Previous threads: [ https://archive.rebeccablacktech.com/g/search/text/%2Fcyb%2F%20%2Fsec%2F/type/op/ ]Last thread: [>>73080687]- - - - - -/cyb/erpunkThe alt.cyberpunk FAQ (V5.28) [ ftp://184.108.40.206/pub/Alt_Cyberpunk_FAQ_V5_preview28.htm ]What is cyberpunk?: [ https://pastebin.com/pmn9vzWZ ]Cyberpunk directory (Communities/IRC and other resources): [ https://pastebin.com/AJYry5NH ]Cyberpunk media (Recommended cyberpunk fiction): [ https://pastebin.com/Dqfa6uXx ]The cyberdeck: [ https://pastebin.com/7fE4BVBg ]- - - - - -/sec/urityThe /sec/ Career FAQ (V1.11) [ ftp://220.127.116.11/pub/sec_FAQ_V1_Preview11.htm ]"Shit just got real": [ https://pastebin.com/rqrLK6X0 ]Cybersecurity basics and armory: [ https://pastebin.com/v8Mr2k95 ]Reference books (PW: ABD52oM8T1fghmY0): [ https://mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw ]/sec/ PDFs: [ https://mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkA ]Learning/News/CTFs: [ https://pastebin.com/WQhRYB59 ]FTP Backup: ftp://18.104.22.168/pubthegrugq OPSEC: [ https://grugq.github.io/ ]#! sec guide [ https://pastebin.com/aPr5R1pj ]EFF anti-surveillance [ https://ssd.eff.org/en ]- - - - - -Thread challenge: ride a Bird Scooter https://theappanalyst.com/bird.html.NEW? Check the /sec/ Career FAQ and Cybersecurity basics links above. Learn to code, learn computer basics, learn networking THEN work on hacking. It's technical and hard, but fun. Want to hack now? Try Webgoat and use the cheats. Grab Penetration Testing A Hands On Introduction and see what you don't know enough about. Always use a virtual machine for reading PDFs.Wanna be a punk? Read the What is cyberpunk? and start today!
>>73094114Good to be back.Euro-nights keep being the thread killer. is there so little interest for this in the US?
>>73094282The only people that care are Russians, Jews, Syrians and Australians. The last one purely for shitposting potential. Truly the last boss of the internet.
Internet is too slow to hack with the bf today
>>73094923>JewsIn that case we should not have had a problem, after all there are millions in the US.https://en.wikipedia.org/wiki/American_JewsWe have had a few posters from Israel too but I don't know what the Cyberpunk scene is like there.
What programming languages do security folks use? Im studying information security in school, but the only language I'm any good at is Ada. I wanna learn something that will have use in industry
>>73095532Whatever you want as long as you know how to use it
ECSC (european cybersecurity contest) finals are taking place today and tomorrow in Bucharest, Romania.https://europeancybersecuritychallenge.eu/Participants are aged 16/25.Austria is leading.https://i.4cdn.org/int/1570624005488.png
redpill me on making a vpn with openvpn to scan networks securely(trying to learn the nmap framework)
>>73095550 I always hear about Python and C being industry standard. Any truth to that?
>>73095575Why?Just get a hackthebox account and scan their machines
>>73095532Also, bash is used a lot.
>>73095599>whyBecause i want to, i have a hard time finding boxes that arent ctfs, finding a real world aplicable box is kinda hard.
>>73095616DESU No one's probably going to come knocking if you're just looking for open ports and running info gathering scripts. Real-world boxes are usually more boring than CTF boxes. That's why we tell people to do CTFs so your skills end up above the industry norm.
>>73095653It really depends on the ctfs, most ctfs that i see some youtubers doing is inane fucking bullshit that doesnt even make sense.Also, if i wanted fun i'd do ctfs, i prefer real world boxes because they can actually prepare me for what i can encounters out in the wild.Anyways, is vpn>tor>vpn a meme?The second vpn is to hide tor because many forums block tor.
>>73095693you don't need the second VPNdunno why you'd scan + browse forums on the same connection. isolate that shit
>>73095723>dunno why you'd scan + browse forums on the same connection. isolate that shitmakes sense, thanks i will go with vpn>tor, what are some trustworthy vpns?
>>73094114Are the FTP servers down for anyone else?
I was SSH'd into a box on HTB and I looked away for a minute and when I got back someone wrote hi in my SSH terminal. Am I going crazy? How would you go about doing this?
>>73095693Just use a bridge. Bridge > Tor is fine.
>>73095754I don't know of any that are trustworthy and allow stuff like scanningIf they take cryptocurrency and allow scanning/hacking/shady shit, you can't trust them to not log traffic or not do shady shit to youThe safest way I know of is rooting a host and using that as a proxy. They will know that machine scanned, but if you clean house well, they won't know who was controlling that machine
>>73095943No mate, you're not going crazy. HTB servers are shared.
>>73095943Probably the wall command.
>>73095956In my terminal on my VM the text was written. That terminal was in an SSH session. The text was written and not sent to the SSH.
>>73095983Damn that scared me
>>73096034Chill your boots, it's all just a bit of fun
>>73095920I just checked ftp://22.214.171.124/pub and it works just fine. The other, at CollectiveComputers, is still down.
>>73096125>CollectiveComputersfeels fucking bad
>>73096187I agree, it had many GB of really nice stuff. There is of course the AEL>>>/t/874479
Can someone explain to me what $ means in bash?for examplels | grep '.txt'doesnt work, butls | grep '.txt$'Does.
ls | grep '.txt'
ls | grep '.txt$'
more like /cringe/
>>73096763The $ means end of line, thus the last part of the string must be ".txt" in the latter case. Not sure why the first case does not work for you. Tried fgrep instead?
>tfw no sec jobs in entire countrywhy live
>>73095693>is vpn>tor>vpn a memeYes the tunnels will take most of your bandwidth.
>>73096937Sounds like you could get away with targeting countrymen with cybercrime.
>>73096763This one is from the old FTP site.
>>73096995I most likely could pretty easily, I just have no idea how to make a decent profit off or it
>>73097216open to suggestions anonle epic haxxing government websites just isn't fun when it's been done plenty of times before
>>73096046Nah it was cool. Didn't know about that command. So I learned something from it.
>>73097259if you got the assembly know hows you d make more money with patreon reverse engineering games
>got OSCP>still can't pass entry-level interviews>no current jobI'm fucked
>>73097392>patreon reverse engineering gamespeople pay for this? What the fucky got any examples?I was gonna start getting into RE>>73097353meh, I don't really expect them to pay>>73097422what are the interviews like
>>73097445>what are the interviews likeUsually a vulnerable box as a technical screen. I'm at like 50% win rate with these. Then more technical interviews with whiteboarding and quizzes and knowledge tests. >>73097447USA
>>73097422is that your only cert or something? no CCNA?
>>73097445fitgirl literally makes fucking repacksand she got donations and shit like that, and even cryptominers(if people wish to do so)
>>73097485oh, you're talking about cracks? Yea I guess that makes sense I winder if MMO hacking and making money out of it is still as big, maybe mobiel games have taken that spotlight
>>73097483I moved from software dev to pentesting so no network certs. I know bits and pieces of networking.Most of these interviews are appsec/web pentesting and I've seen very little network specific stuff. Someone asked about the recent VPN endpoint vulns and I knew about it so that's something I guess
Crossposting here from /DPT/ since you guys might like it.If you guys make it faster I want your tips.It's a script to solve the blind SQLi challenge on Root-me, written in Go.>>73096229
>>73097512>MMO hacking and making money out of it is still as bigLiterally every mmo nowadays have bots, but many people make bots so your got to be good to get the cash.
>>73097478>USAPerhaps a bit drastic but you could try the military.
>>73095025Where do you find a hacker bf?Asking for a friend of course
Is it possible to used regex with commands other than processing text?like, am trying to use with find but it doesnt really work.
>>73097894The NSA keeps a list of hackers in their root directory.The CIA keeps a list of phone numbers paired with a foreign key that matches the NSA list. It's in one of the home directories but I forget which one. >>73097926https://stackoverflow.com/questions/6844785/how-to-use-regex-with-find-command
>>73097894If you can help pay rent and cook I've got a spot for you
>feel alone>i want a gf>remember how annoying woman can be>i want a bf
How does writing/correspondence work in the field? I need this for a college essay about the careers we want to go into
>>73098138>tfw when same feel>wait wtf is he saying?>no no no, you can't impregnate bf. gf is still better. just have to take a mute
>>73098201>you can't impregnate bfeven better!
>>73098201But seriously now, at least if its a self respectable faggot i would take it over any woman any day.Ofc pussy is nice but i value my sanity, women can be childish and temperamental, while guys prefer just to enjoy life, woman like drama.thus, faggots>woman>femboys
>>73098443Everyone and their uncle likes drama what are you on about.
>>73098595You dont get it.Have you ever got a fucking 20yo calling you and inventing reasons to break up, when she actually still likes you and just want you going all>nooooooo>why you doin this>please dont leave me ://I am sure there are some women that dont do this but even so, every fucking woman i met likes drama for the sake of drama.fuck womenthe future is twinks and sexbots
>>73098595Drama is for femoids. Where can I find a drama free female? Do they even exist these day? I have had so many bad experiences.
>>73095575https://www.1337pwn.com/using-nmap-with-proxychains-in-kali-linux/as long as you only send a small number of packets it may not violate the law in your country, but it may violate the law in whatever host country your target(s) is in. proxies are not immune to investigation.
>>73098669>>73098301>>73098138proof that autism causes homosexuality
>>73098733Put me in the screencap
>>73098139For pentesting, generally on two levels:Business/executive - people who don't know nmap from burp suite, but you have to tell them the root cause, impact, and how it affects their bottom line, and provide context around what you found Technical - People who can follow technical instructions to verify findings, who you give your recommendations to, and usually the people who ask you technical questionsSome business folks are technical and some can even understand code POCs but it's the exception rather than the rule
I was reading a rtf about icmp, it says icmp messages are not checked by the computer or something?Any exemples of malicious payloads being delivered by icmp?
>>73098968Not sure about payloads, but icmp can definitely be used for C2 and exfiltration
>>73098733>>73098788programmer socks were a meme a loooooong time ago
>start reading a book about nmap to get more background into reconaissance>get bombarded with nping,ncat, ncrack, nyourmotherHoly fuck, i tought this was just a basic tool for mapping networks.
>>73099145Mapping networks is complicated.
>>73099145ur mum's got a lotta address space
>>73099931and so many open ports waiting for my unsolicited connections and data transfer?
reading nmap security and network auditing cookbook RIGHT NOW what should i read next?alsowhy the fuck is ncrack SO FUCKING SLOW just for a fucking ssh pass?
>>73099942nah she's only got a few of those and you have to find them one by one
>>73097894I found mine on an imageboard..
Was going to try to do my ECE master's thesis on defeating facial recognition, but my professor shut it down (mostly because it involves more signal processing than computer architecture and hardware).Any other ways we can strike back at <<<(((///them////)))>>>? My professor had me look at papers of several computer architecture and hardware conferences and they were either boring (branch prediction, faster caches) or out of my expertise (finding hardware Trojans, faster caches, growing parts on different substrates).
>>73099091But post some latex socks and people blow their gaskets.
>>73099961The reason for this is because logging into openssh takes a minimum of some fixed amount of time, and I believe there's a wait between processing consecutive login requests.The better solution is just to avoid guessing ssh logins whenever you can.
Follow up from last thread:>>73089120>Mathematicians aren't cyber security professionalsNSA uses mathematicians for all kinds of work relating to crypto, from cracking to securing and likely also providing algorithms that are strong enough for them alone to crack.There is a reason why they are the largest single employer of mathematicians.
=== /sec/ News:>OpenSSH 8.1 releasedhttps://lwn.net/Articles/801829/>ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type.>ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed
>>73101670Why aren't they willing to acknowledge their actual boundaries? The boundaries of Tianxia they're obsessed with are already conceding territory from the original meaning.
https://isc.sans.edu/diary/rss/25386libpcap has had bugs since 2018 that were unpatched and known about. looks like bug trackers and cvs are back on the menu, boys.
My main issue is I have no clue as to where the path to a career in Cybersec starts. I'm looking at Uni degrees and since I have nobody in my personal life to ask about pointers I was wondering if anyone could help me out to which degrees I should be looking at for later advancement into Cybersec.
>>73103047Don't go to university.
>>73103047comp sci, comp eng, elec eng, applied math, applied physics
>>73103166I personally don't think I have the capabilities of learning all this on my own. I'm in my early 20s and just recently started getting my life on track.Feel University is necessary. If you disagree, could you tell me why?>>73103192I'm looking at Open University (Online Uni but apparently reputable in the UK). Do these courses offer everything necessary? http://www.open.ac.uk/courses/find/computing-and-it
>>73103290Regardless of going to university or otherwise, you still need to teach yourself. You're perfectly capable of learning, but to me this sounds like you've admitted to defeat before even starting so you might as well pack it up now.I'm probably not much older than you and I push myself and learn every day, and have a couple of years industry experience under my belt, no university degree and that's never stopped me, nor will I ever let it.
>>73103290>>73103357Just to clarify, I've wasted money on computing courses with the OU and Plymouth university (neither of which I stuck through). Fuck them both. It's a scam and I'm bitter that I'm going to be paying for this shit for a while.If you're a socialite sure go and waste a few years of your life "studying", otherwise it'll probably just be living hell for you as it was me.
>>73103357I didn't mean it in that way. I'm pretty optimistic and confident how things are going currently.Let me rephrase it. I feel I learn better when I'm guided by people with more knowledge in the subject than me, I think Uni would personally do me wonders and I would also like to have a degree or two under my belt so I may further my career.I know I'll be doing studying and learning on my own to further my knowledge, but I think Uni would help me out with that.
>>73103401>>73103409What's your preferred course of action then?
>>73103409Sure if you want to do it do it, but it's not an experience I can recommend to anyone in good faith. There is a wealth of free information available and institutions no longer have a monopoly on information. I've even worked as IT security staff in a university.>>73103434Make an environment for yourself in which you are productive and happy. If you are looking for other like-minded people try security conferences, if you speak to the right people I'm sure you'll be able to get into events without spending very much (if anything) at all.CTFs are an incredible resource. I've been on HtB recently and have been having fun with it. Learn a programming language and try writing some simple exploits, using a debugger to perform dynamic analysis.Just do whatever you're interested in really. Practice, practice, practice. Socialise with people and discuss security and just enjoy yourself. What's the point if you aren't having fun?
Is there any reason to use ncrack?it is literally bad!hydra
>>73103552Not really. They're much of a muchness really though.
>>73103563what the fuck are you talking about
i am consideting setting up a lab with a outsider atacker trykng to get into a networkbut the real objetive of the lab is training on firewall evasion, should i use the emergent threats ruleset or would it be too tight?
>>73103047dont fucking listen to >>73103166Enjoy trying to find a job in CSEC at the entry level without a degree unless you're a literal god who pays for and gets his own library of certs.Degree's prove that you can follow directions, submit work on time, and that you at least have exposure to the shit that employers dont have time to teach you. If you go in without one youre gonna have to start at the way bottom doing 3+ years in an IT/Tech desk sweatshop or know the person who owns the company.
>>73095955>cryptoIf you don't trust businesses that accept crypto, you are retarded and are unironically living in 2012
>>73103802Well, not wasting time/money on a university degree is valid as far as my experience thus far has gone.What concrete evidence do you have to support your claims that it's impossible to be successful in the industry without a degree?I don't even have any certifications whatsoever, just bugs, CTFs and industry experience under my belt and I'm in a position in which I'm not even remotely concerned about the idea of being able to secure further employment.
>>73104075To add to this, I know many other computer security professionals without degrees, many of which are far more financially well off than myself; and I'm on holiday abroad, and have been for nearing a year now without even needing to consider getting a job. I'm only 22 as well.
>>73104075>What concrete evidence do you have to support your claims that it's impossible to be successful in the industry without a degree?I literally said that it is possible, just difficult.My concrete evidence is that I'm on the hiring team for a major organization in the security field and work directly with recruiters. When it comes to entry level/associate positions we won't look at someone who doesn't have a degree unless they also have a lot of industry experience or are making a transition into security, have experience in another industry and a lot of self study. If you can get in the door without a degree you're good, nobody cares about your education after your 1st/second job anyway, my advice was more tailored toward entry level.
>>73104223Your company sounds like it sucks and you; the typical corporate whore parasite. Go to hell.
>>73104239and you sound like a hippy schmuck who's pissed he cant worm his way into a job he's not qualified for.follow the fucking rules
>>73104255Read some of my previous posts, buddy. I'm actually doing reasonably well for myself and I at least have the integrity to not be a soulless corporate gatekeeper and am actually making an honest living for myself.Like I previously emphasized, go and choke on a dick.
>>73104286>gatekeeperlel.I work for a living, not to save the goddamn world or give a handout to some asshat that wanted to do things 'differently'. I cant validate your claims, I have only my own experience to go off of. Im 99% sure you're full of shit just like im sure you feel the same way about me. That doesn't mean you should go around giving people on g shit advice thats going to waste their time, someone might be dumb enough to listen to you. If you actually have so much tegridy think about that before you go leading people astray
>>73104323Of course I'm going to offer people advice, not that it's the be all and end all or anything. A few years ago I was in the same position as they are, struggling to figure out how to survive in the world after flunking my way through the broken education my country mandates. It's a pretty hard place to be, especially for a loner. And I fucking tried university, twice; but everything about it drove my anxiety through the fucking roof.I'm not going to try and delude people into believing there's no other way when I absolutely know that not to be true from personal experience.
>>73103192>elec eng,>applied physicsUnexpected.
>>73103290>Open University (Online Uni but apparently reputable in the UK)The reputation is generally good but there have been some very negative reviews.
>>73103731it's not tight at all. the ruleset is easily bypassed, just try it out a few times. you have to tune the ruleset to specific needs anyway so you'll have to try poc exploits.
>>73104547lots of ee and physics dudes. adam boileau is an ee and stephen ridley is a physics guy.
>>73105480>Certain characteristics of OU texts can be quite amusing. Their pompous vocabulary goes beyond even the requirements of academia. For example, they freely employ the word pedagogical, apparently not realising that its use is reserved to those strange and seedy schoolmasters who appear in early Evelyn Waugh and Aldous Huxley novels.... my physics professor said pedagogical all the time.
>>73106134Was he strange or seedy?
=== /sec/ News:>Tor Project Removes 13.5% of Current Servers For Running EOL Versions (zdnet.com)https://tech.slashdot.org/story/19/10/09/1853238/tor-project-removes-135-of-current-servers-for-running-eol-versions>The Tor Project has removed from its network this week more than 800 servers that were running outdated and end-of-life (EOL) versions of the Tor software. The removed servers represent roughly 13.5% of the 6,000+ servers that currently comprise the Tor network and help anonymize traffic for users across the world. Roughly 750 of the removed servers represent Tor middle relays, and 62 are exit relays -- where users exit the Tor network onto the world wide web after having their true location hidden through the Tor network. The organization said it plans to release a Tor software update in November that will natively reject connections with EOL Tor server versions by default, without any intervention from the Tor Project staff. "Until then, we will reject around 800 obsolete relays using their fingerprints," the Tor Project said in a statement this week.Interesting this part about finger printing.
>>73101754China is a pressure cooker that will burst any day, in a way that will make Yugoslavia look like a walk in the park. The communist party is well aware of this and just respond by tightening all screws, making China their particular type of dystopia. China, the country, has much power but no real friends.There will be a lot of domino pieces falling with them, North Korea, Hong Kong, Tibet and more. All African states will disregard their enormous national debts to China.
Anyone agree/disagree with this list of Cyberpunk movies?https://screenrant.com/cyberpunk-movies-never-seen/
>>73104895>ruleset made by international team of security researchers>easily bypassedreally?
Anything /cyb/ on TOR? >>73101837
>>73103357Can you describe what you're doing each day in regards to learning? I keep finding myself sitting down to read or practice something and I just spin my wheels, it's such a strange feeling.
>>73106200He mentioned tvtropes to me during smalltalk once. Otherwise no.
>>73108819Start by avoiding low quality news sites.
BTW the FTP site is updated with a Comfypunk archive. It seems the old site is still offline so might upload more of the old stuff there.
>>73107642We are slow today so i am gonna expecify, is it possible to bypass the pfsense-snort(using the emergent threats ruleset) using only nmap or do i need to know how to make custom payloads or packets?
>>73094114>>73095920>>73095943>>73095955>>73097082>Intelligence Gathering on U.S. Critical Infrastructurehttps://www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/Critical infrastructure like Missile and Fire Control manufacturing plants are exposed.
>>73111008If one guy did this, how much info did China and Russians gather on critical infrastructure?
>>73111008>>73111019>>73111035Shits bad yo.
>>73111050>>73111035>>73111019Why didnt he just sell it to china
>>73107642yeah, do you even know how the rules are written or used? it's usually packet characteristic matching and hex pattern matching. look up advanced evasion techniques.
>>73111063And live where' In frozen vodka lands of Russia or China where normal internet is banned and other users only speak chinese?Better to use it on a conference or a blog post than becoming a fugitive.
>>73110873you can bypass it using https because snort will never see the traffic.
>>73111095Is thee any book in the /sec/ mega about this?
>>73111115just look at the actual rules in the emerging threats ruleset and you'll see what it matches. https://rules.emergingthreats.net/open/snort-2.9.0/rules/>botcc.rules>alert tcp $HOME_NET any -> [126.96.36.199,188.8.131.52] any (msg:"ET CNC Ransomware Tracker Reported CnC Server TCP group 64"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,ransomwaretracker.abuse.ch; threshold: type limit, track by_src, seconds 3600, count 1; classtype:trojan-activity; flowbits:set,ET.Evil; flowbits:set,ET.BotccIP; sid:2404526; rev:5515; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, deployment Perimeter, tag Ransomware, signature_severity Major, created_at 2016_04_03, updated_at 2019_10_09;)all this rule does is match two ip addresses (184.108.40.206,220.127.116.11) known to be part of botnet c2. you change the ip address or use a proxy and it won't trigger even if you're using the ET CNC Ransomeware. >exploit.rules >#alert tcp $EXTERNAL_NET any -> $HOME_NET 2200 (msg:"ET EXPLOIT CA BrightStor ARCserve Mobile Backup LGSERVER.EXE Heap Corruption"; flow:established,to_server; content:"|4e 3d 2c 1b|"; depth:4; isdataat:2891,relative; reference:cve,2007-0449; reference:url,doc.emergingthreats.net/bin/view/Main/2003369; classtype:attempted-admin; sid:2003369; rev:3; metadata:created_at 2010_07_30, updated_at 2010_07_30;)all this rule does is match the hex pattern 4e 3d 2c 1b at offset 2891 (see isdataat) on port 2200 (see $HOME_NET X) coming in on a tcp connection. it might not be possible to fragment the packets or attack payload in such a way that they won't be reconstructed and detected, but it might also be possible; i don't know enough about this exploit to say.
>>73101056fair point but there is a line between the people who design and the people who do. Architect/Construction. Gunsmith/Soldier. Dev/Sysadmin. And I would argue Maths/CyberSec
>>73111063Who says they haven't?They already had a huge leak in the F-35 program and the fighter should be considered utterly compromised at this point in time. Chine even made an obvious clone. And yet LM comes off, scot-free. In fact they make a mint on this because the "only solution" to Pentagon is to pay LM even more to develop something new that China has not (yet) obtained. The whole thing is perverse.
>>73109232sounds like both tbqhwyfamilam
>>73111716Not him, but isn't it kind of a given that if you're using something common or you reverse-engineer a known payload, you change things like port number and do >>73111103 to make rules like this fail?
>>73111103What, how does this work?I searched and all i have found is dns tunneling, is this what you are referring to?
>>73109232TV Tropes has about 18,400 results for a search on "fetish". This could be strange AND seedy..
>>73112784you can't change the port number for a server you're attacking unless you're going after the network stack in general and if the server doesn't support encryption then you can't hide the from traffic analysis.>>73112876you use any encryption at all and nids can't read the traffic. https uses tls/ssl but anything works. you can xor the traffic against a 32 byte value and snort won't detect anything. obviously doesn't work with exploits, but sometimes you can use shellcode encoders to bypass hex signatures.
>>73113063>you can't change the port number for a server you're attacking My bad: I thought it was about post, not the exploit itself.>if the server doesn't support encryption then you can't hide the from traffic analysisDoes that even happen anymore?
What do you think about fwknop? It sounds like a viable way to expose a computer on the internet and have it respond only to me.
>>73113091yeah it does happen a lot. there are protocol downgrades and other things like reverse ssl proxies that enable nids to do traffic analysis.
Methods of juicejacking an iOS device to view call logs/text messages/multimedia files?
>>73095571>austriabasiert und rotgepillt
>>73113219But could you bundle AES with your post and use a preshared key?
Why was deepdotweb taken down?https://www.deepdotweb.com/
>>73113526They finally got the Politie on board and could.Silly peasant, you thought you're allowed to have fun?
>>73094282In my experience, /cyb/ types in the US typically live on the west coast, and we don't get home from work until 2 or 3 AM UTC.
>>73113700can confirm posting from work rn
>>73113483you can use any kind of encryption you want so yes
Year 2 of college for cybsec. We haven't done any CTF or exploit type stuff yet. Where do I start? What are some good guides to get started practicing port scanning and exploits etc. should I start with Metasploit?
>>73108819you must focus sad kot, find something to read, any book, and read a few pages at a time, then do more each time you read and eventually you shall become DISCIPRINED
>>73116414Just out of curiosity, what does your course actually cover? What have you done so far?
>>73116659First year was Cisco networking basics and a bit of cyber security fundimentals. This year is network scaling, network security monitoring, and later ccna security. We are supposed to be doing some Metasploit later but it's almost midterms and so far it's all been review and a little bit of nmap.
>>73116713Not exactly what I would've expected but fair.
what fun stuff you nerds do?gimme me an example of something very /cyb/ and/or /sec/ you did today
>>73116769im going to take a look at a HtB machine nowsnipper
>>73116758It's a networking program with an option to major in cyber security. Cyber security fundimentals, network security monitoring, and ccna security are the cyber security courses in the program.NSM is the course I'm taking now, we are going to do some Metasploit and Kali , but so far its been mostly reviewing how firewalls work and other basic shit so I was looking for something to supplement my course material until we get to the good stuff.
>>73116871I don't know firewalls are pretty boring and self-explanatory. I think I could get the hang of it in like a day on the job probably.Not really the sort of thing I'd do a course on.
>>73116893It's not a course on firewalls, we just did some review on them.
>>73116769still working on freeIPA implementation
>>73117007That some kind of faggot beer?
>>73117024it's a redhat project combining a cert authority, DNSSEC, LDAP directory and SAML and some other stuffI said a few threads ago I was looking at openLDAP but it's very barebones and I want kerberos PAM for auth on my home network
>>73116769Working on the cyb FAQ. It still isn't finished yet.
Biohacking is now reaching normie media, even the business news:https://www.dn.no/d2/helse/teknologi/biologi/trening/biologiske-hackere/2-1-645776You might need a translator.
>>73116414>Year 2 of college for cybsec. >We haven't done any CTF or exploit type stuff yet.You should ask for your money back.
>>73118313How am I supposed to hack shit without knowing anything about networking first?
>>73118432Is that a serious question?
Wired was once good, now it is fairly bad but still saw the potential to go even further: now it refuses to play nice if you view Wired in privacy mode.Why do websites do this?
>>73118601Because selling your ass out to advertisers, glowniggers and whomever else willing to pay is the main revenue stream for internet publications. Your attempts at privacy violate their business model.
>>73119402It is a bit hysterical of Wired to "defend" privacy while selling out their readers.
>>73119430"privacy" in MSM definition is limited to safety from random skiddies wanting to swat you and maybe le ebil foreign regimes seeking to manipulate 'murrican voters by showing them ads (as opposed to 'murrica manipulating foreign voters by straight up bribing them with cookies and manufacturing "protest" wholesale). You don't need to defend against 'murrican ad agencies because they are glownigger-compliant and only want to help you find that thing you always needed to consume but never knew about it.
Cloudpunk is getting good review:https://www.forbes.com/sites/mattpaprocki/2019/10/06/cloudpunk-is-the-cyberpunk-life-realized/Anyone here checked it out?
>>73094114Whats the password for the oscp pwk zip file??
>>73120399I'm serious you fucking Cuck what is it?
>>73120421y so serius? :-)
>>73120434Because of society
>>73120399Nevermind I'm retarded
>>73120421calm your tits
>>73120176Voice acting needs work
>>73121342Yes, was a bit weird.
did the phenom ii x6 t10xx series cpus have hardware level backdoors? are they vulnerable to spectre/meltdown and derivatives? can you make them secure (asking about t1055 in particular since that's what i have)?
>>73121773>hardware level backdoorsProbably government mandated, but it is not on record.
>>73122715Unless you can find direct evidence of government involvement, it's a "why bother" and getting it patched is more of a matter of creating and releasing your own mechanism of accessing it.
So I have been trying to get into security and tried to solve overthewire games first. Obv. I really don't know shit about where to look for bugs. Do you guys think that it would be smart to first read a few books and make notes and then dive into practice? Otherwise I don't really know what to do. Pls help frens.
>>73118432Besides the OSI model and reading packets, which shouldn't take more than a semester, you don't need to know anythiing else about networks to start exploiting systems. In fact most of what the OSCP teaches has nothing to do with networking and its considered a 101 type class.In other words you got had. If you think I'm just trolling, try the machines on HTB and see how far you get.
>>73123149For me, it's reading writeups at first so I understand what mode of thinking is needed. Don't rely on it though, its a crutch
>>73123149Depends how much of a beginner you are. Overthewre is good, but nothing beats actually trying to exploit vulnerabilities on actual machines. If you just want to know how people start looking for bugs, reading writeups for HTB or Vulnhub machines is a good start.Otherwise, yes start getting used to reading about a lot of dry and boring technical stuff. You really want to learn the basics of networking (ie packets and how protocols work), programming (conditionals, functions, control flow, etc), linux BASH & windows Powershell, before you can really start to dive into exploits.
>>73123152>you don't need to know anythiing else about networks to start exploiting systems.Oh, really? When I hear people talk about networking my mind goes to configuring routers, etc. Well I guess I know enough then.
>>73123159>>73123241I'm at the start of my second year as a CS student.So I have a basic understanding of programming.Can't really try to exploit machines, because I don't know what to do. Also I dont want to be a skiddie and only use Metasploit or SQLmap for short term success.Thanks frens, then I will start to read a shitload of books to understand the basics.
Is whonix safe or is it a meme?
I feel like a brainlet learning bash, then again I'm not practicing just reading
>>73123605What book are you reading, gonna start on bash
>>73123484How about taking a look at https://www.hacksplaining.com/
Tell me a good email for a profissional email, safe but not autistic.
>writeup getting retiredI am almost to my next rank come on.
>>73123815Any alternative to this website but for exploits that are not web related?
>>73123508it's safer than running on bare hardware, but everything has bugs. safe is not an immutable state; it's a process. whonix is part of the process of being safe, but you're never 100% safe.
>>73111716>>73111115http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node32.htmlthis should help you understand what a snort rule looks like and what all the potential fields do/are.
>>73123484USE THE CHEATS LIKE METASPLOIT AND SQLMAP, READ THE WALK-THUS TO GIT GUD, DON'T WASTE TIME TRYING TO BE NEWTON DISCOVERING CALCULUS
>>73124440>but you're never 100% safe.What if I'm running Multics?
>>73123149>>73123484>Obv. I really don't know shit about where to look for bugshttps://www.youtube.com/watch?v=qTkYDA0En6Uhttps://www.youtube.com/watch?v=U60hC16HEDY
a group of master hackers writing on the webpage :O i will be no able to get money for zero exploits,,,, fuck, i gave to much free power to the people u.u
>>73124514But anon I don't want to be a scriptkiddie. I want to understand what I'm doing.>>73124593Thanks Fren.
>>73124876>But anon I don't want to be a scriptkiddie.You have to start somewhere.
>>73124876Eventually you will hit a wall that will force you to not be a skid anymore. Just gotta get your feet wet first then you'll start to understand more and more.
>literally can never find websites vulnerable to sql injectionHow am i suposed to train on sql injection, everything is so safe
>>73124535then unix beards will rape your terminals daily and you will never know
>>73125979YOU MUST LEARN TO BYPASS THE REGEXS, ANON
>>73097863Don’t do it, the training is good for the time it takes but private sector/BS degrees blow it the fuck out of the water, I would conservatively say 95% of our servicemen couldn’t defeat an easy level HTB machine
>>73098968>>73099016You can also use it for tunneling past public routers that are trying to box you in. You have to have your own VPS of course
Why to FPV drone racing goggles look so much more /cyb/ than VR or AR gogglesIt just ain't fair
>>73127331if you're wearing goggle why do you care?
>>73127646payloadallthethings, lightbulb burp app, ingenuity
What's a good place to begin with learning how to use a fuzzer?
>>73129675what are you fuzzing?
>>73129758I wouldn't know. I've never fuzzed before.
>>73129774step 1.find out what you actually want to do
>>73129785I dunno. Pick something about using a fuzzer and I'll go learn from it; I mostly asked to bump the thread from page 10.
>>73129799go read the afl documentation and try and find some crashes in a random open source project
>>73094114Should I pull the plug? Are they good?https://deals.gdgt.com/sales/keepsolid-vpn-unlimited-lifetime-subscription-3?utm_source=engadget.com&utm_medium=referral&utm_campaign=keepsolid-vpn-unlimited-lifetime-subscription&utm_term=scsf-334393&utm_content=a0x1P000004MT7H&scsonar=1
how do I help the hong kong protests?this is the most /cyb/ riot yet
>>73130171This is entirely their fault and you should feel no sympathy for them.
>>73130236>no help for people who didn't know any betterthis is how the world will burn, fool
>>73130242It was always burning since the world's been turning.
>>73130236yes goy let china fuck their arse its not like we are their next targets
>>73100244do branch prediction so we can have more spectre and meltdown! :D
I have a degree in math from a top 20 school, is this ok for getting into cybersec degree wise or do I need to go back for CS
>>73131468set up some christians as terrorists and get promoted by the fbi when they get "convicted" xD
>>73131468You're qualified to work for the NSA but probably for crypto bitch-work.
>>73116769>>73116781>>73116990>>73117007>>73117574so you do jack shit? thanks for confirming, posers
>>73116769Try to get a job.
someone tell me about fiction books that involve cyber crimes, surveillance, computer forensics etc.it's for a gift, doesn't have to be cyberpunk, just hackerman related and doesn't have to be very based in realityit must be paperback, manga is fine but prefer books and novels
>>73131640won't be needed when you get fucked, nigger
>>73131765Does it have to be books? I know a number of movies and vidya.
if i am a regular punk how do i become a cyber punk
>>73132321well, I won't be able to get him it, but to be honest, I guess I'd be interested in it as well
>>73132342install gentoo onto your cyberbrain
>>73131630Let's hear what you have achieved in your life.
>>73133206nothing specialdone a fair amount of computer security stuff but ultimately all of that is pretty inconsequentiali've had sex at least, unlike someone :^)
>>73133261>sex at least,I guess that too is an achievement.
So I work in a huge company. I've been a dev for 2 years but just got moved into the security department. My degree is in sec, how do I study so I don't eat shit? I would be doing pen testing against our products.
Is a 32GB flash drive, enough for hacking tools and other security software?