/cyb/ + /sec/: Cyberpunk and Cybersecurity General: Cowboy Bebop

>>61561206
Don't you trust your government, anon?

File: assange-head-beard_3425420b[1].jpg (47KB, 620x387px) Image search: [Google]

47KB, 620x387px

What's his name again?

Reminder: FAQ V5 rc2
https://pastebin.com/8JQKVaxR
Comments are welcome.

>>61561245
I don't. But I love how >>61560766 (Cross-thread) did express it.

File: 1500339052532.png (716KB, 572x576px) Image search: [Google]

716KB, 572x576px

nth for pls buffer my overflow, anons.

first for lets have an actually good thread this time

>>61561275
>https://pastebin.com/8JQKVaxR
Looking good, anon.

>>61561255
assange head beard

File: 1500350860464.jpg (861KB, 2500x1723px) Image search: [Google]

861KB, 2500x1723px

>>61561308
>implying past threads have not been amazing
I'm learning so much shit my dude

>>61561255
rararasnowden

>>61561284
Is this a reference to:
>>>61408289
>>>61408407
>>>61408419
>>>61408498
>>>61409044
>>>61409234
>>>61409458
Anon?

>>61561433
Not him, but of course.

>>61561433
hot
and yes

>>61561453
That thread got seamy fast!

Opsec protip to obfuscate your ID while sharing your rice:

clear && USER=foo HOSTNAME=bar screenfetch -s

>>61561713
>not using printf "\033c"

Slowing down a bit already.

>the preteens and basement dwellers that inhabit #/g/sec take themselves very srs without ever really actually discussing cybersecurity
really makes you think

>>61563272
>Then you read back over threads that haven't just been made and notice that there is a lot of cybersecurity discourse throughout.
>Then, depressed by the fact you're a contrarian piece of shit, you do us all a favour and slit your wrists.

>>61563425
there is more sec talk here than on g/sec

>>61563272
>>61563667
I have a feel that you're from #/g/punk and just trying to stir up shit.

>ever really actually discussing cybersecurity
Maybe because the channel is fucking dead and almost no one discusses anything. We do mostly discuss security, but you wouldn't be able to tell because it certainly looks like you joined the channel 5 days ago.

Are you guys cyberpunks?
Post your selfies and I'll be a cyberpunk if I like them.

>>61563806
what the fuck is up with you and the g/punk boogeyman
autist

>>61563849
Because it is what it looks like you fucking mongoloid.

File: 1487775138279.jpg (14KB, 400x225px) Image search: [Google]

14KB, 400x225px

>>61563831

File: IMG_20170629_161355.jpg (2MB, 3120x4160px) Image search: [Google]

2MB, 3120x4160px

>>61563831

>>61563860
>stating the obvious must mean I'm some faggot autist trying to stir shit up because XDD

why would I waste my time doing such shit

>>61563901
You get people on the internet doing pointless shit all the time.

File: 2da.jpg (28KB, 600x503px) Image search: [Google]

28KB, 600x503px

>>61563831
>me irl

File: 1500978544642.jpg (123KB, 380x508px) Image search: [Google]

123KB, 380x508px

>>61563831
me in the middle

>>61563979
Fake and gay.

>>61561152
What do you guys think of openbsd? I've been running it for a couple of weeks now and it's a nice system, but it's definitely a third class citizen when it comes to software.

>>61561152

Just started using Iridium, KeePass, SearX, and I guess some type of new DNS service is next.

>>61564039
I heard it runs really well with thinkpads since most of its devs do their work for/from thinkpads?

DNSCrypt + OpenNIC
or
Unbound + NSD + DNSSEC

DNSCrypt authenticates DNS queries to OpenNIC non-logged name servers, DNSSEC authenticates DNS queries to root name servers, Unbound is the caching DNS resolver for which to use the NSD authoritative name server.

What strategy is the best?

>>61564060
What would you say about my question?

>>61564060
dnscrypt-proxy with the iceland server (ns0.dnscrypt.is) works great.

>>61564069
I'm running it on a pentium 4 that I got from a family member. I had to buy an AMD card from ebay for $12 since it came with an nvidea card.

What is THE most secure OS and Browser? I've got an unused laptop and want to do tests

>>61564039
I don't trust it.

>>61564254
what makes you say that?

>>61564105

Do you have ipv6 working?

>>61561255
Bundlefumble Crumblesmumble

I'm so tired of Windows. I want to use Linux, but I'm terrified of my wonderful Schiit Magni 2/Modi 2 Uber stack not being supported properly.. I.. just want to listen to great sounding music.

I am nothing.

File: sg-1000-exploded.png (170KB, 555x555px) Image search: [Google]

170KB, 555x555px

pf sense micro ARM based firewall. Worth it?

https://www.netgate.com/products/sg-1000.html

This seems pretty damn /sec/ to me

>>61564592
That case is killer bruss I want it

>>61564467
I don't use ipv6, sorry. But dnscrypt has the file containing resolvers and whether or not they support it.

>>61561308
>threads filled with friendly anons
>great information
>cool ad comfy pics
best general on 4chan my dude

>>61564524
Virtualbox

>>61564629
No even close that.

>>61564592
That's cute. If you don't care about size or power you can surely get a lot more performance for cheaper with an old desktop or laptop though.

>>61564629
Yes it is.

>>61564670
>you can surely get a lot more performance for cheaper with an old desktop or laptop

https://www.youtube.com/watch?v=5q_dWCzKhKk

>>61564649
...use Windows on Linux, to listen to muh music? You are a NIGGER. You need to be gassed, you worthless drain on society! Report to the Ministry of Public Health for extermination.

File: 1450041963740.gif (971KB, 500x500px) Image search: [Google]

971KB, 500x500px

>>61564745

>>61564745
Ouch, I cut myself on all that edge

File: 1477078838524.jpg (24KB, 256x256px) Image search: [Google]

24KB, 256x256px

hi i am new and reading the pastbins :3c

>>61564592
That's all kinds of /sec/sy.
tbbh I wonder how hard it would be to get the PRUs on a BeagleBone Black to do MII/RMII.

>>61565029
Hello

>>61564524
I'd give it a shot anyway, throw a pass-through on virtualbox or hyper-v to see if you can get it working.

SBAF and Head-fi (for all the shilling they do) have some help there if you're willing to look around. Otherwise, /fglt/ is that way.

>>61563272
>#/g/sec
you mean Didac's personal lifestyle blog?

So what have learned from Vault 7 and other leaks when it comes the /sec/?

-There was the NSA hacking tool that got spread and caused Wannacry and Petya.
-Intel ME problem, which can't be trusted.
-Systemd and the way it's build; hard to make a quick fix when a vunerability on it occurs.

Also I would like to point out that 4chan is a terrible place to have any of this kind of discussion when it comes to /opsec/ stuff. Correct me if I'm wrong, but it's 4chan under cloudflare wings? Chink moot (or Hiroyaki) certainly is not trush worthy.

>>61565029
Welcome, anon!

File: hax.jpg (4KB, 151x90px) Image search: [Google]

4KB, 151x90px

Got my first subdomain takeover today lads

Feels bretty great

www.scuttled.net

>>61565503
Do you feel l33t?

>>61565029
Welcome, anon.
Ignore the shitposters.

>>61565503
howd ya do it

>>61565872
Interesting link.
What's the quality of discourse?

>>61565503
>ants.jpg

>>61565872
what happens here?
I usually feel weird when I enter an irc room for the first time.

>>61561317
Thanks, anon.

I am planning to add more on games and music next. Later on I hope to add more on tech and electronic warfare.

Half the work is editing the old text which is surprisingly time consuming. The old text was, well, quite old indeed.

>>61564592
Would it be worth with other ARM boards? Just read overall but I guess we will be able to put it in whatever ARM right? There's a huge power or profit limit?

>>61561152
Anyone got suggestions for highly directional antennas.

>>61567707
If you can find another board with dual 100mbit nics for under 150$ fill your boots dude

>>61567858
the site is dogshit but the product is awesome. youtube the TurboTenna
http://danets.com/turbotenna/UsbYagi.php

File: 1468225653582.png (325KB, 382x417px) Image search: [Google]

325KB, 382x417px

is there a way to post on 4chan whilst using a VPN? like, using a proxy afterwards or some shit

>>sqt

>>61565035
>/sec/sy
I like that

>>61567942
Certain VPN's have their entire IP ranges banned usually with a blanket message like "banned for posting CP". Who knows if they actually did or didn't. The trouble is i'm pretty sure 4chan blocks out most of the popular free http proxies it's existed for over a decade i'm sure it has a substantial blacklist supplemented by third party lists.

Best bet is to just keep trying proxies till you find one that works. Those dudes who post on /pol/ and pretend to be from north korea or Japan must be doing something right.

>>61564592
>security
>pfsense
choose one

>>61568094
Explain to me what's wrong with pfsense?
Genuinely curious as I don't know much about firewalls

>>61567386
>Half the work is editing the old text which is surprisingly time consuming. The old text was, well, quite old indeed.
This is exactly the issue I'm having with the OP pasta.
On top of that, keeping up with the information generated from these threads and adding to the OP.
This is why I haven't been as active in thread as I used to be.

File: 1501020693033.jpg (98KB, 720x540px) Image search: [Google]

98KB, 720x540px

what do you guys think about this?
fits the /cyb/ aesthetic

not mine by the way

>>61568183
https://github.com/yottu/yottu
forgot link

>>61568142
started writing it out, this news.ycombinator.com comment sums it up well.
> Last time I checked, pfSense was good at firewalling but bad at everything else security-wise.
> - Web panel allows root code execution on the device (every XSS is full RCE!)
> - Everything runs as root
> - No ASLR or other hardening flags because FreeBSD
> - Lots of XSS and CSRF opportunities (probably got better with the new UI)
> - Did not replace SSL certificate after Heartbleed (on packages.pfsense.org!)
> - No package signing, either (not sure if this is still true with pkgng)
> - Did not even have SSL on packages.pfsense.org until one or two years ago
they just don't take security seriously. Purely as a firewall, I guess it's not awful and does its job. But freebsd sucks at shaping, especially anything prior to 11 (which pfsense doesn't use yet).

Setting up dhcpd is not that hard, really, I promise.
Just use fedora or centos (for selinux support) and nftables. Better all around experience, better performance, better security, really not as hard as you might think it is.

>>61568212
(cont)
if you don't want do that, the next best is honestly to buy a ubiquiti edgerouter.

>>61567994
I post with proxies every day. There are new ones every time I try to look.
The "working" file I save them to is over 100 lines long.
I automated everything, though. It would be a pain to check all of them manually.

>>61568212
>>61568244
Thanks anon. Honestly the cool looking case kind of suckered me in and I didn't research what I was about to buy

I'll do some googling

>>61568183
>>61568198
Looks intredasting.
How secure is it though?

>>61568212
Im currently running pfsense as my router on a fanless chinkshit i5 computer,

So something like linux + nftables would better?
Why fedora or centos tho? Are they that much better when thinking about security?

>>61567874
I already have an Odroid XU4 which has Gigabit non-shared, so I was thinking on another one.

>>61568212
This seems like something I should add to the OP.

>>61568475
I dont think it's OP-worthy, really

>>61568388
>Why fedora or centos tho? Are they that much better when thinking about security?
selinux support on anything rhel is good. Targeted policy is on by default and exists for any of these popular daemons.
upstream selinux policy is much less maintained, and that's what you find on debian/gentoo.

File: 1495816006897.jpg (8KB, 233x216px) Image search: [Google]

8KB, 233x216px

>>61561152
7/27/17 is the Grand Get anons

CyberPunk related

>>61568431
>>61567874
>Gigabit non-shared
I meant the ethernet bus and the usb bus are separated. FFS

>>61568212
Wow this sounds awful. I thought FreeBSD had a reputation of being secure, or does this solely apply for pfSense?

>>61561255
Benedict Cummerbund

>>61567588

>>61568370
no idea you'd have to look at the code or ask him

>>61568212
freebsd 11 bretty gud
gave some hardening option upon install

>>61565253
>4chan is a terrible place to have any of this kind of discussion when it comes to /opsec/ stuff
Well, it is best to assume most places are intercepted. For general principles this place should be fine.

im a programmer, and i want into systems security

where do i start

File: 1493159744837.jpg (179KB, 1600x656px) Image search: [Google]

179KB, 1600x656px

>>61564101
i use dnscrypt + dnssec integrated in my advanced tomato firmware on netgear something router. works great. they have a drop down list of available connections from different servers from various organizations. this is optimal until i get a protonvpn subscription

>>61568212
is opensense optimal?

also i'm looking to get lowest possible (i know there isn't noticeable difference) response time benchmarkings. (yeah yeah i know my ISP is responsible for this, i only want to optimize my side for fun) i see that high frequency trading nic's bypass the kernel for optimal latency. the consumer grade "killer" type nic's do this for the windows network stack (i can appreciate this for my windowsbox) but i'm wondering what would be optimal for my router build? any input appreciated chummers

>>61570189
>where do i start
Start by eating all the pasta in the OP posting.

Yes, that is quite a bit but no, there is no quick fix. /sec/ requires a near-monastic lifestyle with hours of studies and hours of work, close to 24/7.

>>61570440
This isn't true

>>61570189
By systems security, do you mean like securing client side systems? Or do you mean just computer security in general?

>>61561713
or you could use neofetch and a big long sed

thought this was pretty cyberpunk

https://www.youtube.com/watch?v=fTTno8D-b2E

>>61568198
>python

>>61568475
I second this, OP please add it to the pasta.

>>61572434
this one also about a street mesh net

https://www.youtube.com/watch?v=FFPjJM6yYS8

>>61568756
...what? This has TWO GB NICS. Not a single Ethernet and USB like you're describing

>>61568183
>>61568198
Python is broken, couldn't make it work. Is not the first attempt though https://github.com/qqueue/ANSICHAN

Good luck, would be nice to browse 4chan on the terminal.

How do I make the first steps to protecting myself on all fronts?

>>61573506
Get rid of all computers and smartphones in your life

But if you have no life to begin with read the pasta in op

>>61573506
unplug internet

File: ted.jpg (45KB, 356x500px) Image search: [Google]

45KB, 356x500px

>>61573756
>Get rid of all computers and smartphones in your life
Instruction not clear, became Ted Kaczynski.

>>61573506
unplug yourself

File: plugged-in posters.png (381KB, 1305x903px) Image search: [Google]

381KB, 1305x903px

>>61573880
But from the matrix :^)

>>61573506
The answer to that question is: it depends. You need to ask yourself, who are realistically the most likely threats I need to defend against? When you know the answer to that, then you can start to better define the capabilities of that threat and act accordingly. This practice is called threat modelling and it allows you to have a better idea of what you need to do to be effectively secure.

E.g. I am worried about script kiddies and unsophisticated targeted attacks, so I will put up defenses x, y and z to defend against their common techniques/technologies.

>>61573901
Best answer itt

>>61561255
Geralt of Rivia, the White Wolf

>>61565253
4chan like many other chans is completely public content-wise so cloudflare or nukedmoot is irrelevant here. its still good for discussion

>>61573901
>You need to ask yourself, who are realistically the most likely threats I need to defend against?
https://pastebin.com/JXyM4fTe
>The Network of Global Corporate Control: http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0025995

File: image.png (70KB, 1502x806px) Image search: [Google]

70KB, 1502x806px

trying to get into reversing but I'm currently stuck.
How do you calculate the target address of an instruction from bytecode?

pic related; it's what I'm talking about.
I know 8D is the OPcode (x86) of lea. But no matter how I try to interpret the rest, I don't get the address of FILE.
And since we're at it, how do I effect how many bytes get read? It's not just the null-byte...

>>61574137
Would it be possible for you to set a breakpoint at that area of the code in a debugger and inspect the registers for the actual address?

>>61574137
Or maybe try checking the Strings window in IDA for that unicode string and see if that's the correct address. From the looks of it, File is pointing to the unicode constant char "wordpad.exe" and so that address should be the one you want. Take this with a grain of salt, I am just starting out in reversing too.

>>61574202
haven't been able to get debugging to work so far, it just gives me page faults right after starting. I don't know if bochs is fine tho'
If I get it to work, I'll report back
>>61574373
the strings window gives me nothing.
Yep, FILE seems to be the label assigned to that address.
The thing is - I have no idea how the bytecode marked in green translates to that address.

If you want to have a look at it for yourself - it's the file C:\Windows\write.exe

It's a really small binary and the ShellExecuteW is all it does. I figured it'd be a good target to fiddle with.
The thing I had in mind was to pass a longer path to the ShellExecuteW - shorter executables or programs with the same length of file names are easy to patch in

>>61574137
it's using rip relative addressing. 1000120c+ffffffffffffff74 = 100001180

>>61574806
ah, figures. I did the endian-ness wrong.
Thanks, anon :)

>>61568690
>selinux support on anything rhel is good
no. they water down selinux tons. they're commitment to selinux is a joke. better than distros without it though

>>61574975
>they're
well fuck that invalidated my entire argument now i should probably just delete my 4chan account

>>61568887
>I thought FreeBSD had a reputation of being secure, or does this solely apply for pfSense?
The bulk of these issues are exclusively pfsense issues, the folks working on freebsd really do know what they're doing.
That being said, freebsd is a relatively small project compared to linux, and they don't consider security to be paramount like eg: openbsd folks do. They have some rough work for kernel hardening, but afaik it's not on by default. They just don't have the resources to dedicate to proper hardening.
With that being said, I consider an up-to-date freebsd box as a very secure firewall, by any meaningful metric. Personally I'd opt for linux though for reasons described above: a MAC system that actually has maintained policy, a modicum of kernel hardening that's on-by-default, very good routing and filtering performance, great shaping, linux is king when it comes to SOHO roll-your-own systems, and for anything larger you should just shell out the money for proper gear.

>>61570239
>is opensense optimal?
I have no idea. I've heard of it but never looked past their homepage.

>>61575049
dude

>>61561152
Cyberpunk has nothing to do with cybersecurity.

>>61574975
> they water down selinux tons.
what is that supposed to mean? Are you saying this because they ship a targeted policy and not a strict policy? Or are you suggesting that their policy is poorly written and not comprehensive?

>>61575488
original thought

>>61575488
What's your blog address? I want to subscribe to your RSS for more of your hot takes.

put this in the pasta if it's not there already
https://thatoneprivacysite.net/simple-vpn-comparison-chart/

>>61561255
rape-kun

File: Dismount.gif (3MB, 256x274px) Image search: [Google]

3MB, 256x274px

>>61575488
And you "forgot" to read the pasta. Isn't it embarrassing to make such a mistake?

>>61576518
Yes op pls put this in, good resource

File: 1483571082259.jpg (49KB, 360x360px) Image search: [Google]

49KB, 360x360px

Hello, Vladimir Putin here. I have hacked this thread, it now belong to Mother Russia. Glory to the motherland!

Sorry if this is a silly question chaps;

What is the point of doing all of this? If your ISP already knows all of your email addresses, phone numbers, even the hardware you're using (Device ID's, MAC's etc) then surely there isn't much you can do to keep your privacy when your ISP has detailed logs of everything?

And using fake names etc, surely they know who it is because they can see the device that was used to create that fake email address is the same device that was used to access your work email address (for example)

Excuse my ignorance guys, I probably have a severe lack of understanding

Thoughts on bitsquare??

>>61578934
this has been asked and answered at least 5 times (that i can remember), please refer to past threads

in case you dont wanna, the tl;dr is:
the point is to protect your future data, yes, indeed there is nothing you can do about what your ISP (or government) already has, but you can make it very hard for them to get more data on you. this is, of course, overly simplified, if you wanna a more complete answer search for in in the archives. cheers

>>61572960
Anon, did you read it right?

>>61578934
>>61579260
I think some kind of long paragraph should put into OP to avoid this kind of questions.

Anyway you only asked about ISP, you maybe want to discourage whoever on the net that try to know you because X.

>>61579150
BUMP

>>61561255
The Shitposter Muck-Raker

>>61579919
>>61581482
We seem to be slowing down again.

File: SHIT.jpg (19KB, 490x145px) Image search: [Google]

19KB, 490x145px

>>61582258
yep

>>61561284
You overflow a buffer, you don't buffer an overflow. Fucking newfags.

>>61582258
>>61581482
>>61579919
>>61582295
Just let your stupid dead thread die in peace instead of necro-bumping it.

>>61582398
bump

>>61582398
>necro-bumping

File: avatar.jpg (6KB, 216x220px) Image search: [Google]

6KB, 216x220px

Microsoft announced a bug bounty program today for Windows 10 including: mitigation bypass, Microsoft Hyper-V, Windows Defender Application Guard and Edge browser.

Any other researchers aiming to get in on this?
>https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/

>>61578750
I'm ok with this.

>>61582258
It happens every day midnight - 0500 CET. Perhaps most of the contributors here are European.

>>61582398
Bump.

=== /sec/ News
>Facebook calls for a more people-centric security industry
http://www.bbc.com/news/technology-40671089
>Facebook calls for a more people-centric security industry
Well, social engineering has existed for decades, not sure how successful Facebook will be.

>The problem would only worsen if the industry did not become more diverse and exhibit more empathy, he said.
Is Facebook known for its empathy??

>>61585375
Algorithms aren't advancing far enough so they need to hire more mods and shills.

>>61585385
Trouble is, whatever algorithm is running on that wetware is not fully debugged either.

So tomorrow is a public holiday in my town, and with it being Friday tomorrow, that means a long weekend.

What are youse studying? I'll be spending the next three days going further into my CCNA, and I'm going to start writing a book on how to win CTFs and boot2roots.

Am I any good at them? Fuck no, but the research and practicing will make me good.

>>61585918
Extended public holidays are also used in extended malware launches since this means support staff will be unavailable and for this extended period.

File: 1461354789671.jpg (847KB, 1176x1000px) Image search: [Google]

847KB, 1176x1000px

>>61585918
my weekend is finally here! I'm a noobie so i was thinking of getting started on wargames. I'm actually too dumb to do mission 0 so I'm gonna read wiki shit tomorrow and clean my room.

>>61586469
>I'm actually too dumb to do mission 0
Is mission 0 a series or what are you referencing?

>>61561152
Why are you all constantly sperging out about internet privacy? I for one do not care about internet privacy because I have nothing to hide.

Maybe you nerds should think about how suspicious you seem to the rest of us.

>>61586506
i said in the post what im talking about. i thought i was fairly coherent.

>>61586522
Not in the slightest. What exactly are you on about?

>>61586573
first i give an opening line, then context, then explanation.

Like I spelled out what I was talking about. It is in the post. Don't be dumb man.

>>61586585
>mission 0
If you're gonna be unhelpful then stay dumb nigger, like it's any loss on my part

>>61586594
is someone who has context reading? am I being too mean? this dumbfuck doesn't know how to google and I don't know how to feel.

>>61586674
Because the only things that come up on mission 0 are related to metal gear. But you spend your time playing games and "cleaning your room" because it's apparent you live with your parents like a pathetic fuck.

>>61561152
>tfw running a phishing susceptibility campaign and your test users are only "passing" because the JavaScript that tracks them doesn't work in IE9

>>61586697
man i'm really not that smart. im kinda drunk, kinda stoned. but you are using half of the given material, and trying to write the essay with it.

>>61582327
If someone is overflowing you can buffer it. That's super gay tho

>>61586759
actually I guess if I say, Bandit 0 it makes more sense.

>>61586885
you...you actually have not opened the level have you? because it tells you how to beat it IN THE DESCRIPTION

File: 1477120295431.jpg (21KB, 389x411px) Image search: [Google]

21KB, 389x411px

>>61587121
Will you stop fucking up the thread?

Let's try to bring this thread back on track with
=== /sec/ News:
>Shoddy data-stripping exposes firms to hack attacks
http://www.bbc.com/news/technology-40671088

>Large firms are vulnerable to targeted hack attacks because they do little to strip data from files on their websites, suggests research.
>The data gets added as employees create documents, images and other files as they maintain and update websites.
>The research found user names, employee IDs, software versions and unique IDs for internal computers in the files.

Not mentioned there but remaining data was the smoking gun in the Vioxx scandal and others too.

BBC seems to have an eye for /sec/:
>This week BBC News is taking a close look at all aspects of cyber-security. The coverage is timed to coincide with the two biggest shows in the security calendar - Black Hat and Def Con.

>>61587142
>can't tell the difference between a phone poster and a pc poster
Two people think you're a dipshit, but apparently that's too far fetched for you to even think

What's a good C project that's not boring and will look good on my github?

>>61587540
See if you can contribute to 9front. The project and community is small enough to be possible to handle.

Some allege there are issues with the licensing but so far it smells more of uncertainty than anything else. It was re-licensed so issues should be overcome by now.

>>61582398
Bump. :)

Anyone got some inputs on the FAQ?
I know it is approaching a wall of text; still, the first part is the FAQ and the remainder is more of a reference.

>>61584460
I knew it, you're all a bunch of russian hackers pls stop hacking my votes ivan it was her turn

DEFCON BROS REPORT IN

>>61589362
i went 2 defkon once n they hacked my pacemaker im dead now rip ;_;

>>61589425
Press F for anon.
F

>>61589425
F

>>61589425
F

File: 1441498215958.jpg (75KB, 960x720px) Image search: [Google]

75KB, 960x720px

>>61589425
Speaking of hacking body mods...
>Find employee.
>Shake their hands.
In hacker voice: "I'm in".

The concept sounds secure but it would still be extremely easy to just shake their hands and clone their chip.

>>61589685
Some Arduino module which activates with the accelerometer would be cool.

>>61589685
>The concept sounds secure
>a chip that openly broadcasts your login credentials to any device within range
It doesn't sound even remotely secure.

>>61589685
>volunteer to get implants

Right, I'm sure they volunteered. "Hey, sign this new employment agreement that lets me chip the fuck out of you or you're fired. It's totally your choice if you want it or not though."

>>61561152
Hi /Cyb/
can you guys recommend any application scan tool that checks for XSS and SQL injection?
bonus points if it's free

>>61589828
You mean any RFID reader within a decimeter of the hand? Calling it "any device" is dishonest.

>>61589856
not to encourage these types of posts but

>sqlmap for automated detection and exploitation of sql injection vulnerabilities
>burp suite free edition i believe supports xss probing

have fun senpai

>>61590027
sorry, I thought it was an appropriate thread since it said security, thanks for the info

>>61590278
nigga we arent a supplement for google

following the links in OP you would have found these pretty quickly

>>61572434
>>61572525
cuban here, from shitty guantanamo. Mostly more developed areas like Havana have the spare money to do this, guantanamainans cant really. nor can people from the mountains

File: 1491829979174.png (15KB, 629x635px) Image search: [Google]

15KB, 629x635px

>>61589425
Fff

I have added more in the Cyberpunk archive at

ftp://[email protected]:21212

Password is "guest".

Ed is cute

found this, ok site for beginners
https://learncryptography.com/

>>61587121
I fucking did what the description told me and it spat an error message.

What part of "too dumb to do Mission 0" did you miss, dumbshit. How is this thread's reading comprehension so low?

>>61594694
>"too dumb to do Mission 0"
The fuck are you doing. You're too dumb to read and your shitting on everyone calling their "reading comprehension".

GTFO.

>>61594735
yeah but at least my dumbass can learn how to use the SSH command, by admitting when I'm being a fuckup.

Your dumbass is gonna have shitty reading comprehension until you pull your head out of your ass.

>>61594764
I'm not even the anons who were roasting you. I'm asking you literally what the fuck are you doing asking for help that way. you're retarded being that way like you have some value, when you're a retard. I won't reply to your next post. Just fuck off untill you get some manners, dipshit.

>>61594789
oh. I didn't ask for help, anon. I'm just sick of people not understanding what I'm talking about what I literally spelled it out.

Have a good day dude, fuck this cunt though

>>61586697
lrn2read

>>61594694
Have you been fucking lobotomised or were you just born this retarded?

>>61594852

>my weekend is finally here! I'm a noobie so i was thinking of getting started on wargames.
which one?
> I'm actually too dumb to do mission 0
which one?
this one? https://www.youtube.com/watch?v=6kEaFsqdA_I

Another Weekend has come, wew. At work it feels eternal but we really rush another week in.

What are your plans, anon? Share it.

Mine
>Keep going with LXC
>Hardening it with APPARMOR, SECLinux and learn them in the way.
>Setup my desired cloud.

Related to last topic, is it true that OwnCloud had a severe security issue and now is recommended to go NextCloud?

File: 1481897511573.gif (999KB, 500x700px) Image search: [Google]

999KB, 500x700px

I asked about /cyb/ and /sec/ servers in last thread >>61544080 and got many interesting replies.

HP servers were mentioned but are we talking about HP 9000 servers, hulking superdomes or plain Proliant servers? I can get any cheap-ish used.

Also Poweredges are plentiful (and backdoored to the max I learned in the last thread) but Sun servers are rare as bird's teeth.

>>61595137
ok. Last one was gonna be my last but JESUS FUCK DUDE.

Wargames. You have the context of being in a cyberpunk/cybersecurity thread. So it's either LARP shit or Cybersecurity. I'm not gonna spoonfeed you anymore. The first time I saw it posted here it took me 2 minutes to find the site.

>>61595195
>What are your plans
I want to get an old lubuntu machine going. I had a nice setup and then a power fail during upgrade that shredded the file systems. Did a reinstall from CD ... and discovered that the (l)ubuntu archives used are now deleted! Arrgh.

I really wanted an old version since this is a comfy machine with only 128 MB RAM. Seems current thinking is to dump support for old hardware, something that used to be a selling point for Linux systems.

Grumble.

>>61595241
yeah which one, there are tons
and each one has different levels so how are we supposed to know which game/site you're talking about

>>61595262
I won't recommend you using lubuntu. The only exp I had with it, it was still heavy for some fucking oldass laptop.

Void, in the other hand, runs pretty well. . .

>>61587540
Contribute to NetRunner, is a browser with great ideas and more than one developer was thinking like you.

>>61595318
Big thanks, Void looks intriguing.

>>61595845
>>61595318
void is comfy

>>61595878
Yep I like it a lot. I plan to put it in the 1st laptop I will have, so I will keep learning. When I have to describe it I said it is "Arch with installer" Although I don't like the idea of comparing it with Arch, it follows same kind of philosophy, but I don't know why I feel Void better and comfier.

File: gryllotalpa_orientalis_character10_344.jpg (334KB, 937x1257px) Image search: [Google]

334KB, 937x1257px

>>61561152
OP, did you get all the links from FoxyPastey?
https://pastebin.com/u/FoxyPastey


Also: now comes 6 hours where this general hovers around page 9...

>>61593240
thanks

File: 20170727_220018.jpg (687KB, 1512x2016px) Image search: [Google]

687KB, 1512x2016px

>>61595218
Just added another 256 blades to my cluster. Like the HP blade series, easy to manage centrally.

>>61596249
Please, bunkerbro, I need to ask you something.

When you put everything in place, I NEED an aerial pic of your stuff. I'm sure it will look epic.

>>61596284
https://vimeo.com/202124131

;)

>>61596322
Oh, I already watched that.

I mean your minning project. I guess you will be using a huge room, so all the minning machines in place watched from above should look nice as fuck.

File: 20170223_123827.jpg (259KB, 1613x1210px) Image search: [Google]

259KB, 1613x1210px

>>61596364
I know, just messing with you.

>>61596598
Bunkerbro, I'm not easily hypeable (if that words exists)

BUT GOD DAMN, you hit always to me in the right spot.

>>61596249
everytime you post bunkeranon, I smile.

>>61589856
Havij is an old school sql injector tool. Look for it on private trackers, it was a paid tool.

nikto is a Linux tool that will scan a given host for the presence of vulnerabilities, and you can feed it word lists so it can do dirbusting too

>>61595241
Aight I'll give you the benefit of the doubt since you're new

But new at war games still means there's LOTS aimed at you. Gracker, natas bandit, themed boot2roots, there's lots of beginners ones.

Bandit is a good choice. Are you doing your ssh connection with putty?

>>61595195
>CCNA
>set up a big bad lab since my current one is basic as fuck
>find some purpose and use for the aurdino I bought
I assumed they had a little more power than they do for the price I paid. Could have gotten an rpi for this money...

>>61597107
no, terminal. I figured it out pretty quickly. I didn't understand how to define the port so I did what any sane human being should do.

-h

>>61597067
Use SQLMap instead of Havij, it's FOSS and it works better

>>61597164
Oooh I haven't heard there was a replacement

Reminder that python is literal cancer https://wikileaks.org/vault7/document/Aeris-UsersGuide/page-1/

Get rid of anything python, if your package manager use python you are ool.

I know this is going to touch some feelings but
Source Mage > Gentoo

>>61597509
is the cia literally made up of a bunch of weeb marxists?

File: 1470322347821.png (477KB, 631x638px) Image search: [Google]

477KB, 631x638px

>>61597564

God I love these threads

>>61597509
Then what will I write my tools in?

>>61598192
C

File: download_28.png (188KB, 442x393px) Image search: [Google]

188KB, 442x393px

Hello all. New to this thread. Student in Cyber Defense and Network Engineering hoping to learn more. So far I like the resources.

>>61595970
Quite a few of them, as that was the source for the /cyb/ /sec/ threads before I took over.

File: 1495400532978.png (961KB, 3588x4320px) Image search: [Google]

961KB, 3588x4320px

>>61593458
what a coincidence, i just happen to be a beginner~

>>61596249
r u a dorf

y r u nside mountain??

File: Board300.jpg (608KB, 1412x1479px) Image search: [Google]

608KB, 1412x1479px

>The EFF's $250,000 DES cracking machine
>contained over 1,800 custom chips and could brute force a DES key in a matter of days — the photo shows a DES Cracker circuit board fitted with several Deep Crack chips

File: crypto.png (642KB, 2200x4200px) Image search: [Google]

642KB, 2200x4200px

OC

so i read pretty much all the guides and none of them really discuss smart phones. tell me /cyb/ how do i completely anonymize my phone like my pre-IME cpu laptop booting a flash drive with kali vboxing tails through a vpn?

>>61598720
root it and install custom rom with no gapps

>>61564655
For /g/ standards, it's by far the best.

File: pinknig.gif (58KB, 356x200px) Image search: [Google]

58KB, 356x200px

and what point can i hack?

>>61598720
Either buy a Replicant phone from Technoetic, or get an android phone and flash LineageOS. Don't install gapps, use only F-Droid, also install IceCatMobile as your browser, AFWall+ and Android IMSI-Catcher Detector.

I recommend supporting the Replicant project in either case.

>>61589362
Reporting in bro

>>61598831
>$348 for a used phone
uh, no sweetie

>>61563667
What is g/sec? I thought this was the cybersec (and punk) general

>>61598914
Do you even know if they are used or you just want to flame?

what are some anonymous vps i can rent using btc that are in shithole eu countries so itd be ridiculous to trace back

>>61589425
rip barnaby jack

>>61593240
what is this site?

>>61599446
look at the filepath very carefully

its not a website

>>61599337
read the site

>>61599528
But I did!

>>61599580
do you know what ftp is?

>>61599602
Wrong post

>>61599612
fuck, yeah, i need my glasses.

>>61599580
great, then you must have noticed the part that states the phones are used

now this is /cyb/: >>61598294

File: 1487319882297.png (1MB, 1256x1801px) Image search: [Google]

1MB, 1256x1801px

Hey /sec/ I had my /biz/ hat on reading Citibank's report and thought of you when I saw this.

>>61596249
How is it that this anon gets enough bandwidth as a literal mountain jew but I can barely get 1mb about 20 miles away from the city.

bumping before i go to sleep

>>61600450
By spending thousands of dollars to have fiber optic run to the mountain probably

File: Series of Tubes.jpg (45KB, 1920x1080px) Image search: [Google]

45KB, 1920x1080px

Imagine a mesh network with ZigBee devices and then run http on top of that.

I'm working on something like that for my final project at uni.

I've decided that my life goal is to defend the free internet from governments, and to a lesser degree from corporations.

The internet is going to fall in the name of feelings.
Not under my watch.

File: 1476559030387.jpg (120KB, 1280x720px) Image search: [Google]

120KB, 1280x720px

how do I get a job at darpa? I want to make the matrix happen but I've no qualifications, just motivation.

>>61596598
I want to live with you

File: AES.gif (2MB, 550x432px) Image search: [Google]

2MB, 550x432px

AES tl;dr gif.

>>61600497
Only thousands? Wow here the ISPs quote hundreds of thousands even if they only need to run it half a mile.

>>61600577
Then get qualifications

what is bunker anon's goal with all of this?

>>61600918
I wish I could, it's expensive.

File: 1459470182511.jpg (12KB, 241x209px) Image search: [Google]

12KB, 241x209px

>>61598652
>tfw lost all project files of my first cipher
I wish I had posted it at least once so I could fetch it from the archives.

>>61601044
No shit it's expensive.

File: 6df771ebcab1253fb4cd99532582d1591d699f63e9e4a90ce43e362b764cdcdb.jpg (12KB, 198x225px) Image search: [Google]

12KB, 198x225px

>>61601130 (cont)
Welp, just when I didn't need it anymore, I found the file kek.

This cipher is called EHE-1S and it's really middle-school math but, who knows maybe someone could find it useful (WTFPL2): https://pastebin.com/7NrWSJ69

I'm not interested in infosec anymore so use it however you want, it was just my way to practice what I was studying at the time anyway.

>>61599446
Basically another 4chan anon opened up a FTP site on his (?) computer for both upload and download, asking for people to fill it up with interesting stuff.

I made a Cyberpunk directory and I am filling it up with various documents I have collected over the years so that I can share it with the rest of you.

Anyone can upload, please contribute.

>>61601023
Mining crypto currencies using cheap electricity to power a second hand super computer in a second hand military bunker.

He basically ticks off all the boxes.

He should name it the Great Simoleon Cave.

I made an autistic thing that renames all of your animu reaction images and dank memes to look vaguely like standard 4chan image names so you're (slightly) less identifiable as an individual.

https://github.com/CaptainBlacklace/Renamer

Please review and bully

=== /sec/ and /opsec/ News
>Hiding out among the net's criminal class
http://www.bbc.com/news/technology-40671090
>Security researcher Liam O'Murchu lives a double life. And sometimes a triple life. Now and then he divides himself even more thinly.
>Living multiple lives is part of his job with security firm Symantec, which also involves being a covert part of the forums, chat boards and discussion rooms that comprise the net's underground economy.

>>61603157
>Please review
I noticed this one

new_fname="${RANDOM}${RANDOM}${extension}"

First off I don't think it does what you think it does.
Secondly, unless I am mistaken, it would over time point back to this tool having been used.

I can't tell if I'm getting better or the industry is getting dumber. I spend my days reversing chink firmware and most of the industry struggles to get vlans and cross site scripting still.

File: 1501116701271.jpg (22KB, 500x500px) Image search: [Google]

22KB, 500x500px

>>61603157
the fuck is this
https://github.com/CaptainBlacklace/Bubble

>>61597136

How much did you spend? Arduinos are cheap. Also, why an arduino for a CCNA lab?

>>61600894

I think he said he spent $250,000 on his Zionist Underground Fortress, so my guess is he has money to spare.

>>61600818
Pretty good, thanks anon.

>>61603230
so hanging out on 4chan and having a job is now considered living to lives ?
This combination must be quite uncommon then :^)

Seriously; Anyone with security background needs to do this if you want to keep up

>>61604742
>so hanging out on 4chan and having a job is now considered living to lives ?
Certainly. Or do you admit being an anon to your colleagues??

>>61603631
The two aren't related. 100$, but zeros are the same price.

>>61603366
You're getting better. Even in IT there are plenty of people happy to have the minimum skill set required to coast

>>61578934
It is only the service that can see your hardware details to my understanding.

Example - You create a Facbook profile, your ISP can only see that you accessed Facbook, they can't see your account details. But Facbook can see the hardware you were currently using, your location when the profile was created etc. Your ISP wouldn't be able to see the messages you send on fb, or who you talk to, they could only that you accessed fb, the logs that ISP's keep are generally very lacking in detail.

Whats the best live distro? Preferably small enough to fit on a cd

Dont need a gui but all kinds of programs wudd be laff

>>61606725
Wrong thread.

>>61606725
Knoppix is my go to live Linux

>>61603230
Please post articles about astroturfing, telemarketing and shills, if you find any.

>>61606725
SystemRescueCD if you are looking for general troubleshooting.

>>61606171
This is interesting, how detailed are the logs stored by an ISP? I assumed they were just what site you are connected to and for the duration, nothing more?

>>61607498
>how detailed are the logs stored by an ISP
Im going to list some instances, and a few assumptions about these instances.

Regular joe blow Facebook traffic
>your hardware profile
>quantity of data transmitted to and from each site you visit
>anything that's not HTTPS, and some unencapsulated S traffic as if moves through the OSI
>your search engine searches
>your YouTube history
>what you've been watching on Netflix, as well as the fact you have it
If you have Netflix, check wireshark while it's running. Some very interesting addresses it will constantly ping to assure it's login is still valid.

You are privacy conscious and use a vpn
>the address of your vpn
>the volume of data moving through the modem which if enough resources were thrown at it could be put together to form estimates of what you were looking at corrolated with the times the frames were requested
>once again, who your destination VPN provider is
>hardware profiling from your initial connection to the vpn service
>who the fuck you are from signing up with them

If you're of note, they can determine a lot. If you're no one, they can still easily find a lot out about you.

If you really want to remain unprofiled by your ISP, the only options are unplug, exclusively use corporations """free""" wifi, or put aircrack ng to use while you wait a week to capture handshakes

>>61607681
Not that guy but thanks for the detail!

So even though fb doesn't (or at least didn't) use HTTPS, that means an ISP would have detailed logs of an individuals conversation on the messenger?

Those devils

If you're looking for a /cyb/ tv show, check out Dark Net. It's really good lain

>>61578750
I would let Putin spy on me anytime

>>61607368
Thanks, thats exactly what i was looking for!

>>61608150
You don't really get to chose.

People in country X are spied upon by intelligence agencies (note: plural) in country X. Traffic passing through countries A, B and C are similarly intercepted. Do a traceroute to look.

Next data in A, B and C having data about X, are stolen by agencies in countries U, V and W. And so on. IT is turtles all the way down. So whatever is in NSA also ends up in GRU and vice versa.

By now they are all loving Tibetan Weaving Forum banter.

=== /cyb/ and /sec/ News
>An end to phone pranking
https://www.axios.com/the-end-of-phone-pranking-2466369815.html
(found via Slashdot)

>A researcher at Carnegie Mellon University has developed an intelligent system that is helping the U.S. Coast Guard to distinguish and weed out prank mayday calls that cost it up to millions of dollars a year when it flies or motors out on pointless rescue missions, per Govtech dot com.

>The program, created by Carnegie Mellon's Rita Singh, creates a barcode of a person's voice, deciphering whether the caller really is on a boat or actually in a house somewhere. It can unmask repeat pranksters since it can pick up telltale markers and match them up.

My hunch is that this is a low hanging fruit various and numerous agencies have used for years, AKA metadata. Fingerprinting every single telephone conversation means TB of voice prints always ready to recognise voices also on radio.

>>61607958
Your ISP won't keep logs of your Facebook conversations no, even if you aren't using HTTPS. All your ISP will do log is that it connected you from *this domain* to *that domain* for *this period of time* from *this hardware*. Someone's please correct me if I'm mistaken.

We are on 314 and it is in italics. Also on page 9.

Calling OP, ready to crank out a new one?

make a new thread you faggot

File: 1500371816670.gif (273KB, 200x200px) Image search: [Google]

273KB, 200x200px

I have never done it before! K-kinda OP virgin yet.

And OP said he was going to reorganise all the pasta. Which is quite the collection. We are hovering on page 9 so I hope he gets here double quick.

The thread will tank in about 15 minutes. No probs really, as long as OP makes a quality post.

I hope the pasta will be merged with the Foxypastey pasta:
https://pastebin.com/u/FoxyPastey

Recent pasta is here:
https://pastebin.com/u/AbsentEye

Hoping for the Yokohama Kaidashi Kikou Edition next.

File: 1428807541473.jpg (29KB, 326x315px) Image search: [Google]

29KB, 326x315px

>tfw no OP and hitting page 10