The Secure Soapbox

Already almost Thanksgiving? Let's start thinking about 2025 from a potential attacker's perspective. See what we think is 3 areas attackers will pivot further towards next year in our debut article: securesoapbox.com/?p=20

New landing page and we've begun work on our Learn platform by deploying our first track "Jobs In Cyber"! Check it out! epicdetect.io #cybersecurity #startup #cyber

Made a video recently that should be the last one you ever need to watch for learning Python. Tired of tons of influencers giving BS recommendations. youtube.com/watch?v=vhTP4_…

Hi I'm a red teamer working with Terraform, welcome to Jackass.

Surely my posts get more than 1 like now

@lauriewired But it also does silly things like betraying trust by rendering PUNICODE domains (xn- and such) in a pretty friendly format. Target company is all letters that exist in Cyrillic? Easy target 😏

Your browser uses a psychological trick to prevent phishing attempts, and you (probably) never noticed. Look at your address bar. Notice the main domain is in black, and the rest is a much lighter grey. It's called the Salience Bias, and UI designers have used it for decades.

@_RastaMouse But the payload generator had cool ASCII art and an ominous Latin phrase to come with it :(

@BowTiedCyber That portfolio should also be a mix of a blog or a GitHub. Nothing is nicer to see than when recruiting for there to be a few repos with some nice stuff on it. Literally anything shows effort and willingness to learn

The Cybersecurity Career Roadmap Certs: • Network+ • Security+ Skills: • Linux • Python • Traffic Analysis Strategy: • ePortfolio • 1 Page Resume • 1k Job Apps Do it right and you can get to $90k in 90 days. Not even an edge case. Happens all the time.

Hello, Some nerd messaged us saying their dog has spleen cancer and is asking for donations for medical care. Please consider donating to doggie. Also, note it is donation protected so if you think it's sketchy you can get a refund. gofundme.com/f/help-save-my…

@vxunderground Dog agenda smh think of the CATS

@mrioszbo What's worse is guys that can't even bench 1 plate 🤣

Unpopular opinion: every man should be able to squat 3 plates regardless of his weight. If you think it’s unrealistic look up 50kg Chinese weightlifter girls front squatting 150kg

@vxunderground @vxdb I will wear it to the corpo office

Hi, we're on giveaway number ??? Thanks to @vxdb and 3kh0, we're giving away $220 worth of vx-underground merch (mini shopping spree?) - Winners will be selected randomly in the next 24 hours. - We will DM winners. - If you do not confirm your win in 24 hours a new winner will be selected - If your DMs are closed, you automatically forfeit your prize See subsequent tweet for merch store information

@IceSolst Like most of security the money is in the experts - tons of people are at the entrylevel bottleneck they'll give up before they progress Those that keep-on keepin'-on though will reap the rewards

I know someone who submitted multiple $50k bugs to a triple-A MMO game, was basically making $200k a year for consecutive years from it. The secret: he had his own custom tooling to proxy the game’s communications and handle the custom protocol. Meanwhile the gaming company’s security team did not have anything similar. His write ups were also high quality: he put in a lot of effort to document exactly what went wrong and how, and included a lot of evidence + videos, which removed any doubt of the report being a false positive. Bug bounty can be lucrative, but it takes a LOT of effort.

This is your reminder that you should be studying for your next IT certification.

Chinese hackers use Visual Studio Code tunnels for remote access - @billtoulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

The best time to do something about your digital privacy was 20 years ago. The second best time is now.

Your first programming language shapes they way you solve problems. Really interesting read.

@lauriewired kill -9 $RANDOM

Do you really need a college degree for a job in #cybersecurity? Check out this blog post we just pushed out for a 2 minute read securesoapbox.com/do-you-need-a-…

@vxunderground lol it says "dedicated denial of service" and not "distributed denial of service"

We're absolutely cooked

If I see one more cyber security analyst that doesn't understand subnetting I'm gonna flip