/sec/: Cybersecurity General: WokFi Edition:

>>62141184
Dying already, look how well this demerge is going.

Anyone have any projects they've worked on?

Why does the cyb essentials pastebin say that tox is fucked? What happened to tox?

>>62142527
Trying to get this general active.

>>62141184
fucking merge the threads you autists

>>62141184
and a new thread was born... dead.

>The following are resources that may be helpful to you. Don't trust anyone and do your own research.
Add this for next OP, it was a nice line.

>>62141872
>>62143342
>>62144302
People need to land.

>>62144395
be grateful for free bumps

We need to make this shit active. Fuck /cyb/ fags .

Reminding about this https://www.fireeye.com/blog/threat-research/2017/08/fourth-annual-flare-on-challenge.html

For general usage is it better to run Kali as a VM, boot to it from a live USB or have it installed on disk and dual boot it?

>>62141184
Jesus /sec/ is dying , i guess I'll need a new site

>>62145237
I'd say boot it from a live USB, I don't really like the idea of kali's root forcing.

>>62145798
HackerNews, HackerOne, /r/netsec are the good ones. And follow infosec people (MalwareTech, etc.) on Twitter to stay in the loop.

I just got $250 in BTC for a bug bounty. What should I do with it? Hold, or invest elsewhere?

>>62147446
Idk, buy drugs or something

>>62147446
Just keep them I guess, sounds like you don't need the money. BTC is bound to go up.

>>62147446
Hold it, unless you need the money.

>>62147446
>$250
>invest

>>62147446
Invest in books or hardware/tools

>>62150811
This.

I've done all of the about:config work in Firefox and installed the recommended add-ons.

Are there any similar recommended configurations and add-ons for Thunderbird?

>>62151655
just disable html and you're good to go

>>62141184
Pls /sec/ you cannot die.

>>62152354
We might have to remerge if this lull persists

>>62152354
Someone needs to say something to trigger people.

>>62152354
>>62152422
I was too busy hacking to post but I'm here now!
In case you're unaware who I am; I'm one of the 4 people in this thread who know anything at all about anything.

>>62152675
thought you were on vacation ?
or has anon been talking shit again

>>62152716
Nah, that's the other 3.
Bunch of fucking normies...

>>62152735
You're so edgy and cool, I wish I were an expert like you!

>>62152735
Do something do something!
Show us!

mari is objectively best girl

>>62153471
Lovecruft is objectively best girl.

File: 1503790711901.gif (1014KB, 1366x768px) Image search: [Google]

1014KB, 1366x768px

>>62153401
>>62153447

>>62153569
Whoa, you're so hardcore!
How do I change my NAT type?!

>>62153569
Skulls 2spooky4me

>>62153619
>NAT type
uhhhh
check your router settings?

File: 1483889196776.png (508KB, 788x570px) Image search: [Google]

508KB, 788x570px

How do you motive yourself to keep doing bounties?

WokFi is so comfy.

Literally what I think of when I see /g/.
In a decade we will be running reverse engineered smart toasters and microwaves with GNU/Linux LibreKernel Penguinator Edition XXII frankenstiened together with childrens electronic toy components and ancient pheripherals

the normies will all be using locked down ijails without any interfaces but voice

no I/O with wireless charging and centralized global wifi

no switches or buttons and integrated with all the cameras and every database

THIS SUMMER
>Botnet:2040
-The last cyber crusade.

>>62153722
That money and fame attached to your haxxer moniker.

Plus you get to support the open community which has given free knowledge to you and is probably of personal interest.

Do you even white hat?

>>62153841
Aren't grey and black hat so much more c00l3r and l337?

>>62153807
This.
I cannot wait.
The moment you have to start producing your own hardware, is the moment you know it is getting good.

>>62153841
>fame
>99% of reports are classified

>>62147237
>hackernews
>hacker
>news

Is electronic (not electrical) engineer a nice career if in the future I want to do something cybersecurity related? (In my 3rd werld hellhole we don't have a cybersecurity career, and computer engineering seems kinda meh)

>>62152735
literally I just came into this thread, and you remind me of this faggot I had in my line at college bookstore, how he knew "9 programming languages" while he was buying greenfoot book. Wearing fedora, had a cane, and fingerless gloves, wearing a trenchcoat.

>>62154889
I'd love to see a picture of that.

We need a reading list.

>>62155006
I wish I had one, the motherfucker couldn't even list 9 languages, he hesitated. I was the cashier.

>>62155044
They were all BASH, I'm sure.

>>62154742
Computer engineering is shit, the best thing I've been taught in a year has been the math.

I don't know about EE, maybe, if you like hardware. Don't expect to get taught proper cybersec stuff at college.

>>62154742
Become autodidact, you have almost an unlimited supply of free university quality information and learning resources within a few keystrokes.
If you want to forge a legitimate career out of it, get certified and find a job outside of your shitty country.
If I were you, I'd teach myself CE/EE for utility, as you'll be needing it as a survival skill in the near-future.

Gentle bump, page 8

>>62155162
Yeah, I figured, I'd like to go on EE because of research of any of its subfields sounds really interesting to me, but I'd like to work in the cybersecurity "biz" in the meantime, ofc I'm thinking longterm, but in anycase thanks for the input though!

>>62141184
http://www.theage.com.au/technology/technology-news/australian-pirates-to-be-sued-in-court-rights-holders-say-20170828-gy62my.html

How fucked am I exactly? On as scale of "The internet bill is in my name alone" to "3 people live here and we all torrent from a portal" out of 10.

What about opera browser?

>>62157367
It isn't very secure.

these are some cool infosec-related blogs:
https://electrospaces.blogspot.com
https://www.emptywheel.net/
https://krebsonsecurity.com/
https://www.schneier.com/

pretty sure krebs and schneier work for govt agencies...


>>62147446
learn how to trade at exchangers, how to read stoc charts, buy shitcoins, ride the waves.
>>>/biz/

>>62141872
>>62143342
>>62144302
samefag

come on fags, bump this shit ffs

>>62159868
How about I bump my cock right into your ass fuck boy?

Is a 1.5 year postgrad specialisation in Information Security worth it?

File: 1478345413903.png (369KB, 1880x3148px) Image search: [Google]

369KB, 1880x3148px

obligatory

anyone been working on any projects? ive been trolling an ISP support forum past few days posing as multiple admins ive already established vulnerabilities and circumvented their ability to ban me

>>62141184
Is OverTheWire's bandit wargame down? I'm just getting an error because I can't connect channel 0.

File: frekles.jpg (24KB, 500x344px) Image search: [Google]

24KB, 500x344px

Has anywork worked with making Tox bots using Ratox and Python/Ruby?
>>62141184
>https://en.wikipedia.org/wiki/WokFi
This looks cool as heck.

>>62156614
Have you tried getting a VPN for all of you?

>>62160208
What do they even teach in it? If you already have that knowledge you maybe shouldn't even bother.

>>62145073
I'll be competing, would be cool to see others' takes on the challenges

>>62161121

_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|

a http://www.overthewire.org wargame.

[email protected]'s password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-71-generic x86_64)

* Documentation: https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

/usr/bin/lesspipe: 28: /usr/bin/lesspipe: Cannot fork
bandit0@bandit:~$

looks good, but the lesspipe error wasn't there a few days ago

>>62162945

use
code
tags

>>62163080
how do I into them ?

>>62163724

 like this 

>>62147060
Thanks!

Anyone have any recommendations for a good nmap video tutorial?

File: 1500924600506.png (81KB, 1920x1080px) Image search: [Google]

81KB, 1920x1080px

I stumbled upon AOSP docs
https://source.android.com/security/encryption/full-disk
and the way it was written made me wonder which partitions are being encrypted using the default system option in custom ROMs like LineageOS.

My point is that obviously firmware factory reset partition and bootloader are left unencrypted. I was wondering if same applies to some partitions that may contain sensitive data, such as /AppsLog.

Let's say that I left ADB debugging with root access switched on in my phone. The ROM was the newest LineageOS (14.x)

I tried to connect to the phone through USB from another computer. It wouldn't let me connect as long as I didn't turn on the phone, decrypt it and add the PC to the list of known hosts.
$ adb shell
...
error

Then I tried a different approach and live-booted another recovery image through the fastboot mode.
$ fastboot boot twrp.img

from there I could enter USB debugging mode and browse through the encrypted content
$ adb shell
[phone] #

I was concerned about apps logs
[phone] # find / -name "*log*"
It did return me a long list of files, none of which seemed to contain any "apps" word in it.

Then my ADB connection broke and phone became inresponsive. I rebooted it, tried to reproduce the previous connection but without success. I can no longer use "fastboot boot" as it makes my phone's screen go dark and do nothing. Somehow it worked first time when I tried it, but doesn't anymore. Read somewhere that google disabled "fastboot boot" option in newer versions of Android, but why the fuarrrk did it boot correctly for me, once?

My question is, are there any partitions left unencrypted? Are they worth attention?

Pic related. Also after I quit trying, I booted the phone normally. I had like 20 MB of mobile data transfer left to use before trying to fastboot boot (we pay for mobile internet transfer in Poland). Even though data roaming was turned off the whole time, my remaining transfer run out. Creepy as fuck.

I'm divided guys.
In my country there's a new part of the army that focuses on cybersecurity. Sounds pretty cool but I would have to survive 3 months of basic training, cut my hair, get /fit/ and deal with a bunch of conservatives/traditionalists (the army is full of them)

What should i do? Doe anyone have experience with professional/government education on cybsec?

>>62155039
yes

>>62164333
Don't do it. You'll be working with the enemy of a free and open internet

>>62163794

▲
▲▲

File: dnb.jpg (113KB, 1920x1080px) Image search: [Google]

113KB, 1920x1080px

>>62160037
r-rude~

File: 1424226797227-1.gif (1MB, 1480x2584px) Image search: [Google]

1MB, 1480x2584px

>>62155039
Educational or entertainment?

>>62164060
The encryption sucks, it's basically a kernel mod they build because they wanted to avoid using any GPL code (so no cryptsetup/LUKS)

Also remember a year ago you could just smash in any random garbage into the "enter password to unlock this phone" screen and it would just magically unlock.

If you want a phone that has real encryption you're stuck with shit iProducts, as they use 'Secure Enclave' meaning your key is local to the device stored in hardware. I'm not sure if Appslog is encrypted, prob not, I assume only /data is encrypted. There's whitepapers around for AOSP encryption but of course if you have a rooted phone that leaves open many other problems of grabbing keys

>>62164333
Most of the really good ''hackers' went this route, like Charlie Miller who worked for NSA before becoming a contractor and breaking into car software.

You get to see advanced tier shit, do a bunch of capture the flag type competitions, and an assload of 'security management' which means you can be Chief Security Info Officer at some corporation afterwards. The guy who ran out team at an appsec outfit I once worked for was Ex army, he's now on their executive board last time I checked.

Of course downsides:
>being a state actor means ppl spying on you or possibly murking you if you travel to wrong country
>if you fuck up and leak anything you go to jail
>low pay, but free education

>>62164333
>2017
>willingly getting yourself on a list

Been writing some custom fuzzers for macOS/iOS and have found a couple interesting vulnerabilities in some proprietary drivers, but have had trouble reverse engineering the drivers to find the core bug itself due to the RTTI from C++ :(. Any tips for RE in IDA? Any places where I might be able to ask some more questions on the subject? Been really enjoying doing this work and I'd like to keep on going, but it feels like I've hit a wall because each time I figure out one call theres 20 more calls I now have to figure out.

>>62166396
>each time I figure out one call theres 20 more calls I now have to figure out
I feel you. I reverse a lot of enterprise software and it is just the fucking agonising fact of it.

>>62166436
Do you know of any places to talk about RE? Not something skiddy like hf, just like a nice academic/professional community to talk about IDA and shit.

>>62166458
Unfortunately not; sorry dude.
If you find anywhere let me know.

>>62166436
Still me but do you have any tips on doing structs in Ida? I heard it's really good for figuring out RTTI shit since you can get the vtables figured out and then see shit like

obj->vtable->methodCall();

but I haven't been able to make a struct since those fucking keybinds suck shit and theres no undo.

>>62166396
ycombinator/hacker news, make an ask HN thread. Also stack exchange/overflow lots of RE ppl

>>62166533
I heard HN is more focused on startups/silicon valley esque stuff. If I ask a technical question/discussion will that be frowned upon?

>>62166488
I don't use IDA; I mostly use binary ninja and radare2.
I'm probably a fucking caveman but I normally end up manually working out what the members of an object are and manually defining structs in my tools.

>>62166561
holy shit dude you have my respect, I'd be dead without the HexRays Decompiler. Any chance you have an XMPP/Email I can hyu at?

>>62166612
Sure thing. You should be able to reach me at wxboy at myfat dot wang.

>>62166710
awesome. you can email me at bezos at amazon dot com
have a good day familioni

>>62145237
Do not let Kali near your actual operating system. It has a large amount of packages that they don't verify, anyone of those could get compromised and it's all over. If you have a powerful enough computer, use a VM. Otherwise Live USB, but unplug your hard-drives (or better yet, keep them encrypted) and don't let Kali near that shit.

>>62166736
>>62166710
That's a cockli address you uber nigg.er
>>62166550
Don't expect anyone to know anything. It's a bunch of inside-voiced small talk and self-promotion out the waxed asshole.

>>62167226
oh I didn't know that cockli got that one. I'll hit you up in a bit.