/cyb/ + /sec/: Cyberpunk and Cybersecurity General

>>62206660
Don't link the spam threads you fucking retard.
Also, we're DEMERGED.

>>62206775
seemed last time that most of the solo threads died while the merge thread lasted til bump limit or close.

>>62206875
It doesn't matter about bumps.
We want quality over quantity, you /v/ and iJail faggots need to piss off.

>>62206660
How is that gif cyberpunk? It just looks like a typical chink flavored neet apartment.

I come to these threads for the positive vibes

>>62206660
I have a cyberpunk mindset, but all i do is wank all day like always. What gives?

what do you guys do for work and how much free time do you have?

>>62206660
Jesus. Hardening my Gentoo install is taking for fucking ever. I hope it's worth the pain and the 1 day compilation process

>>62206660
guy from the nsa's visiting my university later this month. what should i ask him?

https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

have we entered the skiddie dominance era? are nation states barely relevant to most while 14 year old loners pose huge threats to most people/businesses?

>>62207983

Ask him why he didn't name reserve_hap when the Intel AMT HTTP upload bug was publicly disclosed. If he says anything except "we didn't want to give away capability" then he's lying.

>>62208888
the chosen bumper

>>62207632

your dick is more likely to bring success than your hacking

File: cyberpunk_cyborg_by_garguntia-db97jh8.jpg (2MB, 1920x1044px) Image search: [Google]

2MB, 1920x1044px

Bumping with schway pics. Bitches love when I use the word schway

what should i name my lisp ripoff?

>>62209475

Dont name it bakalisp, mine already has that name.

>>62209744
i decided to name it cyb

File: lain_lisp.png (2MB, 1520x1080px) Image search: [Google]

2MB, 1520x1080px

>>62209777

kwl nme

In the pastebin for Firefox config changes, I notice there is a lot of options that aren't in about:config. Am I supposed to add them? There are other mistakes too like browser.rights.3.shown is supposed to be set to 3, but it's a bool.

File: cyber.jpg (204KB, 900x900px) Image search: [Google]

204KB, 900x900px

Is AdNauseam cyberpunk?

>>62211118
Does cyber means not real now?

>>62211128
Why you say cyber terror is not real?

Glad to see the general back at it's "old" state cyb + sec united.

Currently learning more shit about Big Data, Business Intelligence and Business Analytics and worming my way into security in this regard. Let's see if I can work out a role in my company for that.

>>62206890
Exactly this.

Watch as this thread becomes all about LARPing cyb aesthetics and h4xx0r vibes.

No quality security posts yet.
Sad!

>>62212412
why don't you start with relevant topics then?

the last pure /sec/ threads were like
"haha we showed /cyb/"
"haha right"
hardly technical relevant

Cyberpunk has nothing to do with cyber security

>>62213898
Isn't cyber security or cyber warfare in general a big part of cyberpunk?

>>62206775
"We"? Who is the "we"?

this would be cyb as FUCK
http://www.ini.cmu.edu/degrees/kobe_msit-is/index.html
too bad it's pretty heavily implying it's for japanese people, not americans..

>>62206947
Do most NEET apartments have a small machine pistol lying on the floor? And where do you live then??

>>62209325
Fuck off back to lainchain kalyx. We don't want you here.

>>62207858
Are you hardening a non-hardened gentoo install? I'm looking for something to do this weekend so was going to look into this.

>>62206775
fuck off idiot

>>62206660
OP, why forgetting the imgurs and the FTP site? Like, every time?

>>62215401
Yep. You should do it now if you're in school. It took a day to get everything done.
https://wiki.gentoo.org/wiki/Hardened_Gentoo
https://wiki.gentoo.org/wiki/Kernel/Upgrade

>>62217194
>Hardened_Gentoo

You mighth want to study this
https://www.gentoo.org/news/2017/08/19/hardened-sources-removal.html
>As you may know the core of sys-kernel/hardened-sources has been the grsecurity patches. Recently the grsecurity developers have decided to limit access to these patches. As a result, the Gentoo Hardened team is unable to ensure a regular patching schedule and therefore the security of the users of these kernel sources. Thus, we will be masking hardened-sources on the 27th of August and will proceed to remove them from the main ebuild repository by the end of September. We recommend to use sys-kernel/gentoo-sources instead. Userspace hardening and support for SELinux will of course remain in the Gentoo ebuild repository. Please see the full news item for additional information and links.

Found via LWN
https://lwn.net/Articles/731477/

>>62217758
OH FUUGGGGGGGGGGGGGG

>>62217758
oh right forgot about this one.
thanks for the reminder, anon

The file

cy.7z"

is now uploaded to the Cyberpunk directory of the FTP site >>62085764

It is the 700 MB collection of goodness from Jinteki which is not always available there.

>>62215401
>yo guys im looking for something cool to do this weekend
>i will install some software and then im full cyberpunk secure

holy shit you faggots are literally braindead

File: VMS_Uptime.png (28KB, 807x475px) Image search: [Google]

28KB, 807x475px

>>62215401
Gentoo? Why stay with a cliche fest when you can up your game with OpenVMS? What kind of hardware are you going to commit to the task?

>>62219535
>let's use a dead commercial technology which uses a dead architecture with no software support

sounds like a great idea

>>62219608
>Does not know that OpenVMS very much is alive
>Does not realise it has an excellent security record
>Has no appreciation of uptimes measured in years
>the movie
Good thing you are anonymous, otherwise your reputation would be shot to pieces.

Oh, and the last update was released 2 months ago.

File: 2016-06-09-0793-an-offer-you-cant-refuse-ww.png (140KB, 980x721px) Image search: [Google]

140KB, 980x721px

=== /cyb/ and /sec/ News

BBC never disappoints, here they serve honey from pots:

>Catching the hackers in the act
http://www.bbc.com/news/technology-40850174
>Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.
>The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.
>About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason.
>Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.

Also interesting:
>After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees
Why this delay?

They very carefully didn't say where the attacks originated. Any suggestions what the most effective way is to block the whole of China and Russia?

>>62219858
oh my bad, i didn't know that itanium still was a relevant architecture, or alpha, or vax. wait ... no it's not, wew, and here i thought i was wrong for a minute.

you are probably also people that still like to buy ibm mainframes or sparc cpus.

if you haven't heard, the super computing market is ruled by x86_64 in over 90%. the platform is shit, the OS is irrelevant, the amount of people that you can find supporting this shit is none existent and you will end up like a cobol programmer hating to ever having touched this shitty platform.

for your own sake, ditch the platform and go for something modern where you can evolve your skills and actually earn money instead of being abused by whoever uses this bullshit in prod and self abuse that you go through by continuing to use this irrelevant garbage.

>>62220518
>go for something modern where you can evolve your skills
Repeated rebooting is not a skill I an yearning for. I have work to do, not machines to tend to, and thus prefer year long uptimes.

And really, taking advice on a Tibetan pottery forum from someone who cannot work that shift key is not my plan either.

>>62220368
dont connect to the internet

>>62220805
really, it boils down on my shift key instead of having a valid argument on technology itself? damn son, you are desperate. enjoy being out of a job and not having experience wand skill to work with modern technology.

i actually hope for you that this shit gets ported to x86 and it will be used on this platform, otherwise you are out of a job.

>>62220998
What passes for your arguments are so far out and ludicrous it is hard to know where to start. Why this obsession with x86? It just does not make any sense.

I am working and I use computers daily. The thing is, I use them to get work done and I do not spend my time fixing computers.

Also, you can run OpenVMS and VMScluster using an emulation layer on many computers including Raspberry Pi.

>>62221516
>What passes for your arguments are so far out and ludicrous it is hard to know where to start.

you can not answer a single one and therefore give such a lousy excuse, you are really pathetic. before you tried to damage control your ignorance with grammar, now this shit? nigga please

x86 has the monopoly on the super computing market since over 10 years now, the only recent super computer which wasn't x86 based was the "k super computer" in japan which was a joint venture of fujitsu and oracle. the operating system only works on 3 cpu architectures of which 2 (alpha and vax) are officially dead and itanium slowly but surely experiencing the same fate, having had the last chip release in 2012. itanic is and was never really relevant. oracle ditched it and there is basically 1 vendor that still sells this it in masses which is HP, nobody else does. and you want to emulate that shit in order to cut performance on different architecture? what the fuck is wrong with you, who hires people like you?

>>62215122
>>>/k/

>>62221642
and to add an extra to it itanium is fucking expensive compared to any x86 on multiple points:
hardware production due to low demand higher price (basic econmics)
software development on exotic architecture
hardware purchase. the starting price of a 4 core cpu is at ~1k and up. you can get a modern 12 core for the same price range that very likely outperforms the atanic by a shit ton

>>62221642
correction i just saw that 32nm kitten itanium was released this year after 5 years of nothing

>>62221642
>there is basically 1 vendor that still sells this it in masses which is HP
And that is all it takes. Really, is it that hard to understand that they sell this because there is a demand?

>who hires people like you?
Lots of people throughout the years. And as a consultant I am hired in by a lot of clients too.

>>62221939
and you don't see the problem in this? 1 vendor, which has little to no market share on super. you probably just have to maintain legacy systems that people are to afraid to touch because you are working with niche crap which they thought back 20 years ago was a good way to go and now regret it. i know that visa and master card have legacy systems that they are afraid of, i know we have sparc systems that we are afraid of but still the majorty of systems are x86 because it's cheap, you find lots of software support, lots of experienced people which are a lot cheaper than hiring a consultants, etc

>>62222116
>and you don't see the problem in this?
It is limited. There used to be a lot of noise about this and Gartner gushing about SOA but that is mostly dead. What is not dead are the machines, they just keep on going, and going and going. And they still sell such servers. Even the second hand market on Ebay is still going strong. I was looking at a Superdome recently and the price was still pretty hefty.

>>62222345
to me it looks like loss on every aspect. what's the ROI on using this platform? they still produce 32nm which means they are less power efficient (more cost on power consumption), the above mentioned production which probably demands a different production line which increases price, increase in price due to low demand. i really do not see any benefit in using it. even if the platform would provide no outage, setup a second dc with dark fibre and you probably still have money left for staff

File: Processor_families_in_TOP500_supercomputers.svg.png (248KB, 1179x838px) Image search: [Google]

248KB, 1179x838px

>>62222489
actually wanted to add the image to another post but forgot

>>62222489
The main reason for using big iron is reliability. I have mentioned uptime a few times but I am not sure you get the importance of it. The cost of going offline is immense. And it was during and the first few weeks after 911 that really drove home the importance of reliability. WTC also held a large telephone exchange and even computers not damaged in the terror attack were cut off.

You can charge enormous sums if you can demonstrate proven track record of reliability like they can. Also as mentioned in an earlier /cyb/ thread the vulnerability record is equally impressive.
http://www.cvedetails.com/product/4990/HP-Openvms.html?vendor_id=10

So yes, they can continue this technology and their customers will pay willingly and happily. Gartner may whine but that is unimportant.

>>62215179
I heard he sperged out if .jp

>>62222525
Interesting to see PA-RISC did so well.

Just a reminder that NeonDystopia has weekly news and that the latest is here:
https://www.neondystopia.com/cyberpunk-politics-philosophy/last-week-in-cyberpunk-912017/

>>62222525
further proof that technology became shit after the mid 00s.

lol at Itanium, btw.

official wsg sister thread
>>>/wsg/1847758

File: 1490451652679.jpg (46KB, 438x720px) Image search: [Google]

46KB, 438x720px

Uploading shway wallpaper for (yous)

https://freedomhacker.net/latest-windows-7-8-81-update-spy-windows-10-4568/
Are there any other updates I need to avoid? Yes, I know Windows is proprietary and inherently insecure, but I built this PC specifically for my proprietary software needs and want to minimize insecurity.

>>62207858
>>62215401
>>62217194
>hardened gentoo
you did not read the news

I'm trying to obfuscate a payload so it passes a malware scanner. Any tips? At the moment I have encoded it into hex and then encrypted it but it is getting picked up by most things on virustotal.

>>62225874
There's no more Grsec patches right? Pretty sure even Hardened Gentoo got hosed by the decision to go full payment.

Also I sort of agree with it, fuck the mainline devs for not adopting a single one of the Grsec patches and creating that horrible Kernel Protection project run by Jewggle that imploded recently.

>>62226166
Rewrite the binary to produce the payload after it is scanned, this is typical adware behavior you pass installation check then go about producing your payload

>>62226199
I'm pretty new to this so i'm just guessing but would something like a static variable that gets incremement each time it run help with this? Just make sure it has been run once (the scan) and then produce the payload on the second run?

Or is there a way to do this by checking if the program is running on a sandbox? Maybe some call to a function that a sandbox would be missing?

>>62211118
It doesen't block ads as well as UBO does for me.

>>62226290
Really? I thought AdNauseum was a clone of UBO with stuff added on.

>>62224429
the OP reminds of when i opened up a terminal and my friend asked me if i was a hacker

>>62217758

such a shame about grsec. it was next level stuff for linux kernels and with selinux/apparmor you could really harden a system. rip

what does cyberpunk have to do with infosec?

>>62206660
Lainchan is shway as fuaaark.
Cyberpunk is duck.
/g/ is soykaf.

>>62227066
wut

>>62206660
nackt

Page 10 bump

Had good success using a phony bogosort to time out sandbox av tests, better than sleep calls

>>62210296
I think the options are for old versions of Firefox.

File: BrainPort-650x340.jpg (69KB, 650x340px) Image search: [Google]

69KB, 650x340px

>>62227394
>nackt
Where is she now? Haven't seen any activity for ages.

>>62228838
>Page 10 bump
Thanks.

>>62229665
Should it be updated then?

I though /sec/ demerged. I don't think if it is good or bad.

>>62230020
>pic

holy shit, that is a thing?
does it work for non-bild persons aswell?
I'm thinking of AR

for those too lazy to look it up

BrainPort is a technology whereby sensory information can be sent to one's brain through an electrode array which sits atop the tongue.
...
It has also been developed for use as a visual aid, demonstrating its ability to allow a blind person to see his or her surroundings in polygonal and pixel form. In this scenario, a camera picks up the image of the surrounding, the information is processed by a chip which converts it into impulses which are sent through an electrode array, via the tongue, to the person's brain. The human brain is able to interpret these impulses as visual signals and they are then redirected to the visual cortex, allowing the person to "see." This is similar in part to how a cochlear implant works, in that it transmits electrical stimuli to a receiving device in the body.

>>62206660

what is your best /sec/ laptop ?

>>62227017
It's a .jp covert op to promote their chan through /g/ with a daily general thread. The infosec portion of the thread is to give it some substance for being alive since cyberpunk discussions are played out by now.

>>62226735
Sun people at Oracle are being kicked out.
Linux is now 26 years old
Stagnation abounds.

I hope Redox-OS will bring about a new spring of daring innovations. Linux cannot. It is too old and the infighting is too intense. There are tons of APIs that are deprecated but cannot be killed and, quite tellingly, nobody wants to call a flag day on Linux 5.0

Also clib is full of stuff that should be taken out and shot. Who thought "strfry" was a good idea!? Again, a flag day is way overdue.

File: gryllotalpa_orientalis_character10_344.jpg (334KB, 937x1257px) Image search: [Google]

334KB, 937x1257px

>>62230430
>holy shit, that is a thing?
Sure. It has been around for years, strangely under the radar. That is why I brought it up a few times.

>does it work for non-bild persons aswell?
Sure. Just like most people can learn to read Braille even if not blind.

The idea is to use this for vision replacement. For non-blind people the idea was to use it for divers and fire fighters by using a sonar generated image "projected" on the tongue piece, so that they can see in the depths of the oceans or smoke and fire filled rooms.

Personally I would like to experiment with augmented vision, like overlaying infrared data on the tongue while still seeing normal light. Or use the tongue to "see" behind me. There are so many opportunities and I think the people working on this are rather conservative.

File: still-of-jude-law-and-ashley-scott-in-artificial-intelligence--ai-large-picture.jpg (305KB, 1355x2048px) Image search: [Google]

305KB, 1355x2048px

So, nothing about future wear? Functional fabrics with embedded high tech, for humans and bots?

Disappointing.

https://youtu.be/MdIBHt787tE

Where are the /sec/ bros? I will try to start some /sec/ topic despite the fact I'm completely noob at this.

What should be must have /sec/ measures at basic and intermediate level on your personal taste?

File: 1463685579193.png (520KB, 658x658px) Image search: [Google]

520KB, 658x658px

>>62231164
cyberpunk attire = cringe

>>62230431
a pen and paper

>>62231915

which paper ?
Seriously do you think x230 is a good idea ?

File: dead_space_suit_female_by_cmatchett-d5vs1wh.jpg (590KB, 1837x1009px) Image search: [Google]

590KB, 1837x1009px

>>62231292
>cyberpunk attire = cringe
Yeah, most is really, really bad. And there is zero functionality at all.

To take one example: there is technology underway to embed conductive fibres in clothing, fibres that can be used as antennas for greatly improved cell phone coverage. And being embedded it is simply invisible. Also these fibres can be embedded in a nice white business shirt or in more fancy wear.

>>62231960
A lot of people vouch for Rhodia paper, but personally, I use Kokuyo

File: 88335424 (1).jpg (80KB, 605x623px) Image search: [Google]

80KB, 605x623px

Open-sourcing a malware that can used "as is" by an attacker is frowned upon by the infosec community and probably highly illegal. And you can't even make an unsable malware because more and more people, even security researcher, are getting arrested because PART OF their code was used in a malware.

Meanwhile tools out there like metasploit, Empire and mimikatz are 100% offensive tools used in the wild for real attacks but considered as legit tools for pen-testing.

I'd like to write some offensive tools for fun but I'm scared. Where do we draw the line? What if someone does use my code for malicious behavior? Why does the FBI absolutely needs to penalize malware writting and not just malware mis-usage?

>>62231248
I'd really like a real /sec/ general.

>>62231960
A4 if you're a pleb, A5 if you think you're hot shit

it was a shitpost to bump the thread but tbf everything from intel after 2006 is supposedly backdoored, so if you want an ultraportable your best bet would be a x200. Also you can't libreboot the x230, iirc they're working on the x220 and the T420 but I'm not sure I can't find infos right now

>>62232218
> Open-sourcing a malware that can used "as is" by an attacker is frowned upon by the infosec community and probably highly illegal.
dude what

What about Stuxnet?

https://archive.org/details/Stuxnet

https://github.com/micrictor/stuxnet

People have been re-using it.

>>62232293
> A4
> A5
>>> not B5
LMAO

>>62232293

So A4 it is :)

Fuck this X230 sounds nice :(

>>62232400
Yeah, It used to be like that but times are changing...

https://twitter.com/malwareunicorn/status/872531474641149953

Multiple persons were arrested this year that only wrote malware and didn't used them...

>>62232218
>I'd really like a real /sec/ general.
I wouldn't mind either. But my knowledge is REALLY limited, and also I don't like /sec/ drowing into the last pages because there's not enough people. Although I got disappointed that a few threads ago, /cyb/ went into /tg/. I didn't believe they were real LARPers. . .

So which language is mostly used in pen testing?

Is Cryptography Cyberpunk?

>>62234005
Python, not sure why, that's just a thing. There is a shitload of tools in python.

C for hooking, kernel-land stuff and other low-level exploits.

Then Powershell and JS because it can run natively on windows and Shell for linux.

And Metasploit is coded in ruby but that's not a really popular language...

>>62223241
the cost of having more x86 systems with higher performance in every regard and lower cost equals out outage of expensive itanium. you can cluster everything these days, whereas you'd have to hope that you find someone to write software for an exotic hardware which has no market share.

sure the platform has an impressive vulnerability record because nobody cares about it. same thing for bsd or linux as desktops being less prone to attacks simply because they are irrelevant.

just because your hardware has 99.9% uptime doesn't mean that you won't experience outages due to administrative failures, power outage, software errors, etc.

regarding your vulnerability statistics, there are a lot more relevant architectures on the market than itanium to be investigated, which are x86, arm and mips. and again you will find in this area more expertise, more software and support. and since they are all in wide use you have much higher rates of vulnerabilities. i literally have never heard in the past 10 years of anyone doing vulnerability research on itanium, but on mips, arm and x86.

itanium is also a cheap ripoff of alpha, which got shilled by intel which ditched the platform completely and dumped it to HP where it has been sitting on ever since.

statistically, there is no value in the platform, not even for parallel programming with super scaling or whatever it was called. you can buy 2x or even 4x the amount of hardware that clusters and outperforms itanium while still having a passive failover.

>>62232218
>>62232743
that happened within the week, but threads died prematurely after the initial hype.

>>62235517
That's what I said.

>>62234060
>Is Cryptography Cyberpunk?
Not quite. It is more cypherpunk. It is nevertheless cyberpunk to realise crypto is important, yet realise that it is no magic bullet.

>>62235830
it is not a magic bullet but it also isn't a velcro strip as you faggots always like to potray security as something which can be fixed by installing things

>>62224703
more like this

File: female_assassin_1st_stage_by_tr1gg3r117-d487l4x.jpg (1MB, 4961x3508px) Image search: [Google]

1MB, 4961x3508px

>>62236530
There are tons in the FTP site. The cy.7z adds to the archive.

>>62232743
the real LARPers post on /cgl/
/tg/ just collects pictures of fiberglass armor to fap to

>>62232611
This has always happened though, uT (thee Unix Terrorist) was jailed for 2 years because he wrote a tiny script to scrape memory in a PoS device, which the TJ Maxx hackers used to steal a bunch of money. He literally did nothing wrong. There was also that Russian guy who wrote and maintained a well known trojan program but never deployed it, somebody else did but paid him to maintain it. He got a decade in jail.

If you like this kind of shit then get into adtech, it's filled with unscrupulous hacking of systems and you won't end up in prison because somehow it's legal to infect people's shit for the purpose of ad scamming.

>>62234402
because python is a great scripting language.

For anyone working their way through the 213 CMU course, I'm doing the same and bought the global edition of CS:APP3e. Shit is full of erreta so I managed the grab a pdf off github before they took it down.

The quality is crap because some guy literally scanned it page by page but it's still very useful if you get stuck on a problem and keep thinking "wtf is wrong with me" only to realize the book is wrong

https://mega.nz/#!UTxSCTQI!GZF5lyH3vHqcB5qtKhRNMIhaqec5PVGll5ZNSduLmjI

>>62237232
>If you like this kind of shit
That's not even the case. I prefer reverse engineering. But I'd like sometime to write some tiny tools that are a little bit more offensive.

Like a kernel-land rootkit or something like that. Just to learn a bit more about windows internals and linux kernel.

what language should i learn to be schway

What's some good ideas to try to practice and get good at reversing network protocols?

>>62237407
its on libgen, as a 5mb pdf.

>>62238214
oh, might be a different version.
that one is 3rd edition, but the one on libgen doesnt say.

>>62237665
Mandarin.

>>62220368
can confirm
>be 2006
>set up apache server on dialup connection because it was all I had
>have no idea how to secure server
>computer is rekt within a day

>>62206660
hey fags. someone here got the spambot DB?

>>62229558

harder to detect, too

>>62238228
Yeah I was able to find a nice ebook of the 1st and 2nd. Normally not a big deal, but they switched from IA32 to x86 going from the 2nd to 3rd version

very slow

>>62232010
That's why you go subtle with it and dress Techwear. You want to look like someone in Bladerunner and not a 1998 raver.

>>62232197
Rhodia is nice. Midori is better, but so pricey.

been thinking of rigging up a raspberry pi/battery with an alfa card. write a walking wifi packet spammer script. could be fun since the DC metro is finally getting wifi.

File: 1503521894167.gif (822KB, 487x450px) Image search: [Google]

822KB, 487x450px

>>62220518
>for your own sake, ditch the platform and go for something modern where you can evolve your skills and actually earn money instead of being abused by whoever uses this bullshit in prod and self abuse that you go through by continuing to use this irrelevant garbage.

M8 just pipe down this is embarrassing.
If there's a lad on here who knows OpenVMS I think that's cool as fuck.
I had no idea it was still supported. I'm glad it's still out there and I'm freaked you can virtualise it on a rasppi.

I did a security review of a VMS system back in 2004 at a banking client (I was totally winging it - was pretty much a glorified MCSE at the time but this bank was desperate and they hired loads of useless cunts like me to risk assess every nut and bolt or lose their banking licence)

The system in question was mission critical af, and was originally installed in 1985. 1985! SOme fucker was building it while Live Aid was on the telly.

I thought it would be a basket case. Spent two months kicking it's tires and it was one of the most low risk systems on their books. Fucking awesome stuff.

Don't lecture this chap on being relevant, he has NOTHING to worry about - your nannying bs is literally Marvel vs DC shit posts. Can it, bud.

Also, fucking good to see /cyb/sec united again. I know it makes zero fucking sense on the face of it - but these threads are comfy af.

>>62239117
my dick does you little bitch
go suck it

>>62240805
>been thinking of rigging up a raspberry pi/battery with an alfa card. write a walking wifi packet spammer script. could be fun since the DC metro is finally getting wifi.

do it.
I don't think you need to write anything yourself though. There are some pretty great scripts out there already. Wifite is one, and I just learned about this one today...

https://github.com/DanMcInerney/LANs.py

I dabbled with this stuff for a while. I fell for the wifi pineapple meme but those things are flaky as fuck. It was worth buying it and using it but only because the UI was so shit it eventually taught me airodump-ng pretty well - which I really really recommend - that code is fucking bomb proof and versatile.

I keep nearly buying a pwnie express but my experience with the pineapple put me off. Anyone clocked any serious hours wardriving with discrete devices recently? A pi + battery sounds good, but how would you log into it now and then / look at results? I had an extra interface on the pineapple and shitty ssh on my ipad / iphone but it was too flaky. Anyone used pwnie on a handset in earnest?

>>62232218
>I'd really like a real /sec/ general.
Would seem atm there aren't enough people really engaged in this sort of thing here. Is a real shame because i've never really found a good footing online for /sec/ talk. SA has an okay thread for it, reddit is well reddit. I guess anyone with some real biz would never hang at this honeypot anyway.

>>62240955
>Wifite is one, and I just learned about this one today...
>https://github.com/DanMcInerney/LANs.py
Ah cheers m8. Found a few good preliminary examples written in python today. I'll just end up writing it myself no matter what & swiping bits and pieces from a bunch of other peoples works.
>I fell for the wifi pineapple meme
i knew the moment i saw their booth at defcon they were script kiddie shit
>airodump-ng pretty well - which I really really recommend
love this package. been using it for years.
>Anyone clocked any serious hours wardriving with discrete devices recently?
anyone in the game for real would just roll their own
>A pi + battery sounds good, but how would you log into it now and then / look at results?
pop onto the redline and plug it in. spammer comes up via systemd or init depending on what distro i go with.
so i was probably going to do it in conjunction with sending shit loads of deauth packets out at every mac i can see, for each AP avaliable. while also raising & dropping 20-30 networks every 5~ seconds (not adding these to my refreshing AP scanner thread). So not only can people who are already connected to metro wifi not use it. Those trying to join will be unable to find it.
there isn't really a need to see the results if i'm out and about. just have to whip out my phone to see it in action. this would require a little prototyping prior to it's debut of course.

File: 1503221019809.gif (3MB, 260x463px) Image search: [Google]

3MB, 260x463px

>>62232218
>I'd really like a real /sec/ general.

Yep, would be good but it clearly died on its ass when they spilt.

I think these combined threads are pretty cool though and they work because:

1. There is a natural shared philosophy for the most part.
2. It's comfy to come in here and not always be the biggest, most ignorant idiot around infosec. There are perfectly legit stupid questions in here, and I'm like FUCK I can actually answer that and help someone!
3. Larpers only hurt themselves and the careless / gullible.
4. As much as this is a LE honeypot. there is an established culture here, 4chan is too big to whack, and most people who have the nerve to post on a Belgian Waffle Logistics board have top tier netiquette / opsec when it comes to not crossing dumb lines.

On point 4 though, it would be nice (*from a research perspective) to know of any other forums / dark web sites / channels which have decent foot traffic and talk about malware / dumps etc) Anyone got any decent links / tips for that?

>>62241239
>On point 4 though, it would be nice (*from a research perspective) to know of any other forums / dark web sites / channels which have decent foot traffic and talk about malware / dumps etc) Anyone got any decent links / tips for that?
CIA BE GONE

File: tavis-ormandy.jpg (13KB, 400x300px) Image search: [Google]

13KB, 400x300px

god i wish that were me

>>62241174
>i knew the moment i saw their booth at defcon they were script kiddie shit
We were hiring some pen testers a couple years back to do a scary demo for our staff. Two pricks from a big four rocked up and spent an hour trying to demo some MitM with a pineapple. Cunts couldnt get it working for even a second. It was excruciating/delicious. Yeah total pleb shit. I dusted mine off last week. It's now totally borked. Spent three hours updating the firmware and it just falls over after a minute. Shame it could have been a good product if they didn't waste their resources on that useless pleb UI.
>pop onto the redline and plug it in. spammer comes up via systemd or init
Sorry m8 you've lost me here lol. You're saying rig a serial port I think? Actually on balance a pi plus Alfa plus mgment wifi interface + phone might be something I try and build. Pretty certain it was bollocks before because pineapple was fucking it all up. My experience with pi's has been they are stellar, reliable little bastards ;-)

>>62241300
>CIA BE GONE
offendedterry.jpg

Probably not the place to ask this but I will try anyway.

I'm running IIS for my websites and maybe like an hour after I start the server I'll start uploading max speed all the time to a random IP. I can deny the IP in my firewall and it'll stop but will always come back with a different IP shortly after. I've tried using Wireshark to investigate and it's all very similar TCP requests but that's really all I can tell. Not much help. I've tried dynamic IP restriction but that doesn't do anything either. Weird thing is I can disable my sites individually until none are hosted but It'll still happen until I completely disable IIS. Any idea on whats going on and how I can stop it? It seems like when port 80 is open thats when the attacks happen. If you look up the IP they're usually from completely random places.

>>62241375
>Sorry m8 you've lost me here lol
not a linux man? i mean it is what it is m8. prep the pi beforehand so it can bring up the alfa card's interfaces and the systems init/systemd startup system will wait for the card to be ready than launch my spammer. basically just automating it to do the needful. no need to bust out the pi and antenna out of my bag. could just be as simple as plugging in the power source and hitting go.
no need for serial ports and all that. just leave the alfa card plugged into usb and have the OS prepped to handle it. it's a headless server that shouldn't need any interaction for its simple task.

>>62241475
Why IIS? I'm only vaguely familiar with it from setting up some shit proxy servers to fuck with NTLM.
You'd have a lot more options for ACL with linux/apache/nginx/etc.

>>62241475
>>62241513
Also have you dumped the network data? Are they making the same requests? You could probably dynamically create snort/suricata rules for this and block it inline.

>>62241487
>prep the pi beforehand so it can bring up the alfa card's interfaces and the systems init/systemd startup system will wait for the card to be ready than launch my spammer.

ah yeah I'm with you now was just being dense. Yep I've built an IPtables headless fw before with systemd but no Linux ninja.

(not for your reference as you have this all down but here is a quite decent guide I found for building a pi wardriving rig. Will probs use it)

https://scotthelme.co.uk/wifi-wardriving/

File: wardriving-pi-2.jpg (90KB, 798x599px) Image search: [Google]

90KB, 798x599px

>>62241698
loving this jalopy rig up. pretty much spot on what my biz is going to end up looking like.
>not for your reference
by all means we should post this shit more. maybe than some of these 14yr/old larpers will learn a lil something and might dive deeper.

>>62241475
>I'm running IIS for my websites
Found the issue.

Man this sounds like there is malware on the Win host itself. Scan the host and remove if found or burn it and restore your sites on a fresh install.

I'm guessing your IIS was the infection vector. If you have to run IIS and open it to the Internet you HAVE to harden the IIS install and the host OS. Use the CIS (Centre for Internet Security) guidance to check what the problem might be. And don't run it until its hardened.

>>62241755
>loving this jalopy rig up. pretty much spot on what my biz is going to end up looking like.

yep, decent isnt it!

Also in the guide, re accessing the rig while out, he makes a really good point about setting a static IP lease for it at home, then re-using. That never occurred to me on the pineapple (I just gave it a static full stop and had to fuck around with it from environment to environment)

Also he uses screen, I meh'ed out on that and had better results with tmux.

The spamming sounds fun, but getting ssh on from a decent phone screen is breathtaking, I assure you... You can basically walk up to the right AP and start tinselling the WPS while 'checking your messages'. (disclaimer, these AP's were all mine legally blah blah)

>>62241983
yeah static would be the way to go. set it to some /30 network and just ad hoc to it when you need via ethernet.
>The spamming sounds fun, but getting ssh on from a decent phone screen is breathtaking, I assure you...
eh i'm not that hard pressed to break into wifi, i have some terminal apps on my phone so i can hit my kimsufi when i need. i'd rather just be a bother haha.

>>62206947
"1"
rain
neon
weapons
syringe
car/bike thing
skub

>>62209475
newLisp

>>62241239
I'm a /sec/ person, but I got into the field because of cyberpunk. I love /cyb/ even if a lot of you are mouthbreathers. Eventually some will get the itch. We are all just chasing that dragons.
>>62241375
I never understood pineapples. I guess it caught on because consumer routers didn't have the ability to act as a wifi repeater like that when they first came out. These days it's not hard to find a cheaper turnkey solution. I could set up device with two antennas and bridge it that way, but a lot of the time having something that 'just works' is useful.

so, I've been working in a infosec company for a year, and while I generally love the job, I've fucked up a few times by not reporting/testing stuff that I should have. also, the fact that I may or may not have missed a big vulnerability makes me feel like shit.
thing is, the job is stressful, I'm terribly disorganized, and I don't really feel confident about my knowledge (I'm very insecure as a person)... so I'm thinking about leaving the company and infosec in general, and start doing something else. I don't really know if I'm being stupid, or just honest about myself. coworkers think I'm a knowledgeable guy and shit, but I don't feel like that. I usually just do stuff that I enjoy, and don't give a fuck about everything else.
it's my first professional job (I'm a college dropout), and it's very well paid.
what should I do? should I talk to coworkers/bosses openly and honestly about this? should I leave? should I just keep my mouth shut and try to give my best?

>>62242862
>and I don't really feel confident about my knowledge (I'm very insecure as a person)
> I don't really know if I'm being stupid, or just honest about myself. coworkers think I'm a knowledgeable guy and shit, but I don't feel like that
It's called Impostor Syndrome, and believe it or not, a lot of people have it. I have it from time to time as well, but the best you can do is simply learn from your mistake(s), move on and count on your friends and coworkers to have your back.

>>62240709
> Midori
> pricey
Where do you get your paper from where Midori costs more than Rhodia? Midori is one of the cheaper brands (I have their color paper notebook).

>>62242862
Word to the wise. IF you decide that you want to report a mistake like that don't write it in email, slack or anything else. Talk to your manager within the company, say you need to set up a meeting and tell them verbally what you missed and what happened. This protects the company and if your boss has a brain it will be appreciated.
Mistakes happen and if your company is decent they will have a good way to handle client relations.
As far as the missing a big vulnerability just try to make sure it's not something obvious or if it is you have a good cover story as to why you missed it and how you can prevent it from happening in the future. The single worst calls you get from clients are when another consulting group found an obvious vulnerability or an outside reporter did. If this happened, just be ready for a lot of pain. If this is a one time thing it probably won't be too big of a problem and your client manager will offer a refund or discounted work in the future. If it's something that happens often you might want to consider addressing your workflow and make sure you have a process in place to stop this. Doctors use checklists for basic things for a reason, you might want to consider one.

>>62242841
>I got into the field because of cyberpunk
How did that go? Honestly, I don't see a profound connection between cyberpunk and infosec. Actual cyberpunk fiction has always been more about console cowboys, street samurai, weird subcultures and transhumanism than hacking as hacking. What the console cowboys do in it has more in common with video games and wizard duels of fantasy fiction. A lot of the stories have hackers who use more realistic methods, but they are usually side characters, not the focus of the story.

>>62243104
It got me involved in irc as a larping script kiddie. Eventually I found my way into the warez community. From there I ended up getting involved in cracking. Look at the aesthetics evoked in hacker communities. Read some of the early writings on phrack and 2600. It's not hard to see why there is some cultural overlap.

thanks for your responses

>>62242899
yeah, well, infosec is a very broad field... how do you compare your knowledge, against what/who?

>>62243078
yeah, I've already started making a checklist.
still, I feel like shit. these were some dumb mistakes from my part, a few happened because I was too slow and didn't recognize obvious vulnerabilities where there were some, other happened because I didn't even look at the vulnerabilities found by automated tools, and the client (a new client) noticed... I just gave them a BS excuse, yes, but I feel bad for them and feel scared about someone else noticing at work.
I've thought about talking to my managers, but, what the fuck am I supposed to tell them? "yeah, I'm a dumbass and I fucked up, sorry?"

>>62243264
You are talking directly to the client about them calling out your mistake and your boss doesn't know? If the client already noticed you might want to rope the boss in. Admitting you are a dumbass and fucked up generally is a good thing in most 'reputable' companies in a situation like you described. I don't know what your office politics situation so you have to make your own decisions about this. 4chan is not a place for career advice.

>>62243456
I won't go into details, but we, my manager and me, setup a conference call with the client (they asked us) and my manager defended me, not knowing that I did fuck it up...
anyway, thanks for the advice. guess I'll talk about this at work, for my own peace of mind, and to fix this mess, if possible.

>>62243532
Decent chance your manager already knows you fucked up then. It's his job to make sure the client relationship is fine. He isn't going to tell the client directly you made an error. No one is going to put you on a stake and burn you. If he is already in the loop then no need to bother him more I think. Learn from the mistake and put it there as a note on your next review as how you grew. It doesn't matter how senior you get, this same situation will happen to you again later. You just want to keep the percentage down.

>>62238289
>Mandarin.
And 20 years earlier it was Japanese language skills that really made you. People were racing to foreign office to get any Japanese station work so they could write an impressive CV. That is gone now.

I wonder how long Mandarin will be hot before the next hot stuff comes up.

>>62242862
>so I'm thinking about leaving the company and infosec in general, and start doing something else
Don't. he way the job market is, you risk being unemployed for quite a while.

And remember: experience is just the sum of mistakes done while nobody else noticed. So hang in there, do your best.

>>62242862
>it's my first professional job (I'm a college dropout)
Might I ask how you accomplished that? Heavily considering (almost to the point of certainty) of doing something similar. Just luck/connections, or something more?

>>62243739
Korean is next after the Supreme Leader conquers all of E. Asia with his nuke arsenal.

>>62243884
The picture is very unclear. NK would never have gotten where it is now without support from CN. This is just yet another proxy conflict as we have seen for 100 years. Add to this the generic talk from RU and CN about disarming to create peace, as if that would not remind everyone about Chamberlain's utterly disastrous "Peace in our time".

NK will probably get over confident and move in on Seoul. US might go nuclear coast to coast. CN will then occupy as much of NK as they can grab, unless US goes nuclear on their tail too. The South China Seas land grab is not good.

If Korean is the next important language, and I can believe that, then that would require more tranquillity than we see. Vietnamese is another contender.

>>62236045
>but it also isn't a velcro strip
What did anon mean by this?

>>62226199
Problem is that grsec patches were a mess. Still bad they don't value security as they should.

>>62208965
Not if he is in /g/.

>>62241239
>On point 4 though, it would be nice (*from a research perspective) to know of any other forums / dark web sites / channels which have decent foot traffic and talk about malware / dumps etc) Anyone got any decent links / tips for that?

I know tens of "hacker" forums but the guys there are as much incompetent than their actions are illegal. Those forums are generally about skids that absolutely needs a point and click hacking tool because they're afraid of the CLI. And yet, they will dump hundreds of netflix account they "hacked" with their shitty tools....

Just avoid those websites, you won't learn anything from them.

The good guys, hang out on twitter more than on any forum and have personal blogs where they'll post their work and research. Just make a twitter account and follow as many infosec guy/gal you can.

Then there is the CTF communities, I found a nice discord but it's in french.

All talk about /sec/ relates to .com so far. Why is there nothing about .mil as an entry to this line of work?

>>62242862
Do you work in a SOC and/or on shift ? That may be the reason, there are some jobs in infosec that are a lot less stressful.

>>62246207
UK mil physical security: http://davidmoore.uk.com/projects/the-last-things?imagenum=1

File: 81rjiawYJSL._UL1500_.jpg (199KB, 1121x1500px) Image search: [Google]

199KB, 1121x1500px

>>62231164

here's your clothes bro

>>62246203

Thanks bud, that's handy info.

>>62246534
>UK mil physical security: http://davidmoore.uk.com/projects/the-last-things?imagenum=1

the fuck is that about? You farming IP addresses with that shit?

>>62219415
Is the FTP down? I can't connect to it anymore.

>>62240694
>https://vanitysec.com
subtle enough ?

>>62230430
>>62230020
can it send directly veginate into brains

Rescued from page 8

>>62249112
clapclapclap

>blackhats

How pathetic

>>62249958
Whom may you be quoting?

>>62243665
thanks a lot for the advice. guess I can calm down a bit.

>>62243864
>Don't. he way the job market is, you risk being unemployed for quite a while.
>And remember: experience is just the sum of mistakes done while nobody else noticed. So hang in there, do your best.
thanks m8, you are right, experience is learning from our mistakes...

>>62243881
>Just luck/connections
this. I've been part of a CTF team for some years (though not very active...), and they got me in contact with people in this company. then I went through some tests and they hired me.

>>62246253
>Do you work in a SOC and/or on shift ?
nope. some stuff that had happened before made more and more stressed out.

>>62250827
>your new browser is firefox.
>be sure to go into options, then security, and uncheck block malicious content.

What is this meme

>>62241239
You are not going to get better than Reddit, ycombinator and lobste.rs. Some of the video game cracking sites are ok, but you mostly want to see how their tools are made.

>>62251664
that part of the FAQ is pretty old

>>62232293
>it was a shitpost to bump the thread but tbf everything from intel after 2006 is supposedly backdoored, so if you want an ultraportable your best bet would be a x200. Also you can't libreboot the x230, iirc they're working on the x220 and the T420 but I'm not sure I can't find infos right now

Not supposedly, it literally is backdoor on every single northbridge/PCH chipset since 2006. Libreboot is the only answer. Anyone in this thread needs to get this on a compatible computer. I always recommend X200/T400 with P8700/8800 CPU + 8GB ram + AR9380.

>>62251667
>>62241239
Onion/Freenet/I2P/Fidonet/Gopher new home of /leet/men. Check public wiki for still up website and follow link trail to find common /leet/ers. Clearnet dead. Maybe one or two chan left (8chn + end) w/ knowledge. Some clearnet forum, but Russian and non-western are ok.
>>62251664
>>62251840
>Download old release
>"Critical Error: FIREFOX"
>ignore
>about:config me up
>profit
>>62251861
>Libreboot is the only answer. Anyone in this thread needs to get this on a compatible computer.
No. Inefficient for daily driving, will want to kill yourself from LAG.

File: VPN & Ad Blocking Through a VPS.png (400KB, 748x6726px) Image search: [Google]

400KB, 748x6726px

>>62206660
Re:
>Harden your OS, reroute your DNS and fire up the VPN!
>Shit just got real: - Looking for more resources, help is welcomed.
>https://pastebin.com/JXyM4fTe

I wrote a guide for using a VPS as an OpenVPN server with ad blocking through DNS and firewall. Looking for feedback.

>>62252241
>OpenVPN
https://thehackernews.com/2017/06/openvpn-security-flaw_21.html
Use IPSEC. Code correctness > OpenVPN. Also not symantec AV levels of resource MISUSE.

File: b_1_q_0_p_0.jpg (26KB, 298x199px) Image search: [Google]

26KB, 298x199px

>>62252327
>>62252241
Forgot meme. Here it go.

I've got an interview for a /sec/ scholarship coming up. What should I study to prepare?

>>62252369
Neuromancer

>>62246604
memes aside, you have to admit this DOES look kinda badass

>>62252369
sec+ wouldn't be such a bad idea.

Also, latest trends and developments are good to know, some people might not jsut ask "specific" questions but rather want to see that you can keep up with whats happening.

>>62252184
>No. Inefficient for daily driving, will want to kill yourself from LAG.
Considering I'm posting this from my X200 outputting to a 1080p monitor over display-port, with 10 open 4chan tabs, streaming radio, a few news sites, and other programs running in the background with ZERO lag whatsoever, I'd say you're wrong about that one buddy.

>>62252679
I've been going through sec+ on cybrary, so good to know I'm on the right track.

Is there a place for /sec/ news you'd recommend?

>>62252768
I overread "P8700/8800 CPU" and assume you had real CPU without wireless options, but instead now I read again you said "P8700/8800 CPU" and then "it literally is backdoor on every single northbridge/PCH chipset since 2006" making me think you mean to say you are safe from backdoor?

Please see this image: >>62252337
From Centrino onward Intel package wireless capabilities into chips, this mean doesn't matter if backdoored when I can resonate your CPU to shit itself and dump operations remotely. Fucking LARPER

>>62252851
Well first I would say ditch cybrary and use http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/ for the course. But if you get along with cybrary, keep at it of course.

As for sites, sadly I can't name any really. I get most of my news from collegues in my company. I might need to find some too though.
Though https://www.schneier.com/ is a good one, as it's actually writen by an expert in the field.

>>62252953
You're a fucking moron and obviously not familiar with the Libreboot project. The Intel ME firmware is completely purged from the motherboard through the Libreboot process. Centrino functions are apart of that, not too mention it can't work if there's no WWAN card in there to begin with. Fucking larper my ass. Get some education kid.

>>62252958
Thanks for the recommendations. I appreciate it.

>>62253132
Does Libreboot remove all types of AMT from Intel?

>>62253209
For AMT 4 yes, but they're working on later versions, which are problematic due to the ME ignition found in AMT 6 and later

https://libreboot.org/faq.html#intel

>>62253293
>Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400.
I was wrong, I apologize.

帅 bump

>>62253371
Apology accepted. Sorry for calling you a moron.

File: stock-photo-funny-young-man-with-surgery-tools-103024967.jpg (537KB, 1500x1345px) Image search: [Google]

537KB, 1500x1345px

>>62253432

File: 1503524676598.jpg (79KB, 295x404px) Image search: [Google]

79KB, 295x404px

>>62251667
>You are not going to get better than Reddit, ycombinator and lobste.rs. Some of the video game cracking sites are ok, but you mostly want to see how their tools are made.

That's perfect m8, thnx. Had a quick look and there's loads of good stuff on lobster/reddit. Did I miss the point on y-combinator - looks like a startup site?

>TFW havent been to Redidt since migrant crisis began.

I was going to ask this on lainjp cyb, but it would probably take ages to get an answer.
What coffee do you drink? I want to start drinking because it has a ton of good properties and makes me have more attention.

>>62253795
coffee a shit
caffeine pills a best

>>62253795
>What coffee do you drink?
That's an odd question for /cyb/ but I prefer 8 o'clock Columbian (whole beans freshly ground)

>>62253932
absolutely degenerate

>>62253955
enjoy your glorified brown water

>>62253932
They come out more expensive, though.
>>62253955
>That's an odd question for /cyb/
Not really. People on cyberpunk communities usually drink coffee because soykaf.

>>62247464
The British MOD do many things, farming IÅ addresses or crypto coins are probably not on the card. The source is this BBC article:
http://www.bbc.com/future/story/20170821-how-prepared-are-we-for-the-impact-of-a-nuclear-war

>>62247505
I cannot connect to it either. There has been downtime earlier but it returned. I guess the dude has to hose his disk after someone here uploaded two huge scat videos.

File: gal492g.jpg (98KB, 640x480px) Image search: [Google]

98KB, 640x480px

>>62252652
Um, why? The face mask?

One site alleged the face masks are for holding wicks dipped in oils so that the wearer can inhale the stuff. Pine scented punks? Or Mintpunks?

Contributing another pic along these lines.

>>62253795
the cheaperest desu it tastes like shit anyways

>>62254412
looks like AIDS

>>62254663
They call it Cybergoth. Might as well call then Cybermints.

>>62254739
I remember there was a shop like that in Camden in London I think it was called cyberdog or something, I've never seen people dressed like that in the streets though

>>62254646
I like it, otherwise I wouldn't consider start drinking.

>>62253795
>What coffee do you drink?
Might as well drink covefe.

Tea is the main choice for the discerning gentleman. I use sencha for hard problems.

>>62255094
I drink tea too, but doesn't it have less cafeine? I only drink green tea.

>>62255146
I am not sure, I have seen claims that it has more and other claims it has less. From what I know Japanese green teas have a lot of caffeine, more than Chinese green teas.

Have you checked out Qubes? Liking it a lot so far.

>>62246203
Are there any other resources for learning infosec other than twitters of people? I don't feel like socializing on twitter, really.

also, if any of you have any input on how you became analysts / researchers in the infosec field, i'd appreciate it.

>>62254336
Did he delete them? I need that sort of thing in my life.Bonus for watersports as well.

a bunch of APs in my area are duplicated and when I change my freq and channel on my router those duplicates instantly change to the same? I only checked because someone was repeating my posts back verbatim from another chan and taunting me saying I'm being watched. I started using 3g only and looked up some stuff abt hacking and apparently you can use aerial and amp setups to crack, spoof and sniff wifis. I didnt have https on so I thought maybe they intercepted the packets. The posts I made weren't interesting enough for it to be a remote attack, I suspected a nearby house so I checked and used a WiFi analyzer and tracked most of the signals that were imitating my routers frequency and found 12 separate APs to one house down the road which has its light on at 4am every night. Am I being paranoid or is this a sign that someone is warxing? New to netsec and typing on a phone which I never use pls forgive retardation

>>62257951
*same as my wifis frequency that I changed on the ISP homepage

>>62258084
>>62257951
Yes. He's likely mildy retarded for not using a better dish. Report it if you want, likely nothing personnel though.

>>62258662
OR MAKE A FREN

What dish are you talking about? By 'yes' do you mean the duplicate APs and how they're copying my routers freq is a sign of shenanigans? What would the imitation suggest he's doing? If its a network card + aerial passively picking up my WiFi freq is he using a script telling a bunch of routers to copy it? Or is it a bunch network cards and amps with fake SSIDs pretending to be hotspots as they're unencrypted? What's he trying to do, is it to get my devices to connect to honeypots or has he already cracked my router and using those APs as some sort of relay?

I've only just figured out the internet isn't made of magic and spent 3 days reading a sec book in response to this and I still don't have a clue, don't know anyone who understands sec and my ISP said in a phone call they aren't versed in how to deal with this and I'd have to find someone who knows. I'm guessing hiring a security expert is out of a poorfags price range so any advice would be welcomed as I don't want to just get a new router, reformat and lose valuable files if he's just going to do it again. Like if someone could advise me on narrowing down what method of attack it is, how to be sure of the source etc that would be great

>>62258918
Dish antenna.
>By 'yes' do you mean the duplicate APs and how they're copying my routers freq is a sign of shenanigans?
Oui.
>What would the imitation suggest he's doing?
Maybe interference testing, maybe GPU farm to crack your WEP to use as scapemachine. Why not ask him and admire his GNOME too?
>If its a network card + aerial passively picking up my WiFi freq is he using a script telling a bunch of routers to copy it?
12 APs, instantly changing. What do you think?
>Or is it a bunch network cards and amps with fake SSIDs pretending to be hotspots as they're unencrypted? What's he trying to do, is it to get my devices to connect to honeypots or has he already cracked my router and using those APs as some sort of relay?
Slow down. Too little info to make any concrete conclusions. There's a lot you can do and most of it is malicious.
>I've only just figured out the internet isn't made of magic and spent 3 days reading a sec book in respons ... new router, reformat and lose valuable files if he's just going to do it again. Like if someone could advise me on narrowing down what method of attack it is, how to be sure of the source etc that would be great
Go with baseball bat to his house and reverse his kneecaps. Or make your own router, get proper firmware, and set it up so you're not fucked in the ass again. Second choice is best choice. Unless your router is also a server with your doujinshis, formatting and flashing are good options.

You could also check the connection logs to see if he's actually in your network and not testing his new Py cracker on some scrub with a fancy 1gbit connection.

>>62259155
If it helps, it was 12 APs that had my freq and 6 of them changed to copy my channel change the other 6 stayed the same. Along with my upstairs neighbors router which copied my freq instantly but she's an old woman. Why would I be specifically targeted is why is my router freq being repeated? Only reason I can think is I've got a decent gaming rig and maybe he's using that for some botnet shit or maybe hes a redditor or goon who is on a crusade because I posted memes on /pol/ - that was what the 2spooky posts saying I was being watched were copy and pasting but its mild AF hence why I suspect neighbor incidentally seeing it and getting on high horse

How do I buy a 4chan pass without it being linked to my bank account?

>>62259461
You're paranoid as shit, my dude. Who pays for your internet?
>>62259703
BTC tumbled.

>>62259772
I don't see how its paranoia when someone is referencing posts I made on the 8 site on 4chan verbatim, its not like they have the same mods comparing IPs is it? There was nothing in my thread that could link me to the post I made on the other site so I suspected snooping - I check the WiFi and see a bunch of APs in one house following my routers channel changes instantly, don't see how that's paranoia.

>>62259703
prepaid gift card bought with cash was super easy

>>62257576
>Did he delete them?
We don't know that yet.

The uploader was in this general and might provide you with new links.

>>62260017
The way you type might be linked back to you. How is your ISP setup? Do you pay for it? Does your landlord pay for it?

>>62260805
I already checked it for unique phrases or anything that could make them link the posts and there was nothing and no I pay for my internet, why do you ask?

>>62241755
>by all means we should post this shit more.

If you're still around I found a stellar de-auther here

http://www.instructables.com/id/WiFi-Jammer-Using-ESP8266/

The board is the size of a postage stamp and costs five bucks from alibaba. Program it, attach it to a 9 volt battery. You could theoretically stick a magnet to it and just throw it at the train.

Also Lans.py is totally out of support, so forget i mentioned it.

>>62230538
I've been thinking of making something like this for a while, would be a fun project with good usefulness.

>>62231164
I wish the clothing industry could actually put its resources into better and more functional clothing, instead of subjective fashion trend pushing for profit.

>>62261898
You might want to go for that helmet design to make sure the sensor arrays are aligned with your head at all times.

>>62261923
The clothing industry seems to be in stasis where minor colour change passes for groundbreaking innovation.

File: laindab.gif (29KB, 87x100px) Image search: [Google]

29KB, 87x100px

lain bump

Anyone doing the 6 week fireeye ctf?
>https://2017.flare-on.com

Currently on challenge 4

File: completementfou1.jpg (217KB, 256x256px) Image search: [Google]

217KB, 256x256px

https://steamcommunity.com/groups/tessier-ashpool

join up

>>62253932
For the best Price:Space:Power ratio, caffeine powder is best. Like $20/kg and taking the same space as one large container of beans or grounds.
But then you miss out on caffeic acid and whatnot. Knocks off a portion of the 'good properties' in favour for simplistic stimulation.
>>62253795 SAGE
I like overpriced freshly roasted coffee beans. Medium roasted from Sumatra if possible.
While grinding myself is still easy and fast, roasting is its own thing. It takes effort and experience to get it down right enough to even pull any benefit in flavour.
And because grinding and brewing can both be done without power (Manual burr grinder, kettle, french press), or sacrificing accuracy (Roasting temp/time). If I'm ever limited in that regard, wasting it on a physical drink would just be silly.

>>62260085
which site where you using or do you have a personal contact?
localbitcoins has no enties for my country apparently

>>62254793
>I remember there was a shop like that in Camden in London I think it was called cyberdog or something
Yes, it is still there. Seems like the market for Cybergoth wear has declined.

>>62230453
A function like strfry has a lot of uses in crypto

>>62219608
>>62220518
OpenVMS is pretty relevant if you are already having a higher uptime than the average poster.

Remember that this system was turned on before 2005,
when Itanium was thought to be a good idea (even though HP's EPIC-Project clearly said it wasn't).
Too bad that, thanks to this disaster many good arches were killed off.
But the challenge of migrating your (whatever) to another architecture without even risking downtime has kept it around.

Btw.: Is Kittson1 out yet?

1 (32nm node, not even Intel is giving a fuck about it anymore. May Itanium rest in piss.)

>>62221642
monopoly?
what are Alpha(oids)? (Sunway)
what is SPARC ? (K-Computer, 2011)
or ARM (upcoming K-Computer replacement) ?

I am getting the point, but Supercomputers are a lot less affixed to x86 than the consumer/workstation/server-market, and are thus challenged a lot more.

>>62221846
sorry about
>>62264669

>>62206660
vabor wabe

https://www.youtube.com/watch?v=8GW6sLrK40k

do u like this song g

i want more groove like this ha ha

>>62240694
>Techwear
have any examples? google image results just yields a bunch of ninjas

>>62265213
>have any examples?
Sure:
http://www.nytimes.com/2011/10/25/science/25shirt.html

>>62265478
aaah yes, the botnet pantsu

Anyone ever made a police scanner? I'm thinking about building one using a rbpi or similar.

Too many crooked cops around here that I rather avoid.

>>62263559
>join up
Why??

>ABOUT TESSIER-ASHPOOL
>No information given.

Not compelling.

How about comments then?
>There are no comments on this group.

Not impressed.

>>62266872
Easiest way is to get a cheap SDR, see https://www.rtl-sdr.com/
In the vote 9 percent said this was their main interest.

Also did you check the pasta?
https://pastebin.com/9uYXMhVm

I'm currently building a TOR middlebox (transpartent proxy).
If I got it correctly, the following rules should route all TCP traffic through TOR and drop everything else

iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 9053
iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
iptables -P FORWARD DROP

is there anything that may leak?

>>62268384

Just make sure to connect the TOR box outside your LAN.

>>62268404
you mean because of traffic correlation?
Secret agencies are not the kind of adversaries I'm worred about even tho' XKeystore probably already got a few hits for me

>>62268529

then why not simply install a VPN instead?

>>62268560
I'd still need to route my traffic through the tunnel.
tor was simply my first choice because it's free

how js is relevant to pen testing?

>>62269146
>runs nativelly on windows with wscript.exe.
>only language to run in a web browser
Very relevent.

Pitiful thread. For /sec/ guys lurking or reading archive, go through mailing lists and darknet communities for more obscure information. Don't subscribe to any or post until you've setup a minimum mandatory connection obfuscation and amnesiac system. Whonix+Qubes is a good start, you can configure it to run in temporary only mode. More inclined individuals can setup a TAILS-like liveUSB with some work to get a pull-out -> wipe memory.

Proxies are worthless, don't encrypt traffic. Work out how to connect through mandatory VPN without announcing to everyone listening you're using a VPN. Better to not use your own network at all. VPN -> Tor. As far as I have researched, Tor encrypts all traffic within the onion network, but not for Tor -> Clearnet, so be wary. There is also different attacks from global adversaries, but those are for big boys who would know what to do if they were in such a position. If you choose to go down network riding, remember to only use a repeater -> wired connection. Wifi cards can be used to jeopardize your location by pinging other networks.

Full disk encryption mandatory. Download initially only from public and high-traffic networks. Checks sigs always. These two are worthless again for state sponsered snooping, but for most it is good enough.

>>62260017
Linguistic analysis. There is a term for this but I don't know it right now. Use a obfuscator. Better to research all papers on this and incorporate all specifications they use. Machine learning is dangerous and will easily deanonymize you in your writing and source code (binaries included)!. Not difficult to track poster across years when all data is archived and can be put into simple analyzer.

Likely I have forgotten somethings, but should be good for now.

>>62264747
Is VAX available in Verilog or VHDL? I have looked but cannot find it.

>>62266905
Drink sewage

>>62264379
>A function like strfry has a lot of uses in crypto
Really? This is what the Gnu has to say about it:
>The function below addresses the perennial programming quandary: “How do I take good data in string form and painlessly turn it into garbage?” This is actually a fairly simple task for C programmers who do not use the GNU C Library string functions, but for programs based on the GNU C Library, the strfry function is the preferred method for destroying string data.

There is a world of difference between one way hash and one way crypto.

=== /cyb/ and /sec/ News

You would have thought that when you develop cutting edge technology that you haven't filed patent applications for you would be careful, right? Right?

>UK universities targeted by cyber-thieves
http://www.bbc.com/news/technology-41160385
>British universities are being hit by hundreds of successful cyber-attacks every year, reports the Times.
>More than 1,152 intrusions into UK university networks had been recorded in 2016-17, it said.
>And thieves were interested in defence technologies as well as research into novel fuels and better batteries.

So: no. British scientists make great stuff but the bean counters make sure it is all leaked abroad. Every time.

>>62240986
Twitter has a vibrant and healthy infosec community.

>>62212436
This.

>>62272886
And irradiated from the radioactive waste that is Twitter.

Not a hash, but say you have a variable that contains some sensitive data in a crypto algorithm (like the key). After you're done with it, you can't just free its memory, you have to destroy the data in it.
Hence strfry

Cyberpunk has to do with cybersecurity but cybersecurity has nothing to do with cyberpunk, merging was a mistake.

>>62273939
Daily reminder that the same people who wanted a rememrge are the same people who keep this thread on life support.
>>62208888
>>62209325
>>62215210
>>62228838
>>62233651
>>62231915
>>62249112
>>62253398
>>62262913
Jesus christ you (in the non-racial pre-nu4chan/pol/ days where we didnt have actual literal paid shills to sway our opinions like all of the anti-NN and political threads /g/ now has) fucking stupid niggers. If it dies, let it die. If someone is interested in asking something or starting a conversation they will make another thread. All that's being done by keeping this shit alive is turning people away because it's become shit. Fuck off. Where is OP?

new bladerunner poll
http://www.strawpoll.me/13871279/

>>62274023
it is how generals are lad.

>>62231164
is this lazy town

>>62264284
Was there ever a market for cybergoth? honest question

>>62276855
It was enough market for Cyberdog to set up a branch in Brighton. I think this was more of thing in the 1990's. These days it looks more like a form of fetishism with masks and latex, as you can see in >>62254412

>>62268384
>is there anything that may leak?

Isn't line 2 going to forward any old local file and print too? That looks like a risky proposition to me. It doesn't matter if its going through Tor if the packets themselves are full of identifiable crud from your LAN?

I mean, yeah, if you are certain that the only host on Wlan0 is your PT rig, and that rig has good opsec, you might be OK, but I would be more stringent. Set it up for a more narrow use case. You are currently setting it up as a very useful whore...

I would say dont do what you are doing m8.

More info pls, what are you up to?

>>62269146
>how js is relevant to pen testing?

r u serious? It's fucking God tier for pen testing holy shit?

Learn it. Hammer it.

Need to go back to basics on CompSci including algorithms, data structures, OSes etc. Any good free online courses?

Is this still the roleplay as a hacker thread or have any of you figured out how to run afl yet

How does ultrasonic cross device tracking actually work? How does a shitty laptop mic or smartphone mouthpiece hear super high frequencies?

Could you use this tech to put cookies in people's phones to recognize nearby aircraft squawk codes and find their location?

>>62279429
wait thats what GPS is isnt it except with satellites

>>62279429
>How does a shitty laptop mic or smartphone mouthpiece hear super high frequencies?
That is easy for solid state devices. Sampling rate is often 44 kHz which means the Nyquist limit means you can detect 20 perhaps 22 kHz sound. Human upper limit is 20 kHz for young people, going down to 5 kHz when you get old.

If the low pass filter is missing you can get wraparound and detect even higher frequencies but that would leave ambiguities.

For tracking and transferring cookies you need specific software, sounds more like malware.

>>62278620
My initial plan was to set it up for privacy by providing an access point and tunneling everything through TOR.
The box has 2 wifi cards - so I should be able to separate the public network from my own by not forwarding anything, right?

Another thing I planned this for was activities I don't want to assiciate my connection with, for example scanning a host

>>62279429
iirc there was an android ad framework which would listen for frequencies barely above the human ears' limit - the shource was for example flash ads or embedded in TV ads

found it:

https://www.cbsnews.com/news/google-removes-apps-that-use-ultrasonic-frequencies-to-track-users/

>>62279983
Disturbing. And it does involve malware. Perhaps time for some ECM.

Same site has more spooky stuff: https://www.cbsnews.com/news/pennsylvania-police-red-balloons-tied-to-sewer-grates/

Anyways, a few years ago someone noticed computers were "chatting" over ultrasound, never heard much after that. Sounded outlandish then, never know really now in these times.

>>62280209
here you go

https://arstechnica.com/information-technology/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

afaik there was only one report that time and I haven't heard of anything like that afterwards.

What should I start with to learn about hacking? Is there anything like khan academy for it? I'm too pussy to do anything illegal but I just read ghost fleet and I want to protect my computer from 12-yo chinese autists if something kicks off

I've almost finished hacking for dummies but it just seems like a sea of acronyms and the wikipedia pages on them still don't help me get my head around it.

Is Kali Linux the best thing to use or is that a 'script kiddie' thing? Is there a 'bread and butter' programming language I should learn that can also be used for video game design or music software but also what the NSA would use to make stuxnet or whatever? Because I'm interested but also want some transferable skills to take away if I give up

>>62280809
>to learn
There is a lot of pasta about these things, did you read them? Yes, it will take you a long time and the reason is that this is a demanding field requiring constant work to stay abreast of new development.

>>62280809
>What should I start with to learn about hacking?
depends on your goals

As for the acronyms - must likely it's protocol names. memorize them and get a vague overview what it does - It's your bread and butter. Detailled knowledge will folow.

depending how new you are into this, you may want to install some linux distro by yourself. Choices here are gentoo and arch - you want to configure it by yourself to get a feeling for it.

As for the language, it heavily depends on what you want to do later and you won't be able to stick to a single one. For starters almost every language is fine to get a grip on how things work. If you know what a program needs to do to solve X, you know which flaws there may be.

>>62280870
Everything I've read & watched is too advanced, I can't find the ELI5 material that helps me visualize the concepts. Every time I start learning a new hobby I waste a bunch of time at the beginning trying to find the 'entrance' which I'd like to avoid this time.

>>62280966
Have you tried the bandit wargames? They are on a basic level

>>62280966
one does not simply open a magical door to hacking.

start programming and build your own

File: 7bbaceec417d7b933715ae24c931894e.jpg (279KB, 964x592px) Image search: [Google]

279KB, 964x592px

I'm a web-dev guy looking to go into netsec/infosec.
What's the closest job to a "hacker" there is?
I think Pen Tester, but I'm not sure.

And for that job, what's the first specific thing one can do to be able to do that job? I've read a lot of guides and they all seem to give very vague advice like, start to "think outside the box like a hacker."

>>62281018
depending on what you did as web dev, start real programming(TM).
Without experience you'll have a hard time as pen tester

also see the post above you

>>62253550
>perfect m8
Not that anon, but: ycombinator is a startup fund (among other things) but news.ycombinator.com aka Hacker News or HN is what people mostly mean when they refer to it. Other sites I like: Krebs on Security, The Register, CSO, the Risky Business podcast. And even if you don't like socialising on Twitter, it's a good idea to get an account just to follow a ton of /sec/ folks. I don't tweet much at all but I get most of my links that way from the people orbiting SwiftOnSecurity etc. Hope some of that helps, anon.

>>62275984
[spoiler]first one was meh to begin with[/spoiler]

we're at page 8 and apparently at bump limit.
who wants to create a new thread ?

currently work in SOC doing whatever netsec stuff
not really into it
enjoy principles of security and thinking/solving problems through the lens of security but hate the actual work
really really really enjoyed my db class in college
schema design, queries, tuning, access control, etc
any jobs that have overlap between the two?
i'm sure theres a need for hardened databases or something like that idk

>>62281491
Sacrilege.

>>62207691
what are you a cop

Wow! We passed 316 already. Good thread, good read.

OP: ready to launch the next?

>>62213912
>Isn't cyber security or cyber warfare in general a big part of cyberpunk?

In Cyberpunk books cyber warfare appears. Military systems are depicted as top of the range.

Today we know that three letter agencies led by officers indeed have top of the line systems. So we should have something about this. EW has been suggested.

Any proposals to add to the FAQ?

Is downloading pen testing tools off torrent sites asking to get infected?

>>62281018
reverse engineer/security researcher
pen testing is for faggots.

>>62282595
yes lol

page 10, OPanon doesn't seem to be around.
I'll make a new one

new one

>>62282932
>>62282932
>>62282932