/sec/

This is not /cyb/ /sec/. No OP. No IRC. Final destination. I do not claim any expertise (I'm a beginner by most standards), but I'm curious to see if there's anyone else on Jow Forums who is serious about security. I'll make this thread a regular thing, if that's the case.

>Content:
- How to's
- Exploits
- Tools
- Projects
- Banter

>Resources:
- tools.kali.org
- exploit-db.com

>How To: Aircrack-ng
Aircrack-ng is an essential tool for beginners looking into cracking networks. It allows one to put one's card in monitor mode. Monitor mode is a function of one's wireless chipset, which allows the capture of 802.11 packets. Not every chipset, and not every OS, is capable of running in monitor mode.

Attached: 4_DU.png (1702x2471, 1.01M)

Other urls found in this thread:

en.wikipedia.org/wiki/Email_spoofing
twitter.com/AnonBabble

What happened to the hackerman threads?

>How To: Aircrack-ng cont.

In conjunction with a password cracking tool (John the Ripper, Cain and Abel, etc) , it can be used to take captured handshake packets, and crack network passwords. This is one of the most basic methods of taking networks, and is entirely skiddy. It relies on weak passwords, and even then can take several hours. Dictionaries compiled from what is known about those running the network can increase efficiency, and success rates. If one is looking to get one's foot in the door to network security, this is an excellent method. From here, research into better methods is advisable. I recommend running aircrack on a Linux distribution (Ubuntu, and of course - Kali - work well).
Defending against this attack is simple. Randomized passwords of sufficient length containing a mix of character types will be more than enough to defeat an aircrack attack. Keep in mind the idea of exponential brute-force time, based on the length of a password. A twelve character password could take two hundred years to brute force, requiring computational resources well beyond the means of most amateur penetration testers. By utilizing Wireshark to detect a flood of packets, or unusual packets which interrupt a network connection (essential, since the goal of aircrack is to capture the authentication handshake) one can easily determine if one's network is being attacked in this way.

I don't know user, I miss them.

>Projects:
I'm currently working on cracking WPA/WPA2's with a pixiedust attack, using the airgeddon suite. I'm also researching metasploit, and how to work with listening ports to drop exploits in. Any thoughts on common Windows 10 port exploits would be welcome.
In terms of what I've been coding - I've been working up a silent keylogger in Python, which communicates with an anonymous data storage utility (guerrilla mail etc) to dump logs.

>Banter:
Is Jow Forums really this technologically illiterate when it comes to security? Prove me wrong. Post knowledge. Post projects. I have to believe that there are others out there looking to learn, teach, or both.

Attached: 03043018_1.jpg (424x566, 38K)

>Post projects
That would be the logo.

Hahaha

Attached: 2011-08-22-E03P14.jpg (978x640, 172K)

I feel like a shitty LARPer, I just beat Bandit on overthewire, but I'm too much of a brainlet to get through leviathan or natas. I'm a uni-kiddo who has programming chops in Java, c++ and Python, some Linux and networking experience, but I feel like I'm missing ~3 years of experience to know what to do on some of this shit.

I also want to start a cybersec club at my University, but I feel like a brainlet when it comes to some of this stuff. Any suggestions on events or ways to gear up n00bs for ctf would be awesome.

I really like this thread OP, plz keep em coming.

didnt this happen the last time a long time ago when /cyb/ and /sec/ seperated and then both threads died
its such a small amount of people who post in /cyb/+/sec/ threads theres no point in seperating them

Attached: e0cadf5c-773b-485b-a5c1-27413b88fc43.jpg (1000x562, 106K)

Same boat. I'm thinking of starting a CTF team at my school, since it already has a cybersecurity program. But I don't think there's a way to get into it without looking like an idiot on the first few tries.

Sort of like being a standup comedian.

If you can get the crack around the 11 minute mark, youre doing great.

due to the firewall, i'm not able to see all open ports.
but currently i'm trying my way around port 400-430 who are all open on my w10 machine, give a try as they must be pretty common ports.

If you have experience with Linux, you should be able to complete Leviathan. If you get stuck somewhere, just Google for a walkthrough and try the next level.

I wish I had some /sec/ related projects to post about but I've only been playing on HTB, that fucking silo got me working three days and even though I found the utl library I couldn't exploit it like everyone else for some reason.
Fuck that.

So I'm relatively new to security and was wondering what the actual benefit of encrypting your drives with LUKS, surely the exact people you are defending against could just nab your ram and fuck you anyway

Crypto user here, up for answering any crypto questions.

It's incredibly difficult to recover information from RAM.

Oops, second response meant for

There's really no point in encrypting drives, unless you have something really worth protecting on them.

I have nothing but questions when it comes to crypto. Where do I even start researching?

Wew, 11 minutes? In my dreams. I can't even imagine getting those kinds of speeds unless I get really luck with a dictionary. Pixie seems more promising, I'm dbanning a thinkpad right now and installing Kali - I had Ubuntu on there, but it didn't have the tools I needed.

Attached: 10032018_8.jpg (400x266, 36K)

Schneier's "Cryptography Engineering" book is a great book to start understanding the concepts. If you want to understand the standard implementations, the main algorithms used in the Fed gov that are public are in the FIPS 140-2 annexes. For instance, AES is outlined in FIPS 197 and its modes in SP 800-38a, b, c, d, e, and f.

Really? I was led to believe (by a friend mind you so it could be utter shit) that with the right tools its not particularly grueling to recover the information? care to give a quick rundown on what makes it hard?

im zeroing out my 2tb hdd and its got only 36 hours left!!!!!! i feel your pain my friend

If you power off your machine to clear RAM. Somebody would need to freeze your board immediately after shut down to access anything. I was worming in computer crimes when the was first carried out in testing but it's more academic than anything.

Interesting, so if they got access to the machine while running its not particularly hard? or am I understanding you wrong?

If you have physical access while it's on, you have access to memory, unless the device has some sort of tamper response mechanism that wipes RAM when you try to physical access the internals of the device.

Need a short answer here.

Is it possible to send an email without leaving any trace? Specially my location.

Thanks brother, I'll add all of that to my list.

Oh dear lord, I'm only zeroing a 500gb hard drive, and I'm working on my third hour. Agony.

Sure. Use a VPN. Using a temporary email client is good too, since it'll be overwritten in 24 hours or so. As for a COMPLETELY untraceable email, eh. I'm not sure there is such a thing. Buy a throw-away phone, send the email, and smash it to itty bitty bits.

If you have unrestricted physical access to a machine, you can do just about anything.

Never used a VPN but I think I could get it working. Using temporary mail client or fake one was obvious as well.

If I can just cover my location I'll be fine.

en.wikipedia.org/wiki/Email_spoofing

A reverse-engineering thread would have been a lot better DESU

Kali is better on a usb, something mobile where you don't update it a whole lot, its been really unstable for me lately, so I switched to parrot and it's been really nice not watching shit crash and burn every 5 days.

just moved to quad9 DNS and enabled DNS over TLS. Did I do good or it's just placebo?

different user but is there any detriment to having a Kali install? I have a spare usb that i can throw it on but i use arch on my desktop and i can't really think what OS i would even bother putting on my laptop if i got rid of the kali install

>Although email spoofing is effective in forging the email address, the IP address of the computer sending the mail can generally be identified from the "Received:" lines in the email header.[5] In many cases this is likely to be an innocent third party infected by malware that is sending the email without the owner's knowledge.

Not sure if that would work for me.

Besides looking edgy if you DD it, it has a tendency to break, or at least rolling does, a lot more than other distros, there are tools out there to put kalis tools on any debian based OS (katoolin), so its really up to you, since youre an arch user, you can pull from blackarches repository. Also I really fucking hate gnome, which stock kali comes with.