/netsec/ - Net Sec General

man I quietly hoped this would appear sometime on /g/.
it's something I'd really like to get into as a hobby

Installed Sebek on a full interaction physical honeypot last week. Haven't been home to check on it and I'm reluctant about remoting in and spooking any Russians snooping around.

File: IMG_1086.jpg (85KB, 526x440px) Image search: [Google]

85KB, 526x440px

Bump

Awesome, will try to think of something in my bleary eyed sleep deprived state to contribute to the thread.

I can answer most questions about malware.

Aaand I'm stuck at level 2 of that bandit wargame.

Why was I not blessed with any intellect.

>>58268429
>https://overthewire.org/wargames/
Uses backslashes

less some\ long\ shitty\ file

File: notitle.png (14KB, 978x553px) Image search: [Google]

14KB, 978x553px

>>58268443
But it just shows up as a -
It could be because I'm doing this from Windows, but I doubt it.
I tried cd " " and shit like that
but didn't really work

>>58268344
>be me
>learn reverse engineering
>finally can crack that abandonware
>don't crack anything anymore, since everything is already cracked by the scene

File: beavis computer.gif (337KB, 492x376px) Image search: [Google]

337KB, 492x376px

Is placing my PC into the DMZ of my router dangerous if I don't have any applications on my PC that are listening on ports?

It's my current understanding that opening/forwarding ports on your router doesn't expose you to danger unless your PC is actually running software that listens on the aforementioned ports. Is that the case?

>>58268455
Thought you were talking about the next level, use the absolute path to the file instead of relative.

Use pwd to get your current path then add the filename to the end

File: 1480456350450.png (158KB, 666x607px) Image search: [Google]

158KB, 666x607px

>want to make and sell video game cheats
>not smart enough to learn anything about it

>>58268507
Start with a simple game that has no anti-cheat.

File: 1474032276325.jpg (366KB, 1000x818px) Image search: [Google]

366KB, 1000x818px

>>58268524
I think my first step would be to learn how to write software first

>>58268344
>https://cybrary.it/
Stop this stupid meme

How do I get into the main frame?

>>58268507
>created many cheats for different video games
>capable of making cheats for games without relying on others for information
>too lazy to setup a website and monetize any of this

>>58268459
>I can answer most questions about malware.
>>>
>Anonymous 01/01/17(Sun)17:49:29 No.58268429▶>>58268443
> Aaand I'm stuck at level 2 of that bandit wargame.
> Why was I not blessed with any intellect.
>>>
>Anonymous 01/01/17(Sun)17:51:35 No.58268443▶>>58268455
> >>58268429
> >https://overthewire.org/wargames/
> Uses backslashes
> less some\ long\ shitty\ file
>>>
>Anonymous 01/01/17(Sun)17:53:47 No.58268455▶>>58268499
>File: notitle.png (14 KB, 978x553)


what scene? lots to do in the ps4 scene but thats mostly os dev work

How do you reverse engineer an embedded system whose architecture you know nothing about?

>>58268938
updoc

>>58269330
oh man, i remember updoc

>>58269330
>>58269487
What's updoc?

>>58269487
Sorry about the name and tripfagging, my userscript to disable names somehow got disabled.

>>58269586
Not much, you?

This has grown in popularity over the last 12 months. Im not even sure how it happened. Its not because of Mr Robot because not many people I work with in the IT industry have heard of it (which is a bit odd)

>>58268459

first rule of the scene is not to talk about the scene

currently studing 2nd of Computer forensics and secuirty have yet to even touch Kali or anything of that nature lol

>>58270962
because college doesn't teach you shit in 2016
literally everyone just makes malware and social engineers in modern day
that's what it's come down to

>>58271026
2017
fuck

>>58268344
Kill yourself with this stupid shit

I want a basic VPN so I can pirate things without my ISP sending letters to the landlord. I had a PIA subscription last year, but it didn't seem to work very nicely with Manjaro KDE. I wanted to put the servers in KDE's VPN manager, but wasn't sure where to find the full info.

What VPN should I get?

>>58268380
From my experience with a simple home server, you're more likely to hammered by the Chinese than anyone else.

>>58269596

ayyyyyyy

>>58268499
You can just write "cat ./-"

>>58272060
Finally got it, did you?

/g/ - Technology General

>>58270437
WWIII - The Cyber Cold War.

OK /netsec/, I'm investigating a compromisation and it's propogation. When I format a hard drive with a fully compromised machine, a 240MB payload gets written to a hidden file on the new disk.

What's best way to perform forensics and interact with this payload with minimal risk?

I was watching random youtube videos for how to crack WPA2 wifi, I found two methods: capturing the encrypted key by forcing computers on the network to reconnect, then using a wordlist to guess the password; and exploiting the WPS pin with reaver.

are there more methods? what are they?

0-day disclosure or report to vendor?
I have an unpublished vulnerability in an IoT device that's sold by the millions

P.S. I doubt they can fix it quickly. They will need to patch millions of IoT devices and corresponding apps.

File: 1478379128884.jpg (26KB, 500x376px) Image search: [Google]

26KB, 500x376px

>>58276630
Does the vendor in question have a bug bounty program?
If yes, tell them.
If not, turn to the black market.

>>58276702
Yes, but rewards are mediocre by Western standards
Maybe $500

Sup /netsec/, does setting up an rpi honeypot in the dmz on my home network pose any threat besides it being taken in some botnet?

And since it's easy to identify a honeypot, what kind of results can I expect?

>>58276721
Sell it to the twitter guy or create a botnet for hire

OP forgot ;
http://opensecuritytraining.info/Welcome.html
https://beginners.re/

>>58271747
Hack a third world box and tunnel your traffic from there.

>>58275413
What happens when you try to decompile?

>>58268487
Anything routed to a given port on your computer will simply be dropped/rejected/whatever because there is no application socket to attempt to do anything with the data, if someone were to try to 0wn you

>>58276465
That is really the only way, and if the password isn't in the dictionary file, it is basically impossible (atleast with what we know now) to get the password ever

>>58276465
WPA is crackable though :D

>>58268738
Im willing to set a website if youre up for it. Got some experience, and i need a new 2017 project.

>>58276465
Try social-engineering attacks. Fluxion, wifi-phisher

i cant login to the second level with bandit1 and the password i found in the readme file

access denied

>smart enough to write a simple cheat in c++
>not smart enough for it to not be detected by anti cheat
where should i go for resources on hiding my shit from anti cheat?

>>58277953
Did you write it correctly?

>>58278047
Run the game in WINE on Linux and implement your hacks externally
That way WINE acts sort of like a sandbox
Worked for me

Any good pentesting suites for Android? I used to use dsploit but it was discontinued iirc. Haven't looked for any in a while.

>>58278047
I don't know where you will find, but once I saw some coders talking about anti-cheat mitigation, and they said it that one way to do it was to track actions that seek to locate DLLs being injected into the game.

>>58278118
I think my wargamename is bandit1 but the password i got doesnt work

I used cat readme to get the password

How does one become neet?
I want to try on this idea.

>Newfag

>>58278207
There's a market for Android game cheating worth competing? Jesus Christ. If desktop gamers are one of the single pieces of shit that I've ever seen, I can only imagine what mobile can look like.

>>58278207
csploit is a solid fork iirc

>>58278251
nevermind i figured out level 1

>>58278207
Dsploit split into two a while ago. The original devs visions were diffrent so now we have zanti and csploit

>>58278268
Pentesting!=cheating

>>58278238
So hiding the cheat in dll's it trusts? Might try that,thanks for the idea

>>58268344
>netsec
we irl DedSec from watch dog now?

>>58278473
fuck off

>>58278447
You welcome, my dear stocking sniffer.

>asdiuhaefiuhawalkwdslkasjdfh
>[beep]
I'm in.

My old ZTE modem had an unauthorized access flaw so disgusting that the only thing that you would need to access my panel was my IP. Also, there it was a Chinese IP on the custom DNS option. I only found out years after using it. Never again. Never.

>>58278473
How that masked guy can see with those flashy 'x' things on his eyes? HOW?

Also,
>hacker guy using guns
The only thing that we kill is ourselves by not eating proper food and only exercising when we have to run for cross the street.

>>58279269
/g/ has guns, we'll just never use them.