Cybersecurity general is for the discussion of anything and everything related to cybersecurity.
Why are you so paranoid if you've got nothing to hide?
>https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
>https://youtu.be/pcSlowAhvUk
Cybersecurity essentials:
>https://hastebin.com/raw/weginuvopo
Cybersecurity resources:
>https://hastebin.com/raw/akaradisew
>https://hastebin.com/raw/ererigesip
>https://hastebin.com/raw/ejarasetid
Learn to hack:
>https://github.com/Hack-with-Github/Awesome-Hacking
Consumer/Amateur Privacy:
>https://thetinhat.com/
>https://www.ivpn.net/
Madickinass Approved Forum:
>https://0x00sec.org/
YouTubers:
>https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
>https://www.youtube.com/user/Hak5Darren/playlists
>https://www.youtube.com/user/DEFCONConference
>https://www.youtube.com/user/JackkTutorials/videos
Cheap Throwaway and Anonymous VPNs:
>https://lowendbox.com/
Protocols:
>https://www.fidonet.org/
>https://freenetproject.org/
>https://thetinhat.com/tutorials/darknets/i2p.html
>https://www.torproject.org/
>http://quux.org:70/Software/Gopher/Downloads/Clients
Career prospects and direction:
>Reddit.com/r/netsec
>Reddit.com/r/cscareerquestions
IRC: irc://irc.rizon.net:6697
>#/g/sec
Previous thread:
>>62141184
Thread archive:
>https://archive.rebeccablacktech.com/g/search/subject/sec/
Suggestions for new resources is welcome.
The Gentoomen /sec/ community is looking for CTF team members, contact them at the IRC channel.
>>62331087
me on the left
Anyone into game hacking? Been reading the Game Hacking book and it all looks pretty fun, already got some ideas on what to do with some games.
>>62331185
Thank you for appreciating the joke.
>>62331187
Not my forte.
But please, do regale us?
>>62331234
There's a lot of memory forensics involved in game hacking and it's combined with RE, you also need to evade anti-cheats and stuff.
Really just a novice so don't know that much about it, that's why I'm asking.
>>62331087
Reminder that your attempts at securing privacy are futile unless your BIOS is Free Software.
>>62331352
That actually sounds alot more interesting than I gave it credit for.
What book're you reading?
>>62331379
Agreed.
>>62331379
And disable intel backdoor
https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html
>>62331602
>https://www.csoonline.com/article/3220476/security/researchers-say-now-you-too-can-disable-intel-me-backdoor-thanks-to-the-nsa.html
Why does the NSA keep fucking things up for themselves?
>>62331440
"Nick Cano-Game Hacking. Developing Autonomous Bots for Online Games-No Starch Press (2016)"
It makes a pretty good introduction to ASM and Lua too.
>>62332013
Found it on Library Genesis, thank you.
>>62331234
>regale
Word of the day.
>>62331352
>>62331187
I used to be into game hacking as a kid. Usually just altering memory values and using custom dlls. Most new/beta/indie games are ripe for this because they're teeming with vulnerabilities to be exploited. You can make some money off of it, by selling expensive IG items for cheap or just running bots for various things (ranks, farming, etc.) and they're as simple as hooking your program to memory.
>>62331185
Me in the RAM chips.
>>62331379
For mission critical software, remember to audit everything yourself and verify signatures from multiple sources. Otherwise it's all in vain.
Anyone have any helpful resources on vuln research? I have a pretty clear path ahead of me that I'm gonna stay on, but more info is always helpful.
>>62332890
>You can make some money off of it
Can't you get sued pretty bad though?
Not that I care much, I know my opsec, but could be pretty worrying in the long term.
Also do you know where I can learn some techniques for cloaking my actions? There's a chapter about that in game hacking but some other sources could be nice.
>>62331087
>tfw a baby is more technically competent than you are
>>62331087
if I want to discuss reverse engineering on a firmware, where would I go?
>>62332962
Yeah you can get royally shafted if you don't stay low and out of the eye of behemoths. Two that come to mind recently are Blizzard and Epic suing cheat makers. Blizzard is suing some company (wew, >incorporating a company) because they've done "irreparable damage" to their game only because the tool was, allegedly, so widespread in use. Epic is suing under some legal loophole bullshit because the guy uploaded a video, Epic filed a copyright notice, and the guy disputed it so now he's getting leeched.
The lesson here is to go silent and make a new identity once you start getting any heat at all. You'll lose rep and recurring revenue, but this a hit that has to be taken for long-term survival. And it's better not to fuck with companies with the resources to find your ass and make a statement.
I think OPSEC is generally the same no matter what grey-area endeavours you partake in. Mask your fingerprint, compartmentalize, and be risk-averse and hyper paranoid. This is theory, but you can search through the OP links for info on these and I can try to answer any questions you have to the best of my ability.
>>62333095
RE has a lively forum scene, so you may want to check out some forums. I've used:
>http://www.binrev.com/forums/
>http://forum.ru-board.com/
>http://www.woodmann.com/forum/forum.php
in the past.
>>62333108
I meant cloaking the actions so the server doesn't notice me as much, or stuff like that.
I'll obviously don't try to go for big companies, since they have their dedicated teams. And they use companies to launder the money I guess.
I really don't know one thing, and that's which browser to choose when fiddling with bad stuff. Tor with several add-ons?
>>62331185
me on the right
Hi, what are some unknowing mistakes I could make when securing my KeePass database in an insecure place?
Is it possible to get the data if you have many versions of the encrypted Databank with always only one password changed or added?
>>62333229
Why are you putting your KeePass db in an insecure place?
>>62333252
I consider everything that isn't my local machine insecure. I want to plan for the worst case scenario, that's all.
I consider using a cloud service as the convenience gain would be very high, I am just asking here if the security gain is negligible.
>>62333278
Just get it on a few USB Drives and call it a day, cloud is the devil.
>>62333209
>I meant cloaking the actions so the server doesn't notice me as much, or stuff like that.
Realistically, you can't. Any developer worth their salt is using an anti-cheat engine. If you have the time and inclination, you can find out what engine they're using and look for holes yourself, through documentation/RE. This takes an assload of time though, and when I was active I'd just enumerate over exploit identifiers over different accounts to see which ones they used.
You could also do some black magic with exploiting Windows itself to get past the anti-cheat engines, but that requires a lot of domain knowledge.
If you want to know more, check out the Black Hat archives for gaming. IIRC they had a few: https://www.infocon.org/cons/Black%20Hat/
>>62333353
>cloud is devil
Why? Do you include self-hosted too or only the big names?
>>62333378
Self-hosted is alright, hosted by others is where the problem lays.
>>62333353
>>62333252
If it's password protected with a large-bit pass, what is the issue with keeping it on the cloud unless you're talking about a long-term brute-force?
>>62331087
me on the left
>>62333390
even if you encrypt everything?
>>62331087
Use opera vpn it is free
>>62333390
what problems explicitly
>>62333405
Weak to side-channel I guess, it's their hardware after all.
>>62333394
Yeah, long-term bruteforcing is what I'm talking about.
>>62333424
Data selling.
>>62333436
>>62333427
>Encrypt locally
>Use VPN
>Fake Email
The only thing they can sell is that they have a user who encrypts data, which is valuable information, but less valuable to them then the normal info they would get. This might even cuck them as they lose money on you if you don't shill their services to friends
>>62333376
Sweet thanks for the info.
As far as I know most anti-cheat systems are crap and easy to bypass, but I wouldn't know since I'm new to this.
Do you know if "impersonating" the anti-cheat would work fine? As in disabling the original and acting as it for the game to still start properly and the servers to not be concerned.
>>62333405
You can store your encrypted data on an untrusted machine safely if you do all the encryption at home and then just upload the encrypted payload. But doing COMPUTING on an untrusted server is not something you can make more secure with encryption, for the untrusted server has all the keys.
>inb4 homomorphic encryption
>>62333465
Yeah that could work.
>>62333490
Yeah but what can I do to make my encryption at home more secure?
If a plaintext file always changes in little steps, is it possible to derive the key from the differences in the cipher?
Should you change the key everytime you change the file?
>>62333427
>Yeah, long-term bruteforcing is what I'm talking about.
We could lessen our risk by taking the fastest known operations per second value, calculating how long it would take to crack a certain (pseudo)random password, and change our passwords before that time period is reached. This also introduces the trade-off of only storing dynamic data like account passwords and not things like banking/cc info and wallet seeds. Though the later could also go through the aforementioned process of moving all of your coins to another newly generated wallet and ditching the old one.
Cloud services are incredibly convenient, if proper steps are taken to secure your data.
>>62333209
Wrote so much I almost forgot about your second question.
>I really don't know one thing, and that's which browser to choose when fiddling with bad stuff. Tor with several add-ons?
It depends what you mean by "fiddling with bad stuff." Are you trying to stay secure or anonymous?
>Do you know if "impersonating" the anti-cheat would work fine? As in disabling the original and acting as it for the game to still start properly and the servers to not be concerned.
You should always try whatever comes to mind. Some may think it too obvious, but you never know what opportunities human error can open. In your specific case, a good anti-cheat would be off-loaded to the companies server and not be client-sided. And if it is client-sided, there would likely be a hash-check to make sure it wasn't tampered with. However those two may be able to be spoofed with packet interception.
Should I go to the networking path if I want to pursue cybersecurity/infosec?
>>62333581
Networking is integral to a lot of professions in the domain of "cybersecurity/infosec," but its importance is modulated by what exactly you're interested in.
>>62333622
>>>62333581 (You)
>Networking is integral to a lot of professions in the domain of "cybersecurity/infosec," but its importance is modulated by what exactly you're interested in.
I'm Interested in secure systems and penetration testing. So a little of blue and red team
>>62333138
those forums are pretty dead, i mean the first link is still semi active. Thanks for the links!
>>62333743
Then networking is going to be pretty important along side everything else (like understanding the OS and programming).
>>62334083
Thanks! That was what I was thinking about.
I just went through the essentials hastebin.
If I do everything browser related and use a VPN, will I leave any trace of my online activity?
any book recommendations for someone with a computer science background looking to concentrate in security?
>>62333535
Try to stay anonymous, mostly.
>>62335453
Hacking: the Art of Exploitation is a good start.
>>62335255
Even with a VPN the website can still see all of your hardware UID's which can be used to identity you, for example;
You used the same hardware to sign into your personal email. Or you purchased the hardware online/not with cash.
>tfw there is no open source anti ddos platform
>>62335817
i've heard of that one before, i think it's one of the free books you can get if you're an ACM member. will have to read it sometime