-
Bringing the latest Blue Team news and information fresh to your Telegram inbox! 🔮 Red Teamer? Checkout @redteamalerts Submissions/feedback/questions: @skamath Low quality bot posts are manually removed.
Help/ideas needed for creating a list of cybersecurity companies worldwide.
Hey there guys. About three years ago I managed to land my first IT job as a web developer by scraping all the emails in a local python jobs posting site (about 350 Argentinian companies) and sending all of them an email (1) with my CV, portfolio and github account, using a python script. I then shared this list of company emails and my script with any person who wanted to get into the field I encountered, a big percentage of them managed to get jobs in IT as well.I've been studying cybersecurity for a couple of months now while working as a web dev team leader and about a year from now I want to get an entry level job in the cybersecurity field, using a similar approach.The problem I'm facing is that I haven't found a site that shows company emails in their listing. So what I'm currently doing is looking through many "top cybersecurity companies", going through their sites and grabbing their HR email. I imagine there's tools for scraping emails from those company sites, but even then the process is still quite slow.Another idea I thought of is to search cybersecurity-related LinkedIn profiles in Google, scraping their links and then automate the process of adding them in LinkedIn using Selenium (apparently 72 connections a day is when LinkedIn starts noticing something weird's going on). My only problem with this idea is what type of people to search for in order to maximize the chances of getting a job.
Finally I could pay someone to somehow gather cybersecurity-HR emails, but I fear they would be facing the same problems I'm having.Thanks for reading! Any help is greatly appreciated. I will share my findings, results and methodology here once it's done.
Discuss on Reddit: https://ift.tt/3p82dts
@blueteamalerts
Implementing a SOAR tool
Would be interested in your thoughts on SOAR tools and your experiences evaluating, implementing and maintaining a SOAR tool.For me a lot of a successful implementation is contingent on the process upfront, but what areas or words of wisdom do you have regarding implementation, success criteria and educating the business?
Discuss on Reddit: https://ift.tt/3iA0wTk
@blueteamalerts
Vadokrist: A wolf in sheep’s clothing
https://ift.tt/362HCiP
Discuss on Reddit: https://ift.tt/3qHLHkC
@blueteamalerts
[Microsoft] Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
https://ift.tt/2KxB8B7
Discuss on Reddit: https://ift.tt/38ZNdZ6
@blueteamalerts
[PDF] Privacy-Conscious Threat Intelligence Using DNSBLOOM
https://ift.tt/3oXfuVM
Discuss on Reddit: https://ift.tt/38WRvAt
@blueteamalerts
Commonly Known Tools Used by Lazarus - JPCERT/CC Eyes
https://ift.tt/3o1c6YD
Discuss on Reddit: https://ift.tt/2XV72KG
@blueteamalerts
All That for a Coinminer?
https://ift.tt/3o0x75G
Discuss on Reddit: https://ift.tt/3nZy1zi
@blueteamalerts
Dealing with malicious emails that make use of the base href tag
Sample email HTML:
<html> <head> <base href="BASEDOMAIN.HERE"> </head> <body> <p>The password for h3llocomputer@workplace.com is set to expire on soon!</p> <p>Change or keep your password with the button below.</p> <a href="/?random_string_here==/0">Keep password</a> </body> </html>Every now and then a user will report a phishing email like this and the use of the base href tag means that I am am unable to search other mailboxes for emails that contain the same domain or URL because M365's Content Search does not search the email's html code, only the text of the message. I assume this also means that I can't rely on any Exchange rules to block emails containing this domain either?Anyone figure out a way to deal with these types of phishing emails as far as blocking/searching goes?
VPNFilter Two Years Later: Routers Still Compromised
https://ift.tt/3sEJQig
Discuss on Reddit: https://ift.tt/3oTzpVD
@blueteamalerts
Botnet Deploys Cloud and Container Attack Techniques
https://ift.tt/3bLVthf
Discuss on Reddit: https://ift.tt/2XRVyry
@blueteamalerts
The ESXI ransomware post-mortem write-up
/r/sysadmin/comments/kysqsc/the_esxi_ransomware_postmortem/
Discuss on Reddit: https://ift.tt/3sy6c4F
@blueteamalerts
How do you improve your blue team skills?
Hi all,What are you doing for improve blue team skills like investigation, forensics, log analysis etc ?
Discuss on Reddit: https://ift.tt/2LDXO2Y
@blueteamalerts
Robust Indicators of Compromise for SUNBURST - NETRESEC Blog
https://ift.tt/2NcrDZ2
Discuss on Reddit: https://ift.tt/3oLVSnv
@blueteamalerts
Evolving Container Security With Linux User Namespaces
https://ift.tt/2WFQfuH
Discuss on Reddit: https://ift.tt/39E56M5
@blueteamalerts
Computational Propaganda | Industrialized Disinformation: 2020 Global Inventory of Organized Social Media Manipulation
https://ift.tt/3qiohBW
Discuss on Reddit: https://ift.tt/3sFfxrI
@blueteamalerts
Beginner needs assistance
Hey everybody,So I am just starting out and currently taking an ethical hacking class. I can't decide how to approach note-taking. There seems to be an endless list of programs and commands that no one can have memorized. Right? How do you organize yourself in regards to cmd reference sheets or processes to follow? Does anyone know of/have any sop like documentation they use?HALP PLZ.Thanks in advance.
Discuss on Reddit: https://ift.tt/39QGzno
@blueteamalerts
Anchor and Lazarus together again?
https://ift.tt/2M6guIG
Discuss on Reddit: https://ift.tt/3sDQx3U
@blueteamalerts
Sybil Logic Bomb Cyber Catastrophe Stress Test Scenario - Technology and space - Risk Centre publications - Centre for Risk Studies
https://ift.tt/3621Ucf
Discuss on Reddit: https://ift.tt/3sJzehV
@blueteamalerts
Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP interworking
https://ift.tt/3p5wxVC
Discuss on Reddit: https://ift.tt/3sC8xvH
@blueteamalerts
[PDF] Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets
https://ift.tt/3p0KrIM
Discuss on Reddit: https://ift.tt/3p5xwVV
@blueteamalerts
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments - Malwarebytes Labs
https://ift.tt/2XUsNud
Discuss on Reddit: https://ift.tt/35XHcu3
@blueteamalerts
DNSPOOQ - 7 vulnerabilities found in dnsmasq - vulnerabilities include DNS cache poisoning vulnerabilities as well as a potential Remote code execution and others
https://ift.tt/3nUACKV
Discuss on Reddit: https://ift.tt/3nZ09mm
@blueteamalerts
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
https://ift.tt/2XSuf02
Discuss on Reddit: https://ift.tt/3sEd9kP
@blueteamalerts
Raindrop: New Malware Discovered in SolarWinds Investigation
https://ift.tt/3nZLZBg
Discuss on Reddit: https://ift.tt/39RBnQe
@blueteamalerts
How to grt better/ homelab help
I always want to get better. At blue team. Of course studying and continuing education is helpful, but its not hands on. How exactly do I build a lab? That is the biggest suggestion I usually see. I currently have a Dell power edge and a Cisco catalyst switch. I'm not sure if those are relevant. What can I do?
Discuss on Reddit: https://ift.tt/3il2zdG
@blueteamalerts
Nation-states are taking their supply-chain attack strategy from the cybercriminal underground
https://ift.tt/35DNT4k
Discuss on Reddit: https://ift.tt/3oSa1zG
@blueteamalerts
NTA and RITA?
Looking to implement and NTA and I’m considering RITA and a few other commercial NTAs.As of right now I’m pulling all the Netflow data, but want to take up things a bit more. Besides Netflow not having packet data, what would these other tools assist with to add or supplement to visibility?
Discuss on Reddit: https://ift.tt/3srpGrT
@blueteamalerts
Higaisa or Winnti? APT41 backdoors, old and new
https://ift.tt/3qsmMBf
Discuss on Reddit: https://ift.tt/38NtbkA
@blueteamalerts
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
https://ift.tt/2XFlner
Discuss on Reddit: https://ift.tt/3oQMkYu
@blueteamalerts
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) This script allows to check and exploit missing authentication checks in SAP EEM servlet (tc~smd~agent~application~eem) that lead to RCE on SAP SMDAgents connected to SAP Solution Manager
https://ift.tt/39FBY7e
Discuss on Reddit: https://ift.tt/3nRlNJ4
@blueteamalerts