/cyb/ /sec/ general: cyberpunk and cybersecurity

I've an lfi on a Java servlet app (tomcat). Found access log. Attempted to inject an out.print by appending the line after filename (s.jsp<%25 ... %25>but it shows as plaintext, doesn't get interpreted. Any ideas?

>>60538374
https://pastebin.com/raw/0AjC2mcD

* your new browser is firefox.
be sure to go into options, then security, and uncheck block malicious content.

why?

>>60538986
>why?
It seems the objective of the guide is to have a browser free from 'automatic connections' to the other parties trusted or otherwise. See:
https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work

cringe thread

>>60539726
it didn't have to be this way, but OP decided he had no choice but to combine two separate subjects into a cluster of ew.

How can I overpass ISP lookup on my data sending? Buying a VPN service? Or what?

>>60540007
HTTPS everywhere is free, and hides the traffic, but your ISP will still see the domains you request

A VPN like PrivateInternetAccess is relatively cheap and hides all of that.

>>60540080
Lately firefox has a default option to check for HTTPS sites. How would this app make a difference?

>>60539747
>OP
it's been a thing for a few weeks now

>>60538886

lfi doesn't give arbitrary code execution unless you can upload a file somewhere then include it with the requested page.

>>60538374
Remember >>60488308

>>60540142
Would it be any better if we split /cyb/ and /sec/?

>>60539747
Sure it is the same OP? One used a trip code.

>>60540839
i'm not against the merger

===Cyberpunk News

http://www.eetimes.com/document.asp?doc_id=1331769&
> Counterfeit components are just about everywhere these days. Some are obvious if you give them a close inspection, but others are nearly impossible to identify. It's going to get worse as hackers add rogue code into programmable parts such as FPGAs.

File: the-codes.jpg (517KB, 1021x768px) Image search: [Google]

517KB, 1021x768px

tfw ill never have a cyber-waifu like klossy to protect me from ebil russiab habbers

why eben lieb?

File: 1493784500674.jpg (332KB, 1008x716px) Image search: [Google]

332KB, 1008x716px

just got my crypto class grade. not too bad, considering i bombed the first midterm but rallied enough to get it done.
not posting it since eve might intercept

>>60541182
>not posting it since eve might intercept
This brings up a fun story: http://downlode.org/Etext/alicebob.html
>Often the interference is so bad that Alice and Bob can hardly hear each other. On top of that Alice and Bob have very powerful enemies. One of their enemies is the Tax Authority. Another is the Secret Police. This is a pity, since their favorite topics of discussion are tax frauds and overthrowing the government.

>>60541182
What do you study?

>>60541313
That was an interesting read.

>>60540935
>===Cyberpunk News
Microsoft presents novel designs for virtual and augmented reality near-eye displays based on phase-only holographic projection https://youtu.be/lN4tFV16mU8

>>60540935
>===Cyberpunk News
http://www.bbc.com/future/story/20170522-how-automation-will-affect-you-the-experts-view
How automation will affect employment and especially the middle class.

>>60538374
whose the girl though?

Emergency bump from 10!

>>60545031
Alisa Shevchenko , a Russian hacker.

File: 1489789009083.jpg (132KB, 632x480px) Image search: [Google]

132KB, 632x480px

key the metal idol is cyb

>>60540080
Yea, except
1) using a VPN for all traffic most likely puts you on a watchlist
2) it's the VPN provider instead of the ISP who sees all your traffic
3) the VPN provider can be made to hand over all your traffic history just as your ISP would.

>>60540142
Doesn't change the fact that it's bullshit. No serious security-related discussion will take place in a thread shared with (or dominated by) a bunch of "hurr muh cyb" roleplayers/posers.

>>60548478
Then use proxy chain and browser fingerprint randomizer over it.

What are the best cybersecurity sites/blogs for checking daily? Don't want management shit and shilling for products, just interesting analysis of tech, protocols, vulns, tools etc. Also a decent clean layout is a bonus.

>>60547374
You mean cracker?!

>>60547374
""""""""hacker"""""""""
You're nobody until you're being chased by the feds

>>60549778
U.S. gubmint placed sanctions against her, so ....

File: alisa-shevchenko3.png (247KB, 398x600px) Image search: [Google]

247KB, 398x600px

How can ameriwomen "coders" compete against her?

>>60542339
it's a cs elective class, i'm not the best at the maths but i tried at the end and it paid off. will stick with it, since i like that career path as opposed to some webdev trash everyone wants to do for some reason with their degree.
but the class was just an intro 2bqh

>>60548987
>Also a decent clean layout is a bonus.
shouldn't matter. gotta do the rss feeds for that shit.

>>60550049
I'll place my sanction on her if you know what I mean.
(I want to fuck her)

>>60548987
OP has a good list in the cybersecurity resources paste.

>>60551079
I'd have full sexual intercourse with her, if you know what I mean.

Anyone have a recommendation for Kali linux training?

Installed debian as my first linux distro. How do I learn linux? I feel like my grandma when I try to show her how to use windows. I don't even really get how to install stuff using Synaptic. Managed to use apt-get install to install wireless drivers but other than pasting a command from google I'm not sure how I edited sourcelist.

>>60552066
takes time, even some years in it i'm still learning things. just keep at it, and try to use it as your main OS. and don't wipe when it fucks, try to fix it yourself. web searching is your friend

>>60540959
> klossy
> securing any network
> coding anything else than a fucking tetris
You can do better, cyber poser cuck

>>60552066
Your new best friend is 'man [command]'

how do i find 0day

>>60552066
Download the free ebook The Linux Command Line from No Starch Press. Good way to get started with a terminal, figure out what the commands are actually doing

>>60552066
linux from scratch my friend

>>60552066
>>60552254
I forgot, there's a really good set of videos on Youtube for beginners: https://www.youtube.com/playlist?list=PLtK75qxsQaMLZSo7KL-PmiRarU7hrpnwK

This guy has good videos in general on his channel. Don't worry about the fact that he's using Ubuntu.

>>60552320
That's honestly terrible advice for somebody who says they feel like their grandma while using Linux. LFS is going to intimidate the living hell out of them and probably scare them away. LFS is great for learning about Linux, but you should really have the basics down before you start fucking around with it (unless you REALLY enjoy never understanding what the fuck you're supposed to be doing.)

>>60540007
Easiest way is to go to https://www.opennic.org/ and point your router's DNS at the nearest servers to you.

It's not encrypted or anything, but at least you're not sending DNS requests directly to your ISP's servers.

For better security you'd want DNSSec or DNSCrypt plus VPN, but fuck if I know how to get that running.

>>60552456
>For better security you'd want DNSSec or DNSCrypt plus VPN

Problem with this is that obfuscating your traffic is going to draw attention, just as walking around a city center with a mask on would draw attention of cops or other security personnel.

>>60552339
>>60552254
>>60552309
Cheers guys, will have a look at all this.

>>60552301
>tfw everyone here is a skid who doesn't find 0day

>>60552301
Fuzzing.

>>60538374
Is it safe to turn off automatic time zone syncing on my smartphone with my OTP credentials on it? On the chance the skew becomes too great, will it be fine if I manually sync?

How do people get viruses? Do they just download files they're not supposed to? Open email attachments that contain shit?

I mean, besides getting into your network or getting physical access to your computer, how would someone even go about infecting through a browser, especially a sandboxed one like Chrome?

I have no idea what I'm talking about desu, just wondering.

File: me.png (193KB, 1366x768px) Image search: [Google]

193KB, 1366x768px

>>60552123
wew not the same guy, but I'm also using debian as my first distro and jesus fuck just getting it installed on my laptop was fucking hard.
First I installed it with no wifi and that fucked me up because I needed it for a full install, and all I got was a terminal.
Had to start from scratch and somehow the partition got fucked and couldn't boot into windows anymore. So I had to use my googl-fu and get that shit fixed by myself.
Then I finally understood that I needed to install some nonfree iwlwifi shit and load it during the install.
Now I finally have it and am using it right now.

By the way, how do I make it look better? I'm using xfce as the DE. I want to get rid of the dock at the bottom.

>>60552561
I'm of the opinion that "this guy uses perfectly legal and common methods to encrypt his traffic" is preferable to "here's a list of every weird porn site, imageboard, and torrent tracker Anon's ever used, plus an archive of every post he ever made". Even if the second option is also totally legal and indistinguishable from the average user, all it takes is motivation to use that data to destroy you. I'm sure we've all posted some things "anonymously" that would incite a Twitter lynch mob and bar one from public-facing positions in the tech industry.

>>60554198
Don't use xfce unless your hardware actually requires it. Yeah it's lightweight, but there is a lack of easy-to-use/configure packages for it. It's OK to use Gnome or another more noob-friendly DE.

>>60555134
>>60554198
xfce's fine, there's all sorts of DE-requirement-light applications that don't require all of gnome or kde to do just fine.

>>60553833
>viruses
First off, the press in their supreme ignorance conflates worms, trojans and virus and malware all into the one single word virus. Thus in the real world the way it happens depends on the actual type of problem.

Last time I experienced this was when consultants plugged their festering lap tops into our air gapped network.

A more recent problem is when archives have been manipulated so downloaded binaries or source comes with a backdoor through which malware flows in.

>>60550774

they aren't russian government hackers who will sell you out to putin?

>>60552301

intelligent fuzzing or source code path analysis with constraints

>>60540886
>i'm not against the merger
This is weird. The merger was based on the idea that there were common interests and thus a better chance that these threads would survive for more than one day.

Seems to be though that /cyb/ has more interest in /sec/ than /sec/ has interest in /cyb/. Perhaps time for a straw poll?

>>60558673
>strawpoll
>not a botnet

How do I get rid of botnet "features" from Ubuntu?

>>60558867
>Ubuntu
That is your problem. Use a less cucked distro like Debian.

>>60554198
I had similar problems. Didn't have a big memory stick so had to install the one without a DE (unknowningly) until I reinstalled it with ethernet. Had problems with GRUB/ windows bootloader and last on UEFI you have to turn secure boot on to set the file as trusted before turning secure boot off again because it's unsigned.

>>60558867
Lens, you mean? I thought these had all been removed.

If not, use a firewall on a separate machine and block all suspect addresses. There are gigantic hosts files you can use.

>>60558692
http://www.strawpoll.me/ OK?

>>60560289
Botnet, not okay.

>>60560289
There's is no need for a strawpoll, the merge with /cyb/ was mostly out of convenience even though not asked at all. /sec/ simply doesn't have enough people to sustain a general, and /cyb/ is the most suitable general to be merged with because the rest are mostly pa/g/eets or /v/ermin, at least your culture sorta resembles ours.

Would changing my legal name before I move to my new apartment help me escape from the botnet? Also, ow do y'all at /cyb/ handle using non-legal aliases?

>>60551478
YouTube. Google. Please just apply a single ounce of effort once in your miserable life.

>>60552066
Do the "bandit" wargames from "overthewire"

It's how I learnt Linux. Gets you used to basic shit, like rooting through directories, copying, moving, chmod, ssh, keys.

Wargames need to be in the OP, and overthewire is the site everyone even remotely interested in learning about Linux and security needs to look at.

>>60553449
What kind of question are you actually asking here?

Safe in what way? Are you worried your phone will blow up because you changed some setting? What do you think is going to happen you need to be "safe" from..?

>>60560502
Wargames were in the OP until fucking retarded OP decided to remove the /sec/ pastebin and put some bullshit pastebin he pulled out of his faggot ass and refuses to change it.

>>60557683
>air gapped network
I'm going to ask you to have a little think about what you just said.

>>60560438
No it would not. Why would you think performing an act that requires you to provide information to the public, MORE THAN IF YOUD JUST KEPT YOUR NAME, would free you from people knowing you exist? Do you think, ever?

Do you think really, it would be good OPSEC to tell the government that you want to be officially referred to by one of your aliases from now on? What do you think you'll achieve by doing that?

>>60560559
Fucks sake. I'll spend some time on Rebeccablack then and find the old sec pasta.

>>60548478
>>60552561
>>60555072
Continuing with this, does there exist a way to be anonymous and secure, while also keeping under the radar?

>>60560627
I've pasted it in every thread since, https://pastebin.com/UY7RxEqp. It's in #/g/sec's topic.

>>60560438
As >>60560610 said LEGALLY changing your name is a terribad idea, you're just giving the government information to track you.

What you would have to do is use a fake name, get a fake ID, driver's license, etc. and do everything under your new fake name. You'd run into problems with that too though.

File: AIMSICD.jpg (154KB, 1056x499px) Image search: [Google]

154KB, 1056x499px

Was browsing F-Droid and saw this app, AIMSICD. Does anybody have any info on it? Is it any good?

>>60560331
>Botnet
Are there any poll services that are not botnets out there?

>>60560583
Done.

Basically we had an internal network (think: lab with server and client) very much NOT to be anywhere near the Internet or any public network.

Are you familiar with red/black rules?

>>60538886

Quick question: if you include a log file and can force a log entry to be code can you inject that way?

>>60561447
Of course not, they're literally information gathering websites. That information gets sold to bigger brokers and ends up with google and facebook's data in god knows what corporate databases.

Does anyone here by any chance know a good place to source malware samples? I love fucking around with them, but I have no idea where to get them from.

>>60561472
>lab with server and client
This does not sound airgapped at all.

>>60561643
https://zeltser.com/malware-sample-sources/

The first result after punching "malware samples" into google

Seriously what the fuck is up with this thread? How are you people this fucking useless?

>>60561796
Did you read the question?

He didn't ask for just any place, he asked for a GOOD place.

File: wtfisthishit.jpg (54KB, 530x477px) Image search: [Google]

54KB, 530x477px

pretty much a cybersec newb taking steps to improve.

I have my ISP completely locking my router, I can't even change wifi password, add mac filtering, let alone change DNS. I have to call them to do anything, open a port and shit. Also had to call them to activate the router.

I feel opressed like shit, and the contract (which had no mention of this whatsoever) says I gotta stay with these fuckers for at least 2 years or I have to pay like 150$ fee.

How does this work? Do they have a backdoor in my router, and they can possibly intercept any traffic going on my network, redirect DNS to w/e they want to, despite what DNS I set locally and more I suppose?

What can I do until the 2 year period expires, besides buying a logless vpn to have more privacy?

Fuck me sideways

>>60561796
I was more looking for recommendations from people with experience than whatever google gives me as the first result.

>>60562006
Will they not allow you to replace the router?

>>60560559
> /sec/
Learning: https://pastebin.com/VNTsyNKp
CTF/Wargames: https://pastebin.com/u2QTfmZn
News: https://pastebin.com/tDn5qzZE
Other useful stuff: https://pastebin.com/u21XrVaz
Essentials Pastebin: https://pastebin.com/UY7RxEqp

>>60562162
Yeah it's the same pastebin but split. If you go to the account of the pastebin it's all the same, I split it because they felt the links from /cyb/ outweighted those from /sec/.

>>60562006
That's what ISPs do nowadays to have an almost complete overview of and control over the customer's own LAN. Your local network is basically a private subnet admnistered by them (you can set up the endpoints as you wish, but they can monitor all the traffic on the LAN (assuming it's just one L2 network with no other switches/access points than those integrated into the router) and have control over all the firewall/NAT/gateway/access point/etc. settings.

What you should do is to look up information on that particular device model they gave you and figure out if it can be switched to bridged mode, essentially stopping being a router and making it a pure residential gateway. If so, ask them to switch it to bridged mode and buy a router of your own which is then going to have a public IP on its internet-facing interface and which is going to be under your control (and which will prevent them from directly seeing hosts and traffic on your LAN.

>>60562275
Thanks for the detailed response, anon.

> ask them to switch it to bridged mode
Thought about something like that, or even asking if I could switch router, but the paranoid me also thought it could trigger them into looking in my traffic, or they could simply tell me to fuck off, like they did when I first called to setup the router, when I asked "Why the fuck should I tell you my wifi password if I wanna change it?" and they told me "It's a proprietary router, it's just like this".

Now, I basically don't care if they know what porn sites I visit and I torrent for just anime, ebooks, and such, but I feel like it's a severe violation of my rights, I pay them the connection from my router to the internet, not to put them inside my LAN, ffs.

One more thing, as far as torrenting goes, can they see specifically what I download or just that I'm torrenting? Any way to hide it beside going VPN? Could using a VPN trigger them into telling me "hey fucker, we don't allow VPN traffic, turn it off or we throttle you" or something.

Best VPNs? I don't plan to be doing anything illegal but I'd like a VPN that doesn't log and is secure. Is cryptostorm good?

>>60562006
>Do they have a backdoor in my router,
Yes

>and they can possibly intercept any traffic going on my network,
Yes

>redirect DNS to w/e they want to, despite what DNS I set locally and more I suppose?
Yes, unless VPN.

To de-oppress, get a firewall inside your home net and make it block attacks from the outside. Moonwall, Smoothwall etc will be yours and while they control the router they do not control your firewall. And get your firewall to control your VPN.

This should be in a pasta.

>>60560422
I agree with this

>>60560502
>Do the "bandit" wargames from "overthewire"
anything like this aimed at absolute noobs?

>>60562967
That one is literally aimed for absolute noobs, just read the documentation you lazy fuck.

File: 1327615336217.jpg (483KB, 882x1280px) Image search: [Google]

483KB, 882x1280px

>>60560559
>Wargames were in the OP until fucking retarded OP decided to remove the /sec/ pastebin and put some bullshit pastebin he pulled out of his faggot ass and refuses to change it.
OP here. Fucking relax. I started a new one because the old one was missing for like two weeks, the pastes were disorganized and out of date, and the security guide was still coming "soon." I'm not going to apologize for taking the initiative to clean it up, write the guide, and make a backup website. I've asked for feedback and criticism several times so I don't understand the attitude. CTF/wargames have been added to the resources paste and cyberpunked.org website as requested. If you have anything else to add, please let me know.

>>60562440
You could also just buy a router of your own regardless, and connect that to their router (bumping the TTL value of all outgoing packets if necessary, if they take issue with you using another router). The only node they'll see directly will be the WAN-facing interface of your router, the rest of your network will be behind another NAT provided by your router, which will also work as a switch and a wireless access point, all controllable just by yourself. Only problem is that you'll still need to work with them if you need ports forwarded, unless you simply get them to put your router's WAN interface into the DMZ of their router (which will basically forward all ports to it, effectively removing the firewall on their router).

>>60563112
The anger comes from me saying in every thread and you or anyone not changing it.

>>60562162
What's actually worth my time from the essentials pastebin. Tried cybrary, absolute donkey shit that was.

>>60560918
I've been recommended this several times

>>60562452
Settled on NordVPN if anyone cares. It's a bit slower than the others but seems to tick all the boxes for a bit of privacy. I can now shitpost on flag boards as different countries now.

>>60563055
I meant besides that one

>>60563432
I also use NordVPN
Agree with the comments, but I don't think it's noticeably slower than PIA

>>60563778
DESU not looked at all servers yet. Was just trying to find an Aussie server not blocked to shitpost on /int/

>>60557773
>muh "Russian collusion is real!!" even though there's no evidence much less evidence of intent

>>60563874
I normally (including right now) run my traffic through Iceland, because of their privacy laws

>>60562006
buy a new router.
do whatever the fuck you like with it
install openWRT on it
throw up a pfSense box

you don't have to get cucked by your ISP. I assume it doesn't say you HAVE to use their router does it?

>>60552774
I have no interest in finding 0days
My interest is in predominantly social engineering and physical security, but I do like pen testing as well.

>>60560737
cloned cable modem. much harder to do these days thou.

>How to Remove Your YouTube Viewing and Search History: https://www.eff.org/deeplinks/2012/02/how-remove-your-youtube-viewing-and-search-history-googles-new-privacy-policy

>How to Remove Your Google Search History: https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect

Anybody have something like this?

>>60558867
get debian if you're a beginner

>>60564048
faggot

>>60563329
yeah you gotta start with the basics if you don't know shit.
Get your a+ for shits and giggles

File: gbz.jpg (130KB, 625x352px) Image search: [Google]

130KB, 625x352px

Redpill me on cybersecurity as a career.

How lucrative is it? /sec/ is interesting as a subject, but is the actual work interesting?

Who are the best companies to work for in the field?

>>60563996
I sure as fuck don't wanna get cucked by them.

I didn't ask if I could use my router, cause they could look into me torrenting and shit if I raise questions about my privacy and stuff, IDK I'm fucking paranoid.

They could tell me they don't give out the router config and they're not willing to switch to bridged, what do I do then?

>>60565688
why the fuck is that faggoty?
is Deviant Ollam a fag?
that's exactly what his job is

>>60566929
It is very fulfilling. And extremely boring most of the time. Alot of reports. ALOT OF WRITING. And be prepared to talk alot. The companies that you will be working with will need to understand that your there to help, nit just fuck up everything they've been spending money on for the last 10 years. There is alot more to it than " bro I hacked your network. I totally pwn your company bro, you should fix it.". Also, there is no " idk how I got it." or "idk what happened". Also. Lots of responsibility. If you fuck up, you cost them lots and lots of money

>>60567365
red teaming is even worse, because it involves you getting arrested a few times a year

>>60563329
Wtf is wrong with Cybrary.it?

File: untitled-.png (44KB, 612x307px) Image search: [Google]

44KB, 612x307px

>>60567171
I already said it here: >>60563228. Just get a router of your own which you have complete control over and connect its WAN port to one of their router's LAN ports. Don't connect anything else to their router, connect wired shit to your router's LAN ports and configure the wireless access point for you to use on your router as well. Set the WAN interface of your router to DHCP mode so that their router gives it an IP address, configure your own LAN with a different private IP range so there's no overlap between their DHCP and yours. If you can't connect to the internet from your hosts, try bumping the TTL value by one on your router (their router might be detecting another NAT that way which they may find undesirable if they're stupid cucks). Configure firewall on your router's WAN interface to filter everything, if you need a port open, you would need to talk to them about it (best thing would be for them to configure a DMZ so that their firewall is effectively off and everything is forwarded to your router, where you deal with on your own forwarding ports to LAN-side machines as necessary). You'd also want them to turn off the wireless access point on their router as you are going to use the one on your own router and not theirs. If you do all this the their router, even if not in straight bridge mode, will be just another hop, only doing NAT of its own, but all your stuff will be on your own LAN that is under your full control and not directly visible to them.

>>60567454
Yeah. I've gone on a couple red team runs, we never went on-site without the contract holder though so, it was never a big deal getting caught. The only thing I worry about is a over zealous employee, or security guard getting aggressive while I'm walking out with gear or documents. That's alot scarier to me.

>>60567365
>And be prepared to talk alot.
Doesn't sound like it's something for a sperg/autist type of person.

>>60567454
>arrested
why

>>60548478
1) Everyone's on a watchlist, anon. The reality is that this simultaneously avoids you being placed on some watchlists while getting you placed on others.

The watchlists you're removed from are the ones that, were you on there, would have a greater chance of adversely impacting you.

2) The VPN provider and their upstream ISPs.

3) Not exactly. If they aren't proactively logging, the police would need a warrant to force the provider to do targeted monitoring of individual nodes. Still better than going naked and having your main ISP record and sell your Internet history.

>>60567819
because you have to break into company property with permission and loads of cops don't believe you when you show them the document that gives you permission to do it.

you have to wait until the next morning when one of the senior staff from the company you've been breaking into can come and authenticate you

>>60567889
I knew what red teaming was but I never thought about police not believing you. Interesting.

How many times has it happened to you?

>>60567914
in the 5 years i've been red teaming, I've been arrested i think 21 times. i've done about 180 jobs and no lasting police record. never been charged officially although one cuck told me that it didn't metter that i had permission, i broke the law anyway. got out in the end with no charge anyway

>>60568004
how big of a city do you live in? I've never heard of cyber security companies where I live.

>>60568030
Greater Seattle Area.
There's a lot of work here with Boeing.
They take shit REALLY seriously there

>>60568090
>really seriously there
I can imagine. Are they not the biggest defense contractor in the states? Along with Stratfor.

I wonder if Canada has any cyber security opportunities.

>>60561871
>>60562102
It's malware. Its going to be dangerous no matter where it comes from. What were you even expecting?

>>60568110
which coast? (if either)
Yeah, I have been arrested more times on boeing contracts than everyone else put together

>>60568152
Alberta. I'm sure there's military opportunities for such a profession but that's not where I'd like to end up.

>>60567365
Interesting, cheers for the info

What's the pay like?

Anything you'd recommend focusing on for recruiting?

>>60568171
If reverse engineering is anything like cyber security, I'd expect him to be making well over $100k/yr, likely closer to $150k/yr.

>>60567171
>I didn't ask if I could use my router, cause they could look into me torrenting and shit if I raise questions about my privacy and stuff, IDK I'm fucking paranoid

Now you're being stupid. The ISP doesn't own the material you are pirating. They only send notices on to you when MPAA etc send the notices to the ISP saying someone on your service is pirating.

A basic modem router is about 30$ anyway, just buy one and try it instead of sitting here giving us bullshit about "what if"

>>60568164
I don't know about jobs but, if you can, get to CanSecWest. It's awesome. I always put in the effort to drive up.

>>60568171
OSCP without a doubt. Do that shit. Only meme tier companies will take you seriously without an OSCP.

as far as pay, you are looking at $80k out of the door, up to ~$130k after 3-4 years depending on where you are. Get to a big city. your skills will be worth more there. NYC pen testers are worth something like 180% average US salary according to glassdoor

>>60568212
this.

>>60568171
Pays good m8. On the west coast, metropolitan area. 110k a year. Full benefits. Have to travel alot but overall it's really nice. And really, the beat part about the day to day, is how often things change, and your direction changes with it. Plus getting paid to basically do research and write reports, without being tied to a university is great.

>>60568296
plus the cons.
I get paid for like 50 - 60 days a year to go on a trip to meet my friends, play games and learn interesting new shit from brilliant guys

also get super drunk
all on the company tab

>>60568319
Are you gonna be at black hat/dc25?

File: vqGeMsr.gif (2MB, 350x255px) Image search: [Google]

2MB, 350x255px

>>60568215
I'll be in HK soon (studied in China for a while, always wanted to head back), so I'll be looking for stuff in HK and Singapore. Might head to the US after a few years if the pay is that good.

I'll look into OSCP, thanks man. Definitely don't have $800 to spend on it atm, might say I'm studying for it and try and get a company to pay for it, if that's a thing in cybersec.

>>60568296
>>60568319
Sounds like a sweet deal

What are the shitty parts of the job?

>>60568446
Idk. I actually feel really lucky.

>>60568481
How did you get into it?

>>60565714
What if I do know the basics. Currently doing a bachelor in Networking but want to specialize into netsec or forensics

>>60568481
Customers that decide they don't want your advice, then pay for an audit in an attempt to get that report with no high severity issues, just to once again be surprised when the "fixes" dint work, then retroactively call those portions of infrastructure out of scope.

>>60568521
Pretty traditional. Cs undergrad. Interested in various aspects of breaking stuff, starting digging and never stopped.

>>60568585
So your company accepted you because of the degree or did you have certification and experience too?

>>60560544
If the skew exceeds the alotted interval, every code I enter will be invalid right? Will the skew get "fixed" if I manually resync or should I treat it like an expiry on my authenticator?

>>60568189
Reverse engineering is used a lot in patent conflicts like the mobile wars. Cost is high. You need really skilled people to do the work both software, firmware and FPGA-designs.

BTW the Wikipedia article on the mobile phone wars is distilled and highly refined g-a-r-b-a-g-e.

>>60568446
>I'll be looking for stuff in HK and Singapore
Always keep in mind under what government you work as they tend to take an interest in people with attractive skill sets in this area. And some governments can be, well, persuasive in recruiting people for their own needs.

>>60568430
DC, not black hat.
I want to be, but contracts come first.

at least I get the fun one.
I'm going to try and get to the shoot this year

>>60569060
Have a look at black hat asia.
Not too versed in asian security, mostly America and Europe personally

>>60568602
I had some experience, no certs (my boss later told me it wouldn't have mattered), but mostly because of my desire to learn and willingness to spend my time researching outside of work. Also, I may or may not have called everyday for a significant amount of time.

>>60568543
There are a lot of certs out there that offer knowledge when you study for them.

>>60567889
that sounds cool actually

>>60568543
Reverse and Crack some old software. Seriously. The rush is real. And it has the potential to teach you alot. Unless you just skid through it.

>>60569249
I am by no means a reverse engineer but, I think this is like a lot of people in security, I really enjoy dipping into everything even if I know I won't make a career out of it.

I get a rush out of popping a lock on an office door at 3 in the morning, but I got the same rush the first time I ever successfully found the encryption loop in the assembly of one of those shitty ransomwares.

>>60569249
https://securedorg.github.io/RE101/

Malware Unicorn's course is a really good way to learn the basics of reverse engineering.

Also, if you are into it, she's really interesting to follow on twitter too

>>60568446
>I'll be in HK soon (studied in China for a while, always wanted to head back)
No Boeing work for you

>>60569415
Lel, why?

Not a chink, just hanging out there for a while to earn some cash

>>60569415
nah, he'll get the jobs trying to steal Boeing's R&D that I help defend.

Fucking try me, mate. I'm the edgiest hacker in Seattle. I'm even edgier that Zero Cool

>>60568934
Code for what? What are you even asking?

>>60569484
In TOTP, if the device his token generator is running on is not connected to an ntp server and the time wanders too far, will the token generation be fucked and can he fix it

>>60569443
There is a list of countries that travel in the past to exclude you from high level clearances. Boeing, usually subcontracted to Fujitsu, do a lot of work that requires above top secret clearances. The fact you've been to china excludes you automatically from ever holding one that high.

File: me_tbh.png (279KB, 566x352px) Image search: [Google]

279KB, 566x352px

>>60569457
I fuk u up bitch

>>60569553
Jokes on them, I'm not even a US citizen ;^)

>>60569553
Getting that clearance is one of the most terrifying processes you will ever have to go through.

all of the guys on here who discuss burning all of their devices if the feds ever raid them need to sit a security interview.

>>60569535
Clock syncing is too easily exploitable so no authentication token company should be using them. It's a moot point, because any RSA tokens or something of that nature won't be using a synced client clock. They'll run the time from their own clock, not yours.

>>60569588
Lul.

>>60569596
I had issues getting mine because I have negative views on women and brown people. Apparently those things are problems. Swiping right on my security officer on tinder probably didn't help either.

>>60569609
Google Authenticator uses TOTP.
I'm not well versed in this, would you mind explaining how Google Authenticator/TOTP is flawed, because I use that for most of my 2 factor

>>60569642
yeah, I had some issues given my views on grey hat hacking

>>60569553
I suppose I have never known a Chinaman who worked in that kind of stuff. Makes sense. I wonder if it came before or after most Asians going into financial sectors.

>>60569596
I still want to know how I failed a "pre-screening". I'm guessing citizenship in another country or at least another flagged country is a NO. It's weird just because I do have family who made it. Unless they really know significantly more about me then I can ever hope to imagine. Those relatives don't seem to want to do much with me anyway anymore, but I'm probably thinking too hard on that.

>>60569747
I think it's a whitelist of countries rather than a blacklist.

I'm natively British and got in with no problems but one of my coworkers is Swiss and had way more trouble than I did

>>60569747
Just being present in China, Russia, most of the Middle East (kinda obvious there) disqualifies you. Attending with a clearance then strips you. You may or may not then be charged.

>>60569867
I've only ever been to 4 non-EU countries, USA (where I now live), Switzerland, Iceland and Canada

I have a question about the cybersecurity pastebin
why does it say i should UNcheck "block malicious content" in firefox ?

>>60570224
Ctrl-f this thread

>>60569348
>wymyn teaches reverse engineering

>>60570689
She's not that much of a cunt for a woman, and as long the material is good.

>>60570736
It's weird how much people seem to dislike women. I work with tons of women, are married to a woman, am by no means a beta, and I have literally never met a woman as bad as you guys describe.

Inb4
>cuck
Naw son. Stop that projection business.

>>60570689
lena151's reversing tutorials

>>60570808
Most women have really shit sense of humor, feminism is cancer and it is encouraged just about too much, SJWs, and all that crap. The fact that I'm still at uni probably affects my views towards them because most I get to talk with on my degree are just hopeless atention whores that seek beta orbiters to help them pass every subject, and that triggers me. All that said but I still have some female friends, because notice the "most".

>>60570808
Frankly it's not so much women who are directly involved but random shit-major students and white knight faggots who ARE beta cucks.

Then of course the opposite, cucks who hate themselves and take it out on others.

File: tbh.gif (212KB, 921x155px) Image search: [Google]

212KB, 921x155px

>>60570808

>>60538374
whats some /cyb/ shit to watch for a /sec/ person

>>60573364

Movies:
Johnny Mnemonic
The Matrix
The Machine
Chappie
Office Space
Pirates of Silicon Valley
Her
Virtuosity
Lawnmover Man
The Terminator
Blade Runner

Documentaries:
Revolution OS
TBP AFK
Citizenfour
Terms and Conditions May Apply
All Watched Over by Machines of Loving Grace
We Steal Secrets: The Story of WikiLeaks
Get Lamp
BBS. The Documentary
From Bedrooms to Billions
The Internet's Own Boy. The Story of Aaron Swartz
Revolution OS
Hackers. Wizards of the Electronic Age
The Net - The Unabomber, LSD and the Internet
RiP: A Remix Manifesto
The Cyberpunk Educator https://archive.org/details/cyberpunkeducator

>>60573907
How did you come up with half that fucking list

>>60574310
Free time

File: Eric_S_Raymond_portrait.jpg (277KB, 491x736px) Image search: [Google]

277KB, 491x736px

Why do we let ESR write shit about Cyberpunk in the jargon file again?

>>60574369
>Free time
Where do I this?

>>60574405
>Where do I this
By English first

>>60573907
Have you got a sec list, rather than this cyberpunk list?

>>60551286
What did he mean by this?

Penetration testing my own shit isn't illegal right? New to it so just making sure.

>>60576703
Not unless you report yourself to the police

>>60576732
Good enough for me I guess.

>>60569348
>>60569249
Thank you both. That resource looks great. I'll have a go at it.

>>60553833
Malicious JavaScript, for the most part.

>>60569127
>Have a look at black hat asia.
A part of the world with death penalty and an unpredictable legal system.

Not smart.

>>60569553
>There is a list of countries that travel in the past to exclude you from high level clearances. Boeing, usually subcontracted to Fujitsu, do a lot of work that requires above top secret clearances. The fact you've been to china excludes you automatically from ever holding one that high.
>above top secret clearances

You see a problem here, anon?

>>60569642
>Swiping right on my security officer on tinder probably didn't help either.
L-e-g-e-n-d-a-r-y