3,515
 

Cyber Security For Beginners: Network Attacks



ADVERTISEMENT
 
topics gone triple plat - Number 1 spot 3X PLAT
most viewed right now
  151
56 replies  @guap




section  x7   |  0 bx goons and 7 bystanders Share this on Twitter       Share this on Facebook

section tech
  
 1 month ago '20        #1
3489 page views
44 comments


OrganizedChaos  topics gone triple plat - Number 1 spot x1
avatar
Props total: 2885 2 K  Slaps total: 92 92
Cyber Security For Beginners: Network Attacks
 

 




The OSI Model: visit this link https://cybercoastal.com/ .. the-osi-model/

Denial of Service (DoS) Guide For Beginners: visit this link https://cybercoastal.com/ .. e-dos-attacks/

Footprinting Fundamentals: visit this link https://cybercoastal.com/ .. -fundamentals/


Last edited by OrganizedChaos; 09-14-2021 at 07:54 AM..
+30   



best
worst
44 comments
 

 1 month ago '17        #2
Mamluke13 
Props total: 1988 1 K  Slaps total: 481 481
Hellboundhackers,org is pretty good and practicing packet tracer
+10   

 1 month ago '16        #3
AfroBucks88  topics gone triple plat - Number 1 spot x4
Props total: 90016 90 K  Slaps total: 3140 3 K
thanx

 1 month ago '08        #4
Riley11 
Props total: 1059 1 K  Slaps total: 334 334
Anybody actually working in infosec?
+4   

 1 month ago '20        #5
OrganizedChaos  topics gone triple plat - Number 1 spot x1 OP
Props total: 2885 2 K  Slaps total: 92 92
 Mamluke13 said
Hellboundhackers,org is pretty good and practicing packet tracer
Hell yeah, I use it myself
+2   

 1 month ago '04        #6
eazyvaboy  topics gone triple plat - Number 1 spot x9
Props total: 43129 43 K  Slaps total: 1933 1 K
+2   

 1 month ago '04        #7
eazyvaboy  topics gone triple plat - Number 1 spot x9
Props total: 43129 43 K  Slaps total: 1933 1 K
 Riley11 said
Anybody actually working in infosec?
I work in Cyber and have taught various graduate Cyber classes at a few universities.

To clarify, I don't work in the Cyber group at my company but I am the Cyber rep and POC to he ISSO for our projects. I do development and manage our Systems cloud deployment team but I also am responsible for most of our Cyber stuff for our projects.

I have to mitigate any vulnerabilities on our stuff after security scans. We do Nessus on the front end and Guardium on the back end. I have to do hardening and least privileges checks on all of our stuff ahead of our schedule audits and on the quarterly runs. I run the DR scenario planning and tests and complete our security control a*sessments and checks.

Worst part of it is I have to be on the summer jam screen with the auditors when they do scheduled and surprise security audits.

Like


+20   

 1 month ago '17        #8
Timmy 
Props total: 274 274  Slaps total: 19 19
Im in cyber security. I have run several SOCs and VATs. Now I'm a program manager for a cyber operation. Cyber futures are very bright and companies are desperate for people.

If you want to get a foot in the door there are a couple of paths.

No matter what, Start with a network plus cert. It explains how a network works. Then get security plus.

To get into SOC start by taking splunk fundamentals 1. It's free through splunks webpage. Study phishing and command and control (c2).

To get into vat, learn security center/acas/nessus (all basically the same thing).

I'm hiring people right out of school at 75k. Top range is 200k. Educate yourself and it will be worth it
+33   

 1 month ago '14        #9
MrBojangles 
Props total: 129 129  Slaps total: 4 4
Anybody here do pen testing?


Last edited by MrBojangles; 08-21-2021 at 11:39 PM..
+3   

 1 month ago '17        #10
Mamluke13 
Props total: 1988 1 K  Slaps total: 481 481
If yall have info on tech and hiring reach out to the black authority on Twitter
+1   

 1 month ago '15        #11
The South 
Props total: 30118 30 K  Slaps total: 3916 3 K
 Timmy said
Im in cyber security. I have run several SOCs and VATs. Now I'm a program manager for a cyber operation. Cyber futures are very bright and companies are desperate for people.

If you want to get a foot in the door there are a couple of paths.

No matter what, Start with a network plus cert. It explains how a network works. Then get security plus.

To get into SOC start by taking splunk fundamentals 1. It's free through splunks webpage. Study phishing and command and control (c2).

To get into vat, learn security center/acas/nessus (all basically the same thing).

I'm hiring people right out of school at 75k. Top range is 200k. Educate yourself and it will be worth it
Props for giving people the path.
+3   

 1 month ago '09        #12
Troop 
Props total: 539 539  Slaps total: 31 31
 MrBojangles said
Anybody here do pen testing? I want to transition from SDE to red team. Already have sec+, cybersec masters in progress, and been practicing HTB. Trying to decide what's next OSCP, GPEN, or CEH?
Start with this if you wanna do red teaming




Then combine this training with INE’s junior pen-testing course. Once you finish these do INEs professional pentesting course. Then you should be ready for OSCP. CEH is a joke imo, just an HR gateway cert and GPEN isn’t that in depth, but is a great course, just way too pricey for no reason. I’m a 12 year cyber vet, did IR, malware analysis for 6 years and currently a blue team operator.

Like a poster said above though, if you don’t have a strong networking / Linux background, it’s best you learn these essentials first. Some python / bash scripting knowledge helps too.


Last edited by Troop; 08-19-2021 at 08:31 AM..
+5   

 1 month ago '10        #13
lboog1423  topics gone triple plat - Number 1 spot x1
Props total: 38088 38 K  Slaps total: 3084 3 K
Damn I needed this thread. I want to make the move into networks in the next few years
+5   

 1 month ago '20        #14
archimedes 
Props total: 10 10  Slaps total: 1 1
 Timmy said
Im in cyber security. I have run several SOCs and VATs. Now I'm a program manager for a cyber operation. Cyber futures are very bright and companies are desperate for people.

If you want to get a foot in the door there are a couple of paths.

No matter what, Start with a network plus cert. It explains how a network works. Then get security plus.

To get into SOC start by taking splunk fundamentals 1. It's free through splunks webpage. Study phishing and command and control (c2).

To get into vat, learn security center/acas/nessus (all basically the same thing).

I'm hiring people right out of school at 75k. Top range is 200k. Educate yourself and it will be worth it
can confirm, DFIR/Malware analyst and SIEM engineer here. at least in my region, talent pool is thin. hella understaffed. dudes dropping gems.

i cannot stress this enough. learn how a network works. learn at least cursory linux/unix. CEH looks good to HR but doesnt really go in depth (i let mine expire) but if you have no security background and know enough networking and linux, its a good first csec cert along with sec+ to get an idea of how it all works.
+4   

 4 weeks ago '17        #15
Timmy 
Props total: 274 274  Slaps total: 19 19
Agree, I have a ceh. It's kinda garbage. It's just a tools review and a lot is antiquated.

Linux is awesome to get into engineering. Putting that on your resume will get you interviews.

 4 weeks ago '08        #16
Riley11 
Props total: 1059 1 K  Slaps total: 334 334
Impressive ! I’m in a boot camp readiness program at a university right now learning about securing information and protecting the network for threats from the inside and outside. Very interesting stuff I just drift off on the subjects concerning compliance laws and all the basic fundamental beginnings . After I’m done with this program I’m testing for CySA+
Security+ Network+ …..that being said are those certs enough to land a decent entry level in IS?

 Timmy said
Im in cyber security. I have run several SOCs and VATs. Now I'm a program manager for a cyber operation. Cyber futures are very bright and companies are desperate for people.

If you want to get a foot in the door there are a couple of paths.

No matter what, Start with a network plus cert. It explains how a network works. Then get security plus.

To get into SOC start by taking splunk fundamentals 1. It's free through splunks webpage. Study phishing and command and control (c2).

To get into vat, learn security center/acas/nessus (all basically the same thing).

I'm hiring people right out of school at 75k. Top range is 200k. Educate yourself and it will be worth it

 4 weeks ago '08        #17
Riley11 
Props total: 1059 1 K  Slaps total: 334 334
I’m studying networks right now within a boot camp 12 week program at a university, they put heavy stress on compliance from what I’m learning. I really want to get into the field , what is most important to focus on from
What you learned because I feel like most schools throw on extra info you won’t even use but I can’t dissect that part. I’ve run wireshark and Nmap plus Nessus with instruction but don’t remember all the commands to do it on my own for example .
 eazyvaboy said
I work in Cyber and have taught various graduate Cyber classes at a few universities.

To clarify, I don't work in the Cyber group at my company but I am the Cyber rep and POC to he ISSO for our projects. I do development and manage our Systems cloud deployment team but I also am responsible for most of our Cyber stuff for our projects.

I have to mitigate any vulnerabilities on our stuff after security scans. We do Nessus on the front end and Guardium on the back end. I have to do hardening and least privileges checks on all of our stuff ahead of our schedule audits and on the quarterly runs. I run the DR scenario planning and tests and complete our security control a*sessments and checks.

Worst part of it is I have to be on the summer jam screen with the auditors when they do scheduled and surprise security audits.

Like



 4 weeks ago '04        #18
eazyvaboy  topics gone triple plat - Number 1 spot x9
Props total: 43129 43 K  Slaps total: 1933 1 K
 Riley11 said
I’m studying networks right now within a boot camp 12 week program at a university, they put heavy stress on compliance from what I’m learning. I really want to get into the field , what is most important to focus on from
What you learned because I feel like most schools throw on extra info you won’t even use but I can’t dissect that part. I’ve run wireshark and Nmap plus Nessus with instruction but don’t remember all the commands to do it on my own for example .
Sorry in advanced for the long winded explanation but want to make sure I answer your question correctly like I wish someone would have answered it for me long ago.

First, don't worry about not remembering all of the wireshark or Nessus commands. Even if you were doing it at a gig, you wouldn't need to know them all by heart. You would eventually start doing it so much, you would eventually start remembering them and knowing it by heart as a result. It's really not like how you think. If you get a job in it, they only want to make sure that you have done it and that you have an understanding of what you're doing and that you can come in and get to work. That's all.

Bruh, the thing to understand about Cyber is there are a lot of different disciplines just within Cyber. I have some homies that been in Cyber for a decade and only have focused on policies and controls.

I know other people that have only done pen tests and vulnerability analysis and don't understand certificate structures and revocation.

For example, you could do:

Forensics – investigative analysis to gather and preserve evidence for people doin while sh!t on a machine or to see what actions have taken place. You got people going to law school now and also getting certs and getting into this sh!t. it is crazy!

Disaster Recovery and Contingency Planning – performs planning and test how organizations deal with disasters. I have to do a lil of this.

Information Security Auditing – examining the organization's practices and procedures, controls, protection mechanisms, physical security. I have to do a lil of this.

Software a*surance or Security Engineering - Secure coding practices and testing.

Test and Analysis - Checking new software and hardware and other technologies for weaknesses and against current policies. I just went through this last month. we wanted to integrate a 508 accessibility tool into our pipeline called DeQue Axe but they couldn't provide evidence or a statement that they were IPv6 compatible so our cyber team put a nix on it and said it introduces a vulnerability to that segment of the network.

Cryptanalysis and Cryptography – involves the creating, protecting, or breaking of ciphers and discovering any features or hidden parameters of an information system. With Crypto, NFTs, and block-chains, this segment is blowing up on the low. Plus traditional financial institutions are about to block-chain it up.

Information Security Policy and Planning – creating, updating and maintaining the information security policies. I do a lil of this.

Vulnerability Analysis and/or Pen testing - Conducting a*sessments of threats and vulnerabilities. I do a lil of this.

So there are some of the different responsibilities that Cyber practitioners have. Depending on the size of your organization, you may have one or more people performing multiple roles. I’ve worked in large organizations where you have a separate section responsible for each of these role.

All this is to say, don't sweat not knowing everything. It's like getting into IT. Get a good foundation and get your foot in the door. Once you learn the different lanes, you'll gravitate to something more specific.
+9   

 4 weeks ago '17        #19
Timmy 
Props total: 274 274  Slaps total: 19 19
It's enough to get an interview for sure. I'm in Dc and if you can get all that, actually retain the knowledge and find a company willing to sponsor you for a security clearance, you will never have to worry about a job again.

Can't lie, I hate policy too. Second people start talking policy I go to sleep.
+1   

 4 weeks ago '08        #20
Riley11 
Props total: 1059 1 K  Slaps total: 334 334
Man much appreciate all of this….literally was just refacing and took a quiz over BC/DR RIGHT before I got back on here….so tell me….I don’t have a degree and I’ll only have certs. I’ll be able to get jobs just based on that ?
 eazyvaboy said
Sorry in advanced for the long winded explanation but want to make sure I answer your question correctly like I wish someone would have answered it for me long ago.

First, don't worry about not remembering all of the wireshark or Nessus commands. Even if you were doing it at a gig, you wouldn't need to know them all by heart. You would eventually start doing it so much, you would eventually start remembering them and knowing it by heart as a result. It's really not like how you think. If you get a job in it, they only want to make sure that you have done it and that you have an understanding of what you're doing and that you can come in and get to work. That's all.

Bruh, the thing to understand about Cyber is there are a lot of different disciplines just within Cyber. I have some homies that been in Cyber for a decade and only have focused on policies and controls.

I know other people that have only done pen tests and vulnerability analysis and don't understand certificate structures and revocation.

For example, you could do:

Forensics – investigative analysis to gather and preserve evidence for people doin while sh!t on a machine or to see what actions have taken place. You got people going to law school now and also getting certs and getting into this sh!t. it is crazy!

Disaster Recovery and Contingency Planning – performs planning and test how organizations deal with disasters. I have to do a lil of this.

Information Security Auditing – examining the organization's practices and procedures, controls, protection mechanisms, physical security. I have to do a lil of this.

Software a*surance or Security Engineering - Secure coding practices and testing.

Test and Analysis - Checking new software and hardware and other technologies for weaknesses and against current policies. I just went through this last month. we wanted to integrate a 508 accessibility tool into our pipeline called DeQue Axe but they couldn't provide evidence or a statement that they were IPv6 compatible so our cyber team put a nix on it and said it introduces a vulnerability to that segment of the network.

Cryptanalysis and Cryptography – involves the creating, protecting, or breaking of ciphers and discovering any features or hidden parameters of an information system. With Crypto, NFTs, and block-chains, this segment is blowing up on the low. Plus traditional financial institutions are about to block-chain it up.

Information Security Policy and Planning – creating, updating and maintaining the information security policies. I do a lil of this.

Vulnerability Analysis and/or Pen testing - Conducting a*sessments of threats and vulnerabilities. I do a lil of this.

So there are some of the different responsibilities that Cyber practitioners have. Depending on the size of your organization, you may have one or more people performing multiple roles. I’ve worked in large organizations where you have a separate section responsible for each of these role.

All this is to say, don't sweat not knowing everything. It's like getting into IT. Get a good foundation and get your foot in the door. Once you learn the different lanes, you'll gravitate to something more specific.
+2   

 4 weeks ago '04        #21
eazyvaboy  topics gone triple plat - Number 1 spot x9
Props total: 43129 43 K  Slaps total: 1933 1 K
 Riley11 said
Man much appreciate all of this….literally was just refacing and took a quiz over BC/DR RIGHT before I got back on here….so tell me….I don’t have a degree and I’ll only have certs. I’ll be able to get jobs just based on that ?
Yes, in cyber, you will definitely be able to get a job by just having certs and not having a degree. Most people making good money that I know doing that have, at least, a CISSP. I have degrees but I know a grip of people in it without a degree.
+3   

 4 weeks ago '20        #22
OrganizedChaos  topics gone triple plat - Number 1 spot x1 OP
Props total: 2885 2 K  Slaps total: 92 92
 eazyvaboy said
Yes, in cyber, you will definitely be able to get a job by just having certs and not having a degree. Most people making good money that I know doing that have, at least, a CISSP. I have degrees but I know a grip of people in it without a degree.
I agree 1000%.
+2   

 4 weeks ago '15        #23
kami  topics gone triple plat - Number 1 spot x6
Props total: 48204 48 K  Slaps total: 22439 22 K
 eazyvaboy said
Yes, in cyber, you will definitely be able to get a job by just having certs and not having a degree. Most people making good money that I know doing that have, at least, a CISSP. I have degrees but I know a grip of people in it without a degree.
Is 29 too old to get in this?

 4 weeks ago '04        #24
eazyvaboy  topics gone triple plat - Number 1 spot x9
Props total: 43129 43 K  Slaps total: 1933 1 K
 kami said
Is 29 too old to get in this?
Absolutely not! If you get your first cyber gig entry level, that can easily be finessed into 6 figures within 4 or 5 years depending on where you live and that's being conservative.

It may not seem like it but everyone should remember that Cyber is still a relatively new field in the grand scheme of thing. In the 90s, online pr0n companies were kinda the traiblazers for protecting data because they were some of the only companies that had a ton of online content for sale that they needed to protect.

The federal government didn't create FISMA (Federal Information Security Management Act) to secure federal information until after the Sep 11th attacks and at that time, it was just a little side bar act of the overall EGovernment Act.

Cyber is not to the point yet where you will meet a ton of people that exist and can say, I been in Cyber for 30 years. So if you get in it now, you will feel right in the mix in about 5 years or so.
+3   

 4 weeks ago '20        #25
OrganizedChaos  topics gone triple plat - Number 1 spot x1 OP
Props total: 2885 2 K  Slaps total: 92 92
 kami said
Is 29 too old to get in this?
Lol definitely not bro, trust me you'll still be a youngin' in this field. Many people get into to cyber MUCH older.

Most people I've worked with in Cyber took untraditional routes to get where their at so people get into the field at a variety of ages (usually "older").


Last edited by OrganizedChaos; 08-21-2021 at 07:37 AM..
+4   



Sign me up
 
 

yesterday...


most viewed right now
online now  36
Image(s) inside Brian Pumper aka Michael Marcellus Felton Is Currently Looked Up On s*..
113 comments
2 days ago
@hiphop
most viewed right now
+49online now  33
Video inside Sniper Gang Artist Wiz Da Wizard k*lled In Florida
131 comments
2 days ago
@hiphop
most viewed right now
online now  16
What does WWE need to do to improve
80 comments
1 day ago
@misc
most viewed right now
online now  14
Tesla just crushed the record for fastest electric vehicle in the world
41 comments
1 day ago
@rides
back to top
register register Follow BX @ Twitter search BX privacyprivacy