Search Results

Neurocracked From the case files of Sam Laurie Lin’s messages stopped two days ago. That alone would’ve been enough to worry me. But her last one didn’t just end the conversation - it detonated it. It came through a forgotten relay node, buried deep in a deprecated meshnet. Obsolete, officially. But someone had reactivated it. Just once. Attached was a single line of text and an image. The text looked like a URL - except it ended in something strange: .onion I didn’t recognize it at first. But after some frantic searching, I learned what it was. A .onion address. Part of the Tor Network - The Onion Router. Built for anonymity. Used to access hidden services that don’t exist on the surface web. Something was wrong. Lin wasn’t just sending encrypted logs or damaged firmware anymore. She was hiding. And whatever she found forced her to use the darkest corner of the net to say goodbye. The address she sent was: http://pyca343i5lyw6wthtr47dypeh5vq6sktrfwbenqge262vjgpwzbzobad.onion Along with it… an image. I froze when I saw it. Neurocracked. Not because of what it showed, but because of how  it showed it. The symbols - arranged like a puzzle. Familiar. Angular. Ancient. It was a Pigpen Cipher . Freemason code. The kind only used by people trying to bury secrets in plain sight. I stayed up all night coding a Pigpen decoder. Once I had the translation, I cross-referenced it with the .onion address, and fed both into an off-grid VPN sandbox running a hardened Tor client. What I found wasn’t a forum. It wasn’t rebels or rogue coders. It was a marketplace . But not for drugs. Not for weapons. For minds. Welcome to Cerberus Hive The interface was too clean. Too smooth. No broken links, no spam. Welcome, Subscriber. Initiating Session…LICENSED ACCESS KEY ACCEPTED BrainOS ™ Retainer Suite 3.5 :: Synaptic Lease Manager Synaptic Lease. As in: renting out your thoughts. This wasn’t a piracy hub. This was a customer portal. For something far more organized than a hacking group. They were running BrainOS-as-a-Service. A black-market platform offering remote exploits  for compromised brain implants. Subscription plans let you choose your level of control: Tier 1: Emotional nudges. Tier 2: Decision overrides. Tier 3: Full cognitive command—with rollback. All automated. All legal-proof. All monetized. They called the feature: Echo Control. And it was live . Their FAQ bragged about 2.1 million active deployments. I skimmed the reviews: “Used it during my merger negotiation. Subject signed. No resistance. 10/10.” “Tried the empathy patch trigger on a therapist. Beautiful. She cried, then forgot everything.” They weren’t hackers. They were venture criminals . They'd monetized mind control like a startup. Worse Than We Thought Cerberus Hive wasn’t even writing the malware themselves anymore. They’d partnered with third-party training vendors . Unsanctioned. Desperate. The kind who still had backdoor access to BrainOS™ module repositories via pirated access tokens. Cerberus paid affiliates to embed their exploit framework into education modules. They called it “payload-as-a-plugin.” You embed their code in a learning module, ship it to civilians, and collect a percentage when they’re hijacked. It was a  multi-level marketing for mind control . ... and why would Lin use a Freemason cipher? CTF CHALLENGE 004: THE MARKETPLACE You’ve recovered the hidden .onion address to the Cerberus Hive marketplace. Your mission: Connect to the address and find the MD5 hash flag. You may use: Getting started with the darkweb Pigpen Decoder Submit your flag as: CTF{MD5_HASH}

The good old days when things weren't so complicated, chatters just ignored things instead of getting upset. Getting your foot in the door with cybersecurity is challenging, especially now. You may be just graduating from college, or a veteran transitioning to the private sector, or you’ve worked in other areas of IT, or maybe you’re just self-taught. There's a lot to be learned about cybersecurity hiring. I’ve written and published books on this topic, and here, I will try to be brief. The first thing to know is what jobs in cybersecurity are considered entry-level. The answer is complicated. If you’re coming from other areas of IT, then you may already have overlapping experience in one of the domains in cybersecurity that you could pivot into. If you have worked in intelligence or cyber ops in the military, you will have more options available. But suppose you’re self-taught or fresh out of college and looking for your first professional job. In that case, there is only one clear winner: the Security Operations Center Analyst (SOC analyst). So let's break down the SOC analyst role and why it is a good starting point. When companies embrace the need for cybersecurity, it usually begins with the Security Operations Center, or SOC for short. The SOC is responsible for triage, investigation, and response to cybersecurity incidents. This concept is not new. Military and law enforcement agencies have used  Tactical Operations Centers to coordinate conflicts for decades. Like the TOC, the SOC serves as the command and control hub for first responders to cybersecurity incidents. Definition: A cybersecurity incident is an adverse network event in an information system or network or the threat of the occurrence of such an event according to the SANS institute. This article aims to prepare you to become a SOC analyst. Whether you wish to join one of the many specialties of cybersecurity or work your way up to management, the SOC analyst profession has the lowest barrier to entry for cybersecurity. Becoming a SOC analyst is an excellent strategic position to get your start in the industry. When staffing a SOC, hiring managers continuously face a few challenges. The most prevalent of those challenges is the SOC's revolving door. After a SOC manager is hired for an open position, it takes several months to train the new analyst.  Once training is complete, retention becomes a problem as SOC analysts begin to want more after they become comfortable in their position. They want that coveted six-figure mark. One of the most common upward paths is becoming a senior SOC analyst. The “senior” title comes with better pay and additional responsibilities, such as mentoring the junior analysts who join the SOC. Senior SOC analysts also handle more complicated work, as junior analysts will escalate challenging items to their seniors to resolve. Being in this position allows an analyst to become more technical and will enable them to learn how to train and mentor others. This role is an excellent way to become a SOC manager, grooming them for their next leadership role in the SOC. The senior SOC analyst pays over six figures almost everywhere in the United States. Becoming a Senior SOC Analyst usually takes 1-2 years after becoming a SOC analyst. As a new SOC analyst, set stretch goals for yourself to reach this milestone. However, that leaves the hiring manager with your spot open again! Another problem that SOC managers struggle with is burnout or alert fatigue. An example of this could be when analysts investigate so many alerts that something important is overlooked or “lost in the noise.” SOC analysts usually work in shifts with 10—or 12-hour days, sometimes evening and overnight shifts, and at some point, the task might seem fatiguing.  It’s easy to get complacent when the work becomes second nature and can get monotonous. Most everyone in an SOC is brilliant and constantly needs to be challenged. The third challenge that SOC managers face is that the SOC is a 24/7/365 operation, which means they need coverage outside regular business hours and on holidays. Many international companies utilize the “follow the sun” SOC model. That is when companies build three SOCs in different geographical locations for 24-hour coverage. Typically, companies will have a SOC in the United States, a second in Singapore or Australia, and a third in India or Europe. However, there are use cases where companies require analysts from a specific nationality to work with their data. It’s especially true in staffing a Managed Security Services Provider (MSSP). Figure 1–2: Follow the Sun Model: US/India/Singapore Hiring for early morning and overnight shifts is not an easy task, and the people who fill them don’t stay for long before wanting to move to regular business hours. Tyler’s first security job was working as a second-shift analyst in a SOC at an MSSP. He was in a life position where it worked well for him. He had a base salary and was offered a small shift differential for the second shift. He was freshly out of college, and who needed to wake up before noon anyway? He credits his career to making that sacrifice because it gave him invaluable experience that still serves him today. He decided to take his expertise and run after only a year. It was a hard decision because it was a great company, but he couldn’t wait for a day shift to open up. The night hours started to take a toll. It is nobody’s fault, but it is another challenge of the SOC revolving door. Now that you know the challenges of hiring and retaining SOC analysts and why the position frequently opens up, let’s discuss what hiring managers are looking for in an SOC analyst. Four areas make a well-rounded SOC analyst. High-Level Concepts Hard Technical Skills Business Acumen Culture Fit High-Level Concepts Everyone should know the high-level concepts for cybersecurity experts and anyone in a professional capacity. What are things like the separation of duties, the least privilege, and the CIA triad? These are fundamentals in cybersecurity, and the best place to learn is CompTIA’s Security+ Certification. It is long-standing and well-regarded as the  minimum standard for entry-level cybersecurity. It should be very structured, and maybe even boring for high-level concepts, as it's the same information we all get and know (and repeat). Any one of Udemy’s courses for Security+ would be a good start. I wrote an introductory to SOC Analyst Prerequisite Skills that serve as fundamentals for what you need to know as a SOC Analyst, the gateway to cybersecurity. Hard Technical Skills Hard technical skills are harder to come by. It's all about projects, projects, projects. They don’t all have to be boring. I have three SOC Analyst Projects inside the course, SOC Analyst NOW!, that are fun and practical. They are extremely popular in all circles, including LinkedIn. Since everything is moving to the cloud and having cloud exposure is very advantageous, I created a fun project for you to do in the cloud in this free article. Pair this with the SOC Analyst Method found in JYSAC and practice security analysis. Business Acumen Cybersecurity is a glorious customer service job. Customer service is a massive part of the job. Knowing how to say bad things in a good way will be an essential part of your job. That's where framing comes in. There is a wide variety of cybersecurity tasks. Because all security-related tasks are essential, they must be prioritized appropriately on a case-by-case basis. Determining which elements are crucial now can be difficult without understanding the business as a whole. In an SOC queue, a big part of someone’s job is prioritizing the work for you, but as you become more senior, that will become more and more a part of your own job.  I like the Eisenhower matrix for prioritizing tasks. It's simple, fast, and crazy effective. Check out this video we made. The Eisenhower Decision Matrix Most of us in cybersecurity work from home at some capacity, and it's an essential part of your career to learn how to communicate with people remotely. That is, knowing how not to isolate yourself while you are at work when you are working from home. Watch this video of ours for tips. Culture Fit Here at Cyber NOW Education, we love the SOC. We love everything about it, including this unique but strangely not unique culture that comes along with it. After spending time in the SOC, you will realize how rewarding it is to be on the front lines. There is so much action; we want you to love it like we do. Whether you lean hard left, right, or right down the middle, there are companies for you. I’ve worked on both sides of the spectrum and found hard left companies tend to rely on psychology a lot in management style, and hard right companies are more direct to your face, but make no mistake, they both are capitalistic at their very core. It's so important to find a boss you like, and it's often not until you’re there that you really find out if you’re a good culture fit. It takes practice to be a general culture fit, but after a while, you’ll catch things like this: You’ll also have a nice little chuckle when you see that FedEx's logo has an arrow for all the packages it delivers. That's what being an analyst is all about. Now you understand what makes a qualified SOC analyst. You need a mix of hard technical skills, a company with the right culture for you, some business acumen, and you need to be able to recite all of the fundamental cybersecurity concepts. Traditionally, a candidate would have a bachelor’s degree and Security+ certification before employment. Recently, the competition has gotten fiercer. There seems to be a bunch of folks wanting to make their way into cybersecurity right now, and these people are doing a lot. It's important to note that fewer companies require degrees as time goes on because fewer people who graduate from college have the skills needed to do the technical entry-level work of an SOC analyst. Developing the skills you need takes a while, and you have to practice independently. Just you, the computer, Google, a few projects, online courses, and long romantic nights alone with your keyboard. I will tell you how to do this the easy way, but it does take time. Online Courses You don’t need to spend much money on online training if you can have patience and keep an open mind. Things might be less spoon-fed to you, and there might be some mistakes in the curriculum, but it requires you to think. Hop on over to Udemy and pick out a nice Security+ course. Cybersecurity fundamentals don’t require you to be hands-on with a keyboard, so you can watch these modules independently. Before you go to bed every night, lie and watch a couple of modules. I watched it on my TV and ate dinner on a tray. A month goes by, and batta bing batta boom, you have a new certification, and it wasn’t even hard at all. Didn’t cost much either. Just takes a little persistence. Projects You do need to have significant hands-on keyboard muscle memory with a few things. Systems fundamentals is one, and networking is another. It's best if you focus these efforts in the cloud. By the time you’re getting a job in cybersecurity, infrastructure will mostly be in Amazon, Azure, or GCP - mostly Amazon and Azure for large organizations. You must spin up a few honeypots, create VMs, configure access groups, and play around with things. In the articles linked above, you can spin up two projects in the cloud, one of which is the 30m Azure Honeypot project that is super fun and relatively easy to do as an introduction. Play with it some, explore the attacks, Google around, and ask yourself questions and answer them. I want you to study the data. Use the 5-step SOC Analyst Methodology found in JYSAC and write sample tickets. If you don’t like doing this, you won’t enjoy being an SOC analyst much. Being an SOC analyst is about being curious about how things work and why they happen. Not everyone starts out with this curiosity, but it can be cultivated if you make it intentional to be investigative. You’ll probably be curious for the rest of your career and life. Curiosity will change the way you think; if you pursue it long enough, it will change your life and open up a new esoteric world of creativity. Competitions This article wouldn’t be complete if we didn’t take a minute to talk about capture-the-flag (CTF) competitions. Capture the flag has been around since the beginning, and it started with vulnerable applications and systems with a text string hidden inside them. The participant finds the text string and submits it to the judges, and they get points for every proof they’ve hacked. It started in 1996 at DEF CON, and today, it has evolved into various capture-the-flag challenges inside and outside of conferences. In fact, Tyler’s favorite challenge is the DEF CON Blue Team Village capture-the-flag, but he has competed in Ghost in the Shellcode, SANS Netwars, Holiday Hack, CSAW, and was a mentor for high schoolers for the CyberPatriot program. Tyler was never really fantastic at them, but always competed on a team, which was the fun. Most bigger conferences other than DEF CON will have their own capture-the-flag competitions. For instance, the Splunk conference, Splunk.conf, hosts a popular capture-the-flag called BOTS for Boss of the SOC, which is very challenging and popular. If you are in college, there are many student-oriented capture-the-flag competitions, and perhaps the biggest one that should be on your radar is the Collegiate Cyber Defense Competition (CCDC). Medium You need to start building a brand as a cybersecurity expert, so Medium is where you need to go to start doing it. I’m not asking you to do something I haven’t done ten years into my career. Creating a blog can be one of the most rewarding things any professional can do. Not only does Medium have a huge built-in audience of technology professionals, but teaching and writing about a topic also improve the retention of information. You’ll find out sooner or later that you lose the information if you don’t use it. Teaching something to someone else helps you retain that knowledge for longer. Choose a few topics on the SOC and cybersecurity, maybe about your latest project or something you’ve studied that you’ve found interesting, and teach them. One of your audience members might be your new manager! Please write at least two weekly articles and share them on all your social media outlets, including LinkedIn. Every time you finish a course, write about what you’ve learned. Every time you finish a project, teach others how to do it. Write about your journey to finding a SOC analyst job. And always remember to learn, do, teach to retain. A blog will establish you as someone who knows something about cybersecurity. Leave a banner at the end of every Medium article connecting to your LinkedIn profile. This way, any person interested in you can reach out and connect ! Once you have attended a few meetings and are blogging, you can build a network of like-minded community members to associate with. Make friends quickly, they are going to be vital in your career. You really can’t do cybersecurity alone with much success. Now that you’ve made it this far, you’re now qualified. How in the heck do you find a SOC analyst JOB? Where to Search for Jobs The Information Security world has embraced social media to locate and recruit top talent, with LinkedIn standing out as a clear place to start. Not only can you find job postings, but you can also get connected with headhunters and recruiters looking to find top talent. LinkedIn offers a premium subscription that can be used to find and connect with recruiters. They offer free trials of LinkedIn Premium, and I highly recommend using it when searching for a job. If your LinkedIn profile is uninteresting, you will not attract the attention you need, no matter how good your cybersecurity knowledge. Other than putting your certifications and credentials in the headline, there are a few tips to keep in mind. LinkedIn Profile Tips LinkedIn is not the only website to consolidate job postings;  Indeed  and  Monster  are worth investigating, too. Once you’ve accumulated a few technical certifications, sites like Credly.com have job boards that are looking for talented people with those certifications. Finally, you can’t go wrong by looking at the careers section of a company’s website. This will show you what open positions are available and provide you with insight into what they are looking for in an applicant. Note: Don’t be afraid to apply even if you don’t meet all of the requirements in the job posting. To quote the great Wayne Gretzky, “You miss 100% of the shots you don’t take.” Applying for Jobs I would like to explain to you how to perform a job hunt. First off, you need to get your resume together. It takes a lot of trial and error to perfect a resume, but a professional can also help you build a good one. A resume can take form in many styles, but it will have the same basic information: Resume Components Keep your resume to under three pages to prevent readers from over-skimming. The benefit of having a professional resume writing service, like our service, is that they will share a document with you and probe you with questions until they get all of the information out of you about your previous experience, and then write it in a way that is quickly and easily consumed. Once your resume is together, you can search for a job. Several job posting websites have proven successful for us; however, I have had the most success with LinkedIn. When searching for a job, I usually purchase their premium membership to see the statistics for each job I am applying for, send InMail messages to hiring managers or recruiters for a company I am interested in, and see who is looking at my profile. Also, Google has a good aggregation of jobs to search through. Using Google, you can set up and configure job alerts specifically for cybersecurity jobs. The SOC analyst position is the job that will allow you to land the easiest first step into information security. There is a revolving door in most SOCs, and the position for a SOC analyst opens frequently. The titles that you want to look for first are: SOC Analyst Job Titles If you are mobile and can move anywhere, your odds of finding a good fit quickly are better. If you live far outside of a big city, then your options may be more limited. Most SOCs require you to be on-site for security purposes. During COVID, everyone moved remote, and now more companies are returning to a hybrid work model. You’ve got your resume together now, and you know how to apply for jobs. You have a network of colleagues because you’ve been attending meetings and getting involved in the community. You’ve provided them with your resume and asked them to refer you to any open position they have, and you’ve kept in touch with them just to chit-chat. You have some projects and a blog to show your progress on your road to cybersecurity success. You have a portfolio now. Include the link to your blog on your resume so that the hiring manager invests time in you as a candidate and reads about your story and your projects. You’re likely to get an interview now. Whew, that's a lot to get an interview! So let's talk about that. Common Interview Questions The following is a list of common interview questions that might be asked during an interview for a junior SOC analyst. Some are very basic, and some are harder, but we feel that if you can answer these questions, you have the required knowledge to become a SOC analyst: What is an RFC 1918 address? Do you know them? Define a Class A, B, or C network. What are the seven phases of the cyber kill chain? What is the purpose of the Mitre ATT&CK Framework? What is the difference between TCP and UDP? What are ports 80, 443, 22, 23, 25, and 53? What is data exfiltration? What Windows protocol is commonly used for data exfiltration? Do you have a home lab? Explain it. What is AWS? Azure? Explain how you’ve used it. What is a DMZ, and why is it a common cyberattack target? The importance of having technical knowledge cannot be overstated. The above questions are straightforward, but you might be surprised to learn that seven out of ten candidates don’t know the common TCP/UDP ports used by modern services. I highly suggest using a common study guide to prepare for your interview. An example of this is the website Quizlet.com. They provide a flashcard-style learning platform for information technology certifications like Network+ or Security+. Also, Udemy has a few SOC Analyst interview question courses that you can take (I like Udemy). Despite the need for a basic understanding of information technology, that only covers half of the requirements to be a SOC analyst. An analyst should be a critical thinker and possess the acumen for problem-solving. Interviewers will usually test a candidate’s problem-solving ability with scenario-based questions. Let’s cover some scenarios I’ve seen and used to conduct interviews: “You are a tier 1 SOC analyst, monitoring the SOC inbox for user-reported incidents. The SOC receives an email from the VP of Human Resources stating they can’t access their cloud drive. The VP knows this is against company policy, but the VP is adamant that this is required for legitimate business requirements.” Do you process the access request for the VP? What is your response to the VP? Who else should you include in the reply email? “You are monitoring the SIEM dashboard for new security events. A network IDS alert is triggered, and you begin investigating. You see a large amount of network traffic over UDP port 161 originating from dozens of internal IP addresses, all with the same internal destination IP address. Some quick Googling shows that the Simple Network Management Protocol uses UDP port 161, and the byte count of the traffic is minuscule.” Do you think this is data exfiltration? If this is not data exfiltration, what legitimate services could cause this alert? What team could provide an explanation for the traffic? The first scenario exemplifies what you might be asked when applying for an entry-level analyst role, while the second is a little more advanced. Let’s go over what the interviewer is looking for. Scenario 1 is designed to identify if the applicant can be easily intimidated by senior leadership in your organization. Information security is the responsibility of all organization members; it should not be waived for the convenience of one senior leader. The larger lesson here is about making risk-based decisions. A junior analyst should never assume the risk of policy exceptions. The interviewer will ask how the applicant will respond to the VP, as it will showcase their experience with customer service. Customer service is another essential task of a SOC analyst. Whether working for an MSSP or a company's internal SOC, there will be times when interfacing with other teams will require the analyst to show a certain level of tact and professionalism. The third question helps the interviewer understand the analyst's prioritization skills. If an analyst is working with a VP, there is a high probability that there is a procedure around communicating with senior leadership within the organization. Scenario 2 tests the applicant’s critical thinking and technical knowledge while providing the interviewer insight into the applicant’s investigative reasoning. This scenario also gives insight into the most essential quality of a SOC analyst: if you don’t know the answer, admit it. The SOC team's last need is a “know-it-all”; they are dangerous and toxic to the workplace. If this article teaches you one thing, let it be this lesson. There will be questions you can’t answer, and that’s fine. The worst thing you can do is give a wrong answer with the confidence that you are 100% correct. Remember that the above scenarios are examples; each interviewer will use their own questions. The goal remains the same: to locate and select the best applicant for the position. Our goal is to assist you in becoming that applicant. The following are a few tricks and tips to help you become the “best applicant” for the position: Interview Tips And that covers it. Summary We’ve discussed the demand for SOC analysts and why that position is the best strategy for entering cybersecurity. We’ve also talked a bit about the four requirements an entry-level SOC analyst needs to have, how to acquire fundamental knowledge and hands-on technical skills, and how to interview. This is not an overnight process. It is going to take time. No one can walk into an entry-level SOC analyst job without preparing. What I am trying to say is that it' s not easy. But it is worth it. I’ve dedicated my career to helping others find their way into cybersecurity. My courses have served over 25,000 students. I have developed training materials, both paid and free, for the last decade to give back to the community that gave to me. I can’t tell you how appreciative I am to have had the people in my life that I did when I was just starting. They helped me and didn’t expect anything in return, unlike anything I have ever experienced. That is the cybersecurity community, and you’re doing yourself a disservice if you don’t get involved. There are so many communities that I am sure you’ll find your tribe. Find them. Good luck and godspeed!

Neurocracked: Diary Extract - Encrypted Transmission Sleep’s been difficult lately. I keep hearing a distorted, synthetic voice repeating numbers in my dreams. “Function 88. Redirect to Concordia.” “Syscall bind. Protocol whisper.” I woke up today with dried blood behind my left ear. I hadn’t noticed the incision before. Someone accessed my port while I was unconscious. Neurocracked. I ran a local diagnostic. Everything came back clean - but  too clean . There were no logs, no anomalies, and it seemed like someone had rewritten the past. So I took a risk. Booted a deprecated version of MemShell , the underground implant debugger banned five years ago. It’s dirty. Unstable. But it let me trace the runtime activity of my core processes - line by line . That’s when I saw it: A function that shouldn't exist - inject_payload() , hiding inside a core learning module. Masked behind a career update labeled “Medical Ethics – Level 3”. What the hell does ethics  need a syscall for? The Pattern Emerges It’s not just me. I scraped logs from three other civilians in my subnet. All show the same strange function calls when they launch implant-based educational programs. It’s like watching a parasite whisper through code - pulling secrets from memory, redirecting outputs, even binding to unknown ports. We have to go deeper. Someone needs to trace the infection to its source. That's where you come in. CTF Challenge 002: Whispers in the Shell Objective: You’ve been given a suspicious binary named neurolearn . It’s supposedly a simple offline math tutoring tool for BrainOS™ implants. But it’s lying. Your Task Use strings again to find the malicious call. One of the functions (strstr, strcmp, system, etc.) is being abused to execute a covert system call . Submit your flag in the following format: CTF{FUNCTION_NAME::COMMAND} Included Files: neurolearn (ELF binary) README.txt with instructions 👉 Download the binary Example Tools ltrace ./neurolearn Flag Format CTF{...} “They’re hiding in our updates. In our thoughts. Trace their steps, and maybe we can still think for ourselves.”

Beautiful Butterflies Lessons from 10 years in the SOC I started in the cybersecurity scene in the early 2000s. I was 12 or 13, hanging out on AIM, IRC, and Yahoo! chat rooms. I discovered warez and learned my first hack, the ping of death. I’d hop on AIM and netstat for your IP address and send you a packet too large for your dialup to handle, and it’d kick you off line. I was a prankster, just a bit mischievous but never malicious. I dove headfirst into the Linux subculture and went to Walmart, where I found Mandrake for sale on CD. Now, most people think you can’t sell Linux because it's open source, but you can. This is Lessons from 10 years in the SOC. You’re selling the distribution of Linux, and you used to be able to walk into stores and buy it. This was when it’d take you days to download an OS and a quarter of your hard drive. It led to Knoppix Linux, which was the first live Linux distribution. I would take it to school, pop it into the computer, and all the restrictions were lifted, and I could jump back into my IRC chats. Always a chatter, which has become troublesome because I treat Facebook and social media as an informal chat room, and people take it very seriously. I went to a terrible high school, so I dropped out in 10th grade and went directly to get my GED. I walked in and passed it without any classes. In fact, in 9th grade the year before, I tested postgraduate in all the standardized tests. I started college at 16 in the only place that’d take me, DeVry, and I had the whole college experience. I stayed in dorms, hung out doing nerdy things on campus, and delivered pizza to pay for my living expenses. My grandmother paid for my student housing, but the rest of my living expenses were up to me. I look back fondly on my time at DeVry in Decatur, Georgia. It was a good education, too. I took my classes on-site and learned a lot. Some of my classes were online, but it wasn’t the same learning experience. I think DeVry gets so much of a bad rep because people start and never finish, and it is expensive. The classes can be difficult. It depends on the professor; some take their jobs very seriously and care a lot about the subject. I graduated from college, and I had the whole graduation experience. For the first time in my life, I graduated. I walked across the stage at the Georgia Dome in front of my family and friends, who were there to support me. I got pictures, threw my cap, and everything. It was the very first thing I accomplished in life. Prior to that, I wasn’t much of a finisher. After college, I worked in IT support at a local community college. I spent eight months there and then started my career in cybersecurity at Dell SecureWorks in the SOC in December 2013. I had so much fun working with my peers in this SOC that I’ve spent my entire career trying to find a place with the camaraderie that was the unique culture. Since December 2013, I’ve worked at several companies, with an average tenure of 2–3 years, so I’ve seen many different environments. These are the lessons that I’ve learned in my 10 years working in cybersecurity. Becoming SOC mature is about learning what to ignore. I saw on LinkedIn recently that someone said becoming mature in cybersecurity is about learning what to ignore, and I just loved it. It resonated so well with me. When you first start, everything is a crisis. Everything is new, and everything is critical. Once you have time in your seat long enough, you learn what is expected and what is a unique occurrence. What’s an anomaly in the industry, and what seemingly happens all the time? This is important because knowing this helps you determine if there is an established process at your company for seeing this type of thing. If you’re new at a company but have seen this often before, there’s likely a playbook for it. Zeal fades as you slowly learn how compliance and regulation work. And how everyone gets paid. Zeal is essential for you to start. It's the fountain of motivation to learn how everything works. It's a blessing and it's a curse. Not everything works the way it should work for whatever reason, and this creates conflicts of interest that really dampen how you feel about the importance of your work. Not everyone will care about cybersecurity as much as you do, even the people paying you to do your work. Ideally, cybersecurity exists so businesses can take risks responsibly, but in some places, cybersecurity exists just to say cybersecurity exists here. Cybersecurity was at the top of executives' agendas when daily breaches were in the news. Breaches rarely make the news anymore. The public has been desensitized, controls have been put in place to protect people, and overall, there has been improvement in the cybersecurity industry. It's a different place today where a breach isn’t likely to affect your stock very much. There was a period about five years ago when a breach would even make your stock go up. Boy, was that difficult to deal with. Try going to work every day to protect a company when a breach would make them more money. Now it's just become daily life. There’s a gray area of perception. What you see on the outside of a company isn’t what is true, and that’s accepted. As a business owner, I’ve been viewed as not an individual but a company trying to promote/sell something to an audience. It's made me feel compassion for the community because they are predisposed today to be skeptical of everything and have been manipulated so much by marketing schemes. Marketing exists to make you want something and to get your product to the people who want it. In this effort, things get misconstrued, which is often borderline untrue. Your company has a marketing team, and your company strategizes on how to get the product the right spin on it to make people buy it. I’ve worked at companies with great marketing teams, and the perception is that this company really has its stuff together, and then I go to work there and they’re announcing how great their new product is that I know now hasn’t even finished developing. It doesn’t exist! It can leave a bad taste in your mouth about the company you work for, thinking they are all just talking nonsense, but just know this is what marketing teams are supposed to do. They're doing their jobs great, and now everyone else needs to do their jobs to catch up. This is normal and happens at every company. This is the product people want; now we need to make it. You’re paid to protect a company from itself. If I paid someone to protect you from yourself, how would you feel if you kept being told to correct yourself? That’s how it looks as a CEO. I said that right. You aren’t protecting your company from the bad guys out there hacking your company; that's just par for the course. You’re protecting your company from users who do something to let them in. As a CEO, you are your company. When addressing executives, use tact and empathy when explaining that one of their indirect reports caused a security incident. It's not essential to punish anyone for bad behavior in most cases, outside of insider threat. It's necessary to come up with solutions and things we can do to prevent this from happening again. Live in the solution. These are some of the things I’ve struggled with over the years, often causing periods of depression in my work when my idea of what cybersecurity should be isn’t what it truly is. The world didn’t meet my expectations in what I was led to believe would be my purpose, and it's sad. When this happens, it's time to get comfortable in Corporate America and play this game the way it's played.

The Mahabharata has been described as an ancient encyclopedia of Indian knowledge. One of the world's oldest and longest epic poems, it is to me the most important work of Indian literature ever written. It played a central role in the development of Hindu culture and has been ranked alongside the Bible, the Koran, and the works of Homer and Shakespeare as one of world civilization's most influential manuscripts. A sixteenth-century Indian painting of a scene from the Mahabharata, the ancient poem about a royal family's power struggle. It shows Prince Arjuna (center), a leader of the Pandava family, racing towards the enemy Kaurava force in his chariot. When a dramatized version of the Mahabharata was shown on Indian television in 1998, streets around the country emptied. Entire communities crowded around TV sets to watch the mesmerizing and very familiar tale of two branches of a royal family locked in a bloody struggle to control ancient India. It took 139 episodes to capture the poem's nearly two million words. The Mahabharata originated as an oral poem sometime around the eighth century BC. It was recited and enhanced by priests, professional story-tellers, singers and dance troupes. The first reference to the poem as a written document was around the fouth century BC, but it was not until AD 350, more than 700 years later, that the Mahabharata became a unified text, written in Sanskrit, India's classical language. Some historians believe the work is based on a conflict that occurred during India's Vedic period (1500 to 500 BC). Its central tale is a bitter fight between two sets of cousins: the Pandavas and the Kauravas. Both are out to control the Bharata kingdom in northern India. Exactly who created the Mahabharata is not clear, but it is traditionally said to have been Vyasa, also known as Krishna, the great sage who Hindus believe is immortal. He plays a central role in the poem as grandfather to the warring cousins. A Hindu legend claims Cysa narrated the epic to Ganesha, the elephant-headed deity, who wrote it down with one of his tusks. The poem is made up of around 100,000 couplets and prose passages encompassing a great range of subjects. History, philosophy and spirital ideas are woven through the saga of the Pandava and Kaurava rivals. It bristles with romance, intrigue, chivalry, ethical conundrums and has numerous subplots. No wonder it has been dubbed an ancient version of Game of Thrones . A seventeenth-century painting of the Pandava prince Arjuna with his charioteer, the god Krishna, on horseback. At the heart of the Mahabharata are 700 verses known as the Bhagavad Gita, or the Gita, one of the most revered texts of Hinduism. Most experts believe the Gita was composed later than the rest of the Mahabharata, probably after the third century BC - an unsettled period when the ethics of war were a preoccupation. It is a dialogue between Arjuna, a Pandava prince, and his charioteer Krishna, who gradually reveals himself to be a god. It takes place just before a momentous battle with the Kaurava family. Arjuna suddenly has doubts about killing his cousins and friends, and he asks Krishna what to do. Krishna advises Arjuna to fulfil his dharma: to be true to his duty as a warrior. For one of the first times in Indian literature, there is a discussion about what constitutes a "just war". Krishna tells Aruna that once a war breaks out, it should be fought if it is for a good cause. Krishna also offers insights about the purpose of life, reincarnation and many other philosophical and religious matters. Short and coherent, the Gita was easily understood by all social classes and it became a popular guide to Hindu duty, morality, and salvation. Prince Arjuna decides that is it his duty to fight, and one quarter of the Mahabharata is dedicated to recounting the cataclysmic 18-day Battle of Kurukshetra. Nearly four million soldiers from all over India take part in the conflict. The Kaurava army has eleven divisions, Arjuna's Pandava force has seven. They fight with arrows, swords, lances, and maces. Nearly everyone on the battlefield dies. On one day alone, the poem describes how Prince Arjuna destroys a battle formation of huge numbers of chariots, elephants, cavalry, and infantry. Both sides resort to tricks and deceit in the attempt to emerge victorious. In the end, the Pandavas win the battle, but the appalling carnage makes it no cause for celebration. The poem's theme of the futility of war and violence has resonated with Indian leaders over the centuries. It was a major influence on Mahatma Gandhi, who led India's non-violent independence movement against British rule in the early to mid-twentieth century. The Mahabharata has been a source of entertainment as well as a spiritual guide ever since it was composed. It is still widely read, recited and performed in theatres, movies and on television. Children are still named after characters in the poem, and its messages remain as familiar today as they were thousands of years ago. Above: A seventeenth-century painting of a Pandava prince Arjuna with his charioteer, the god Krishna, on horseback. Below: A copy of the Mahabharata open at the Bhagavad Gita, one of the most revered texts of Hinduism. In its 700 verses, the god Krishna shares his philosophical beliefs with warrior Prince Arjuna

Leonardo da Vinci’s inventions are as renowned as his paintings. We’re fortunate that he consistently kept a pen handy to record his ideas, filling thousands of pages with his insightful thoughts on a wide range of subjects, including nature, astronomy, painting, architecture, mathematics, the human body, and bird flight. Following are a few of the best original images from my collection of Leonardo da Vinci. Leonardo’s drawing of a lung. On the right, he labels separate organs: spine, lung, diaphragm, spleen, stomach and liver. It is thought that his subject was a pig. Fortunately for us, Leonardo da Vinci sought to understand the world by meticulously describing his observations in writing. His notebooks, or codices, showcase a brilliant blend of an artist’s eye and a scientist’s curiosity. One of his greatest passions was the miracle of flight. He created 500 sketches and wrote 35,000 words about how birds glide, using their wings and tail for balance. He envisioned flying machines without engines, where a human pilot controlled the flapping of the wings. Many of Leonardo's drawing delve into the concept of flight. On the left, there's a sketch of a flying machine powered by a human. On the right, there's a design for a propeeller. Nearly 400 years later, the Wright brothers made the first successful flight. They paid tribute to Leonardo’s vision, calling him “one of the greatest artists and engineers of all time.” The Wright story to come someday. Scholars believe that Leonardo’s early life had a profound impact on his genius. Born in 1452 as the illegitimate son of a Florentine notary, Leonardo was largely self-educated. Recognizing his artistic talents, his father apprenticed him at the age of 15 to the painter and sculptor Andrea del Verrocchio. Verrocchio emphasized the importance of understanding human anatomy, leading Leonardo to become adept at drawing limbs, muscles, and other body parts. He was granted permission to dissect human corpses in Florence, Milan, and Rome, where he later resided. Leonardo’s notebooks contain over 240 detailed anatomical drawings and 13,000 words on the subject. This drawing, widely believed to be a self-portrait of Leonardo, was created in red chalk. It is currently housed in Turn's Royal LIbrary and is rarely displayed due to it's fragile condition. Fortunately, the chalk remains largely undisturbed in the places preserving the subject's identity. Leonardo's studies of the fetus and an arm demonstrate his advanced understanding of the human body. He is credited as the first to accurately depict an embryo. As Leonardo grew older, he devoted less time to painting and focused more on his “studies.” It is likely that he intended to publish his notes, as many of his observations on specific subjects are meticulously organized on single pages. Unfortunately, Leonardo passed away in 1519 at the age of 67, before his notebooks could be published. He willed them to his devoted follower (and possible lover), Francesco Melzi, who managed to compile Leonardo’s thoughts on painting into the Treatise on Painting, but did little else with the remaining notes. It wasn’t until over 200 years after Leonardo’s death that his notebooks gained public attention. Today, 7,000 pages are known to have survived, spread across 17 notebooks — about 20 percent of the material this Renaissance visionary produced. With one exception, these notebooks are housed in museums in Italy, Spain, France, and Britain. The only privately owned copy belongs to Bill Gates, who digitized some of its pages as a screen saver for his Microsoft operating system. To me, Leonardo is more than a treasure; he is one of the great heroes in the history of human creativity.

It began in the British Museum's conservation lab, deep in the heart of London. A new digitization project had just been completed on one of the world's most iconic artifacts: the Rosetta Stone. Unlike past scans, this one used cutting-edge multispectral imaging to reveal surface details invisible to the naked eye. Amina Noor, a postdoc researcher in cryptographic anthropology, had been monitoring checksum anomalies reported in the scan logs. When she analyzed the image on her secured terminal, she found something no one had expected: patterned pixel anomalies recurring at regular intervals across the Demotic script panel. It wasn’t noise. It was a message. Sharing her suspicions with an underground cryptography forum, Amina soon attracted attention. One user, alias "NilusRoot," hinted that the anomalies were part of a modern LSB steganography algorithm but designed to trigger only under UV exposure. The forum exploded with speculation—had someone embedded modern data into a 2,000-year-old stone? The stone had not changed - the scan had. Amina focused on extracting the hidden payload. CTF Challenge 1: Image Steganography Task: Analyze the provided and use LSB steganography techniques to extract the hidden message embedded in UV-reactive regions. The flag is embedded as plaintext. Hint: Use a tool like zsteg or stegsolve, or https://georgeom.net/StegOnline/upload to analyze LSB data in the red channel. Focus on the top-left 16x16 pixels where the flag is embedded. Extract LSB from the red channel and convert to ASCII to retrieve flag.

The Rosetta Protocol Part V: The Translation Key As RosettaOS booted, the room around Amina seemed to shrink. The interface radiated a dull golden glow, and strange hieroglyphic-like characters began scrolling across the screen. But these were not ancient Egyptian. They were symbols - unfamiliar yet eerily logical. She leaned in closer. Instead of commands or menus, the OS displayed what looked like an encrypted language that changed subtly with each pulse of the CPU clock. At first, it made no sense, but then patterns emerged. Certain glyphs repeated at intervals - rhythmic, recursive, structured. The system wasn’t just displaying data - it was running something. Amina activated the interpreter sandbox and fed in a dummy input. The symbols responded, adapting into recognizable loops, conditions, and data flows. It dawned on her - this was a fully functional symbolic programming language. One designed not for humans or machines alone, but for something in between. A series of tones began to emit from the speakers, matching the rhythmic glyph updates. The frequencies resonated in Amina's chest like a forgotten chant. The machine was communicating - on multiple sensory channels. The final log entry from the VM before its isolation appeared: Suddenly, the display froze. One final glyph block blinked in a box at the bottom of the screen. The message read: EXECUTE FINAL TRANSLATION: ONE KEY REMAINS Beneath it: a dense cluster of interwoven symbols in five lines, framed by a cartouche. Her instincts kicked in. The symbols weren’t random. They followed a rhythm -each one recurring at structured positions, each pair aligned like logical branches. Amina activated the parser she'd built from previous decoded mappings and let it run. The result was astonishing. The symbols resolved into a logic tree. At its root: a conditional check. Then a loop. Then… a string. She whispered it aloud as the final translation printed onto her screen: flag{language_is_executable} This is The Rosetta Protocol.

Neurocracked CTF Part Five - Illuminaughty From the encrypted audio transcript of Lin: Neurocracked [Recording begins. Timestamp: 04:19:27 AM] Room ambience: faint server hum, old ventilation. Somewhere underground. A single overhead bulb flickers like it’s nervous. Lin : I know what you are. You're not just another suit with a clean neural fork and a backup ego license. You’re wearing a voice you rehearsed. Stranger:   (calmly) I’m not here to harm you, Lin. Lin: Then why do you know my name, and why the hell did you redirect my commline to this dead building? Stranger:   (stepping into the light) My name is Hiram. I represent the United Grand Lodge of England. I’ve been operating undercover in Neural Nexus for... 207 days. Lin:   (mocking) Let me guess. Crown-sanctioned cyber-espionage? Hiram: The Grandmaster - Prince Edward himself - sent me. Something sacred was leaked. A piece of memory extracted from one of our own. It’s since appeared in public implants - non-Masons. Civilian neuralware. Our... word  was spoken aloud. Lin:   (goes cold) The secret word? Hiram: Yes. And it wasn’t a coincidence. Someone inside the Neural Nexus dug too deep. Embedded old rituals in their training modules - likely as a joke, maybe as a signal. But it got compiled into the public feed. We traced the leak to your subnet. Lin:   (stepping back) I didn’t mean to - I was looking for the update error, and - Hiram:   (interrupting) I’m not here to blame you. But the marketplace you uncovered - the Cerberus Hive? It’s using the Neural Nexus as its spine. That’s where we must strike to shut it down. Lin: Shutdown Neural Nexus? You’ll need root access. I barely cracked read-only mode using stolen therapist keys. Hiram: We know where the terminal is. But not the password. Lin: So we break in? Hiram:   (nods) Together. [Time skip: 6 hours later. Inside the Nexus Spine Core. Screens everywhere. Cooling fans like jet engines. Lin and Hiram surrounded by lines of code, dozens of decrypted files, system maps, access logs.] Lin:   (sighs) Nothing. All these folders, aliases, corrupted configs... Every trace of root credentials is either wiped or boobytrapped. Hiram:   (mutters) There’s always a keystone. A ritual. A hidden phrase. Lin: Then we’re missing it. [She leans back in the chair, adjusts the swivel. A creak. Then—flutter.] A sticky note slips down from underneath the chair. Lin:   (quietly) Wait… * [She picks it up. Faded ink, barely legible. Five words:] “ear of corn community password” Hiram:   (staring at it) ...Of course. The “ear of corn.” Lin: It's a Masonic phrase, isn’t it? Hiram: One of the oldest. A symbol of harvest, access, and gatekeeping. Used in tests of speech, memory, and allegiance. It’s a challenge prompt . Lin:   (realization dawning) And “community password”... it's the prompt label in the terminal UI. Hiram: Then say the word, Lin. Speak it true.

Neurocracked CTF Part Three: Neural Network Nexus Lin Rowe slid the neuroblade across the table, its surface etched with coffee-ring data clusters and half-scrubbed forensic logs. The room was dark except for the bio-light pulsing on the ceiling—a warning that the filtration system had detected organic contamination. She didn’t need a sensor to tell her. The blood dried behind her ear was enough. It was happening more often. Neurocracked. Three times in the last month. Each time she woke with no memory, fingertips sticky. Each time she ran diagnostics, her system showed no tampering because it had been rewritten . Whoever hijacked her port had root access. Not just over her implant. Over her thoughts. Across the city, NeuroCare facilities were overflowing. “Neuropathic collapse,” they called it. More than 4,000 civilians have been comatose in the past two weeks with no fever, no trauma, and no damage . Only silence. Their brain implants were still operational, still pinging updates. Just… no one was home. The first reports said they all had one thing in common: they’d installed a routine update to their BrainOS ™ learning module - most often used to gain new career skills like neural surgery, quantum finance, and ethical simulations. But that wasn’t all. They’d also seen an image. https://ibb.co/rKKD87J6 It was a monochrome photo of someone's neuroblade. Lin stared at it now on her off-grid terminal. Harmless-looking. But every person who looked directly at the image fainted. For three days. No warnings. No headaches. Just a sudden loss of consciousness. The hospitals had begun calling it The Drop . When she decoded the image she froze. She recognized these words. Back in 2080, these strings were embedded in cognitive restraint chips  during civil protests, meant to suppress rebellion by rewriting ideological frameworks. Now they were back, hidden inside a learning module . The Nexus The Neural Network Nexus was BrainOS™ hidden spine - a federated cloud mesh  where all approved learning modules were distributed. From the outside, it looked like a corporate server farm. It was a living lattice of neural scaffolding and deep-learning routines constantly fed by human interactions. If you learned to fly a jet, someone else had once crashed one. That feedback loop? Stored in Nexus. Lin had gotten access once, briefly, by piggybacking a decrypted token from a cognitive therapist's implant. What she found scared her enough to never return. Now she had no choice. The Breach Using a forensic key stolen from a corrupt Ministry of Integration agent, she re-entered the Nexus. The security layers had grown denser - now there were synthetic captchas woven into emotional responses and biometric pulse-matching. But Lin had something no AI could simulate: paranoia . Inside the codebase for "Ethical Medicine Level 2", she found it - a malformed .nmod file that referenced an off-registry key. It wasn't just the image embedded - it was condition-triggered . The payload only activated when the implant's user processed the visual data with a specific module - a mental simulation tagged: neuro_empathy.enforce.v2. That was the trigger. Not everyone who saw the image dropped. Only those with the vulnerable empathy simulation installed. Someone was targeting empathy. Echoes of Control The drop wasn’t just a byproduct. It was a denial of service for the brain . A form of soft warfare. It disabled the most emotionally advanced citizens - the therapists, caretakers, mediators, teachers. The people most likely to notice something was wrong. The implants didn’t just knock them out. They wrote over core moral subroutines . When they woke, Lin feared, they wouldn’t be the same. What were the words hidden inside the Neuroblade photo above?

Neurocracked: From the Desk of Nova Ryze I was two hours away from installing the upgrade that would define the rest of my life. In our world - post-Knowledge Collapse - you don't go to school. You don’t study for exams. You subscribe to knowledge . A new update every quarter. Your implant learns your goals, cross-references market demand, and pushes the appropriate neural modules into your skull. For me, it was supposed to be Surgical Suite v14.2 . The module that would finally make me a useful, valuable employee. But the update froze at 61% . Then it crashed . BrainOS™ Update Error: Checksum Mismatch - Validation Failed. I filed a ticket. Waited. Rebooted my neural port three times. Nothing. But that wasn’t the problem. The problem came two hours later, at Station Echo-One. I was standing on the upper deck when a man next to me said two words into his comm-link: “ Concordia Protocol. ” His demeanor shifted instantly. His spine straightened. His eyes were vacant. He calmly walked off the platform into the path of a 500 kph bullet train. Didn’t scream. Didn’t flinch. Just… obeyed. They're calling them Zombies   now. People are hijacked through their implants. People who suddenly stop being people  and become something else. Remote-controlled agents  for whoever - or whatever - is embedding themselves into the firmware. The rumors say it started with a supply-chain breach. The real nightmare? No one knows who’s infected. The code hides in plain sight. Silent. Dormant. Waiting. Until you say the wrong word. After the incident, I ripped open my own firmware logs and found something that doesn’t belong in any surgical training module - an unsigned, obfuscated code block  marked OPTIMIZE_THREAD_HV1. I decrypted part of it. It references a file signature that doesn't match the official BrainOS™release chain. I’m no security engineer - but maybe you are. I’ve uploaded the corrupted update here. I need someone to see what I can’t . If I’m infected, I need to know before they activate me . CTF CHALLENGE 001: “Payload in Plain Sight” Background: You’ve intercepted a corrupted firmware file: brainos_v14.2_patch.img.There’s an embedded ASCII payload designed to hide from normal detection tools. It contains a known trigger phrase , used to activate compromised individuals. Your Objective: Extract readable strings from the binary. Identify the suspicious string containing ECHO_WORDS. Submit the SHA-256 hash  of that entire string. Format your answer as: CTF(SHA256_HASH_OF_PAYLOAD) Included Files: brainos_v14.2_patch.img README.txt (Instructions) 👉 Download the Neurocracked CTF Package Pro Tips: Use tools like strings, grep, or a Python regex to find printable substrings. Only one string contains the final trigger signature. Be careful what you say out loud while analyzing it... Ongoing Investigation: trust no one- some of them might already be activated. Enter the flag here. Part Two

Fourth_script.txt  contained pseudo-code resembling no known programming language. However, its logic bore uncanny similarity to mechanical computing routines Amina had seen in Charles Babbage’s notes. She transcribed the code into a simulation environment and activated it. Her screen flickered. Then her speakers emitted rhythmic pulses—low-frequency audio bursts unlike anything she’d heard. When visualized, they formed waveforms with consistent spacing, like binary in Morse. Analyzing the tones, she realized it was a language encoded through sound. A command. A key. CTF Challenge 3: Audio Payload Task: Analyze challenge3_audio_payload.wav. Convert frequency pulses to binary, then ASCII. Identify the embedded command sequence. The flag is hidden in the decoded command. Hint: Analyze wav file in https://openl.io/translate/mp3/binary . Convert binary to ASCII The flag is embedded in the decoded command Submit flag as "flag{...}"