/sec/ - Information Security General

Tried to fill up OP a bit, still far from completed, decided to use old pastebin because the hastebin in other thread was empty.

Took some of the suggestions too. Hopefully next OP will do better.

>>62048347
The hastebin was not empty, had this:
https://pastebin.com/Cfun7iu2

>>62048308
List of linux distributions without SystemD:
> you are missing devuan, https://devuan.org/
I am going to work on a list of podcasts if anyone is into that sort of thing.

>>62048396
It was empty for me, guess someone will have to change it for next OP.

>>62048400
That's true, I didn't notice the lack of devuan back then, so I just added those that were in the replies.

>>62048308
This was the hastebin from the last OP, before the devs broke everythibg.

Training and Wargames
WeChall - Largest Wargame community | http://www.wechall.net/about_wechall
Overthewire - Very good wargames, play Bandit if you're a begginer | http://overthewire.org/wargames/
Exploit-Exercises - Good wargames that are available offline | https://exploit-exercises.com/
TrailOfBits CTF Guide - Rundown of everything CTF | https://trailofbits.github.io/ctf/
OpenSecurityTraining - Very good material for Cybersec | http://opensecuritytraining.info/Training.html

Bug-Bounties
BugCrowd - Easiest to use, begginer-friendly | https://www.bugcrowd.com/
Google - Google's reward program for its apps | https://www.google.com/about/appsecurity/reward-program/

All About Cybersecurity Careers
Link list hastebin of Reddit posts | https://hastebin.com/eticuzizoy.rb

Reverse Engineering
Begginers.re - Begginer-friendly without holding your hand | https://beginners.re/
theZoo - Malware Repository | https://github.com/ytisf/theZoo

Cryptography
Gary Kessler - A quick and meaty rundown on cryptography | http://www.garykessler.net/library/crypto.html

Courses
Cybrary - Plethore of free cybersecurity courses | https://www.cybrary.it/
FSU Offensive Computer Security - All-in-one Red Team curriculum | https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/

Free Shit for Students
GitHub - Boatload of credits for servers | https://education.github.com/pack

Link Lists
Awesome InfoSec - Large list of everything infosec | https://github.com/onlurking/awesome-infosec
Sectools - Ranked list of (popular) infosec tools | http://sectools.org/

>>62048468
Cont.

+ /sec/ Career Posts +

=== Infosec Tiers ===
https://www.reddit.com/r/cscareerquestions/comments/26tep2/software_dev_to_cyber_security/chuh7cg/


=== Should I Get a Degree? ===
https://www.reddit.com/r/cscareerquestions/comments/32clj1/is_a_bachelors_in_cs_a_good_choice_for_%20%20%20%20%20%20%20%20cyber/cqa40su/


=== Cryptography ===
https://www.reddit.com/r/learnprogramming/comments/32g958/looking_to_get_started_in_cybersecurity/cqazmcn/
https://www.reddit.com/r/learnprogramming/comments/32g958/looking_to_get_started_in_cybersecurity/cqazmcn/


=== Increasing Hireability ===
https://www.reddit.com/r/IAmA/comments/6ep25k/were_a_group_of_infosec_professionals_hackers/dic3b81/

>>62048308
Glad to see a continuation.

>>62048308
Someone on /t/ posted a collection of books that might be a good resource, Post Number 758722
> https://mega.nz/#F!yRVgCZwa!X2dBn1YuOd4ureIxjM-mZg
> Contents: https://pastebin.com/TMRqqAK1
If anyone wants anything specific out of here let me know.

>>62048442
While you're at it, I think latest Slackware is still systemd-free.

>>62049067
I think so too.

I think the systemd stuff is a philosophical argument than a security one.
We might want to add ctftime and upcoming ctfs to the OP.
https://ctftime.org/

File: 2017-05-31 12_42_34-3 Ways to Differentiate Between a Real Skater and a Poser Skater.png (306KB, 734x609px) Image search: [Google]

306KB, 734x609px

>>62048308
op from >>62048400 >>62048651 , anyone on the IRC?
the /sec/ channel is dead compared to /punk/

>>62050100
Didn't we change to #/g/sec

>>62050122
More like gay sex

>>62050148
kek

So /cyb/ told me to fuck off into this thread.

Are cyber/infosec/info assurance degrees memes? I'm thinking about getting my BS online from WGU since I already have a 2 year degree in IT (infosec focus). I also have the A+ and Sec+ certs. Currently working full time as a service desk """""analyst""""" and I have to day that ITIL is retarded. Even if someone accepted me as a SOC monkey I'd make the jump to get my foot in the door.

Just to clarify, WGU is regionally accredited, is non profit, and includes about a dozen certs in the degree program at no additional cost. It's like 3K per 6 month term.

>>62050271
Entirely depends on your regional market. If you work for the government it helps a lot, but if you are in private industry it's less important.

>>62050433
Yeah and I heard DoD loves Sec+ as well due to directive 8140 .

File: ComputerWarningsDrug.jpg (225KB, 1140x1310px) Image search: [Google]

225KB, 1140x1310px

Why did we branch off of /cyb/?

They were nothing without us.

>>62050569
Larpers (literally) pushed away all 4 people that knew anything about infosec.

>>62050579
Does Manderas still browse here? Hope he wasn't driven away..

>>62050630
I'm pretty confident that he does. That said, he only uses his name when people refer specifically to him AFAIK.

>>62050630
Haven't seen him in a few threads but why give away your identity when you don't have to? If you see something quality does it matter who it came from? It's pretty obvious when someone who knows what they are talking about drops by.

>>62050271
>Are cyber/infosec/info assurance degrees memes
Yes
Only cryptography degrees are of any value.

>>62050908
>Only cryptography degrees are of any value.
What makes you say that?
What if I don't want to work in crypto?

>>62050914
Then don't get a degree. Work on getting experience in your field and show that you're not another useless recent grad.

>>62050271
I've heard that it's much better to get a Comp-Sci degree then specialize into Cyber Security by getting certs and shit, mainly because getting an infosec degree will leave you only being able to work in infosec- but comp-sci is much more broad. Eli the Computer Guy did a video about it, interesting watch.

https://www.youtube.com/watch?v=KBW1een0Ehc

Having many extensions in the browser leaves fingerprint?

>>62051196
Every single one of them.

>>62051077
Who the fuck gets an infosec bachelor's?
I'm doing CS+math but if I get a sec degree it'll be in grad school.

File: WaterFoxAddons.png (62KB, 1623x707px) Image search: [Google]

62KB, 1623x707px

>>62051244

>>62050271
>Are cyber/infosec/info assurance degrees memes?
Yes, if you bothered to check what you study in those you would have noticed.

>>62048651
Kino

>>62051922
This ain't /tv/, friend.

>>62052100
Aye aye, captain

>>62050122
Yes but #/g/sec is still quite dead.

>>62051260
I did, it's ok but mine was mostly comp sci with more focus on business than math. I learned almost everything I know on my own and in hind sight I should have gotten either a computer engineering degree or finance considering where I ended up.

>>62050579
More Iike some angry /sec/ autist sperged out because he doesn't like the cyberpunk theme I guess.
Don't try to play the victim, you could still the thread and how it boiled down to pure fucking cancer shit posting about MUH LARPers.
I know cyberpunk doesn't belong on /g/ since it's more of a mix between politics, technology, humanities, and an anarchist mindset, but they were fun threads when it was just /cyb/.

Don't know why some guys got so angry over the merge if all the threads since the merger were 90% /sec/ talk.

File: cyber_dimension.png (28KB, 655x572px) Image search: [Google]

28KB, 655x572px

>>62052575

>>62052575
>but they were fun threads when it was just /cyb/.
Then go back to /tg/ with them.

>Don't know why some guys got so angry over the merge if all the threads since the merger were 90% /sec/ talk.
90% /sec/ talk but /cyb/ was also joining the discussion degrading it.

>>62052797
Found the autist.

>>62052849
Was it hard?

>>62052859
Nah just cross referenced his posts through the mainframe which I cracked using Python, the most /////sec///// language. Then after falsifying the IDS called him an autist. Ya know, cause I'm ////sec////

>>62052892
>Python, the most /////sec///// language
That's neither assembly, nor C, nor Perl

>>62050969
Working on an IET degree right now. How to do this? The classes I'm taking are not that helpful and the only benefit uni has given me is people networking. My knowledge is fairly high and I can learn quickly if necessary.

>>62052575
Cyber punk has nothing to do with security

>>62052892
i sure as hell hope you used a HTTP VPN with an Active Directory VPS with sqlmap

>>62052892
So amazing man, keep up the great work!

>>62052899
>Perl

>>62052924
>>Perl
Yeah.

>>62052911
Had more to do with security than this entire general does.

>>62052933
Well, actually this is pretty true, since every perl script is naturally encrypted.

>>62052955
Perl is a really flexible and fun language too for anything related to text manipulation or networking. It's still used by most sysadmins.

>>62052938
Old guard on life support.

>>62051917
Seems like IT with IS focus and some basic programming/scripting
https://www.wgu.edu/online_it_degrees/cybersecurity_information_assurance_bachelor_degree

Then I guess just plain IT or CS would be better if it's shit.

I found a possibly better curriculum from the IT college in Estonia with more programming:aiT college Estonia

What would you guys suggest then, just go CS even if it's part time or online? Online being from somewhere like FHSU, regionally accredited, public, non profit for like 3K a semester, or around 213 per credit hour.

>>62052971
>It's still used by most sysadmins
You mean powershell; right?

>>62053025
No, I mean Perl 5

>>62052899
>C
>Not C++

Again, autists all of ya.

>>62052922
You know it, used LDAP configured with the VPN for authentication to query!!!

>>62052924
Thanks, you too fellow ////sec////!

>>62053037
>>Not C++
What the fuck are you on about? Where in sec, aside from some malware, is C++ used?

>>62053048
Can't you see he's just a mad /cyb/ LARPer? Stop responding to bait.

I find it interesting that there is absolutely no board that a pure cyberpunk general would fit in. /tg/ is unironically the closest place, but it was deleted because it didn't include any traditional games. Cyberpunk might fit into /tv/ because of movie influences, but without /sec/, /cyb/ doesn't belong on /g/. The regular cyberpunks don't really have the techonlogical acumen to post on this board and they should move to lainchain.org/.jp or cyberpunkforums if they would like to continue having their community.

It just doesn't belong here.

>>62053074
It would've fit on the Lain suicide cult website, which is unfortunately dead

>>62053074
/cyb/ is like that fat kid who has no friends who decides to insert himself into everyone's conversations.

No one wants /cyb/ but they insist on continuing to shit up our threads.

>>62053087
Did they an hero

>>62053126
Nah the guy in charge just took the site offline after he was called out I think. Too bad, the aesthetic was nice.

>>62053138
Called out for what?

>>62053250
Being a schizo and a jew at the same time

>>62053255
>a schizo
>a jew
What's the DiFeReNcE??

File: 1503373937905.jpg (144KB, 572x303px) Image search: [Google]

144KB, 572x303px

>/cyb/ tells me to fuck of to /sec/
>/sec/ filled with autists complaining about /cyb/

Why do you fucks ruin things I like? Now where do I get help with authenticating through fucking RADIUS?

>>62053276
Except we'll stop complaining at some point, now would be a nice point.

>>62053276
>authenticating through fucking RADIUS
A fucking book. Or better yet, security.stackexchange, you fucking overglorified sysadmin.

>>62053276
/sqt/ >>62052301

>>62053300
>Except we'll stop complaining at some point, now would be a nice point.

then

>>62053312
>A fucking book.
or
>>62053354


These generals were a mistake. You autistic fuckers probably wouldn't even know PPP or LCP does.

When did /g/ turn into Reddit?

>>62053373
>PPP or LCP
You're looking for the chairforce general. We only discuss useful topics.

>>62053373
There is no reason to need to know what a PPP or LCP does unless you're a server jockey or a very niche exploiter.

>>62053373
PPP makes my dick look ugly

File: 100032.png (127KB, 601x508px) Image search: [Google]

127KB, 601x508px

>>62053402
>>62053423
>>62053443

Holy shit no wonder these threads are always dead. It's filled with Reddit brainlets.

Like, seriously tell me you guys do more than just talk about IOS exploits "What's the most /cybsec/ phone"

Literally tell me how you are concerned with security when you don't know what CHAP is or how it works.

Can i get the destination ip and port of a service in win7 with just powershell without running netstat?

File: 1491511146282.jpg (1MB, 1920x1080px) Image search: [Google]

1MB, 1920x1080px

>>62048308 Is this the summertime millenial echochamber?

{[(Mozilla)]} Enterprise Information Security reference document:
https://github.com/Atavic/infosec.mozilla.org

infosec thought leaders:
https://gist.github.com/Atavic/ddc18b5cf15b2e9819280aee270100ab

https://danielmiessler.com/study/
infosec | technology | humans

Can't even bother 2 look @ cyberfags general

>>62053484
Listen, friend you're naming a lot of different protocols here so I'm assuming you're >>62053276 or the like. Most netsec people will not know what they are. Just like most netsec people don't know the ins-and-outs of Cisco routers. It's just not important. The field is very large and knowing niche concepts is not going to do anything unless they're directly pertinent to whatever is at hand. For most vuln-experts, pen-testers, RE guys knowing those things isn't gonna help them.

The only people who legitimately need to know these protocols are sysadmins. Can you even tell me how knowing any of those protocols is gonna help the groups I listed above?

>>62053527
/sqt/ >>62052301

>>62053561
1, it has to do with RADIUS, so good job on figuring that out buddy. Of course I"m the person asking that.

2, The thread is Information Security. CHAP for example is Challenge-Handshake Authentication Protocol.

This has to do strictly with authenticating the client to the server. Now If I can manage privilege escalation because I know which server is running what Authentication, I can probably do something with the server (Hope this helps scratch your Haxxor fetish)

Again though, if this is just LARPing as hackers or exploiters or some shit, coulda saved me a lot of time in not bothering.

If it's for actual Infosec shit, then this is, or should be, the right place for it.

>>62053561

Wise words. Those courses are for people like an old frined of mine who had his whole life on a safe path, as his father was the head of an enterprise - then bought by a big US Corp. - so he knew what he had to study to sit on his dad's chair.

Non-elect people shoud hack and secure netwerks instead of dabbling with obscure proprietary protocols that have NSA backdoors.

>>62053642
>dabbling with obscure proprietary protocols
>obscure

Well I guess this thread is just LARP then. Enjoy the "Haxxor" circle jerk

>>62053561
>>62053642
>protocols aren't /sec/
Reconsider what you're talking about.

I work as a cyber security engineer.

>>62053561
You're a bad sec guy if you work in security. Please consider that you have no idea what you are talking about.

>>62054033
>>62053923
>>62053690
When will sysadmins go? These are the only people who have enough time to shitpost. Them and fucking students.

>>62054139
What's wrong with being a sysadmin

>>62054160
Inherently? Nothing.

Just that most of them have inflated egos from having an effortless job while at the same time thinking they're "one of the boys." Cue the posts in this thread about procs.

>>62054182
>thinking they're "one of the boys."
That's a matter of skill, it doesn't really have anything to do with your job.

>>62054191
IT admins, by definition, are not "one of the boys." If they were, they wouldn't be IT admins. I'm not trying to throw shade on anyone here, but IT takes much less skill than some of the more /netsec/ heavy jobs out there. Except bug bounty hunters and pen-testers, they're lower than IT and have larger egos.

>>62054227
>some of the more /netsec/ heavy jobs
Like?

>>62054191
>>62054227
>>62054242
Look at it like this. BB hunters and pen-testers are the webdevs of netsec. Sysadmins (and network engineers/architects) are the code monkeys, and malware engineers are the embedded systems/back-end guys.

Red team sharks are the 10xers of the industry.

>>62054139
But the one shitposting is you.

>>62054242
He is literally just talking out of his ass

>>62054256
>10xers
That's not even a job.
Red team sharks are just very good pentesters anyway.

>>62054273
>>62054272
/r/sysadmin That's the one sub in netsec that has over 100 comments regularly on each thread. Do you know why? Because you guys don't do a whole lot during the day, yet you bitch and moan over every inconvenience.
>>62054284
10xers were guns for hire when programming was the wild west. Red team sharks have taken that role in netsec, but they surround themselves with their work and do a whole lot more than anyone else. Mad respect to them, because it's not just another day job for them.

>>62054311
Again, 10xers is just a term that means "great programmer"

>>62054311
were you doing some database labs and using reddit as a source of data vomit, or did you just come from there?

>>62054327
10xers, i.e "great programmers who lived and breathed programming" would usually be one-man freelancing teams to do extraneous and time-sensitive work. You wouldn't see a 10xer in a business environment unless he was being paid mid 6 figures and other bonuses.
>>62054338
>>62054273
Let's leave our conversations with a (You)

>>62054355
>one-man freelancing teams
>You wouldn't see a 10xer in a business environment
What?
The greatest programmers are just employed by the greatest and most selective firms. For programmers it's mostly in finance.

File: 150 IQ.png (205KB, 659x525px) Image search: [Google]

205KB, 659x525px

How do you investigate to know if something is botnet/honeypot/spyware?

>>62054376
Usually outbound traffic logs and sandboxing suspected elements and fast-forwarding.
>>62054367
There are no such things as "the greatest programmers" anymore. It's just people with different specializations. Programming has become to large and contains too many frameworks to have 10xers anymore. Good programmers nowadays have domain specific knowledge that they couple with being able to get around C++ or Python.

Fintech's aren't even programmers first. They're mathematicians and scientists first and programmers second. Programming is becoming a necessary skill like being able to use a computer.

>>62054338
>>62054327
Here, I made a general for you guys. Please go here instead to discuss whatever you want. >>62054405

>>62054355
>Has no idea what he's talking about
>Has been called out by atleast 4 different anons
>Literally disregarded industry standard protocols.
>LARPS as a pen-tester

>AND THEN
>Tries to act condescending

I feel kinda sorry, he must have delusions of grandeur or something when he probably can't even run a Bash script.

>>62054430
>There are no such things as "the greatest programmers" anymore
Programming isn't about languages though.
Even today there are bad programmers, good programmers, and exceptionally good programmers.
>Fintech's aren't even programmers first. They're mathematicians
I'm not talking about quants, I'm talking about financial developers, i.e. programmers who work in front-office financial environments.

>>62054311
>Red team sharks have taken that role in netsec
Could you elaborate? What kind of skill set do they require? Are they all self employed top experts in their field?

>>62054455
>LARPS as a pen-tester
You are projecting, my man. PPP is literally only used in routing and servers. Go here: >>62054405
>>62054491
>Programming isn't about languages though.
It used to be. Now it's about adaptability.
>I'm not talking about quants, I'm talking about financial developers, i.e. programmers who work in front-office financial environments.
I haven't been in the industry in only five years, but are there actually programmers in front-office positions? I don't think any old-world firms would allow that.
>>62054507
>What kind of skill set do they require?
The ability to understand a vast number of different fields and connect them all together and the ability to adapt to complex challenges. It's a buzzword soup, but that's all it is. The guys in the field all have different specialties that they've "narrowed in" on, but they're all extremely educated on the surrounding fields of their specialty. You learn this stuff by doing, but knowing of all the possibilities through reading is a must.
>Are they all self employed top experts in their field?
Either "consultants" or working for blackbox agencies.

>>62054455
look out though he's probably 20 pages into his ethical hacking cert book

>>62054573
Certs are a copout.

>>62054507
Sounds they're guys the OSCP was made for/by

>>62054572
>different specialties that they've "narrowed in" on, but they're all extremely educated on the surrounding fields
So they just have a bunch of real world experience?
>blackbox agencies
What's that, government?

>>62054572
>Now it's about adaptability.
What do you mean?
A really good programmer is good regardless of the language.
>there actually programmers in front-office positions?
"Quant developers". They're not quants, they're programmers, and they work in front office. Jane Street, Two Sigma, etc

>>62054592
>So they just have a bunch of real world experience?
A shitload.
>What's that, government?
Yeah. Look into Snowden's career stints to get an idea.

>>62054615
>A really good programmer is good regardless of the language.
10xers were one-man teams and great programmers because they knew a whole stack in a time when stacks didn't change like they do now. Nowadays you can't be a 10xer, the world is just moving too fast for one person to always be up to date on every single tool out there.
>Jane Street, Two Sigma
I understand now. Those are relatively young firms and aren't held down by tradition. Do you know what's happened with the prop trading scene? Have they been replaced by devs?
>>62054587
OSCP is great, but it's a joke in the self-taught realm.

>>62054684
>the self-taught realm.
How do you self teach efficiently though

>>62054684
>held down by tradition
Were you talking about investment banks?
Then again the higher up you go the more math becomes important. I doubt Rentech hires devs.
>prop trading
No idea. Algorithmic trading is doing well.
HFT is great for CS/CE experts because of hardware optimization and shit like that.

>>62054695
>1). Want to do something new
>2). Skim the technologies required
>3). Apply
>4). Decide if it's good enough
>4a). If it's not, go back to step 2
>4b). If it is, go and use it for realsies and start over on a new step 1
Don't get caught up on appearing educated. Only learn things that are useful to you /right now/. Ignore everything else and never stop applying.
>>62054705
>Were you talking about investment banks?
I forgot the buy side doesn't give a shit about tradition, only if you can make them money.

>>62054272
He's literally derailing the thread to bitch at people. With the mods would kick him.

Why do I have to reset my Openwrt firewall to get internet access after a router reset?
Like, I have to add a random character somewhere, then I hit apply changes and then I get internet access, otherwise no internet. Why is that?

>>62053074
/cyb/ people is just attracted to /sec/ as in hollywood movies do /sec/ you type fast some "comands" in the terminal some magic happens, and boom 5 minutes later you are a badass hacker with some cool suite and some unreal smart gadgets. I can see why people likes this, but they are wrong if they think that any of this is real or even possible.

They won't even go an inform themselves if what they assure it's true, but they'll group up against anyone that says the contrary

>>62055164
I dunno the openwrt firewall applet. I assume you're not just talking about port forwards or something. The thing of openwrt is that it automatically generates settings from configs and if you have to repeat the process sounds like you're changing the in-memory settings vs. the on-disk configs.

>>62055646
it's kinda like that in real life though
>not automating your hacking

>>62048468
>Good wargames that are available offline
You the fucking man for posting these!

>>62050569
>They were nothing without us.
You think this might be why we split?

>>62050969
>Work on getting experience in your field
>work on getting work in your field

Gr8 advice m80 wow I never thought of this before mind blowing stuff man

>>62053373
>When did /g/ turn into Reddit?
It didn't, and that's the problem. You'll get an answer to your question from reddit.

File: 1447200347494.jpg (88KB, 594x793px) Image search: [Google]

88KB, 594x793px

>>62051077
>>62051260
comp sci here and studying for certs. i have the sec+ book in front of me now.

def glad i did it this way, and no way i'm ever going to grad school unless someone else is paying for it, even then i highly doubt it will be another STEM program.

anyone know how long you need to study for the CISSP?

>>62056446
Until you feel you are able to take it?

>this shitshow of a thread

It's fucking clear to me now. It wasn't the cyb larpers shitting it up, it was sec larpers. Wow, segregating the sysadmin, the only person in this thread with an actual job, into a different general so he couldn't call you out anymore. Fuck if, im going to permanently move to reddit. At least I get my questions answered there.

>>62056478
Listen senpai, you may be right that most people in this thread are standing on mount stupid, but you are standing right there with them. PPP isn't something terribly special, it's rarely touched by people on the offensive side.
>>62054695
You someone who can teach a man to phish.

>>62056478
i think i agree. i have had enough. there is a distinct lack of knowledge here. it is time to leave this place behind and focus purely on levelling up. the internet is not fun anymore, and this place is not either.

>>62053561
Wow, good thing this isn't reddit where we can downvote the shit out of your stupid comment. Now I see why you left there to come here, you probably have a shit rep for talking out your ass. If you really can't think why its important to learn networking for threat assessment and exploitation or why its the first thing they teach you in the remedial infosec classes then you are beyond help. Quit right now, otherwise a pajeet will be your superior and you'll be stuck doing backup code for Karlie.

>>62054311
>when programming was the wild west
Bazinga yourself you pretentious virgin.

>>62054684
>OSCP is great, but it's a joke in the self-taught realm.
Its the industry standard for a reason you street shitter. I'd like to see you do even 1 of their labs. I bet you don't even know to load Kali.

>>62056446
Dont listen to this fucking larper >>62056471
He didn't even check their website before he spoke out of his ass again. You need 4 years of work experience IIRC, 4 years of uni counts as 1 year experience, but all that info is on their website.

How do you plan on being a pentester if you don't even do your due diligence?

>>62056478
>>62056946
>>62057002
Same fag

>>62057002
He wants to know how to authenticate to radius while just listing off concepts like chap, pap and PPP. What am I supposed to do just tell him to use Wikipedia and come back when he has an actual question like how is ms-chapv2 calculated? Why does pap send the password over the wire? Until anon-kun asks something sensible he is just as bad as the retard talking about 10xers.
>>62057125
He isn't entirely wrong, a lot of the networking stuff is a solved problem these days. It's more important to know why ms-chapv2 is terrible than it is to know the exact specifics of PPP especially if you just do reverse engineering. I don't bash SOC monkeys for not being able to unpack a binary even if it would be funny to see them take a look inside IDA or gdb.
>>62057177
I'm a ctf-fag OSCP doesn't seem that hard compared to Google's ctfs, but I understand that people who participate in that are a different demographic than the average OSCP and it still has some weight behind it. At least they know what they are talking about.
>>62057207
There was an attempt.

Really I if we are talking about security. PAP is awful because it sends the key. CHAP is awful because it sends a hash and needs to be encapsulated. If we really want to get hard on the security front we should be doing password authentication with PAKEs because it prevents exposure of the private key while providing forward secrecy but what do I know about security?

>>62057190
>CISSP
>pentester
pick only one

the requirements are 5 years, and 4 if you have a degree. you can get an associates (whatever it is called) CISSP after passing the exam with no experience. then you have 6 years to gain your experience, or you have to take the test again. i know all about it.

how hard is the exam? do most people study for 6 months before? a year? do you even have the cert? is this entire board just a bunch of freshman college students?

>>62057426
>is this entire board just a bunch of freshman college students?
Yes, the semester just started
They are all just fucking skiddies, fuck this thread is shit.
>certs
>college
>complaining about cyb
There is zero infosec talk going on.
This shit doesn't belong on /g/ since /g/ is mostly computer consumerist bullshit

>>62057485
fucking posers

thanks for the reply, i'm going to head back to /k/

>>62057485
What do you want to talk about senpai?
>>62057426
Your forgetting the endorsement.

The only larper I see in this thread is the guy pretending to be a paranoid schizoid thinking everyone in this thread besides him is one guy. When will sysadmins have mandatory mental health screenings?

HOW DO I ENCRYPT MY HARD DRIVE

QUICK

>>62058455

it's too late :(

>>62058458
>>62058455
Download VeraCrypt.

>>62058455
arch has a good guide on it check the arch wiki

also reply to me fag if i say you name: didac pebn gyronigga

>>62058282
>tfw watching all these Alpha Charlie BlackOps pentesters bickering with each other
>tfw just the one forensics guy

>>62058854
Why are you making me feel these feels?

>>62058884
Let us feel together (tm)

File: viewImage.jpg (47KB, 650x650px) Image search: [Google]

47KB, 650x650px

>>62059007
That feel was a honeypot and I've just wormed my way into your calculator app.

Consider yourself fiddled, buddy.

>>62059051
Jokes on you, i have two phones.

File: viewfiddle.png (519KB, 650x650px) Image search: [Google]

519KB, 650x650px

>>62059061
That declaration of fiddling was just a clever social engineering ruse to get you to reveal your weak points.

Consider your SIM cards fiddled, pal.

>>62050630
I do. Everyday; /g/ is part of my daily routine.

There are some incredibly talented and interested people in the gens I enjoy most (/cyb/ and /sec/)...Reverse engineering red team rolling his own malware/exploits bro, TGG, the original /cyb/ OP.

Likely some blackhats kicking in some knowledge here and there as well
>>62050641
This is true also..if you ask for me by name, I will reply in my own name.

Otherwise, look for a habit for double capitals on the first word of many sentences and quirks such as heavy useage of extraneous punctuation.
>>62050706
Yes I am, but that is because I have finally decided to reach out to the rest of the community...to give back, network, learn/exchange, etc.

That being said, if I was up to anything illegal on the side, I would have other finely compartmentalized personas that are alien to this semi-anonymous,close to the meat space me.

Giving away so much could be a means of misdirection: by feigning a weakness or lack of OPSec with one persona,thus reinforced by my anonymous posting with the same grammar and sentence structure as my named persona.

I could be developing confirmatory biases in those who would/could investigate me. By developing full personas and defining/tailoring the OSINT I have provided to be conflicting or appear coincidental in differing magnitudes between these personas/identities maybe I buy myself some latitude (though a single mistake on my part by technology or human error could register this all null).

I am not doing anything illegal though, and I do not have any other personas. Because if I did or was, my admitting of it would errode the value of doing any of it.

Unless of course I grew up in a family of old school intelligence operatives.Maybe I was taught I can't beat superioir technology or the resources, so my best chance is layers of misdirect and subterfuge as an obstacle vs. human minds analyzing and making/basing decisions upon the data.

>>62059090
Oh shit.

File: enhanceFiddle.png (520KB, 650x650px) Image search: [Google]

520KB, 650x650px

>>62059113
>>62059136
maderas is actually the twitter handle linking to his real name, face, address, and place of employment

they'll never suspect a thing

*interesting, not interested...sorry
>>62050706
ALso, anon you are right...the source doesn't matter so much...I first began using my name when I was talking about an article I wrote for the sake of transparency.

My apologies...this general is about the tthe technical facets, not the personal ones, I was just offering those replies.

General looks awesome...thank you OP.

>>62059153
Yes, my plan is suceeding...now I just need a fu manchu to stroke menacingly.

bumping so this doesn't die yet

Math minor in CS worth it or should I do just CS?

>>62060593
how is this sec sweetie?

https://vanitysec.com/

it covers things like best pants to wear for b&e, how can you not love this website?

also, math minor for cs because talent

>>62060607
How is it not

>>62060683
Thanks.

>>62060683
does being female give you +10 in social engineering?

>>62060714
No because trannys

Reminder that VR is the real /sec/ field and everything else is for brainless

>>62048308
can you fuck off with your pseudo shit? what in the fucking world does security have to with linux distros without systemd?

fuck off and kill yourself you and your faggot kiddos who are to lazy to google aren't wanted in any community, specially not in the net-sec

>>62057251
how about you read a fucking RFC for once in your life you lazy fuck

>>62060593
Math always worthy

>>62050064
Nice link, thanks

>>62057190
>Dont listen to this fucking larper
You don't need the experience to take the test retard.

>>62060683
>math minor for cs because talent
What?

>>62051609
>having this many privacy addons
>and using grammarly

nice keylogger you got there, snowden.

Thoughts on smart guns? Do security firms use them?

Watched this talk https://www.youtube.com/watch?v=J3f0p3vTY-c and put a bit of thought of how it can just be deadly to use them on the right company.

>>62061318
The systemd-less list is more for people to instead of asking in the thread about it, checking that and fucking off. It filters a few stupid questions like >>62060593 but about linux.

>>62060683
Now it just needs shit for men.

File: 1478345413903.png (369KB, 1880x3148px) Image search: [Google]

369KB, 1880x3148px

obligatory

>>62061723
There is

ZERO

point in taking the test unless you are ready for your certificate

>>62048119
okay this might sound stupid but can I run the LEDE/OpenWRT router in the DMZ of my ISP's modem/router? i'd like to keep my shit separate so my family doesn't blame me when something breaks

>>62063258
> in the DMZ of my ISP's modem/router?
Sorry? Nigger post a network diagram of your setup

Just ms paint it

>>62063464
Gonna take this opportunity to point out Dia. Free diagram editor, great for network diagrams. Used it a lot on college.

>>62063749
No shit eh

Cool man I'll check it out

>>62063258
Install DNScrypt on your family's. Gotta protect your family dawg. You don't want some random nigger using DDNS on their router and spying them don't you?

>>62063258
And yes you can put a router behind the ISPs modem. Remember to change the modems default password before putting it in bridge mode permanently. If you can change the username change that too.

>>62066485
Checkout the shitposting going on in /cyb/, newfriend

File: 1479741071412.jpg (12KB, 407x286px) Image search: [Google]

12KB, 407x286px

>>62064474
>>62066485
>2 1/2 hours between posts
ya good idea guys, lets split from /cyb/, they're just larpers, we have the activity to survive on our own. it didn't work last time we split but this time it's different I promise

Do you guys prefer peda, GEF or pwndbg?

>>62067126
People are working.

>>62067373
most of our posters are European, it's past 7pm now over there

>>62060714

Only if you're socially engineering guys

File: flareon challenge logo.jpg (21KB, 307x133px) Image search: [Google]

21KB, 307x133px

Just found out about this reverse engineering CTF for individuals, who's going to be participating in the FLARE-On Challenge? It looks pretty interesting:
>https://www.fireeye.com/blog/threat-research/2017/08/fourth-annual-flare-on-challenge.html
>http://flare-on.com/

I have recently been doing daily RE training to buff up my static analysis skills, this seems like a good opportunity to practice.

>>62048308
Hey OP, I published this pastebin of vulnerability research and exploit development bookmarks:
>https://pastebin.com/8mUhjGSU

Thought it might prove useful to beginner vulnerability researchers, check it out if you are looking for some additional resources to add to the next /sec/ post.