Offsec_Community
Offsec_Community OP t1_iuy5lqg wrote
Reply to comment by hagcel in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
haha shaving in the Army for 7 years made me want a long beard but a keyboard must have some sort of electromagnetic hair pull that makes the beard grow down.
Offsec_Community OP t1_iuy5e3n wrote
Reply to comment by TheCapnRedbeard in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
Lots of positions I have seen list for qualifications like "5 years experience with degree or 8 years experience with no degree". It makes it harder because you need more experience but you can get into the field with out a degree.
Obviously it helps to have a degree but I have worked with some super smart people who never got a degree and can run circles around me on the keyboard.
Offsec_Community OP t1_iuy5476 wrote
Reply to comment by MustySphere in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
Getting some certifications will help get your foot in the door. You can always go after some IT/helpdesk positions. They are not security but are good to get experience and pivot over to security.
Also there are a lot of smaller cyber security companies, also hospitals, lawyer firms, things like that have security positions that may be easier to get a job in security for them.
The certifications will help get their attention and then do some training on your own to build some knowledge.
Offsec_Community OP t1_iuxpin2 wrote
Reply to comment by ottoe57 in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
Great question. Some SIEMs are the worst and some are great. I like Splunk a lot because it is easy to use. I think it is something that is needed in an enterprise network. They are as good as you set them up to be. A lot of places just sent logs to their SIEM and thats it. They do not tune their logs or anything. You have to spend time making it work correctly. You have to spend the time making worth while alerts and dashboards. When we would deploy to a network the first thing we would do would be is fine tune our SIEM. Making sure the correct logs are going in and not just all the logs.
long answer short is they are as good as you let them work. Spend the time to tune them and make them work well for your organization.
Offsec_Community OP t1_iuxm169 wrote
Reply to comment by avvstin in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
That is a problem in the industry. A lot of entry level jobs then say "requires 5 years experience." The market is very demanding right now. There are a lot of jobs out there but a lot of people too trying to get those jobs.
If you have basic skills then you should be good for a entry level position. I think a good attitude and showing you are trying to learn more goes a long way. You might not get the exact job you want right away but do not be afraid to take something not ideal to build that experience.
The more certs you have does help, but you need to be able to show that knowledge as well. Like I said in another post that I was a motorcycle mechanic before and I made the switch. Do not be afraid to go for it.
Offsec_Community OP t1_iuxl7jm wrote
Reply to comment by geoloshit in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
haha I honestly do not remember. It was a passing score though
Offsec_Community OP t1_iuxa06u wrote
Reply to comment by PeanutSalsa in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
>Does Reddit, or social media platforms in general, have safeguards in place to stop users from posting malicious links on their platforms
I am not sure to be honest. Not any that I have heard of thought. I feel like it would be tough to handle because of the volume that links are getting posted to the platforms. I could be wrong though.
Offsec_Community OP t1_iux8mjx wrote
Reply to comment by mibjt in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I use Windows 11 at the moment. I always have virtual machines running though with a Linux system going. I use both windows and Linux to get work done. I know a lot of people use MAC as their OS on their laptop and then run VMs with Windows an Linux going.
Offsec_Community OP t1_iux8alt wrote
Reply to comment by PeanutSalsa in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
There are different ways this can happen. The link may bring the user to a malicious site hosted by the attacker and then malware is automatically downloaded. Networks may have security measures put in place to help stop this but they also may not.
When things like that are initiated from inside the network it can bypass security measures because users still need to visit web sites and download things. You can not just stop normal use.
Once the malware is downloaded it might make a connection back to the attacker so they can access the network. It could be a worm that does not need human interaction and spreads itself through the network. Lots of things like that can happen.
There is no fool proof way to avoid links. You can be cautious though. Look at the full picture. Did the link come from a unknown email? Or a email from the organization but it is worded weird ex: "Hey friend co worker of mine! Good days to you and yours. Please click link for the fun I talked about".
Virus total is a good website to use. You can paste the url on the site and they will give you a score on how malicious it is and if it is known to be malicious. That is always helpful for a quick check.
Offsec_Community OP t1_iux64ex wrote
Reply to comment by itspeterj in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I do not work on the team that does the Proving grounds work so I am not sure if they are having that discussion. The offsec discord is a great place to bring those issues up and get some answers. I will can also pass that message along to them and if you have some more specific input on that let me know and I will pass that along.
I will say that for proving grounds I think the idea is to not have much to go on. Just like in the real world for a hacker. They do not get any inside tips or help most of the time. They might just start with a web site or an IP address just like in proving grounds and from there they work on finding out as much as they can about what services are running, vulnerabilities, etc.
If the issue is not that and something else then we are always open to making the student experience better any way we can.
Offsec_Community OP t1_iux4zcz wrote
Reply to comment by itspeterj in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
Great advice. That all comes back people being well informed and nonweldable. Some people do not even think about what you just said. Great advice thank you!
Offsec_Community OP t1_iux4nar wrote
Reply to comment by maxipontifex in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
Great question. We are creating more defensive training. We have a SOC200 course that is out and the OSDA (Offensive Security Defense Analyst) exam coming out soon. The best security analyst is a well rounded one that can have a defense and offensive mindset. You can not have defense training if there is no one to play the offensive part so creating defense training just makes sense.
We also have defense challenge labs too. The student has access to a ELK SIEM with a working network that starts up. The student presses a play button and full network attack from initial compromise to the end of the attack happens and the student has to find what happened in the logs. Having a hacker at your fingertips basically so analyst can train on "hunting" is great training.
Ok commercial over!
Offsec_Community OP t1_iux3cn9 wrote
Reply to comment by MadDany94 in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I think about this a lot since I get scam calls a lot. What some people do not know is that answering these can cause more calls to happen. Some scam calls are just being sent to random numbers to just see if it is even a real number. Then they see it is real and keep calling. So it is best to never answer.
There does need to be some sort of regulation when it comes to this. It is hard to regulate though because often these scam calls come from outside the U.S. and that makes it tough to enforce any real consequences. I do not have a solution (If I did I would probably be rich) but maybe regulating the cell phone companies so they actually put real blocks in place. The are probably in the best place to do something about it all these calls so if they have a real incentive put in place by regulations then they might spend real time trying to solve the problem (This could be a thing already but I am not sure to be honest).
Offsec_Community OP t1_iux19os wrote
Reply to comment by PeanutSalsa in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
There are a ton of ways for hackers to get into a network. The biggest security risk is people. You can have all the right security measures in place and someone will mess all that up. Email or phishing attacks are huge. An attacker sends an email with malware attached and then a user clicks on it to get all their free iTunes music and boom the attacker has a foot hold in the network. Social engineering is a big way for attackers to compromise a network
Web attacks are huge too. Mismanaged websites and application are always a way to get in a network. https://owasp.org/www-project-top-ten/ has a list of the top 10 web application security risk that they keep updated and is a great source for that.
A less common way is probably like the movies show a hacker just reinforcing their way into a network.
Offsec_Community OP t1_iux00n4 wrote
Reply to comment by LaserHD in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
That is a tough question haha because that can be a lot of different things depending on what technique they are using. For a general answer I would say looking for "weirdness" on the network. I always say most of a SOC analysts job is verifying "good" things. Lots of things will look weird on the network and you dig in and find its something normal. So I would be looking for things a normal user would not be doing. Things like running command that are not necessarily bad but could be used in a bad way that a normal user would not be doing. Trying to access things on the system a normal user does not need to access. Those type of things.
Offsec_Community OP t1_iuwz09l wrote
Reply to comment by tierneyb in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I did not work in any of that but I did volunteer to do that but it just never happened. I thought it would have been a lot of fun though. There is a lot of misinformation that is happening when it comes to warfare and the U.S. is a huge target. The use of misinformation is not a new thing either. It has been happening for a long time. It is just easier now with the internet. If you can make the enemy confused then you have a big advantage.
Offsec_Community OP t1_iuwyhnh wrote
Reply to comment by Flare_Starchild in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
You would be surprised how boring having a clearance can actually be. It is not as exciting as the movies make it out to be. I dealt with a couple cool things here and there.
Not sure if I helped the world but I will keep at it! Thank you!
Offsec_Community OP t1_iuwy5xy wrote
Reply to comment by SplitDiamond in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I obviously recommend offsec for training. We have a lot of hands on stuff and a lot of good defensive training going on right now. Tryhackme is a good resource as well. I have used that.
For some good fundamental training https://overthewire.org/wargames/bandit/ and under the wire are great. They help build command line skills which is very important. They are free as well.
We probably all have something we regret like that for our time in the Army haha but its never to late to get in the game. I was 25 working at a motorcycle mechanic when I joined the Army and started in cyber security.
Offsec_Community OP t1_iuww0f7 wrote
Reply to comment by JamesBaxter_Horse in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I have heard a lot of people talking about how that is the future and even someone said that security analysts will be a thing of the past. I disagree with that. I do not think AI will take the place of a person. Well at least for a long time. There are a lot of tools that classify network traffic and logs and create a base of what is going on and hackers till get passed that stuff. It will help for sure but every time security tools get better then hackers get better. It just never ends.
Offsec_Community OP t1_iuwur8g wrote
Reply to comment by xomdlynn in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
I can not get into details because of the classification. I will say the scariest attack is one that happened at a very very important facility and it was not hard for the attacker to get into that network. It was a network that should have been harder to attack but the it was sooo easy for them.
Offsec_Community OP t1_iuwsge2 wrote
Reply to comment by dissonance79 in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
Do not worry about being dead weight. I will always choose an analyst who is trying to get better and has a good work ethic over someone who knows a lot and does not try to get better.
Offsec_Community OP t1_iuwqeox wrote
Reply to comment by kee80 in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
That is a tough question. I would say improve your knowledge about the threats out there. People are the biggest security risk. You can have all the security features you want but a person can make those useless. Be aware of how hackers are operating these days. Like text message are big now saying it is your bank and you need to click a link. Just be aware of those type of things.
Offsec_Community OP t1_iuwptz4 wrote
Reply to comment by Cactusonahill in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
- I started in cyber security in the Army. I was on a cyber protection team and we deployed to different areas where a cyber attack had occurred. I was actually a motorcycle mechanic and wanted to make a switch.
- The work is fun and challenging. There is always something to learn and it never ends. For a SOC analyst for example they spend a lot of time looking at a SIEM and looking at alerts hoping to find "the bad things". We would spend a lot of time working on tools to make our work easier and make it easier to find cyber attacks. Also we did a lot of practicing and exercises because if you do not have an cyber attack its hard to get better at finding one.
Offsec_Community OP t1_iuwp402 wrote
Reply to comment by dissonance79 in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
A background in IT is a great start already and a easy transfer that a lot of people do. My biggest advice is to start getting hands on experience. There are a lot of books out there but just reading can only get you so far. Offsec has our SOC200 training out with the exam that will be coming out as well. We also have challenge labs with a play button that launches an entire attack against a network and the student has to find it in the host logs. Tryhackme is also a good resource for hands on stuff as well. CTFs are a fun way to get some experience and hands on skills like PicoCTF. Getting some security certifications will help make that switch too.
Offsec_Community OP t1_iuy5zg5 wrote
Reply to comment by kieppie in I'm Gage Bennett, a Defense Content Developer at Offensive Security Ask me anything about cyber security and defense content creation. by Offsec_Community
full beard == mad 1337 h4x0r sKiLlZ