This is not /cyb/ /sec/. No OP. No IRC. Final destination. I do not claim any expertise (I'm a beginner by most standards), but I'm curious to see if there's anyone else on Jow Forums who is serious about security. I'll make this thread a regular thing, if that's the case.
>How To: Aircrack-ng Aircrack-ng is an essential tool for beginners looking into cracking networks. It allows one to put one's card in monitor mode. Monitor mode is a function of one's wireless chipset, which allows the capture of 802.11 packets. Not every chipset, and not every OS, is capable of running in monitor mode.
In conjunction with a password cracking tool (John the Ripper, Cain and Abel, etc) , it can be used to take captured handshake packets, and crack network passwords. This is one of the most basic methods of taking networks, and is entirely skiddy. It relies on weak passwords, and even then can take several hours. Dictionaries compiled from what is known about those running the network can increase efficiency, and success rates. If one is looking to get one's foot in the door to network security, this is an excellent method. From here, research into better methods is advisable. I recommend running aircrack on a Linux distribution (Ubuntu, and of course - Kali - work well). Defending against this attack is simple. Randomized passwords of sufficient length containing a mix of character types will be more than enough to defeat an aircrack attack. Keep in mind the idea of exponential brute-force time, based on the length of a password. A twelve character password could take two hundred years to brute force, requiring computational resources well beyond the means of most amateur penetration testers. By utilizing Wireshark to detect a flood of packets, or unusual packets which interrupt a network connection (essential, since the goal of aircrack is to capture the authentication handshake) one can easily determine if one's network is being attacked in this way.
Jaxon Cooper
I don't know user, I miss them.
>Projects: I'm currently working on cracking WPA/WPA2's with a pixiedust attack, using the airgeddon suite. I'm also researching metasploit, and how to work with listening ports to drop exploits in. Any thoughts on common Windows 10 port exploits would be welcome. In terms of what I've been coding - I've been working up a silent keylogger in Python, which communicates with an anonymous data storage utility (guerrilla mail etc) to dump logs.
Christopher Nguyen
>Banter: Is Jow Forums really this technologically illiterate when it comes to security? Prove me wrong. Post knowledge. Post projects. I have to believe that there are others out there looking to learn, teach, or both.
I feel like a shitty LARPer, I just beat Bandit on overthewire, but I'm too much of a brainlet to get through leviathan or natas. I'm a uni-kiddo who has programming chops in Java, c++ and Python, some Linux and networking experience, but I feel like I'm missing ~3 years of experience to know what to do on some of this shit.
I also want to start a cybersec club at my University, but I feel like a brainlet when it comes to some of this stuff. Any suggestions on events or ways to gear up n00bs for ctf would be awesome.
I really like this thread OP, plz keep em coming.
Luke Gutierrez
didnt this happen the last time a long time ago when /cyb/ and /sec/ seperated and then both threads died its such a small amount of people who post in /cyb/+/sec/ threads theres no point in seperating them
Same boat. I'm thinking of starting a CTF team at my school, since it already has a cybersecurity program. But I don't think there's a way to get into it without looking like an idiot on the first few tries.
Sort of like being a standup comedian.
Charles Flores
If you can get the crack around the 11 minute mark, youre doing great.
