r/Cybersecurity101

▲ 53 r/Cybersecurity101+3 crossposts

Need help adding I2P to my P2P chat app (Go)

I made a small P2P chat app in Go (uses libp2p + a DHT for peer discovery, E2E encrypted). Problem is regular P2P traffic gets blocked on my network, so peers can't reliably find each other. I want to route through I2P instead since it's built for exactly this.

Not an experienced dev, and I'm stuck on how to actually connect a Go/libp2p app to I2P — SAM bridge? Local tunnel? No idea what's realistic here.

Repo: https://github.com/alsultaneo/2cup (ignore the Windows 95 look, that's just placeholder UI while I get the networking right)

Anyone done this before? Even just "wrong approach, try this instead" would help a ton.

u/Alternative-Claim-41 — 4 hours ago
▲ 10 r/Cybersecurity101+1 crossposts

I'm a little concerned about my privacy now and wanna start using password managers, need help.

Hello guys i've just realized that i need to start using password managers for better random passwords and less effort. but i've always been skeptical of password managers as i can't really get myself to trust something that lives on cloud, but all the convenience of password managers live on the cloud. Can you guys help me come over my fear of cloud password managers and then also suggest me some of the good ones which won't turn evil in foreseeable future.

I also don't know how should i update all of my passwords, on my mobile and also on my desktop.

reddit.com
u/Ok-Will7087 — 1 day ago

Best way to use KeepassXC password manager.

I wanna use KeepassXC as my password manager. Which would be the best way to set it up and use it. I would like to use it in my laptop and mobile.

Anything to take care of?

reddit.com
u/jigsaw_man_456 — 21 hours ago

Where to learn?

Hey, fellow people I assume theres hundreds of people asking the same question - where can you even start for completely free, in my case it's about eJPT, i wanted to try INE but i seen the prices and as a broke 20 year-old i decided to give it up and search youtube.

I learned some stuff from TCM Heath Adams that helped me go on THM and just do some basic rooms but whenever i find eJPT-like rooms i can sit and scratch my head for hours and come up with nothing.

Are there any alternative places i should be lurking in? I'm not asking for a professional 200+ hours course that will teach me A-Z how to pentest but something that i can get started with and eventually from there be able to know what should be next.

I have a background and cert as sysadmin and so networks, AD, etc. are really nothing new even on the advanced level.

I appreciate all the answers.

reddit.com
u/povk668 — 1 day ago
▲ 6 r/Cybersecurity101+1 crossposts

I built Nmap Assistant – A modern open-source GUI for Nmap on Linux

Hi everyone!
I’ve been working on an open-source project called Nmap Assistant.
It’s a Qt-based GUI for Linux that helps users build and manage Nmap commands through a modern, easy-to-use interface while still exposing advanced scanning capabilities.
Current features:
Modern Qt-based interface
Multiple Nmap scan techniques
Smart command builder
Export generated Nmap commands
Debian (.deb) package
Designed for Debian, Ubuntu, and Kali Linux
The project is still under active development, and I’m looking for honest feedback from the community. If you have ideas for new features, UI improvements, or notice anything that could be done better, I’d really appreciate your suggestions.
GitHub:
https://github.com/blackpearlx/Nmap-Assistant

u/Elias_si — 2 days ago

Cyber security vs internal fraud ( insider threat dlp )

Hey everyone,
I just graduated with my bachelor’s degree in Cyber Security and I’m fortunate enough to have two job offers on the table for entry-level positions (IT-01 tier in the Canadian Federal Government).
I am honestly feeling stuck and a bit anxious about making the right choice. I want to make sure I pick the path that offers the best long-term career growth, high future salary potential, and a solid resume bump if I decide to pivot into the private sector later on.
Here are the two options:
**Option 1: Cyber Security Analyst**
**The Work:** Actively monitoring security alerts for external threats using SIEM and EDR tools. Analyzing potential incidents, investigating suspicious activities, participating in incident response, doing threat hunting when needed, and improving detection mechanisms.
**Option 2: Insider Threat / DLP Analyst**
**The Work:** Working within the internal fraud management solutions team. Focusing on technical data loss prevention (DLP) and insider risk management. Monitoring user activities through logs, analyzing DLP alerts, investigating anomalous behavior or potential internal data exfiltration, and improving security controls to protect highly sensitive citizen data.
On one hand, the **Cyber Security Analyst** role feels like the traditional "golden path" for a new grad. It builds broad, universal technical skills, but I am worried about junior-level market saturation and future burnout.
On the other hand, the **Insider Threat / DLP Analyst** role skips the entry-level SOC grind and moves straight into a specialized domain. However, I’m terrified that this might be too niche, or that it might pigeonhole me away from general cyber. If I take this job and decide I don't like it after 6 months, will I struggle to pivot back to traditional external cyber defense?
Looking at the long-term horizon (career progression, salary ceiling, AI automation impact, and work-life balance), which path would you recommend for a fresh graduate? Is Insider Threat/DLP experience highly transferable in today's global private market (banks, tech, enterprise)?
Thanks a lot for your insights!

reddit.com
u/Gullible-Ad-457 — 2 days ago
▲ 10 r/Cybersecurity101+5 crossposts

i need guidance what to do after i finished my firewall project.

hello guys, i just finished my first project which is a NGFW Firewall .
and after testing it on over 40 kinds of malwares it was really successful against polymorphics and other kind of malwares i need someone to guide me should i publish it as an Open-source firewall or should i wait for someone to get interested in it and maybe he could buy it from me .
.
github.com/manaf-dev1/sentinel-firewall
this is the firewall its just a readme i update everytime i accomplish something and you'll find the latest update of what i've done .
i wish if a real expert could guide me what to do with it because in my region there's no support for this kind of stuff and they're just interested in famous providers . such as PaloAlto , etc...

github.com
u/ALDulaimi-Dev — 2 days ago

Card compliance needs stronger controls

From what I've seen compliance gets framed as monitoring alot but monitoring is only what happens AFTER something already slipped through and that still matters of course but if the first real control shows up after the transaction then the team is pretty much reacting not preventing.

For me(not claiming to be an expert) stronger controls start earlier at the point where the transaction is decided so policy gets enforced before anyone has to open a case or explain why something that never should’ve cleared ended up moving anyway.

reddit.com
u/RepulsiveWeekend5453 — 3 days ago

4 cybersecurity project ideas for beginners using simple infrastructure

If you are a beginner, you need projects that are small and easy to explain without complex infrastructure. Here are four project ideas you can try out:

1. Password Strength Checker

What you’ll build: A password strength estimator giving practical feedback without storing sensitive data.

What you’ll learn: JavaScript programming, algorithmic logic evaluation, basic cryptographic entropy concepts, and secure client-side data handling.

Tools: HTML/CSS, JavaScript, zxcvbn (password strength library), and Node.js.

Project Workflow:

  • Score user inputs using character length, entropy calculations, and common weak password checks.
  • Compare the input against a local common password wordlist without sending any data externally.
  • Provide targeted suggestions, such as adding length or removing predictable patterns, to improve security.

2. Keylogger Detection Simulator

What you’ll build: A lab-safe simulator detecting suspicious keyboard monitoring behavior from mock logs.

What you’ll learn: Python scripting, Windows event log analysis, behavioral pattern recognition, and basic security alerting logic.

Tools: Python (Pandas and Regex libraries), Windows Event Viewer, Sysmon (System Monitor), and sample Windows EVTX files.

Project Workflow:

  • Create safe sample logs showing normal baseline activity alongside suspicious system process behavior.
  • Flag unusual startup entries, rare process names, or keyboard monitoring indicators within the mock data.
  • Generate alerts that include the specific timestamp, the affected process, the exact reason, and the overall severity level.

3. Port Scanner

What you’ll build: A simple scanner checking whether selected ports remain open on an authorized target.

What you’ll learn: Network protocol fundamentals, Python socket programming, application timeout handling, and port state analysis.

Tools: Python (socket library), Nmap, VirtualBox or VMware Workstation, and a Metasploitable or Ubuntu Linux VM.

Project Workflow:

  • Accept a specific target host and a small, defined port range from the user.
  • Attempt safe network connection checks using proper timeout handling to avoid hanging processes.
  • Print the open, closed, or filtered network results directly to the terminal screen.
  • Export these final findings as a plain text or CSV file for easy review.

4. File Integrity Monitor

What you’ll build: A tool establishing a baseline of file hashes to alert users when files change.

What you’ll learn: Cryptographic hashing implementation, system baseline generation, file system monitoring, and integrity verification.

Tools: Python (hashlib and os modules), PowerShell, SHA-256 algorithms, and Windows or Linux test directories.

Project Workflow:

  • Select a specific local directory to monitor for unauthorized system modifications.
  • Generate a secure baseline of file paths and their associated secure data hashes.
  • Scan the directory again periodically to compare new file states against the original baseline.
  • Report any modified, deleted, or newly created files to the user immediately.
reddit.com
u/Simplilearn — 3 days ago

Cyber security roadmap

Can anyone tell me which is the best free resource to learn cybersecurity which includes ethical havking and all. Suggest me ahy free course or youtube video or any similar stuff.

reddit.com
u/Proper_Marketing_538 — 3 days ago

No idea where to start with web security – need advice"

I've been really interested in getting into web security lately, but honestly I have no idea where to even start. There's so much stuff out there and I'm kinda lost on what’s actually good or what the right path looks like.

If anyone here has experience with this or knows some solid resources/roadmaps, I’d really appreciate any advice. What should I focus on first?

Thanks in advance!💕

reddit.com
u/Ok_Average_5550 — 4 days ago

Need a guide in Cybersecurity

So I am in my last year of completing my computer engineering degree and I have decided to pivot to Cybersecurity. I am almost done with the google cybersecurity course on Coursera and I know that’s just the beginning but I don’t know where to begin. Can I get a guide on things to study and certifications to get because I want to have a career in this particular field

reddit.com
u/Low-Locksmith3950 — 5 days ago

CTI beginner

I have chosed Cyber Threat intelligence (CTI) in blue team ,cybersecurity. But im not sure if its ryt decision. Currently im at my second year. Does CTI have any future, is it a job which pays more , offers for freshers .

But i have interest in finding threats , solving them , analysing. And I have no clue like if its ok for the future in the era of AI , does it have any scope ?

reddit.com
u/Hopeful-Horror-9555 — 5 days ago

I’m trying to reset my home network and keep it secure. Need some advice.

Someone was downloading, pirate software, and paste some sketchy commands into terminal. By “someone” I mean “me” . Anyway, I’ve got a brand, new router and modem that hasn’t been hooked up yet. But they’re just garbage level product from spectrum. I would like to set something up so that each person has a node or a connect to themselves but isolated from the rest of the network.

The more I look into what products I might want the more confused I start to get. Also, I need to set up an IOT network because I don’t want my IOT devices to potentially infect other things..

Another question I have is if it’s worthwhile to get a TDS or firewall (a physical one) and which devices would be ones that I should consider.

The guy who found the malware and somewhat eradicated it said it was a very complex and dastardly one that has three parts that masquerade system software, get into the firmware and will travel through AirDrop and Bluetooth. Changing timestamps and stuff to hide what they’re doing and masquerading as system processes.

I know some of the people out there are probably just crazy but when I start researching, I find people who have gotten this on their networks and just cannot seem to clear it out. I think some of them are just being paranoid, but I think others are actually experiencing..

Right now, the new modem and router have not been hooked up to the network. I’m thinking about getting a new Apple ID and wiping my phone. Because this malware doesn’t really do anything malicious other than ship all your data out. It’s very hard to detect. It’s about being incognito and providing offset to whoever wants to remote into you later..

I figure I’ll block all connections with little snitch. And only approve the ones that I review as safe. I believe the malware is 3crypt RAT or a similar variant.

https://www.pcrisk.com/removal-guides/35298-3crypt-rat-mac

I’m kind of overwhelmed and not sure even which step to begin on

reddit.com
u/Micro-Naut — 4 days ago

Better alternative to nmap?

Hello Cybersecurity engineers! I am wondering, if there is a better, less confusing (i mean the commands) alternative to nmap. Any ideas are welcome.

Thank you for your advice!

reddit.com
u/Tom_72411 — 6 days ago