Thread replies: 46
Thread images: 6
Thread images: 6
Anonymous
/nsc/ - netsec general 2017-02-26 08:49:14 Post No. 59125668
[Report] Image search: [Google]
/nsc/ - netsec general 2017-02-26 08:49:14 Post No. 59125668
[Report] Image search: [Google]
Why noone ever replies to these edition.
/netsec/ is dedicated to everything about computer security, networks, exploits, reverse engineering, social engineering, hacking, tricks, etc.
How To Become a Hacker: http://catb.org/~esr/faqs/hacker-howto.html
>Learning
https://cybrary.it/
https://n0where.net/
https://www.offensive-security.com/metasploit-unleashed
http://resources.infosecinstitute.com/
http://www.windowsecurity.com/articles-tutorials/
https://www.sans.org/reading-room/
https://www.corelan.be/index.php/articles/
http://opensecuritytraining.info/Training.html
https://www.blackhat.com/html/archives.html
http://www.securitytube.net/
http://opensecuritytraining.info/Welcome.html
https://beginners.re/
>News/CVE releases
https://threatpost.com/
https://www.deepdotweb.com/
https://packetstormsecurity.com/
https://www.cvedetails.com/
http://routerpwn.com/
http://www.exploit-db.com/
https://www.rapid7.com/db/
http://0day.today/
>Wargames
https://overthewire.org/wargames/
https://www.pentesterlab.com/
http://www.itsecgames.com/
https://exploit-exercises.com/
https://www.enigmagroup.org/
http://smashthestack.org/
http://3564020356.org/
https://www.hackthissite.org/
http://www.hackertest.net/
http://0x0539.net/
https://vulnhub.com
https://ringzer0team.com/
https://root-me.org/
https://microcorruption.com/
https://starfighter.io/
>>
>>59125668
>Why noone ever replies to these edition.
/g/ is /v/ now, etc etc. Also maybe you just have a shortage of offensively-minded rather than defensively-minded folks.
I'm chasing down a glitch in a VM that happened after I updated the kernel for that recent privilege-escalation problem. fun times.
>>
>>59125668
there aren't enough of us here,
that's why nobody posts
>>
are attacks on qemu really something I should be worried about? It's not that common, is it?
>>
>>59126428
Escaping the VM might fuck your shit up.
>>
>>59125668
How probable is that a website can inject a vm escape malware even when maximum security is toggled on, on tor?
>>
File: xqw389jh.jpg (244KB, 2000x1000px) Image search:
[Google]
244KB, 2000x1000px
>>59125668
>How to become a hacker.
>>
>>59126446
Nearly impossible. Just nearly.
>>
>>59126446
A website? I'd imagine there are exploit kits targeting versions of Firefox associated with the Tor browser bundle.
Most modern browser exploits require JS to be enabled in order to work though.
>>
>>59125668
Nice. We should make these threads a regular thing, like the daily programming threads. We need to build a hacker culture on /g/
>>
>>59126446
VM escapes are one of those exploits that are possible but rare and difficult to pull off. Worry about stopping arbitrary code execution and elevation-of-privilege attacks first, those are a lot more common, and if an attacker can't get his own code running on your machine he'll never have the chance to do a VM escape in the first place.
First rule of using Tor is to disable JS. So many browser exploits rely on JS that its not even funny. Not all of them, every once in a while you'll see something where (for instance) a malformed image file can lead to code execution. But lack of JS makes things awfully difficult for a malware-writer right off the bat.
>>
>>59125668
Your forgot to add reddit :^)
https://www.reddit.com/r/netsec/
>>
>>59125668
How plausible is it to get malware on your android phone? I'm talking ads on websites that you can't block. Even if you don't click on them can they get access to your files?
>>
Best way to harden ssh security for a vps?
>>
>>59127145
- Turn off root login. Use another user to work with your VPS.
- Use a key authorization rather than a password.
- Use fail2ban.
>>
>>59125668
How do i completely delete myself from the internet?
is there a guide to
1. fake, untraceable email, that can be used in other websites that ask for it [even social media] ?
2. completely remain anonymous / untraceable on the internet?
i want to know about anything to do with anonymizing my internet experience.
>>
>>59127884
What's your goal?
>>
>>59128059
an hero, eventually.
but right now i'm just trying to erase myself from the internet.
>>
File: 1486438831771.jpg (117KB, 1280x720px) Image search:
[Google]
117KB, 1280x720px
>use disposable mails like 10minutemail.com
>don't trust companies like Google, Facebook, et cetera
>don't use windows or apple software
>use linux as your daily driver and tails for sensitive data
>use open source or free software
That's all that I could thing about right now.
If you already gave out your info, is nearly impossible to stay off the grid. However, anonimizing yourself isn't an all-or-nothing job, every bit counts.
>>
>>59127884
>1. fake, untraceable email, that can be used in other websites that ask for it [even social media] ?
Create one time use emails at cock.li.
>2. completely remain anonymous / untraceable on the internet?
Use Whonix/TAILS.
Buy SSH tunnels from some shady Russian to circumvent constant "Fuck you" for TOR users.
>>
>>59128150
was meant to >>59127884
>>
>>59128150
>>59128164
>>59128163
thanks.
>>59128150
>you already gave out your info
how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
> nearly impossible to stay off the grid
yeah, unfortunately.
maybe i'll keep protonomail for absolute necessary shit.
>However, anonimizing yourself isn't an all-or-nothing job, every bit counts
you said it.
>>
>>59128199
>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
Never. Seriously.
You done fucked boy, pack ur shit.
>>
>>59128199
>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
Well, depends on how well your data is distributed. If you're on old backup servers, never.
>>
>>59128199
>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
sit around for a few decades and hope the only FB server holding your data explodes into flames
>>
>>59127120
Depends if those sites have an exploit.
Most malicious ads will try a whole range of JS exploits, mainly for outdated browser exploits.
>>
>>59127145
Disable Root login.
Change the port to evade common port 22 attack.
If you use key based auth, set the login retry to a minimum.
AllowUsers
DENYusers
>>
File: tmp_29908-george1420960247.gif (903KB, 300x200px) Image search:
[Google]
903KB, 300x200px
>>59126529
"forgot"
>>
>>59128086
Kill yourself.
>>
>>59128942
eventually, ya stupid cunt, eventually.
>>
File: 1479214598045.png (7KB, 341x413px) Image search:
[Google]
7KB, 341x413px
B U M P
>>
>>59125668
Thanks for compiling all these resources
First time I see them in this thread
>>
>>59126446
the fact that you're not using dedi hardware is bad sec practice in the first place
Why take unnecessary risks?
>>
>>59127145
strong pass
fail2ban (optionally)
everything else is a waste of time or sec by obscurity
while properly segmenting your services to non root users is good sec practice disabling root login by no way helps
a box with a net facing root and a strong pass is as secure as a box with only lower priv users that are net facing
>>
>>59130115
Everyone has moved to libressl right, or is it too hard for most retards on /v/?
>>59127821
>- Use a key authorization rather than a password.
This is incorrect. You should be using both.
>>59127145
To add to the others:
disable empty passwords
disable keytypes other than your own
Here is some more info:
https://wiki.gentoo.org/wiki/Security_Handbook/Securing_services#ssh
https://dev.gentoo.org/~swift/docs/security_benchmarks/openssh.html
>>
>>59127120
imo most of those spam ads are "safe" ads without malware but rather they force u to idk fill out some survey that in the end in order to submit data want you to subscribe with your mobile phone or whatnot to some other 3rd party shit that will take montly fee out from your phone
that is so far from my experience
>>
File: 1481786939115.png (494KB, 1242x1080px) Image search:
[Google]
494KB, 1242x1080px
>>59126497
There are multiple better chans that have ongoing security discussion and that aren't full of constant shit flinging.
>>
>>59135452
which chans? i know about /sec/ on lainchan, but it's slow as heck, with generally very little technical discussion period
>>
whats the common / best rules for a firewall?
>>
>>59135564
Block all incoming and outgoing ports
>>
>>59135499
infinichan, lainchan is good as well.
>slow as heck
Who cares. It means that people actually give well thought out responses.
They aren't just spoonfeeding generals, its expected that you know how to do your own research and that questions asked aren't ones that can be answered in a 20 second search using a search engine.
>our system thinks your post is spam
>>
>>59135564
And i have no internet then
>>
>>59135738
idk, it'd just be nice to have a nice chillout general or something to discuss exploit development and reversing when we're not actually doing it.
communities/discussion on the topic of netsec being slow can make conversation feel pretty disjointed and difficult to get invested in
>>
>>59135821
the internet is harmful
>>
>>59135835
>general
Well then someone already linked a place to go here >>59126529
There is already a hacking genreal on lainchan. But as usual """"Generals""""" are better suited to IRC, and the lainchan one is usually pretty active.
>>
>>59136043
/r/netsec is good for news but it's not much of a community
i suppose i'll give the lainchan irc another go
Thread posts: 46
Thread images: 6
Thread images: 6