/cyb/ + /sec/ - Cybersecurity and Information Security General

Cyberpunk has nothing to do with cybersecurity.

Tech is influenced by cyberpunk's view of the future, from the past.

I have to say this is the coolest OP I've seen, truly shows the effort and the quality we had over the years. When a future generation look back they will admire the pages of the pastebins and its awesomeness, mark my words.

Following up on the Outerheaven posting from last thread: any plans on knowledge management? the FTP site is full of files but the ordering is increasingly complex and some files should have been moved around.

Cyberpunk Hardware
It's literally the closest thing to proper open hardware you can get today.

Attached: T2P9D01-block-diag.png (1359x1039, 94K)

Although you still have a firmware blob in the NIC, but the CPU has IOMMU so it shouldn't be much of a problem.

There is still another blob for the optional SAS-controller's firmware, but that too should be safe with IOMMU.

Raptor also has a contest if someone manages to build open-source firmware for the NIC:
raptorcs.com/TALOSII/nic_fw_contest.php

Attached: T2 SAS controller, no heatsink.png (1140x744, 1.09M)

Buffer overflows. Whoever said server message block is an idiot.

Not as much of an idiot as anyone using SMB though.

So what's the point in WiFi hacking anyway? Just for the free WiFi? Or is there something more you can get from connecting to a network?

You can get literally anything from anything their wifi is connected to, idiot.

The ideal is to be able to do this of course

Attached: 1337_part_1.png (740x180, 36K)

if you're dealing with 99% of all users' networks then you've got everything they log into, download, send or receive, anything stored on the network. Then that may recurse.

What can we do user

I must be misunderstanding something... do the users who connect to the network with legitimate credentials also have this capability?

Yep

So simply by connecting to a WiFi network, you can monitor the traffic of all the other users on that network? That doesn't seem right. But anyway it's mostly all encrypted so you wouldn't be able to get much.

nah see if you are using stuff like auto configuring DHCP/DNS then anyone on the network can kind of... overrule your router's configuration and give their own instead. Then you're not just passively alongside their network connection you're MITM'ing them and anything goes. You'll have very few issues of certificate pinning or anything like that practically.

WPA-PSK only protects you from people who don't have the password, since you can deduce the encryption keys during the initial handshake, and it's easy to force machines to do the handshake again.

On WPA-enterprise, each user has a different key, so this isn't the case.

Yes, HTTPS can protect you from this, but many users might not notice if you proxy and HTTPS-strip their connections.

theres also the possibility of getting into admin shares and dropping root CAs to subvert that as well.

Ok but don't you need admin privilege or something? For instance on a school network, I don't imagine that every student who connects with their assigned student credentials is capable of pulling shit like that.

It's not a matter of actually changing the router, it's a matter of getting there first or more authoritatively.
>You: I'd like an IP and gateway please
>Badguy: I'm your router here's the info
>Router: I'm your router here's the info

That's unrelated to password cracking though, isn't it? You just have to respond to their WiFi probe requests pretending to be the legit network. I was wondering what sort of information you could acquire about the users of a network by connecting to said network.

Like I was saying once you're MITM'ing them there is potentially zero encryption. You don't have to crack anything.

Yeah I'm just wondering why there's this huge focus on password cracking for WiFi networks. Do people really go through all that effort just to get free WiFi?

Also, how practical would it be to "strip" mobile application data of its encryption? For instance if someone uses a third party messaging app on their phone over WiFi, it's usually encrypted and not via HTTPS, unlike web browser traffic which uses HTTPS.

Uh, ignore my second question. I'm a dumb dumb. For some reason I associated HTTPS solely with web browsers when it's actually TLS that's used for pretty much everything.

Basically wifi access = potentially total access. It's low hanging safe to pick fruit and if you can do it at speed then you don't even have a high investment.

SECURE mobile apps are the one place you might actually run into certificate pinning which means you'll never ever be able to MITM that shit. if it's pointless crap then I dunno what you'd get from the traffic. Cert pinning is usually shit because there's no way to self-update around a breakage but if you've got your app stores doing the updates for you it's very cheap to implement.

Is it possible to determine, from a given piece of ciphertext, which encryption algorithm was used to generate it?

Sorry for the delay on replying....have been working my ass of f on OuteHeaven and passed out for 13 hours.

On the FTP questions: I have the highest esteem for our FTP collection here and the user who has worked so hard to provide it.

Yes, we will have a backup of it....I am thinking that we need an online and offline backup of everything, and I worked my ass off the last few months so we can afford anything we need.

For arrangemetn of our materials, I am thinking of ordering it as I will our other resources: Hacking, Information Security, General Computer Science, General Cyberpunk, Martial Arts, Images.

The only issues with the image library is the degree of stegoed CP...like remebmber the sink post? I wouldnt touch that think with an Evangelion length pole....it is an issue we will need to figure out.

from the header, otherwise it's (ideally) indistinguishable from random gibberish.

Biut as far as the FTP site user, I am down for whatever you'd like do...that is your rodeo.

If yoou'd like me to turn the online/offline spaces/VPS over to you, I will brother...I feel I owe you quite abit Constant K.

I allow password and root login, accounts have mediocre passwords, no rate limiting. How fucked am I?

If you have the psk, you just need to sniff a 4-way handshake to get another users keys. WPA3 will work differently since it's using SAE and ECDH. Also enterprise has unique pmk's per supplicant as well.

Does all ciphertext have a header stating the encryption algorith used?

it probably doesn't HAVE to, if theres some assumption of what will be received and who sent it.

GENTLEMEN.

my old job gave me an awesome ipod air.

however there was a bunch of security programs for trakcing built in.

can I somehow reset the ipad air so it cant alert my old job that it has been opened again and fucked with?

I mean opening it without internet and resetting it should do the trick yes?

Well if they gave it to you ask them to take it off the mdm and wipe it silly!

no dude, they gave it to me for work, as a contractor.
I technically still work with them once in a while.

don't want them to get any sniff of the fact that im whipping this device.

guys I have a question This is hypothetical, I cant really test this since all my routers are openwrt based.

But lets say I have access to a router firmware and it has GPL, and I compile my own firmware with netcat installed on it,

If I have netcat connect back to a server of mine, can I perform mitm attack this way or sniff the packets coming through?

If it's managed they will be able to tell that it isn't phoning home.

With at least open layer 2 encryltion, there is a byte dedicated in the header frame to signify what type of encryption is being used. Proprietary systems may not need it since they are built for a specific encryption method.

Anyone have a download to an SY0-501 study guide or pdf?

I downloaded the sebex ones off of gen.lib.rus.ec/

>Expected an age of cyberpunk to happen when Trump's gets in power with corporations replacing the government
>Instead we got middle aged roasties and niggers chimping on the streets

What went wrong fàms?

Attached: 1479643921998.jpg (750x571, 96K)

any y’all doing hackthebox?

A bit stuck on poison, I can’t workout the correct syntax to ssh into the vnc session on poison

> all these plebs using NIST approved protocols (NSA jiggered & compromised).
Friendly reminder that TLS (and SSL) are garbage, offering ZERO security.

k thx bi

youtube.com/watch?v=Z7Wl2FW2TcA

Attached: 59c969abcd205.jpg (366x464, 50K)

The e-mail for ouerheaven is now outerheaven.space@protonmail.

-

>Provides no alternatives
legitimate argugment, user

I will also post a link to my (maderas) pgp public key block in a bit for secure communications.

What syntak have you attempted? Is SSH needed in order to gain access to a space from where you can engage the box?

If the SSH session is part of the engagement, can you use a pivot host to gain entry?

Like lets say SSH is blocked in your real estate (boxA), Boxb is the attack box in the engagement nettwork, Boxc is the pivot host with SSH access to BoxD, the host you want access to (we are assuming you have prior access to all these boxes).

You can use transparent multihop:
ssh -A -t boxB.com ssh -A -t boxc -A BoxD

Even if this isn't the case, the concept is gold for Opsec, engagements, etc. and this page changed my view on SSH (which I have always loved) as a whole:
sshmenu.sourceforge.net/articles/transparent-mulithop.html

And remeber, if a firewall is an issue with VNC or RDP when you have access, these services can have their protocols tunneled via many many means for even greater awesomeness.

Probably not a help to you right now, but I nerd out on this stuff hardcore parkour.

*Like lets say SSH is blocked in your real estate (boxA

I meant boxD won't accept SSH from anywhere besides BoxC

Well given each box is its own self contained assignment, bouncing off other boxes to hit this one isn’t necessary.

Is ssh necessary? I am pretty sure so. It’s the method of entry I have; a username and a password.

Is there a way to bounce from an ssh session from my attack machine to the victim, then from the victim to its internal ports to open the vnc session?

>Well given each box is its own self contained assignment, bouncing off other boxes to hit this one isn’t necessary.

ohhhh...The only virtual labs I've worked in that were public/semi-public are the OSCP labs whuch I've maintaned a PWK since Feb of 2017...its the reason I haven't taken the OSCP exam yet.

>Is there a way to bounce from an ssh session from my attack machine to the victim, then from the victim to its internal ports to open the vnc session?

If you have privileged access to the victim, and the victim machine is the host for the VNC service you want to run, than you can establish access to any service you alike, install that service, start that service, etc...for instance, when I used Metasploit alot during engagements in Windows AD environments, my favorite persistence method was the post exploit moduke that created RDP sessions.

>I've maintaned a PWK since Feb of 2017...its the reason I haven't taken the OSCP exam yet.
Hey dude. Wondered if you were still lurking around here. What happened at Schneider? You aren’t there anymore are you?

>If you have privileged access to the victim,
only low level access. The priv esc method is to run the vnc session, as it’s run as root. Just unsure how to, as I’ve never used one before on Linux

Holy shit, forgot all about that. Thanks user!

Attached: Screenshot_20180712-015630_Chrome.jpg (1080x2220, 673K)

Mitm for networks requires intranet access since you need to poison arp requests to the gateway. As far as your second question goes if you want to sniff network packets who have to be ON that network with root/admin access to the interface. Yhe packet sniffer has to be able to read layer 2 and set the interface to promiscous.

Completely plebeian question.
Do modems record a log of browsing data or connections? I know routers do, and I do have a wireless router, but I need to replace my modem and am wondering if it's safe to hand over to the ISP or if I should do something to it first.

Ssh can be used like netcat to listen for incomimg connections. Ive never done poison though, so I cant really help you without getting more details.

>Hey dude. Wondered if you were still lurking around here

When I stated I was going to take a break from here I while back, I meant it. I did stop by from time to time to say whats up, both I needed to ficus on a consultant gig I had and building the infrastructure/capitol OuterHeaven needs.

> What happened at Schneider? You aren’t there anymore are you?

My position at Schneider was never meant to be permananet; it was more about nextgen dev, helping stand up the InfoSec offerings they were/are developing, hardenong business relationships with their clients through my Red Team work, etc.

I was a huge part of developing/standing up their InfoSec posture, building belief/value in sec within the company, etc...I was able to engage some of the most secure environments in the world...it was a blast and they were a great company to work for and made my career in many ways.

They closed the Penetration Test and Vuln Assessment Lab and never re-hired a replacement in North America...I wish I was around to do more for them with Triton, but it wasn't to be, though I was involved in the earliest investigations by the company.

I went to National Grid for a Senior Red Team consultancy from there, did some great work with another great company, made alot of cash, and now I have the time/capitol necessary to fulfill my commitment and make OuterHeaven happen.

Lifes good man...I came from dirt and have a GED education but worked my ass off and my vocation is my life's art...now its about paying everything forward.

>▓ Fables, realities, prophecies and mythology of a community:
>░ What is cyberpunk

Herf derf le information supa hwy cyber security + LARP

You bottom feeders were way more fun when you were pretending to be "Analysts" rather than caricatures of JP from Grandma's Boy.

Attached: 2OpQUNt.jpg (220x167, 20K)

>only low level access. The priv esc method is to run the vnc session, as it’s run as root. Just unsure how to, as I’ve never used one before on Linux

So the priv escalation method is probably about expliting the VNC service itself to escalate rpivilege, which means may not need to actually run VNC; think symlink based Linux escalation to bin/sh

Here is a classic resource for Linux priv escalation

blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

>Ssh can be used like netcat to listen for incomimg connections. Ive never done poison though, so I cant really help you without getting more details.

user has a great point...maybe any of number of the named pipe escalation techniques or service forwardings?

I got to hand it to you VNC issues/Poison hackthebox user, you are doing ut the right way tryng to figure it out manually and not just executing a tool or script top escalate privilege...knowledge/competence always trumps tools...I despise automated tools/

>you are doing ut the right way tryng to figure it out manually and not just executing a tool or script top escalate privilege
Eh eh eh eh eh

Sorry to disappoint but I am only going this route because linuxenum.sh etc etc have all returned nothing due to it being a bsd box. I would abuse the scripts if I could.

I’ve had a good poke around gotmilks stuff for other boxes, but it’s really shitting me how different bsd and Linux are. Yeah I know it’s obvious, but I didn’t really know it was different until now!

personally I'd favor git because everyone can contribute while it's still moderated
@maddy: citadel says it has filestorage capabilities. Do you know how good they are?

client isolation is hardly used in low end appliances

Regardless user, script or not, you got tenacity and didn't just give up or jump to the answer.

>citadel says it has filestorage capabilities. Do you know how good they are?

Citadel c can interface/make available to users a ridiculous amount of services, including an independent XMPP/Jabber connection so folks can post messages/interact without using the telnet/Https interface.

I want to say off the top of my head that Citadel can use Webdav or something similar; I remember there were some security concerns I had with it, but I can't be certain.

I was thinking I'd set up a Nextcloud instance,either independ from OuterHeaven's IP space or possibly as a VHOST and harden it/make it more private

>stego
Imho the only way is trust.
There are just so many different methods if sneaking a couple of bytes in somewhere, scanning for all of them would just cause trouble with false positives.
Given our fondness of slightly distorted images if that was a legit manipulation or let's say snowcrash as a filter

check your sshd's log and see for yourself

Well jesus. That's some fucked up shit.
Can we talk more about self sufficiency? Because damn.

Attached: Shelter.jpg (671x438, 33K)

ipod doesn't have mobile data, yes?
Power it on where there's no known or open wifi around and remove the mdm stuff. They're all based on Administration certs iirc, but you'll need this devices appleID. If you have said apple ID you can also wipe it
>t. managed mdm a few years ago

in short: yes but netcat isn't the best tool for that.
just drop a openvpn instance and do what you want afterwards

>Imho the only way is trust.

I agree user. It is more important to me that OuterHeaven's services are provided/available.

self sufficiency is hard but so are also protecting supply lines. It is not feasible to have everything available in each and every community across a country. So even with self sufficiency on a national scale a loss of supply lines can be a disaster.

Bumping with some insidiousness:
welivesecurity.com/2018/01/12/taiwan-rewards-winners-malware-usb-sticks/

"It was, literally and otherwise, more stick than carrot for some winners of a recent data-security contest in Taiwan, who must have been stuck for words after their prizes turned out to be malware-riddled USB sticks.

The country’s Criminal Investigation Bureau (CIB) handed out 250 USB thumb drives to members of the public who had passed a quiz testing their cybersecurity knowledge, which was held as part of an information security event hosted by Taiwan’s Presidential Office between December 11 and 15 of last year. Little did all those involved know that 54 of the eight-gigabyte units contained malware.

The distribution of the USB sticks was halted on December 12 after some of the quiz’s successful entrants reported that their rewards had been flagged by their security software as containing malware. Twenty units had been returned while apparently the rest remain in circulation.

The malware, called XtbSeDuA.exe, is designed to steal personal information from 32-bit computers. If successful, it attempts to relay the data to a Poland-based IP address, which forwards it to unidentified servers, according to CIB. The malicious program is known to have been used by a cyber-fraud ring uncovered by Europol in 2015."

Not that hard. My mom have been growing her own food for some years in the woods of Maine.

>winners of a recent data-security contest in Taiwan, who must have been stuck for words after their prizes turned out to be malware-riddled USB sticks.
Your prize is no prize.

Attached: CD0034E5-5C42-4039-A388-D191402D52A3.png (200x200, 26K)

hahahahaa....

Notes to self:
1) Hide powerlevel
2)If revealing power level, do not except USB a prize

Kind of a clever way for a state agency to target "hackers"..

Wasn't Risc-v with blobs only on the peripherals?

Bump:

iicybersecurity.wordpress.com/2015/05/25/how-to-intercept-satellite-communications-easily/

Also:
iicybersecurity.com/intercept-satellite-communications.html

Interesting stuff:

iicybersecurity.com/blog-eng.html

In-flight Entertainment System Security

In-flight Entertainment System Hacks

In-flight Entertainment System Reset

Flight Communication - Navigation system hacks

Flight satellite and navigation system security

How to do satellite jamming

Intercept mobile communications

Intercept satellite communications

How to easily hack Smart Televison

Flight satellite and navigation system security

Security & Hack Nuclear Reactors Isolated Networks

Pentesting – Cracking – Analysis of iOS Applications

Steganography of Secret Audio Message Files

How to do malware reverse engineering

Attack & Intercept satellite communications

How to scan whole Internet in few minutes

Enterprise data protection services and solutions

Secure database with security audit and courses

Defining Information Security Plan

Secure data destruction of information, files

Influence the electoral processes in democracy

How to scan whole Internet in few minutes

Enterprise data protection services and solutions

Nice try, OP.

As far as I know, yes. And I think it was the line driver for DRAM that had the blobs.

hahaha...you are doing a great job OP.

I am glad to see that the changes I made to the pasta made a return/was improved...I know some folks hate the symbols, but I have always liked them as bullet points.

I am super grateful for this thread and its anons...words/feellings I never thought I'd have for anything Jow Forums related hough Jow Forums is embedded in my DNA now; honesty is a gift these days\.

Tutanota is better.

>tfw they think I am OP
Meanwhile real OP is confused.

Jesus this tread has been absolutely popping lately! Normally I wake up and have to issue an early morning bump to keep it afloat but you guys have been so active lately that it hasn't been necessary. It's very heartening.

indeed. Am I the only one that read your post as thinly veiled critique that our resources could use some refactoring again or is my sarcasm detector that far off?

I know this is Jow Forums but you got to take a compliment when it happens.

Stallman thinks DDOSing should be legal
youtube.com/watch?v=R3xXFSMd20A
And his explanation is sensible.