Thread replies: 144
Thread images: 6
Thread images: 6
File: images.jpg (16KB, 225x225px) Image search:
[Google]
16KB, 225x225px
>ITT: Ask a Cyber Security Consultant anything.
>>
kde or gnome?
>>
>>57576690
Bluetooth or NFC?
>>
MAC Address or ipv6?
>>
Which type of buttplug do you prefer?
>>
>>57576701
I'd use gnome if I was forced to. Lighter.
Up to you really.
I'd say Kali.
>>
>>57576690
>cyber security consultant
so you... send emails to hosting providers all day?
>>
i've worked help desk at an MSP for a year, how do i get out of this hell and do what you do
>>
>>57576736
Step one: Don't do fucking support if you're interested in a security role. Start out in incident response (High turn over rate in Managed Services, start there). Work your way around. Easy.
>>57576733
Reverse engineering / malware analysis. Pentesting. Digital Forensics. Remediation. Signature writing. Threat intelligence, etc. Fortune 100 company.
>>57576718
Fuck off.
>>57576709
......
>>
>>57576690
Considering everything is full of security holes, what's the most secure os?
>>
Do you contribute to the NSA botnet?
>>
>>57576800
Depends what type of endpoint your OS is for. Kaspersky OS is good for certain devices. THe business world uses Windows, no way to avoid it. It's more so the vulnerable softwares and plugin installed, not the OS. So long as you have true full disk encryption and a hardened PC you'll be as fine as any other. Everyone is fucked. Also, do you mean secure from malicious actors or government? If it's gov use hardened linux. If it's hackers just harden your shit.
>>
are u a top or a bottom?
>>
>>57576807
If your device is Western you do. If it's Chinese you contribute to theirs.
https://nsa.gov1.info/dni/nsa-ant-catalog/
Enjoy.
>>
>>57576773
incident response? that just sounds like level 1 support to me
>>
>>57576876
It's level 1 basic CSS investigations. Want to stay cleaning cum out of keyboards and reimaging laptops? You have to start somewhere, unless you have mad skills then go for a junior consulting gig.
>>
Is it possible to do security consulting for small companies? By small I mean internal web-apps, small offices with a couple of computers.
Would it be possible to sell them pentesting and consulting?
>>
>>57576690
>Consultant
Do you even get paid well?
>>
>>57576868
What the fuck is that shit holy fucking kek
>>
>>57576899
I've got mad skills but there are no jobs here. Can i move in with you instead?
>>
>>57576922
Yes. If you want $$$ you do consulting.
>>57576917
Yeah, do web app testing. Lan pentests. external pentests.
>>
How did you get to where you are?
What college did you go to and what course did you take to get a degree for your job?
Did you learn a lot of what you need by yourself, or from teachers?
Any tips for an Anon that is heading down that path?
>>
Alright I'm outta here.
PS. What is the most vulnerable part of a computer?
>If you can't answer that correctly then you aren't ready for a cyber security role
>>
>>57577032
Periphery/the user.
PS. Get fucked you self-important prick.
>>
>>57577032
The user.
Now fuck off.
>>
>>57577032
>Alright I'm outta here.
That wasn't exactly a very extensive AMA, was it.
>>57576728
>I'd say Kali.
So real sec folks actually use this meme skid thing?
>>
>>57576690
how many times do you fap a day?
>>
cyber security guy in my office just go around terminals and changing passwords every day. lmao
is that what you do?
>>
>>57576846
confirmed for OP making shit up
>>
>>57576690
Kali ore Parrot ??
>>
I'm actually a pentester for a Fortune 50 company. I've been monitoring this thread. OP is full of shit. I wouldn't even classify him as a skid. More like a role-player.
We use a custom build of Debian. Once this skid said Kali, all credibility went out the window.
>>
>>57577194
hijack the threat and answer peoples questions then
>>
>>57577194
this so much, OP didn't mention havij once that's how you know he's full of shit
>>
>>57577194
but kali Linux is a custom build of Debian too ?
>>
>>57577124
Actual security engineer here. Yes, but normally only junior level people. People eventually figure out what works and what doesn't and then run either a Debian distribution or arch.
>>
Why is my security compromised when I use a public wifi?
>>
>>57577287
because you are then on the same network as an attacker. If he as any skill at all, it will be fairly easy to monitor all your traffic. Also ARP poisoning attacks to phish for login credentials. There are a bunch of things they can do.
>>
What is best Kali Linux ore Parrot OS
>>
>>57577267
For English use the period for statements?
>>
>>57577383
kali, without question
parrot is a meme
>>
>>57577287
promiscuous NICs, you dingus
>>57577179
neither you fucking pajeet >>57577137
>>57577137
precisely twice, once in the morning after I work out and once after lunch. Keeps the head clear.
>>57577024
books, didn't, self, don't, the field is saturated by memelords like OP who think they're mr. robot level hackers but are actually fedora lords. Get into big data analytics if you want to make real money.
>>57576855
trick question, power bottom.
>>57576807
who don't
>>
>>57577383
if you have to ask you're a newbie so kali, more tutorials on it if you're not a newbie either will work for you
>>
>>57577428
you are right. i am a newbie. i dont know shit yet
>>
Get the Croatian compromised ip that hackers are using to try to get into my emails out.
>>
have any one of you tried this. i cant get it to work.
i am running Tails OS from USB, i try to install Virtual Box so i can run kali linux from it. but i am not able to install Virtual Box
>>
>>57577616
are your interests in hacking illegal or professional? also are you interested in something specific?(I can recommend you some stuff)
>>
>>57577657
to start with i want to do legal stuff only
>>
File: hqdefault.jpg (8KB, 480x360px) Image search:
[Google]
8KB, 480x360px
>>57576701
I'm a kde man myself
>>
>>57577657
i have tested some stuff on my own network. like the Android hacking from kali, it works but only LAN
>>
Which certs you consider useful to have?
>>
>>57577647
stupid idea assuming you're hacking almost anything worth hacking they'd be blocking TOR so you wouldn't be able to do much better solution is normal OS with VPN>kali linux with different vpn
>>57577667
I'd recommend buying/torrenting any and all books on amazon (I'd personally recommend RTFM, blue team handbook, black hat python, grey hat python and watch all the defcons you can find that pique your interest) but the best option for a newbie is a college course usually labelled some shit like IT security failing to find one of those learning networking and programming would be useful
>>57577705
what job are you trying to get?
>>
>>57577714
right now i am just testing different things out. but ultimately i want to be a hacker for the sake of good. i will try to do good things when i get skilled enough. i think the gray hat would suit me
>>
>>57577705
>>57577714
I just realized what thread we're in
CCIE Certification
CompTIA Security +
CEH: Certified Ethical Hacker
CISM: Certified Information Security Manager
>>57577751
>ultimately i want to be a hacker for the sake of good.
start looking for exploits in websites and reporting them to the website owner and making patches to improve security on github software (also make a github this hellps with employment) one thing I'd recommend is finding a chat client on github and adding encryption to it
>>
>>57577781
>CEH: Certified Ethical Hacker
CEH: Certified Ethical Hacker
Fucking hell that's a meme certification!
CCIE and CISM are good tho
>>
>>57577811
it is a meme but at a small company having a cert with "ethical hacker" in it would carry a lot of weight
>>
>>57577841
Yeah it's mostly for HR people to look at.
OSCP is the one you want if you want nerds jacking off to you.
>>
What do you think of HAK5 and the tools they sell ?. i am thinking of buying The WiFi Pineapple device
>>
can you recommend a good VPN that costs money and a good one that is free ?
>>
>>57577989
Not OP, but WiFi Pineapple is the shit.
Rubber Ducky is overpriced, look up 5054500 or 6187500 on fasttech if you want a cheap bad usb
>>
>>57578020
Do you have it ?
i was thinking of buying the rubber ducky too haha
>>
>>57578017
hello fbi
>>
>>57578017
mullvad and there isn't a good one that's free, why would a company provide a service that costs them money for free
>>57577989
you can make all their tools for cheaper, just search how to make x
>>
>>57578081
I don't but a coworker has one that we play with in the office.
I do have the Arduino alternatives to the rubber ducky and they are good. One is a dollar the other is three, so try them if you can!
>>
>>57578121
I will, thanks for the info
>>
College student looking to get into cybsec.
do you ABSOLUTELY need calculus?
>>
>>57576690
>Cyber Security
>Consultant
>AMA
>>>/plebbit/
>>
i once saw a youtube video about how to make a homemade IMSI catcher with raspberry pi. is this bullshit?
>>
>>57578440
found this
https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/
>>
>>57578432
Brofix: >>>/pol/
>>
>>57576690
How does it feel knowing you'll always be a script kiddie
>>
can you tell me how to read and write to RFID dor keys. and maybe copy a dorkey to the phone and use the phone as a dorkey ?
>>
>>57578583
your phone can't write or read RFID
>>
>>57578440
found this
https://www.youtube.com/watch?v=NvX9Dmxixaw&t=253s
>>
>>57578605
sorry NFC then. the phone detects when i put the key on the back. i got the s7 edge. and when i put the phone up to the door it detects
>>
>>57578395
if youre too dumb to pass undergrad calc courses just forget it man
>>
>>57578605
this is the thing i can put my key and phone up to
>>
>>57578642
You're an idiot and a harmless script kiddie.
You don't need calc. to know how antivirus key checkers work, how firewalls are configured, how to craft TCP packets.
I bet you just use Kali Linux all day thinking you're some 31337 hacker, when's the last time you've used an algorithm to fix your problem?
>>
>>57578623
oh yeah NFC works, just google writing/reading NFC on android
>>57578649
if its NFC (I doubt more than likely it'd be RFID) just google how to copy NFC key android
>>
>>57577705
certs are useless all are incredibly out dated
>>
>>57578669
i got some apps and things happen. but i think the readings i get is cryptet
>>
>>57576690
How much more time do you reckon your job has till they figure out your dedicated role is pointless?
>>
since op does not care about noobs here you go
http://pastebin.com/Ck6W4AWM
>>
>>57578658
im not even involved in the security field man, i'm just saying that if you have a hard time passing undergrad calculus you aren't intelligent enough to do anything that requires ingenuity. the type of person who cant pass undergrad calc and is seriously concerned about it is more belonging in a position to help old people install microsoft office and make sure they keyboard is plugged in or whatever -- the IT equivalent of licking envelopes all day
>>
>>57578723
also be prepared to give up on life and study none stop this is not a game
>>
>>57578723
its highly recommended to start as a sys admin then go into pen-testing
>>
>>57578734
"if you have a hard time passing undergrad calculus you aren't intelligent enough to do anything that requires ingenuity."
Are you even involved in anything IT?
>>
>>57578734
not even close to being true
>>
>>57578734
https://www.youtube.com/watch?v=JsVtHqICeKE
>>
File: NFC Tools.png (173KB, 1440x2560px) Image search:
[Google]
173KB, 1440x2560px
>>57578669
this is the data i get from NFC-Tools
>>
>>57578796
>i cant pass basic post secondary math courses but i expect to be successful in a highly competitive, highly technical field
maybe you dont quite understand what i'm saying here (which also ties into my general point -- ppl who are too dumb to do calculus aren't good at understanding things in general), i'm not saying that calculus is involved in cyber security at all, however what i am saying is that if you're not smart enough to pass calc 1-3, you're going to struggle at anything that requires a higher understanding
im just giving you the heads up now, take it or leave it pal
>>
>>57579105
when i scan the tag/key
>>
>>57579126
Do you even know the difference in runtime procedures between amd64 and i386 architects?
I'm guessing you're just some first year grad student that tries acting smart online just to impress some people on a website.
>>
>>57579126
you really are too dumb to understand just how wrong you are
>>
>>57578847
Not the anon you replied to, but I really enjoyed that talk. Thanks for the link.
>>
>>57576690
How do I get started learning what you do?
>>
>>57579126
You're totally right. If you're smart enough to work on high level computer work, calc should be the absolute last thing to worry about. Basic cis courses require much more analytical thinking then the basic calc courses
>>
File: 1469829886928.gif (4MB, 375x221px) Image search:
[Google]
4MB, 375x221px
>"im a cyber expert, trust me guys", AMA
>thinks this is reddit
>no time stamped proof
>doesn't bother making a trip or even namefagging so we know when he's answering
OP, you are objectively cancer.
>>
> Cyber
lost
>>
>>57578642
>>57578734
Cal 1 I'm fine with, it's Cal 2 that's kicking my ass left and right.
>>
>>57576773
fuck off Joan
>>
>>57577869
ocsp? but its from the people that built Kali right? so is using and learning Kali useful or not? Or is it kali useful for some tasks and then do you have to craft your own tools?
>>
Is it true that CISSP is nothing but a useless and way to meme'd cert?
>>
how do i hack facebook?
>>
I'm really fedup of busting my ass in support hell only to find myself more knowing more stuff than my superiors and supervisors that cant even start the windows's services panel in windows by command line.
is it useful to watch DEFCON presentations to keep up to date?
if so, what other conferences do you recommend to watch?
Do you recommend any podcats or website to start reading?
>>
1.) I was watching porn on my phone and when I tried to pause the video, a new tab opened automatically and something called pornvideo.apk started downloading automatically. I cancelled the download as fast as I could. Will I be OK?
2.) I've heard people say that the worst thing about being employed in anything involving technology is that your family members and coworkers will ask you to fix everything without so much as even doing a simple Google search for their issues first. Is this true? Do your family members just throw their computers at you and shout, "I don't know anything. Fix it!"?
3.) What animals do you think make the best pets? Do you have any pets?
>>
>>57576690
Tell me something, without giving an argument about third-party libraries, do you think bash can replace python as a scripting language for reverse engineering and pentesting?
>>
>>57576690
What resources would you recommend on social engineering?
>>
>>57576690
Is it a fun job? Thinking of focusing on security for my com sci master.
I've done som programming in python and since entering university, mostly Java. I thought my "basic" C class (not really, the lecturer was crazy knowledgeable and was making sure anyone passing his class knew everything about the basic building blocks of C, memory alignment etc.) was a lot of fun since it went into some of the nitty gritty that you'll have to know in another class by the same lecturer about optimising/building compilers.
I haven't enjoyed my classes about network protocols, related algorithms (djikstras etc.) as much though.
Would you still recommend cyber security for someone like me?
>>
>>57576690
how many times do you wash your crotch every day?
>>
>>57576690
Your CISSP certificate is expensive trash
>>
>>57582333
maybe security spans a wide variety of things so you may enjoy somethings and despise others but your best bet is to become a sys admin then get into security
>>
Today my account was accessed from some 3rd world shithole once again
besides that, a shit ton of unsuccesful attempts were made as well
I now change my password every 4 weeks or so
Is there anything else to do against this type of shit or do you just try to keep a step ahead of these clowns?
>>
>>57583388
what account?
Another question: how do people recognize if some chinks try to access their pc on the network? As i know, most routers open only ports 80 and 443, how do you know if someone tries to ssh into it if you decide to open ssh for example
>>
>>57583418
my hotmail
All my other accounts are clean tho
>>
>>57577412
What books would you say were the most beneficial to learning netsec skills? What programming language would you say you use the most? How much in depth knowledge of a linux system do you have?
>>
>>57583428
How could you tell that someone successfully logged into your hotmail (now outlook.com really, but that's a detail) account?
To prevent intrusions, I guess all you can do as a user is to use strong passwords and change them often. Not trying to log on from untrusted networks may also be an idea (although the logon process is all encrypted, so the attacker would need to have a means to get around that). Another attack vector may be keylogging malware which may capture your passwords if active.
>>
>>57583868
I woke up to a text from microsoft saying someone other than me probably accessed my account
In my acces logs I found 3 failed attempts from nigeria, indonesia and sweden, respectively (wrong password used), and one succesfull from the philippines, at a time I wasn't even awake
Surely, these are proxies but it does indicate someone trying to get into my account
thank fuck no changes were made in the settings. Moreover, this has appearantly been going on for a couple of weeks
Not sure what to think of it; could be some random target thing, or explicitly targeted towards me
Either way, gets me pretty paranoid
>>
>>57576690
what do i need to know/ what do i read in order to be qualified to do what you do? pls no meme response
>>
>>57581915
Not that anon, but can confirm 2. I wouldn't say it's the worst thing but yeah, it can get annoying. It's like feeding cats, once you start, they'll just keep coming back forever. Either tell them to fuck off or at least charge them for it.
>>
>>57584119
If you try to charge them they'll be outraged and will imply you're trying to jew them, because somehow they think you're obliged to solve their tech issues for free just because you can. Well, at least that should make them go away.
>>
>>57583972
use a password manager (keepass is good) and use a generated password. If someone can get into your primary email account, they basically own your life, especially if you use the same password for all your other shit.
>>
Well over 50% of unsolicited connection attempts to my WAN interface target port 23 (telnet). Why are intruders (whether bot or human, as it's more than likely both) still so fixated on this supposedly deprecated service?
>>
>>57584160
Just keep in mind that they're the ones trying to jew you out of being compensated for your time, not the other way around. I usually ask them how they would feel if someone wanted them to do some tedious and boring part of their job for free. Actually if they ask in the right way and I'm not too busy, I'm usually more than happy to help them solve the problem, as long as they take some responsibility and aren't an asshole about it.
e.g. "Hey anon, I'm having some problems with my $whatever. I was messing with the settings and accidentally did something and now it won't $whatever. I tried $x, $y, and $z, but it didn't work. Is there anything else I could try?" == good
"U gud wit computahs, rite? Mine be broke, come fix it." == fuck off
And if someone is completely technologically retarded, I usually won't help because 1.) their shit is so fucked up it'll take forever to fix it and I ain't got that kind of time and 2.) Anything else that happens to the computer ever is now your fault.
>>
>>57576690
> cyber
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE GO AWAY FED REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
>>
>>57584415
They're just going fishing and seeing what they can catch. There are some relics out there from the telnet era that are still running, believe it or not. And some of those relics are for critical infrastructure and industrial applications. That's most generally what they're looking for, not your residential LAN or VPN or whatever.
>>
Let's say I was really good with Kali and I am a creative individual.
Now let's say I have no coding or programming experience. Would I still be considered a tool monkey or could I call myself a hacker (even if its just an amateur level)?
>>
>>57576690
What degree do you have?
How did you get into cyber security?
>>
>>57576690
this entire thread is exactly as cringy as i imagined it would be.
thanks for posting, op.
>>
>>57584778
you could definitely call yourself a hacker. and if anyone tries to tell you otherwise, just tell them they're violating your safe space, where everyone is a hacker.
>>
>>57584778
>Let's say I was really good with Kali
Kali is literally just debian with a bunch of hacking and netsec stuff preloaded on it. You can't be "good with Kali" any more than you can be good with a toolbox. Either you know how to use the tools inside it or you don't.
>and I am a creative individual.
Cool. Go be a UX designer or something.
>Now let's say I have no coding or programming experience. Would I still be considered a tool monkey or could I call myself a hacker (even if its just an amateur level)?
>I have no idea how cars work, can I call myself a mechanic?
You can call yourself whatever you want. Would you be able to get a job doing it? Of course not. If you don't know what you're doing most likely you'd just end up bricking your computer or getting tricked into downloading malware or cp.
>>
>>57576846
>Kaspersky OS is good for certain devices
AHAHAHAHA
No, really, fuck off.
>>
>>57576690
What steps do you recommend to get a job like yours.
I'm tired of being a codemokey and want to take a step in that direction.
>>
>>57585209
>tired of being a codemokey
Listen dude... I run an online service that makes a bit of money, and I constantly get e-mails from security consultants and pentesters offering their services, or telling me I have drastic security holes in my system (which isn't true, but whatever) and asking for rewards.
A security expert who doesn't know how to code isn't a security expert, but a script kiddie.
>>
>>57576690
OP still here?
>>
>>57576690
I was considering watching this show, but saw some interview on a talk show about how the show was trying to employ mindfuckery/psychosis to make it seem like the story was all in the main characters head.
Is it true? Because if so, I have no time for a crock of shit premise like that.
>>
File: C6S5995.jpg (43KB, 512x405px) Image search:
[Google]
43KB, 512x405px
>>57576690
I've interviewed with blackbird,fusionx, to name a few, got offered a job with blackbird, and philips, turned both down.
I am what you call an elite cyber fapper, I just fap.
>>
>>57576800
nintendo wii
>>
>>57576690
am i cyber secure?
>>
>>57585525
>Is it true?
No
>>
>>57584925
As if the mr roboto image promised anything else.
>>
>>57581915
>Do you have any pets?
/bin/cat
>>
>>57577705
if you want to do pentesting, OSCP/OSCE hands down
>>
>>57576690
Can you hack me?
Thread posts: 144
Thread images: 6
Thread images: 6