Off-Topic — TechExams Community https://community.infosecinstitute.com/ Thu, 21 Mar 2019 08:18:50 +0000 en Off-Topic — TechExams Community Career transition away from IT https://community.infosecinstitute.com/discussion/135102/career-transition-away-from-it Mon, 18 Mar 2019 00:23:33 +0000 Off-Topic Chevel 135102@/discussions “You want me to give you what?” https://community.infosecinstitute.com/discussion/135109/you-want-me-to-give-you-what Mon, 18 Mar 2019 20:44:39 +0000 Off-Topic Rodtaylor 135109@/discussions
Is it me, or are more recruiters asking for PII such as last 4 of your SSN? I am in the market trying to land an IT role and this question has come up twice now by two different recruiters. When asked, I immediately think that the person is illegitimate. It may just be that I’m overly concerned for no reason. Please weigh in with some of your thoughts.

]]>
Smart Card issues https://community.infosecinstitute.com/discussion/94160/smart-card-issues Wed, 09 Oct 2013 09:38:19 +0000 Off-Topic The_Riskbreaker 94160@/discussions
I work for "Uncle Sam" and as part of my job I use a Smart Card to log onto my workstation. This card contains several certificates I used for authentication when accessing certain government sites, and for sending emails. When I left work last Thursday everything was fine. Coming into work on Friday my system read my card at the logon screen and told me "no valid certificates found". This puzzled me, so I tried my card in the other external reader, (all our system have two USB connected readers) and it also proclaimed my card was empty. Hopping into the cube next to me I was able to log on and work just fine. It read all my certs when I checked the card with our software we use called ActivClient. It showed all my certs.

Anyone else can use their cards through either reader on my original system and get on with no issues. While they were on I put my card in the free reader and my original machine once again showed no certs in ActivClient. After fiddling with it for ten minutes the guy from IT said they would have to reimage it. (Their most common fix to problems they can't explain or don't understand is to wipe and redo) Given that I have multiple certifications, and am just as smart as the IT guy, (my job involves tech support phone calls) I decided to see if I could figure out wjhy my machine is boycotting my card. I'm looking for any thought, no matter how valid.

I have not modified the registry or added any software. (most of this is blocked to us, since a person in our call center did something he shouldn't have and we all got restricted because of it). All I do between calls is write and make spreadsheets for stuff I do outside of work.

Thanks for suggestions,]]>
Google Fi https://community.infosecinstitute.com/discussion/135092/google-fi Sat, 16 Mar 2019 16:00:34 +0000 Off-Topic shochan 135092@/discussions
https://fi.google.com/about/

I thought about dumping att due to the fact I have a recycled number and get strange calls from all over the world...the previous owner of this number has ppl calling asking for him and her quite often & quite sick of it.  ATT wants to charge me to change my cell number and I am wtf?  

p.s.  I did find an old TE post back in 2016, but I wanted to find out since then if how service is, improved, worse, etc?

Thank you for your comments.]]>
Any alternative to TOEFL for WGU admission https://community.infosecinstitute.com/discussion/118079/any-alternative-to-toefl-for-wgu-admission Mon, 07 Mar 2016 03:51:55 +0000 Off-Topic curiousv 118079@/discussions
I don'icon_rolleyes.gift want to spend about 200$ for TOEFL ...is there any other alternative to this exam ....I already took readiness assessment and English language test was part of it...]]>
O365 - E3 Vs E5 License https://community.infosecinstitute.com/discussion/134990/o365-e3-vs-e5-license Tue, 26 Feb 2019 22:55:06 +0000 Off-Topic cjthedj45 134990@/discussions Hi,

I'm trying to fine a more detailed comparison of E3 and E5 license. I have taken the below from Microsoft's website, but was hoping for an expanded list of controls that are available For example I want to know what Data Governance 1 gives you on an E3 license vs what it gives you on an E5 license. If you click on the urls for more information then for me its not clear. Does anyone know if there is more detailed breakdown in a list, so its easy to compare?

Feature Office 365 Enterprise E3 Office 365 Enterprise E5 Access to the Security & Compliance Center Yes Yes Office 365 Cloud App Security No Yes Threat management such as mail filtering and anti-malware Yes Yes Advanced threat management such as customer lockbox and threat explorer for phishing campaigns 6 No Yes Mobile device management Yes Yes Data loss prevention Yes Yes Data governance1 Yes Yes Advanced data governance2 No Yes

Thanks

]]>
Pluralsight - Free Weekend 3/8-3/10 https://community.infosecinstitute.com/discussion/135053/pluralsight-free-weekend-3-8-3-10 Sat, 09 Mar 2019 20:02:45 +0000 Off-Topic MitM 135053@/discussions
https://learn.pluralsight.com/offers/2019/free-weekend
]]>
Line toggling Vim not working need a linux guru https://community.infosecinstitute.com/discussion/135055/line-toggling-vim-not-working-need-a-linux-guru Sat, 09 Mar 2019 21:02:49 +0000 Off-Topic ally_uk 135055@/discussions centos 7 box  my vimrc post is below, I have a option that is supposed to allow me to press ctrl+N to trigger line numbering the trouble is it doesn't appear to be working.

Any ideas gods of linux?

1                                                                                                                                                  
  2 "####################### VIM Configuration ###############################"
  3 set number
  4 nmap <C-N> :set invnumber!<CR>
  5 syntax enable
  6 set nocompatible        " Use Vim defaults (much better!)
  7 set bs=indent,eol,start         " allow backspacing over everything in insert mode
  8 set viminfo='20,\"50    " read/write a .viminfo file, don't store more
  9                         " than 50 lines of registers
 10 set history=50          " keep 50 lines of command line history
 11 set ruler               " show the cursor position all the time
 12 colorscheme darkblue
 13 set cursorline
 14
 15 highlight comment ctermfg=LightCyan
 16 "##########################################################################"



]]>
Looking for VPN router recommendation https://community.infosecinstitute.com/discussion/135046/looking-for-vpn-router-recommendation Fri, 08 Mar 2019 22:13:06 +0000 Off-Topic bjpeter 135046@/discussions
What router do you recommend that I use for connecting to a VPN server?]]>
Profanity https://community.infosecinstitute.com/discussion/135002/profanity Thu, 28 Feb 2019 08:10:16 +0000 Off-Topic MrsWilliams 135002@/discussions

I understand that people curse and it's likely that even if they attempt to stop, they will curse. 

Do you use profanity or mind if others around you use profanity at work?
]]>
Help opening ports on home network to host webserver https://community.infosecinstitute.com/discussion/135043/help-opening-ports-on-home-network-to-host-webserver Thu, 07 Mar 2019 21:34:47 +0000 Off-Topic ebparadise 135043@/discussions
I've been studying networking and I like applying my knowledge as much as I can to get the best experience but I'm currently just a bit stuck about ports and port forwarding.

They say 'be careful opening your ports, if you don't know what you're doing you can compromise your network!' etc.

But my goal is this; host an apache2 webserver on my Linux laptop or my RPi 3 B+.

This is not difficult, I am able to access the web server from within my LAN. But if I want to be able to access it remotely I need to forward a port from my router to the host of the server. How do I do this securely, as a beginner? What actual risks are there to opening ports just by setting up port forwarding and nothing else? How do I do the same if I want to remotely SSH into my machine at home?

Really appreciate your answers, thank you.]]>
Help with Skipfish web scanner https://community.infosecinstitute.com/discussion/135008/help-with-skipfish-web-scanner Fri, 01 Mar 2019 20:36:23 +0000 Off-Topic tedjames 135008@/discussions Skipfish with a couple of my websites. First time user, here. Basic syntax in Kali Linux:

skipfish -o outputfolder https://www.website.com

My question: Is it possible to configure Skipfish to scan a single directory (including its subdirectories), kind of like this?

skipfish -o outputfolder https://www.website.com/subdir

I tried that, but it still scanned the entire domain. I tried applying my limited knowledge of regular expressions, but that didn't work. The Skipfish page on Kali (linked above) lists the available options, but I don't see anything specifically for what I want. Most tutorials I've seen show just a basic scan. If you have suggestions, I'd be grateful.]]>
I have a good one for you -- what is the industry definition for "IT Control"... https://community.infosecinstitute.com/discussion/134983/i-have-a-good-one-for-you-what-is-the-industry-definition-for-it-control Mon, 25 Feb 2019 22:49:14 +0000 Off-Topic fifediggity 134983@/discussions There is no standard definition for IT control. I can make it up, and say its has to do with IT systems, but I would like to know if there is a industry standard version. This is a tough one!]]> Will you be at RSA? https://community.infosecinstitute.com/discussion/134977/will-you-be-at-rsa Mon, 25 Feb 2019 16:42:15 +0000 Off-Topic Meggo 134977@/discussions
Will you be at RSA next month? I am not attending, but @infosec_darren will be in the Infosec booth (N 4303) and would love to meet you! We're also sponsoring the pub crawl, so be sure to stop by and grab a drink (or two) on us!



]]>
Powershell obfuscating plain text passwords https://community.infosecinstitute.com/discussion/134920/powershell-obfuscating-plain-text-passwords Mon, 18 Feb 2019 20:29:59 +0000 Off-Topic phoeneous 134920@/discussions Black Hat Trainings (Vegas) questions https://community.infosecinstitute.com/discussion/134948/black-hat-trainings-vegas-questions Thu, 21 Feb 2019 20:16:42 +0000 Off-Topic LonerVamp 134948@/discussions I might have a chance to attend Black Hat USA in Las Vegas this year for the first time, and just had a few questions that I'm also researching on my own.

1. Do most people who attend gravitate to the 4-day trainings as opposed to the 2-day ones?
2. Any quick recommendations or suggestions? I know that's a huge topic, especially when you know nothing about me. I do both offense and defense in my day jobs, and I could probably pick up most any course that doesn't dive hard into C programming or assembly or Windows API types of stuff. (For reference, I took SEC542 a few weeks ago and FOR408 from SANS last year.)  It is outside my normal wheelhouse, but doing social engineering or gettings some hands-on with physical entry could be fun. Physical entry seems to be one that I have a hard time learning just on my own.

I'll also be looking at the instructors and if these courses/material are also offered elsewhere for far cheaper than the BHUSA price tag.
]]>
Cybersecurity Podcasts https://community.infosecinstitute.com/discussion/134956/cybersecurity-podcasts Fri, 22 Feb 2019 15:41:59 +0000 Off-Topic Sylabicuma 134956@/discussions
I am looking for recommendations for podcasts related to cyber! I like to listen to podcasts while working out. I am currently listening to the Darknet Diaries and love it. If anyone has any recommendations that is similar to the Darknet Diaries podcast, I would really appreciate it!]]>
Launching EEM Scripts on Cisco 4331 https://community.infosecinstitute.com/discussion/134936/launching-eem-scripts-on-cisco-4331 Wed, 20 Feb 2019 16:14:30 +0000 Off-Topic pitviper 134936@/discussions ]]> BGP injecting routes on ASA Firewall https://community.infosecinstitute.com/discussion/134929/bgp-injecting-routes-on-asa-firewall Tue, 19 Feb 2019 13:41:16 +0000 Off-Topic DevilWAH 134929@/discussions
I know i can do this just cant remember how! 

On an ASA firewall i need to advertise a route out to a BGP neighbor. However as the network I am advertising is down a ipsec tunnel link there is no route to it in the routing table. 

If i add a route to null then it stop traffic getting passed down the tunnel completely. So is there any way to send a route to a BGP neighbor that is not in the routing table?

Cheers ]]>
How many ip addresses/hosts in a /32 subnet? https://community.infosecinstitute.com/discussion/112709/how-many-ip-addresses-hosts-in-a-32-subnet Sat, 25 Jul 2015 00:18:44 +0000 Off-Topic thomas_ 112709@/discussions
A /31 will give you two ip addresses, so you can have a subnet id and a subnet broadcast. However, you won't have any ip addresses for hosts.

I told the interviewer "zero" to which he responded that there were four possible addresses in a /32 subnet, but only two usable. I remember being completely confused about why he would say there are four possible ip addresses in a /32 subnet.

Today while thinking about the interview the only thing I can think of to make sense of the situation is that either he said "/32 subnet" but really meant to say "/30 subnet" or he said "/30 subnet" and I heard "/32 subnet". However, I'm almost certain that he said "/32 subnet".

This is a crappy situation because no matter which one it was, I look like an idiot. If he said "/32 subnet" but meant "/30 subnet" and he didn't realize that he misspoke then in his mind I'm stupid for not knowing how many ip addresses are available in a "/30 subnet". If he said "/30 subnet" and I heard "/32 subnet"(unlikely) then I still look like an idiot for not knowing how many ip addresses are available in a "/30 subnet."

Anyone else have a similar situation happen in an interview?]]>
hacking a Galaxy? https://community.infosecinstitute.com/discussion/134904/hacking-a-galaxy Sun, 17 Feb 2019 04:57:31 +0000 Off-Topic dhay13 134904@/discussions So quick backstory...my mother has a Galaxy (not sure which model but pretty new). Yesterday her phone got a weird tone and a name from her contacts list popped up but there was no activity. Just this persons name with a weird tone. Today she asked that person if they hacked her phone. The person would not look at her and wouldn't confirm or deny it. She asked a few times and he never answered her. This person then went upstairs and as my mother was leaving her phone rang and this persons name came up on her phone. She answered and nobody was on there. She went back in and yelled to him and asked if he called her. He said he didn't and that his phone was acting up.
She asked me about it tonight and I told her I'm not that familiar with hacking phones but was sure it was likely possible. She said he never had access to her phone and she hadn't seen him or been around him for close to a year.

More of the story so it makes sense...this guy is my cousins boyfriend and he is a police officer but has been violent with her recently. My mother told her to call the police and turn him in. She thinks maybe he is trying to read their texts to each other. My step-son is a detective and she called him after this happened. He said from a law enforcement perspective he isn't aware of anything that can be done remotely, meaning he would have had to have access to her phone, which he didn't.
I told her to take her phone to my step-son Monday and let him **** it to see what he might be able to find.

Any insight? Feel free to PM if you don't want to post it publicly.
]]>
A terrible process https://community.infosecinstitute.com/discussion/133203/a-terrible-process Fri, 03 Aug 2018 04:08:43 +0000 Off-Topic kkasy 133203@/discussions Anyone here have Sharepoint recovery experience? https://community.infosecinstitute.com/discussion/134885/anyone-here-have-sharepoint-recovery-experience Wed, 13 Feb 2019 17:15:54 +0000 Off-Topic jah8887 134885@/discussions Web App Penetration Testing Process/Checklist https://community.infosecinstitute.com/discussion/134786/web-app-penetration-testing-process-checklist Thu, 31 Jan 2019 18:16:01 +0000 Off-Topic tedjames 134786@/discussions Look What I Found https://community.infosecinstitute.com/discussion/134807/look-what-i-found Sun, 03 Feb 2019 01:56:21 +0000 Off-Topic stryder144 134807@/discussions Iristheangel was interviewed by David Bombal!  Great video.
]]>
Screen mirroring/casting from PC to TV issue https://community.infosecinstitute.com/discussion/134805/screen-mirroring-casting-from-pc-to-tv-issue Sat, 02 Feb 2019 21:12:41 +0000 Off-Topic Mr.Robot255 134805@/discussions
For the first few days i was able to click on cast or connect/project on my dell windows 10 pc and i was able to share my whole desktop to the TV basically like have a 3rd display ( i have 2 monitors) so this was a nice surprise as i hadn't thought of doing that at all.

Anyways that stopped working for what reason i don't know. I tried rolling back updates on my PC and even did a fresh install on PC from a Disc to see would i be able to sort it. But i can't.

Thing is i am able to click on individual pictures videos etc in my desktop folders and click "CAST" and they cast just fine to the TV.

i would like to be able to extend the display once again to the TV but i have ready loads of google topics/samsung/microsoft forums and none seem to work , and it seems its a common issue.

Has anyone seen this happen before , anyone have a remedy?

thanks]]>
Distributing client certificates https://community.infosecinstitute.com/discussion/134757/distributing-client-certificates Mon, 28 Jan 2019 15:24:49 +0000 Off-Topic MitM 134757@/discussions

Our developers are working on a solution to allow outside business partners to make api calls into our ERP system.  They plan to use mutual authentication using certificates. I have an internal PKI system (ADCS), so my thought is issue certificates from our internal PKI, as opposed to using a 3rd party CA.

The developers seem to think the best solution is to use 1 client certificate for ALL of the business partners. This does not make sense to me, at all. I'm suggesting each business partner would get their own certificate. 

Also, they seem to think we will distribute this certificate to the business partner.  I don't like this either. Why would you distribute a certificate with the private key?  I would think, have the business partner generate the CSR, I'll supply that to our internal PKI and issue them the certificate. 

Am I way off? Am I being paranoid? I'm not a developer, this is outside my comfort zone.]]>
Is it worth replacing your Ethernet cables with fiber? https://community.infosecinstitute.com/discussion/134725/is-it-worth-replacing-your-ethernet-cables-with-fiber Wed, 23 Jan 2019 20:57:14 +0000 Off-Topic LooseyGoosey 134725@/discussions Taking a few months break https://community.infosecinstitute.com/discussion/132288/taking-a-few-months-break Sat, 12 May 2018 05:54:33 +0000 Off-Topic TheFORCE 132288@/discussions
Going to focus on my workouts and lifting weights, and going on some much needed vacation to unwind from it all and enjoy time with family and my son.

Probably read some random books about whatever to keep the mind sharp.

I'll lurk from time to time but I'll be back!

Keep studying! I'll be doing something similar.]]>
Future of VoIP https://community.infosecinstitute.com/discussion/134763/future-of-voip Tue, 29 Jan 2019 11:32:17 +0000 Off-Topic Snow.bros 134763@/discussions
I am planning on my next career path so I am considering on specializing in certain technologies like VOIP, security, virtualization, routing and switching or wireless technologies.

I am interested particularly in Cisco products so I have been battling between the choice of specializing in VoIP or wireless technology. I finally made up my mind that I will go for VoIP but I am concerned about the future of VoIP in the next 10 years or more seeing that products like 3CX can integrate into your mobile phone through the app and onto your desktop which to me suggest that normal desk phone will eventually fall away in the future.

So I wanted to find out from other TE members who are in this field or members who can predict where the future of VoIP is heading and if it will be a secured career going forward.

Looking forward to hearing your thoughts on this.]]>