Real dirt bag hours boys. Anyone in the know have any idea how common it is for applications to do their own custom certificate validation? I'm starting to think maybe my web proxy just doesn't share a common sll cipher suite either between the app and the proxy or the proxy and the internet. I find that shit hard to believe in 2018 though.
I always try and keep it bumped, we've been doing really well for the last couple weeks though, especially when you consider how few posts this thread used to get. It's nice to see a lot of active people in here with such varied interests.
Charles Lee
Either overthewire.org or grab a book about the CCNA (ie. Todd Lammle’s book is nice).
>other resource Please enjoy our FTP site with tons of resources, and especially the infographics:ftp://collectivecomputers.org:21212/Books/Cyberpunk/Tech/Infographics/
So I've tried into "hacking" and programming, but I'm too much of a brainlet for those things, can I just be a coolboy that wears cyb clothes, rides cyb bikes and does the physical stuff? I'm Jow Forums
Jaxson Moore
Is that why you quit doing threads, hackerman?
Julian Miller
If you're confident and not autistic, social engineering can be just as important as hard skills. There are plenty of autist keyboard warriors out there who can't talk a customer service rep in to doing something to save their lives, make some friends.
i learned reverse engineering because of this general. Passed both binary bomb challenges and a bunch of pwnable challenges. what are some good "real" software pieces i should hack that arent obfuscated or phone home when broken into
Jonathan Howard
I liked those, although I was ever the OP, nor did I bump it too much, the resources were the things I went there for the most. I'd say I'm pretty confident, I mean, most people dont even realize that I'm a neet because Im good at making people believe that I'm something else. Guess I need to learn to manipulate people better though (even though I hate marketing) It would yeah, but I'm 21 and stupid, so looking that far into the future feels depressing, which ultimately is why I give up/stop paying attention to what Im doing (I did most of the course for python on codecadamy, but I admit easily that I didnt learn much) Thanks for the resources, although I don't think I'll stick to it too much Yeah, since people fall for lies the easiest, but that would mean I need to make friends with competent people, but they make themselves hard to find.
Joseph Nguyen
You'll do alright dude. Just study the stuff you find interesting.
Teebeeh cyber security has nothing to do with cyber security
Isaac Carter
Can someone find out which Router that is? Producer: ASKEY COMPUTER CORP Used in a ISP company for customers: UPC I was too dump to find out.
Jace Johnson
=== /cyb/ News:
>The "super suit" that helps people move bbc.com/future/story/20180705-the-super-suit-that-can-help-people-walk >The suit’s ‘electric muscles', powered by tiny motors, contract in a way that mimics human muscle. These electric muscles are integrated into the clothing around the joints of the body and attached via grips in the clothing. These grips function like tendons in the human body.
Ayden Miller
Two job offers, should I do cyber threat intel or CIRT analyst? The CIRT role seems to just be SOC and not proper IR. Both financial services. Comparable money. Would be grateful for any advice or thoughts on this.
Xavier Gonzalez
You know what bothers me? Why the fuck can I still not edit text messages. Slack and Discord allow it.
Sneaky bump to say that cyberpunk IS cyber security
Jace Parker
prolly bash, python (for your "personal" use, while automating boring stuff) and some php/java/go/node/whatever they use where you plan on working (at least understand how the environment works and how dependencies are installed and shit).
also some sql is always helpful
Ryder Cooper
These are the ones on my machine. I've got them from Lots of interesting books there. there are 2 other .rar files in this one, i just didn't want to upload 2 files It's from the Computers/Networking/TCP-IP folder. my.mixtape.moe/gklclg.rar
Henry Price
sms blockchain when
Mason Thompson
i did the codecademy python course too, it's only good if you work on your own project on the side.
Owen Gonzalez
I've got a book for you too. my.mixtape.moe/myafap.pdf Best read with an ereader, i can only recommend them, but get one with lighting. Also what's the best compression method? I've been fooling around with WinRar, and I got the best results with dicitionary size similar to individual filesize. If dictionary size is bigger, than filesize, i get the same size as the previous setting.
So i was trying a network scanner app on my android phone, and it showed no online devices, but if I scan a individual ip address it will show that device online.
I really don't want to scan one by one, the methods I tried was ping, and dns request but still showed all devices offline.
Is there another app I could try, I have non root phone.
Isaac Ramirez
Fiddler 4
Nolan Edwards
If I were to dual boot arch linux with windows, would there be any security concerns that wouldn't be present if I just ran arch alone
Daniel Morris
>no one has mentioned SANs cyberaces
Lel fucking /larp/ generlel
Daniel Martin
Seconded. Fiddler is pretty good.
I know for a fucking fact that both Google and Yandex can id this.
Justin Murphy
yeah it's great but I'll like to examinate the requests using zap proxy
Nathan Taylor
What are you dudes doing this friday night anyway. I'm still trying to reverse engineer that android APK. I can successfully intercept HTTPS traffic through my proxy now but i'm suspecting that this app is doing it's own Custom Cert Certification. I disassembled the Apk but I can't find any reference to the x509 interface being implemented. I'm going to be annoyed as hell if it just turns out to be something to do with the sll cypher suites being used.
/cyb/ related.. nothing. I was gonna do some coding on golang, but idk people seem to say that programming language is a meme >implying not all languages are a meme
No /cyb/ related. Figuring the mechanics of these drowned mobs in minecraft work. Trying to automate a farm.
Luis Garcia
Had to repair my landlords swamp cooler cuz it's in the 100's all weekend. Now going to bed early cuz I'm working outside through the weekend (sat installs as a side gig). What app are you trying to fuck with? Can't you just see what it's negotiating in the tls handshake sniffing the wire?
Mason Wilson
It's the app my apartment uses to do payments through phones. For some odd reason even with valid credentials it fails to log in every 3 out of 4 times. It got me curious and now i'm trying to figure out exactly why it's so dog shit.
I'm interested in getting into reverse engineering android apps in general and I thought an ultra shitty app would be an easy way to start because it's almost guaranteed they cut corners and I have a hard time sitting through offensive security classes and it's all just theory with no practical exercises.
Camden Murphy
So do apartment places all go through the same company that apparently only hires offshore Indian dudes to do their android development? It feels like the same 5 guys are just making the rounds at different companies and releasing shit code. The same 5 programmers for their shitty apps and the same 2 impatience men to hap haphazardly put band aids on all the places problems.
Cameron Davis
Really wanted to go into the cyber security field but i fucked up my first year of college(computer engineering. thinking about switching into a differnt program i got offered admission to an i.t security degree but honestly im really scared. i dont think ill be able to make it through, I suck at math and i feel so stupid in all of my classes(lack of friends leading to no social life plus playing video games all the time and i basically just watched myself fail). its actually depressing the fuck out of me since I was so set on going into the computer field..... guess i can always just drop out and become a shitty web designer instead.
any advice anons ??? need some serious guidance.
Charles Morales
Go for compsec.
Michael Morris
Yeah i want to, I just dont think i have what it takes
The first of these organizations is Zwiebelfreunde, a non-profit group based in Dresden that runs Tor relay servers and supports privacy and anonymity projects by providing legal and financial help.
One of the ways it helps these projects includes collecting donations from European users into its bank account and then relaying the raised money to overseas projects. Police search Zwiebelfreunde HQ, members home
Today, members of the Zwiebelfreunde project revealed that German police had raided their Dresden office and the homes of three members located in the cities of Augsburg, Jena, and Berlin.
The raids took place on June 20, and police told Zwiebelfreunde members they were in relation to the RiseUp project, a provider of anonymous XMPP and email services.
Officers told members that they were looking for information on the owner of a RiseUp email address. Officers said the owner of that email address registered a site (named Krawalltouristen - translated as Ruckus Tourist) on which it organized protests against the far-right Alternative for Germany (AfD) party convention in Augsburg, and called for physical violence against the group.
Naturally, police were looking for the man behind those threats.
Gavin Nelson
A pretty glaring flaw in the police's logic
But the Zwiebelfreunde group claims police went about it the wrong way. Instead of going after the RiseUp project, they went after their organization instead.
"We have nothing to do with Riseup’s infrastructure," said the Zwiebelfreunde group today in a blog post. "During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the 'ruckus tourist' blog."
Members of the Chaos Computer Club (CCC), a famous German organization whose members are mostly security researchers and hardware hackers, put the things in perspective as for why the searches were so ludicrous. The state prosecutor’s office in Munich has apparently been operating on the mistaken assumption that everyone even tangentially connected to Riseup would be able to provide information on any e-mail account registered there, including that of the alleged illegal website. [...] The mere presence of an e-mail address at a large free provider on a website has caused law enforcement authorities to deduce that a German association that helps raise funds for this provider must be connected to this website somehow. Although Zwiebelfreunde clearly has nothing to do with the operation of this provider, they were suspected anyway. That these searches and seizures were ordered by the Bavarian police shows either forensic incompetence at a very advanced stage, malicious intent or both. [...] With such contrived reasoning, almost anyone could be searched if the anonymous website had been operated by people with a Gmail address. As a consequence of this clearly nonsensical attempt at logic, those involved in this as witnesses and their families have had to endure abjectly disproportional intrusions into their homes.
Eli Lewis
Police take revenge on CCC
But things didn't end here. In a blog post today, the CCC claims that soon after their members provided logistical support for Zwiebelfreunde members, German police decided "on their own accord" to extend the search to CCC premises.
According to the CCC, police searched its OpenLab in Augsburg, where they found hackers and computer experts working on electronic boards, surrounded by equipment and chemical substances needed to create such custom boards.
The CCC explains what happened on that day: After interpreting the contents of a whiteboard as a bomb making manual, the officers then went on to accuse random people present at the hackerspace of plotting a bombing attack. Three people were arrested on the spot and the hackerspace was subsequently searched without a court order and without any witnesses.
The police seized objects from OpenLab and used force to open locked cabinets holding member data and bank records. It has to be assumed that this information was copied and that the rights of members and supporters of both associations were violated.
German media reported the three CCC members who were arrested were later released on the same day without being charged.
"Just like with the initial suspicion with regard to the board members of Zwiebelfreunde, the subsequent suspicions with regard to explosives are incompetent, malicious or both," the CCC says.
"The suspicion of 'preparation of a explosive attack' is a grave and direct threat to the operation of a hackerspace - family-friendly OpenLab is open to visitors almost every day.
"If the mere possession of basic chemical knowledge is a cause for suspicion then pretty soon teenagers will have to hide their chemistry books from nosy cops.
Josiah Russell
Jow Forums told me riseup is just a bunch of communist anarchists though...
David Hill
Therefore the police are the good guys who the fuck cares what happens to these commie fucks?
Adam Russell
never used that one but network discovery and port authority work well. They're from fdroid but should be in the play store too. nmap does work just fine but it's a annoying to use on a mobile
Easton Jenkins
none that you'd have to worry about as long as you don't mess with the wrong boys
Ian Rogers
ah yes, german police at their best. There's been coordinated raids because of "hate speech" aswell some weeks ago
Carter Smith
Communist are worse than nazis. Who cares.
Luis Martin
In addition to I recommend Perl since there are so many tools already made. Especially if you take over an existing position you will probably find a lot of custom Perl tools made. Same with tcl/tk.
James Perry
I might soon try to crack some old 2000's web games for the sake of archival purposes. They can be played offline, but if so they are only a demo that is restricted by a timer. Invalidate the timer and it's full, should be simple enough for me to do. The web games are .swf files. Would my best bet be decompiling it with a freeware/pirateware tool and editing the code in Flash? I believe it would be really easy to crack the process in realtime with Cheat Engine by isolating the memory containing the timer value and modifying it, but I want the end result to be a cracked game for tech-illiterate normalfags to be able to use. Can Cheat Engine do any permanent modding like that? I haven't used it since I was 12 so I wouldn't know it's capabilities.
It is mildly amusing to see what the alleged intellectuals grunt out, demonstrating that it is possible to be intellectual while also anti technological and plausibly also unintelligent.
The generic complaints about "dead white men" reached new levels when Baudrillard himself expired.
Also: the Sokal social letter for that extra Bazinga!!
Nathaniel Jenkins
This is the world we live, were fascist rule and the dissidents are silenced.
Fascists are the real evil of this world. The rulers are capitalist pigs and the low end fascists are nothing but sheep.
It is quite possible that Google and others *can* id this. Trouble is, they don't always do that. If I search for a picture using right click and Google search from Chrome, the results are completely different from if I use the Jow Forums built in search link to Google. I have no idea why but I see this often. So when I search I have to use both methods and even then it happens I get no relevant hits. Far too many hits go to secondary sources such as Tumblr, Pinterest.
Wyatt Morgan
Jow Forums Nice trips
Angel Lewis
=== /cyb/ /sec/ News: There is a lot of talk about how Artificial Intelligence is going to save us. And few sell this harder than Google. And yet, we get this:
>Google AdSense Banned a Random Webpage About a 32-Year-Old Bill Because It Was About Sexual Abuse (vice.com) tech.slashdot.org/story/18/07/06/2227206/google-adsense-banned-a-random-webpage-about-a-32-year-old-bill-because-it-was-about-sexual-abuse >Earlier this week, an algorithm made an absurd choice. Google AdSense, Google's advertising program that makes up the bulk of the tech giant's advertising revenue, decided that a web page about a decades-old bill about sexual abuse was "adult content," and wasn't allowed to display ads anymore. The page, which is at least six years old and contains strictly legislative information about a bill called the "Child Sexual Abuse and Pornography Act of 1986" on free legislative research and tracking website GovTrack.us, tripped the AdSense algorithm that decides what pages are allowed to run ads. This single, very dry page being flagged as "adult content" is most likely a minor fluke in the AdSense algorithm, but it's a perfect example of how a tiny tweak in the way a platform uses automation to enforce policies can send a ripple through seemingly-unrelated parts of the internet. Time to coin AS: Artificial Stupidity, the regressive brother of Watson. Also:
>Here's what Google told GovTrack: "As stated in our program policies, we may not show Google ads on pages with content that is sexually suggestive or intended to sexually arouse. This includes, but is not limited to: pornographic images, videos, or games; sexually gratifying text, images, audio, or video; pages that provide links for or drive traffic to content that is sexually suggestive or intended to sexually arouse." The GovTrack page contains none of these, yet the page still can't run AdSense. Google, it seems, is aroused by the law.