Hi James, That's really interesting. If you come to one of the meetings soon we should chat about it.
I find cyber security interesting, and maybe will start my career in it. There are too many things I find interesting XD. Hamish On 01/10/18 11:59, James Blake wrote: > I’m not a penetration tester, although I did do that for a while but I was > more on the social engineering side (which often requires some form of > delivery mechanism and payload for the mark to execute). > > I now a manager of a bliue team capabilities (detection using correlation, > analytics and hunt; cyber threat intelligence collection, analysis and > dissemination; triage and investigation; and often a but of digital forensics > and incident response. My team have been involved in doing this for about 25 > of the FORTUNE 100 organisations - don’t know if this mailing list gets > publicly archived so I can’t say who. > > In order to be a good blue teamer, you need to understand the attack vectors, > methodologies and motivations of the (red) attacker - hence knowing how to do > stuff like this. If you’re interested in knowing how to conduct a good > pentest the Penetration Testing Execution Standard (PTES) is a good resource; > to learn about the attack vectors, you can’t go wrong with the MITRE ATT&CK > Framework; and, finally, one of the most respected exams in this area is the > Offensive Security Certified Professional (OSCP) which is from the makers of > the Kali Linux penetration testing distribution - be warned, the training is > only a starting point for what you need to know so if you sign up for their > 90 days lab and access to training, you’ll go down lots of rabbit holes > around learning assembly, reverse engineering, etc to an extent you’ll need > to read a couple of books on each topic to do well in the 24 hour hands on > exam (with another 24 hours to finalise and submit the report). > > If anyone is considering a career in cyber security and I’m not abroad (which > is why I can’t attend many of the meetings) I’m happy to share any advice. > > Regards > > > James > > > >> On 1 Oct 2018, at 10:39, Ralph Corderoy <ra...@inputplus.co.uk> wrote: >> >> Hi James, >> >>> You can always write a script in Python using scapy to spam ARP >>> broadcasts with the IP address associated to the MAC you want. Most >>> network stacks will blindly take this and throw out the one they have >>> cached. >> nping(1) should also be able to put fake ARP replies onto the wire for >> those that want to play at home. >> http://declinesystems.blogspot.com/2012/07/man-in-middle-with-nping.html >> >> Cheers, Ralph. >> >> -- >> Next meeting at *new* venue: Bournemouth, Tuesday, 2018-10-02 20:00 >> Check if you're replying to the list or the author >> Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ >> New thread, don't hijack: mailto:dorset@mailman.lug.org.uk > > -- > Next meeting at *new* venue: Bournemouth, Tuesday, 2018-10-02 20:00 > Check if you're replying to the list or the author > Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ > New thread, don't hijack: mailto:dorset@mailman.lug.org.uk -- Next meeting at *new* venue: Bournemouth, Tuesday, 2018-11-06 20:00 Check if you're replying to the list or the author Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
