[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology


Thread archived.
You cannot reply anymore.



File: 1453418979723.jpg (345 KB, 1920x1080)
345 KB
345 KB JPG
Previous threads: [https://archive.rebeccablacktech.com/g/search/text/%2Fcyb%2F%20%2Fsec%2F/type/op/ ]
Last Thread: >>76506266

-----
/cyb/erpunk
What is cyberpunk?: [ https://pastebin.com/pmn9vzWZ ]
Cyberpunk directory (Communities/IRC and other resources): [ https://pastebin.com/AJYry5NH ]
Cyberpunk media (Recommended cyberpunk fiction): [ https://pastebin.com/Dqfa6uXx ]
The cyberdeck: [ https://pastebin.com/7fE4BVBg ]
-----
/sec/urity
"Shit just got real": [ https://pastebin.com/rqrLK6X0 ]
Cybersecurity basics and armory: [ https://pastebin.com/v8Mr2k95 ]
Reference books (PW: ABD52oM8T1fghmY0): [ https://mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw ]
/sec/ PDFs: [ https://mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkA ]
Learning/News/CTFs: [ https://pastebin.com/WQhRYB59 ]
thegrugq OPSEC: [ https://grugq.github.io/ ]
#! sec guide [ https://pastebin.com/aPr5R1pj ]
EFF anti-surveillance [ https://ssd.eff.org/en ]
-----
Thread Wiki is up: https://wiki.cybsec.io/
FTP: ftp.cybsec.io

Thread topic: https://news.bitcoin.com/lawful-access-to-encrypted-data-act-backdoor/
Do you think mandatory backdoors will ever happen? How will you change your personal security if it does?
>>
In what ways is stenography used in the current year?
>>
>>76559846
LSB
Unicode
Audio Spectogram
Good ol' Trihemius' spirits, hiding in plain sight
>>
I have a OTP key fob for my help desk job. Theres no way it's able to connect to a network, but somehow i press the button on it and get a 6 digit code that is authenticated by my companies servers. How does that work? are the servers and fobs synced together to follow an algorithm that produces the same passowrd? I tried asking this question in the stupid questions thread and just got linked to the wikipedia page for OTP. I can't understand how something that has no way of communicating with a network can provide one time passwords that are authenticatable. Can one of you cats break it down in dummy terms for me?
>>
>>76560365
There are synchronous an asynchronous OTP tokens. It sounds like yours is synchronous, in that, when it is registered/paired with the server, they both have an onboard clock which and code generating algorithm so that no matter what, the server is aware of what code is generated by the token.
If the time on the token or server deviate too far from one another, the server won't generate the same code.
>>
>>76559762
>it's not /cert/+/learn/
missed opportunity
>>
>>76560365
Yeah it is TOTP, same as when you scan a barcode. There is a shared seed value and agreed upon algorithms to get from that to the code. Time is thrown in to prevent replay attacks.
>>
how do I hack
>>
>>76560651
you just do it, it's not that hard
>>
I have my OSCP exam in September but I don't feel prepared. If I fail i'm not too worried. Anybody have experience or recommendation for studying?
>>
>>76560651
You dont.
>>
>>76559762
The greatest con of the 20th century was NASA convincing us that encryption was real.
>>
>>76560740
Just keep on practicing. Why don't you feel prepared? Have you finished the whole lab or are you constantly getting stuck/burning time on boxes?
>>
>>76560651

WITH MY AXE.GIMLI
>>
>>76559846
>stenography
Not much. Steganography, on the other hand, is used in DRM.
>>
>>76560914
I need to brush up on bash scripting and python. I'm still learning on the labs and currently on buffer overflows. After I'm done I'll read the entire pdf file and try some boxes and hopefully be good.
>>
>>76555424
>Everyone is bleating on desu.
On one had there is a lot of political correctness. On the other we have politicians who know this is a stink bomb that can kill careers. noticed how little is coming from the EU? The normal urge to make statements have been restrained to a degree I didn't think possible.
>From a subtle perspective China seems to be the new super power.
True. And they have less restraints in using this power. China is also a pressure cooker about to burst so a lot of focus is on internal surveillance.
>Too many people scared to lose funding or access to do a proper investigation.
Funny thing is, they never had access. China does what China wants, no more or less. WHO just thinks that with enough kowtowing China will cooperate. And that is totally mistaken.
>If the virus is that selective, Nepalese and Korean, it assumes a granular level of genetics that I didn’t know existed.
The hypothesis is that mortality relates t properties of the lungs that come from Denisovan admixtures. And you find more of that in East and Far East Asia, mess in Europe and less in the Middle East and practically none in Africa and South America.

I am tying to apply computer malware analysis and a course I did on modelling biological systems to the propagation, and it looks really interesting.
>>
>>76560879
>NASA convincing us that encryption was real
When was that??
>>
Morning gentlemen.

>>76559762
Thanks for posting.
>>
>>76561460
>and try some boxes and hopefully be good
does this mean you haven't rooted any boxes yet?
what about HTB?
>>
cyberpunk has nothing to do with cybersecurity
>>
>>76561417
my bad it was late and night and after many beers lol. How is it used in DRM and is that the only place it's used really? I was reading it's not considered the most secure practice, the book hasn't told me why yet though, but the idea of it sounds cool.
>>
I dunno if this counts as cyberpunk but I picked up powdered potassium and magnesium citrate recently to mix with salt and water for fasting. It also works exceedingly well as something to chug before bed to if you're out drinking. Keep your productivity levels high senpai.

1L
1tsp potassium
2tsp salt
1/4 tsp magnesium citrate

taste like salt water but is easy enough to put down.
>>
>>76563532
yes
no
maybe
>>
>>76564028
>potassium
It is unlikely to come in the form of a pure metal. You might also want to be rather careful here as potassium has a strong effect on nerves in general and in particular those that control the heart. The effect is strong when fastening.

>taste like salt water but is easy enough to put down.
You don't want to put down yourself.
>>
>>76564028
t-thanks i guess, rapebro
>>
>>76559846
I think it’s still used in US courthouses
>>
>>76564388
what's rape like about vitamin supplements bro
>>
>>76564367
I will look into it. Thanks for the heads up
>>
>>76561478
I don't know much about China's internal politics. Why do you think it's about to burst?

How are you applying malware analysis?
>>
Web dev here with about 3 years of backend experience. I am waiting to hear back about my OSWE exam results, but I believe I passed and may get the cert. I am really enjoying white box analysis and vulnerability discovery.

Anyone here in the field know of what sort of job titles/opportunities could be available doing white box code analysis for web app vulnerabilities?

If I get my OSWE, what should my next steps be for this?
>>
File: 1587442863184.gif (14 KB, 416x416)
14 KB
14 KB GIF
Are cisco certs more valuable than comptia certs?
>>
>>76563827
DRM is encoded in the bitstream and blended in so that you cannot find it and thus cannot remove it. And that date is used to determine if you are allowed to play the contents or not.
There is a second variation that is used to trace contents. If there is a leak, encoded data can be extracted and used to see who leaked the document. It is not that long ago we saw a leaked document on /co/ with some suspicious extraneous dots that had this function.
>>
>started on HTB tutorials
There is a lot I don't know but I'm really glad I started because now I have shit to learn.
>>
>>76566892
Good job anon, good luck with your journey
>>
=== /sec/ News:
All good security practices start with rangebanning Russia and China. And now India takes this to the max:
>India Bans TikTok, Dozens of Other Chinese Apps (techcrunch.com)
https://slashdot.org/story/20/06/29/1612208/india-bans-tiktok-dozens-of-other-chinese-apps
>ByteDance's TikTok, which counts India as its biggest market, Community and Video Call apps from Xiaomi, which is the top smartphone vendor in India, UC Browser, UC News, Shareit, CM Browser, Club Factory (India's third-largest e-commerce firm), ES File Explorer are among the 59 apps that India's Ministry of Electronics and IT have ordered to ban. "The Computer Emergency Response Team (CERT-IN) has also received many representations from citizens regarding security of data and breach of privacy impacting upon public order issues," the Indian government agency said.
I can see a LOT of spearfishing coming up.
>>
>>76560566
Word, that makes sense. How do asynchronous OTP tokens work then?
>>
>>76565850
>I don't know much about China's internal politics.
I am no expert myself but I know Chinese who had to make themselves scarce after protesting in 1989. They told me what it is like. many that were students back then were Chinese students that had done well in school but had no party affiliations. These days a lot of Chinese students are children of party members or people with connection and wealth that cannot be clearly explained.
>Why do you think it's about to burst?
Few places are as corrupt as China and ordinary people are fed up with this. Party members abuse their powers routinely and fear the people. Funnily enough that is the same type of relationship the Chinese emperors of olden days had to their people: fear. Traditionally the "Heavenly mandate" expired after too much incompetence and abuse and the new emperor would "arrive on horseback" to use the terms. The difference is the access to tech so people in power leverage absolutely all means of surveillance against the people and lately also abroad, purely to stay in power. Internal pressure is just building up and it will one fay rupture in a way that will make Yugoslavia look like a walk in the park.
>How are you applying malware analysis?
I look for upturns in trends in infection rate and death rate for various countries. Lockdown is not effective and whatever happened in Iran has already spread everywhere including Sweden. And there are surprises like the black lives matter-gatherings that seem to have had zero effect.
>>
>>76565537
Potassium permanganate, on the other hand, is a lot of fun. Usually in the form of crystals, a grain the size of sugar grain, is enough to colour a class of water purple. A fistful in a fountain makes it look like a blood bath!
>>
>>76567466
This just in:
>Flu virus with 'pandemic potential' found in China
https://www.bbc.com/news/health-53218704
>The new flu strain that has been identified in China is similar to 2009 swine flu, but with some new changes.

How do we know this horse hasn't already bolted?
>>
>>76561460
You don't need to do any programming for the exam. At worst you'll have to modify an existing exploit for your use case on one of the machines.
>>
File: daybreak2.gif (123 KB, 640x480)
123 KB
123 KB GIF
Night is here. You know the routine.
>>
I am trying my hardest to cut myself from the external bullshit of our current times in pursuit of my dream.
I wish this world would burn down I'm so fucking tired of the tangled lives we lead.
>>
File: 1554586749696.gif (1.96 MB, 350x270)
1.96 MB
1.96 MB GIF
I'm nervous as all hell about taking my Sec+ tomorrow. Any Anons on here taken the 501 and have any advice?
>>
Question: she needs the data on this phone to prove herself innocent in court. she's tried like what feels like 100 times to remember the passcode to her Samsung Galaxy S7 doesn't know her account info and she's staring at that dreadful "You have four attempts remaining" what does she do?
>>
>>76571727
Review whatever you can that worries you and try to get some good sleep tonight. There's nothing more you can do than what you've already done in the time frame that's left.

It's also, not a challenging test. So try and stay calm and take things slowly. You'll do fine anon.
>>
>>76571727
If you're burnt out from studying, watch Professor Messer videos until bedtime. Speaking of bedtime, make sure you get enough sleep and food.
>>
Not a fan of this image OP
>>
>>76572331

y not
>>
>>76572331
this. it's gay af and too /x/ themed.
>>
>>76572758

maybe it's a dude in cyberspace reading an ebook with his digital dragon and about to smoke some digital weed
>>
>>76571893
The cute little story doesn't really mask the intent of what you're asking.
"""she""" takes a look at who's phone it actually is and makes three informed guesses, then goes to Google and hopes """she""" doesn't fuck up the fourth attempt.
>>
Cracking phones isn't impossible it just takes too much time.
If it's a 4 digit code maybe you can guess it.
>>
>>76571727

I got my sec+ many years ago, but CompTIA exams and cert testing really hasn't changed much.

Unless you reliably know 100% that you're capable of cramming (in other words, unless cramming is something that you're already used to doing for other exams), don't bother with last minute studying.

There's not a whole lot that you can do tonight, and your time on the last day is best spent decompressing. Do your best to relax. Eat a light dinner that you enjoy (anxiety can mess up your stomach if you struggle with it, particularly at night). Play some games, watch something you enjoy, listen to music, whatever chills you out.

I highly recommend doing something that's physical but very light. I personally love to clean the night before something important. Tidy up your battle station, take care of all the trash that's been piling up, organize your stuff, whatever you can do. I'm partial to night walking as well, just go for a walk an hour or two before you need to go to sleep. This kind of thing should tire you out a bit and make it easier to fall asleep if you still have nerves. If you have access to Melatonin (a common supplement that acts as a sleep aid), use it.

1/2
>>
>>76571727
>>76573730

Do your best to get 8 hours of sleep, a good night's rest along with a good breakfast (avoid trans fats and garbage carbs) are the two best non-study related things you can do help make an exam attempt of any kind more successful and have a non-trivial influence on standardized test scores.

If you have notes bring them with you and skim them in the 15 minutes you have waiting around the testing center for your exam slot.

When you're actually taking the exam, take your time with each question. Read the question twice before even looking at the answer and then read each answer, doing your best to finish reading the answers before you select a choice.

Usually when your mind jumps an an answer it is the correct one, don't change your answer unless you are ABSOLUTELY certain you were not correct the first time.

I'm not sure what the test environment will be like but for all the CompTIAs I've taken they let you mark a question and go on ahead. If this is still the case, err towards marking questions and moving on instead of changing your answer. Then when you're at the end of the exam you can go through the marks and tweak them. Often you'll have much more certainty about questions you're unsure about when you've let them stew in your mind.

Never leave any questions blank, if you have no clue pick the answer your mind jumps to first. If you can't even get that, try to come up with a good reason for any of the answers and pick that one.

Good luck anon!

2/2
>>
File: 291610.jpg (74 KB, 1280x720)
74 KB
74 KB JPG
>>76559762
Bump with a reminder that CISSP is the premier certification in cyber security.
>>
>>76573730
>>76573753
this advice is too good to be wasted.
sadly some anons will ignore and ask how to hack facebook in 5min
>>
>>76574778

answer: pay someone
>>
Bedtime bumpity bump
>>
is there any possible way for a stingray/hailstorm to bypass a vpn?
assuming there's no leaks or dropped connections
>>
>>76575355
technically yes, but it would greatly depend on certain parameters the scenario
>>
looking to switch from being a backend developer/devops to pentesting and I was wondering, how hard is it to get a remote junior pentest position in europe? IT security is pretty much a dead niche in my little easter european country and there's no pentesting jobs.

also is OSCP recognized in europe?
>>
>>76575736
From my experience CREST is more valued over in UK, so not sure if that extends to Europe.
OSCP is definitely recognised though.
>>
>>76575452
>technically yes
mind elaborating for a brainlet?
just getting my feet wet with infosec
>>
>>76575736
Security is getting a lot of quiet attention in Europe these days and that includes major recruitment drives in both national security agencies and the military.
Have you tried those routes?
>>
>>76575883
it depends what type of vpn
it depends how deep the interception is
it depends on the awareness of the end user being intercepted
it depends on any known or unknown vulnerabilities on the intercepted device
it depends on etc, etc.
>>
>>76567201
Based pajeets for real
>>
>>76571727
I don’t have any advice as constructive as what has already been given but I’m proud of you and believe in you. God speed
>>
>>76576010
oh i thought you had specifics in mind
this is pretty self evident tbqhwyf
>>
>>76576488
the point is that without a specific configuration or infrastructure, the attack surface is impossible to speculate on because there are too many variables
if anyone is doing something and has a legitimate concern with being intercepted, but doesn't understand the technicalities involved or implementing countermeasures, then there's not too many ways it'll go for that individual
>>
>>76575974
completely forgot about national agencies and military, it's true that they are getting more and more money and resources, thanks
>>
Brave New World was one of the early futuristic dystopias. Now it is about to be a TV series.

>Ten TV shows to watch in July
https://www.bbc.com/culture/article/20200629-ten-tv-shows-to-watch-in-july
>Based on Aldous Huxley’s 1932 dystopian novel, this sci-fi series created for NBC’s new streaming service Peacock imagines a society that has achieved peace and stability through the prohibition of monogamy, privacy, money, family, and history itself. It imagines a futuristic ‘New London’, whose citizens include Bernard Marx (Harry Lloyd) and Lenina Crowne (Jessica Brown Findlay). As the series begins, the pair embark on a holiday to the so-called Savage Lands. where they become embroiled in a violent rebellion and are rescued by John the Savage (Alden Ehrenreich), who escapes with them back to their home city. However John’s arrival in the New World soon threatens to disrupt its utopian harmony, leaving Bernard and Lenina to grapple with the repercussions.
>>
File: NSA_Employability_Test.jpg (156 KB, 900x1200)
156 KB
156 KB JPG
>>76576854
Just be careful in the employment test.
>>
i remember when the first sec thread was made.
happy to see it's still going strong.

these threads are important, anons.
good job keeping it alive.
>>
>>76578001
How long back in time does this general go?
>>
File: AbbysAgency.gif (41 KB, 750x259)
41 KB
41 KB GIF
>>76576854
Processing can be speedy, very speedy.
>>
>>76567466
What happened in Iran? Do you have any ideas on why the blm gatherings have not seemed to have an effect?
I kept waiting for a surge 2-3 weeks after they started but haven’t seen one either. To be fair I haven’t been following covid news in a while though.
Thanks for take on China, has motivated me to look into it a bit more.
>>
File: Iran.png (60 KB, 880x1100)
60 KB
60 KB PNG
>>76579319
>What happened in Iran?
There was a second wave there, pic related. This shows the time lag between infections and fatalities. I first thought reservoir animals had come out of hibernation or trekked for weather related reasons but found no support for that hypothesis. A mutation is another hypothesis but again hard facts are hard to find. changes in behaviour is unlikely since health authorities in Iran have complained from day one that people are not careful enough.
The elephant in the room remains the strange pattern in spreading where a case from December was found in France with little overall impact, yet in Iran it exploded quickly.
>Do you have any ideas on why the blm gatherings have not seemed to have an effect?
I think the age bracket is the same and that these are asymptomatic.
>I kept waiting for a surge 2-3 weeks after they started but haven’t seen one either. To be fair I haven’t been following covid news in a while though.
It could be spreading in a group that are little tested and the surge is under the radar.
>Thanks for take on China, has motivated me to look into it a bit more.
BTW COVID-19 is apparently going like wildfire among the Uighurs but this is mainly suppressed. Political correctness caused a huge delay in getting an ethnic breakdown of the statistics. That must have cost a lot of lives.



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.