Fox'Say! Posts - Cyber Info

Fox'Say!

•Created by Fox'Say! on 8/9/2023 in #❓︱support-requests

Snort Struggles: How to detect the FTP service name?

I am muddling through learning Snort and feeling a bit daft. I'm trying to write a rule that allows me to detect the FTP service name used in a .pcap. I analyzed the .pcap with sudo snort -c local.rules -A full -l . -r ftp-png-gif.pcap I looked up some ways to find the ftp service name and I found a few like sudo snort -r snort.log.1671731339 -X -n 10 which would probably do the trick, but I'm not sure why. I get that -X has something do the preprocessor, but I'm not sure why this outputs anything with FTP, or how to find where the FTP service name is in the output.

3 replies

CICyber Info

•Created by Fox'Say! on 7/24/2023 in #❓︱support-requests

OSI Model Layers Question

So I mostly get the OSI model I understand the basics of, for isntance, FTP, HTTP, DNS, TCP/IP, etc. - but I notice that if I'm asked "what layer is *abc *in based on xyz" I'm struggling to place it accurately. I wanted to ask if anyone could recommend a resource on this specific area of the OSI model. I should be fine but I want to fill in the gap.

5 replies

CICyber Info

•Created by Fox'Say! on 7/12/2023 in #❓︱support-requests

What are these Linux Commands doing?

8 replies

CICyber Info

•Created by Fox'Say! on 5/30/2023 in #❓︱support-requests

What do I need to do to land a job in an SOC as a relative beginner?

I want to work in an SOC. Until recently, I was a physical "SOC Analyst" for a Fortune 50 company. My department was odd in that we looked for physical threats to assets rather than cyber threats, and now I'm looking to bridge the gap between that and normal SOC skills and break into the cybersecurity/typical SOC field. I have the smallest touch of coding experience - I understand all of the logic and basic types of functions at least - and a decent degree of IT & troubleshooting, and have security experience. After doing some exploring, I've learned: - Blue team is what we call the "defense" team. I think this is the side I'm looking to join. - I need to know EVERYTHING about DNS. - I should be able to read logs. - I need to work on home labs at a minimum and possibly certs as well to demonstrate competency at an entry level My immediate questions are mostly focused on how/where can I learn these skills (or any other necessary skills I missed): - Is there anything else that I need to do to get an SOC job? - Where's the best place to learn? Are there any "roadmap to SOC" type courses or guides? I'm a little intimidated. (sorry this took so long @weet! I wanted to read up a bit so I knew what to ask)

22 replies