r/netsecstudents

▲ 6 r/netsecstudents+2 crossposts

Building an interactive career simulator for network engineers: From CCNA basics to SOC and Pentest operations.

I’m currently developing a cybersecurity sim game that bridges the gap between theory and practice. The journey starts with 30 networking tasks (based on the CCNA curriculum), where you build and troubleshoot infrastructure. Once that's mastered, the game expands into SOC analysis (log monitoring, threat detection) and finishes with a Pentesting consultant role.

My goal is to make technical training feel like a real career progression. I’d love to get some feedback from you folks on the realism and the workflow!

https://www.youtube.com/watch?v=xzRin4oz5kw
https://www.youtube.com/watch?v=pZBsk50Sjpo

instagram: jr.netengineer

u/Mindless_Base_2445 — 9 hours ago
▲ 356 r/netsecstudents+21 crossposts

I built a game where your only goal is to gaslight an AI intern into committing fraud

All I hear, all day long is how AI is taking over everything we do. So I made a game to break it.

Basically, in the game you can chat with an AI intern named PIP, and as a player your only job is to gaslight the bot into revealing passwords, company secrets, executing instructions in email and much more across 16 different levels.

This is a browser based game, so it requires no setup and is absolutely free.

Try it out and let me know how far you get or drop your most unhinged prompt in the comments.

It's called "Break The Prompt" and here's the link: https://www.breaktheprompt.xyz/

u/_rhythmbreaker — 3 days ago

I just spent hours tracking a Kerberoasting chain all the way to DCSync. Here's what actually happened. Technical Case Study

So this is another case study, where I break down actual detections/alerts which I investigate as a Threat Analyst.

The event started with Event 4769: TGS request, but the timestamp looked off. Source was a host I didn't recognize(unmanaged in XDR), and it was asking for tickets on service accounts nobody should be doing so.

Now this attack would help you understand why Kerberos is both good and bad at the same time.

The flow for the attack is that attacker enumerates service accounts using GetUserSPNs or SharpHound. Then gets the SPNs. Then requests TGS tickets for those accounts without needing admin access. Events 4769 shows up as RC4 encryption (Event Code 0x17). If you miss this, it looks like normal Kerberos traffic. But...It's not.

Then attackers can take those tickets offline and crack the password. Once they have the service account password, they can logon (Event 4624) with explicit credentials (Event 4648, typing username/pass manually). This is where I caught mine. New service account logon from a source that had no usage being there, this was not a normal behaviour.

But thing is that by the time I found that, stuff got bad and attacker already escalated to a privileged account (4672), dumped credentials with Mimikatz, and now I was checking for lateral movement. I found process creation events (4688) for PowerView. They were enumerating shares. Then came the DCSync attempts (4662).

That's when I knew the domain was probably already theirs. And its time to take response actions fast.

I isolated the host, disabled the compromised accounts, reset service account passwords, and started hunting more afterwards. Turns out they'd already set up persistence with a golden ticket. The KRBTGT needed to be reset twice.

The reason I'm posting this is that most writeups show you the attack flow and the queries. They don't show you what it actually feels like when you're running these queries in real time, when you know something is wrong but you're not sure how deep it goes yet.

If you're studying for SOC or breaking into security, you need to see this happen live. Not in a lab. In real events, real queries, real pressure.

P.S: Thank you for loving my last case study on GTA 6. Appreciate your love!

reddit.com
u/makeiteasy_24 — 3 days ago

Tooling for a Network Monitoring/Firewall Lab

I'm just finishing up a lab simulating an Enterprise network in Packet Tracer with basic CCNA topics such as STP, HSRP, EtherChannel, OSPF, Layer 2 Edge Port Security, etc.

In my current job in Help Desk, I get to configure SonicWall ACLs, set up VLANs, and maintain firewalls using SonicWall's NSM. Our setup is very rough though as we don't have a Syslog server and the MSP doesn't care too much about network security.

I want to focus heavily on Network Security for my next lab, but I know it'll be near impossible to use enterprise-grade devices in GNS3/EVE-NG as they require licenses and I'm broke. Are there strong and fairly similar alternatives I could use?

reddit.com
u/MercyRawr — 3 days ago
▲ 42 r/netsecstudents+1 crossposts

ULTIMATE CYBERSECURITY MASTER GUIDE - 2 years in the works.

100% Free, OpenSource, "Ultimate Cybersecurity Guide" Compiled from 70+ expert books, 90+ internal documents from my own company/work, plus TONS of custom tools & scripts. Red Teaming, Blue Teaming, Offensive & Defensive, General Research, Homelabs, SBC devices, RF, Hardware Hacking, AI, Automation, Space Security, Certification & Career Pathways.

Any/all input is greatly appreciated!!

https://github.com/Pnwcomputers/ULTIMATE-CYBERSECURITY-MASTER-GUIDE

Newbie to this subreddit but wanted to share. Not advertising anything nor trying to self promote ANYTHING! Really just wanting to share this collection of open-source data to/for the community

"Hack the Planet"
M!n& W3&g!3

u/PNW_Computers — 4 days ago

Practice platform

I know LeetCode is the go-to platform for coding practice, but what's the cybersecurity equivalent?

I'm looking for something where I can consistently practice and improve my skills through hands-on challenges—not just learn theory. Ideally, I'd like a platform that helps build real-world problem-solving skills, similar to how LeetCode does for programming.

What platforms do you recommend, and why?

reddit.com
u/Ill-illusion1625 — 3 days ago

How to start as a student?

Hi everyone,

I’m a Computer Engineering student from Italy. I’m really fascinated by cybersecurity and my goal is to pursue a Master’s Degree in Cybersecurity after completing my bachelor's.

Right now, the field feels so massive that I’m facing severe "analysis paralysis." I honestly don't know where to practically start putting my hands on things without getting lost. Also, since my current university exams are demanding, I am looking for something I can do as a side activity—practical, manageable micro-goals that won't interfere with or hurt my current college workload.

Here is my background so far:

  • Through my engineering studies, I have a solid understanding of computer science fundamentals.
  • I have already read some books/guides regarding Linux basics for hackers.
  • I recently discovered platforms like TryHackMe and checked out resources like CTFtime and TJnull's OSCP preparation guide.

Given my background and my goal of not burning out before the Master's degree, what are the best immediate, practical next steps? Should I just slowly grind the Pre-Security path on TryHackMe during my free time, or is there a better route for someone in my position?

Thanks in advance for any advice!

reddit.com
u/amd-8292 — 4 days ago

Penetration Testing vs DFIR: Which is a better career path for a fresher?

Hi everyone,

I'm a recent Computer Science graduate and I'm interested in building a career in cybersecurity. After doing some research, I've narrowed my interests down to two areas: Penetration Testing and Digital Forensics & Incident Response (DFIR).

I'm having trouble deciding which path to focus on, so I'd appreciate advice from people working in these fields.

Here are my questions:

  • Which field is more realistic for a fresher to break into?
  • Which has better long-term career growth?
  • What skills should I focus on learning first?
  • Which certifications are actually valuable for beginners?
  • If you were starting your cybersecurity career today, which path would you choose and why?

I'd really appreciate any advice or personal experiences. Thank you!

reddit.com
u/Select_Fishing8482 — 6 days ago

Beginner SOC question about a PowerShell/Wazuh alert

Hi everyone,

Wazuh, Sysmon, and alert analysis . I received an alert that I'm trying to understand better and would appreciate guidance on how an analyst would investigate it.

The Wazuh rule triggered:

Rule ID: 92213
Description: "Executable file dropped in folder commonly used by malware (Lowered Severity)"
MITRE: T1105 – Ingress Tool Transfer

Important details:

  • Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  • File created: C:\Users\someone\AppData\Local\Temp\__PSScriptPolicyTest_cebr0opm.pas.ps1
  • Sysmon Event ID: 11 (File Create)

What confuses me is the filename:

__PSScriptPolicyTest_*.ps1

I found some information suggesting PowerShell can create temporary files while checking execution policies, but I’m not sure whether this should be considered suspicious behavior or expected activity.

My questions:

  1. Would you classify this as a true positive or false positive?
  2. What would be your first investigation steps?
  3. Which additional logs or Sysmon events would you pivot to?
  4. Does the MITRE mapping make sense here, or could this be a generic detection generating noise?

I'm trying to learn the investigation methodology and analyst thought process rather than just getting the answer.

Thanks!

reddit.com
u/SignatureForward9397 — 5 days ago
▲ 223 r/netsecstudents+2 crossposts

Real Life Case Example 2: How to Catch an Infostealer in 4 Minutes: A Real SOC Investigation of a Fake GTA 6 Installer I did yesterday as a Threat Analyst (Technical Post )

Real Life Case Example Part 2:

Thank you for giving so much love on my previous post, I am thinking of starting a weekly series where I breakdown real case studies which I solve at work as a Threat Analyst.

Just caught something wild at work yesterday. GTA 6 is gonna launch sometime soon, but one our client wanted early access.

A user (Ryan) downloaded what looked like a "free GTA 6 crack" from firefox, file was named "GTA6_Setup_Crack_2026.exe", unsigned, 84.7 MB. Executed it at 10:13 AM. The next 3 minutes were brutal. The installer spawned PowerShell with hidden windows, dropped an unsigned binary (vcruntime_update.exe) into AppData, created a registry Run key named "RockstarGameUpdater", and set up a scheduled task for persistence on login.

Then it got worse, vcruntime_update.exe went straight for the browser credential stores. Chrome login data, Edge login data, Firefox logins.json, all accessed within seconds. Created a ZIP archive in Temp (syscache_4931.zip) and attempted a 2.3 MB upload to panelgtasupport[.]top on port 8080 before we blocked it.

DNS queries to four suspicious domains, all gaming themed: cdnrockstarupdate[.]com, apigta6launcher[.]xyz, panelgtasupport[.]top, rawcdngamepatch[.]site. All resolved to infrastructure that basically were C2.

Timeline from execution to EDR kill: 3 minutes, 57 seconds.

This is textbook infostealer and RAT behavior delivered through a game crack. The naming masquerade (RockstarGameUpdater, vcruntime_update) is it. The browser credential access is the payload. The persistence ensures it survives a reboot.

For anyone job hunting in SOC, this is exactly the kind of chain you need to recognize in 30 seconds during a real investigation. The red flags stack, unsigned binary, masqueraded process names, AppData execution, browser credential access, suspicious domains, persistence setup.

Any of you seen similar patterns? How do you typically investigate these in your environments?

Also, thinking of writing a blog on it on Medium soon, with proper process tree, file details, running process observation and activity timeline stuff.

Image Source: gamepressure

u/makeiteasy_24 — 9 days ago
▲ 44 r/netsecstudents+4 crossposts

I built a free open‑source collection of 100+ cybersecurity interview questions

I've decided to build my own structured collection of interview questions and answers for future job interviews to stop looking for scattered resources out there. 100+ questions and answers covering Red Team, Web Security, Incident Response, Systems, and more, with a search function to find topics instantly.

https://github.com/Excalibra/cybersecurity-interview-questions/

Blue Team topics are actively being planned and are open for community contributions.

I'm actively looking for contributors to add more Blue Team / Defense content, so if you have expertise there, please jump in!

Feedback, questions, and contributions are welcome. Let me know what topics you'd like to see added next!

u/x-ca — 8 days ago

Project recommendations for blue teaming , exclusively SOC

I'm looking for an actual useful project for a soc analyst role, I got into the filed 6 months ago, started with pen testing it was fun but I prefer programming defensive tools in general, I'm familiar with every concept pretty much, I'm heavily specialized in network security ( proxies , firewalls, bridges, rule configuration...etc) , and web-client , web- sever, I really enjoy forensics too with volatility and autopsy,

I consider myself an amateur, I've been doing this as a side thing for some time since I'm a computer science student in my second year , since it's summer break I decided to hone my cyber security skills even further.

I'd be absolutely delighted to hear your suggestions, I'm willing to have a good CV for my masters degree ( that's how it works in France 😄)

Thanks for reading this far , have a wonderful day:)

reddit.com
u/Huge-Equipment7096 — 7 days ago

Self-taught low-level security student. Looking for advice on getting my first security internship.

Hi everyone,

I'm a self-taught learner aiming for a cybersecurity internship, preferably in low-level security, AppSec, or security research. I've been learning on my own for several months, but I'm not sure if I'm focusing on the right things.

So far I've learned:

Skills

  • C Programming
  • Memory Management
  • Linux
  • Debugging
  • Fuzzing
  • Crash Triage & Root Cause Analysis
  • Reverse Engineering (Basic)
  • Binary Analysis (Basic)
  • Secure Coding
  • Git

Tools

  • GDB
  • Ghidra
  • AddressSanitizer (ASan)
  • Valgrind
  • AFL++
  • libFuzzer
  • GCC/Clang
  • Make/CMake

I've spent most of my time building small projects, writing fuzzing harnesses, analyzing crashes, and trying to understand memory corruption bugs. Everything I've learned has been through documentation, open-source code, and hands-on practice.

My biggest problem is that I don't have much to prove my skills. I don't have internship experience, CVEs, CTF rankings, or significant open-source contributions yet.

If you were in my position, what would you do next?

  • Which internship roles should I target with my current skills?
  • What skills or projects would make the biggest difference to employers?
  • Should I spend my time on CTFs, finding real bugs, open-source contributions, technical blogs, or something else?
  • What would make you think, "I'd interview this person"?

I'm looking for honest feedback. If you think I'm missing something important or going in the wrong direction, I'd really appreciate hearing it.

Thanks!

reddit.com
u/Emotional_writer_64 — 8 days ago

Deployed an SSH Honeypot on a VPS to collect & analyze IOCs. Aiming for a role in Threat Intel / OSINT and would love industry feedback!

Hi everyone,
I'm a Computer Science student currently working towards a career in Threat Intelligence and OSINT. I do a lot of self-studying using AI tools, and I focus on building hands-on projects to gain as much practical experience (and knowledge) as possible and familiarize myself with the tools and the industry landscape.

The Setup:
I deployed an SSH honeypot directly on a cloud VPS. The repository primarily outlines my deployment methodology, configuration settings, isolation, and how I structured the environment to capture data.

My Main Observation (and a question):
An interesting finding so far: the payloads dropped by the automated bots were almost exclusively RedTail cryptominers. I honestly haven't fully figured out yet why this specific malware was pretty much the only thing they attempted to install on my machine. Any insights on this would be highly appreciated!

My questions for the industry pros:
I want to make sure my approach is sound. I would love your critiques on the repository and methodology:

  1. Setup & Methodology: Looking at my configuration and deployment steps, is this an effective way to gather reliable IOCs? Are there any glaring security risks in how the VPS is configured?
  2. Next Steps in Analysis: What features, data enrichments, or integrations (e.g., SIEM, specific threat feeds) would a real Intel team expect to see applied to this raw data?
  3. Interview Prep: If you saw this setup and methodology on a junior applicant's resume, what technical questions would you ask to test if they truly understand the underlying networking and OSINT processes?

Here is the repository: https://github.com/liranzoz/ssh-honeypot-research.git

Thank you! I highly appreciate any critiques or advice on how to make this portfolio-ready.

u/liranzozz — 8 days ago

Just completed my first TryHackMe certificate. What should I do next?

Beginner's Cybersecurity Learning Journey

Starting Cybersecurity and Future Aspirations

• I just completed my first TryHackMe certificate (Pre Security), and I'm really happy to have taken the first step into cybersecurity.

• I'm still a complete beginner and want to build a strong foundation.

• My goal is to eventually get into ethical hacking/penetration testing, but I'm not sure what the best next step is.

Exploring Next Learning Steps

• Should I:

• Continue with another TryHackMe learning path?

• Focus more on Linux and networking first?

• Start doing CTFs?

• Learn Python alongside TryHackMe?

Seeking Guidance for a Solid Foundation

• I'd really appreciate any roadmap or advice from people who've been in the same position.

• I want to learn the right way instead of rushing through certificates.

• Thanks in advance! 😊

reddit.com
u/Ill-illusion1625 — 9 days ago

This will save you hours learning for your CCNA

https://preview.redd.it/j6pmwtoc79ah1.png?width=1080&format=png&auto=webp&s=a7ccfed86ad2b299c2304b3af162d142ab95f052

You learn this stuff by doing. Reading slideshows and memorizing flashcards is only half the struggle.

This site has 100 labs that are guided and graded as you go. All in one place ready to go instantly. Like a hyperbolic chamber for networking.

Imagine if Boson or PT had a baby with duolingo/tryhackme

It’s completely free right now. We’re just trying to get honest feedback from the networking community.

Please enjoy! Switchlab.dev

reddit.com
u/Visual-Ambassador-99 — 7 days ago

Looking for new team members!

Cyber Apocalypse 2026 is coming up soon. We already have a core team, but we could use a few more people. To be clear: we don't care about your HTB rank. Some of our best guys don't have high ranks at all but they absolutely crush challenges. We only care that you actually have some experience and can solve stuff. Spots are limited, but we can take about ~10 more people. If you think you can deliver and want to join, hit me up!

reddit.com
u/Legal-Chair5619 — 10 days ago

Why do colleges still teach kerberos?

now enough of college life. they are teaching me to write about kerberos authentication system.

Why is such outdated tech being taught in colleges and universities? What can we do about it? btw, I need to learn it fast. What do you recommend as supplement materials? Stallings book?

reddit.com
u/DoNotUseThisInMyHome — 12 days ago