The ubiquity of cameras in day to day life is beginning to worry me, and they've got so small that you can hide them anywhere. Pinhole "spy" cameras are cheap as fuck and have great resolution now and you barely need any technical knowledge to operate any of this.
How do I know if someone has bugged my jack-shack?
Justin Peterson
Well waffle stomper, maybe if you didn't share it with 60 other fags on a FOB, maybe you wouldn't have this problem, just jack it at night when your on patrol.
Salty your thread never gets more than a few dozen replies before 404ing, hun?
Isaiah Martinez
First off the data or images will have to be exfiltrated somehow, by wireline or radio. Search for unexpected cables or unexpected traffic and unknown nodes through your router. And you do use an up to date firewall, right?
Also remember your power lines are also data lines, use ferrite cores generously.
In case of radio traffic you can get a SDR and monitor the frequency bands.Many have an impressive frequency coverage at a hysterically low price. Traffic shaped to match noise levels will be the number one most suspicious ones.
Soon cameras will be a minor issue compared to hidden DNA samplers inside, say, door knobs.
Carson Hall
Unanswered from last thread: >Is cybersecurity a good career path? In many ways, yes. You should be fairly safe from outsourcing. Trouble is, there can be a lot of crunch time and I guess those who have worked on safeguarding against Spectre/Meltdown are pretty delirious now.
>How likely are you to find jobs in the field? Not bad. And it will be better as even more high profile cases come to light,
>I was considering going to college for it but I can only afford a 2 year degree and some certifications. Would I be able to land a job with these qualifications? HR departments will always look for academic credentials, though many in the field look at experience only. this is heavily debated.
Nathan Sanders
=== /sec/ News Bankrupt Commies block Tor pcmag.com/news/362104/venezuela-tries-to-stamp-out-access-to-tor-network?amp=1 >"It seems that the government of Venezuela has found out how to do a very sophisticated block for the Tor network. It's not only on the direct access channels, but also the bridges Tor provides to bypass that blocking," Melanio Escobar, a Venezuelan technologist told Access Now.
Jason Walker
Is cybersecurity a good career path? How likely are you to find jobs in the field? I was considering going to college for it but I can only afford a 2 year degree at my community college and some certifications. Would I be able to land a job with these qualifications?
Piggybacking off this: I'm currently in a software support/technical support position but I'd like to begin shifting to a security oriented career, what resources should I be studying and what certs should I persue? Currently have A+ and N+, employer reimburses certifications so price isn't an issue, I just don't know where to begin.
Henry Martin
Thermodynamics and Steampunk General
Luke Hughes
Somebody knows what happened to cyberpunked.org?
Kevin Gomez
Considering shitting up /sci/ with this now.
Luis Morales
See
Camden Hernandez
Does /sci/ do generals? Could be interesting to see the input from there.
Meanwhile fishes shamelessly for traffic by posting a model in latex - who turns out to be a dude but readers do not care.
OK, how far can we go with latex?
Camden James
qtbots
Dylan Stewart
Hello /sec/. I don't know of a better general to ask, so sorry... Do you know of any "virus" that can autoinstall on windows from a new plugged sata HDD? I did that recently with one I was asked to recover, by a known person. I did the recovery using linux, but then I logged into windows before remembering to unplug the stupid hdd.
Thing is, it didn't let me login, returning an error about the windows login service. I had to repair the registry. This is what has scared the shit out of me.
unless you've enabled autoplay, there's no such thing. bit rot on the other hand definately is - so that's probably what you were seeing
Tyler Sanders
Where is the actual guide for how to learn this stuff? I need a straight up complete book list written by professionals that will tell me exactly what to read to learn wtf this stuff is, from a CS bachelor graduate's perspective
Brayden Howard
Dive into the FTP site, it has tons of books. Read all, that will take you a while.
Jack Robinson
What is that?
Samuel Mitchell
Lurk more, and read the OP.
Cameron Hernandez
Do you ever lose interest in cybersecurity? It seems that after a while, a lot of the interest in topic seems to fade. After you've secured everything and read all the documentation and know how to make everything you use secure if you so wish, it becomes a lot less interesting and fun to participate in, at least for me. Anyone else know this feel?
I tried installing OpenBSD on a laptop that was just taking up space. Sadly, however, the function keys and wifi were broken. Wifi in particular was oddly broken, I couldn't find anything in dmesg related to the card and the interface didn't show up post-install at all. I guess I'll use either hardened gentoo or devuan instead.
Evan Cruz
Practically speaking, is using a password for UAC instead just a yes or no prompt any more secure? I mean, there are ways to completely bypass it anyway.
Colton Reyes
It is if you can expect people around you to be using your machine and running executable files.
Angel King
I thought about that but I'm not concerned about physical security. I'm guessing if someone can remotely access my computer or if malware gets on my system that they could already circumvent UAC, at least if they know what they're doing. I guess it wouldn't hurt, though.
Justin Taylor
Could someone help with
Nathaniel Rogers
It always changes so it never ends.
Jacob Hill
Not really, it's really only good for enterprise stuff. You're fine with yes/no prompts.
Ayden Mitchell
Depends on what you are focusing on. Locking down your home shit will probably get boring fast. My work is in Certification and Accreditation and there's always a new thing to read and understand. Even just one seems endless. So learning two (FIPS 140-2 and Common Criteria) has been an endless escapade.
Jonathan Adams
=== /sec/ News ... or at least a progress report on how to defeat Trojans and evil maids: >Toward a fully reproducible Debian lwn.net/Articles/757118/ >The three developers of the title are part of the sharpened message, each being an example of the problem that reproducible builds aim to solve. Alice, a system administrator who contributes to a Linux distribution, is building her binaries on servers that, unknown to her, have been compromised; her binaries are trojan horses, carrying malicious content into systems that run them. Bob, a privacy-oriented developer, makes a privacy-preserving browser, but is being blackmailed into secretly including vulnerabilities in the binaries he provides. Carol is a free-software user whose laptop is being attacked by an evil maid called Eve, the third developer of the title; each time Carol shares free software with her friends, it is pre-compromised by Eve. All of these attacks hurt free-software users and the reputation of free software as a whole.
Nicholas Price
it's depend on the vulnerability on your system. if attacker compromise your system an got "System" access (NT SYSTEM) the highest privileges it could bypass UAC and disable UAC permanently.
Did I take out tons of debt to be no more educated then youtube videos can give me? How fucked am I?
Michael Hughes
You can learn a lot over the net. There are however two important things you will miss out on that perhaps most student do not fully appreciate: - networking: getting to know people is a huge plus that is where ivy league etc. has a lot of strength; - certifications and exams: no matter what you know counts for little if HR immediately bins your application for lack of formal documentation of your skills.
Hunter Rogers
So use the leftover student loan money to grab as many certs as possible?
Any recommendations on what cert's to start getting?
Also how2network?
Noah Reyes
I don't have enough insight to be specific other than this: >how2network Get a LInkedin-account and use it strictly for professional use. Keep in touch with fellow students.
As for surveillance, well, I think not having a Linkedin-account is in itself a red flag when you are a professional.
Cameron Murphy
Am I the only one literally worried about this kind of thing? Risking to sound larper, that was one of the most unsettling things I felt on DE:MD. That the Picus' manipulation was dangerous close to reality.
Jaxon Lopez
>Am I the only one literally worried about this kind of thing? I have read a little about propaganda in general and have been concerned about these things for years. The more you read about propaganda the more depressing views you get about people in general.
>Risking to sound larper, that was one of the most unsettling things I felt on DE:MD. That the Picus' manipulation was dangerous close to reality. Not sure what this is.
Noah Powell
Deus Ex: Mankind Divided. Check Picus related content or just google "Picus Vault"
Jonathan Nguyen
Yeah this is just an automation of what was already in place. Maybe it gets easy/cheap enough for everyone to do all at once instead of specialized military/covert operations. The end result probably won't be more effective propaganda but less effective communications for everyone. Will probly need to develop more effective verification. Something simple like ML analysis of wiki edits around posting of things might be a good starting project.
Easton Sullivan
I'm really tempted to apply for a pentest job but I have no education on the field. I have been playing wargames though on HTB and got a few active boxes and learned my way there with Ippsec's videos on retired boxes and the job application says that "you don't have to know everything, we will teach the rest". The thing is that they require to know how to code, I can read code and modify copy pasted programs to fit my needs but I can't write a full program myself. Do I look like a fool if I apply now, should I practise more, or am I going to just waste time trying to get further myself? Halp pls
Isaac Wilson
Can someone please share that image of Elliot from Mr. Robot with the distorted face?
Makes me lmfao every time
Jose Baker
>M-MUH GAYUMZ
Landon Smith
Bump
Nolan Sanchez
anyone attack any stock router wpa2 implementations? had any luck?
Gavin Perez
Trouble is, the border between propaganda and advertising is increasingly unclear. Add to this that foreign interests are growing in elections and you might even have military grade propaganda in a setting that supposedly is civilian.
Bentley Cook
>the border between propaganda and advertising is increasingly unclear. Is there really a difference?
Austin White
Dude, always apply. What's the worst thing that could happen? I got my current job from a company I applied to, in which I had no hopes of ever making it in. But I got lucky, so yeah
What languages do you need to know to get a junior position as cybersec? I got Python, bash, basic C (I know I need to work more on this one) and now trying to pick up Go.
C and Python are probably the best, but that depends on what type of infosec you work in. I didn't really need any to start, although being able to read C helped. But if you do C, Bash, and Python, you'll be fine.
Blake Nelson
>Is there really a difference? Propaganda seeks political power and then optionally financial gains. Advertising seems financial gains and then optionally political power.
With politicians switching careers this is blurred even more.
Daniel Lopez
Thanks. I know that Go is used a lot in networking and lower-level stuff, is it used in infosec at all?
Christian Russell
I've never seen Go, so I can't provide insight. Assembly or VHDL (for fpga's) are valuable. Honestly though, if you are looking for entry, focus on the broad topics of infosec. SSCP is good cert for outlining that info. Unless you are looking purely for a software position, going more narrow limits your options.
Matthew Rivera
Forgot to add: you'll be more than fine language wise with what you have. It will at least show you have a background, and if they require you to know a different language, you'll have shown you are capable of learning it.
He mentioned electronic money. What is the best bet here? Best way to go? Is there any nowadays? Obviously it isnt BTC
Grayson Ortiz
One profits a corporation, the other profits a government Monero for anonymous transactions or zcash or dash. Bitcoin for investment. Random popular shitcoin for day trading. Ethereum for cool apps.
Lucas Lee
>Monero Zooko said something vague about a [possible] protocol flaw at 34c3 iirc. but then again his whole talk was shallow
Brayden Bell
He was probably talking about this: gizmodo.com/at-least-two-flaws-in-monero-could-make-some-transactio-1824133518 Not really a huge deal, the true amount of a transaction can sometimes be identified, but concerning for a crypto that has postured itself has being privacy centric. Monero is still the gold standard for washing crypto.
Anthony Smith
nah not really been into reversing for years there are boring aspects but my successes more than keep me interested
Robert Hill
Does anyone have any good books on hacking and cyber sec? I tried pic related from the ft server and it's 300 pages of shit. All it does is teach you how to install Kali on a VM and then runs you through the basics of python.
>This chapter is kind of an introduction to the advanced concepts of Python. Since this is the final chapter, I would like to tell you about where you can go from here. >You can either build web applications with the help of Python or you can do some security networking stuff. Finally, like me, you can choose the interesting path of ethical hacking. All these things and more you can do through Python. >Let us see how we can apply our basic knowledge of Python in socket andnetworking. Write down this code on your IDE and see what output you get. >The output is like this in my machine. You can test any other web site to get its address. This is the tip of the iceberg. Lots of things are inside. It is better for you to see everything that is inside than for me to tell you, as I feel you should concentrate on trying to write basic concepts of Python more and more. >In the further study of the relationship between ethical hacking and Python 3, you’ll find these socket and networking concepts extremely useful.
no stop asking this stupid question reading books will not make you a good hacker you just have to do it teach yourself to audit code; write some exploits, play some CTF/wargames; learn about different classes of vulnerability, learn about computer architecture. there is lots of documentation out there, but reading a book cover to cover is generally nothing but a waste of time
Aaron Edwards
>play some CTF/wargames I know of a couple of sites that host wargames. If I participate in one of them using a virtual machine I should be safe from any harm, right?
Eli Reed
no, your computer might explode just give up
William Bell
The hacking exposed books tend to be decent. I picked up the Wireless Hacking Exposed and the Kali Wireless Hacking book by Vivek and I keep them as resources.
Noah Jackson
thx dude
Ryder Robinson
Thanks senpai
Alexander Ross
New wpa3 announced. Now wireless security want be shitty, save for rf jamming.
Nicholas Collins
OK, so my plans for getting a new phone has to be postponed, again:
=== /sec/ News: >Every Android Device Launched Since 2012 Impacted By RAMpage Vulnerability it.slashdot.org/story/18/06/28/160220/every-android-device-launched-since-2012-impacted-by-rampage-vulnerability >The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards. A few years back researchers discovered that when someone would send repeated write/read requests to the same row of memory cells, the write/read operations would create an electrical field that would alter data stored on nearby memory. In the following years, researchers discovered that Rowhammer-like attacks affected personal computers, virtual machines, and Android devices. Through further researcher, they also found they could execute Rowhammer attacks via JavaScript code, GPU cards, and network packets.
I just want a nice Palm Pre 5.
Aiden White
Implying this infographic isn't a disinformation campaign funded by traditional media outlets.
Social or traditional media have no interest in having their readers question the contents they spew out to their readers or followers.
"Hack the Spew" seems oddly relevant here.
Evan Bell
But that book is telling you about hacking and cyber security, it literally says "Beginning" in its title.
Newsflash for all the retards here: cyber security requires solid networking knowledge. If you get stuck on the question "What port does ping use?" then you are a certified dumbass.
Hunter Hall
Is English your first language? The infographic says not to trust any third party site without vetting it. What exactly would you use to compare third party sites except traditional media or media megacorps?
see, this is a good tip for a beginner. So now, are there any solid networking books you'd like to recommend?
Owen Mitchell
The Network+ book by Mike Meyers is always a safe place to start. The CWNA book by Coleman and Westcott is good for 802.11 wireless. Rappaport also has a good book on wireless communications but it tends to be more pricey.
Christopher Cox
Where to go after reading Hacking: Art of Exploitation? I'm interested in writing exploits, so I was thinking maybe just reading a shit ton of bug bounty write ups. Do you fags have any good ideas?
Chase Scott
Check out metasploit
Elijah Morris
>Is English your first language? No. >The infographic says not to trust any third party site without vetting it. What exactly would you use to compare third party sites except traditional media or media megacorps? I compare what they write with what I have first hand knowledge of.
Samuel Cox
> that 30 years old bummer who still cannot read Cyber(security|punk) -> There's a match
Brayden Harris
Page 7
Angel Edwards
I think the next thread will need a snazzier picture.
> Cybersecurity General > IRC IRC is incredibly insecure. You just discredited yourself. I stopped reading there. Have fun with your clueless group.
Henry Hill
stop being a faggot. You don't need to use the most secure shit at all times. It's only when necessary.
Colton Powell
>what is OTR >what is SSL/TLS Ok son
Adrian Anderson
>that 30 year old boomer who can't use a bouncer and keep good opsec with his online identities
Samuel Price
is it dumb to have a fear that if for some reason i became famous, that some disgruntled google employee would release all my search history, or whatever?
I'm really worried about that.
James Rivera
I'll make a better guide later to get into Cyber Security. I'll give an overview of our red team track:
Beginners: >Overthewire labs and using linux in general to get used to the environment. Maybe a codecademy course on python or bash.
Intermediate >start using Kali to target a Metasploitable VM >use guides or whatever, just get used to being able to pop easy targets
Advanced: >Hackthebox machines and challenges >Vulnhub Vm's and posting your writeups >Making security tools or giving talks at conferences on a topic you researched.
Books you should have: Hackers playbook 2, Art of exploitation, Metasploit guide
Install VMware and get to work and after a few months, you'll probably be in a good place, maybe even at a place where you could start as a junior pentester or junior security analyst responding to tickets all day.
Gavin Harris
thanks for putting in the effort. I'm already done with the beginners part, actually working as a Python dev, but I'd love to start sinking my teeth into the Intermediate part. Thanks again.
Juan Fisher
Who develops jn python? Honest question. I only see c and c++.
Leo Gonzalez
I've abandoned my irl identity and taken on a fake name. Maybe that will help.
I just take pride in my tranny and cuckold porn searches. It was a phase.
Asher Powell
Question for CybSec:
What do you think of Social Justice?
I ask this because it seems that the authoritarian socalistic ideology seems to have a track record of ruining cool ideas and i fear that cybsec may be its next target on the campaign to be useful idiots for B!gBr0.
Carter Martinez
lol fair question, I meant WEBdev, but yeah. We just write small internal tools for a small sales company, less than 10 of us programmers in the company.
David Lee
Lol fuck that shit. My company kinda has the diversity vibe trying to start but niggers can't last the first month here so they gave up hiring them.
Nathan Hill
That's still cool. I mainly work with network device developers so that's probably why I haven't seen it. Sucks, I only really know python so I need to bs my way through source code auditing for FIPS when it's in C
