[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology


Thread archived.
You cannot reply anymore.



File: cybsec reloaded.gif (683 KB, 400x440)
683 KB
683 KB GIF
Previous threads: [https://archive.rebeccablacktech.com/g/search/text/%2Fcyb%2F%20%2Fsec%2F/type/op/ ]
Last Thread: >>76559762

-----
/cyb/erpunk
What is cyberpunk?: [ https://pastebin.com/pmn9vzWZ ]
Cyberpunk directory (Communities/IRC and other resources): [ https://pastebin.com/AJYry5NH ]
Cyberpunk media (Recommended cyberpunk fiction): [ https://pastebin.com/Dqfa6uXx ]
The cyberdeck: [ https://pastebin.com/7fE4BVBg ]
-----
/sec/urity
"Shit just got real": [ https://pastebin.com/rqrLK6X0 ]
Cybersecurity basics and armory: [ https://pastebin.com/v8Mr2k95 ]
Reference books (PW: ABD52oM8T1fghmY0): [ https://mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw ]
/sec/ PDFs: [ https://mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkA ]
Learning/News/CTFs: [ https://pastebin.com/WQhRYB59 ]
thegrugq OPSEC: [ https://grugq.github.io/ ]
#! sec guide [ https://pastebin.com/aPr5R1pj ]
EFF anti-surveillance [ https://ssd.eff.org/en ]
-----
Thread Wiki is up: https://wiki.cybsec.io/
FTP: ftp.cybsec.io

Thread topic: What are the latest techniques you've heard of?
https://thehackernews.com/2020/06/image-credit-card-skimmers.html
>>
reminder that cybersecurity is dead, plenty of thirdworlders willing to use kali linux against your systems for $10
>>
>>76583483
This argument could be made about literally any position in any field. Plenty of thirdworlders willing to clean your toilet for $10. Plenty of thirdworlders willing to hand out prescriptions for $10. Maybe the problem isn't with cybersecurity but with the people letting in the thirdworlders.
>>
>>76583483
im a third worlder and would do it for 5. get raped you mongoloid
>>
File: alita.gif (574 KB, 500x375)
574 KB
574 KB GIF
For those who commented I failed my Sec+ with a 730, (750 is passing). I cant fucking stand it any longer. Ive been in this field for 5 years because of the military and I still cant pass a fucking entry level cert. I want to blame it on my adhd and dyslexia fucking my test taking skills but I know no one fucking cares if I brought that up in a interview. How the fuck do people do this
>>
>>76583902
Are you sure you actually need the Sec+? Most hiring managers I know would be far more impressed by 5 years of experience than a lousy Sec+ cert. I am probably going to let my Sec+ expire in a few years because I've been told it's only good for entry level positions anyways.

And yeah, Sec+ is garbage, it focuses on memorizing acronyms and playing word games, there is zero practical application for almost everything in there.
>>
>>76583902
you been on this 5 years..? how are you doing on hack the box ?

also looking for good (something good not udemy bullshit) resources on OSINT
>>
>>76584041
the thing about sec+, unlike other certs, is that it's often a requirement for government/contractor positions. As in, legally a requirement not just HR bullshit.
So I'm not sure what that anon is doing but sometimes you just straight up need that cert, or something similar that fits the requirement.
>>
File: c.png (9 KB, 729x116)
9 KB
9 KB PNG
>>76584625
an example I just found
>>
>>76583902

730 is so close, go schedule a retake for as soon as possible and your chances of passing are pretty good. When I say as soon as possible, I mean you should go look at the minimum time between Sec+ attempts and schedule for the next possible date/time.

As for studying in between, go (re)watch the professor messer sec+ videos, and every time you hear/see an idea that you are shaky on make a flash card for it. Review your flash card deck at least once a day, preferably multiple times randomly throughout the day.

Use Anki for your flash cards. Refer to https://www.youtube.com/watch?v=5urUZUWoTLo

>>76584041

He said he's in the .mil space, Sec+ is one of the baseline DOD information assurance certifications, you can't hold a civilian/enlisted/commissioned IT position without it or another similar cert.
>>
>>76584827

For ref if anyone's interested in the DOD IAT baseline requirements.

https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

As you can see, no OSCP in sight :^)
>>
>>76583902
Hang on in there, anon, you can do it. We have all had our failures.
Experience is the sum of the mistakes we did that nobody discovered.
>>
>>76583327
What's up /cert/ gen.
Threadly reminder to not talk about cyber security outside of getting certifications, and especially no talk about anything like projects or practical knowledge.
Also don't talk about cyberpunk because it doesn't have anything to do with cyber security.
This has been your threadly reminder.
>>
>>76585078
>Also don't talk about cyberpunk because it doesn't have anything to do with cyber security.
That is at least a new formulation.
>This has been your threadly reminder.
Still wrong.
>>
>>76585078
Here’s your (you)
>>
Has anyone reported false whois info to icann before and succeeded? Tell me what it’s like; someone’s using a fake name (not privacy whois) for a domain and I want them cancelled and the domain taken off. I’m not sure if I should report it to icann that they’re doing fraud or the registrar, as I don’t know who will pull the trigger and revoke their domain.
>>
>>76585647
I haven't done that, but I doubt the registrar would give a crap
>>
More brainlets droning on about struggling to memorize the security+ vocabulary terms so they can bleed the US government of money.

Find a job in the real world, you clowns
>>
>>76586195
>noooo you can't just take money from the US federal governmenterino
>>
>>76586281

those are your dollars, dummy. you're robbing yourself.
>>
>>76586389
I'm not black so I will never see a single tax dollar used in my interest.
>>
>>76586591

>he doesn't know.jpg
>>
>>76585647
talk to the registrar, first. They won't connect you to the person for privacy reasons, but you better have damn good evidence to get them to take action. And a good reason why too.
>>
The more I learn about technology and its purpose the more I want to go Ted Kaczynski on the oligarch.
>>
>>76586389
We spend a trillion dollars in taxes every year to take care of non-whites, making exception only to a few groups of non-whites like East Asians.

https://youtu.be/lGpgvkf3THs
>>
>>76587858

hahahahaha welfare is <10% of the federal budget which is about $400 million and it goes to a lot of white people you gullible fool

stop posting disinformation and go back to stormfront, russian agent
>>
>>76588035
What about public schools, and all of the money that goes into infrastructure for welfare blocks and to maintain the communities of those who take more from taxes than they contribute? All of that easily exceeds a trillion dollars.
>>
>>76588090
>those who take more from taxes than they contribute?
i agree, let's first work on getting a flat tax system put into place
>>
>>76588122

fucking billionaire libertarians ruining everything. looking at you zuck and bezos.
>>
Anyone found anything interesting on The Internet recently?
>>
File: 1419716114091.gif (650 KB, 647x363)
650 KB
650 KB GIF
>>76583902
DON'T GIVE UP YOU GLORIOUS BASTARD
>>
File: Physical Removal.png (267 KB, 1000x601)
267 KB
267 KB PNG
>>76588165
>looking at you zuck and bezos.
They're not libertarians; they're feudalists.
>>
>>76583327

>hide obfuscated code in exif data in images using maliciously hosted favicon
>obfuscate stolen data and hide in image file
>use browsertunnel to exfil data via dns
>>
(Powershell) Empire is dead? What's the next big post exploitation framework?
>>
>>76588693

obfuscated powershell empire
>>
Anybody got an updated version for gxpn/sec 660? Been cross-checking with the 2014 materials and the site's syllabus but seems like updates were eventual
https://www.hacktoday.io/t/certcollection-baseline-sans-offensive-security-torrent/913
>>
>>76587443
>good evidence
It used to be popular to file an address such as 1600 Pennsylvania Avenue.
It was almost as if someone ran a hotel there.
>>
>>76575858
>>76575736
>From my experience CREST is more valued over in UK, so not sure if that extends to Europe.
>OSCP is definitely recognised though.
Got more information, so we can add to the /sec/ FAQ?
>>
>>76589896
no
>>
>>76586195
>>76586281
>>76586389
>>76586591
>>76587426
>>76587858
>>76588035
>>76588090
>>76588122
>>76588165
>>76588263

how about we don't fucking care? i already hate when people talk about cyberpunk trash and you niggers bring your american society discussions aswell?
also americans aren't white, don't (You) me
>>
>>76589896
Not that anon, but from what I've seen in europe, OSCP is definitely recognized, Cisco is a good + and CEH is the most mentioned cert on company websites
>>
File: NeoElf.jpg (86 KB, 554x819)
86 KB
86 KB JPG
>>76498600
>What is an elf outfit?
Still curious what an "elf outfit" is and how this is /cyb/.
>>
>>76590682
>I'm short so nothing looks good on me, so I don't like any fashion
umm, anon, I'm pretty sure he was just poking fun at him being short and saying he could wear an elf outfit since, you know, elves are short
>>
File: NeoElf2.jpg (68 KB, 554x819)
68 KB
68 KB JPG
>>76590803
I guess that kind of makes sense. Though I had hoped for something more exciting.
>>
>>76583327
ransomeware on mac pretty interesting

https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
>>
>>76590997
how is this supposed to help me prepare for my security+ cert?
>>
File: d82[1].gif (2.97 MB, 500x281)
2.97 MB
2.97 MB GIF
>>76590997
>>
>>76591520
>>76591566
basde
>>
>>76591520
Base-T
>>
>>76590600
Fucking christ this faggot is back, go back to pol you self loathing jew
>>
Seems Boris Johnson grew a mighty pair:
>Hong Kong: UK makes citizenship offer to residents
https://www.bbc.com/news/uk-politics-53246899
>Up to three million Hong Kong residents are to be offered the chance to settle in the UK and ultimately apply for citizenship, Boris Johnson has said.

How will this change the dystopia that Hong Kong has become?
>>
>>76586195
Didn't the U.S. just cancel h1b's? Lol. There is a glut of open cybersec roles in the U.S. and not enough people to fill them. You could go do a cybersec degree from an online university and get hired at this point in time lmfao. InfoSec is one of the fastest growing jobs in the country. The idea that companies are hiring foreigners to deal with administration and security of their systems is just a meme.
>>
>>76593549
The H1B application window for this year already closed anyways, and this particular EO only extends until Jan 2021. It literally does nothing, just an attempt to make it look like Trump admin. is doing something.
>>
>>76593233
>dystopia
Meanwhile, far away from the maddening dystopia: https://www.bbc.com/reel/video/p08j3sc4/how-to-take-afternoon-tea-like-a-brit
>>
Bit of a slow day today.
>>
https://en.wikipedia.org/wiki/George_Hotz
How the heck do I become this man?
I went to college and studied computers but got nothing out of it. I know nothing about programming either.
Man this thing is bunk.
Do i just need to be autistic? I guess i dont have the *stuff*
>>
>>76595483
you need to have been programming since you were a kid. that is difficult territory to tread without a mentor, I never did more than dick around with html. Did not have the intuition or maturity to realize that I should spend my entire teen years learning literally any programming language, but if I had a single peer into it I think it would have been easier. A lot of things in life come down to place and time and you don't necessarily have a lot of control over that. I'm almost a 30yo boomer and trying to learn something like calc for the first time is pretty demoralizing considering our brains only slow down as we age
>>
>>76595483
>Do i just need to be autistic?
Probably at least level 8 autism.
>I guess i dont have the *stuff*
Intuition is a big part of this, based on seeing patterns in code.

>>76595603
>you need to have been programming since you were a kid. that is difficult territory to tread without a mentor
I started as a teenager but had no mentor, just a friend from school at the same age as me. And I am not pretending to be a George Hotz. Still I had a nice job as an assembly code programmer where the requirement was to be better, faster and more compact than the output from a compiler.
>>
>>76595826
everything feels so hopeless to me. i cant even try to learn to code because of these hurdles:
1. i have a cs degree and while that didnt teach me anything and i wasted my youth i still know more about programming than nothing at all which means im really frustrated by books that take ages going over the basics of what a loop is or something
2.working in the tech industry in any capacity is completely unappealing. i dont like the people, i dont like the jobs, i dont like the products, i dont like the attitude, i dont like anything involved with it
4. im in my early 20s and it feels like its too late to actually be good so why even bother. im not chasing fame or money but if i cant do things that actually fucking matter then whats the point
5. uncomfortable reading books on my computer
>>
File: ComfyTrain.jpg (189 KB, 1500x1500)
189 KB
189 KB JPG
>>76596240
>1. i have a cs degree and while that didnt teach me anything and i wasted my youth i still know more about programming than nothing at all which means im really frustrated by books that take ages going over the basics of what a loop is or something
I posted this >>76595826 and essentially I started by primitive trial and errors, programming 6502 back in the day. I had no theoretical foundation, I just brute forced my way through the tasks and essentially reinvented a lot of stuff for which a foundational book on theory would have provided me with a better starting point. In your case you started with the foundation so there is nothing that should stop you from building on that foundation.

>2.working in the tech industry in any capacity is completely unappealing. i dont like the people, i dont like the jobs, i dont like the products, i dont like the attitude, i dont like anything involved with it
Sounds more like you are burned out. Recently finished your degree? Why not found a startup? High risk ventures are best undertaken when you are young and have no idea about how much work is involved. And it is not as if we are running out of things we need a software solution for. Even email is far from done. the dire state of knowledge management systems (KMS) has been discussed here a few times.

>4. im in my early 20s and it feels like its too late to actually be good so why even bother. im not chasing fame or money but if i cant do things that actually fucking matter then whats the point
You are young and even at 40 it would not be too old.

>5. uncomfortable reading books on my computer
Reading a book printed on paper can be comfy.
>>
>>76596489
i think id rather kms than a startup
>burned out
how can you be burned out on something youve never done
>nothing stopping you from building on the foundation
you'd think that wouldn't you
>>
>>76596532
>you'd think that wouldn't you
I have had my fair share of failures and problems but you would be surprised what you can survive.
So hang on in there, anon.
>>
>>76597456
Are you the same anon who was being a little fucking defeatist bitch?
Grow the fuck up.
>>
>>76597633
Advice here tends to be rather blunt.
>>
>>76597736
You just have to ask the right questions the right way and respectfully and you'll get what you're looking for. This thread has helped me tons.
>>
File: 2077.jpg (225 KB, 1500x1000)
225 KB
225 KB JPG
>>76583327
how would you use a raspberry pi to hack once inside of a network ? the only thing i cant think of is mitm because nmap shows all ports closed
>>
>>76597823
If you're already inside there's a lot you can, you can move laterally if you compromised a box and aim for privilege escalation and then you can start exfiltrating data.
>>
>>76597823
Like I guess I don't get your qualifier. Are you asking cause you're gonna put a pi in place and connect to it off site?
>>
>>76597823
depending on the LAN environment, it would be extremely unlikely that all ports on all devices are closed.
is this a live setup or theoretical?
>>
What essential software do you install on your systems /sec/?
>>
>>76597917
>>76598133

yeah i know, but im just testing my own home network: i have 2 pcs, my rpi4 and 2 cellphones.

phones have all ports closed so i cant just searchsploit the service. i only could try to wireshark them and try to sniff their version.

i mean, lets say that your employer says go to X location and bring me all the data you can get from that WLAN network, but every device has all ports closed. wyd??


>>76598080
maybe, i could connect to it via ssh with a powerbank connected to it but its not the case. im trying to learn in my home network
>>
>>76598406
Well I mean a pi is just like any other computer so just put like Arch Black or Kali on it. Pis are nice to build onto, they can be made into a lot of things.
If I were to employ a pi in an attack it would be on site and I would SSH into it like you're saying.
If you're just trying to do attacks from the pi put one of the hacker OSs on it.
>>
I forgot work had booked me in for Network+ on the 30th of this month because of slacking off while on Furlough

If I cram 4 hours a day do I have any realistic chance of passing?
>>
>>76598406
there's a few things you could do, but again, it all depends on the environment...
windows devices could be manipulated by WPAD
most devices could be manipulated by DNS poisoning, either by ARP poisoning or a duplicate DHCP server with a malicious DNS server
MITM traffic capture (less meaningful now most stuff is TLS)
malicious NTP server to give wrong time to assist in HSTS TLS downgrade attacks though the MITM
etc, etc. you get the idea, it depends on your target as to what approach you take, to how successful it will be.

highly recommend figuring out what your objective is and doing a custom OS install on the pi which only has the packages you need; these pre-built pi 'hacking' OSs are bloated and shit.
>>
>>76598496
Wait nevermind I can just reschedule lol
I shit myself when I remembered fortunately I was on the toilet at the time
>>
>>76598551
This too, you don't want bloat with something like this. I was implying using an OS simply for "Learning" if you're going to employ one of these in an attack this is what you want to do.
>>
>>76598551
thanks
>>
>>76588693
>>76589068

https://github.com/GhostPack/SafetyKatz

this is how mimikatz stays relevant despite all the endpoint detection tools. obfuscation is useful.
>>
>Applying for jobs again
>Upload updated CV
>Apply for like 15 roles
>Uploaded 2 year old CV by mistake, no way to change the CV I replied to the ads with

Please just fucking kill me already
>>
>>76598919
I did the exact same thing before, but the company literally took 8 months to turn me down, so I am glad I didn't get a job there. Absolutely horrible company
>>
>>76598353
Gentoo
>>
>>76598919
Don't worry about it too much. If you're in the states, I can safely say the job market is damn tough unless you're just overqualified and still applying for simple roles.
In which case, fuck off. Overpopulation is a mistake.
>>
>>76599060
>Overpopulation is a mistake.
Immigration*
>>
>>76599211
If you're coming from a racial purity standpoint, white trash and cousin fucking is a real thing, just go to walmart.
If you're saying they took our jerbs, would you really want to work for a company trying to exploit workers to pay them as little as possible?
If you're just a moron trying to get a reaction, here's a (You), fresh from india.
>>
>>76599308
poo in loo
>>
You guys do hackthebox? What the fuck am I missing for Dream Diary 1? I get that you are supposed to overwrite a heap chunks previous size attribute but whenever I get the overflow and try to the free the previous size updates correctly
>>
>>76600144

https://www.thezdi.com/blog/2019/7/1/the-left-branch-less-travelled-a-story-of-a-mozilla-firefox-use-after-free-vulnerability

just under figure 5 it talks about a check where you have to have a certain value set to the same value you want; maybe that's similar to what's happening to you?
>>
>>76583327
Anyone on here complete all the exercises in Hacking the Art of Exploitation by Jon Ericsson? How long did it take you?

I've got it on my shelf and I want to do it once I quit my job in a week.
>>
>>76583327
!OKCAW ,laeM yppaH a fo trohs seirf eerht ,seitlucaf s'eno fo noissessop ni regnol on ,oznob ,enasni ,stun ,yzarc og snaem ti - ti esoL .ti esol annog m'I noos siht fo tuo yaw a dnif t'nod ew fI .sCPN gnikcuf ekil gnitca pots esaelP .emit gnikcuf ruoy ni ecno ,CO emos erahS .ESAELP ,esaelp oS

.yaD gohdnuorG fo noisrev citsitua ,dedrater a gnivil m'i ekil leef I ,ereh ni emoc I taht yad yrevE

.won no sraey rof stcejbus dedrater emas eht dessucsid ew hguoht neve ,tnetnoc lanigironu dlo sraey dna emina ,semem ,selcitra emas eht gnitsop peek taht sekopwols eht tegrof ton su tel dnA

.scinortcele gnikcuf ro seussi hcet laer gnissucsid er'ew fi rettam on ,nrop ni nem kcalb dna CBB otni euges ot yaw a dnif ot eganam yltnatsnoc wohemos ohw sgaf/lop/ dessesbo-ognidnam ,detesolc eht tuoba tegrof ,secnatsmucric yna no ,ton su tel dna ,semem tsiremusnoc fo maerts sseldne eht ,sraw SO rieht dna sretsopozihcs : niaga revo dna revo sdaerht gnikcuf emas eht gnitsop peek taht SEINOOL gnikcuf emas ehT

.noinipo na evah ot thgir eht meht stnarg egdelwonk cimedaca fo slevel dargrednu neve ro laicifrepus gnikniht skcuf cinam elbaegdelwonk-oduesp emas eht ,tihsllub emas eht ,satsapypoc emas eht yad yrevE .stun yletulosba em evird lliw syug uoy ,ylsuoireS

.poolemit gnikcuf laretil a ni deppart si draob sihT
>>
>>76600332

>unwarranted self importance.fku
>>
Even though I agree, this pasta is already stale.
>>
bump
>>
>>76600302

do it at your job like most people
>>
>>76596489
That picture is comfy as shit
>>
Sup /cert/gen, just FYI Boson practice exams are bullshit.
They have poorly worded questions, and in some cases their answer is categorically incorrect.
>>
>>76595483

>studied computers

wtf does this mean did you skip class and read a book on the a+ cert
>>
>>76588263
The manorialism that underlied feudalism was not libertarian but feudalism itself was.
>>
>>76598919
Apply for like 15 more
>>
File: Comfy.png (355 KB, 891x605)
355 KB
355 KB PNG
>>76600902
I have a large sub directory called comfypunk.
>>
>>76599308
>fresh from india.
So what is the Cyberpunk scene like in your country?
>>
bump
>>
>>76597823
Shrug, sniff for ports is step one
Second would be to try and fake a firmware update if you can get the devices ID.
Cooks something up that can be used to get higher level privalages
>>
>>76583902
I attribute my success to prayer. Not even joking.

Consider asking St Joseph of Cupertino for help.

It can’t hurt, anyway.
>>
What are the best online courses/classes for like the fastest way to get remote cybersec work
>>
>>76603568
>can't even use the question mark
>expecting anyone to help
>>
>>76603773
I'm too retarded for that
>>
Is there a good free online degree for cybersec? I start a new job soon and I'd like to do a part time degree when I have the money, but as I'm sitting around waiting I'd like to start learning now.
>>
>>76602037
upload directory?
>>
I've got a little background in packet analysis but that's about it as far as my /sec/ goes. My tech experience is more about setting up super basic static websites from scratch.

I want to learn everything I can about how browser tracking/ cookies/ demographic analytics/ etc work. What are the ways in which what the average (non-vpn obviously) user does online tracked? Where do I start?

picture is just a cool painting I like
>>
>>76603335
>of Cupertino
Right. I had to check that one out. So it turns out there is another Cupertino.
>>
>>76598919
I got emails back for 6 of the 15 roles I applied for with the wrong CV, I don't know whether to feel happy or frightened
>>
>>76604027
Tracking pixels
>>
>>76603941
Yes, coming up, just have to clean the files for personal stuff.
>>
>>76604901
pls hurry, feeling specifically uncomfy and need inspiration.
>>
Goodmorning gents, thanks for keeping this alive.

Any other seasoned security folk here? I got some things I'd like to discuss.
>>
File: chickenhug.gif (2.96 MB, 350x349)
2.96 MB
2.96 MB GIF
>>76605128
Engaging thrusters now.
>>
>>76605478
godspeed anon
>>
>>76605491
70 MB of comfy goodness is now uploaded to ftp.cybsec.io


>>76605154
>Goodmorning gents, thanks for keeping this alive.
Greetings. I have uploaded a few things to the upload folder. Seems to be a bit of malware everywhere.
>>
>>76605543
Very comfy. Thanks anon, you're the best
>>
>>76605543
A bit, I'm tweaking ClamAV to move malware to a specific folder (so those who want to analyze it, can do so). However, there have been a few cases so far where ClamAV just isn't detecting it. I wish Linux had a better alternative for AV, ClamAV really went to shit after Cisco took over.
>>
>>76603925
TCM's intro course on udemy if you really want a certificate at the end, otherwise pirate it or the old/new PWK. After that do HTB or TryHackMe shit.
>>
File: 1587844466671.png (53 KB, 982x676)
53 KB
53 KB PNG
>>76605543
thanks...you weren't kidding, even shitty firefox is spooked
>>
>>76583902
dont give up! you're so close, literally 1 or 2 questions off. Just study the missed portions. Also you need the sec+ for the private side.
>>
>>76605794
the nigga hosting the ftp refuses to use a wildcard cert to secure the subdomains, for reasons which remain a mystery
>>
>>76606081
not a surprise its so dead then
guess someone else could host it if we cared enough, so probably not
>>
>>76606184
>>76606081
ftp wouldn't be secured over https anyway, if you used something like a public webDAV share it would be though. Don't even know why he's got a subdomain on nothing.
>>
>>76605670
>However, there have been a few cases so far where ClamAV just isn't detecting it.
It's an endemic problem with signature based malware detection.
>>
>>76606228
it's set up to accept ftps explicit tls and it does work, it's just that everything complains about it because the cert is only valid for the base domain.
>>
File: Capture.png (21 KB, 630x464)
21 KB
21 KB PNG
>>76606081
>>76606184
>>76606228

Cert updated.
>>
>>76606401
or rather, it did
>>
>>76606404
Internal Server Error

The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.
>>
>>76606436
What are you trying to access?
>>
>>76606450
Nevermind, I was being retarded. Populated the URI with the wrong scheme.
>>
>>76606386
I just changed it to delete all .scr / .lnk files every hour, no reason for anything with that extension to be in this ftp anyway.
>>
>>76606585
i used to have a cron setup for that, there's like 50+ executable windows file extensions though.
>>
=== /sec/ News:
>How Police Secretly Took Over a Global Phone Network for Organized Crime (vice.com)
https://yro.slashdot.org/story/20/07/02/1447240/how-police-secretly-took-over-a-global-phone-network-for-organized-crime
>Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym. Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world.
>Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

So how did they get evidence accepted by the courts without revealing this?
>>
I don't think they have yet? If they got private keys or something that wouldn't be 1 hack per user.
>>
File: ayy.png (629 KB, 960x822)
629 KB
629 KB PNG
>>76606772
>doing illegal shit on closed source software
>>
>>76588198
I didde
>>76606691
>>
>>76598353
Norton antivirus
>>
You ARE supporting the Republican-backed Lawful Access to Encrypted Data Act, right? You're not a libcuck, right?
>>
>>76591520
boost
>>
>>76598919
I would just apply again with the correct CV using a different email. I do this all the time when jobs don’t get back to me. Just rewrite cv and and reapply
>>
>>76606772
>So how did they get evidence accepted by the courts without revealing this?
You sit on your honeypot until you have a decent stockpile of evidence and then you cash-out by revealing it.
>>
>>76598353
Discord
>>
>>76605670
When you have vetted an upload, will you move it to an (immutable) download area?
>>
File: hahahwtf.jpg (7 KB, 276x183)
7 KB
7 KB JPG
>search "OSCP jobs + entry level"
>6+ years experience minimum required
>3+ years minimum sysadmin experience required
>bachelor's degree + 3+ years experience required

why the fuck is it always like this?
>>
>>76607238
Because they expect people with fewer qualifications to apply.
>>
>>76607238
>>76607270
The people posting job listings don't even know what those words mean anyway.
>>
>>76606954
The FTP is immutable. It's write / read only. No deletes allowed. If you have something you want moved elsewhere after initial upload, just let me know.
>>
>>76607358
>immutable
>writes allowed
enjoy your 0byte every file
>>
Do you read SP 800s cyb?
>>
Not sure if this is the right place to ask, but wat do if I want to host stuff from a server at home under my own domain, but want to hide my IP?
Running a reverse proxy on some kind of free computing platform (like AWS or Google, so much for privacy though) to which I point my A name record, and which then directs traffic to my server?
>>
>>76607358
The problem now is that malware is constantly uploaded to each and every sub directory. An immutable download area will avoid that issue.

Also, have you analysed where the malware uploaders are from, geographically?

I have a huge structure I would like to upload. Would it be most efficient to upload as a ZIP file and let you move it to an immutable place after vetting it? this is not of the order of AEL but still quite a few GB.
>>
>>76583902
>5 years and can't pass one exam
lmao
but serioulsy don't give up
use Anki ;)
>>
>>76600302
>once i quit
do it now or you'll never do it.
>>
>>76607391
I meant, after you upload a file, you cannot delete it.

>>76607665
Give me an idea for what type of structure you'd like to see and i'll look into implementing it.
>>
>>76607238
To be fair, /sec/ is a specialized profession. There MAY be entry level jobs somewhere but for the most part, you want background experience before you dive in to the specialties. Being a sysadmin for a couple years is a great start. It gives you credentials besides a piece of paper.
>>
Is Stuxnet 2 making the rounds?
>Iran nuclear: 'Incident' at Natanz uranium enrichment facility
https://www.bbc.com/news/world-middle-east-53265023
>The AEOI later published a photo showing a partly burned building, which US-based analysts identified as a new centrifuge assembly workshop.

Stuxnet targeted the centrifuges last time.
>>
File: Structure.png (31 KB, 241x1309)
31 KB
31 KB PNG
>>76607809
>Give me an idea for what type of structure you'd like to see and i'll look into implementing it.
Roughly pic related. CP is the root of my CyberPunk folder.
>>
>>76608045
Wheres the porn?
>>
>>76607663

tor anonymous service
>>
>>76607663
I'd recommend using torsocks
>>
>>76607841
Fuck yeah dude industrial control hacks are the real shit
>>
>>76607841
>>76608924

does homeland cheetah sound like a cia cryptonym to anyone else?
>>
>>76606899
Bootlickers kill yourselves, go back to worshipping your totally not Jew run political party
>>
>>76608938
homeland is too overused for a spookonym, they'd definitely cheetah
>>
>>76608938
I thought Eagle was the identifier for believed US based APTs? Like how Bear = Russian, Cobra = NK, Panda = China, and Kitten = Iran? With the exception of Equation Group ig but I’m 90% sure they’re defunct
>>
>>76609017
They get named by the group that identifies them. Equation is still probably NSA but Kaspersky named them.
>>
>>76608163
In the cybergoth. Pic related is an example.
>>
>downloaded a niche video from bitchute that is very heavily blocked
>had to use a other website to do the download
>now paranoid about antiviruses not finding the potential virus
How fucked I am?
>>
>>76607327
The people poating those job listings are the kind of people who get mad that the first usgae of the acronym PHP in your resume precedes an explanation of the acronym's meaning.
>>
>>76607663
You can do what I do:
Spin up a VPS (a cheap one is fine), host a VPN service internally on your network (I'm using wireguard) and then forward traffic from your VPS host to your internally network over the VPN link. To everyone else, they see the VPS IP, but internally that traffic is all encrypted and routed to your internal VPN (and then your internal LAN). For add security, only whitelist the VPS IP to your VPN so you know no one else can access it.
>>
I want to take my oswe. Are the materials in the class enough or do you guys suggest any other stuff?
>>
>>76608045
>>76608163
Now don't get me wrong, categorizing stuff is neat and all. But calling your root CP is pretty brave.
>>
>>76608949
>>76609017
>>76609047

homeland cheetah is the group that claimed responsibility for the fire
>>
>>76610381
>claimed responsibility
thats definitely not USA's M.O., false flag?
>>
ISP has restricted my internet for example I can access google through port 80 but not through port 1. Looking for links/docs/blogs on how they do this. I'm sure I can bypass it. Noob in networking asking for advice, this thread looked like the most relevant.
>>
>>76610508
uh anon, what? All normal internet traffic goes through port 80, hence google working for you there and not on 1. It's a standardized port.
What are you asking exactly?
>>
>>76610508
Can you describe how you think it works in the situation where you'd access Google through port 1?
A diagram might help in explaining this.
>>
>>76610392

it damaged the centrifuges which is what stuxnet targeted and they claim to be iranian
>>
>>76610758
>>76610862
my ISP has a form of restricted internet where you can only access facebook/twitter It has flaws though I can access google but sending a ping request fails Every other site I tested 4chan for example is unavailable(can't ping, can't access). I am asking if anyone understands how they do this.
>>
Where can I get some good, free Security+ and Network+ practice tests?
>>
>>76611525
could be a few things. I am assuming you're using their provided DNS, this is the default with most ISP routers. Have you tried changing the DNS to another service, like 8.8.8.8 ?
>>
>>76611604
yes tried that stays the same any tips ?
>>
>>76611802
When you try to access/ping websites that are blocked, what error are you getting?
Can you do an nslookup on the websites that are blocked?
Can you traceroute to them, and how far does it get?
Does the traceroute always fail at the same point?
Can you run a scan with http://portquiz.net/ and see what egress ports are available through your ISP?
Can you actually do some basic troubleshooting and provide some useful environmental information instead of this shit low effort 'it doesnt work plz halp'?
>>
>>76583902
HAHAHAHAHAHAHHAHAHZHZHAHAH

This is for all the faggots tryinna get in the military/govt and become a glowing nigger faggot. Be thankful I am not trolling you into wasting your life.
>>
Any public resources for port forwarding/ssh tunneling and/or active directory?
>>
>>76611901
>When you try to access/ping websites that are blocked, what error are you getting?
request timeout

>Can you do an nslookup on the websites that are blocked?
yes it works

>Can you traceroute to them,
and how far does it get?
request timeout

>Can you run a scan with http://portquiz.net/ and see what egress ports are available through your ISP?
can't access that website, internet limited to very few websites.

>Can you actually do some basic troubleshooting and provide some useful environmental information instead of this shit low effort 'it doesnt work plz halp'?

I said I'm a noob. If I knew all this I would probably be doing research on my own That's why I asked for docs/books/links for those that don't want to spoonfeed me.
>>
bump
>>
>>76583327
As someone in another career where the ceiling cap is around 60k or so unless you kill yourself, how good us cybersecurity? I'm told the ceiling can be much high than what I'm doing and I enjoy computer stuff already. Planning on going back and doing a 2nd bachelor's with something like this.
>>
>>76613684
>Planning on going back and doing a 2nd bachelor's with something like this.
Get a degree in math and start glowing. The floor for NSA cryptologists is 60k and the ceiling is 160k.
>>
>>76613784
Math sounds awful though and I'm generally not a fan of it.
>>
>>76613799
What do you like about computers?
>>
>>76613784
what about NSA "pentesters"?
>>
>>76613930
Piracy stuff of course, but that doesn't translate to work. I run my own media server. Trying to figure out python scripts. Stuff like that.
>>
>>76614052
90k-180k
>>
>>76614220
and contractors?
>>
>>76613684
>>76613799
>>76614137
Yeah working in IT is pretty neat, but don't fall for the grass is greener meme. It can be tough, requires lots of learning and dealing with subpar idiots often. Working with computers is different than as a hobby. It takes a certain kind of person with the right mindset to be the most successful. Thinking logically, problem-solving, using resources to help you, etc.

That said, you can do it if you put in the effort. And... probably don't listen to some idiots on here, you don't need math. Research roles that interest you, and learn what they do.
>>
>>76614738
I'm just thinking in terms of a higher ceiling. I'm medical and it's backbreaking and the ceiling is garbage unless you do even more backbreaking stuff and grind the OT hours.

I don't know what area I'd like to do with computers, I'd just like to work from home a day or two a week and knock on the 6 figure ceiling and get over it.
>>
>>76614759
The pay can start pretty low but also go pretty high, it depends on your specialty and experience. Don't expect to be a millionaire entry-level. Anyway like I said, you gotta look up things you like doing to start off. Mostly because if you hate the job, I guarantee the money and stress won't make you happy. So troubleshooting? Server management? Cybersecurity? Systems engineering? Networking? Software Development? etc. Look up topics and pick what you want. Start reading as much as you can, it's a long road.
>>
>>76614882
I've heard cybersecurity is the road now and in this town it should be huge since we have tons if government stuff.

I just really don't know where to read up on it and trust the source. That's why I kind of figured I'd go back and do some sort of computer science and hopefully figure it out along the way.
>>
>>76612048
post a comparison of a traceroute to a website you can access and the comparison for a website you can't access.
don't cancel the traceroute early, let it completely time out at each hop.
>>
>>76608858
>>76609521
Thanks, I shall look into both of these.
>>
>>76614916
yeah computer science is a good start. working with the gov can be hit or miss though. I know they have more requirements than the public sector, such as clearances you have to get. Hope you have a good record or military experience.
>>
>>76610102
>But calling your root CP is pretty brave.
I am not in the US and the alternative reading didn't occur to me until late and until then I had preferred 2 letter abbreviations. In reality it is all clean to the extent I think all is public domain.
>>
>>76615045
>yeah computer science is a good start. working with the gov can be hit or miss though. I know they have more requirements than the public sector, such as clearances you have to get. Hope you have a good record or military experience.

Record is clean. I have friends that have clearances, so that shouldn't be too hard. Especially with the growth in my area.
>>
>>76610381
It is not uncommon for some group to take "credit" for unrelated news, just to inflate their importance.

>>76610392
>false flag?
Or just an attempt to muddle the waters.
>>
>>76613784
>he floor for NSA cryptologists is 60k and the ceiling is 160k.
>>76614220
>90k-180k

OK, the obvious question: how do you know?
>>
>>76583483
>https://pastebin.com/rqrLK6X0
>cybersec is dead
>it's so easy a subhuman pajeet can do it for 10$

your IQ is under room temp
>>
>>76615662
>cybersec is dead
Do you even read the news??
>>
File: CatOverload.webm (879 KB, 460x460)
879 KB
879 KB WEBM
>>76608045 >>76607809
Did you get time to look into this?
>>
Is it possible to work as a civilian cryptologist? Where would one find such a job?
>>
File: clintcoffee.gif (2.44 MB, 263x250)
2.44 MB
2.44 MB GIF
>"Burp" Suite
>Google "Dorking"
>"Spoofing"

When did hacking terminology get so fucking weird?
>>
>>76617109
Yes, looked into it. Need to find some time to implement it. Probably this weekend sometime.
>>
>>76617536
spoofing is ancient, dorking is weird but i think they needed a name quick for what everyone was doing already for many years.
>>
>>76610028
>oswe
I literally just got my OSWE. I think the materials are enough. I have been doing webdev for 3 years or so, so it was a little easier to read the code.

I would say as long as you're comfortable understanding the code flow in the course you should be good.

You will also want to be able to write PoC scripts in some language that you're comfortable in. Provided you can do most of the basics in a given language you should be good between reading/writing code and the source material.

You will also need some basic exploit knowledge, such as how to gain a reverse shell etc.

I felt that between being able to read/write code and the course I was prepared.

The biggest thing you need to intentionally practice is the discovery piece. Make sure you spend time in the lab actually finding vulnerabilities they don't tell you about in the material.
>>
File: proxy-image.jpg (38 KB, 680x889)
38 KB
38 KB JPG
>>76583327
How to remove "covid" tracker from android? Root and reflash? Which one?

Fuck you CIA.
>>
File: phonelaugh.jpg (43 KB, 400x532)
43 KB
43 KB JPG
>>76617987
>how do i remove the spyware from my spyware?
>>
>>76617990
Implying intel computers are not the exact same issue, answer my fucking question.
>>
>>76618004
Install Gentoo
>>
>>76617987
Most likely it is engineered to be uninstallable. Essentially Google got an open license to do whatever they want in order to provide COVID data. It is fair to assume that any update from Google will reinstall this "feature".

So you can reinstall from scratch and see it return after the first update, or you can buy an old phone that is no longer updated. That is one of the reasons I use an 8 year phone.
>>
>>76617929
Thanks my dude. I was was web dev switched security. I'll read some materials then register for the class.
>>
>>76597823
Find that juicy network camera/display ethernet port and plug it in.
>>
damn, ive read through most of the /sec/ pastebins but its so overwhelming. theres so much shit here. anyone got an idea where a total beginner should start out?
>>
>>76619988
Did you also check out the /sec/ FAQ?
>>
>>76620021
do you mean this one?
https://wiki.cybsec.io/index.php/SecFAQ
i did read it but it seemed kind of unfinished and i still have no idea where should i even begin honestly...



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.