every hour, then at least could you PRETEND to care/take interest when the personal data of about all your citizens appears on the Internet?!

Fucking hell.

So a fucking friend of mine makes me meet this fella who is a big shot according to his LinkedIn and please note has too much experience with Web Apps and Python

Me being naive actually trusted that and I meet him.

Fella: So what do you do?
Me: I am into Cyber Security nothing much I just do bug hunting for now
Fella: You know python will help you right?
Me: Sorry?
Fella: You see you have to be a python programmer for anything you want to do in CS
Me: Me yeah I kinda know python actually I am more into Ruby from start so ( Around this time I kinda sensed that he is a fake tech guy he is a corporate asshole)
Fella: show me any of your work
Me: (So to show him one of the thing I was working on I open GitHub desktop app) Me explaining blah blah blah
*Fella is in shock*
So at this point I was thinking probably he is impressed and that's why the shock right?

No a big fucking no
Apparently he never heard about GitHub or git and got blown away by the interface.

And the friend who made me meet that guy is not my fucking friend anymore that prick can die for ruining my day

Another incident which made a Security Researcher cry 😭😭😭
[ NOTE : Check my profile for older incident ]
-----------------------------------------------------------
I was invited by a fellow friend to a newly built Cyber Security firm , I didn't asked for any work issues as it was my friend who asked me to go there . Let's call it X for now . It was a good day , overcast weather , cloudy sky , everything was nice before I entered the company . And the conversation is as follows :

Fella - Hey! Nice to see you with us .
Me - Thanks! Where to? *Asking for my work​ area*
Fella - Right behind me .
Me - Good thing :)
Fella - So , the set-up is good to go I suppose .
Me - Yeah :)
*I'm in my cabin and what I can see is a Windows VM inside Ubuntu 12.4*

*Fast forward to 1 hour and now I'm at the cafeteria with the Fella*

Fella - Hey! Sup? How was the day?
Me - Fine *in a bit confused voice*
Fella - What happened mate , you good with the work?
Me - Yeah but why you've got Windows inside Ubuntu , I mean what's the use of Ubuntu when I have to work on Windows?
Fella - Do you know Linux is safe from Malwares?
Me - Yeah
Fella - That's why we are using Windows on VM inside Linux .
Me - For what?
Fella - To keep Windows safe from Malwares as in our company , we can't afford any data loss!
Me - 😵 *A big face palm which went through my head and hit another guy , made me a bit unconscious*

I ran for my life as soon as possible , in future I'm never gonna work for anyone before asking their preferences .

You think a junior dev pushing his code onto a production server is bad? Wait till you have that admin who is illegally mining Bitcoin on your production server. 😂

I went for a Cyber Security conference today with one of managers and this was one of the life experiences some of the speakers shared.

I'm a week into my new job right now. What do I love the most about it?

Learning things all day long and getting paid for it!

I'm learning about hosting things, DNS, cyber security, configurations, Linux (although my current skill set with Linux has been enough for now) and so on!

Hell, easy day today (not that many tickets) so decided to start learning Ansible! Next to that I've gotta learn vim (it just autocorrected that to cum.... O.o), work with hosting panels, mail stuffs (dns, debugging etc etc) and so fucking on.

The boss hasn't been at location yet which will happen tomorrow but he seemed like a very chill guy.

I love this!

Got a call from a recruiter today. (Keep in mind that using WhatsApp is about a requirement over here.)

R: so can I app you (I hate that word to the fucking point) with further details?
Me: *oh fuck this is gonna get me fucked again* uhm I don't use it so yah...
R: ohhh okay, security reasons?
Me: *slight relief* yes indeed, sir
R: oh fair enough, you can always just text and call me!

*very relieved feeling*

It's for either a cyber security or linux job by the way.

So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?

BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.

I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.

Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.

So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.

- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.

- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.

And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.

Currently at a cyber security event.
The most ironic thing is that the WiFi here is not secured...

I'm a programmer and an aspiring cyber security specialist. Yesterday, after I gave a presentation about smart bulb hacking, I heard through a coworker that a cyber security company is interested in talking to me. Yay!

Not particularly worried about the increase in mobile cyber attacks.

I don't think cyber Monday works the way you think it works...

Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

(The PM is pretty technical)
One day:
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
PM: Nahh.
*walks away*

Next day:
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Me: Yup!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*

It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?

Cybersecurity:
>nothing happens
>I can't believe we pay your useless ass to sit around doing nothing all day!
>something happens
>this is your fault

The first rule of cyber security:

"Be Paranoid"

Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.

Was searching for an online note taking app which also provided open source end to end encryption.

After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!

Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).

Went to the Q/A section because that's really weird.

Saw the answer to that question:

"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".

😵

I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.

Too badly I never received a reply.

People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!

The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.

This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.

Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!

Cyber programmer :D

Got this post by the cyber security hub today.

Me: So what you are doing in the IT field?
Him: I am hacking bank websites.
Me: OK, that's cool. It is good in free time. What is your actual job?
Him: I am seriously hacking the bank Web site!
Me: Trust me, if you seriously doing that you will never ever mentioned it...
Him: No, I am doing it legally... The bank hiring me to try to hack the website...
Me: OK, you mean that you are cyber security tester?
Him: That is almost the same...
Me: So you are tester?
Him: I am hacking bank's websites...
Me:....

Here we go again!

I got arrested multiple times under acts of cyber crimes...
Yeah, so what if I did? Why is it a problem that I take down CP sites? "Because it's partaking in cyber warfare." Well then the police and the Federal government should execute their job keeping such out of the web space. Now, whenever I find a job, I have to inform due to the judge's final document. And not just that now when I am required to talk to a police officer who has seen my record all they can reckon is to escalate it.

What fantastic horse crap! You get arrested for tracking down child molesters and taking them off the web exclusively...
Some say I'm a social justice warrior, only I don't think that I am. I reckon I am merely an over eccentric programmer who desires to see the real criminals get sent to jail.

hate it when Linux users talk like they own the cyber world.. linux is bla bla windows is shit shit..
I am not a linux fan, nor a Windows fan. just I use what is the best for the requirements

A: There is not even a single forum for cyber security. Let's build one.
Me: Are you sure that there is not even a single forum?
A: Yes, I'm a cyber security expert. I have 5 years of experience in this field.
Me: **walks out quitely**

Probably the most rage inducing data loss story...
When it comes to my cellphone I'm a data hoarder, I store each relevant meme, conversation, video, contact, nudes, etc. Had to replace my phone? Easy, change the SD.

I did this for about 4 years, had over 11GB of almost everything and anything in a 36GB SD, one afternoon my buddies and I went to a small tech convention and on our way to my car we got mugged by 5 armed men.

They took my brand new phone along with my wallet and all my cash, luckily I had GPS tracking enabled and we were able to pinpoint the exact location of my phone within 30min.

So far so good...

We called the cops and went with them, we found the car with illegal plates and weapons inside (knives, a bat, gun) so I tell the robbers were in there inside a closed cyber cafe and showed him the point on the map confirming this.

Cop: oh we can't do that we don't have an order...
Me: are you kidding me, here's the GPS, there's the car, there's the weapons, doesnt that count as at least probable cause or some shit?
Cop: we don't have that in this country, you can file a report and after 3 business days we can come here to inquire.
Me: (fucking lost it) do you fucking think they'll be here in 3 days?! I'll give you 500 bucks if you go bust their ass now.
Cop: (thinks about it) but what if they are armed? [4 patrols, 8 cops, 4 rifles and at least 6 guns plus vests] Maybe if you had contacts within the bureau we could have an order now...

(┛✧Д✧))┛彡┻━┻

I lost a lot that day, including respect to this fucked up system.

t(ಠ益ಠt) FUCK THE POLICE go eat a dick.

Fucking China!

The only time they ever come out of their pathetic walled internet is to attack your servers.

Fuck that country.

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

few years back there was a corruption scandal in my country, serbia. one of the ministries paid around 25,000 euros for a website to a company that was founded few weeks before the open call. for comparrison sake average pay at the time was around 300 euros. the website it self didn t have any special features, just publishing contenet. wordpress would do the job. on a press confference, trying to defend the cost, spokesperson of the ministry said that the website was made in "cms programming language".

it community lost it! mems started immediatelly, "i am learning cms language so i could charge 25.000 per project". and then one guy got intrigued, found the login page, and typed:

username: admin
password: 12345

and got in!!!!
i kid you not!

he posted featured news on the homepage, saying hey guys your credentials probably shouldn t be admin/12345. twitter was on fire, everyone started loging in and posting shit.

and the crasiest part is that this guy was arrested and charged for cyber-crime!

Anyone here who also got super bored while on a porn site and ended up pentesting that porn site..?

I watched the news recently and they talked about cyber security.

To demonstrate "how serious the topic is" they showed a screen with a terminal and literally pinged google.com.

I thought that was funny

Largest-known cyber attack in history 'hits web host GitHub.

I think I ranted about this before but fuck it.

The love/hate relation I have with security in programming is funny. I am working as a cyber security engineer currently but I do loads of programming as well. Security is the most important factor for me while programming and I'd rather ship an application with less features than with more possibly vulnerable features.

But, sometimes I find it rather annoying when I want to write a new application (a web application where 90 percent of the application is the REST API), writing security checks takes up most of the time.

I'm working on a new (quick/fun) application right now and I've been at this for.... 3 hours I think and the first very simple functionality has finally been built, which took like 10 minutes. The rest of the 3 hours has been securing the application! And yes, I'm using a framework (my own) which has already loads of security features built-in but I need more and more specific security with this API.

Well, let's continue with securing this fucker!

former boss wrote three cyber-defense books. had his "collections" team sending plaintext passwords to high-side clients over unsecured email

The institute where I did my B.Sc is under a ransomware attack, and I'm bracing myself for the publication of my embarrassing transcripts, and possibly the even more humiliating scans of my exams 🤣
Oh, well.

Some years ago I was in cyber security in the military being shown some new tech for our use. Was challenged to try and get past it after being explained it's basics. Took me one long line in Linux about 10 seconds.
Anomaly detection firewall with machine learning seemed like a good idea.
Setting it to aggressive response and then change the package header to the firewall's own address however made it kill itself.

We didn't deploy that firewall that I know of.

I'm soon graduating from a tech/IT school which recently specialized in cybersecurity.
Today when I changed my password on their website, it displayed the old one in clear text.
God damn it people, THIS is the reason why our school's reputation has been slowly but steadily going down.

Haha! Sorry but this new cyber attack that's hit the NHS and other company's around the globe, just makes me laugh 😂

These company's just will not spend money on IT, keeping everything update and backed up! 💾

Some of these machines will still running on Windows Vista or XP 😱

Who's at fault for the recent Wanna Cry virus: The companies affected or Microsoft/NSA?

Personally, I think it's the companies affected. This is what happens when you try and be cheap when it comes to cyber security​.

Cyber sec team: If someone exploit it we'll fucking arrest you

Cyber security. Deep knowledge of cyber security and networks is what I wish I had. The math stuff that no one bothers with, specifically.

Ahhh so thats how you learn. Damn i been doing it all wrong.

Fucked!

I have got my cyber security exam tomorrow morning and i just got a call from a client to make some urgent changes to his site.

To add to it, i already wasted around half an hour becoz GoDaddy Plex somehow decided to block my own IP in the firewall.

And now I am on devRant.

Crap. I am fucked!

Umm yes, this cyber you're talking about sounds interesting, where do i get a cyber? How much does a cyber cost? Can a cyber feed my family?

-.-

This isn’t gonna be a random because I do eventually get to a Tech and YouTube related topic.

YouTube is actually killing itself with all of the dumbass rules they’re implementing. Trying to child proof or limit educational content is genuinely a shit policy. The reason so many gaming channels are switching to twitch because it doesn’t try to censor you.

But now I don’t know if you’ve heard but YouTube updated their guidelines and they’re no longer allowing content that teaches people about Hacking essentially (and I hate putting it like that but I can’t remember the exact words they used Hacking just summarizes it) which is fucking ridiculous like what the fuck else, are they gonna stop allowing lock picking videos?

YouTube has always been an amazing FREE resource for people learning Programming, Cyber Security, IT related fields, and even shit like lock picking, cooking, car stuff, and all that stuff. Even sometimes when the tutorials aren’t as detailed or helpful to me they might be exactly what someone else needed. And Cyber Security can be a difficult topic to learn for free. It’s not impossible far from it, but YouTube being there was always great. And to think that a lot of those could be taken down and all of the Security based channels could either lose all revenue or just be terminated is terrifying for everyone but more so them.

A lot of people and schools rely on YouTube for education and to learn from. It’s not like YouTube is the only resource and I understand they don’t want to be liable for teaching people that use these skills for malicious purposes but script kiddies and malicious people can easily get the same knowledge. Or pay someone to give them what they want. But that’s unfair to the people that don’t use the information maliciously.

It’s the same for the channels of different topics can’t even swear and it’s ridiculous there’s so many better options than just banning it. Like FUCK kids nowadays hear swearing from their older siblings, parents, friends, and TV it’s inevitable whether someone swears or not and YouTube is not our parents, they aren’t CBS, so stop child proofing the fucking site and let us learn. Fuck.

TLDR YouTube is banning educational hacking videos and are being retarded with rules in general

I remember when black Friday was the day after Thanksgiving and cyber Monday wasnt a thing.

I was watching "hacker reviews hacking scenes from movies", and god forbid they brought a woman to do the analysis. A lot of butt hurt boys in the comments, that women left the kitchen and got into programming.
This aside, the combination of ignorance and arrogance was just wow. I mean, if you want to be a dick, at least back it up with skills.
Don't make claims about how "GUI is the single most important piece of any software". *laughing in embedded programming*

Cyber Windows

Plot twist: It's not graphic effects, it's my faulty gpu 😬

As for programming: (will do a cyber one later)

Don't *ALWAYS* only study/learn programming solely for learning it as this can be demotivating at times, find a cool project to do and learn while developing that!

This is how I learned programming in a fun way :)

I wish people on the radio and news would stop saying "cyber".

Signed up for Cyber Security Nordic this september. It looks interesting.

Got my first serious project about a year ago. Made it clear to the client that we are developing a Windows app. After around 80-100 hours of work client just goes "how about we make this a web app?" Got a "financial support" instead of the agreed payment. Got around 4 times less money than agreed upon. They never ended up using some parts of the software (I ran the server so I knew that they weren't using it)

I once had a nightmare explaining to the client that he cannot use a 30+ MB image as his home page background. Average internet speed in my country is around 1-2 MB/s. I even had to do the calculation for him because he couldn't figure out the time it took for the visitor to load the image.

Doing compulsory cyber security training and it's like "if you click a malicious link report it to the IT helpdesk" I and I click agree knowing full well the closest thing to IT we have is me...

So this just happened. Some background before I begin: We're understaffed, my desk is in the back of the building, and there's no one really at the front to greet people. No security either...

Guy walks in wearing a flannel jacket (no shirt under it), pajama pants, and sandals. He looks like hell. Explains he was just released from a hospital and his apartment is locked. I let him use my phone to call his sister.

When I talk to his sister, she barely wants to speak with him. Tells me his apartment is locked for a reason and he's not allowed back. I'm just like: "So... what would you have us do for him?" At this point if his sister won't help, I was going to ask him to leave. Oh, and that hospital was a drug rehab.

So it ends with him waiting for a ride, but he ends up napping on the couch in the front of our office. CEO/Owner and his business partner walk right past and say nothing. They go into a meeting. I'm trying to figure out if I ask him to leave, wait outside for his ride... I'm a developer, this isn't my job.

A good 45-60 minutes later, after the guy walked outside and then came back in and laid back down on the couch, he leaves with his ride. Shortly after the owner walks out of his meeting, so I ask him what to do in this situation - more hoping he'd realize the need for more security.

If this story isn't crazy enough, the business partner pipes up - absolutely serious - and says he didn't say anything because he thought the guy was a developer.

So I've learned that we've got extremely low hygiene standards for developers here, with a relaxed dress code and are allowed nap times on the front couch.

Thankfully our CYBER security is better than our PHYSICAL security. :|

Our local cyber security team has asked all to remove docker from their laptops, reason they can't track them

Most of our stack is aws fargate with nodejs and java springboot

Developers = wtf ?!!

I am tired of my idiot ‘friends’ asking me if I can hack Facebook Instagram etc. because some other idiot made them mad. Like fuck no. 1 it’s unethical as hell 2 it’s illegal I don’t want to go to jail. 3 I’m learning cyber security NOT hack stuff because someone hurt your useless feelings.

Ohhh and they always get pissed off when I explain everything wrong with their idiotic request

What a relief!

I got my final certificate for finishing 9th grade, and the council has determined that (drums please)

IM GOING TO CYBER / COMPUTER SCIENCE NEXT YEAR!!!!!!!!!!

Was watching CSI: Cyber and I spotted this, IT WAS AN APP!!!

Unnamed hacking game - "terminal" graphics
-Multiplayer. Last man standing.
-Like a tower-defence game but technical
You work for a company that has outsourced their technical department to Bykazistan, a country with good internet and bad laws. On one hand, labor is very cheap! There are no pesky laws protecting workers, so you don't need to pay them what they're worth. Phew. However, there are also no laws against cyber crime. But for a start-up like you, the risk is worth the reward!
...which would be great! If you were the only company with that idea. As it turns out, you aren't. All of your competitors also recently outsourced to Bykazistan, and that could be an issue.
You would be afraid, but you are a hardened businessman. You are familiar with the cut-throat nature of the business world and where others see risk, you see opportunity. Let the games begin.
Your mission is to protect your ciritical assets at all costs, eliminate your opponents, and make ciritical financial decisions - all while maintaining your uptime!
Build a botnet and attack your competition to decrease their uptime and disable their attacks. Port scan your opponents to learn more about their network, but beware of honeypots! Initiate devastating social engineering attacks - and train your employees against them! Brute-force their credentials, and strengthen your own.
Make sure to keep your software patched...

“It wasn’t my fault!” -person sentenced to 40 years in jail for cyber attacks.

Everyone knows I develop, so whenever there's a cyber attack close friends blame it on me.

Anyone who's interested in cyber security, go follow Binni Shah (@binitamshah) on Twitter. The amount of tutorials and guides she retweets is crazy and very informative.
Also if you're not on Twitter you're missing out on a lot of content to learn from ✌️

Please stop putting critical infrastructure to the internet. Security on the internet is a joke, and we won't be laughing the time when someone dies from a cyber attack on another pipeline/dam/weapons factory.

Rami Malek, you deserve the emmy. Great show.

I'm a geek. I love programming alot and I post programming memes and educational posts daily in my Instagram stories. There were many people in my profile who don't even know what programming is and when they see someone coding or sharing something related to coding, they call him/her hacker. That's what I used to be called in my Instagram account. I don't even know how to use Kali Linux, neither do I have any backend experience or experience in making exploits nor I shared any post related to hacking. Though I do post about cyber security things but the people are so dumb that everyday I get a new message in which the person asks me 'Bro can you teach me how to hack?', 'Bro let's hack a bank and we'll divide the funds' or 'Can you please hack my GF's account' and shits like that 😂 I'm like 'WTF is this!? What do you think I'm man!?' 😂😂 They all are really way too silly.
Please ++ this if ever happened with you 😂

THE CODE USED IN MY MANDATORY ONLINE TRAINING ABOUT CYBER SECURITY AND STUFF LIKE THIS:

<script>window.showQuestion(someOverlyVerboseResponseFromTheServerWithTheCorrectAnswersMarked);
</script>

Oh boi it would be a real shame if someone proxied your precious function :)

Movie about Stuxnet Cyber weapon is out

The advanced malware used by CIA and MOSSAD to sabotage Iran's nuclear program

"Zero days" by Alex Gibney

Gk watch it guys..

Regardless of all my complaining, and the current drunk urge to cyber bully right now, I am thankful for my job and for all the support and knowledge from the developer community that has made me a better human - that includes devrant. I am thankful that I have found something I’m sorta good at and I am able to support a very good lifestyle because of it. I am thankful for the good times I have because of programming, and I am thankful for the struggle that has helped develop me as a problem solver and professional. I am thankful for all my friends I have met in this field. I am thankful to God for this place I am in.

Many people / engineers around me talk about trendy stuff like Cybersecurity or AI and show off what great encryption and neuronal networks they 'have built' ( I would rather say 'using').

I kinda get the feeling of 'Everbody talks about it - no one really knows what's goin' on inside (especially those guys who hate math and even algorithms).'

Am I just stupid or does somebody else here feel the same way? I mean people have been doing serious research about this stuff for years. And currently many kids are coming up with it as if it is easy stuff like the bubble sort.

OKAY BUT WHY THE FUCK DO PEOPLE HAVE TO ACT LIKE THEY'RE SOME KIND OF GOD WHEN THEY CAN'T EVEN PASS AN INTRO CLASS. Some background: I go to an early college in high school program which offers computer science where you take two college classes a semester starting you junior year in high school. AND THIS GIRL TALKS ABOUT THIS PROGRAM LIKE IT'S AWFUL AND SHE HATES IT AND HOW THE PROFESSORS DON'T TEACH AND SHE FAILED AN INTRO TO PROGRAMMING CLASS WHICH TEACHES JAVA BUT THEN SHE ACTS LIKE SHE'S WAY ABOVE THE OTHER KIDS IN MY CLASS BECAUSE SHE'S RETAKING IT. SHE'S ALSO A STUDENT ASSISTANT IN MY CYBER SECURITY CLASS BUT DOESN'T KNOW WHAT THE localhost IP IS. I UNDERSTAND THAT I DON'T KNOW EVERYTHING BUT AT LEAST I DON'T ACT LIKE I DO. IT'S SO INFURIATING!!!!!!

What are you all planning on getting on Black Friday/Cyber Monday? I've pinched pennies all year and saved up just enough to only be able to afford 35% or so of the cost of being beaten in a local dark alley. That's not even what I wanted, but still.

I find it hilarious the total misconception of hacking that the general public has. I tell people I know cyber security (Not as much as a lot of people around here) but it is a hobby of mine and I find it very useful/interesting.

But I can't stop but laugh when someone is like, can you get all the text messages my bf receives?

Can you hack this for me can you back that?

C'mon even if I knew how to do that without being caught you think I would even admit that to you. Do hackers just walk around with an index card pasted to their forehead of their skill? It's not even slightly reasonable to think this lol even for someone who doesn't know about the field

Comment a 1 if you’re a web dev.
Comment a 2 if you’re a game dev.
Comment a 3 if you’re a data scientist.
Comment a 4 if you’re in cyber security.
Comment a 5 if you’re in IT.
Comment a 6 if you don’t fit any of the above categories and you code only in PHP and refuse to learn any other language because you think PHP is the future.

Just heard this on the news...

"The cyber security on my smart phone compared to the cyber security in medical equipment..."

Wtf did I just hear??? I mean, I get it...using terms the general public understands... But how about educating people instead. 😤

Rant considering the latest Cyber attack and the news around it.

(A recap: a lot of Windows computers were infected with ransomware (due to security hole on Windows), which demanded 300$ in bitcoins to unlock data. After 3 days the price would double, and after 7 days the data was to be deleted)
1) In our country, one of the biggest companies was attacked (car factory). The production stopped and they got for around 1 000 000€ damage in less than 24h (1300 people without work). The news said that they were attacked because they are such a big company and were charged more, as the hackers "knew who they were dealing with" - another reason being the fact that the text was in croatian (which is our neighbor country), but noone realized that it is just a simple google translate of english text - which is obviously not true. The hackers neither know nor care who is hacked, and will charge everyone the same. They only care about the payment.
2) In UK whole (or large part) of medical infrastructure went down. The main thing everyone was saying was: "Nobody's data is stolen". Which, again, is obvious. But noone said anything about data being deleted after a week, which includes pretty much whole electronic medical record of everyone and is pretty serious.
And by the way, the base of the ransomware is code which was stolen from NSA.
All that millions and millions of dollars of damage could be avoided by simply paying the small fee.
The only thing that is good is that (hopefully) the people will learn the importance of backups. And opening weird emails.
P.S. I fucking hate all that 'hacky thingys' they have all over the news.

Had my first interview for a cyber security gig.

1st round, preliminary questions about ethics in a security related topic, etc.

I wrote a report about that topic, but for some reason brain fogged the answer.

At the end of the interview, I also blurted out that I found the interviewer's presentation at a past conference and really liked it.

Pretty sure they now think I'm a creep.

That being said, it's been a few years since I've interviewed, so it feels great to get the dust off, even if I bombed it

Practice makes perfect, right?!

Ah, that feeling when you open random cyber space options in Firefox so you can watch children being forced, classical frontend development with devtools. Happens almost every Tuesday

2021 was really rough, saw friends going over the deep end with burnout, significant incidents to handle and a shitty manager to deal with.

It wasn't about blood and tears, it was about commuting 4 hours/day mid-pandemic to be present in the office and respond to an incident whilst having to deal with a bunch of heroes thinking they were part of a CSI: Cyber episode.

All of that just to be said that my raise "would be enough to keep me from looking elsewhere" as my manager said they were very happy with my performance.

This week I found out exactly how much this appreciation is worth: 2%. And I should consider myself lucky with this number as my performance wasn't good enough to grant me any raise whatsoever.

feelsreallybad.png

I'm a student at a cyber education program. They taught us Python sockets two weeks ago. The next day, I went home and learned multithreading.
Then, I realized the potential.
I know a guy1 who knows a guy2 who runs a business and could really use an app I could totally make. And it's a great idea and it's gonna be awesome and I'm finally gonna do something useful with my life.
All I gotta do is learn UI. Easy peasy.
I spent the next week or so experimenting with my code, coming up with ideas for the app in my head and of course, telling all my friends about it. Bad habit, I know.

Guy1 was about to meet Guy2, so I asked Guy1 to tell Guy2 about my idea. He agreed. I reminded him again later that day, and then again in a text message.
The next day, I asked him if he remembered.
Guess what.
I asked him to text Guy2 instead. He came back to me with Guy2's reply: "Why won't he send me a message himself?".
So I contacted Guy2. After a while, he replied. We had a short, awkward conversation. Then he asked why he should prefer a new app over the existing replacement.
He activated my trap card. With a long chqin of messages, I unloaded everything I was gathering in my mind for the last week. I explained how he could use the app, what features it could have and how it would solve his problem and improve his product. I finished it off with the good old "Yeah, I was bored😅" to make the whole thing look a bit more casual.
Now, all that's left to do is wait.
...
Out of all the possible outcomes to this situation, this was both the worst the least expected one.
I'm not familliar with the English word for "Two blue checkmarks, no reply". But I'm certain there is no word in any language to describe what I'm feeling about this right now.
By that point, Guy1 has already made it clear that he's not interested in being my messanger anymore. He also told me to let the thing die, just in case I didn't get the hint. I don't blame him though.

It's been almost a week since then. Still no reply from Guy2. I haven't quite been able to get over it. Telling all my friends about it didn't really help.
Looking back, I think Guy2 has never realised he has that problem with his product.
But still, the least he could do is tell me why he dosen't like it...
"Why won't he send me a message himself?" Yeah, why really? HMMM :thinking:

You know what? If I ever somehow get the guts to leave my home country, I'm sending a big "fuck you" to this guy.

Any reaction to the "Pegasus" leak?

What's a good book to read about hacking and/or cyber security? Doesn't have to necessarily a how-to guide, rather, just something to read on the subject.

Long long time ago when recharge coupons we a thing, I used to try out more codes in the series and waste my time. After failing a lot over this, I started trying out different USSD codes to see what other stuff is out there. This got me to stumble upon facebook and twitter on USSD. I'm not sure now but, twitter was probably *515# from my carrier.

Facebook. I remember chatting for quite a long period using this. Very slow and limited yet, fun. The USSD message expires within ~60secs. so you have to type the chat message before that or you lose everything you typed. The phone was no smartphone that would allow me to copy the text from the USSD input. On top of that panic, was a character limit to these messages. I remember hitting send while being midway through a message just so I don't lose what I typed, on a T-9 keyboard. Still miss those!

The person on the other side would receive a half message due to this, and would start replying without any patience, to which I panicked as now there's a new thing to respond to, and a half message which I'm waiting to complete.

Later over the weekend when I was allowed to visit the cyber cafe for an hour or two with 15-30 INR, reading the chat threads, being able to use the five sticker packs:) and thus continuing on a computer was fun. But, as the time at the cafe expires, I had to immediately shut off my session or I'd be charged more. Thus, I was left in the middle of a conversation again, and had to continue over USSD.

Using social media without any internet like this was quite fun in a weird way. If I get a new message, I'd get a USSD alert, and then an sms if I didn't reply in some 10-15mins!

This had all the features like like and comment. Friend requests too. For the posts in a "timeline" which was new and fancy in those days, all you see is the caption of a post which also gets truncated quite a bit as USSD also has to show it's options like:
1. Like
2. Comment
3. Next Post
4. Main Menu

This was around '13 or '14 I guess. After which I later got my first computer- a laptop. Anyways, the tactile feel of pressing the buttons on a T-9 keypad is nostalgic to me. 😅 And if you were a pro at texting, u must hv used shrtcts lyk dis too w/ emojis lyk :-) <3

Learn about
-Cyber Security
-Machine Learning (especially Reinforcement Learning & GANs)
-Microcontrollers (ATtiny)

Of course I want to finish the projects I'm currently working on and maybe start a YouTube channel about my projects.

Yes I know, it's quite a lot to do, but I don't know if I will ever have the chance to do all that things in my free time again.

Some things should be prohibited! Such as trying to look smart luring geeks with PHP code. That does not do what you wanted to do in the first place. Idiots!

Has anyone expirience with hacksplaining.com? Is it any good? (Just stumbled upon)

Massive cyber attack hits Europe. Hopefully everyone is patched and secure. Critical infrastructure, banks... impacted.

whenever i tell my dad about a technology that is going way beyond our imagination and tell him about the consequences of it and how we should worry about that
then he watches some random tv show about internet security/cyber security and various algorithms (very abstract) which are currently changing the world and how we should care about our data and what the consequences of X technology is...
he be like: "oh is that true? that's interesting, how does that work?"
i'm like😑 dad, i already told you about that😩

ever had similar experience?

Um just an script kiddie, any body doing Cyber Security?

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

Never been a fan of podcasts before, but I'm fixing to take a stab at listening to some.

What's a good tech/programming podcast? (Bonus points if it's about Cyber security)

devRant should add a new feature to create polls
e.g. 1: What OS do you prefer?
- Mac
- Linux
- Windows
e.g. 2: Which programming language do you prefer for web dev, mobile dev, etc.
- Java
- PHP
...

I bet after a while a cyber war would commence. And that would be devRant's fault because it gave developers a reason to hate each other.
So devRant please disregard my request for the new feature.

Narrator: And then he laughed sardonically.

Can you help me to come up with a company name?

I want to provide dev services (mainly mobile apps) but I also want to have couple projects of my own, so I can't go with a name which indicates only mobile apps. This is the keyword list that I have at the moment:

dev
optimal
baltic
digital
digital
app
cyber
data

vision
systems
projects
solutions
apps
systems
tech
development
software
strategy
byte
builder
services
industries
house
Factory
incubator
media
dev
projects
net
tools
system
center
tech
pro
loft
devs

and these are my current ideas:

appswat.com
appdevhouse.com
balticdevs.com
devbaltic.com
balticincubator.com
appdecision.com
balticstrategy.com
appmobservice.com
appmobservices.com
appmobileservice.com
appbaltic.com
devbaltic.com
mobilebaltic.com
databaltic.com
balticcyber.com
solutionmob.com
mobiledevmedia.com
balticmobilevision.com
balticmobilesoftware.com
mobilemediasystem.com
probaltictech.com

But none of them seem good enough :/

What do you think about appbaltic.com or devbaltic.com ? Does this name makes sense for you native speakers?

Baltic because it will be an eastern european company located next to Baltic sea. We will provide dev services and have couple projects of our own.

I take a moment for myself and assess the situation from a bird's view.

Then, I objectively look at the current situation and my response/reaction to this and try to change my thinking process/acting to a more rational one.

But, also, my general way of thinking in the cyber security world plus how I'm hardwired to think in a 'paranoid' kind of way makes my current job so fucking perfect for me that i often think about that and the fact that there aren't many people around who have this.

Honestly, school is useless for me as of right now. I know I should be well rounded and stuff, but do I honestly need to know the symptoms of cervix cancer while going into a tech career? My eyes have been set on tech for my whole life, ever since I left the womb, and I know that if I do switch careers, it'll be from comp sci to cyber security not from IT to med school...

I feel like I could really be devoting my time towards something better than writing a 5 page essay on a healthy food choice.

Every night I think to myself, "You know what, I'm going to lock myself in a room and write bash scripts all day" but then I wake up in the morning, and remember I have to take a quiz on reproductive systems, learn about the procedure of organ donations for driver's ed, write 2 paragraph definitions of vocab words, and read a book about communism.

The most useful thing I learned last year, was how to efficiently navigate the java API, and that's something you don't even learn, you just encounter it. Schools need to start having more specific specialties and stop enforcing knowledge of pointless topics.

I'm not saying to remove all core classes and stuff, I'm saying why waste space in our brains with something we won't use ever again? I get it, some people don't know what career they're looking for yet so you can't make them choose, but it honestly sucks some serious ass that I can't learn what I want to at school, and as a matter of fact, I can't even learn at home, because they're filling my schedule with pointless work because they feel that they have to fill our time somehow.

Point of this long ass rant is: Why lock yourself in a room and learn about something if it isn't something you want to learn about? The space in our brain is finite enough, why can't it be filled with things we're interested in rather than things that will only be used to get good grades in the future then overwritten with useful knowledge. Same thing with time. We have a very finite amount of time in a day, and now that I think of it, a lifetime. Why spend it on something that doesn't, and never will, make your life enjoyable?

About two weeks ago I had a cyber security competition. I spent a week or so working on a bash script so I didn't have two spend hours and hours on end doing tedious tasks to get points.

So here comes competition day and I have about 12 or so scripts that I predicted to get 60 or so of the 100 points. I open the competition image, grab my scripts, and run my call script (script that calls all the other scripts). Maybe 15 minutes later, the script is done...

ZERO FUCKING POINTS. I double checked all the files that the scripts configured and all of them worked. But NONE the vulnerabilities that my script fixed were vulnerabilities that the scoring report counted. Instead of me taking 20 to 30 minutes on the image it took my and 1:07... doesn't sound like much but the highly competitive people finished in around 1 hour and the people who just didn't give a shit about Linux took 3 hours...

Luckily... I was put onto the highly competitive team after that and it all worked out... I'll hopefully add more to this script before next competition.

I have been a professional Dev for about a year for a cyber security startup. Unfortunately, startup died do to finance mismanagement. My lead Dev said that he wanted to start a co-op contract business and since we all work great together than we should stick around. So we tried to obtain contracts and it is going much slower than imagine. I am going on my second month of no work or contract work. I'm working on my own site to do some freelance work on the side for myself offering ever, marketing and ERP software services. That is the goal for side hustle. However, for the main hustle well I'm stressed now of being home and we'll meetings not turning into money. I actually want to call it quits and do my own thing and look for normal gig. It just feels rough as he has been my mentor and offered me my first software gig. I don't feel like I own anyone anything I'm regards money or time. However, I do feel bad of I take off it will hurt them from being able to handle larger contract if they do get one.

Note: I'm pulling from my savings

Thoughts??

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

What is the probability of alien rootkit signal that would be intercepted by satellite and then executed on modern computers to create AGI that can use cloud computing and digital currency to take over our world ?

From my perspective pretty high 🤣🤣🤣

Let’s convince some government people and create intergalactic cyber attack defense institution, that would keep earth safe from alien invasion, with high money grants so we can prevent those threats.

Maybe Ernest Cline Armada is already a thing.

What you think ?

In the 90s most people had touched grass, but few touched a computer.

In the 2090s most people will have touched a computer, but not grass.

But at least we'll have fully sentient dildos armed with laser guns to mildly stimulate our mandatory attached cyber-clits, or alternatively annihilate thought criminals.

In other news my prime generator has exhaustively been checked against, all primes from 5 to 1 million. I used miller-rabin with k=40 to confirm the results.

The set the generator creates is the join of the quasi-lucas carmichael numbers, the carmichael numbers, and the primes. So after I generated a number I just had to treat those numbers as 'pollutants' and filter them out, which was dead simple.

Whats left after filtering, is strictly the primes.

I also tested it randomly on 50-55 bit primes, and it always returned true, but that range hasn't been fully tested so far because it takes 9-12 seconds per number at that point.

I was expecting maybe a few failures by my generator. So what I did was I wrote a function, genMillerTest(), and all it does is take some number n, returns the next prime after it (using my functions nextPrime() and isPrime()), and then tests it against miller-rabin. If miller returns false, then I add the result to a list. And then I check *those* results by hand (because miller can occasionally return false positives, though I'm not familiar enough with the math to know how often).

Well, imagine my surprise when I had zero false positives.

Which means either my code is generating the same exact set as miller (under some very large value of n), or the chance of miller (at k=40 tests) returning a false positive is vanishingly small.

My next steps should be to parallelize the checking process, and set up my other desktop to run those tests continuously.
Concurrently I should work on figuring out why my slowest primality tests (theres six of them, though I think I can eliminate two) are so slow and if I can better estimate or derive a pattern that allows faster results by better initialization of the variables used by these tests.

I already wrote some cases to output which tests most frequently succeeded (if any of them pass, then the number isn't prime), and therefore could cut short the primality test of a number. I rewrote the function to put those tests in order from most likely to least likely.

I'm also thinking that there may be some clues for faster computation in other bases, or perhaps in binary, or inspecting the patterns of values in the natural logs of non-primes versus primes. Or even looking into the *execution* time of numbers that successfully pass as prime versus ones that don't. Theres a bevy of possible approaches.

The entire process for the first 1_000_000 numbers, ran 1621.28 seconds, or just shy of a tenth of a second per test but I'm sure thats biased toward the head of the list.

If theres any other approach or ideas I may be overlooking, I wouldn't know where to begin.

Y'know what's the worst part about all the internet censorship and cyber surveillance? The fact that no one notices it

My first job was writing a cloud based malware analysis system from scratch for UTSA's Institute for Cyber Security.

My direct supervisor was a womanizing, lazy, prick with a PHD. I wonder where he is now.

Anybody else feel like their Internet traffic constanty being monitored after downloading pen testing tools?

Have our identities been added to lists of potential cyber criminals :/

Thoughts?

(For ethical purposes - involving your own site's security!!)

*Has more advanced knowledge on computers and cyber security...

Mother still cant trust with repairing phone, asking which phone to buy, and naggs about the amount of time i spend on my laptop saying i'd break it.

!rant

I'm a computer engineering student.
I'm very much interested in Systems and networking.
That's why I was thinking of persuing cyber-security as a career option.
But I'm not quite sure if that is a good choice.
Also I don't know how to proceed in order to achieve excellence in cyber-security.

It would be a great help if you guys could help me.

Thanks :)

<script>alert('just making sure we are safe :)') </script>

Lack of basic cyber security in companies is ridiculous. High on executives risk list.

So.... My mom became a victim of cyber bullying. And i just feel sad for her. She is an old but smart lady in her 50s and not very used to modern tech and cyber crime.

We follow a (now dead) philosopher (say 'X') as religion, some random stranger came in their local fb group and started shit posting about X like " he is not a god , he is a thief, follow me , bla bla bla" stuff like that..

I don't give 1 qbit to that shitposter or that fight. I am just concerned that my mom (and many others) got so disturbed that she left the work and came home.

Internet is great , free and all, but as long as everyone is allowed to speak everything without caring for a consequence, simpleminded people will keep on getting hurt, evil shitposters will keep on getting fame and people with an unsure mind will keep on making wrong decisions

I can give you numerous examples where a person got the power and fame just because he keep on getting famous for his negetive posts, religious or otherwise. This has to stop, but am not sure how.

When in an application security talk put on by our cyber security department and one team (not mine) is being chastised for only doing client side validation, another dev asks so at what point can we trust the user? A few people nod and indicate they want an answer, and the speaker, said never, you never trust the user.

I can't believe people can graduate and get a job and keep a development job, especially in a highly government regulated company like where I work

Just got a request to print the new Tesla truck.

I think it wasn't that hard for the Designer to implement the low pol. Design for the 3d print :')

how would you make in a fun way your muggle coworkers aware on the topic of cyber security?

Well my country broke the record of being the cyber bully...

I don't know what to feel.... This is bad..

why is it so hard to get a job, why do they make it hard to literally get a job so you can feed into their system and make profit for them anyway. false sense of scarcity makes me so angry and interviews or applications always ask questions completely irrelevant and even after you get a college degree that just makes you have the ability to even apply to half the places. i get that you want the best person, because if you have to pay them a wage at all then they better work for it (get 4 part time jobs and live paycheck to paycheck), but seriously??
humans need to work, it is as natural as eating or sleeping, its such fucking bullshit that the bourgeoisie made working unbearable enough that the few people the government deems unfit to work obviously wouldn't, because working sucks, but then they are seen as lazy. sometimes i just want to go out and do some cyber-terrorism yk ? /j

Has anyone used python within cyber security?

I really want to get into cyber security. I'm curious what programming languages are used within that industry.

I chose Network/Cyber Security because it was my internship experience and they were willing to pay me good money to stay on... No but seriously I am much better at understanding how complex systems work than coding them. This job, as stressful as it is, is a different kind of stressful that the deadline-fraught jobs of software developers worldwide.

And i can do it fully remote.

So this is what a cyber criminal looks like.

"Norwegians are a favourite for cyber criminals"

"And we are easier to fool than Swedes and Danes, if we're to believe the thieves. The only ones more exposed than us are oil rich Saudis" 🤷‍♂️

How did you learn cyber security, especially pentesting ?

I know that making VM lab and/or doing CTFs and reading writeups can help a lot, but is there any more "formal" way to get into things like pentesting etc. ?

(Without having to pay for OSCP, Sans and all this)

Pretty sure someone else said it before but: chose something else.

The market is over saturated with developers. There are plenty of other spaces in which you can work with computers and code.

Think: system administration, cyber sec (which also pays higher in a lot of places compared to development since resource security is a priority), networking etc.

When you think about it... Cyber-hacking is very much like Helloween's trick-or-treat'ing :)

Anyone at Swiss Cyber Storm conference tomorrow?

Ordered a slightly watered down version of my planned PC. Let's wait for Cyber Monday for buyer's remorse!

Either way, paid half price of the planned rig for 80% of the same performance.

See attached specs. Already have a hard drive and PSU, and for now will be reusing my GTS 250.

1. I recorded something with my dad until 12 AM isarel daylight time

2. that you so much for congratulating me for the Cyber classes. I love all of you.

3. Thank you also for 400 upvotes. Going strong.

Have an Image of the recording machines in the studio.

Typical insurance company BS approach.

Listening to xmas music, Spotify ad kicks in about 'just being "hacked"':

Buy our cyber security insurance product to quickly recover and retain liquidity in case of a cyber security beach.

Not a single word about preventing the incidents in the first place...

Lucky to work in a place that doesn't skimp on IT.

Hey everyone. I am a freshman in college studying Cyber Security. I have been practicing various programming languages such as httml, css, java script and SQL. Does anyone have any recommendations for resources to study? My end goal is to be blue teaming for my schools Cyber Defense team in the fall.

So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...

We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...

Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "

Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"

Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."

Me (disappointed) - "so, mostly DB, stuff?"

Him (smug and proud) - "yeup"

Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)

Never did I think I'd be happy to not get a job offer...

!dev

I need to stop buying things...

I just bought a Keurig and some coffee because it was on sale for Cyber Monday...

And well I've been buying other discretionary things like crazy for the last few months... including lots of cakes and chocolates...

Which prolly adds up to over $500 in 3 months...

Damn should've gotten a new credit card... All that spending would've gotten me $150 back...

Any full stack developers want a job at a super cool cyber security company let me know.

Do not buy Hostinger... They are so aggressive with caching that I ran out of devices to test the features. They probably cache based on userAgent because changing other parameters (IP, local cache) doesn't resolve the issue. I talked to tech support whole day, and although they were helpful few times I just got three same answers for the three different questions. Seriously, the only thing I like about Hostinger is their user friendly UI.

The rant goes on. I can basically DoS my website by clicking fast on it. That shit doesn't happen with some free hosting plans... My site goes down for a few minutes before I can visit it again.

THE RANT GOES ON

Using the file manager is tedious work as you get randomly disconnected after less than few minutes of inactivity.

I might seriously switch to Google's Cloud Console. It is more expensive, you have to do all the hosting config yourself using a virtual machine, but I guess it's more reliable and it gives you a lot more control.

Laziest habit? Anything done between 1pm-4:30pm and 4:59pm-8pm. During that time, habits include unnecessary refactoring, poking the CI/CD containers, editing already made prototypes in gimp inkscape, pasting stackoverflow topics to youtube, bouncing from macOS, windows and kde distros in search of zen/rice, adding a calendar emoji on my slack :), making useless automation scripts, building on every variable's value change, tinkering pixels, shades, gradients (and their angles), dimens, anim values, anim curves, opacity, blurs and just nuking the ui just to copy paste an old one, 60% just chatting in code alongs, changing key bindings (from ide to OS), and ultimately zoning out on a podcast about cyber security. And of course: waiting for ++ and comments

So first time here seems awesome I'm an aspiring cyber security expert I know very basic c++ and I'm looking for people to talk to about what I should be doing

Third (or fourth) AI winter coming in despite global warming. Cold war level shit cyber warfare.
C/C++ not dead, Java zombie still in the businesses.
Still no usable IDE (on Linux)

Any of us had annoyances with people with “a million dollar app idea” but what about these which gives unsolicited career advice?

I’m dealing with a boomer which keeps trying me to change my career and work into cyber security (because TV told him it’s a well paid field) despite me kindly telling him for multiple times which it’s not going to happen because I won’t throw away a career I love to work in a field which seems deadly boring to me (I love anything about coding from design to typing for hours on Vim meanwhile the only thought of reading for hours obscure documentation to find potential vulnerabilities on a system kills my spirit).

Get a job with C# and eventually work up into something involving cyber security.

So I went to a car repair center and asked if they could fix my bike. They said they could but they won't. This is outrageous, obviously a bike is less complicated than a car and they can actually fix it, they just won't because it's "not their job". Unbelievable!

//This didn't really happen of course
//people don't think this is acceptable, but if I won't fix their laptop they are surprised and act the same way. I study ICT (embedded software engineering and cyber security, but they don't understand that so ICT it is) so I HAVE to fix their laptop....
//Non-techies should really learn that just because we can do something, we don't have to do what they ask of us

Question - my field is information security (or cyber security if you want to think of me as a time lord), but I wanted to know;
Front end and back Devs, how much time do you spend on security issues and/or implementing security measures?

Just had a so called "cyber security" seminar in college today.
The guy who claimed to be a trainer or somewhat network security guy or something behaved enigmatically with utter consistency. He obviously claimed to know facebook hax0ring though.
They were basically there to advertise their complete crap: csksrc.org
(Ethical Hax0ring Course) (also claimed their site to be 99.9% secured - GREAT!)
After obtaining a ISO*** standard cert or after taking multiple sessions on "advanced ethical hacking" if you go about telling peeps in colleges that: "The single way to hax0r a facebook account is CSRF!" "Will hack your facebook account by MITM through malicious WiFi Ap." Then, NO neither I want your shitty cert nor do I want to be in your team and create the next level of "advanced ethical hax0ring - CEH course". Reason why I get cringed when peeps start about their certs and the ISO*** value it contains. What ISO value does your brain cells contain though?

So I just got the cyber security pack on humblebundle... $15 for a year of PIA, a year of spider oak one cloud backups and a year of Dashlane are the notable ones (I’ll give away the antivirus ones for free since I don’t have windows).

But that wasn’t the awesomest part...

I installed Dashlane and after transferring all my stuff over from LastPass, I went to delete my LastPass

Dashlane autofilled the username...

It’s like so subtly aggressive in an unintentional way. Honestly this password manager Battle Royale is totally worth the $15 regardless.

What are your favorite Defcon talks this year?

Okay so, I’ve recently started going through our products’ security postures and their teams’ related practices and processes. I knew things were in a bad state, but I have to admit I’m a bit anxious at how bad things are… and it’s not like nobody cared or anything, quite the opposite; the teams are quite motivated about cyber sec. It’s just that they don’t know what the fuck to do and where to start even if they did.

Okay, that’s my job to figure out the roadmap to improving their security posture and processes and help them implement it. If it wasn’t bad enough that there’s half a dozen products whose cyber sec roadmaps I need to prioritise and manage somehow, I heard this week that due to some organisational rearrangements, the number of products under my stern guidance will nigh on double at some point very soon…

I need a team. Give me a team.

My buddy thinks cyber security is a scam, because it will always fail?!? 🤔

I have zero experience working in a company. I did a few freelancing projects. My friend forwarded my resume to a company. They contacted me after some time, and gave me a technical challenge. I have solved it, sent it back to them, now I am waiting for their answer.

What's the thing? After going to the company website, I realized they require at least 3 years of experience. But they still contacted me knowing that I am still a student and have only done freelancing work.

No matter do they accept my solution or not, this is a lesson for me and for everyone else: do not let required years of experience discourage you from applying to a position. You can still get a chance.

Happy job hunting to all you junior devs :)

Happened way back when I was still in high school and facebook was relatively new. We used to own a cyber cafe.

--

The Guy: (Talking to other customers) I'll have you know that I'm a graduate in Computer Science! *Proceeds to boast about self and other bullshittery*

Others: *In awe*

Me: *Veeeery Skeptical*

A few days later...

The Guy: (Talks to me) Hey, there seems to be a problem with your internet. I can't log in on facebook.

Me: Could you try to do what you are doing again?

...

The Guy: See, doesn't work.

Me: Have you registered your account on facebook?

The Guy: Huh? What are you talking about? I have my Yahoo! mail.

Me: ..You need to register your email on facebook in order to log in.

The Guy: What?? I don't get it. I am registered and have a Yahoo! mail!

Me: *Brain Sigh*

(I proceed to help him register his email on facebook)

The Guy: Oh, you had to register on facebook! Now I get it! I thought that if you created an email you can immediately use that to log in to facebook.

Me: *Internal facepalm x1000*

(This guy is a Computer Science graduate? Oh PLEASE. )

*Wakes up*
*Message from aunt*
Aunt: Hey sweety I can't find this movie anywhere on the internet plz use ur cyber superpowers and help me thx
Aunt: *Link to the movie's trailer on Youtube*
*Clicks link*
*Scrolls down*
Youtube comment: *Link to the movie*
*Copies and pastes to aunt*
Aunt: omg thxxx <3
*Goes back to sleep*

Because why even try when you can ask your nephew to do it for you?

Last night the Russians stroke again. It's become obvious that these Ddos attacks are not performed by just some casual hackers, but are part of cyber warfare - just as I suspected in one of my rants a couple of weeks ago

Media always misinterprets anything related to computer and information technology. Recently found an Indian News channel which aired news about recent cyber attack and stated virus named "Ransomware" (not WannaCry) has affected computers all over the world. They aired wrong information without hesitation despite India being world's rapidly growing IT hub.

I recently joined DevRants, and with me joining any new site or media where you can share I am usually the guy who is shy and likes to sit back and watch/read. However I wanted to post a question as I am trying to get a job within the Cyber Security field. I have a computer science degree and honestly I feel like I can't even code at a level I should be able to. I am also currently working/studying for my CompTIA Security+. It has been going good but, I always second guess myself and doubt my abilities. I guess this a a slight rant and question so far.

My question is how can I better improve both my skills (coding, linux, and security) and also my mental. I would say its imposter syndrome but I don't have a job so I don't think it would be fair to say it is. I just want to break into the job field and show people that if given the help and resources I can excel at the task given. I do learn fast and pick things up pretty good. Any help/recommendations is much appreciated, and I look forward to more talks.

I'm a bit frustrated. I'm 23 and I finished a Bachelor's Degree in Computer Engineering last 2015. Working on a career path in cyber security. Is it normal to just understand and test the concepts and not fully memorize everything? It really bothers me that I feel I don't know anything despite developing small tools, testing other people's work, reading about related topics and playing with Kali.

Do you ever wish you got into cyber security over being a dev?

What courses do i need to take to be a cyber security engineer?

Is it just me or does anyone else wince when someone says the word "cyber" when referencing something on the internet ....like the current series of attacks ..... oh god ... i winced just typing that !

I hate the word, its an irrational hate i know still !

My first computer exposure was on a mainframe (CDC Cyber 180). My university in Kerala, India had a collaboration with the Indian defence organisation DRDO. The operating system was something called NOS/VE, though as I remember it could run some Unix version virtually. I had Fortran 77 programs to be developed as part of the course. (finite element methods). As I remember, the machine had built in routines for the same. Screen was a green on dark terminal conected to the thing. No windowing or graphics.
Today kids have more powerful machines at home (or in their pockets). The famous computing power law be praised.

What are the best security tips to protect any company/organization from intruders?

Anyone here into infosec or cyber security?

When a person asks what do I do I tell them that I'm a cyber wizard.

It explains it well doesn't it ?
God damn muggles...

Discord server under development for software engineering, cyber security, networking, and IT talk in general. Looking to meet new people and talk :). @ me if you're interested in testing it.

Looking at colleges on summer break between learning python and some projects can't decide between computer science and cyber security as a major 😰 why can't I choose

Frontend...
Do I have to say more?....

@?!?@!!#!€?#!€!!€!......

I'd love to get into a career within the cyber security industry.

Anyone got advice?

I've played around with Kali/Parrot and setup a proxmox box to perform pen testing and have a fair number of PDF ebooks and audio books on networks, security and pen testing

/*
No Rant
*/
anyone here with a cyber security cert? i kinda want to go that route of cyber securty. so im curious if its worth it.

I think the thing that sucks about high school (or school in general, really) is that they don't really have many opportunities for the people that like to program or do anything with computers.
The only classes that have to do with computers at all (In my high school) is Intro to Programming (Which is what I'm taking, which has HTML, CSS and JavaScript), some computer science classes and finally the Cyber-patriot team. (Which is for Navy ROTC and it consists of Cyber Security, competitions and actual Linux computers).
The only few of eight classes I find actually interesting is Intro to Programming, NJROTC, and Plant Science. (Because not only the subjects, but the teachers (and Sergeant) actually make it fun, interesting and easy to understand, while the rest don't feel like they're doing a good job.)

Cyber threats are the top concern of C levels. In actuality companies unintentionally expose way too much data. It's ridiculous what some make public.

Going to a business summit tomorrow and I get to see a live hack and learn about cyber attacks.

Shit better be good.

So. Cyber Coders, yay or nay?

Master’s in cyber security: worth it?

Where I learn networks and cyber security, we started working with Scapy. I have a problem with pycharm, it cannot resolve half of Scapy's functions. Do any of you know how you fix it (the program runs but pycharm still doesn't like it)

Not sure how to ask this. I really enjoy Network side of IT. Maybe even throw in a little Cyber Security as well. I feel like I'm trying to every too fast. I got no certifications yet. This is stressful 😫

What about silicon valley or csi cyber?