/cyb/ + /sec/: Cyberpunk and Cybersecurity General:

Any consensus on custom PATH? ( >>61436602 )

>>61436934
do what you want, its your system
if you feel an additional PATH variable would be helpful, do it
i personally use ~/.opt/bin

not really a big deal anon, barely even worth mentioning desu

>>61437012
I don't think you've read the post I've linked

>>61437190
if an attacker has write permissions to your path its already too late
does that help?

>>61436514
>>>61436407
>Elite: Dangerous isn't really cyberpunk though.
I know and I agree. The point is that there is a huge market for 1980's nostalgia. moreover this group are willing to pay, a lot. The Elite: Dangerous Kickstarter campaign had the largest request ever and it was fulfilled. 1984 saw the release of both Elite and Neuromancer, while mainstream was only talking about Orwell. Then again mainstream is by definition never cutting edge.

>>61437262
No, it doesn't

If an attacker gains access to a user's dir, the amount of damage he can do is limited by that user's privileges, it's not too late (yet). Why should it be too late?

PATH/alias/user's environment issue comes up because it potentially allows the attacker to phish out user's login credentials, and in worst case scenario, gain root credentials if user is a sudoer/in a wheel group/etc.

Noobtard question:

>uncle is really smart and self taught programmer/tech guy who worked his way up to top tier managerial level at IBM
>i have no background in tech but he keeps telling me stop being a pleb and to get into a career in cyber security nao
>he tells me don't be a code monkey, security is what he'd do x1,000,000 if he could do it again
>tells me there's 2 year degree/cert programs that will get me in the door

What say you bros? Do i need to have a highly proficient background in coding to be successful in CS? The field sounds cool as hell, just kind of intimidated thinking i have to be some wünderkid genius to get a job

>>61437404
this is precisely why you add the user path after system standards, so you dont get ssh replaced with a keylogging wrapper etc
if it requires root it shouldnt be in your user specific path

if the attacker has write access to your home dir they can edit the PATH anyway so what difference does it make

>>61437433
>he tells me don't be a code monkey,
True. Much will be automated away, much of the rest will go to India. There is little future for that in the West.

>security is what he'd do x1,000,000 if he could do it again
There is a fair bit of money but the work is enormous. To remain at the leading edge you will study many hours a day plus you are looking for a 6 -7 day work week. Not everyone has the stomach for that level of dedication.

>>61437529
That's a better answer

Still, it's possible to restirc user's ability to edit his own enviroment settings, I wonder if it's worth it vs. having better audit

>>61437699
Thanks for the input. Not to say the field doesn't interest me, but the idea of extensive hours/on call/studying does not sound appealing for a long term career :/

>tfw got excited and another dead end

>>61437746
There's literally no way to get a decent career without constantly studying

File: 14896556480611.jpg (81KB, 707x1000px) Image search: [Google]

81KB, 707x1000px

>>61436875
How will Russia looks in the future, if Vladimir The Dick not kill it now?

who up for some 2a's / 3a's?

>>61437955
what's that?

Wow I just started the cybrary CompTIA + tutorials.. and oh god they are horrible to listen to.
And then I found Prof Messer and lo and behold, someone who can actually talk clear and with passion

>>61438041
Go watch the cbtnuggets courses instead.
Keith Barker is my IT waifu

>>61438357
Gonna check it out, thanks.
Anything but Cybrary, I am still mad for wasting that hour because I though it might get better..

>>61437699
If you want that kind of cash, typically you'd be working serious hours no matter where you are

If he went into Banking it'd be the same shit, just replace that study time with more time on Excel or pretending to work in return for more money

Hell, buddy of mine in real estate does 6 or 7 days a week, he makes bank but it's literally just because he works his ass off for it

>>61438399
Different guy here

Seconding the cybrary thing, saw them recommended everywhere but their videos are pretty awful for the most part, or are just someone saying "use this tool"

>>61438426
It's nice that you can watch them for free, I can respect them for that. But having to watch 45+h videos, where one guy talks in a super monotonous voice and the other mumbles and present the material in a very confusing fashion, is just a dreadful chore.

At least the Linux+ one seemed better, the guy speaks in a much nicer voice.

>>61438469
Cbtnuggets stuff is subscription but anywhere you find pirated content you will find the video files. Be aware however theres flashcards and questions built into the video those will miss, plus premade virtualized workstations for you to follow along with for some of the more hands on stuff. I think they do a free trial as well might be worth looking into.

>>61437971
>he doesnt run
:^) dont worry about it chummer

>>61438767
quit being a newfag

what's a list of things I can host on a private server in my home?

what are the security benefits of hosting things myself?

>>61440067
>what's a list of things I can host on a private server in my home?
TOR node

>what are the security benefits of hosting things myself?
Then you know where your stuff is and more what is running on it. If others have physical access to your machine it means your security is shot.

OK, so I posted the news to the old thread, rescuing it here. Reason is, I think EW is important both for /cyb/ and /sec/ and this is an example. Also I plan to hack out a small intro paste but that takes time.

Anyways:

=== /cyb/ and /sec/ News

Electronic Warfare, for home use

>DETECTING CAR KEYFOB JAMMING WITH A RASPBERRY PI AND RTL-SDR
http://www.rtl-sdr.com/detecting-car-keyfob-jamming-with-a-raspberry-pi-and-rtl-sdr/
> It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.


[Basically, do read RTL-SDR for this kinds of news. For a handful of dollars you can make a lot of EW equipment like phase coherence direction finders, passive (or bistatic) radars and a lot more]

>>61440143
>TOR node
cant wait until someone uses it for CP and the cops raid my house

>>61440204
bridge only then, let someone else handle the exit
also p sure cp is inside of the tor network, so you have little to worry about - if they can identify you they can also identify the actual host

>>61440204
I am thinking of making a discussion forum to counter an extremely biased and political correct press in my country. The idea was to make it a .onion site so I have thought about the problem you mention. It is probably the easiest way to attack a site and another good reason to host it on a hidden site.

I might add a layer by using a hidden high gain Yagi to connect to an open wireless node.

Slowing down quite a bit.

>>61437801
Maybe Russia will be a great country, or maybe not.

File: 1384074879140.jpg (30KB, 334x248px) Image search: [Google]

30KB, 334x248px

>all the GITS music on youtube is blocked now because of the shitty movie

>>61440067
>what's a list of things I can host on a private server in my home?
There's a lot of self-hosted alternatives to popular services, but they're often less feature-rich. Honestly, depends on your needs.

>what are the security benefits of hosting things myself?
Generally speaking you don't have to trust your data to some other service's employees and policies (e.g. disgrunted employee or chinese hacker leakaing your data)

This is a double-edged sword because now you're responsible for said data (security, backups, availability, etc.), so now you're safe from disgrunted employees, but you're on your own when the aforementioned chinese hackers come.

>>61440143
I wish I could run a TOR node. My friends told me my country is quite sensitive now about that kind of stuff.

>>61440204
>>61440430
>>61443235
It really depends on the legal system in your country

One of the Debian developers is on his fourth month in a bullpen over hosting a tor node, but he lives in Russia, so that's a given

>>61443597
Actually, wasn't some Russian guy arrested because he was running a NON-exit relay?

>>61443630
Pretty sure it was an exit relay. Some allaku akbar guy made some explosive posts from his IP.

IIRC it's already known that Bogatov (the guy who hosted the exit node) is not the terrorist, but he's still held as a suspect to scare people away from hosting TOR nodes in Russia.

>>61443843
>IIRC it's already known that Bogatov (the guy who hosted the exit node) is not the terrorist, but he's still held as a suspect to scare people away from hosting TOR nodes in Russia.
Yep. That's the situation that I think my country will have.

>>61443857
Yeah, Russia is complete shithole when it comes to privacy.

Never host anything in Russia or deal with anyone or anything that deals with Russian government (e.g. Telegram).

OP here, I'll be adding all resources tomorrow.
I'm going to bed early as I've been neglecting sleep and am bonafidely exhaustive.

Global autotype function for KeePassX 0.4.3 unofficial build for Mac OS X suddenly stopped working perhaps after latest update to Waterfox 54.0.1. Anyone else?

The same 0.4.3 package is no longer available on the internet for a re-install to identify whether it's a buggy KeePassX on my end.

>>61444205
KeePassX has been forked into KeePassXC, which is more actively maintained, give it a try

>>61444243
Thanks, but I'd prefer to stay on KeePassX.

>>61437746
>another dead end
The only dead end here is you mate.

Did some study last night through my textbooks, and accomplished a few "pivots" in my basic lab to get from one network to another

I have a few questions

>how are you supposed to find the address of the machines in the secondary network in the first place?
The examples had you feed routes into msf, so using a compromised machine in both networks, you bounce through that machine to the other network.

You have to feed it an explicit IP address. Where am I supposed to be getting that from in the first place?

>proxychain
Same thing again, once I had a proxy chain in place, I could knock of the other network. I'm going to redo this section, because parts of it are slightly lost on me, but once again, I needed the raw ip of the machine in the other network.

>labs in a box
Is there such a thing as a fully set up practice lab you can download? Not like a CTF exercise, but firewalls, DMZs, vlan segregation, domains and users etc all ready for you to fuck with.

My environment is a joke. Its xp 7 and Ubuntu in the same LAN as my Kali machine, with the exception of the 7 vm having dual adapters so I can push the others into their own network, and still have the 7 machine be in both.

This isn't very real world, but setting one up myself, Jesus I don't know if I have the time and skills for it. I don't want to be a sysadmin and deploy DCs, I just want to fuck with them.

>>61445934
Oh lord I ask an actual question and now the thread is dying

File: 1482558025792.webm (3MB, 1280x720px) Image search: [Google]

3MB, 1280x720px

>>61446580
bumping for you

File: 1498837184451.png (561KB, 951x682px) Image search: [Google]

561KB, 951x682px

Saw 'Women in Cyber' merchandise for the first time on LinkedIn today.

Hold me, /sec/, I'm scared of what's to come

>>61447378
something worse than heart bleed

>>61447378
It has already come, the whole IT scene has the disease already. Nothing is safe from retards.

what are the best practice hacking sites?
sites like hackthissite.org etc

File: 1479246467005.jpg (978KB, 1946x3456px) Image search: [Google]

978KB, 1946x3456px

>>61445934
Anon, could you share these textbooks? I want to learn about network security / privilege escalation, and it will be very helpful. Also, bump.

>>61448103
http://captf.com/practice-ctf/
https://www.reddit.com/r/securityCTF/comments/35rsy3/best_wargames_for_ctf_practice/
https://gist.github.com/fakhrullah/e8794f4847f3114316235ad7b0530dec
https://github.com/apsdehal/awesome-ctf

>>61448122
https://www.nostarch.com/pentesting

And

https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566

And

http://www.ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-9781587147029

Are the three books I'm working through atm

No I don't have PDFs because I like having physical books to make notes in

>>61448225
thanks, anon <3

File: 51dzuz-ZlbL._SX258_BO1,204,203,200_.jpg (33KB, 260x326px) Image search: [Google]

33KB, 260x326px

what does /g/ think of pic related?
I currently am on the fourth chapter and i think there is no way i can absorb/memorize this amount of information, almost giving up

File: hahahahahahahahahahahahahahahahahaha.gif (101KB, 351x398px) Image search: [Google]

101KB, 351x398px

>>61442912
>using youtube to listen to music

>>61448359
read through then keep it around for a reference like any other technical book

>>61448359
nigger, are you practicing and taking notes while going through the book or just reading it like its a harry potter book?

>>61448359
Then learn to study better.

>>61448359 here, thanks for the replies

>>61448387
I am reading the PDF version, i guess i will buy the physical book then
>>61448403
I am not practicing, i think i will create a lab or something
>>61448404
any tips besides taking notes and practicing?

>>61448466
>any tips besides taking notes and practicing?
That's literally how you study dude

>>61448466
>I am not practicing
i fucking knew it the second i read your first post. thats your fucking problem right there. did you think you'd just read through and then magically hack every web application?

also, don't buy the physical edition, don't waste your money until you know fucking learn HOW TO STUDY.

here, nigger

http://www.dvwa.co.uk/

also im >>61448403

protip: READING IS NOT ENOUGH repeat this 100 times before you go to sleep maybe you'll wake up a little less dumber

>>61448559
thank you anon, i promise to change my attitude

>>61448709
yeah, i hope u will. if you need help first SEARCH, if u don't find then post here and surely someone will be able to help you. good luck and have fun

>>61448261
All good. I've never seen any praise for that Georgia wiedman book anywhere, but honestly, it's given me such a great spread of knowledge; because it's made for beginners, it tells you HOW TO USE the tool, rather than other books that tell you WHAT tool to use.

>>61447964
Security always struck me as the kind of business where if you're shit then it'll show very quickly, though.

Or do these people just get by through politics?

>>61448981
Every job in the entire world is made up of retards, and a small tiny percentage of people who are capable, and an infinitely smaller number of people good at what they do.

Even roles that the outsider thinks are for "professionals" are full of dipshits.

Jobs are like school. Do the bare minimum required to keep your minder/boss away, and people live by that

>>61448122
extremely reddity image

Anyone got a good anonymous way to share files. One to many.

>>61449143
Perhaps

Maybe

It could possibly be

Because it's from reddit?

>>61448122
idfc if this image is from reddit. The image itself is pretty awesome, love the sights.

>>61448385
I guess it has something to be privacy related, but why the laugh?

>>61449976
That image is in my life goals section. The ambiance, view, setup is amazing.

>>61450299
Your life goal is to live in a highrise in a city? Get some roommates and you probably won't have to pay more than $1k/month.

>>61450373
Paying 1k a month in rent to live with other people sounds fucking outrageous to me.

I cant justify that kind of money.

It's a goal for that reason; I want it to myself, and to afford it and not be broke. Like I can afford my shit unit in the crime part of town and not think twice about the rent money, I want to make enough to be able to pay for that unit and think nothing of it

Sunspring sequel released:

https://www.youtube.com/watch?v=5qPgG98_CQ8

This one's kind of shitty though, I wish they made separate movies from each of those training sets, not just snippets.

Also, I rewatched Sunpring. I had forgotten that they interpreted it as a story about cuckolding

>>61450404
Guy living in HK here.

If you want somewhere half decent in NYC, SF, HK or London (or possibly Singapore too), you'll be paying something similar to that.

The /cyb/ meme of scuzzy, high-density living is a novelty for a while, but it wears thing once you've actually done it.

That having been said, I like HK, you just shouldn't live here unless you're making fat stacks, its not worth it if you're poor

>>61450404
I wouldn't recommend it. Going solo in a big city is like a death trap, unless you already have friends there. At least with roommates you have someone to talk to at home. Living by yourself is basically a huge suicide risk if you're of a typical mindset of many people on this board. Very easy to go from loneliness to full depressive cycle to suicidal thoughts.

>>61448359
You do this book, you don't read it. You get a copy of burp suite free edition or w/e and blow up your own VMs where you install exploited old Wordpress suites and shit as you follow along in the book.

Another good book is Tangled Web, a browser security book The Tangled Web is better for learning the underlying causes of various issues presented in Web Hacker's Handbook, and for learning how to prevent them. It has practical checklists at the end of every chapter for anyone building an application which is extremely helpful if you're making some Tor hidden site to drop your cipherpunk manifesto or w/e.

It is a lot to learn but you're not expected to memorize everything, that's why it's a book you can go back to it later for reference or take notes, and make yourself a checklist(s) like Tangled Web does.

>>61450442
Not previous anon, but living in a place without huge sky's made me to not be ambitious to love there.

I want a very small flat (I guess I would call it that in english) full of tech that I will hopefully understand at its most when I reach that point.

>>61450473
>I want a very small flat

Welcome to HK, you'll fit right in here

>>61450404
Yeah what you want to do is live with your wife or girlfriend, then split the rent across 2 paychecks.

>>61450492
I will lie if I told you I never though about Shenzen or Hong Kong, but language barrier makes me discard it fast af, beside the firewall thing (although iirc HK is out of that, righ?)

>>61450520
Shenzhen isn't great tbqh m8. It sounds all cyber, but it's just a newly-built Chinese city. If you want to live on the Mainland, go to Shanghai.

HK is outside the firewall (for the moment anyway), not too sure about SZ as it's an SEZ, but I'd imagine it's censored.

Very easy to get around though. They're clamping down on VPNs a bit, but with Tor it's a piece of piss to get around.

Mainland is also way way the fuck ahead of HK (and even the West) in some regards, e.g. cashless payments (Wechat and Alipay are everywhere, they're crazy good), bikesharing (Mobike and Ofo are everywhere), that kind of thing.

Zero language barrier in HK, I know whites who were born and raised here who barely have a word of Canto, same in Singapore. You need it on the mainland though- it's become a bit less socially acceptable for expats in Shanghai to not have any mandarin, it's kind of expected now, I presume SZ is the same. But if you're going to learn a Chinese dialect/language, Mandarin is the easiest by a mile anyway.

>>61449712
Well I sometimes use anonfile.com, seems ok

File: slavpunk.gif (431KB, 500x697px) Image search: [Google]

431KB, 500x697px

>>61437801
)))))))))))

>>61450564
Shenzen is pretty cyber, there's literal dudes on the streets hacking together stuff and dudes hawking electronics everywhere on the street. CHYNA is heavily polluted and overpriced though. You couldn't pay me to live there and eat the toxic food, breathe the unbreathable air, use the toxic toothpaste. One exception is that carless island Xiamen. It's pretty cool but again toxic food and toothpaste.

Taipei is good, breatheable air and eatable food as long as it's not imported from the mainland.

>>61450864
You've never lived there, how do you know what the streets are filled with?

>>61450442
>Guy living in HK here.
Last time I visited HK I was told there is a huge air pollution problem, coming from Shenzhen. Still true?

File: N_DS3wtCeKw.jpg (121KB, 1080x1248px) Image search: [Google]

121KB, 1080x1248px

>>61450746
Petrosyan, is that you?

>>61450864
Taipei is not china tho

Keep it up.

>>61451250
There's a bit of pollution but nothing compared to the mainland

Go to Beijing and you'll see some shit.

Taipei is very clear though, same with Singapore

>>61452043
>Go to Beijing and you'll see some shit.
yeah, I have been there. I think it is more correct to say I hardly could see a thing.

Tokyo is clean though hazy. Yokohama had a bad reputation but I think that is now a long time ago. I guess the Minamata disaster has something to do with it.

>>61445934
If you've already compromised two machines and one of them is connected to another network you can drop your tools onto that machine to further investigate and see if there are more exploitable machines within the second network. You should also be able to do this through a meterpreter console if that's how you have shell access.

>labs in a box
Check out vulnhub, it's essentially what you want, though many are CTFs.

>>61452336
>you can drop your tools onto that machine to further investigate
Shit I didnt know you could do that? Okay cool, thats certainly a good idea Ill check it out.

>vulnhub
Ah okay, I just thought EVERYTHING was CTF since I got a few easy ones from there, I didnt know they did labs.

>>61452358
Be careful about moving tools in a real situation, though for practice it's fine, netcat makes this easy. Though, that being said, I'm pretty sure you can configure nmap to route through the proxy/ssh tunnel, I can't remember exactly how to do it. If you read the man files you should be able to find out more.

>>61452429
>I'm pretty sure you can configure nmap to route through the proxy/ssh tunnel
I got it working fine by adding -Pn to stop pings, I dont know why that worked though. I need to investigate more.

>>61450473
>I want a very small flat
It sounds comfy but there's literally nothing good about having small living space

Small spaces are hard to keep organized, hard to keep clean, and well, there may be just not enough space for your needs.

It's only okay if you're going to browse 4chan on your thinkpad 24/7 without actually doing anything.

>>61452977
>It's only okay if you're going to browse 4chan on your thinkpad 24/7 without actually doing anything.
Those people take up a large amount of space as it is, so a small unit is a no go

Aight, so I downloaded a ctf, and i fucking froze up. everything id been studying and learning just evaporated from me. man i dont know if i need to study some more or what, but fuck i was flailing.

File: just.jpg (17KB, 704x396px) Image search: [Google]

17KB, 704x396px

Im hosting a steam game server on Ubuntu 16.04 LTS which i can remote SSH into, its constantly getting brute force attempts from Chinese IPs on port 22. Is there any tips for strengthening my SSH port?

>>61453691
http://www.fail2ban.org/wiki/index.php/Main_Page

>>61453691
Move it from port 22 to another port
It won't make it any safer but will reduce log noise
And install & configure fail2ban

>>61453445
oh well, googlien the solution has brought me a new tool; nikto

excellent, something else to add to my notes

>>61452977
I don't see it in the same way. I always live in small rooms (rooms, not house) and seeing I will have to keep the house clean, I prefer to have a small flat so I don't have to clean a lot.

Although I will have to pursue tje order, as you said. But I guess it will fit me better.

>>61453707
We disscussed what to do in that matters in the previous thread exactly.

>>61453691
>strengthening my SSH port?
The only way to STRENGTHEN it is to

>ONLY accept ssh keys
>change port number

fail2ban will lock them out, but they will be back. keys ensure they wont be able to bruteforce. not in your lifetime, anyway.

>>61453691
All Chinese IP numbers should be treated with suspicion. Range ban the lot and save yourself a lot of effort.

>>61454657
pfsense.org will make this easy. You'll never want a consumer router again.

>>61454975
It is based on FreeBSD
>As pfSense is based on FreeBSD, its hardware compatibility list is the same as FreeBSD's. The pfSense kernel includes all FreeBSD drivers.

>PFSENSE 2.3 (FREEBSD 10.3)


Yet FreeBSD 11.0 has been out since 2016. Why?

>>61454975
Consumer routers are the worst.

This thread has ground to a halt!

How do I make money on the internet /cyb/? Amazon's Mechanical Turk seems to be too small time.

>>61456850
Be a blackhat. ;)

egg

File: 15622232_240796239686917_3331681329729202111_n.jpg (29KB, 480x571px) Image search: [Google]

29KB, 480x571px

>wanted to host a website and email server on my own home server
>ISP blocks a bunch of incoming connections on certain ports
>have to pay $250 for a business tier internet connection to unblock said ports
>would have to host everything on a VPS
>thats not /cyb/ + /sec/ at all

>>61457305
howtho

>>61457361
Read the OP.

>>61457326
Welcome to the club, buddy.
Building layers of abstraction for security leads to a lower quaility of life.
Which is good.
That means you end up with:
>High tech, low life.
10/10

reminder that hosting anything publically visible (from a port scan, for example) from home is not conducive to privacy

>>61457683
This guys got it.

>>61457326
Well that's the price ISP wants from you to know that you're serious about it and won't fuck up.

Because if you do fuck up and Ding Dong Lee hacks into your home server and starts sending spam, ISP suffers first.

i hacked the pentagon
AMA

>>61457808
>>61457811
O ye, of little faith!
Sounds like you chaps aren't consuming enough green tea and ramen.

>>61458257
i'll stick with black tea and macaroni cheese out of a packet, thanks

>>61458375
>Not eating the Blade Runner diet.
If you insist.

>>61458398
I think it kinda sounds like Corven Dallas diet.

>>61458714
Do you mean Korben Dallas from Fifth Element?

>>61458801
Of course.

>>61453691
>different port than nobody knows
>no root login
>accept key login only
>use tor and only listen on a .onion address that you never tell anyone about

all my machines are remotely accessible at least through tor. the lag can be painful at times, but the nat punching abilities and global accessibility is really useful.

>>61458817
On that note, I think, with futurism, cyberpunk is far more likely as the next era for humanity.
Simply because, there will always be crime and corruption, driving that low life.
Whilst tech will advance.

>>61455128
>>PFSENSE 2.3 (FREEBSD 10.3)
>Yet FreeBSD 11.0 has been out since 2016. Why?

I'm not sure, Anon. It works great though.

>>61458864
I kind of think that futurism is more like we past our next age, whatever the one is.

In futurism, everything we are actual trying to accept, create or understand, is just plain common in there, so feels like the next to the next.

>>61458841
>different port
Okay
>than nobody knows
What now? You can't hide a port unless you use some convoluted port knocking.

Everyone can see the port you're running ssh on, chaning port to non-default is only meant to reduce log noise from bots that try port 22.

>use tor and only listen on a .onion address that you never tell anyone about
That also sounds needlessly complicated. Secret service addresses are not secret on their own. All HSDir nodes know your "secret" .onion addresses.

can I still be /cyb/ with a VPS?

>>61459295
What're you using it for?

who else hyped for the singularity

>>61459295
is it in anyway linked to your afk identity?

>>61459313
>>61459430
I was planning on hosting an email server, website, some files for home, a shoutcast server. I can't host the hardware at home due to ISP limitations. I can probably arrange to get the VPS paid for in cash through a pre-paid card and and make an account with a separate identity with an encrypted email address

>>61458864
Next era? Isn't /cyb/ the reality today?

>>61437737
It depends on what your users need to do. If your users actually use their own programs or need certain versions of software for bug compatibility, this might be a dick move.

You can even set your login shell to an oldschool doors BBS level of lockdown if your users don't use it for much.

>>61459573
and has been for quite some time.

File: hisoka the magician.jpg (39KB, 320x320px) Image search: [Google]

39KB, 320x320px

hisoka the magician

>>61459559
I'd only ever use one as another layer of abstraction.

>>61459559
There is a point where you are being too paranoid.

Unless you are running a murder for hire business through it or doing child porn, there is no reason why you can't have adequate security and privacy when using a VPS that you buy in your own name. You can even use ssh tunneling through one and get the benefits of a VPN.

If a state-funded actor comes after you, you are already fucked. The point of being /cyb/ is to keep it HIGH TECH LOW LIFE. You use security techniques so that the mediocre skiddie-growed-up who works for the local gang can't crack your shit.

File: mrrobot_s2_cast_rami-malek2.jpg (456KB, 2560x1440px) Image search: [Google]

456KB, 2560x1440px

>>61458170
Have you seen this man?

>>61460060
The OP.

This thread is slower than the short bus.

I am extremely new to cyberpunk and cybersecurity and am super interested in learning more, but I am so overwhelmed by the amount of information out there I don't know where to start. I will be starting a CS career in college next month but would like to be more informed for when I go in. Any good places to start?

More music then.

https://youtu.be/KuAXea3iOV4

>>61460968
the OP has a bunch of good links that i just read that beautifully explain cyberpunk, and the /g/ wiki gives you great fashion information that is not only functional but looks good

http://falcon.blu3wolf.com/Docs/Electronic-Warfare-Fundamentals.pdf

File: 27525_battle_angel_alita.jpg (468KB, 2560x1920px) Image search: [Google]

468KB, 2560x1920px

>>61460968
>Any good places to start?
Indeedily there is just one pasta for getting into /cyb/. Now, since this is a beautiful evening, the weather is nice, I just had a nice meal and some extra splendid tea, I shall give the link to you here directly:
>https://pastebin.com/PPueAapP


Also check the FAQ, in draft form: https://pastebin.com/Ziit3aa1
before it expires. Soon. As in 40 minutes. New version is coming out.

(And the links need tidying up, badly).

May I have a hand, anons? I've been trying to figure out how should I read or understand patches for *nix packages but I'm a little confused.

>>61453691
Here's a tip: Block china, all of china. Nobody from china has any reason to ssh into your box.
I did that on my server and the number of attacks went down by an order of magnitude.
In addition, set up ssh for whitelisting. Bots often try to log into system accounts, it's better to specifically whitelist the users who are allowed ssh access. And of course, root shouldn't be one of them.
Look at the AllowUsers and PermitRootLogin sshd_config directives.
And of course, make sure you use very strong passwords, or publickey auth.

Moving your ssh server to a nonstandard port can be effective at decreasing attacks, but it's no substitute for good security practices. Configure it correctly and run your sever proudly on port 22.

>>61461196
Oh, and fail2ban.
I have mine configured to give out 1-hour bans after three failed attempts. After three 1-hour bans in a day, they're banned for a week.
This has been very effective, most attackers don't come back after a 1-hour ban. In 3 years I've only had 3 IPs get the week ban.

I am nothing.

>>61461019
Nice link.

>>61461100
OP here, when will the new version be ready?
I'll need to add the link into the OP.
Along with my several thread long back-log.

>>61461101
I've been trying to figure if I would need a version of one package instead of its backport version (BPV from now on), since I've been told the BPV its a version above but it doesn't recive regular security patches.

How may I find that kind of oinformation? I 've tried the paclag'es page, de OS page, CVE and LWN.

how /cyb/ is an electrician?

>>61461764
An electrical engineer is a more /cyb/.

File: 1418096643273.png (195KB, 400x388px) Image search: [Google]

195KB, 400x388px

>>61461801

>>61461815
You're the plumber of the electrical world.
>Something wrong with the shower?
Call a plumber.
>Something wrong with the fusebox?
Call an electrician.
>Need to design industrial plumbing for industrial chemistry?
Call a chemical engineer.
>Need someone to design a new oscilloscope?
Call an electrical engineer.
>Q.E.D.

>>61461196
>but it's no substitute for good security practices
Neither is blocking China

>Configure it correctly and run your sever proudly on port 22
There's nothing to be proud of running it on port 22
You'll just get a bunch of bots clogging fail2ban and sshd logs
Which reduces the usefulness of said logs
Assuming that a targeted attack ever comes, you won't be able to tell it apart from usual bot noise

>>61461333
Most cyberpunk post ITT

>>61445934

>Is there such a thing as a fully set up practice lab you can download? Not like a CTF exercise, but firewalls, DMZs, vlan segregation, domains and users etc all ready for you to fuck with.


Setting up that sort of environment would be the first thing you need to know how to do anyways. The NSA said they hunt sysadmins, and it's for a reason. Those skills are important. Basically, once you know how to build something, it becomes much easier to knock down.

I understand the frustration, though. Only thing I can think of similar to what you want is the OSCP lab setup. Basically the course gives you access to a network that the company set up for you to attack as you work through the book. It's not cheap though, unfortunately.

https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

>>61462054

To continue on this, an idea just came to me. It might be fun to set up practice labs for non-retarded anons. I'm not sure how good of an idea this would be but yeah.

>>61461382
>OP here, when will the new version be ready?
FAQ dude here. This is slow, been on business travel, hopeful next draft this weekend.

>I'll need to add the link into the OP.
Did yo check the FTP site where I dropped a few /cyb/ zines etc?

>Along with my several thread long back-log.
I appreciate the work involved. We have a large collection of pasta, much overlap, and in need of consolidation.

>>61459216
There are over SIXTY FIVE THOUSAND tcp ports. Do you REALLY think anyone is going to knock on ALL of those ports for fun? You don't think they'd be trying 80, 22, 445, 20 maybe 25?

Sixty five thousand. Obviously you have no idea how long a portscan takes if you think they are going to try blast your non common ports out.

>>61462054
>Setting up that sort of environment would be the first thing you need to know how to do anyways. The NSA said they hunt sysadmins, and it's for a reason. Those skills are important. Basically, once you know how to build something, it becomes much easier to knock down.

This makes a lot of sense. Yeah, fuck it, I guess it's time to build a proper server and get a real infrastructure going.

Cheers for the post. It was oddly motivational hey.

>>61463318

Go torrent the pdf, it's on piratebay under "Penetration Testing with Kali Linux (2014)" or something like that.

As for the other stuff, get an ESXI host (Any old semi-recent desktop will work). You can set up your VMs on that, practice with networking (I've got 4 VMs and a PfSense box on an isolated virtual network for pen testing, but all on the same physical host, for instance.)

Plus everyone uses Vmware.

>>61463475
Yeah I'm running it all via VMware workstation, but if im gonna have domain controllers set up I'll need a fuck tonne larger ssd. Workstation doesn't seem to like accessing across disks, even though all the separate disks I have are ssds. Such a shame.

Okay, is that PDF how to set up a big bastard corporate style lab?

>>61463287
Lmao, it's literal "security through obscurity"

It's -only- 65556 ports. Assuming it takes ten fucking seconds to send a couple of packets over TOR, it takes only a week to scan your machine. In reality it's probably a day.

And no, a week isn't much. There are no groups of chain-smoking chinks, typing fast and staring at the screen whole week. One sunday the scan starts, next sunday there's a text file with a list of your open ports and running services.

Trying to "hide" services via changing ports is pointless.

>>61463475
>I've got 4 VMs and a PfSense box on an isolated virtual network for pen testing, but all on the same physical host
More on that? I don't have the cash for that many physical devices but I'm in the process of building a mediocre server out of old datacentre parts. I'm pretty sure it'll be able to run a few virtual machines fine. This would be very useful to me.

>>61464087
>Do you REALLY think anyone is going to knock on ALL of those ports for fun?
>Well if they were so dedicates that they'd spend a whole week on it then they would.
You just answered a different question than he asked.

>>61464087
believe me it takes time, if you are hit as private person people are usually doing this en mass.
Try it your self

File: 1493725797742.jpg (39KB, 627x417px) Image search: [Google]

39KB, 627x417px

>>61464133
Can you imagine that nobody has to dedicate even a second of their time to you because they might have a port scan for new hidden services automated? It's Tor, having neighbours with malicious intent and software shoud be taken for granted.

>>61464245
ORRRRRRRRRR

they will blast most common and enter someone's default ftp server, because it's easier and they have 60 million other hosts to check and a hell of a lot softer targets to enter than a locked ssh port that has keys enabled.

>>61445934
>how are you supposed to find the address of the machines in the secondary network in the first place?
1) There are tools like Maltego, but you should think the problem out(I can't cover ever corner of this due to the depth this can go to vs. every context that could be involved)..
2) Before you exploited the machine you are want to pivot/move laterally from, you likely discerned the systems accessible to you on the current subnet/network (by accessible, I mean you can ping it, Netdiscover gets an ARP response,you can at least tell a host is up via Nmap -Pn).
3) If you are using Meterpreter, you have more options to discern your new target. For example, you could ctrl +z (background) Meterpreter and use a post or auxilliary module like ARP sweeper (what responses are new?), or Metasploit's post/auxilliary module port scanner (what responses/output are new?).
4) Still with Meterpreter, you can use the sniffer or packet recorder module (or post TCPdump or dsniff modules); dump/save the output to a .cap file, then examine it in WIreshark.
Are new hosts communicating with the machine that weren't' before in your baseline scan?
5) Use common networking knowledge/tools: is the machine you accessed dual homed? What do the subnetmask/IP assigned to each NIC tell you? Is the subnet/IP assigned to the other NIC in the same class (A,B,C) as in the same network you are looking to pivot from?
6) There is querying with native CMD/terminal commands (with Meterpreter, drop into a native shell with the "shell" command): is, netstat -a showing you any connections/bindings to another IP?
7) How about scripting a ping sweep from the native terminal/CMD and comparing response IP? How about if you traceroute the compromised machine from your own native terminal?
8) How about examining the domain itself with fierce or Dnesum, (or from terminal/CMD) net view/group/local group, nslookup, dig.? Or via RPC/SMB through null sessions or user/pass with enum4linux?

File: m4ster-s1ave.aes.png (498KB, 2862x1600px) Image search: [Google]

498KB, 2862x1600px

>>61460006

>>61464854
>There is querying with native CMD/terminal commands (with Meterpreter, drop into a native shell with the "shell" command): is, netstat -a showing you any connections/bindings to another IP?
Oh my fucking how the fuck did I not think of this! Shit dude.

Thanks for the write up. I'll disassemble it and try everything you mentioned and see what I like best.

Much love

TGG

>>61464099

>More on that? I don't have the cash for that many physical devices

Basically, you install a relatively low-level operating system on the machine (ESXI). Once you do that and get it connected to the network, you can connect to it via a web interface or by the thick client application (vSphere) and use it to create a bunch of virtual machines on the same box, configure them, and so on.

It's reddit, I know, but there seem to be some good explanations about the whole virtualization concept (Which is huge, you really need to be familiar with it for IT in general) here: https://www.reddit.com/r/explainlikeimfive/comments/63r9eu/eli5_what_is_virtualization/

You can also put virtual NICs on the virtual machines, which is why the stuff in my pentesting lab can't talk to the internet despite it being on the same physical server (And physical NIC) as everything else.

Oh, and you can get ESXI for free, which is nice.

Here's what appears to be a decent beginner's tutorial on it. https://blog.monstermuffin.org/getting-started-with-vmwares-esxi/

As for the hardware, to give you an idea I had something like 4-5 virtual servers running on an old dual-core optiplex. You wouldn't want to run production stuff like that, but it works fine for lab work.

Oh shit don't die yet!

>>61445934
https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631

Came out last month. The author released periodic updates about every month while he was working on the book called "Project Avatar". Obviously the finished product is more polished. You might find it useful.

>>61466237
Oh dude

That looks fucking great

Thanks a lot for that!

>>61459891
>the mediocre skiddie-growed-up who works for the local gang
odd way of saying feds but as a libertarian I have to approve

>>61464087
>>61464245
are you saying that you actually believe people are going to be hacked from people doing full portscans on new random hidden service addresses and then bruteforcing a login? holy shit dude.I hope not

>>61465219
wrong reddit link? not a lot there plus it's eli5, it's not going to be much more than a dumbed down version of the first couple paragraphs of wikiepdia

What is the best security certification to get a professional job in cybersec?

>>61466901
Without any shadow of a doubt

Experience

It seems like you dont want a career anon. Careers take effort, thats why you're rewarded with compensation, thats why dipshit pinko hippies cant wrap their heads around why their english or soc degree or job at starbucks isnt making them millions.

>>61467084
I like this post

>>61466901
OSCP

>>61466901
a portfolio

>>61468225
How much is one of these bad boy.

Getting a bit quiet here. Thankfully BBC comes to the rescue with a story about a modern cyborg:

>Meet Rob Spence, the film-maker with the camera eye
http://www.bbc.com/news/av/technology-40598471/meet-rob-spence-the-film-maker-with-the-camera-eye
>Rob Spence is a film-maker who is blind in one eye.
>Nine years ago he replaced his eye with a tiny video camera.
>The camera is not connected to his optic nerve but sends its footage to a receiver.
>He has used his camera eye to record segments for a mini documentary about cyborgs - people who augment their bodies using technology.

>>61469464
have you tried like i dont know

something like

maybe possibly

looking at the fucking site?

youre already going to fail

if i do

nmap -sS -sV

is the version scan completing the handshake?

>>61470229
Yes, it competes the handshake

>>61469867
I've come to the conclusion that while cyberizing your body may look cool in cyberpunk, it's not very convenient.

Our phones can do everything that surgically implanted devices were ever promised to do. The added benefit is that every two years when you replace your planned obsolescence devices, you don't have to undergo surgery.

Only the disabled will ever become cyborgs, which will become obsolete when we figure out how to reliably get our own bodyparts to regenerate.

The only exception is when we figure out how to create a device that allows digital devices to interface with the brain. At which point you get a neural-digital interface and plug in a wifi dongle to it and have all the real circuitry in your phone, still not implanted in your body.

>>61470397
Bioware a best

>This page has been removed!
What happened to the irc guide?

>>61470925
I imagine no one was using t

>>61436875
Why pastebin on /cyb/ /sec/?

>>61471108
Why not pastebin on /cyb/ /sec/?

>>61470397
>The only exception is when we figure out how to create a device that allows digital devices to interface with the brain. At which point you get a neural-digital interface and plug in a wifi dongle to it and have all the real circuitry in your phone, still not implanted in your body.

This exists, but it's not like the jacking-in fantasy that you have.

>>61470397
Others can demand your telephone. They cannot demand to look into your brain.

Eudeamon outlined a future with augmented humans that was an interesting take on the problems.

>>61472300
If we ever get digital storage in our brains that can be accessed non destructively you can bet your ass it will be treated the same as all other data in the courts, i.e governments and corporations will be able to compell you to give up the contents of your brain vault.

It's no different from now and smartphones, their metadata retention, passive recording potential and perpetual proximity to our bodies make them physical extensions of our memories.

The only reason the system cannot compell you to give up the contents of your meaty brain right now is because it can't. The difference between brain chips and phones is cosmetic

I am going to do the security+ course on cybrary.it I was wondering if anyone here took it and could give me insight on if I will get good information out of this course.

>>61472658
You are better of doing this one
http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/

>>61472693
Thanks anon, I will start on it then :)

File: 3q6IkJa.jpg (340KB, 1200x850px) Image search: [Google]

340KB, 1200x850px

Anyone know some great beginner electrical engineering tutorials?

I have the Radioshack electronic leraning lab pdf, which is supposed to be really good, but some videos in addition would be nice.

>>61472617
>If we ever get digital storage in our brains that can be accessed non destructively you can bet your ass it will be treated the same as all other data in the courts, i.e governments and corporations will be able to compell you to give up the contents of your brain vault.
Probably. It might violate half the human rights conventions but courts have their ways around these things, like Anton Piller.

However so far we don't even really know how the memory works or where it is located with certainty.

File: 1492067730175.jpg (45KB, 750x481px) Image search: [Google]

45KB, 750x481px

>tfw you waste you childhood on gaming, instead of hacking and system exploration

>>61472768
>beginner
Forrest M. Mims III is popular
http://www.forrestmims.org/publications.html


Circuit Cellar is still going great guns after about 40 years
http://circuitcellar.com/

Adafruit has a lot of components and plans.

Getting a ham license involves learning a fair bit about RF electronics:
http://www.amateur-radio-wiki.net/index.php?title=How_to_learn_ham_radio%3F

>>61472920
I know that feel, but where do I get started? not even for the sake of hacking, but just to protect my stuff from viagra spambots?

>>61473432
Stop wasting time and start reading quality text. That is not just about firewall HOWTOs but a well rounded collection of literature, history, academic text books, quality news sites etc.

And once you start you must never stop. People who think their education is finished are not educated, just finished.

>>61473699
that's the big question isn't it?
to discern what is good and what is not?
Though I admit my own biggest problem is not knowing what search terms to search for in the first place.

I've found a youtube video called
The Complete Ethical Hacking Course: Beginner to Advanced!
which seems to be some kind of a start into terms that I had no idea existed, which I can now search for.

>>61473807
to be specific, with good I mean good quality, not good as in morally good.

>>61473807
You know what you can do? Check the fucking pastebin in the topic.

>>61470397
>"just use your phone" meme has transcended mp3 players
>now used against augmentation
made me think

you touch on a good point with planned obsolescence, ive being thinking a lot about that prospect along with the whole acceptance of near-zero privacy.
My phone does exactly three things. It makes calls and texts, and has a built in calendar/alarm. If thats all I could expect from augmentation I might as well kill myself.

File: 1492196332142.png (304KB, 616x450px) Image search: [Google]

304KB, 616x450px

>>61438767
>>61437971
>>61437955
explain please

how do i get this fucking shit to work
so i installed dnscrypt-proxy but it doesnt seem to do anything by itself. i chnaged my dcph address to 127.0.0.2 but then i cant connect to anything. when i put 208.67.222.222, 208.67.220.220 it seems to work but i want to encrypt my dns locally, if my understanding of how it works is correct.
what i think is happening is dnscrpyt- proxy isnt doing what it's supposed to do and it'd be nice if someone points to the general direction of where the fuck should i look at

is there anything more cyberpunk than instant noodles.

>>61475530
You mean now or from whatever movie/videogame?

>>61473823
>morally good
You might want to give the ethical angle a good long think. Governmental powers are on the increase and the action against two Silk Road replacements suggests some kind of breakthrough. And you probably do not want to be found dangling from some rope in Thailand.

I see the autistic (and I am quoting here) angle is attempted when parents want to prevent their children from being extradited to the US or locked up with no chance of seeing daylight ever again. It never works.

The issue is not really your attitude or moral compass, or even the actions you may undertake, instead it all depends on the perceived attitude. I have seen a few years ago an example where green text on black background (probably in an Xterm) was used as evidence to demonstrate the extreme evil and danger of the accused and why it was important to lock him up, roughly forever.

There is also the case where a father brought pictures to the police to prove his daughter was being exploited in pr0n. You can probably guess what happened next. Yes, he was arrested for paedophilia. Case solved, as far as the police was concerned.

People like you (and earlier also me) are brought up and educated to think that once you are technically right you are right on all respects. That is not the case in the real world.

So take care, anon.

>>61476262
>Case solved, as far as the police was concerned.
How does that even make sense, is she's still doing porn that's not solved at all.

>>61475530
Instant noodles are one of, if not, the most cyberpunk foodstuffs.

>>61447378
Just when I'm about to break into the field.
Great.

>>61448122
>reddit
>ubuntu
Those are the only things that take away the cyb feel

>>61476475
I know, I know.

This is just one example how real world works.
An issue was raised. Someone was arrested, quickly. Case closed. Statistics looking beautiful. Medals to everyone involved.

Police (and many others) are rated by KPI (Key Performance Indicators) that often lead to abuse of system (called "moral hazard"). That is what the police, the government and the public cares about. Not much else.

It is things like this that explains why much of the West is in difficulties. honesty doesn't pay. Twisting statistics gives you a bonus.

>tfw u dont have a real identity
>tfw u want to live in high rise city smog but also live in nice plot of land away from everyone
its like /k/ and comfy/g/ are fighting each other in my head
cyb makes me so depressed

>>61457683
nice

>>61461815
At least you have a higher understanding and an edge on electricity.
Study electronics and you'll golden come the new era of houses, buildings, commercial areas.

File: 1499899967142.png (14KB, 600x600px) Image search: [Google]

14KB, 600x600px

>>61461333
Nice desu ne

>>61476920
living on a farm wasn't all it made out to be, made me depressed. now I go to a uni in a big city. I'm still depressed tho but that's just the depression not where I live

Do you use social networks?

>>61477637
wouldnt be a farm
just a nice plot of land by the lake
guess mosquitoes would drive me mad but still

>>61477920
no, I'm only reading books and watching youtube tutorials

>>61436875
>unironically recommending grsec patches with absolutely no auditing whatsoever
>security
have you ever looked at that code? it's pure fucking garbage. it was relevant research 15 years ago, not anymore.

so it's true?
hackers queen is trinity?

File: FilteringPlants.jpg (81KB, 524x578px) Image search: [Google]

81KB, 524x578px

>>61476920
Get a large potted plant on your desk.

>had a pot
>ate some bell peppers
>kept the seeds
>got some soil and planted the seeds
>surprised to see something sprout
>even more astonished to see peppers in my window sill
>tfw eating own bell peppers

Feels good, anon.

>>61478682
>grow weed in your desk
wtf i just got hired

>>61478729
I thought it was a joke that there was a rule in Apple that if you brought in weed you had to share.

Then the salesman at my last job walked by my office and noticed my plants. Fingering his cigarettes he asked if those plants were smokable.

>>61478682
i just go to the gym for temporary bursts of non depression
but yeah i guess growing shit works too
maybe i'll get a cat

is the cyberpunk universe supposed to be a degenerate, gay filled commie world? dunno if it like to live there desu family.

>>61479682
likewise is it supposed to be a world where privacy truly is dead and your every action is tracked by governmentco? do not want

perhaps when this cyberpunk future comes i will be the one spreading His name through gunfire

>>61479682
>s the cyberpunk universe supposed to be a degenerate, gay filled commie world?
Degenerate to some extent, yes, like Noir, corporate rule and Victorian capitalism. Communism is not part of it.

>dunno if it like to live there desu family.
Wm Gibson said something that he wouldn't want to live there either but he'd like to see it.

>>61479756
>likewise is it supposed to be a world where privacy truly is dead and your every action is tracked by governmentco? do not want

There is even today a desire in governments to invade all privacy with impunity, for our security but of course.

Then there is subversion. Like "Hack the Spew".
https://www.wired.com/1994/10/spew/

>>61480168
>security
surely you mean safety, anon

fuck this nanny state

>>61480329
NSA deals in security, not safety.

>>61480348
all for the greater good

>>61480348
Considering his last sentence I think he means that the government is trying to "protect" us from... well... us.

>>61480373
>>61480391
Sneakers really hit the nail on the head:
>Whistler: I want peace on earth and goodwill toward men.
>Bernard Abbott: We are the United States Government! We don't do that sort of thing.

>>61480468
Surely they have our best interests in mind!

>>61480468
brb rewatching sneakers for at least the fifth time

>tfw my friends don't give a damn about security
>they use Discord exclusively
>nobody uses my secure IRC channel
>nobody sends me encrypted emails
At least they use sftp to share files.

>>61480373
'Greater good'.

Well I guess I'll keep replying to this thread like it's my personal blog because you're the only people on earth who MAY care.

Im going to hit up vulnhub and download a dozen themed boot2root CTFs from vulnhub and use this as practice to supplement my textbook learning.

Yes, themed ones. I did the Mr Robot one and it was kinda cool to have like fanfic in my exercises. See what else they got.

Im getting a little worried about my CCNA Cyber Ops study though. The offical book is 600 pages. The first chapter, goes for 100 pages.

That first chapter was where I actually did some learning. DNS records, TCP handshakes, packet header makeups.

But the subsequent 200 pages I have read, I have taken maybe three pages of notes. It's shit I already know by renewing my subscription to Common Sense 2017.

>data at rest
>break down of 2FA and 3FA
>what is (H)IDS/IPS

Look theres half a textbook to go, but I'm not sure how much more learning there is in there. I was sure the Cyber Ops cert was gonna be my ticket into an entry sec role. I know slightly more than I did before buying the book, and this makes me nervous, because I assumed it was going to get me ready.

someone recommend sad /cyb/ music

>>61481804
What exactly are you looking for? Post something similar to what you want, because that request makes zero sense

>>61461333
null yrself

>>61481914
I don't really know desu I just am sad and was really feeling the sticky info about /cyb/ I am depserate

>>61482260
Why don't you go and learn something on the internet about sec instead of being sad and listening to music from a hobby scene.

>>61476862
>>61476262
this is interesting, can you write/post more about this please

Okay so I know syntax wise on python and C, so what open source projects should i participate in that would allow me to dive into the more technical side of programming such as dealing with networking for example or any different api for this case, I want to get better also with using git (never truly used it except maybe for once) also, this might sound dumb, but can someone teach me a good fundemental on doing research? I am not much of the best researcher. Thank you in advance

>>61482959
If you don't have git under control do NOT join a project. Make your own until your know how git works, otherwise you will fuck it up for everyone

How to research:
>find topic you want to research
>enter topic words into a search engine
>click and read links
>look up words you don't understand in Wikipedia

Exactly how dense are you of this magical process eluded you?

>>61482609
depression

>>61483330
What kind of throwaway excuse is that? You obviously aren't depressed enough to not be on the internet

>>61483549
This, learning will make you feel better about yourself, >>61483330.

>>61483330
I don't know about you, but I went into a state of depression after I finished school because I wasn't learning anything new, and I felt like I was atrophying/stagnating. I think you should give what the other anon is suggesting a try. It can't hurt.

As far as music recommendations, maybe try some bleakly dark ambient like thomas koner? it's not exactly /cyb/ though. maybe some access to arasaka? monolake?
gymnopedies if you like modern "classical"

>>61481804
Mr robot soundtrack

>>61480468
Oh? So that's where "Professor Whistler" came from on Person of Interest

>>61437801
They'll make their own government internet, cut themselves off from the world, and Russians will love it because Putin in a good slave who did nothing wrong.

>>61448122
The Rubyfu book is free.

Quick question, what are the optimal languages for /cyb/?

>>61484787
English, Chinese

>>61484787
Questions like this prove the merger was a mistake.

Please help /g/
I want to learn more about /sec/, but not that kali linux / metasploit / sql injection / certifications related stuff that most books cover.

My ultimate goal is to understand in detail low level exploitation, to be able to write kernel exploits, rootkits, etc.

I already know C, some x86 asm, basic exploits like buffer/heap overflows/format strings, scripting but i lack knowledge in networking (i have read most of the Kurose book but i still have no idea about most of the network hardware like switches and protocols), linux (the low level aspects of it, like the kernel itself), and everything on how these advanced low-level attacks work.

When searching on google, the only things i find are some videos of some conferences like defcon about these subjects, slides or brief and advanced articles about it, but not real resources for learning.

Resources like the book "Hacking - The Art of Exploitation" would be great

>>61466638

I was mainly looking for something relatively simple since it sounded like you weren't familiar with virtualization at all!.

>>61472768

Honestly, just get an Arduino and start trying to do stuff with it. You'll learn both some programming and the electrical stuff.

>>61481804
>sad /cyb/ music
Opening theme of Bokurano.

>>61485292
I'm pretty sure the pastebin is full of links.

>>61482813
Well, like most of us in here I started with a technical degree, had a lot of short term contracts, gaining experience - technical experience. And some cultural experience but little org. experience.

Then I lost my job in what can only be described as an act of corporate suicide where customers were leaving in disgust, developers lost their jobs and the responsible got promotions. It is no exaggeration to say I was confused.

So while I was looking for the next job I started reading up on organisational theory, a totally alien topic to me. And the insanity was made clear, though not quite made sense.

I think more people here would gain a lot from understanding how the world of Dilbert really works and some of my notes were summarized by Foxypastey in this pasta
https://pastebin.com/PPueAapP
>How society works
>- Cargo Cult Science by Feynman
>- introductory organizational theory (both will tell you how messed up society and human really is)

>>61483743
Are you really sure that moody music is the right thing for a depression?

While "Happy Days are Here Again!" isn't the right approach either I would instead suggest some demanding reading. How about reading the Sprawl trilogy, the Bridge trilogy and then last but not least Yokohama Kaidashi Kikou? Especially the last one might suit you - melancholic but in a good way.

>>61484271
And quite a few of the Sneakers characters were based on real life people. The whole movie is full of in-jokes.

>>61485292
https://www.reddit.com/r/netsec/comments/6nv00i/pay_what_you_want_cybersecurity_ebooks_4_to_14/


>Practical Malware Analysis - Probably the best single book on malware analysis outside of dedicated reverse engineering manuals. This one will take you about as far as any book reasonably can; beyond that you'll need to practice and read walkthroughs from e.g. The Project Zero team and HackerOne Internet Bug Bounty reports.

>Gray Hat Python - In which you are taught to write debuggers, a skill which is a rite of passage for reverse engineering and much of blackbox security analysis.

Whose learning in here? What are y'all studying? Or are you all just here for the aesthetic?

>>61487854
exploit development

>>61487854
Studying sec+ right now as well as refreshing myself with C via cs50 videos... Might start working on an open source project as well, but idk what I would like to start working on.

File: 51aEa9yJUcL.jpg (32KB, 404x500px) Image search: [Google]

32KB, 404x500px

What's Schenier's best Crypto book?

Applied Cryptography or Cryptography Engineering?

>>61481804
>Sad /cyb/mu/

Anything *wave would fit, imo. The difference will be between if you want happy that makes you nostalgic tunes, or just plain sad that reminds you what it used to be.

What's the safest messenger app?

>>61488478
>What's the safest messenger app?
Desktop: I would prefer qTox
Mobile: I am not aware of any "secure" messaging on mobile devices.

>>61488579
Cheers

Watched the new Ghost in the Shell. Boring as fuck.

File: IMG_0489.jpg (36KB, 460x305px) Image search: [Google]

36KB, 460x305px

>>61488579
For mobile, Conversations.im(android) or ChatSecure(iOS) use OTR/OMEMO encryption. If you use them with a self hosted xmpp server, they're pretty secure.

>>61488791
>>61488640
>>61488579
>>61488478
>>61488089
>>61488064
>>61488053
>>61487941
>>61487854
The old thread is dead, long live the thread: >>61488992

>>61485742
Awesome. Thank you!

>>61483549
nice meme, totally fixed all my problems