“We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.”
Guys, rn I'm 18. I've learnt these networking topics: "Networking fundamentals, OSI/TCP-IP models, TCP/UDP, IP addressing & subnetting, routing/NAT/firewalls, DNS, HTTP/HTTPS, TLS basics, ARP/DHCP, ports & common services (FTP/SMB/RDP/SMTP/IMAP), Kerberos basics, authentication/sessions, packet flow, traceroute/TTL, and basic MITM." I can use Wireshark for packet analysis, understand packet flow and stuff. I'm doing PortSwigger labs daily, trying to write reports for them, and taking notes with attack methodology and stuff. I've learnt HTML/CSS, and I'm learning JS daily too. Is there anything I am missing in my learning path?? Feel free to share it will be great help in my journey
Edit: Also i forgot to mention that I can use Burp Suite very well too...
Edit 2: Genuinely wanna thank everyone who took the time to give advice and share their experiences... I definitely have a better idea of what to learn next now. I really do appreciate all the guidance.. nd good hunting everyone :)
In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.
https://www.youtube.com/watch?v=6uSVVCmOH5w
https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/
I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.
However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.
How does it work?
Anthropic has reportedly restricted EU access to Claude Mythos, keeping it mostly available to select U.S. companies and government agencies.
European banks, software firms, and governments may now be unable to test their defenses against one of the most advanced AI cyber tools out there, which could deepen Europe’s dependence on U.S. tech and widen the cybersecurity gap.
Maybe this becomes an opportunity for Mistral and Lumo if things line up right.
I am currently a senior IR/Detection Engineer. I have never once in the 6 years I’ve been doing security operations ever had to write any code of substance outside of one-off scripts because of AI and low code/no code automation platforms
Because of this, I don’t ask about experience with coding at all when I interview folks for SecOps roles.
Do you guys write code often in your role outside of one-off scripts or something you could code in 5 minutes with AI? And if so, for what end?
So I often think about this, was hacking easier back in 80s and 90s and early 2000s like we see the most notorious hacks being made back then like NASA and NORAD and The FBI...etc like was it due to lack of security protocols or companies and Institutions were just not caring about security or what?
Edit: Thanks everyone for the insights, please keep answering I'm reading everything and taking notes.
I've only done a few CTFs and I like them. However, I just can't deal with the elitism out there. To be fair, I've participated in CTFs with great staff and competitors. I still feel uncomfortable with Discord talks: certain users talking shit about the organizers/infra or the organizers talking about topics other than the CTFs.
I had to leave the server for a recent one bc I got so sick of it. I usually just try to read the announcement channels, but if I go into channels for specific categories, I immediately see several top scoring members being rude to others. Either passive aggressive or full of mockery. And yet they don't get banned or penalized for it, although the rules say to "be kind."
I know these kinds of ppl inevitably exist, but it makes me worried about the field in general. Are workplaces like this too? Or are they more cooperative? Also, why are these kinds of demoralizing behaviors allowed in ctfs?
I feel like these kinds of interactions really discourage ppl like me from joining this field, learning, and continuing to have a growth mindset.
atool maintainer account got hacked, and attacker pushed 631 malicious versions across 314 packages in 22 minutes. another day and another attack. it steals everything like AWS keys, GitHub tokens, npm creds, SSH keys, database strings, docker configs, kubernetes tokens. If you have docker socket exposed, it escapes the container with privileged access.
I'm currently developing an app, its hosted locally on my computer for now but I want to run cybersecurity tests - is there any platforms that people recommend I can use?
‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub - Gizmodo
Been working as a Security analyst for over 1.5 years now. I want to know what path do i choose next? I was thinking to aim for Security Engineer but I'm not sure if the experience I have would be enough. With the current experience plus certifications or learnings can I aim for Security Engineer in the next few months? I am not sure if wanna pursue as Analyst itself for longer periods of time. What certifications would be better to earn when aiming for Security Engineer? Any tips or suggestions?
If not, what might be any other path?
Any advice would be helpful.
Thank you!!!
I thought this was an interesting write up on Mythos. The vibe i get is its incredibly useful and unlike other LLMs that are being tailored for cybersecurity work. Im very curious to see if Mythos genuinely causes a shift in the cybersecurity world
How difficult is it to get a steady position in the cybersecurity field nowadays? I’m interested in getting into cybersecurity, but I keep hearing mixed things about the job market. Is it realistically possible to land a stable, long-term role without years of experience, or is the field becoming oversaturated at the entry level? I’d especially like to hear from people currently working in the industry about how competitive hiring actually is, what roles are most attainable starting out, and what helped you break in.