Through authentic discovery, I have grown familiar with the presence of Cyber Commandos of the civilian variety. Some resemble militants while others are very much aligned with stereotypical hacker images.
*These commandos operate on their own volition*
The commandos may offer services that are valuable to those who have copyright material or intellectual property for some reason, or another has been put in areas of the web that are highly accessible or freely accessible to anyone. Sources are easily operated within by average computer literate or illiterate users. These commandos make it inaccessible for anyone not accessing this material through the owner’s approved method. This can result in securing cash flow to the owners and negating theft or sharing of their material. It is notable that the material owners are sometimes powerless to the distribution of their work. If it’s on the internet, then it can be shared or stolen. That is why cyber commandos are employed.
*Their Image*
The image of a Cyber Commando is very important to them, you will not find a lack of militant equipment; it can be summed up with the aesthetic of warxcore but for those of us who are not privy to such terms. The fatigues of a mercenary sums it up rather nicely and they are often equipped with such equipment. Exceptions to this rule are that some cyber commandos operate as hacktivists and that brings with it a different uniform. Their image remains important, it can be the resume or cv of the commando, a bravado borne from the operations they conduct and the clients they have.
*Why have such an image?*
This creates anonymity for the Cyber Commando and such an image can be intimidating to those whose monetary flow is disrupted by their services. Adding a layer of protection or intimidation for their clients benefit.
*Ethics*
A Cyber Commando can navigate a complex ethical landscape in their efforts to secure copyrighted intellectual property. While their mission may be justified, their methods can sometimes blur the lines between ethical and unethical behavior. For instance, they might use social media to identify and target individuals wrongfully possessing copyrighted material, employing aggressive or morally questionable techniques to neutralize these threats.
The role of a Cyber Commando often resembles that of a digital mercenary, where decisions must constantly be weighed against their personal moral compass. Balancing the need to protect intellectual property with the imperative to avoid unethical practices is a challenging aspect of their work. Ultimately, the ethical stance of a Cyber Commando is shaped by their individual values and the choices they make in the face of these dilemmas.
–
*Marketing*
Cyber Commandos market themselves on social media either through direct messaging or referrals by past clients. They can also be found in less than savory locations on the web in forums where more clear mercenary work is advertised. This service is highly sought after by content creators whose products and content are only accessible behind a pay wall
*What do they do?*
Cyber Commandos participate in a few services while skimming ethical boundaries such as getting copyrighted content off popular web resources with DCMA claims that are in place to protect us all.
Tracking down unauthorized social media profiles that depict an individual’s stolen identity. Then getting them taken down by any means to which can produce an immediate effect.
–
*Who do Cyber Commandos piss off?*
Scammers, Conman, and all-around web-based tricksters.
–
*Why use a cyber commandos service*
If you are an individual that produces social media content and content that is behind a paywall you could benefit from such services rendered by a Cyber Commando.
from being used against their interests, which is making money for the most part and this also can aid in protecting others from being catfished! By using the same content to steal from or lead on victims.
You should be aware that using a cyber commandos services can be essentially hiring a mercenary to do your bidding even though the techniques used have potential to be ethically sound; still run the risk of them committing crimes on your behalf.
*That would be Illegal* – *If you or someone you know are looking for such a service provider I cannot give you that information: these services run on the line and are often times the commando resorts to unethical social engineering or flat-out intimidation that often only comes back to hurt the client.*
–
*Cyber Commandos that conduct passive operations that produce outcomes that are legally sound and ethical are essentially a white hat with a cooler look but when any line is crossed they have now become another HaaS (hacking as a Service) thug.*
Still serious about utilizing such services or find yourself in need of them :
Reach out to your local police department and begin a case
Offer the information of your adversary to the FBI through the web crime portal >here<
Make a claim to the IC3 internet crime complaint >here<
*Keep in mind that a cyber commando is typically utilizing protections that are already available to us all please become aware of the DCMA Guidelines for further explanation* https://www.copyright.gov/dmca/
Notes from the author: I want you to understand what is asked of a SOC analyst and what they do and how they do it.**
*I hope this article can aid you in not just becoming one but a great one.*
What is the Role of a SOC Analyst in Cybersecurity?
In today’s digital landscape, cybersecurity has emerged as a paramount concern for organizations worldwide. Security Operations Center (SOC) Analysts play a pivotal role in this domain, dedicated to monitoring and safeguarding an organization’s IT infrastructure, networks, and data. Working within a Security Operations Center, these analysts address security issues at both organizational and technical levels, actively identifying, analyzing, and responding to security incidents to ensure the prompt detection and mitigation of potential threats, thereby maintaining the integrity and confidentiality of sensitive data.
Vigilance is not merely a creed but a responsibility for Security Operations Center Analysts, whose primary goal is adept identification using tools to monitor networks, systems, and applications. Any signs of unusual activity or potential security breaches serve as a call to arms, prompting analysts to delve deep and mitigate or halt such occurrences altogether. This task is facilitated by leveraging tools with scrutiny and a comprehensive understanding of cybersecurity and information technology fundamentals.
Upon identifying a threat, SOC analysts embark on an investigative journey, utilizing tools tailored to the situation to uncover threat vectors and piece together a timeline and scope of the incident. This forensic examination provides valuable insights, allowing for the implementation of enhanced defenses against future attacks.
Once an incident requiring a response is identified, SOC analysts pivot to deliver decisive action, formulating strategies to contain, mitigate damage, and neutralize the threat. Whether it involves isolating compromised systems, blocking malicious IP addresses, or deploying patches and updates, precision execution is paramount in this battle, where swiftness is crucial for effective damage mitigation.
Preserving organizational integrity and confidentiality is paramount for SOC analysts. Through promptly detecting and mitigating potential threats, they safeguard sensitive data from malicious actors. This is achieved by much of the following:
*It should be noted that this is not every single thing a SOC analyst does but it will allow anyone to understand what they do.*
The Core Responsibilities of a SOC Analyst
SOC analysts utilize a variety of security tools and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection systems (IDS), and firewalls, to uphold the organization’s security posture. By analyzing security alerts and recognizing patterns of suspicious activity, they leverage their expertise to assess the severity and potential impact of security incidents. Staying updated on the latest cybersecurity threats and trends, SOC analysts contribute to both proactive and reactive defense strategies of their organization.
Some things you will be asked to do as a SOC analyst: Monitoring and Detection: Continuously monitoring network traffic and system logs to detect security threats.
Incident Response: Quickly responding to security incidents, conducting thorough investigations, and implementing effective solutions.
Compliance: Ensuring that the organization’s security measures comply with relevant regulations and standards.
Documentation: Assisting with building, auditing, and documenting secure IT infrastructures.
SOC analysts must possess strong analytical and problem-solving skills, enabling them to investigate incidents thoroughly and recommend effective solutions. They also need a comprehensive understanding of networking concepts, operating systems, and cybersecurity principles. Proficiency with security tools and technologies such as firewalls, SIEM, IDS/IPS, and antivirus software is essential. Awareness of common cyber threats, attack vectors, and mitigation strategies further enhances their ability to protect the organization.
Technical skills developed and tools used while being SOC analyst include:
Networking and Protocols: Excellent knowledge of TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, and HTTP protocols.
Security Solutions: In-depth understanding of technical security solutions like firewalls, SIEM, NIDS/NIPS/HIDS/HIPS, AVs, DLP, and proxies.
Threat Analysis: Ability to analyze and respond to undisclosed software and hardware vulnerabilities, and investigate, document, and report on emerging trends.
Scripting Languages: Proficiency in scripting languages, particularly Microsoft PowerShell, to automate tasks and improve efficiency.
Digital Forensics: Using such tools as Autopsy, EnCase Forensic, Sleuth Kit, Volatility, Wireshark, Splunk, Endpoint Security just to name a few.
Compliance and Regulatory Bodies
Compliance and regulatory knowledge are standards in cybersecurity being set by local, state, federal and otherwise for us to follow. Being a Security Operations Center analyst does not exempt anyone from such standards, in fact you supposed to be an expert when it comes to such things.
SOC analysts play a crucial role in ensuring that their organization’s security measures comply with various standards and frameworks. This can be called compliance and regulatory knowledge.
I will go over a few with only brief descriptions below:
FedRAMP: Federal Risk and Authorization Management Program.
NIST 800-53: National Institute of Standards and Technology’s guidelines for security controls.
ISO/IEC 27001: International standard for information security management.
GDPR, HIPAA, PCI-DSS, SOX: Compliance with regulations like the General Data Protection Regulation, Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standard, and Sarbanes-Oxley Act.
By understanding and adhering to these standards, SOC analysts help organizations maintain a strong security posture and avoid potential fines and legal issues.
Certifications
Certifications sought out by SOC analyst employers and themselves. As a SOC analyst it should be a goal to expand and test your knowledge in cybersecurity. Certifications are a topic for a whole article, but they should be on the horizon for a cybersecurity professional at the very least. While not always mandatory, certifications can significantly enhance a SOC analyst’s qualifications and credibility. Preferred certifications include:
Experience with SIEM and SOAR platforms, preferably Splunk or Google, is highly valued, along with a strong foundation in scripting languages like Microsoft PowerShell.
Cybersecurity Initiatives and Continuous Learning
SOC analysts are also key contributors to broader cybersecurity initiatives within their organizations. Their roles often involve:
Information Assurance: Ensuring that information systems are protected against unauthorized access and other threats.
Network Security: Implementing measures to secure network infrastructure and prevent data breaches.
Data Analytics and Machine Learning: Using advanced analytics and machine learning techniques to detect anomalies and predict potential security threats.
Cyber Response: Developing and executing response plans to mitigate the impact of security incidents.
Continuous learning is essential for SOC analysts to stay ahead of emerging threats and evolving technologies. Participating in training sessions, attending cybersecurity conferences, and obtaining advanced certifications are vital for maintaining their expertise.
Being a member of a Team
SOC analysts are commonly utilized in team settings as a need for them to be available to provide 24/7 coverage of a system is again common. Workload distribution is also important as this role is if you haven’t realized, extensive and can be far too cumbersome for an individual to perform.
SOC Analysts the Guardians of Cyberspace
SOC analysts are the frontline defenders of an organization’s cybersecurity framework. Their expertise in monitoring, detecting, analyzing, and responding to cybersecurity threats is indispensable in today’s digital world. By staying updated on the latest threats and continuously improving security measures, SOC analysts help organizations maintain a robust defense against cyber-attacks. Their role is not just technical but also strategic, ensuring that security policies comply with evolving regulations and standards, ultimately protecting the organization’s valuable data and infrastructure.
Youtube resource mention
A great resource on YouTube is a channel named Cyber Platter. There are extensive videos to prepare for SOC-related interviews and certifications: Cyber Platter YouTube Channel.
Even More Resources!
Join Tier 1 at LetsGoIT Patreon to gain access to the LetsGoIT Discord where you will have access to a wealth of learning materials tailored to illuminate the essentials and commonly used tools in various cybersecurity job roles. Visit LetsGoIT Patreon to join and delve into the resources available.
There seems to be a significant disconnect between aspiring cybersecurity individuals and students regarding landing or knowing one’s own future career opportunities. With cybersecurity being such a large industry that needs to fill job roles, I think this will help illuminate what it means to be a professional in this industry and help those unaware of the targets they are trying to hit for the role they are pursuing.
There is no reason for someone who is educated or possesses certifications in cybersecurity to be lost or at wits’ end about which job roles to apply to or what those job roles entail.
Also, there is a lot here, but this is not all of them! There are specialized units within the government that perform associated cybersecurity objectives that are not listed or out of your reach.
The document below is intended to aid those who feel that ever so common imposter syndrome that so many cybersecurity and IT professionals experience. If you are aware of what is required and you have those disciplines conquered, then there is no argument that you are qualified and have obtained that title.
OSINT defined ↪ OSINT stands for Open-Source Intelligence. It refers to the process of collecting and analyzing information from publicly available sources to gather insights and intelligence. Open-source refers to information that is accessible to the public and not classified or confidential. OSINT includes data from sources such as websites, social media, public records, news articles, and more.
To conduct an OSINT task effectively, we must take on the role of a Detective with no leads and information about the perp or crime that has been perpetrated. The detective in us will need to rely on open-source information throughout the internet. Depending on the investigation operation’s severity level, paid lookup sites can be viable options. Sometimes, this information is granted without the need for such services.
If the given evidence, that we must analyze is a photo, we must look at the unique items within that photo deciphering clothing, location, identities, careers held by those identities, the year of makes of items in the photo, and sometimes even deciphering the species of trees. Can play a role in deciphering the location. Knowing the small details of something can serve to decipher the whole situation within a photo.
But where can you find such information with the aid of the internet?
Some tools, such as search engines, are obvious, and then some tools are more obscured and used by investigation professionals some of which will be mentioned later.
OSINT is more used by professionals volunteering their time to aid in discovery. This discovery can be a huge asset in solving crimes, disappearances, and kidnappings.
OSINT is a valuable skill for IT researchers and law enforcement.
I will briefly share a methodology that can serve you and your deciphering efforts when it comes to photos. It would help if you allowed yourself to develop your own methodology for these tasks.
One of the First steps we must take is to exhaust well-known search tools extensively.
After which, we must look into open-source tools available online for those with OSINT tasks
At this time, you should have some ideas of what the items are in your photo.
Many CTFs (Capture The Flag) utilize this category to aid those of us who want to learn more about OSINTs. One such site serves as a way to find those CTF sites it is the following:
Suppose you would like to Aid in the OSINT efforts of official FBI investigations; you can do so here. If you feel as your deciphering is correct, this is a Reddit that you can serve in an official capacity. It is not for the weak or faint-hearted.
This is going to be brief as the sheer amount of training to become a cyber security specialist is overwhelming and can be filled with deceptive language that will promise a career in a specialized field filled with specialists. They commonly have over 10 to 20 years of experience through the military, where a person can be asked to apply cyber security skills daily. This field also has aspiring CTOs & CISOs from Fortune 500 companies that want to play a more supervisory/managerial role in cyber security. Training can benefit them faster than it can an average person with no technology work experience, but that is not to say with the right amount of time and discipline, one cannot succeed in cyber security without a military background or an officer boardroom position in IT or related field with the right amount of time.
With the right amount of time being in of itself a huge obstacle, if surmounted one can better be enabled to learn standardized practices. That enables a business or person to be excellent in the applied utilities of cybersecurity.
Here’s a brief list of industry-standard teaching resources available to the public:
The above can serve to enhance and build upon a foundation of understanding Cyber Security.
There are a lot of places online that discuss at a professional level how cybersecurity methods are implemented every day. Still, without the ideal foundational training to go along with standard teaching resources, you can be missing and wasting that “right amount of time” you will need to learn any worthwhile concept.
Here are two great examples of professionally developed resources, that take a more tactile approach to teaching (in the sense your keyboard will be used at a greater rate).
A cybersecurity expert must be aware that there are a lot of cybersecurity experts, and these cybersecurity experts are more than willing to teach for a price. The resources I have mentioned are justifiable in the prices they set for the learning objectives they make you meet. Institutions of learning are becoming more “wise” to develop curricula that are attractive for anyone aspiring to be a cybersecurity specialist; these curriculums may not encompass every single thing a cybersecurity professional needs to know, as the traditional amount of credit hours may not be sufficient to provide these numerous skills that need to be developed or meet a standard. It is a daunting task, and that is why there are so many resources available for someone who wants to pursue this industry.
There should always be a few questions that need to be answered before taking a course. You believe can enhance your foundational knowledge of cybersecurity and information technology.
These questions are:
What reputation does this resource possess?
Does a cybersecurity professional deliver this training?
Is this the specialized training I need to perform my desired job?
Is the training resource updated to reflect the latest cybersecurity developments?
Is there a cost, and is it justifiable in perpetuity?
You must develop your own questions so you can get the most out of these courses, resources, and institutions. You must answer them before you agree to or participate in any training. Many people are blinded by the perceived success of the future through unvalidated training resources and institutions. That may or may not allow a person to be attractive to an employer or have the correct deliverables when they are complete with their training.
Cyber security encompasses many avenues of approach for information technology in general, so if a resource is promising that you will become a cyber security professional through their course, it is a bold and hard-to-achieve objective. Still, with the right mentorship, challenges, and amount of time, you can have the same skills a cyber security practitioner uses every day, making yourself situationally aware while using the internet. Allow yourself to practice clean cyber hygiene and develop safeguarded hardware and software practices that are not only shareable and teachable but also provide safety. To those around you, and has the possibility to allow yourself a more attractive opportunity in the job market.
I would like to include for those with inquisitive minds that https://academy.hackthebox.com/ has an excellent learning module named Learning Process that provides great insight into the vastness of cybersecurity information and how to ingest that information meaningfully.
I expressed to my professor a couple of months ago that Red team efforts are attractive, so I have yet to look too much into efficient Blue team technical measures. He said, “Anyone can hack something given enough time,” this immediately reset how I viewed the matter, and I was hard-pressed into a challenging endeavor of preventing educated malicious actors.
so I wanted to share the following:
Understanding Blue Team Hackers- The Unsung Heroes
In the dynamic world of cybersecurity, the focus is often on the offensive, the Red Team, seeking vulnerabilities and breaching systems. However, the lesser-known champions, the Blue Team, play an equally critical role in safeguarding digital landscapes.
Blue Team hackers are the defenders, the guardians of networks and data. They work tirelessly to fortify systems, constantly analyzing, monitoring, and preempting potential threats. Their arsenal includes various tools and techniques to prevent, detect, and respond to cyber-attacks.
Their responsibilities encompass configuring firewalls, setting up intrusion detection systems, implementing robust security protocols, and swiftly neutralizing breaches. They meticulously study attack patterns, leverage threat intelligence, and collaborate with their peers to enhance the security posture of their organizations.
What distinguishes Blue Team hackers is their proactive stance. They don’t just react to incidents; they anticipate and prepare for potential threats. Their commitment to staying updated on the latest trends in cybersecurity is unwavering, ensuring they are equipped to counter the evolving tactics of malicious actors.
Despite the spotlight often shining on their Red Team counterparts, the significance of the Blue Team in maintaining the integrity and safety of digital infrastructures cannot be overstated. Their silent vigilance and dedication are the unsung heroes of the cybersecurity realm, working diligently to keep systems secure in an increasingly complex and challenging digital landscape.
I thought this could help those who thought such as I did. That Red team was the end all be all, the only thing to work towards for success. Oh, how wrong and naive I was.
Real life cyber crimes happen on a daily basis. This isn’t a post that is tailored to scare individuals or companies from having a presence on the web. It has the intention to educate, those of us who are uninformed when it comes to Cybersecurity.
Whether or not you know the difference between Black Hats and White Hats or hackers and crackers. You must understand you cannot underestimate the knowledge a person holds going off of what, they title themselves as.
The ability to cause mayhem through theft and shutting down web applications may not have a big enough barrier to entry for those who find it valuable and not of consequence.
The absolute amount of boot camps and instructional videos granted to the population at large is staggering. The nature of these two resources enables those with no background or academic history. To learn malicious skills which would traditionally be taught through higher education for combating against them. This is not to say that all persons who seek out a bootcamp or use Instructional videos in Cybersecurity are of bad character but it is to say the ability to weaponize these resources for personal gain is troubling.
We have seen through public fear or being overcautious of the unknown, cause incorrect circumstances befall on those that would have otherwise gone about their day as usual. One case comes to mind that made national headlines in September 2015 where a young boy was arrested for being in possession of a disassembled digital clock, the link is below if you are interested in the full story. This fear of the unknown only requires knowledge to combat against.
Fear is also a tool which can be wielded by bad actors or hackers, that also can be found with a short search. How to effectively produce whatever the bad actor aims for. This is also another reason why knowledge of these sophisticated manipulations can be important to combat against bad actors.
Cybersecurity is not only through the web, the pursuit to steal information can be conducted offline. Use of physical means to break into a system is a cybercrime. The selling or procurement of illegal items through the web is also a cybercrime. The reality of combating against bad actors with cybersecurity is knowledge.
LetsGoIT 