NetSec Thread

>>59848613
Thoughts on Binary Ninja?

>>59848613
I see you post these ever so rarely, but i think it's mostly because of the Anonymous tier shit links and vocabulary you post.
Like:
>How To Become a Hacker

some resources are really good and it pities me that you rarely post these

Hack the planet!

I personally love these threads. They are the only ones I filter to the top of the board.

>>59849034
That's the name of the article son.
ESR a shit but that article is good for fresh meat

Is learning a foreign language like Chinese or Russian useful in the netsec field? Or do most experts from those countries speak english anyways?

>>59849342
unless your going to be a fucking communications especialist in the army or your going to become le mlg spy (spies aren't what you usually see in movies, more like regular office jobs) then yes

How much protection does doing my browsing in a VM buy me? I'm under the impression that VM escapes are fairly rare and difficult to use, and not found in garden-variety malware, is that the case?

>>59849542
Code execution probably not.
Memory of host, possibly

File: 1282843406705.jpg (41KB, 552x510px) Image search: [Google]

41KB, 552x510px

>>59848613

Does anyone else suffer from crippling procrastination? I look at all the sites OP posted under learning and just get overwhelmed by the amount of stuff that's there. I wish I had matrix-style insta download of knowledge.

Thanks for threads like this.

>>59848613
are there any good rainbow table tools for linux that are legit, no viruses or anything?

File: 1490295976287.png (234KB, 545x530px) Image search: [Google]

234KB, 545x530px

anyone want to team up for picoCTF? only 2 days left tho

>>59850101
I got this too. What I learn is just jump into it and expect to fail. Even hope to fail and just try to do something else.

Find something that looks really cool or sounds like something you can get into and once you excel at it, you will either love the other fields or you will learn you hate it(in which case you only wasted some time learning instead of learning all of it and then hating it or worse go to school and waste money.

>>59849034
I'll start posting them weekly. If any one has any good resources feel free to share them.

>>59850859
k&r's pretty good

File: 1491590420293.png (139KB, 917x871px) Image search: [Google]

139KB, 917x871px

I've actually always wanted to go into cyber security but I didn't because I thought I was too much of a brainlet

>>59850389
Jack the Ripper

>>59853045
thanks so much, this is exactly what the question was intending me to use! i'm not sure why it didn't show up on google

>>59852296
Just start.

Buy a book. A real book. Any book on this topic. Once you spend real money on it, you'll read it, because you don't want to waste your real money, do you?

File: 1476079167407.jpg (181KB, 1280x600px) Image search: [Google]

181KB, 1280x600px

>tfw using john the ripper
actually the base install didn't work for md5 so i'm having to install the "jumbo" edition

>>59853085
It was preinstalled on backtrack.
You could find a lot of good tool suggestion from that community.

>>59853740
the jumbo version worked like a charm, the reason the base install was taking forever was because it was resorting to incremental mode so brute forcing.. i had to set it to raw-MD5 mode manually b/c it didn't recognize it but i suspected that was it. capture the flags are so fun, i'm doing pico ctf right now

>>>/int/73487330
is he right? is debian the script kiddie distro?

>>59849342

if you want to investigate forums in native language and pick tidbits from hacked docs/code then yes. otherwise use google translate.

is it true that once you have a solid foothold inside a company network that it's mostly a matter of when not if you get access to domain admin?

>>59853934
No, that's Arch.

Anyone have any ideas for a birthday gift? It's for my brother who is a pentester. He's been there for me and I remember reading Little Brother together which sparked his interest initially.

>>59854126
"solid foothold"

>>59854314
Why not get something he's interested in as a human being?

Are there any online video resource about this kind of stuff? especially about networking

>>59856821
>https://cybrary.it/
The very first link...

File: 1484143213239.jpg (6KB, 193x261px) Image search: [Google]

6KB, 193x261px

What resources do you guys recommend for someone who wants a bigger and in-depth understanding in networking. NOT HACKING. Since you need a good basis on networking to become a good hacker, anyways.

>>59849542
some of the gargen variety stuff is implementing VM checks so it doesn't execute in a VM.

File: Thanks mr shark internet.png (273KB, 620x700px) Image search: [Google]

273KB, 620x700px

>>59857624
Cybrary, they have a free network+ class and some other networking stuff I believe.

thanks mr shark

>>59857624
Learning the OSI model and where each layer exists in a network is very very useful, learn how a switch works, learn routers and common routing protocols

File: hqdefault (1).jpg (11KB, 480x360px) Image search: [Google]

11KB, 480x360px

not really netsec, but what do you think about number stations and other radio related things like SDR etc?

>>59857624
https://www.amazon.com/Computer-Networking-Top-Down-Approach-6th/dp/0132856204

>>59857764
It really isn't. Most professional (retard) security people love to talk about this all day, but there are few things to do on layer 2 and 3. Setup firewall, memorize ports. Most of the security action is layer 7 and 8, although I wish SANS would shut the fuck up about the 8.

>>59852296
Take adderall. It's a wonderful drug.

>>59857783
I fucking hate the OOOSPOOKY mood that surrounds number stations. They're nothing mysterious. In fact they're quite well documented. We just don't know what the content of the messages is but it's clear that they are meant for spies using one-time pads.
There was even a guy on youtube that used to collect some of the hardware that is used to generate the noise and number sequences. I can't remember his name though.

>>59857735
Thanks mr sharko

>>59857839
>Most of the security action is layer 7 and 8

I thought there were only 7 layers of the OSI model

>>59857624
Learn Cisco. You'll learn about routing protocols and how to configure networks properly. CCNA material is what you're looking for.

>>59858158
There are a few more. The 8th layer is the human layer.

Layer 8: The individual person.
Layer 9: The organization.
Layer 10: Government or legal compliance

>>59858200
this sounds stupid

>>59848613
>Why noone ever replies to these edition.

Where do you think you are? Go make a whatsapp emojis thread or something more appropriate to /g/'s interests.

>>59858278
underrated

>>59848613
OP Should link the vault 7 leaks, they're an interesting read.

>>59858427
>implying anyone reads those

People just like to shit on things, not actually study them

File: 1263376353063.jpg (12KB, 426x304px) Image search: [Google]

12KB, 426x304px

>>59858526
I'd study them if I knew what they were talking about.

>>59858820
tl;dr CIA is hoarding zero day exploits for a shit ton of devices/operating systems and they're super spooky and can hax your tv

>>59857624
computer network's and internet's alright. i have to read it for a class, one of those where the professor doesn't teach and you have to learn it yourself. they're super jewey about not letting you even download the ebook so idk if there's any pdf's

>>59858237
layer 8 is social engineering, which is an important part of security

File: redpass2.png (159KB, 491x1116px) Image search: [Google]

159KB, 491x1116px

Security Level: Reddit

File: reddit.jpg (266KB, 1280x960px) Image search: [Google]

266KB, 1280x960px

>>59860421
fucking reddit..

>>59848719
Non-free software

>>59858427
You betcha they are.
>>59859978
Pretty much this, but not just it.
They developped a lot of tools and ways to utilize em. Also lots of procedures.
They basically threw redonkulous amounts of money to hire good engineers dedicated to giving them the technical means to reach their goals.
You can take a wild guess what those goals are.
Then again, the more you think about it, the more it sounds like super fun doing that.
No wonder they brag in their documentation.
>Paid fucktons o' shekels to devise new ways to fuck with people
>Where do I sign

bumperino

https://www.netsparker.com/blog/web-security/hacking-smart-tv-command-injection/

cyberpunk style hacking everyday objects when?

>>59863777
with the rise of the internet of things, we should definitely see an increase of attacks like this.

i'm scared that cyber sec will become a meme like software development overrun by wannabe hackers / people doing it because the media told them its ez

>>59864561
I mean
isn't that every field now

>>59864646
i'm not too sure on that, I have been seeing it more in "coding" with the media going insane over how much programmers make and how easy it is to start (girlswhocode, regular code camps, etc)

File: 1491599606850.jpg (226KB, 1200x900px) Image search: [Google]

226KB, 1200x900px

>>59864669

>>59864689
delet

>>59864669
holy shit is that Carmen San Diego?

>>59864689
THIS

Women have their tits in a twist because there aren't as many women in tech... so what?? some fields are dominated by different genders, women for education, men for tech, etc. There's nothing wrong with a gender gap, it's not doing any harm at all.

more important to get results/good code rather than pander to sjws..

>>59850812
Already for a team from work.

>>59864782
bah meant to reply to
>>59864689

>>59860394
bull fucking shit

>>59857885
>not meth
skiddie

Shit, I'm confusing something here. If the IP packet encapsulates the TCP segment or UDP datagram, how the fuck does TCP proves reliability to the IP packets being delivered?

>>59867491
its not really what the TCP message says, its how its handled. look into TCP handshakes, that will get you started understand why TCP provides reliabilty

should we bring back the irc or use something else like discord or tox

http://www.strawpoll.me/12736081

Can anyone give me a quick rundown of what the fuck Spanning Tree Protocol is?

there's really no way to get into a cyber security career without a security clearance right?

>>59868173
There are many careers in cyber security that don't need security clearance. Security clearance are usually for government jobs.

>>59868228
ah ok, I live in an area composed of mostly defense contractors so I've been getting that impression from most job listings.

>>59866825
Go ask Mitnick, don't be a fool

Weakest part of security is the human using the machine

File: 1447309855712.jpg (103KB, 800x598px) Image search: [Google]

103KB, 800x598px

>>59868283

Any recommended CTF's for beginners?

>>59869565
>>59848613
read

>>59869565
What is CTF?
Also thanks mr shark

File: b3f00685-9f06-4080-bdcc-1b7ebdcf6069..jpg (80KB, 1000x1000px) Image search: [Google]

80KB, 1000x1000px

>>59860421
>Security level: Reddit
ooh, my sides

>>59869586
>>59869761
wargame

Is there any forum about this topic?

>>59870091
what are you trying to read

>>59864788
This, minorities always get offended by being a minority it doesn't matter what it's about. It saddens me they can't accept it and move on.

File: pls.jpg (2KB, 83x90px) Image search: [Google]

2KB, 83x90px

How do I know if I'm smart enough to work in netsec

>>59871477
If you need to ask then just don't.

Does anyone here work in network security/cyber security? Whats your day at work like? Work-life balance?

>>59857944
>that they are meant for spies using one-time pads.
Wouldn't they be using RSA by now?

>>59870191
Something like hackforums, but way more mature and serious. Not about hacking like a kid.

>>59848613

What would be the best option for running a VM OS?

I was thinking of installing a barebone stable OS that doesn't need updates frequently which is also hardened and install QEMU and Veracrypt.
It'd be great if I could run multiple VMs at the same time.

Are there any tutorials out there?
Maybe there's a setup already made for this?

>>59870091
>>59872633
>I was thinking of installing a barebone stable OS that doesn't need updates frequently which is also hardened

debian on vmware
done

>>59872646
So am I supposed to install vmware onto my hardrive and boot that?

File: f9e78bed63[1].png (49KB, 757x569px) Image search: [Google]

49KB, 757x569px

>>59872661
Yes

>>59872729
Since when was VMWare a bootable OS?
Got links to the download?

>>59868143
Loop detection protocol permits redundancy between network assets and avoids broadcast storms.

>>59872747
You're suppose to install vmware on your desktop, then install your os in vmware

File: concept.png (9KB, 768x480px) Image search: [Google]

9KB, 768x480px

>>59872773
I don't want to do that.

I want a stand alone OS that is extremely lightweight and only runs VMs.

The only GUI would be the one to choose a VM to run

When it boots all you see is pic related

>>59872839
qubesos or whatever

>>59872839
check out for vmware esxi, there was a free version limited to one cpu socket back in the version 5 dayz, it might still exists.

(need to register a vmware account (free)

Or go for packaged linux alternative like proxmox VE.

File: GUI.png (5KB, 768x480px) Image search: [Google]

5KB, 768x480px

>>59872839
whoops wrong pic

>>59872849
I Just want to run VMs

>>59872876

I already have the crack.
I don't want to use winblows either.
I'm going to probably use QEMU

All I want is to know what is the best distro that won't break and I can harden and is also lightweight/barebone

>>59848613

Hi there Fed.

Wanna know why so few reply to these threads? Cause you all are killing us, figuratively speaking.

Hackers have a rich culture cultivated over decades. A culture meant to foster technolust, Internet freedom, and make it socially desirable to dig into the internals of electronics and programs to repurpose them.

You all focus obsessively on cracking systems and, worse, flood our communities with certbabies and others who don't care to learn anything beyond what is needed to pass a certification or class. People who are diluting large segments of our culture away from risk taking and innovation to "muh cyber! muh patriotism!"

Change how you market to hackers. Change how you market to train hackers. And minimize your use of that godawful meme of a word "cyber".

>>59872849
QubesOS is fat as fuck, if you want something lightweight build it yourself with Gentoo.

>>59872981
I was told this before.
I;d like to know if it will break easily and how stable is it?
I'd like to minimize the amount of updates I need to do but still be secure.

File: hesgoingallout.jpg (36KB, 625x626px) Image search: [Google]

36KB, 625x626px

>>59872941
>triggered skiddie

calm the fuck down, there's nothing wrong with this thread it's just a place for people interested in CYBBBEEEEEEERRRRRRR security / Networks to learn and discuss.

Stop acting like an edgy entitled "e1it3 hac0r"

>>59873048

Oh fun. Why don't you go expose more backup drives filled with SF-82's to the Internet, Mr. Fed?

What's what? You're too busy giving paid copies of Burp pro to Patriots™ who don't know how to do more than an automated scan.

>>59873048
We're not the ones who keep obsessing over 80's and 90's era hacker movies. It really is only the Feds who literally push for 1337 h4x0rz these days.

>>59873188
Neither are the people in this thread ? ? ?

Anyone tried using adderall/modafinil for studying? Is it just a meme?

>>59873022
should be stable, i've been running Gentoo for a long time even with hardened-sources and it's really stable.
Last machine had over 300+ days uptime recently updated kernel so it's gone now.

>>59873468
Ok thanks. I'll try it out.
I haven't used Gentoo before though. Might play around in a VM first.

How easy would it be to install an already running OS to other computers?

>>59873324
how does one even get adderall without prescription

>>59873560
buy it from a dealer

>>59873598
can I find these dealers online

File: smugpepe.jpg (61KB, 670x670px) Image search: [Google]

61KB, 670x670px

>>59873662
wouldn't recommend it

if you are at a uni/college I GUARANTEE you will find a addy dealer, it's very popular among colleges. There are some in High schools but not as many.

Be careful though anon, adderall is an addictive substance.

>>59873708
Unfortunately I go to an online school so that's not an option.

I guess I'll have to find some other alternative.

>>59866825
If you don't agree, you know absolutely nothing practical about security

>>59873728
Instead of working/studying at home try going to a different location such as a library or a coffee shop, that sometimes helps me.

Work hard, anon!

>>59872839
you want a bare metal hypervisor

proxmox you retard

File: 1485422313785.jpg (2MB, 4032x3024px) Image search: [Google]

2MB, 4032x3024px

who /gear/ here

Is kali linux a meme, or do people actually use it for cyber security

>>59874162
I only have a RTL-SDR.

I need to make a decent antenna for it.

>>59874301
it's basically debian with shit installed on it. Most kids don't even learn what the tools do they just search "how to hack wifi kali" on youtube.

File: 16441677_1395767940481624_1164754617_n.jpg (35KB, 768x576px) Image search: [Google]

35KB, 768x576px

Been struggling for the past few days to crack wifi using Reaver on Android
People in XDA thread have no solution for this yet

https://forum.xda-developers.com/android/help/reaver-android-wifi-hack-stage-error-t3220744/page3

The error I'm getting is sush <stdin>[3]: sh: not found
error: only position independent
executable (PIE) are supported.

>>59848613
How do you know if Noone replies or not? He's evidently not namefagging.

>>59872480
Why?
RSA wouldn't allow for very long messages, and OTP has perfect secrecy if not used like the commies did.

>>59873324
Modafinil is just a meme. I have that prescribed and it doesn't do shit

>>59854345

own a workstation which connects to a dc

>>59860421

Design decisions are hard when you have no idea how the internet works and you're building an internet website

>>59874162

How does this compare with ettus? Is gnu radio decent?

>>59874926
really?

Not him but I was literally about to pull the trigger on buying some since people say it works.

>>59850389
I like hashcat, works well and the dev is vocal in a good way

>>59848719
it's actually really good. Obviously nowhere near ida but it's getting there.
>>59853705
>hashcat is what

>>59874151
proxmox is shit, it's just debian with qemu+KVM and a shitty frontend.
You can achieve the same with Gentoo and faster & smaller because of all the shit removed.

>>59857735
Thanks Mr shark

>>59866825
You serious right now?

>>59857735
thanks mr shark

Are certs like network+ and security+ worth it? Thinking of enrolling at local college, gotta get out of the neet lifestyle.

>>59876109
for entry level jobs yes

>>59875636
you have to be smoking crack you can't be this fucking stupid

>>59876218
So it'd be worth it to break into the field? Not looking for a high paying job more just looking for a way to build foundation in network security before uni.

>>59876226
>"Proxmox Virtual Environment, or Proxmox VE, is an open-source server virtualization environment. It is a Debian-based Linux distribution with a modified RHEL kernel and allows deployment and management of virtual machines and containers. Proxmox VE includes a Web console and command-line tools, and provides a REST API for third-party tools. Two types of virtualization are supported: container-based with LXC (starting from version 4.0 replacing OpenVZ used in version up to 3.4, included), and full virtualization with KVM."

aka full of shit.
You only need libvirt or just plain qemu and a ssh connection to manage VMs.

>>59873188
do i get backpay? wasn't aware i was a fed until now

>>59873728
are you a phoenix too??

>>59876298
if you're going to be at university anyways, be aware some employers look DOWN on certs. the same way they look down on listing a zillion tools on your resume

Anyone knows a way to inject custom lua scripts in a Stingray based game? It looks like settings.ini only accepts sources stored in the package.
Thanks

>>59876540
lolno

>>59857785
I have this one for Uni. Fuck it is hard as balls but you will be God-tier if you can get through it.

>>59876744
It's not that hard in my opinion. I used it as my reference book for the networking course. Maybe the teacher was just good

File: .jpg (119KB, 540x646px) Image search: [Google]

119KB, 540x646px

>>59876784
Could be how the course is structured. My prof is a ballbuster, memorize TCP packet structure is the first item on the checklist. Like when the fuck am I gonna have to parse raw hex with zero reference off the top of my head? It's a pain in the ass

>>59876870
Had to memorize stuff too unfortunately... Yeah it was a lot of stuff but the presentation and the concepts are pretty modular so there is no real underlying complexity. The architectural course was tougher for example, going from the cpu to the kernel up to the user space and fitting everything together, while memorizing microcode/assembly/c stuff from the bottom to the upper layers

>>59869761
CTF: capture the flag

Just Google CTF hacking I think there a wiki on it

>>59874301
Kali is good if your just starting out because it automates a lot of the process for hacking but to actually understand and develop what you are doing you'll have to write your own tools and exploits otherwise you'll just be a skid who can use kali

File: .jpg (14KB, 320x320px) Image search: [Google]

14KB, 320x320px

>>59876923
I'm in architecture atm too. Like I know I should know this stuff, maybe I'm just a brainlet who can't be bothered to learn anything past assembly. Prof draws out these huge-ass diagrams, meanwhile my head starts spinning with anything past 3-4 logical gates and there's this sprawling Enigma on the board. Sometimes I feel like I've faked it to get as far as I have.

Sorry for blogpost.

>>59869565
Over the wire begginer levels are ezpz
http://overthewire.org/wargames/
if you wanna learn exploitation and RE
I'd reccomend the https://ctf.lse.epita.fr/ex/

>>59877341
It's ok. It's one of those courses where you need to open up to increasing complexity and come to terms with the fact that you can't know how everything is structured internally... i.e., let go of the extremely low level approach of logical circuits and understand how things must be put together while abstracting from the implementation details. You can lose track and precision of what happens in between and you just rely on the interfaces and the protocols. It's tough to grasp some of the concepts but once you go through all computing problems will become simpler!

>>59877484
Yes it should be enough for a casual user. Of course common sense must be adequately developed. But you should be alright. Don't think you can be free of any botnet just by using noscript however.

Virus scanners are as reliable as the virus is common/widespread. They can't prevent new kinds of exploit so you need to watch out. Also some malicious behaviour is now considered semi-standard thanks to the Android normies - i.e. tracking, phishing, social hacking - so you need to be careful. Also watch out for cryptolockers - always backup your data in an external, safe drive.

Learning about computer security requires a certain standard of computing knowledge, that is, knowing how a computer works, programming, networking, and of course applied cryptography and security practices. You wouldn't really benefit from it as an average user since you should be ok with common sense, (backups, not sharing personal information online ever, or for eshopping using secure methods of online payment and/or prepaid cards). But it can become a hobby if you're interested.

>>59864790
What're you ranked? I'm just getting into Netsec stuff and this is my first CTF so I'm ranked around 230th.

>>59877642
1

File: 1464465684459.jpg (1MB, 5628x3348px) Image search: [Google]

1MB, 5628x3348px

>>59877779
Cool dude, hahahahahahahahahahaha

File: 1480680256599.gif (1MB, 720x720px) Image search: [Google]

1MB, 720x720px

I've got a question for you /netsec/. Given what wikileaks and Snowden revealed about government surveillance, how is 'cracking' or using a system to compromise another system from across the WWW and/or the internet and getting away with it still possible?

To me it seems like they have every point covered and monitored to the point that if a breach happens and it reported to a government agency to be investigated, all it would take is a search in a database to view connections made to and from every system back to an isp then getting a physical address from said isp. Where is my logic flawed in this?

>>59877906
Follow this
https://www.youtube.com/watch?v=9XaYdCdwiWU

While it's getting harder it's still very possible.
You're more likely to get caught by something you said and not something you did.

Use Tor, Use VPNs + TOR, use whatever means to have to show up as not you.

>>59877906
Mainly because defense is inherently an order of magnitude more difficult than offense. The attacker only has to win once, the defender has to win every time.

This cuts both ways. It means the NSA's spying apparatus (where they're on offense) is imposingly powerful. They have lots of ways in to a system, and lots of ways to hide once they're on it, and lots of ways to cover their tracks after the fact. But an agency investigating a breach is on defense. They have to find the needles (if any) in massive digital haystacks to trace down an attack. If they find them, following the thread back to attribute or catch the attacker has a lot of chances to just run out of road somewhere. Say that a compromise started eighteen months ago with a phishing email sent through a compromised mail server somewhere. That mail server, or its logs, may just be long gone. Maybe the place that ran it is out of business.

Even the NSA can't keep every single thing. Total internet traffic was over 70,000 petabytes per month in 2015, or so wikipedia says. Even just a record of who connected to whom when is an absolutely massive dataset. So if you're an intelligence agency, you collect as much as you can, dropping stuff that seems routine or uninteresting.

One other factor: Spam and data breach investigations aren't in the lawless realm of intelligence work. If you're gonna find someone and prosecute them you have to say what you found and how you found it in open court, and three-letter agencies don't necessarily want to reveal their capabilities, even if they're legally kosher. Not long ago the FBI dropped CP charges against a guy they found on Tor using a "network investigative technique" (that is, hacking), because the defense demanded, and a judge agreed, that to admit that evidence they'd have to disclose how they got it, to ensure that it was legally gathered and give the defense the opportunity to challenge it, which they're legally entitled to do.

File: 1480046937552-1.jpg (219KB, 1280x758px) Image search: [Google]

219KB, 1280x758px

>>59878254
>>59878379

Thanks anons.

Do you guys have any recommended reading for furthering my knowledge on this topic?

>>59878695
I'm gonna sound like a fanboy but basically read grugq's guide on opsec, stay up to date on "hacking news" basically the more you know about computers and how they work and about opsec the less likely it'll be that you do something stupid that gets you caught.

>>59871477
do you understand networking or things that relate to it.

File: whenyourinfoaintsec.png (2KB, 60x124px) Image search: [Google]

2KB, 60x124px

>>59848613
>Infosec
lol

>>59872591
i think i have some resources for you i need to look first
>>59872633
debian, gentoo, whonix, are all fine but you can achive the same result with anylinux distro. as far a tutorials go here >>>/t/713097
>>59872839
check out zenhypervisor if you want a good hypervisor
>>59872941
i like how you focus on the worst side of things
>>59873324
it is meth in pill form with no hangover so it works also stay in school and do not do drugs
>>59876298
you are going to need exeriance in the field before you can do security work or a highlevel degree out of a reprected univeristy with a connection. also most security companies will higher older sysadmins

That picture tickles my comfy receptors

>>59872839
Baremetal hypervisor.
You can use VMware EXSI/vSphere or Microsoft's Hyper-V.

There's also XEN and such but not sure on how good that one is.

Who here /studyingforCCIE/?

>>59875089
Or you're intentionally designing your website to be insecure

>>59878379
You need to counter-attack instead of only defend.

Future netsec devices on really secure government systems are going to automatically try to counter-hack and pwn whatever device you tried to connect with.

>>59879548
don't think so senpai

>>59879548
while this is cool it is not viable for an enterprise. when working you have to maintine to many other things while fixing bugs and keeping everthing up to date

File: 1491460736268.jpg (133KB, 1275x715px) Image search: [Google]

133KB, 1275x715px

>>59848613
Hypothetically, you set up a 'hotspot' in public that pretends to be free wifi of an official establishment. What can you do with that?

I assume you would force http and just try and collect as much information as possible?

>>59880057
ssl strip + collection of data
you could serve an exploit kit too and get people infected.

>>59867813
IRC wins I guess? Anyone willing to make the channel? That is if #/g/netsec doesn't exist in rizon already or whatever.

>>59857735
thanks mr shark

File: 23890489023.jpg (247KB, 1200x1200px) Image search: [Google]

247KB, 1200x1200px

>>59880095
Are there any common viruses that affect phones that could force their hotspot on and spread the virus, making a botnet?

©This idea is copyright® no steal pls™

>>59848613
>How To Become a Hacker:
You can't become a hacker. Hackers are not made, hackers are born.

>>59880172
no, but you could make it, find a sploit that works in 10% of android phones and let's you do arbitrary exec, and go from there I guess

File: 1484441616387.jpg (218KB, 1200x1200px) Image search: [Google]

218KB, 1200x1200px

>You can't become a hacker. Hackers are not made, hackers are born.

>>59880172
affect*

learn to spell, elliot

>>59879497

You think he did?

>>59881491

Just like Jews and dolphins xD

>>59848613
Bought a new processor and will be forced into Win 10, how do I go about fixing this?

File: kirino installs gentoo.jpg (206KB, 1007x1700px) Image search: [Google]

206KB, 1007x1700px

>>59882333

>>59882357
is it any good for vidya tho?

>>59857624
I hear good things about TCP/IP illustrated, maybe try that.

>>59873147
>SF-82
Wrong standard form, skid.

>>59878851
If there is no sensitive data being shared there is no point.

>>59882694
We need to speed the arrival of the day when no unencrypted data hits the wire, anon. Whether its sensitive or not is immaterial.

File: delet_this.jpg (27KB, 650x600px) Image search: [Google]

27KB, 650x600px

>>59873048

Look who thinks he can install kali and be 1337. I agree with

>>59872941

You fagets can go back to r/netsec where they unironically recommend shit tier garbage like "Felony: The JavaScript encryptions softwarez which totally is amazeballs because it's written by a 1337 23 year old h4x0rz!"

I bet you've never even compiled a linux kernel from source. You're like a little baby.

>>59882863
copiling a kernel has nothing to do with hacking

>>59858200
You don't get to make up more layers to the OSI model...

>>59848613
>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229
>mfw /g/tard faggots literally use an operating system that has kernel level remote exploits in the UDP code
Why do you dumb cunts use GANOOLinux instead of the superior OpenBSD?

>>59883187
i do in my fan fic where steve jobs, linus, terry davis, richard stallman, and kevin mitnic have an orgy

Here's a great tip for anyone to prevent yourself from being hacked or doxxed: Never reveal your power level in public.

Act like a computer illitirate person and no one will even try to haxx your ass (and on the plus side, no one will bother you with computer issues aswell)

>>59883234
basically have good opsec

>>59872878
>Winblows
kek I have a VM by the same name

Wow, im surprised a thread like this even appeared. Usually all the kids want to be muh programmer meme. Network security here, good thread.

>>59883661
they used to apper frequently about a month or two ago but towards the end people stop replying to them and stopped caring

How easy would it be to go into freelance doing pentesting?

I'm thinking of saving some money up while studying and setting up the business.

I already know the basics, I just need more practice and set up templates for documentation and contracts

>>59883999
it is like any other freelance job you need to know people or have amazing marketing

>>59882368
as long as it doesn't use denuvo you can probably run it through WINE

>>59884011
Well I have a friend who's studying business and he's onboard to help.
I guess I'll need to contact clients myself or through people I know who have businesses.

File: bcit-complete-course-books-for-cisco-networking-academy-ccna-course-200-vancouver_8309179[1].jpg (52KB, 600x450px) Image search: [Google]

52KB, 600x450px

>>59857624
Go through CCNA material including the labs and do the packet tracer exercises to complement whatever you learn from reading. If you have money, do GNS3 courses.

Pic related. Bottom to top but I'd switch around lan switching and routing. Routing is more difficult but you'll find switching much easier after running through the material. You could even do them side by side.

File: 1476027354376.jpg (35KB, 500x357px) Image search: [Google]

35KB, 500x357px

>>59872479
Generally ranges from 9-5 to ruin your life. Entry level positions are usually 24/7/365 operations working for a managed security services provider which means shift work. You're lucky if you get a different position starting out and should hold onto it.

A typical day in those positions involves a lot sifting through data and logs to determine what occurred and tl;dring it for clients, offering remediation strategies if necessary, escalating up the chain etc. You're rarely alone. It can be interesting, boring, frustrating depending on where you work.

>>59857735
thanks mr shark

>>59879548

Good way to get exploits from the government by just automating attacks and capturing the reply traffic.

>>59849265
How does one filter this to the top of the board?

>>59877906
>To me it seems like they have every point covered and monitored to the point that if a breach happens and it reported to a government agency to be investigated, all it would take is a search in a database to view connections made to and from every system back to an isp then getting a physical address from said isp. Where is my logic flawed in this?

You're assuming they have the manpower and hardware required and those men have the knowledge to perform thorough investigations on everyone connected to the internet at every moment. There is a shortage in the industry and often catching someone is not as easy as you make it sound. A malicious individual could plug in a USB at a library, run a live system, perform an attack and be gone without so much as a trace on the computer in question and be long gone by the time the authorities arrive. How would you go about keeping track of something like that? There are many variables to consider that make their jobs very difficult but not impossible if you get lazy or slip up somewhere.

Fear and misinformation or lack of understanding is the real power they have and that's why it's important to get as educated as you can about something like cyber security these days. Frighteningly enough, most people don't even realize something like isps being able to sell your private information is even happening or why that would be a serious issue besides the obvious.

>>59884799

The NSA has a multibillion node graph of every connected device in ipv4 space. They monitor the routers and plot connections, but can probably only store a few months worth of tracking, maybe a year at most. Someone with more knowledge of network connection metadata could do the calculations/estimations.

>>59884870
That's terrifying from both standpoints. My main point was regardless of these systems they have in place though, connections don't remain static and it takes time to sort through that amount of data which means time a malicious individual can use to clean up/get away/plan another attack. We're not even talking about geography yet if they're even really located where they were detected to be coming from. A smart individual or team has a lot of things going for them if they don't want to get caught and these organizations often have a lot of red tape to deal with which slows things down even more. Sometimes (and especially) the three letter organizations can get away with few shortcuts such as the agreement to share information with other five eyes countries for faster processing but I mean it's not the kind of magic bullet everyone seems to think it is.

>>59884916

If you go to a non five eyes country and route your traffic properly then I doubt you'd be picked up by their system.

>>59884968
You can only do so much. I hope you trust servers and individuals you communicate with to practice good security hygiene just as much as you do. I suppose "route traffic properly" can cover for that and any negligence through other means.

I wish /g/ was more like this. What is Cisco switch emulation like these days? Do I still need to invest in physical hardware?

>>59885032
Never a substitute for physical hardware but if you're just looking to learn/familiarize yourself GNS3 and packet tracer will work just fine.

>>59885051
Full Cisco switch emulation wasn't possible for the longest time. I'm just wondering if that's still the case.

>>59885068
IoSVL2 is almost fully functional when working with GNS3. Anything specific you're wondering about?

https://learningnetwork.cisco.com/docs/DOC-30404

>Port mirroring (SPAN) and Private Vlans are NOT currently supported

Hey I'm learning stuff and wanna do
>>59883234
but for my entire identity. Gonna buy a used lappie with cash from Craig. But I can't study elsewhere than home. What's the best way to find a srs vpn and be sure they're deleting my history?

Also, where I am, there's only Att and comcast. Are there still ISPs that are hacker/security friendly or do I basically have to move to belarus to not have all my activity linked to me? I know it's gonna be in a database somewhere, I just want it unconnectable to my identity, or at least plausible deniability.

where should I start? A+, network+ then security+ while learning a language like python?

>How To Become a Hacker: http://catb.org/~esr/faqs/hacker-howto.html

So what's the point of this link here? Nothing wrong with what's in it, but I think that it has pretty much nothing to do with computer security.

The hacker mindset described in that page is just that of an open-source programmer, which is completely fine, but not that of a computer security expert.

Also maybe add phrack under learning? I think it's a cool source to learn exploiting.

>>59886607
Being paranoid is cool and all, but I don't think you need a "srs vpn" just to learn programming/cracking, but if you really just want one consult the archives for threads because I'm fairly sure there's a thousand vpn discussion threads. I personally don't use one in a daily basis because I'm not a burger or a sandnigger.

Anybody participating in NCL? Pregame started ends on the 17th.

So far it's pretty fun.

>>59886697
Well, I'm a burger. Companies+govt experiences have convinced me that paranoid is the way to go.

>>59848613
Anyone has tips on how to escape a Lua 5.1 sandbox? I'm sure sandbox implementation is as of wiki but I don't know the environment state

-- make environment
local env = {} -- add functions you know are safe here

-- run code under environment [Lua 5.1]
local function run(untrusted_code)
if untrusted_code:byte(1) == 27 then return nil, "binary bytecode prohibited" end
local untrusted_function, message = loadstring(untrusted_code)
if not untrusted_function then return nil, message end
setfenv(untrusted_function, env)
return pcall(untrusted_function)
end

>>59886906
The strange thing is the decompiled code checks for untrusted_code:byte(1) == 0 instead of untrusted_code:byte(1) == 27 as above