My friend is doing his B.Tech in cyber security spez..He wants to upscale with certificate courses in cyber. What are the short term certs he can get to develop his skills further. Pl give your suggestions submitted by /u/Evening_Pen6504 [link] [comments]
Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data.
Hey , recently i applied for internship and got selected and the fee is ₹99 for 1-month internship $9 for international applicant. And i am having couple questions. Could this be a scam? Their linkedin has 7k followers and I saw some people on LinkedIn showcasing their internship certificate. Has anyone done this internship, if yes ,how was your experience? Is it worth it? Please do answer this and help me quench my curiosity submitted by /u/OilFlimsy8253 [link] [comments]
The cybersecurity community is currently observing a surge in interest around Olymp Loader, a recently unveiled Malware-as-a-Service (MaaS) platform written entirely in Assembly. First advertised on underground forums and Telegram channels in early June 2025, Olymp Loader has rapidly evolved from a rudimentary botnet concept into a sophisticated loader and crypter suite. Its author, operating
Hi everyone, Docker has been claiming ISO 27001 certification since April 2024. However, I haven't been able to find any publicly available certificate documents, unlike with other providers (e.g. AWS). Multiple inquiries through official channels have gone unanswered. This is unusual, since ISO 27001 certificates don't contain sensitive information and are normally made accessible either directly by the company or via the certification body. Does anyone have access to Docker's ISO 27001...
Hi, I'm new to cybersecurity, and I recently saw the EJPT certificate from ine, and I need to know if it's good, should I get it, or is it something I could get online without the need for the certificate and labs. If anyone tried it, share with me the experience, and whether it's worth it or not? submitted by /u/Elghorouri_n [link] [comments]
When the PKI root certificate expires and this has no impact on your IT system, and you only realise this several days later, what does that say about the company ? submitted by /u/vao-81 [link] [comments]
Cloudflare Radar now offers a Certificate Transparency dashboard for monitoring TLS certificate activity, and new regional traffic insights for a sub-national perspective on Internet trends.
Today I was just thinking about this. The masters in cyber vs the certificate in cyber debate. Honestly, for me and myself I think certifications are the better path but that is due to what I want to do and where I want to end up. However that doesn't mean that certifications are for everyone. Some people are better suited for what they want career wise to get a masters since the roles they want a masters in cyber will get them further than an entry level cert say a sec+. What are everyone...
Hello guys, I just moved to the Netherlands and I am tired of my job that I do for more then 6 years, I am looking to get in to cybersecurity, its a thing that I am very interested in, I have 26 years and I have a hardware and software degree made in my homeland, I am reading about a google cybersecurity certificate since I think is to late do get a school degree, then I would ofc make a security + and network + certificate ( I see that is a well needed certification as per YouTube videos I...
Hello, I have been looking for a career change and was wondering if anyone here has taken the certificate program and have gotten at least an entry-level job without getting a college education. Thank you submitted by /u/Wonderluster76 [link] [comments]
Hi everyone, I am going to make this short. I am right now trying my best to get experience close to real-world red teaming, like writing write-ups for machines and explaining AD attacks, and trying to do Pro labs in HackTheBox instead of trying to get a certificate. Is it a good idea or not? I can not say what I am doing is "experience," but this is what I am doing. What do you think? submitted by /u/Civil_Hold2201 [link] [comments]
Hi everyone, We're a student team building a prototype data wiping tool . The core wiping engine is written in C (for low-level disk access and secure overwriting). The tool must also give users confidence via a tamper-proof wipe certificate that can be independently verified. Requirements: Securely erase drives (Windows/Linux/Android, including SSDs and hidden sectors). Generate wipe certificates in JSON/PDF format . Digitally sign the certificates so third parties can check authenticity...
I wrote a detailed walkthrough for the newly retired machine, Fluffy, which showcases exploiting CVE in Windows Explorer and abusing GenericAll ACE for privilege escalation and exploiting ESC16 certificate template vulnerability. https://medium.com/@SeverSerenity/htb-fluffy-machine-walkthrough-easy-hackthebox-guide-for-beginners-96703a596d54 submitted by /u/Civil_Hold2201 [link] [comments]
arXiv:2501.17089v3 Announce Type: replace Abstract: Like any digital certificate, Verifiable Credentials (VCs) require a way to revoke them in case of an error or key compromise. Existing solutions for VC revocation, most prominently Bitstring Status List, are not viable for many use cases because they may leak the issuer's activity, which in turn leaks internal business metrics. For instance, staff fluctuation through the revocation of employee IDs. We identify the protection of issuer...
A medium-severity vulnerability has been discovered in the official Kubernetes C# client, which could allow an attacker to intercept and manipulate sensitive communications. The flaw, rated 6.8 on the CVSS scale, stems from improper certificate validation logic. This weakness exposes applications using the client to Man-in-the-Middle (MiTM) attacks, potentially leading to the compromise of credentials,
arXiv:2509.10488v1 Announce Type: new Abstract: This research focuses on transforming CVEs to hands-on educational lab for cybersecurity training. The study shows the practical application of CVEs by developing containerized lab environments- Docker to simulate real-world vulnerabilities like SQL Injection, arbitrary code execution, and improper SSL certificate validation. These labs has structured tutorials, pre- and post-surveys to evaluate learning outcomes, and remediation steps.Key...
Due to the recent news of exposed teslamate applications I set myself to create a guide on how to deploy a secure instance of it for none technical experts. So far I'm able to deploy it automatically to a Oracle Cloud free tier, with a dynamic dns sync of no-ip, ssl certificate from letsencrypt, caddy with basic auth and rate limit on the login endpoints. The steps to deploy it are simple, well explained and I even put a non technical person to deploy it. From my technical standpoint I feel...
arXiv:2509.08364v1 Announce Type: new Abstract: The Domain Name System (DNS) serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out as a leading cryptographic solution. It protects against attacks (such as DNS spoofing) by establishing a chain of trust throughout the DNS nameserver hierarchy. However, DNSSEC's effectiveness is compromised...