What if there is a psycho there with an axe??

​@@Hid4riYou GAZA the Psycho

@@Hid4ri lol physiclly "hacked"

​@@franklinndubuisi7479who's that?

​@@franklinndubuisi7479don't get it sorry dude, I was only making a joke because in the woods you may come across a crazy person who is looking to "hack" with his axe. I'm sorry 😢

But it very well could be, who knows what they collect and store. Trust no one.

And as soon as it becomes popular it switches to a paid for model. These always go that way. Get some big security people to promote it, then flip and remove the free version and charge. Would like to see more open source stuff and not promo stuff.

exactly what i thought.

​@@TheStevenWhitingthat's exactly what I also want

​@@TheStevenWhitingCybersecurity used to be a place for computer nerds, now it's filled with Machiavellian sell outs trying to make a quick buck. But if you really care about a project like this being open source, then you should start the project yourself. If it gets enough momentum, I'd probably do bug bounties for it as volunteer work.

Probably holding that CTRL key too long when hyperactive scrolling through windows. :D

You can prolly make a rule to detect the rules manipulations I guess

There are two psychology thought experiments to try on prospective employees, one is the Gift Scenario, and the other is the Meadow Scenario. But the bottom line is, threats not perceived or expected result in different behaviour than otherwise. Good perception, leads to mitigating behaviour, before threat vectors resolve. All intelligence assets undergo such training, perhaps IT security personnel should also be taught to think in similar ways. Expect threats, when there are none. Just because none is detected, does not mean it is not there. This also applies to industrial maintenance, inspection, police work, intelligence, public works, and actuarial work.

Focus on your company that already have, or in budget.

Choosing the right security tool can indeed be overwhelming, especially with such a diverse landscape! Understanding the differences between EDR, SIEM, SOAR, and specific tools like the ones you mentioned is crucial for making an informed decision. Let's break it down: Types of Tools: EDR (Endpoint Detection and Response): These tools focus on protecting endpoints (laptops, servers) from malware, exploits, and intrusions. They monitor endpoint activity, detect anomalies, and enable incident response. Examples: Crowdstrike Falcon Insight, McAfee Endpoint Security, SentinelOne. SIEM (Security Information and Event Management): SIEM tools aggregate security data from various sources (firewalls, logs, servers) to provide a unified view of security events. They help with log analysis, threat detection, and compliance. Examples: Splunk, ArcSight, LogRhythm. SOAR (Security Orchestration, Automation and Response): SOAR tools automate repetitive security tasks like incident ticketing, remediation workflows, and playbook execution. They integrate with other security tools to streamline incident response. Examples: Demisto, Palo Alto Cortex XSOAR, Rapid7 Nexpose. Understanding the Differences: EDR is focused on endpoints, while SIEM has a broader scope, covering all security data. SIEM provides visibility, while EDR offers deeper analysis and response capabilities for endpoints. SOAR automates tasks based on SIEM and EDR data, streamlining incident response. Choosing the Right Tool: Consider your needs: What are your main security concerns? Do you need endpoint protection, centralized event management, or automated response? Evaluate your budget: Tools vary in pricing and complexity. Choose one that fits your budget and skillset. Start small: Don't try to implement everything at once. Begin with a core tool (e.g., EDR for endpoint protection) and expand later. Research and compare: Look for independent reviews, test demos, and compare features before making a decision. Specific Tools: Splunk: SIEM platform with advanced analytics and reporting capabilities. Aurora: Open-source SIEM platform known for its flexibility and customization. Corelight: Open-source network traffic analysis tool for intrusion detection. Zeek: Another open-source network traffic analysis tool with strong threat detection capabilities. MS Sentinel: Cloud-based SIEM and SOAR solution from Microsoft. Snort: Open-source network intrusion detection and prevention system. Wireshark: Network traffic analyzer for troubleshooting and security investigations. Datadog: Cloud-based monitoring platform with security features. Graylog: Open-source SIEM platform with a user-friendly interface. Security Onion: Open-source security suite with various security tools. ELK Stack: Open-source stack combining Elasticsearch, Logstash, and Kibana for log analysis and visualization. LogRhythm: SIEM platform with built-in SOAR capabilities. Google Chronicle: Cloud-based SIEM and SOAR solution from Google. For beginners: Start with a free or open-source tool: Many excellent options are available like Corelight, Zeek, Security Onion, ELK Stack. Focus on learning the fundamentals: Understand the concepts of EDR, SIEM, and SOAR before diving into specific tools. Seek help from the community: Join online forums and communities to learn from other security professionals. Remember, the best tool is the one that fits your specific needs and budget. Take your time, research, and don't hesitate to ask for help.

Both question and answer was brought to you by ChatGPT 😅

@@CYBERSECURITY.101 okay, AI

how about asking yourself if you need any of them? they are for sysadmin or for a corporate segment. In that case it might be wise to use what is already purchased, installed and working. Otherwise, and especially for a private/small home network it's recommended to use standard security package included in your windows defender, like HIPS and similar utilities. If you feel it's not enough, consider enhanced protection from Eset, or Kaspersky, or Comodo, or Zonealarm, or similar

IMO I think as John's audience grows, more and more people are joining (watching) for reasons other than the "core" of his channel's message/content. From day one, his content has been on focusing on Red/Blue Team day-to-day with some videos being very technically detailed while others (his most popular, ironically) are John installing TOR and trolling the *Dark Web.* If you look at John's video catalog you can see the spectrum from Skiddie to Malware Analyst/Engineer and everything in between. Rather than people criticizing John's content for it not being "double-clicking on the .exe file and selecting Accept, Next, Next, Finish" they should challenge themselves, step up their game and possibly learn something, gain a little insight and experience.

Funnily enough that's roughly how I found John's channel 2 years ago! Now working in IT and doing a degree in Cyber Security, so it worked out ok for me.

Notifications don't mean a damn thing when you're subscribed to dozens of channels.

@@lumikarhu Not true actually, Aurora has response actions, although limited in the Lite version.

in order to be able to make a meaningful response action, the utility should be host-based

I´m from Brazil too, can you explain to me what this is all about ? I´m a completely noob

Yep

Yes Yes Yes !! Thanks for the idea, If I can manage to it (I’m ChemE not software lol) I’ll even give you cut 😂

This video isnt for the general public lol

I think John said something about "Blue Team Professionals" or aspiring Blue Team Pros? This must be your first John Hammond video...? Oh, and the CLI isn't scary once you've worked with it for a while, give it a shot.

Funny how i lived in the command line for 35 years, and people today are just discovering it. Thank God for gui's, eh? 😂

@@OGMann wow you are so cool. You want a medal?

@@wooshbait36 we'd be just fine without one if you'd kindly step off the lawn.

With Windows 10 and above you'd have to start with zero trust, blocking both out and in, so each connection can be verified and researched. My local systems (both Linux and Windows) have run like that for more than 10 years.

indeed the most of the job is done by properly configured firewall. the rest of the job is done by properly configured HIPS utility and you might want to get an antivirus just for your convenience , to help you make a right decision secure DNS with or witthout filters to avoid phishing, other stuff like ublock origin are for a better protection and mostly for convenience

Or maybe a sandbox malware analysis VM could be a very valuable tool

It was mainly created for analysts. Scaling could be done via the --udp-target/--tcp-target flag with the events being sent to a SIEM

Man, get the premium bro

Maybe IT isn't for you then? Tech is always advancing so it's always changing, ya gotta keep up or else YOU become irrelevant.. feel me?

+ firefox with all the ads included, and no indication of ublock origin, no script and other useful extensions or hardening EULA? nah, just click check box and continue, "Johnh" looks like an everyday-used admin account

Specially when its this guy saying that stuff

@@Sloptit Yeah. It's a product push. TRUST ME I AM- . No one's taking that away from him but come on this is an advertisement video. No you can't have my data.

Pretty much the same vibes here, especially when delivered by some guy who feels like he is on uppers or speed. I learned in my work to never fully trust people with that kind of energy.

@@KieSeyHow Yeah

its literally John Hammond. Dudes a legend. You must not be in the CyberSecurity field lol. @@KieSeyHow

No matter how thoroughly you "clean" it you won't ever be 110% sure,. So it's ALWAYS best to wipe it and clean install an OS on it. PEACE

That is a way, but these days you can use a hyper efficient client for that, running from read-only storage on an IP-less system.

Kudos... that one -ed right over my head