haha I honestly do not remember. It was a passing score though

I will soon be graduating with an AAS in Networking Technology and an AAS in Cybersecurity. I plan to get a CCNA cert and a Security+ cert as well. I have a bit over a year of experience as an operations coordinator at a large shipping company.

​

Most jobs, even ones claiming to be entry level, seem to require multiple years of IT experience. Is this actually required for most entry level jobs or as long as I demonstrate I have the skills should my current skill set be good enough to get an entry level job to start gaining experience? I'd really prefer to get a job in Cyber Security after my AAS instead of going for my B.S. right now, is this realistic?

​

Thank you btw!

What did you score on your Sec+ exam?

Why the correlation between luciousness of a UNIX heard and other facial hair & mad 1337 h4x0r sKiLlZ?

>Does Reddit, or social media platforms in general, have safeguards in place to stop users from posting malicious links on their platforms

I am not sure to be honest. Not any that I have heard of thought. I feel like it would be tough to handle because of the volume that links are getting posted to the platforms. I could be wrong though.

Does Reddit, or social media platforms in general, have safeguards in place to stop users from posting malicious links on their platforms?

Hey, as long as you're watching for trouble, you're a Guardian nonetheless.

I use Windows 11 at the moment. I always have virtual machines running though with a Linux system going. I use both windows and Linux to get work done. I know a lot of people use MAC as their OS on their laptop and then run VMs with Windows an Linux going.

There are different ways this can happen. The link may bring the user to a malicious site hosted by the attacker and then malware is automatically downloaded. Networks may have security measures put in place to help stop this but they also may not.

When things like that are initiated from inside the network it can bypass security measures because users still need to visit web sites and download things. You can not just stop normal use.

Once the malware is downloaded it might make a connection back to the attacker so they can access the network. It could be a worm that does not need human interaction and spreads itself through the network. Lots of things like that can happen.

There is no fool proof way to avoid links. You can be cautious though. Look at the full picture. Did the link come from a unknown email? Or a email from the organization but it is worded weird ex: "Hey friend co worker of mine! Good days to you and yours. Please click link for the fun I talked about".

Virus total is a good website to use. You can paste the url on the site and they will give you a score on how malicious it is and if it is known to be malicious. That is always helpful for a quick check.

Do you have a single daily driver operating system that you use everyday or a variety?

If a hacker sends a malicious link and someone clicks on it, can the hacker access the person's network upon them clicking on it? Are only copying and pasting full web address links or clicking links which you fully trust the best way to avoid clicking on malicious links? Any other suggestions?

I do not work on the team that does the Proving grounds work so I am not sure if they are having that discussion. The offsec discord is a great place to bring those issues up and get some answers. I will can also pass that message along to them and if you have some more specific input on that let me know and I will pass that along.

I will say that for proving grounds I think the idea is to not have much to go on. Just like in the real world for a hacker. They do not get any inside tips or help most of the time. They might just start with a web site or an IP address just like in proving grounds and from there they work on finding out as much as they can about what services are running, vulnerabilities, etc.

If the issue is not that and something else then we are always open to making the student experience better any way we can.

Great advice. That all comes back people being well informed and nonweldable. Some people do not even think about what you just said. Great advice thank you!

Great question. We are creating more defensive training. We have a SOC200 course that is out and the OSDA (Offensive Security Defense Analyst) exam coming out soon. The best security analyst is a well rounded one that can have a defense and offensive mindset. You can not have defense training if there is no one to play the offensive part so creating defense training just makes sense.

We also have defense challenge labs too. The student has access to a ELK SIEM with a working network that starts up. The student presses a play button and full network attack from initial compromise to the end of the attack happens and the student has to find what happened in the logs. Having a hacker at your fingertips basically so analyst can train on "hunting" is great training.

Ok commercial over!

Hi Gage, I'm a big fan of the Offensive Security training materials you put out there, but they can be very difficult to figure out in terms of what to do for labs and the proving grounds. I know the OffSec motto is "try harder" and I'm a big believer in that, but has there been any discussion about making some of the lab boxes a bit more straight forward?

I think about this a lot since I get scam calls a lot. What some people do not know is that answering these can cause more calls to happen. Some scam calls are just being sent to random numbers to just see if it is even a real number. Then they see it is real and keep calling. So it is best to never answer.

There does need to be some sort of regulation when it comes to this. It is hard to regulate though because often these scam calls come from outside the U.S. and that makes it tough to enforce any real consequences. I do not have a solution (If I did I would probably be rich) but maybe regulating the cell phone companies so they actually put real blocks in place. The are probably in the best place to do something about it all these calls so if they have a real incentive put in place by regulations then they might spend real time trying to solve the problem (This could be a thing already but I am not sure to be honest).

Thank you!

Not OP, but Multifactor Authentication is a huge way to protect yourself. Put it on everything you can. If attackers gain your usernames and passwords from data breaches, MFA can prevent them from getting into your accounts. Also, don't use the same passwords on multiple sites because if somebody hacks LinkedIn (for example) and gets your password, you can bet they'll try to see what else they can access with those credentials.

Why does Offensive Security need a Defense Developer?

What is your opinion on scam callers? And how do you think the government should battle them?

There are a ton of ways for hackers to get into a network. The biggest security risk is people. You can have all the right security measures in place and someone will mess all that up. Email or phishing attacks are huge. An attacker sends an email with malware attached and then a user clicks on it to get all their free iTunes music and boom the attacker has a foot hold in the network. Social engineering is a big way for attackers to compromise a network

Web attacks are huge too. Mismanaged websites and application are always a way to get in a network. https://owasp.org/www-project-top-ten/ has a list of the top 10 web application security risk that they keep updated and is a great source for that.

A less common way is probably like the movies show a hacker just reinforcing their way into a network.

That is a tough question haha because that can be a lot of different things depending on what technique they are using. For a general answer I would say looking for "weirdness" on the network. I always say most of a SOC analysts job is verifying "good" things. Lots of things will look weird on the network and you dig in and find its something normal. So I would be looking for things a normal user would not be doing. Things like running command that are not necessarily bad but could be used in a bad way that a normal user would not be doing. Trying to access things on the system a normal user does not need to access. Those type of things.

I did not work in any of that but I did volunteer to do that but it just never happened. I thought it would have been a lot of fun though. There is a lot of misinformation that is happening when it comes to warfare and the U.S. is a huge target. The use of misinformation is not a new thing either. It has been happening for a long time. It is just easier now with the internet. If you can make the enemy confused then you have a big advantage.

What are the most common ways hackers get into networks? Are there a lot of different methods for them to get into networks? What are some of the less common ways?

You would be surprised how boring having a clearance can actually be. It is not as exciting as the movies make it out to be. I dealt with a couple cool things here and there.

Not sure if I helped the world but I will keep at it! Thank you!