Hi, I am new here, and I want to learn cybersecurity by myself, I have 2 pc, a recent one (2024) with windows, and an old one (2016) with nothing on it. I d like to use the old one to try and learn stuff but I don't know which OS I should use. I had Linux Unbutu but I thought that in professional life people don't use Linux. Should I reinstall Windows on my old PC ? Knowing that it has 8Go RAM so not enough to install the latest versions of windows. I ve seen "windows server" like windows but without the UI (which is fine for me, I just want to attack it) Any thoughts ? Thanks ! submitted by /u/Training-Sun-8097 [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

Most Beginners Learn Ethical Hacking the Wrong Way — Python Fixed That for MeContinue reading on Python in Plain English »

Security is a critical requirement for both homes and businesses in today’s environment. From protecting families and residents to…Continue reading on Medium »

submitted by /u/rkhunter_ [link] [comments]

Do you know how AI Cyber Security Tools support organisations to protect their data and devices against unknown online threats? If not…Continue reading on Medium »

Mastering Active Directory Exploitation Through Methodical PersistenceContinue reading on Medium »

Title: Eliminating Client-Side Code Execution via Execution Isolation Nexus (EIN)Continue reading on Medium »

In today’s digital-first economy, data is one of the most valuable assets a business can own and one of the most vulnerable. For companies…Continue reading on Medium »

Between Backend and OnchainContinue reading on Decurity »

This document is a structured security write-up based on hands-on exploitation of the Relevant lab on TryHackMe website…Continue reading on Medium »

I wonder, are we really in civilized world?Continue reading on Medium »

IntroductionContinue reading on Medium »

With existing audit and control mechanisms, the potential financial losses that may arise when business operations and operational…Continue reading on Medium »

Today, cybersecurity is often discussed in terms of new technologies, products, and automation solutions. However, the reality we observe…Continue reading on Medium »

A lot of people want to jump straight into cryptoasset tracing or malware RE, what do you consider the minimum viable skills n tools for a junior to be actually useful (OS internals, basic reversing etc)? What would be the top priorities or common traps to avoid? submitted by /u/Gunnilingus [link] [comments]

Assalam o alaikum muslims and hello for non muslims i hope all of u are doing great and keep learning every day, i am back with another…Continue reading on Medium »

A year ago, I would have laughed if someone told me I could secure my entire digital life in a single day.Continue reading on OZ Buzz »

Why I Chose a GRC Course After Passing CySA+Continue reading on MeetCyber »

submitted by /u/EntranceWarm3918 [link] [comments]

As Indonesia strives to maintain national stability and security, threats increasingly arise from areas often underestimated, such as…Continue reading on Medium »

Dubai is known for its luxury villas, gated communities, and high-rise residential towers. With this rapid urban growth, ensuring the…Continue reading on Medium »

Hello everyone, Cyber threats and data breaches are increasing, and our organization is gearing up to do VAPT: Vulnerability Assessment & Penetration Testing, by the year 2026. India-based providers are being considered more so for the costs and time zones. Rather than advertisements, I'd really love to learn from personal experiences and points of view on how practitioners assess the effectiveness of the VAPT vendors they're dealing with. Points of concern: -Even depth of testing (manual vs. automated) -The meaning of report quality and remediation guidance -Responsiveness during and post-engagement -Experience with compliance-driven testing (ISO 27001, PCI DSS, etc.) -Post-assessment support scope: websites, APIs, network infrastructure, and cloud environments (AWS/Azure). For those who have experience with offshore or India-based pen testing teams: What mattered the most on your checklist? Any common pitfalls to be avoided? Thanks in advance for any insights! submitted by /u/Educational-Split463 [link] [comments]

A simple breakdown of how React fixed React2Shell and what developers should learn from it.Continue reading on JavaScript in Plain English »

A Hands-On Lab with Podman, nginx, and a Live Certificate DashboardContinue reading on Medium »

Registration for OffensiveCon 2026 was open last night (European time) and tickets for one of the best events, if not *the* best for offensive security in Europe sold out within a few hours. It will take place in May in Berlin. Currently, there are some tickets for the trainings *only*, so if you want to learn about kernel and IOS exploits and baseband exploitation (among others), you should probably book now. (Disclaimer for mods: I am in no way, shape or form affiliated with OffensiveCon or Binary Gecko.) submitted by /u/CrimsonNorseman [link] [comments]

submitted by /u/donutloop [link] [comments]

The freight industry woke up today expecting clarity.Continue reading on The Broker Briefing by fenderr »

Hi Folks, I just found out a Host is looking up .onion domains and that process that looks at it is svchost.exe and the cmd line is mentioned below: svchost.exe -k netsvcs -p -s SharedAccess Help me in my investigation what should I look further on this? submitted by /u/Incommunicado_xix [link] [comments]

submitted by /u/nu11po1nt3r [link] [comments]

As AI continues to become more prevalent threat actors will find new ways to compromise it https://www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-hijack-microsoft-copilot-sessions/ submitted by /u/Leak_Leech [link] [comments]

I am a senior cyber security analyst. With 14 years of IT under my belt. My current position was my first cyber security job and was hired in 2020. Got a new job as a mid level cyber security engineer, helping a company break away from overseas/contact cyber sec work. The team seems great, everyone is excited to have the security team be local. I have a loose itinerary for my first 90 days and a part of that is discovery. In my current position, I oversee a lot of end user items such as device security, policies, evidence, training, etc. So I think i will start there and work my way through to the backend. How would YOU approach discovery? submitted by /u/ancientpsychicpug [link] [comments]

submitted by /u/rkhunter_ [link] [comments]

submitted by /u/Patient_Calendar9011 [link] [comments]

The Trump administration is weighing a substantial shift in its cyberstrategy, including by enlisting private companies to assist with offensive cyberattacks, according to four former senior U.S. officials familiar with the administration’s thinking. The proposals have been included in drafts of the administration’s coming National Cybersecurity Strategy, which will set out general priorities and be accompanied by a plan to carry out the policies, said the former officials, who spoke on the condition of anonymity to discuss a document that was not yet public. The government can currently contract private companies to develop elements of its cyberoperations. But the initiative would drastically expand the role of private companies in cyberwarfare, raising a host of questions about the legality and practicality of their involvement. It would be a more aggressive approach that is likely to be the subject of a confirmation hearing on Thursday for President Trump’s nominee to lead United States Cyber Command and the National Security Agency, Lt. Gen. Joshua M. Rudd. Under the law, private companies are prohibited from conducting offensive campaigns online, which can range from the breach that paralyzed Britain’s largest carmaker to persistent assaults targeting an opponent, like Russia’s reported attacks on Ukraine and its allies. Changing the law to permit private companies to execute offensive cyberattacks would require congressional approval. In the past, representatives in Congress have proposed legislation that would do just that. Recently, those proposals have re-emerged on Capitol Hill. Some lawmakers have called for private companies to be allowed to “hack back” when they come under attack, while others have suggested repurposing the Letters of Marque for cyberspace. Last authorized during the Civil War, a Letter of Marque is a constitutional provision that allows private citizens to seize enemy ships. But the measures raise the specter of U.S.-approved piracy in cyberspace, said Lt. Gen. Charles L. Moore Jr., a retired deputy commander of U.S. Cyber Command and an author of a recent report about the role private companies could play in U.S. cyberoperations. “If you just have companies out there hacking back, what you end up with is potential chaos in the environment,” he said. General Moore and his co-author, Brett Goldstein, a cybersecurity expert who held senior positions in the Defense Department, pointed to those potential complications in their report, published by Vanderbilt University’s Institute of National Security. Without Cyber Command overseeing all operations, General Moore said in an interview, “you’re going to have actions that take place by private companies against nation-states that believe that was the formal position of the United States, and now you see escalation, and potentially even kinetic conflict come of that. You’re going to see chaos.” Having private companies answer to Cyber Command would ward against that, the authors added. Without changing the law that prohibits private companies from engaging in offensive cyberoperations, there are several ways private-sector teams could supplement traditional military and intelligence forces, General Moore said in the interview. The military could embed a uniformed cyberoperator in a private company to be the one who actually executes the cyberattack. Or a private company, under virtual oversight, could write code for an operation and then hand it over to Cyber Command. General Moore and Mr. Goldstein contend that scaling up the nation’s cybercapabilities with experience from the private sector is necessary to meet the moment. “The demand signal is too large, the threat landscape too dynamic and the technical talent pool too competitive for the department to meet future requirements with government personnel alone,” they said, referring to the Defense Department. Turning to the private sector would allow for “a very rapid increase in scale,” which would result in more cyberattacks, General Moore said. This in turn could throw sand into the gears of enemy cyberoperations and position the United States for potential wartime actions, he added. But whatever the role of private companies, it will still signal a significant shift in the U.S. military’s long history of teaming up with the private sector. “As a general rule, you don’t have your private-sector, defense-industrial-based companies sitting side by side with operators, conducting” offensive operations, General Moore said. While some former officials expressed a measure of concern about the Trump administration’s plan to rely on the private sector, they welcomed its emphasis on offensive cybersecurity. The United States has successfully conducted largely isolated offensive cybermissions, like cutting power in Venezuela’s capital during an operation to capture Nicolás Maduro, the country’s leader. But the cyberattacks have generally not amounted to broader campaigns, akin to the Salt Typhoon attack linked to the Chinese government that targeted critical U.S. infrastructure over many years. To meet the capacity and scale of cyberattacks by American adversaries, the United States must shift the frequency of its response, moving from periodic action to persistent campaigning, General Moore said. He added that private-sector expertise was essential to achieving that goal. Joe Lin, a former Navy Reserve officer who runs a cyberwarfare start-up called Twenty, similarly said the United States needed to be “much more proactive and pre-emptive in disrupting our adversaries, in going after our adversaries, in imposing costs on our adversaries.” Previous administrations have not taken such an offensive approach, he said. One reason that could be changing is that “there is much more of a consensus now that offensive cyberoperations are actually much less escalatory than people previously believed that they were,” Mr. Lin said. As someone who has experience in the military and the private sector, Mr. Lin said he saw the potential for innovative cyber start-ups to contribute to the U.S. military. If the Trump administration indeed solicits help from private companies to augment offensive cyberoperations, Mr. Lin said, “my hope is that we won’t be the only U.S. venture-backed cyberwarfare start-up in this space, which is what we are today.” submitted by /u/FreemanCantJump [link] [comments]

like seriously jobs are non existent when starting out? no jobs even with internships and degrees? i was so interested but now it doesn’t look worth it after just searching about job market here whats the point of learning all the deep technical etc stuff if its this bad i thought fields in cyber security were the most ai resilient and its only gonna grow in demand but lookin here it’s just despair what do i do? if cyber is this bad , cs swe whats the future of tech careers, and tf is the ai bubble gonna burst submitted by /u/Yand7_7 [link] [comments]

Honestly one of the most fun finds I've had recently 🙂 submitted by /u/mattbrwn0 [link] [comments]

Just came across some interesting research from Group-IB on a ransomware group called DeadLock that's been operating since mid-2025. The twist? They're storing their proxy server URLs inside smart contracts on Polygon, which lets them rotate addresses constantly. Makes it a nightmare for defenders trying to block their infrastructure permanently. One researcher said "imagination is the limit" for how this technique could evolve. Other things that stand out: No leak site. Instead of the usual "pay or we publish" approach, they claim they'll sell your data on underground markets. Whether that's a real threat or just bluffing is up for debate They use Session (the decentralized messenger) for ransom negotiations, delivered via an HTML wrapper Cisco Talos previously linked them to BYOVD and EDR-killing techniques, but their initial access methods are still unclear This isn't completely new – Google reported North Korean groups doing something similar ("EtherHiding") since early 2025. But it seems like more actors are catching on to blockchain as a way to build takedown-resistant infrastructure. Curious what others think: Anyone seeing more of this blockchain-based evasion in the wild? Without a leak site, how seriously would you take the "we'll sell your data" threat? What's even the defensive play here? submitted by /u/tutezapf [link] [comments]

submitted by /u/kyle4beantown [link] [comments]

submitted by /u/AmateurishExpertise [link] [comments]

submitted by /u/Doug24 [link] [comments]

I’ve been working on a new tool and wanted to share it here. It’s called Project Deep Focus, and the idea behind it is to act like a personal Shodan that runs locally on your own computer. Instead of relying on external databases, it scans IP ranges directly and discovers exposed services in real time. It can identify services like HTTP, SSH, FTP, RTSP, VNC, and more, detect authentication requirements, and fingerprint devices and models where possible. There’s also a live terminal dashboard so you can watch results come in as the scan runs. I built it mainly for asset discovery, lab environments, and authorized security testing. Think of it as Shodan-style visibility, but fully local and under your control. It’s lightweight, fast, and designed to scale without being painful to use. The project is open-source and runs on macOS, Linux, and Windows. I’d appreciate any feedback, ideas, or suggestions for improvement. submitted by /u/Y0oshi_1 [link] [comments]

Hey everyone, I've been thinking a lot lately about where AI security is actually going, what we're dealing with day-to-day. More and more LLM and GenAI features are getting shoved into production, and a lot of it feels rushed. Someone duct-tapes a solution together, plugs it into internal tools or company data, and security is an afterthought at best. When stuff breaks, it's rarely some sophisticated attack. It's the basics that get us. Prompt injections that nobody saw coming. Agents with way too many permissions. Connectors leaking sensitive data. RAG systems accidentally exposing information they shouldn't. And people just trusting whatever the AI says because it sounds confident, even when it's completely wrong. All of this has me rethinking how we should build our skills. Most advice still pushes you toward ML or data science, which matters but what I'm seeing looks way more like traditional appsec and cloud security problems, just with some new twists. So I'm curious: what's been working for you? Which skills have turned out to be actually useful? Have you found that getting your hands dirty with labs and breaking real systems beats sitting through theory? And how are you thinking about threat modeling now that this stuff is everywhere? Would love to hear what's been valuable, what's been a waste of time, and where you're focusing your energy. Any Course Suggestions ? submitted by /u/Bizzare_Mystery [link] [comments]

Without naming companies or breaching NDAs: What’s the most expensive security control you’ve seen that added no real risk reduction? Bonus points if it made things worse submitted by /u/Any_Good_2682 [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]