Can we get security general going? Tinfoil hats, skids, people

have bundled up a collection of cybersecurity and other related computer books for research and development. I want those who seek intelligent to have access to it. ive got a link in /t/ in case this thread goes down. ill try to keep the link live. sharing is caring.

https://mega.nz/#F!yRVgCZwa!X2dBn1YuOd4ureIxjM-mZg

>>59346171
this cryptolocker pdf cumpilation again...
thanks but NOPE.

>>59346180
What. This isnt anything new, and has been posted here a million times without anyone being locked out.

More books

https://shodan.me/books/

>>59346171
This is honestly very helpful

>>59346217
I am glad you think so. I originally found this as a torrent on TPB and downloaded it. Parsed through the chaff and theres a lot of very solid books recommended for the field; violent python, malware reversal, all sorts of good shit.

>>59346008
Why not make an IRC channel (or server)?

I literally only have Malwarebytes Premium.

Am I leaving myself exposed to having my pants pull down?

>>59346207
Any Antivirus analyse result ?

>>59346377
Nope, unless you are stupid.

AV isn't really needed unless you don't use usual ad blocking and downloading software from legitimate sources.

I don't use Windows but even I did use it I don't recall if I ever got compromised.

>>59346409
Is mega.nz a trusted sources ? kek

>>59346008
Check cybrary.it and shitloads of metasploit guides on YouTube for creating your own labs.

They are fun but almost impossible to get anything on a patched system unless it's a zero day.

>>59346424
Download it in a Linux based VM and see.

>>59346406
I have no legit av result to show you because I a) dont run an av because i keep everything inside vms and b) knew it would pick something up as some of the exercises in the book zips are literally viruses, since they are books on cooking viruses...

Nigga if youre worried just spin up a vm. If youre still worried do it three layers deep or as deep as your ram can let you until youre satisfied.

>>59346428
Something about that site grinds my gears. Im not a fan of a lot of the content.

>>59346377
What >>59346409 said. AV is only required if youre a shit eating retard who would open HOTXXXCHICKS.AVI.EXE

Bump, who actually works in the IT field here?

>>59346677
I do. In security, too.

>>59346748
Please, stay a while.

Can you elaborate on your role? What sort of experience did you have prior to getting it? Whats the most fun youve had at work?

>>59346757
I do penetration testing. I had an... illustrious past as a blackhat, which I covered up with work for a few "infosec research groups". I never have fun at work, hah; most of the time pentesting is little more than running burp or nessus.

>>59346757
You're weird

>>59346867
>calling another user of this mongolian basket weaving forum weird

>>59346838
Oh get fucked. Pen testing is basically the end goal for me. Its also a shame you say its not very exciting. I guess Im hoping its the change of direction I want it to be. I do hardware repair; servers and desktops and Im so fucking bored. A motherfucking monkey could do my job

>>59346913
A monkey could do pentesting, too, honestly. There are things like red-teaming that a lot of people find fun, but given my past, I tend to see them as a pale imitation of actual hacking.

>>59346838
What would you recommend for someone who is new to all this?

>>59346941
>There are things like red-teaming that a lot of people find fun, but given my past, I tend to see them as a pale imitation of actual hacking.
Thats why Id like to be a red team player, because I never learnt how to be a hacker as a kid/teenager, and given my clearances at work, doing that shit now would be fucking suicide.

>>59346942
Read Hacking: The Art of Exploitation. Install Linux. Start writing Perl or Python tools, and look at other people's code.

>>59346986
solid advice

File: Untitled.png (580KB, 1920x1080px) Image search: [Google]

580KB, 1920x1080px

All I can offer yall worried about the book pack being a cryptolocker is a screenshot of my books folder, which is that dump, torn down. Theres a lot of shit in there, so its best to browse individually for titles you like

>>59347080
Nice. Can you upload your books and post a link?

>>59347178
My books are the books from that dump.

post less about ryzen and more about sec

>>59346171
virus

>>59347080
kek kali in windows you're a fucking pleb

>ArchAssault
>Kali
>BackBox
>BlackArch
>Knoppix STD
>Pentoo
>ParrotOS
>DEFT
>CAINE
>Samurai Web Testing Framework
>Matriux Krypton
>Cyborg Linux
>WEAKERTH4N
>Bugtraq
>NodeZero
>Fedora Security Spin
>securityonion

>>59347566
this is a good contribution to the thread

I work in a pentesting company in Sales. AMA

>>59347714
What would you recommend to a noob?

>>59347753
Learn in Kali, set up a virtual machine and read up on stuff.

>>59347842
Not unless you want random people on the internet to call you names

>>59347714
How did you get into the role? What kind of positions did you have prior? How do I move my career from level 2 and 3 support into infosec? The fields arent even close

>>59347578
im not sure what youre getting at here breh

>>59346171
>https://mega.nz/#F!yRVgCZwa!X2dBn1YuOd4ureIxjM-mZg

can anyone upload this in a single rar file? Thanks a lot.

>>59348364
He's just a salesmonkey. Dude doesn't know how to pentest or get into pentesting.

vmware workstation or oracle virtual box?

>>59346008
Security General would be great. I'm getting sick of those circle jerks about the best programming languages.

>>59346677
as dev

>>59348820
Shame.

>>59348907
Same. All the rust threads are nuts when noone here programs.

So it seems a IT SEC GEN (-> better name?) would be appreciated by people.
What contents should we produce?

tutorials, sec news, books, people???

can someone break my crypto:

>>59349131
Content is a large step at this point.

I just want a space where we can talk shit

>>59346008
That image was posted like a month ago with a buch of cybersec books, they are also on this thread
>>>/t/758722

There was a discussion about the link being not secure and the books to be filled with shit.
Now, the same image is posted by some anon, with the shame theme.

So... What's up CIA guys, you're running out of ideas?

>>59348856
Vmware.

>>59346677
Just as a lowly Support pleb.

>>59349131
>/isg/

Seems like it could work

>>59346171
Can you post those files on another cloud? Thanks.

>>59349654
Why? You have no intentions of using them if youve got that attitude

>>59349776
i do want to use them, but i dont have a premium mega account.

File: thanks mr shark.png (675KB, 740x836px) Image search: [Google]

675KB, 740x836px

I'm glad there's a security general. Would like to see this thread pop up more :)

thanks mr shark

>>59349131
fuck off kid some retard tries that every month and it fails, the last thing this board needs is another group of fucking dumb shits trying to fit in

>>59346677
yeah level 2 support working towards network and security specialisation

>>59349388
thanks famalam

File: 1489104280949.jpg (40KB, 438x438px) Image search: [Google]

40KB, 438x438px

>>59346008
>router runs OpenWrt
>Thinkpad T400 and T420
>T400 runs Libreboot with the ME disabled
>T420 runs Coreboot with the ME neutralized with ME Cleaner
>only non-free firmware is for the wireless card
>wireless card can't do shit without the ME
>everything runs Debian stable
>ad blocker, script blocker, cookie destroyer, and https extensions in browser
>no p̶e̶r̶s̶o̶n̶a̶l̶ ̶t̶r̶a̶c̶k̶i̶n̶g̶ ̶d̶e̶v̶i̶c̶e̶ smartphone
I think I'm ok.

Thread theme: https://www.youtube.com/watch?v=QiFBgtgUtfw

>>59350044
we've tried this a million times

https://wiki.installgentoo.com/index.php/Netsec_general

everyone always says they want one, but nobody actually ever posts it

>>59350119
I am op and this is actually my exact situation

>>59350218
yeah. its a shame.

what i want is for /cyb/ and the ironic/unironic hacking threads to come togerher

>>59350313
well there's always reddit

>>59350056
lol kill yourself

>>59350232
Are you working on any certification at the moment? I'm going to get my MCSE on 2016 this year, maybe try for network+ as well

File: 1486352341858.jpg (43KB, 600x338px) Image search: [Google]

43KB, 600x338px

Hello, lads. I am a very paranoid man currently using an android phone. I was wondering if you guys know of any phones that don't have a direct line to the nsa and are relatively secure. Personally i was considering getting a blackberry q5 but I also don't know shit about security. I realize that there will still be free access to my text messages but im just trying to limit exposure. Help? Thoughts?

>>59350520
Privacy is dead, anon.

I'm sorry.

>>59350520
All smartphones are a security nightmare, do you actually need one? I'd recommend a dumb phone if you honestly care about not being a sheep but bear in mind that you can be tracked off any cell phone because most governments have access to the service providers tower connection details, they can roughly get your location from mast signal strength

>>59350441
I am waiting for the CCNA cyberops coursebook to be released so I can purchase this and study through the first exam of that course

i did sever+ this year, and if network+ is anything like it, its a waste of fucking time. i got it for free from work so i dont mind, but id feel cheated if i paid 300$ for it.

>>59350566
So we're talking flip phone tier shit?

>>59350575
What makes you feel it's a waste of time?

>>59350611
yeah exactly, every modern smartphone can be compromised or tapped at some level

>>59350613
My work has access to the official training material supplied by Comptia. Reading through it, its shit I could find on wikipedia. It was so basic and elementary I just felt dissatisfied with the course.

>which of these ips are public and private
>what is a hot spare
>which raids can you use without a card

I dunno I just dont think I took anything away from it I didnt know from being a level 2 tech anyway

>>59346171
Are there any opsec/infosec related things there?

>>59350643
Any phone period can you fucking dip, it doesnt have to be a smartphone

All of these threads boil down to just one antivirus, no need to read books, or download all that shit.
>Use CommonSense(TM) 2017.


That's it

File: cryingcat.jpg (21KB, 300x300px) Image search: [Google]

21KB, 300x300px

>>59351021
Common sense won't stop the CIA.

>>59351043
Yeah if you don't have your IQ base stat around 130, common sense 2017 is useless against the CIA

>>59350898
What exactly are you asking for because they are two giant fields with very zero overlap

>>59351166
Either one of them, and yeah, I do mix them up quite often.

>>59347714
what is your future outlook for PT?
Is it going towards consolidation where sec is taken care of by megacorps? Is there space for specialization and for independent contractors?

>>59351064
You're actually retarded. Unless you're writing your own operating system and applications the CIA can spy on you. I don't give a fuck how smart you think you are.

Anyone know of some good YouTube channels to watch that put out decent security content? I already watch Hak5, but they're kind of annoying.

>>59351582
I work for independent contractors and business is quite good, but I come across companies with bigcorp solutions more often.

>>59349958
You don't need a premium account to download these. Based off your reply you're too stupid to make any use of the files he shared.

>>59346008
Reminder that pentesters are not real hackers, pentesters are just professional skiddies.

File: Image.png (2MB, 1239x892px) Image search: [Google]

2MB, 1239x892px

"> open the network indicator and see this shit"

Seriously though, this is a little creepy. Never seen anything like this before. Any ideas?

Blacked out stuff is a numeric sequence.

How does the CIA distribute their malware? Removable media?

>>59347080
Mr Robot in the background, heh

>>59348818
Go to the root and click the 'Download and Zip' link top right.
It's a 4.3GB download. I had to use Chrome.

>>59351794
They need physical access to your shit, so if you're not a flog you're pretty safe

>>59346171
>file too big to be reliably handled in memory
how do I download this?

File: 28406493694.gif (2MB, 500x377px) Image search: [Google]

2MB, 500x377px

>>59346171
Thanks dude, some interesting stuff in there.

>>59354153
I am unironically enjoying the series very much.

>>59355548
with a kompootor

>>59355896
>saving your passwords into a text document
what

>>59356100
it was a stupid question, sry

>security thread
>full of script kiddies using kal from a vm in windows
my sides

>>59356193
Mate you gotta learn somewhere. Ive spent my entire life knuckles deep inside computers fixing parts. Sec has zero overlap with this, how do you think I am ever supposed to learn other than by learning?

>>59355948
where does this airgapped machine get its content from?

>>59346171
>unironically downloading cybersex.rar from 4chan

>>59356122
my advise is look through it for individual books you find interesting. 40% of that dump is garbage imho

>>59356546
>not knowing the same dump has been on private trackers for a long ass time
>thinking OP who originally posted this link to 4chan actually compiled this shit himself

>>59350208
S Y S T E M D
Y
S
T
E
M
D

>>59356764
systemd is good

>>59356764
S Y S T E M D
Y S T E M D S
S T E M D S Y
T E M D S Y S
E M D S Y S T
M D S Y S T E
D S Y S T E M

GET ON MY LEVEL PLEB.

>>59356933
why are you like this

Have yall checked out

https://shodan.me/books/Security/

from

>>59346211
?

>>59357168
Do I become a hacker if I read all of them?

>>59357361
only if you buy a hoody and a terrorist watch

File: failed.jpg (286KB, 1600x786px) Image search: [Google]

286KB, 1600x786px

>>59356860
no it's not

>>59357477
wtf happened

>>59346008
I tried this a month ago, including a vulnerable IP to test on (not mine), and no one replies.

A bunch of non-information and a red matrix image and now it's going? Fuck you guys

>>59357575
This is the image from the last succesful thread, thats why i chose it, maybe /secgen/ will become a thing and it can be the image for each thread

Ive been doing a fair bit of wargaming, you into that shit? overthewire in particular

should've gone AMD instead

>>59358745
AYYYYYYYYMD

What is a good book to read after art of exploitation?

>>59346171
I still ainte clicking that shit nigga

>>59346008
Aww babby figured out how to use metasploit, actually probably armitage, to own an XP VM.

>>59359544
Reread it because there are still things you missed.

>>59348856
Virtual Box. It has its source in open and it is faster than VMWare, even without Guest Additions.

>>59350566
Do old BBs count as dumbphones?

Don't most dumbphones run a Java based OS? I'm a tech illiterate retard, but isn't Java responsible for a lot of security nightmares?

>>59350520
Make your own smartphone by combining Raspberry Pi (bluetooth) with actual low spec (non)smartphone (bluetooth). Or leave out the smartphone thingy and get 3/4G module.

>>59353507
You are in deep shit, agent! Report to your local office immediately!

>>59353527
Yup. USB dongle with custom firmware which scans targets memory and does in situ attack.

Better hotglue your USB ports off, dude.

File: weirdalfoil_2322.jpg (40KB, 350x347px) Image search: [Google]

40KB, 350x347px

>>59346008

There's no such thing as security anymore. Even fucking VeraCrypt's library files have been infiltrated. No OS is safe. Your hardware isn't safe. The NSA/CIA intercepts fucking networking gear in-transit to load bugged firmware on it. They can most likely intercept and decrypt TLS web traffic in real-time. I wouldn't be surprised if all semiconductor manufacturers were forced to introduce flawed elliptical curve algorithms for encryption schemes directly on die.

TL;DR burn all your computers and find 1980's calculators to compute with.

>>59360975
Pretty much this.

All my friends from back in the day live in fucking remote farms with no electronic devices. They cashed out their options and savings and completely disconnected from this earth.

I'm still at it and it is becoming frightening every day. My job is to use invariants to manually audit code and rip out control flow graphs, run satisfiability conditionals on them and I never, ever fail to break software. My coworkers are crypto engineers who routinely can break any crypto simply by running it in a VM and timing the virtual cache. Keep in mind 90% of everything is run in some kind of virtual threading environment these days.

Even Don Knuth uses fvwm on an offline linux terminal these days

>>59346609
>implying that downloading HOTXXXCHICKS.MOV.BAT was a mistake

>>59361044
Further, I will instruct you all on how to get redpilled so hard you will want to run from this society and burn all your devices.

Start with 15-122 at CMU
https://www.cs.cmu.edu/~rjsimmon/15122-s16/

Progress to 15-213
https://www.cs.cmu.edu/~213/schedule.html (tip click old video)

Progress to Bug Catching/Automated Program verification 15-414 http://www.cs.cmu.edu/~mfredrik/15414/schedule.html

Holy shit you are slicing through ever single program now.

Progress to Art of Computer Programming Satisfiability fascicle. Now you are absolutely destroying everything that exists. No program is safe, no standard is safe! You're finding errors in critical IETF standards.

Now go on IETF and read every message written by DJ Bernstein since 2010 in the IETF crypto working group. Holy fuck, it's game over man! /bill paxton

>>59360466
>Aww babby figured out how to use metasploit, actually probably armitage, to own an XP VM.
Thats literally what it says in the OP you enormous cocksucker

anyone have a noob anti-cia starter guide/pack?

File: robocop-dick-jones.jpg (56KB, 600x449px) Image search: [Google]

56KB, 600x449px

I will also tell another frightening story to you all.

I was given the task of fuzzing/checking invariants for a machine learning system at an unnamed very popular corporation. It's literally called 'brain'. It's job is to predict your behavior. It literally watches everything you, and everybody else connected either via their TV, fridge, browser or car does and then predicts their behavior. After your entire future is predicted it will then manipulate it, feeding you what it thinks you want to see in order to control your responses and lead you into their web.

It's incredibly sophisticated and I realized that easily I would be sucked into such a black hole, a never ending echo chamber that can subtly manipulate your every desires and dreams.

Life as we know it, ended. We don't live in any kind of free environment no matter where you are so long as you are connected to this machine. Burn everything you own and go shop for Tandys and SparcStations, unplug every network you have and buy a throwaway phone. Treat that phone like it's literally cancer and store it in a lead filled room when you're not using it to contact immediate family and friends. Get the fuck out of here it's getting really dangerous

>>59361216
where the fuck do you work

i want that sort of job

File: milk_and_cereal.gif (2MB, 320x362px) Image search: [Google]

2MB, 320x362px

>>59361155

You just need a $100bil budget and the most elite computing theorists on the face of the planet. I'll wait here while you procure said items.

>>59361283
do i also need to buy out the gubbament?

>>59361296
yes

>>59361230
Take these courses
http://www.cs.cmu.edu/~mgormley/courses/10701-f16/schedule.html
http://symbolaris.com/course/fcps13.html

And satisfiability https://www.cs.colorado.edu/~srirams/papers/popl10.pdf which i learned from this https://www.amazon.ca/Art-Computer-Programming-Fascicle-Satisfiability/dp/0134397606

Now go apply to Optiv, you'll get your chance to see this horror in real time.

File: the_live.jpg (256KB, 1920x1080px) Image search: [Google]

256KB, 1920x1080px

>>59361444
Optiv was bought by KKR, which looks exactly what a CIA front would look like.

There is no such thing as security anymore we are just sprites flipping bits in their grand simluation sitting on the desk of somebody's VM at the CIA or NSA.

>>59361216
How can you tell if you're under its control or not if you know that it exists? Like, you have a car and other electronics from what I'm assuming, or at least people you know. What's stopping those things making a profile on you in addition to the people around you?

File: dido.jpg (13KB, 315x315px) Image search: [Google]

13KB, 315x315px

>>59360879
I'll hotglue'em alright.

>>59361610
ayyyyyy papi

>>59361216
I want to believe you but I honestly can't.

Besides I know suggestion is real but it isn't an all-powerful mind-controlling system.

If you could give us some proof that'd be nice.

Btw this is a very nice thread, I hope it becomes regular, the topic of internet security is very interesting to me even tho i'm a retard when it comes to coding and protocols and networking and pretty much everything.

File: file.png (72KB, 677x1038px) Image search: [Google]

72KB, 677x1038px

>>59355548
like this
https://megatools.megous.com/

Anybody else here been trying DNSCrypt?

I haven't bothered writing an init script for it yet, so I have to start it every time I start my computer, which is about once a day. It's just something that runs on TTY2, not a big deal.

I'd highly suggest using it; even if you change your DNS server, your DNS queries are still sent in plaintext.

I recommend d0wn's. No-logging, they all support DNSCrypt, locations in Iceland and Sweden.

>>59346171
>https://mega.nz/#F!yRVgCZwa!X2dBn1YuOd4ureIxjM-mZg
I really don't need tons of books. I have 3 security books that is enough to hack even 4chan.

>>59361756
what ones?

>>59353507
probably a joke tbqh senpai

>>59362031
id def do something like that

File: 1484367587394.jpg (615KB, 1580x2238px) Image search: [Google]

615KB, 1580x2238px

Any good CTF writeups you guys like to read?
Obligatory http://blog.dragonsector.pl/

Also what is objectively the best CTF competition?

>>59362148
why dont you play them instead of just reading summaries

>>59362205
I do but reading how people that are much more competent than me solve shit is a great way to learn.

>>59362255
right right. if im stuck i just google and see whose got a blog up of that particular wargame. seems to be lots of them for almost of em up

Nearly time for this to die, over 24 hours, I guess /g/ wants a General for this. I'll cook up some pasta for it

>>59362148
O(n == n)

>>59356413
USB device that is firewalled before going in the air-gapped USB port.

Or, if you want to go hyper secure, write your own communication system over USB / ethernet.
Non-standard communication protocols are secure as fuck because it requires active hacking to figure it out. Automated scanners cannot pick out these resources easily.
You'd notice if some cunt was prying apart your computer remotely trying to figure out weird shit simply due to the high resource use. (which is why, as I said, a simpler OS is better since it has a low footprint and you'd know if something funny is going on)

Of course, these do require a lot of learning to do.
You need to get in to both programming, OS programming, electronics programming, various protocols and equally coming up with your own protocols that are very visibly when being hacked with. (any non-standard instructions throwing alerts, which would only happen during either hardware failure, you testing things, or while being hacked)

A system like this is full tinfoil hat tier.
Even CIA and NSA don't do this. (as evidenced by their leaks)

>>59361216
There is a lot of reality to this.
Advertisers and various large companies constantly try to predict and influence behaviours of their target markets.
This shits like, sub-subliminal, they do this shit behind the scenes then broadcast a response to you subliminally, catered directly to your persona type.
They are very good at influencing people without them realizing it.
People don't mind it as much when things are in their own interest, and they take advantage of that every day.

The fact machine learning has exploded recently will mean they will get even stronger systems capable of emulating probable behaviours and how to influence even more people. (typically intelligent people, they aim these systems at the sub-120 IQ types, or those with low reasoning and spatial awareness)
Advertising is about to grow up in to a man. A very powerful man.

>>59346171
Where should someone start with those books?