Últimas discusiones públicas del sector Ciberseguridad en ZIWM. Explora preguntas públicas, debates entre colegas y temas profesionales locales en industrias de EE. UU. como USPS, contabilidad, construcción, salud, transporte, e-commerce, legal, bienes raíces, restaurantes y tecnología. Inicia sesión para leer publicaciones completas y participar.
tech-security
新人一上来都想学渗透,工具跑起来确实有成就感,但进公司以后发现蓝队的日志分析、资产梳理、漏洞修复推进更常见。只会扫洞不懂业务,很多报告落不了地。做安全的同行,你们带新人时会先让他学攻防思路,还是先把 Linux、网络、日志这些底子补牢?
tech-security
One review I worked on found a long list of outdated packages across several services. The first ticket basically said update everything, which sounded responsible but gave the engineering team no way to plan the work. …
tech-security
A vulnerability report can be technically correct and still go nowhere. If the developer has to guess the affected endpoint, business impact, repro steps, and safe fix, the ticket will sit behind product work until some…
tech-security
A login alert looked like normal VPN noise at first. Same user, same country, nothing dramatic. The odd part was the device fingerprint changing twice in ten minutes, then a failed MFA push from a browser we had never s…
tech-security
我做过一次内部权限收紧,刚开始想得太简单,以为把高权限账号砍掉、强制 MFA、审计日志打开就行。结果第一周就被业务追着打,因为有些服务账号被人当成自动化脚本入口用了很多年,没人登记。 后面我改了做法。先拉登录日志和 API 调用日志,看哪些账号真的在用,哪些是长期不用但权限很高。对服务账号单独梳理 owner、用途、来源 IP、token 轮换周期。能改最小权限就改最小权限,不能马上改的先放到观察名单,不要一刀切把生产任务干停。 安全…