/sec/ - Information Security General

Courses
Cybrary - Plethore of free cybersecurity courses | https://www.cybrary.it/
FSU Offensive Computer Security - All-in-one Red Team curriculum | https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/

Free Shit for Students
GitHub - Boatload of credits for servers | https://education.github.com/pack

Link Lists
Awesome InfoSec - Large list of everything infosec | https://github.com/onlurking/awesome-infosec
Sectools - Ranked list of (popular) infosec tools | http://sectools.org/

All About Cybersecurity Careers
Link list hastebin of Reddit posts | https://hastebin.com/eticuzizoy.rb

I forgot secgen
https://github.com/cliffe/SecGen

Upcoming CTFs this weekend for fellow autists
WhiteHat Challenge 04
https://wargame.whitehat.vn/
HackCon
http://hackcon.in/
HackIT2017
https://ctf.com.ua/

Tried to add as much stuff from the last thread as I could. Good luck usual OP.

>>62073451
>information security
>pastebin.com

What makes the utopia.net virus so hard to remove? Besides the fact that no antivirus can detect it.

>>62073803
>removing malware
https://youtu.be/lb1XDMbQOiM

>>62073451
A better OP than yesterday.

>>62073844
Dead thread without Europeans.

>>62074463
As was predicted.
This is the price to pay for demerging.

has anyone watched the hackinabox conference?

>>62073451
Thanks to the last thread I started doing wargames for the first time on overthewire last night. Learned heaps and now I'm addicted. Thanks based /sec/.

>>62073451
Stop being paranoid

>>62076483
It's only paranoia if they are not out to get you.
>>62076261
If you get stuck try to not look up an answer. They really are the best way to learn.

>>62076972
>If you get stuck try to not look up an answer. They really are the best way to learn.
Don't listen to this idiot. There are fucking THOUSANDS of them in existence, and if you didn't know if a technique before looking at the answer, then guess what? You've still learnt something!

>>62077862
t. butthurt skiddie

>>62079788
What. I'm not butthurt at all. I've looked up the answer for dozens of challanges, and learnt something new every time. Sorry that you're upset that writeups are actually beneficial to the community

>>62073451
Not sure if this has a place in the resources for threads like this but it is really good for people starting out,
> https://securityinabox.org

>>62081393
Could always use more resources. Anyone else compiling a list of relevant information for the field? I've started compiling a spreadsheet that's got resources, tools, companies, important individuals, good twitter accounts to watch, and feeds where disclosed vulnerabilities are reported as I like to research and try to replicate those. Anyone else record similar stuff?

>>62081558
Guy from >>62081393 I do.
Anyone in IRC or should we use these threads as a place to communicate? I am also on jabber if you aren't I suggest it. Pidgin + otr for windows/linux.

>>62081648
>>62081558 is me
I've been thinking we should have a telegram chat but haven't suggested anything yet. Would be a good way to share other resources between our more active posters. I've never bothered to check out jabber but I'll look at it. We should use this thread for most communications though, we need the bumps and I'm sure lurkers appreciate it.

>>62081648
>>62081710
PS I do want to share compiled information though just not super publicly. There's only so much that can be compiled alone, especially when trying to test out every tool I come across.

File: 1470715815384.png (164KB, 786x570px) Image search: [Google]

164KB, 786x570px

>>62081757
>IRC guide

>>62081710
>telegram

File: IMG_2846.jpg (57KB, 640x351px) Image search: [Google]

57KB, 640x351px

>>62081817
t-telegram is bae m-man

>>62081817
> IRC hardening guide,
https://pastebin.com/EibQ8P0x
>>62081970
This is /sec/ not
> using closed source crypto blindly.
Get on IRC or hang out in the thread, Telegram is botnet as fuck.

>>62081988
I mean, you're right, but we're all already botnetted to hell, unless you're top tier privacy autist you have a closed source NIC driver on every device you own anyway for example.

>>62082090
This is a fallacy
> https://en.wikipedia.org/wiki/False_equivalence
Just because you used something that is closed source in order to get a network interface up, (assuming that you do) isn't equal to communicating on servers that are closed source.

>>62082165
Alright got me there, approaching this from a different angle then, how is telegram botnet just cause it's closed source? A Washington DC based company that sells 0-days to world (United States) governments just uped their payment for a flaw in telegram and other end to end encryption messaging services to a half million. http://thehackernews.com/2017/08/hacking-secure-messenger-encryption.html?m=1 That's good enough evidence to me that (((they))) don't have a backdoor into telegram yet.

>>62073775
Are you clueless?

We need something that provides plausible deniability and a degree of anonymity, not privacy. This is an open thread on a Thai paper machete board. Open collaboration provides more information to the masses and is often better unless you are doing black hat work. We could use a slack channel even and it wouldn't make a practical difference for most of the primary threats people here face. Not saying we should, but telegram, tox etc are just memes. Something that accepts proxied traffic and supports tls is really all you need because of the difficulty of establishing pfs in a group chat where you can constantly be desynchronized.

>>62082240
I mean, at it's heart /sec / is all about security threat modeling if you really think about it. If protecting against nation states is your cause for concern then well, GOOD FUCKING LUCK. This goes back to using the same technology that is open source and industry accepted as being secure, Telegram isn't this technology.

This aside, I have a SICK 0-day for you regarding telegram

> Register with phone number
> No other form of auth (single form, read:something you have)
> Someone else gets your phone number by social engineering your phone provider
> beep boop, Hi I am (username) and I have 100% access to /chatlogs/
If you can't see the flaw in this alongside the shitty crypto, I got nothing for ya.

C++ or Java?

>>62082691
>>>/g/sqt

>>62082666
Good post. I went through google voice to get a phone number I just use for telegram to better cover myself, but uh, I went through google voice so I already lose. Telegram definitely has some limits I didn't fully consider before.

>>62082666
> If protecting against nation states is your cause for concern then well, GOOD FUCKING LUCK.
Difficult, not impossible. I've got most of my vectors covered, hardware's turning out to not be as hard as I thought.

>>62082824
Right, The point of my post also was. Don't think that nation state actors need to break the crypto when they have every company that transmits/ receives on cellular networks by the balls. They will take the path of least resistance and just get a SIM issued rather than break some closed source Russian crypto.

>>62082902
I am not saying that it is impossible but what I am saying is if you are going to do it, at least do the footwork yourself. Don't use some meme chat app and expect the crypto to "just werk"
also,
> Are you sure that the supply chain for the hardware is secure ;)

>>62082902
For any one individual its impossible. The reason we advocate for more privacy tools is to raise the costs of doing it so it can't be done on a massive scale. You can break on persons encrypted device with enough time and money, but you can't break everyone's because the cost becomes prohibitively expensive.
>>62082938
Even if it was, most consumer hardware is vulnerable to side channel attacks. AES is trivial to break on a lot of consumer hardware.

>>62082938
>I am not saying that it is impossible but what I am saying is if you are going to do it, at least do the footwork yourself. Don't use some meme chat app and expect the crypto to "just werk"
Just making small talk, anon :o)
> Are you sure that the supply chain for the hardware is secure ;)
Yeah, I source all of my hardware directly from Shenzhen (and Mongolia for more important pieces). Personally inspect all pieces myself to make sure they're not tampered and then reflash and assemble all of it.
>For any one individual its impossible. The reason we advocate for more privacy tools is to raise the costs of doing it so it can't be done on a massive scale. You can break on persons encrypted device with enough time and money, but you can't break everyone's because the cost becomes prohibitively expensive.
Encryption is not an end all in any sense of the word. It stops local law enforcement and skiddies from seeing your "Anarchy" torrent folder and doujinshis. The proper OPSEC is to not have any information that needs encryption. Most communications are wasted or do not warrant communication, thus a long-term app like Tox/WhatsApp/flavor of the month is not good and starts edging closer to a 100% certainty of being compromised the longer it's around. "Breaking" encryption is trivial for nation-states and usually, as you said, it's done through side channels and no resources are wasted.

>>62083271
Third stop-motion arrow here >>62083271 meant for you.

Picture of your board or STFU

>>62083008
> encrypt all the things
true.
> side channel
also true.
>>62083271
Big if true, I am not a hardware guy.

Since this is /sec/, I am looking into getting a new mobile. It needs to be "smart", I am not looking to defend all of the possible vectors but I am looking for something with a good amount of control. Currently I am looking at the LG V20 because of the removable components and microsd compatibility. If >>62083271 has any info on what chips/manufacturers to avoid. I have a friend who told me to stay away from anything Qualcomm but I am not sure if that is possible. Custom ROM w/o GAPPS, implied.

Anyone else sad about no more hardened gentoo kernel? What other alternatives are out there?

>>62083496
No phone is safe. Practice good OPSEC and don't do anything serious on a phone. Run traffic through encrypted VPN and stay safe.
>>62083848
OpenBSD.

>>62073451
Here are some misc bookmarks that I have here
> https://twofactorauth.org/
List of all sites that support 2fa
> https://securityinabox.org
Digital security tools and tactics
> https://isc.sans.edu/links.html
SANS links list, includes malware informatuion, /sec/ dashboards, /sec/ news, /sec/ blogs and /sec/ advisories

what's with the /sys/admin "split"? why did it die so fast?
why does /sec/ attract so much drama? is it because of the usual elitism in infosec?

>>62082691
Golang

>>62081988
the client is foss.

>>62084358
>http://i.imgur.com/9V6gBaD.png
Skiddies can't learn to shut their faggot mouths and lurk like reasonable newkids. And sysadmins thinking they're elite hax0rs opining on topics they do not know about.

How to use Chacha20-poly1305 with luks/dm-crypt/cryptsetup? If it is not possible with these, what would you suggest for an encrypted file system on GNU/Linux?

>>62084358
>infosec
infosec is a dumb meme

>>62084358
I think these threads should be had every 2 days. Not enough people for a whole general.

>>62084372
I do understand that the telegram client is FOSS, the server isn't and thus the service isn't FOSS.
>>62084358
/sys/? The amount of people who do actual technical shit on /g/ is low, mostly threads about phones/video cards/this vs that. Plenty of other places exist for sysadmin types to talk shit and I'm not 100% sure /g/ is that conducive for success on these types of threads even though personally, I enjoy them.

>>62084553
>the server isn't
So what? The messages are end-to-end encrypted.

>>62084572
Please see my posts >>62082666 >>62082938

https://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/carpedm20/awesome-hacking
https://github.com/enaqx/awesome-pentest
https://github.com/wtsxDev/Penetration-Testing
http://phrack.org/

Some links you might enjoy
But how can you choose from the amount of resource available ? Reversing is interesting, like cracking, cryptography, web hacking, software hacking, hardware hacking... How do you stop being overwhelmed by all the choice and actually do someting ?

>>62073451
Also, root-me.org is an excellent website for training in security.

>>62084610
>>>62082666
I was under the impression that both telegram and signal allowed you to see the public key of the other person. I might have been wrong.

>>62082938
>closed source Russian crypto
The crypto is open and at the client side.

>>62084553
So what are good places for sysadmin stuff ?

File: 1496831390433.png (57KB, 566x584px) Image search: [Google]

57KB, 566x584px

>>62084428
AES w/ ssiv works just as well. What's up w/ all these crypto histers?

File: 1495067881128.jpg (112KB, 1280x720px) Image search: [Google]

112KB, 1280x720px

>>62084686
AES a bad.

>>62084647
> I was under the impression that both telegram and signal allowed you to see the public key of the other person. I might have been wrong.
Nah, their calling "secure system" gives you emojis to read to make sure the call is "secure". I prefer Signal.
>The crypto is open and at the client side.
That's fine but what kind of metadata is getting leaked to the server? I guess we don't know because the server is closed source. We have a pretty good idea though, just search "metadata leak telegram" see what pops
>>62084668
Unfortunately resources for this kind of stuff are limited to more social networks / old style forums that generally are shit. I will contribute in /sys/ threads but I wouldn't say they are justified unless the market demands them. Anecdotal but I have never seen these threads in my time browsing /g/. Also I think that most sysadmins see their knowledge as something that isn't to be shared because they think helping educate others is a risk to their job security but this could be anecdotal. Also most sysadmins shitpost somewhere else because if they are any good their systems can kind of just run themselves with minimal interaction and maximum automation. That being said here are some
> stack exchange
> spiceworks
> leddit (I FUCKING KNOW IT SUCKS OK)
> serverfault

>>62084825
>I prefer Signal.
Which also happens to be a cancerous bullshit.

>but what kind of metadata is getting leaked to the server?
You know that from the client.

>I guess we don't know because the server is closed source.
You would not know anything extra if the server was foss. After all they could easily use a modified server without telling you.

>>62082666
it sends a sms code to the phone number though

Can someone post the spamhaus blacklist (comma delimited).
Thanks.

>>62077862
You're right. You can be stuck because something is difficult or you can be stuck because you really don't know what technique to apply or what place to look at. In the latter, looking up a solution is a great way to learn, provided you try it yourself afterwards

>>62084852
> Which also happens to be a cancerous bullshit.
Damn that was a good review, in comparison I wish I would have put that much effort into my replies in the thread starting here >>62081988

How much does Telegram pay you to come in threads like this? If people don't want to use Telegram what problem do you have with that? You still haven't responded to any of my other concerns other than the fact that you are protecting the closed source nature of the server. Cool dude use whatever the fuck you want.

>>62084879
> get issued SIM by fraudulent means
> receive text message
> authenticate as SIM owner
Same way people keep getting their Coinbase accounts owned.

>>62084922
>If people don't want to use Telegram what problem do you have with that?
Wut? Did I say anywhere that I have a problem with that? All I did was to just dispute your bullshit.
Not everyone you disagree with is a shill, in fact I am not even using telegram.

>You still haven't responded to any of my other concerns
I only responded to things that I considered interesting enough to talk about. If you have something specific to ask me then feel free to do so.

>>62084959
Don't you think that authenticating with a SMS phone number and nothing else is inherently flawed? I am not even a FOSS guy but I guess I don't see the reason for it in encrypted systems, even if they are server side. Especially if you are operating as a non-profit.

should /sec/ make their own irc server?

>>62087720
I don't know, should we?

Not sure where to look, besides posting on 4chan. I am looking to buy 0days/exploits for popular social networking services like Instagram, Twitter, Snapchat, Facebook, YouTube, Kik. I am also looking for exploits of popular email providers.

What Kind?
- Accessing sensitive account information, like email, phone number
- Accessing the account itself
- Being able to reset the password for any account or change any of its information so it can be reset

I am very experienced in this scene and have hacked celebrities and accounts for other people. Unfortunately all of mine are patched.

If you do not want to share the exploit, but have it, please contact me anyways. I need someone with these 0days or exploits.

Contact me via Email

0day@activist dot com

>>62087918
could be interesting with everyone trying break in for fun

File: Gastone.jpg (372KB, 1920x1080px) Image search: [Google]

372KB, 1920x1080px

Does Router Keygen work for anyone ever? Everytime I use it everything is unsupported.

>>62087964
Is this a joke? If you were the type of person to need 0days you'd know where to look.

File: zerodium.png (11KB, 920x32px) Image search: [Google]

11KB, 920x32px

>>62087964
LMFAO you're not the only one. I hope you got 500k.
>https://www.zerodium.com/program.html

>>62073451
>There are four lights.

>>62087720
no, use freenode

>>62084615
>How do you stop being overwhelmed by all the choice and actually do someting ?
By not using online resources. If you really want to learn, then put away all the links you have, and go buy a textbook. Because it'll have cost you so damn much, you will work through it.

>>62088770
Also, the library is a good resource if you can't afford to buy textbooks. If it's a university library, they will usually have recent and popular infosec books.

>>62088923
No, that's the same as hoarding resources online. If you outlay real, precious money, you will utilise the resource.

>>62089080
Yeah, I suppose if you really need to force yourself to start reading you'll do it by spending money on books. But, I've found that having to make the trip out to the library sort of acts as a similar type of motivation (i.e. I'm going to read this otherwise I spent time and effort to go to the library for nothing). There's also a time limit because you need to return the books after a few weeks, which helps.

>>62084615
Time box things. Deadlines are a great motivator.

>>62081558
If I may, I recommend that you be very careful with compiling information. In my experience, you'll end up compiling too much information and studying/making use of very little of it. Pick a few quality resources and focus on them.

Sysadmins have nothing to do with /sec/

We should compile a list of /sec/ recommended talks and presentations. What do you guys think?

File: WojakBrainlet.png (127KB, 601x508px) Image search: [Google]

127KB, 601x508px

>>62088770
>>62089080
If I did this the book would just collect dust and I would hate myself for wasting money I couldn't afford to waste.

>>62089960
Got any more tips? Or a a guide that has tips on how to be more productive and less lazy?

>>62091339
Do this.

>>62091339
>>62092034
Thirded, sounds like a great idea

File: 1470357381787.jpg (62KB, 483x489px) Image search: [Google]

62KB, 483x489px

>>62073451

Don't know if this has been posted, but
>https://www.vulnhub.com/

is a great way to practice and learn pen-testing in a lab setting. It's full of user submitted vulnerable VMs.

There's also a section for some of the VMs that contain walkthroughs/write-ups on how to approach and gain root access.

Hope this helps someone.

>>62085846
>Don't you think that authenticating with a SMS phone number and nothing else is inherently flawed?
I do, did I claim otherwise?

>sec bump
If these were merged I'd only have to do fucking one

>>62073451
Larp larp larp

>>62091951
Focus on something narrow. Its easy to get distracted by feeling the need to hop between 10 things you have no idea how they work but that just leaves you with 10 things you sort of understand but not enough depth to do anything beyond surface level in any subject. Not to say go hyper autistic on any one niche subject, but when you are learning you have to buckle down on one thing at a time.

>>62091951
All you need to do to stop being lazy is when you consider doing something, do it.

>>62082666
> Someone else gets your phone number by social engineering your phone provider

more chance of dying to a shark attack in the bath m80

Unless you have a shit ton of money, nobody cares about you, if you think that your data is at all valuable you have serious issues with your self image, need to tone that ego down a bit and realize that you're meaningless to everyone else, especially a l33t haxor that wants to get in the wallet of some rich college history professor who doesn't know shit about technology.

Rescuing in from page 7

>>62092381
>>62092034
Well then, I'll take responsibility for organizing them but I don't have many to contribute. Please post your favourite talks, I'll watch them and maybe add to the list. Once there is a decent number of them, I'll post them so OP can add to the pasta.

I'm only bumping this so I can laugh at the thread later

>>62073451
How would one prevent a layer 2 mitm on a wireless network?

I know two options are host isolation, and requiring certificates to be used such as in PEAP-MSCHAPv2 authentication systems.

are there any other methods to prevent this attack on wireless?

>>62099500
>layer 2 mitm on a wireless network
You're gonna need to provide examples of your working out here johnny

>>62100462
layer 2 mitm = gratuitous arp'ing.

arp poisoning, arpm mitm, whatever.

its sending and ARP to a target informing it that the gateway IP address is now at your MAC address and you begin forwarding traffic from the target to the gateway

im just asking if in general there is a way to prevent this attack that from happening on wireless networks that is not isolating wireless clients into their own vlan.

it doesnt seem to me like there is any way to prevent this on a wlan without client isolation

I will maybe jump in the /sec/, full foss world in few days.
I will install QubeOS, get a vpn, full disk encryption and use only /sec/ approved softwares.
Is it really worth ?
I'm considering LineageOS without Gapps (i have Gapps at the moment), is it really totally secure ? IS the entire code of android safe and reviewed by the lineageOS pajeets devs ?
There are so many threads about the impossibility to escape the botnet (proprietary bios and phones firmwares) that i think it's useless to try to escape the botnet.
Am i autistic ? What is your opinion ?

>>62102123
>Am i autistic ? What is your opinion ?
you're asking that on an taiwanese origami board?

>>62102123
Ive been testing the Qubes 4.0 rc1 release, I love it so far.

its still buggy though, in beta still, gotta enable the testing repos for improved quality

Qubes3.2 is amazing though.

>>62099500
What sort of attacks are you looking to block? If you want to get really into it you need a certificate to prove your authentication server on the other end. That way even against someone setting up a rogue ap the machine won't send it's credentials over.

>>62103363
I wanted to block basically a gratuitous ARP from a malicious wlan user from MITM'ing another wlan user.

currenty the setup uses PEAP-MSCHAPv2 authentication, which supports certificate use but the certificates (as i understand it) are only used to set up a TLS tunnel for user authentication with the backend RADIUS server. As far as i know, there is no way to have a client establish a secure tunnel with only the router and maintain it the entire time while ignoring other traffic on the wlan.

Even this setup is vulnerable because clients arent configured to use a CA, so really any attacker could create their own AP, with their own RADIUS server and their own certificate and any guest who wants to authenticate would be immediately accepted by the malicious RADIUS server, which would basically forward the information to the legitimte RADIUS server for verification. But this is not what Im worried about.

Im just trying to figure out a way so that clients on a shared wlan can be protected from malicous ARP's that would otherwise MITM the device without using client isolation

>>62103815
You are forgetting to install your can as trusted cert for wireless authentication. The machine will first check the radius servers certificate, notice it doesn't match your auth server and terminate the connection. WPA2 actually sets up an encrypted stream per user. The reason you can decrypt all traffic passively sniffed is because in psk mode is because all parties know the password used in authentication so if they can see the 4 way handshake they can decrypt the session. With radius all parties have different passwords so if someone set up a rogue ap the client would just see nonsense respond, try to reauth, find that the radius sever is returning a cert not in it's trusted store and kill the connection.

>>62103815
To stop malicious arps alone what you need is an ids or router that has arpguard on it to detect someone doing something bad and lock the off the network. That will require some actually decent infrastructure.

>>62103815
>really any attacker could create their own AP, with their own RADIUS server and their own certificate and any guest who wants to authenticate would be immediately accepted by the malicious RADIUS server, which would basically forward the information to the legitimte RADIUS server for verification
Evil twins are hard to mitigate.

>>62106778
If your users are blindly trusting random certificates sure, but you wouldn't do that anon right? This is a mostly solved problem.
https://tools.ietf.org/html/rfc5281

>>62106909
The original problem the guy posted doesn't sound like he wants to prevent himself from getting spoofed.

You yourself know the users are the weakest link, of course they will accept the random cert and continue on their day

>>62102123
Being secure or private with a phone is impossible unless you put it in a Faraday cage, but then what's the point?

>>62108413
Why would you even make this post? It's redundant and irrelevant

>>62109913
Pretty sure OP talked about phones.

>>62109934
Yes, and if you knew what a faraday cage is, you'd know they stop signals. Which means, you can't use the phone.

Which makes it a pointless suggestion and was only said because HURR COOL MR ROBOT TECH DURR

Hey, i'll be going to US next summer, so, my plan was to work there and finish few sec/network based courses(and maybe DevOp, idk yet). Now, what are your recommendations as far as sec/network courses? I'm willing to finish any number of courses, as long as they are not autistic(found somewhere on these topics that CompTIA is pretty much useless these days), ones which actually give you something upon which you can start learning more seriously, and ofc, ones that make you viable choice for starting/junior position.

>>62110944
courses = certs

Will widespread adoption of grsecurity's RAP / clang's CFI usher us in a golden age of security?

>>62112670
It'll make exploiting memory corruption bugs harder for sure. I doubt it'll be game over for us though.

Any good Metasploit beginner guides besides Metasploit Unleashed?

R E D
T E A M
S H A R K S

Can i use google drive if i encrypt all my files before sending them to the botnet ?
I want to export a calandar (from calcurse), encrypt the file and send the file to google drive. Then i want to be able to download the file on my phone to decrypt and read the calandar with the stock calandar lineage OS app.
I want to make this process automatic, i'm retarded ? Is there an easier and less autistic way of doing that ?

Tunnel Snakes Rule!

>>62077862
Also due to their migration to docker sometimes performance will tank. There have been many times that I figured out the right answer and multiple different people did the same thing but due to server load the solution did not work. Don't be afraid to talk to the peeps on their irc.

>>62073451
THERE ARE FOUR LIGHTS