Kinda shitty. Preparing for my OSCP hackerman exam soon
William Cook
Yeah m8s I was wondering where they were. Figured I'd throw one up. All the threads have been boring ass bait and browser threads for the past three days anyway.
My day's going OK. I'm the user from the previous thread who graduated college and can't get a job, if you were there. My next project I think will be doing some recon on this wifi security camera my parents bought. It's a YT. They're leaving for Spain later this month and I wanna see if I can do something like feed it video of my living room so when they look at it it's not a live feed. You know, like in the movies.
Othet than that, just finishing my last couple of classes.
Aiden Williams
Okay, just got back from my wageslave webjob, might pick back up on my Network+ cert study playlist. Currently reading Hacking The Art Of Exploitation per anons recommendation. Trying to get into C off it as I've been jumping around various languages for years, never having built a solid foundation.
What's your rig and how cyberpunk are you? >03:38 AM >Macbook air with only two screws holding the baseplate on so I can quickly pull out the SSD and wireless card when I need to boot from a flashdrive to do airgapped shit >Sitting in my Toyota Aqua with all my shit charging from an inverter that screeches whenever my laptop does anything CPU heavy >Parked outside my country's main federal police building because there's a free wifi hotspot with fiber >Ripping trap threads over a socks proxy because can't browse Jow Forums on public wifi >Mostly just fucking around paying bulls and shit >-1c outside so I'm in a sleeping bag
I was wondering if anyone was using pocket laptops or shit but what I've got is pretty cyberpunk actually
Cooper Sanchez
>what are ya'll working on? still trying to decrypt traffic mitm'd by squid. It shouldn't be difficult, I just need to find out what I'm doing wrong
>Hacking The Art Of Exploitation Great book. I'm re-reading it now.
As long as you've got the traffic and RSA key and squid will let you export the traffic, you can probably move it over to Wireshark and do it from there. I usually do it all in Wireshark. Never used Squid before.
Eli Rodriguez
The fourth industrial revolution by Schwab and Zigbee Wireless Networking by Gislason are both worth reading for understanding IOT more.
Angel Brooks
Does FDE kill SSDs? if so what is the estimate lifespan of a samsung evo 850 with and without it, would just hibernating the PC expand lifespan then just powering off when needed?
Luis Moore
You are cyberpunk, just incredibly pathetic.
Jayden Campbell
Are not*
Juan Edwards
should specify I mean software FDE not hardware
Samuel Evans
my setup is as following: > CA on pfsense >squid told to use said CA and to mitm (works, I see the visited pages in squid's access.log) > dumping traffic via pfsense's packet capture feature on internal interface > private key of CA entered in wireshark's SSL settings yet the traffic still shows up as TLSv1.2, no matter if I dump at the client or at pfsense's internal interface
what am I doing wrong?
Mason Young
It is good to be back!
I hope you contribute these to the FTP site. Nice pic. by the way.
Seems about right to me. The traffic should show TLS in the protocol field but there should be a tab on the bottom of Wireshark that says "decrypted SSL data" when you highlight the packet. It's not there?
The only other thing I could think of off top would be that it's something with the import of the dump. Or maybe your RSA key is encrypted?
Carter Fisher
Meant for
Jordan Campbell
I can only see Encrypted Application Data. My certs' CName pops up in the Server Hello, So I guess squid does its job correctly. The private key looks fine to me and is not password protected. I'm really flying blind here...
Juan Adams
Honest question, considering that most software today is being developed in high-level garbage-collected languages, what's the future of Reverse Engineering as a profession? Does it have a future at all?
Xavier Murphy
Did you put the traffic encryption key (or maybe it doesn't request) in and are you sure you didn't put in the hash of the private key?
Asher Gomez
>Ripping trap threads
Faggot.
Ryan Baker
I think it's still valuable. How else will people figure out how to hack stuff? Gotta figure out how the thing works before you go and try to work on it. Else you'll just be shooting in the dark. Even with garbage collection, if you figure out how the implementation works then you're a step closer to reverse-engineering the thing. Granted I'm no engineer but I think it's still important for /sec/ and hacking.
Michael Gomez
Awful, Protecting IoT is a nightmare, keep all IoT devices on a separate network, if you see that an IoT device that isn't in that network, move it there and wall the shit out of that network, jesus christ it's horrible. Any skiddie can just break that shit, cars are no better.
RE will be around so long as kernels are written in C/C++ and rootkits are attacking kernels. RE isnt even remotely limited to those languages, in fact a lot of work is being done on mobile/ARM based devices for Vuln Research and RE. At the very least it is a good tool to have in your skillset.
Justin Jones
Reverse engineering also includes hardware and protocols.
Kevin Cook
There's been such a huge rush to crank out these IoT devices that I'm not surprised they're hard to protect. I guess they sell well but I wouldn't be surprised if we started seeing a lot more news about how all these devices are getting compromised. This all being said, I was bored so I started deauthing that camera I was talking about in the OP (it's a Yi camera, not a YT). I think my dad is pissed at me but it's his fault for being a brainlet. And also putting a camera in our house so he can watch everyone while they watch TV. Still gonna see if I can do something more interesting with it.
Connor Torres
You could put it on your front door and have it connected to a motion sensor, or write your own code for it, great way to skirt around all these AAS cameras like ring, fuck that noise.
Jack Reed
Just got my Sec+, now trying to get a comfy SOC analyst job
Matthew Green
Taking Security+ exam in a few days, reviewing stuff. Too many acronyms.
Jeremiah Anderson
Are certs actually worth it? I've been thinking about getting one but I'm not sure which. Also I don't really have $800 to drop on one
I'm this user I hear a lot of certs are shitty. I wouldn't bother unless your job is paying for it (in which case why not) or if you know it will really will help for the kind of job you're looking for. I would definetly shill for OSCP, but that's specifically if you want to pen test.
Jaxon Carter
Didja flip-flop those replies? Anyway, I do want to pentest but I don't have enough expertise to do it as a job. Maybe it's still a bit too early to do a cert. I guess I should get a solid job first before I start trying to put the icing on the cake.
Daniel Ross
Wrong way around yeah. You dont need a cert to start off with learning pentest stuff, you're time would be best spent doing ctfs/vulnerable machines first. Once you get some basics and some money try for the oscp if you want to. It's still "entry level" but that doesnt mean it isnt hard as fuck for a beginner.
Zachary Myers
Your*. Ignore my spelling I haven't slept.
Ryan Evans
>implying traps aren't the next step of evolution It goes trap -> transhuman
Xavier Phillips
wireshark doesn't decrypt tls data, AFAIK. I've never used squid, but I'd assume you'd need something at the application layer to do the decryption, like a browser would.
David Hill
Wireshark can totally decrypt TLS as long as you add the key but I really don't know what that guy's issue is. It's probably something small that fucks everything up. Always is. Last bump before bed. I hope this thread is still alive tomorrow morning.
For me, they've been helpful. They can be educational and they help score a job. Because of the knowledge I got from my CWNA job, I impressed the guys at my interview and got it. Also, many positions look for certs. Not all of them are expensive. My SSCP and CWSP were very affordable.
Jayden Watson
doing ICS sec course at BHUSA
Carson Harris
Good luck! And yeah, the acronym situation is horrible, I was ranting about it a few threads back.
Jack Robinson
Cyberpunk has nothing to do with cybersecurity.
Brayden Gutierrez
We missed you.
Chase Robinson
=== /sec/ News: On the rceiving end of a cyber attack: bbc.com/news/technology-44482380 >What's it like being the victim of a live cyber-attack? What should you do to protect your company from further damage? And should you pay that ransom demand? Technology of Business eavesdropped on a "war games" exercise hosted by cyber security firm Forcepoint that was based on lots of real-life experiences.
Jason Butler
whats some good cyberpunk fashion that isnt total edgelord level
Tyler Reed
Still no agreement on that and it is also missing from the FAQ.
Hey, punks, what are you think about riot.im, matrix and all that jazz?
Levi Roberts
There was a Cyberpunk 2077 thread on yesterday, and multiple people were arguing that cyberpunk as a genre of fiction is inherently communist, as a critique of all things non-communist. Some authors were listed as having "communist" views to reinforce that. Browsing occasionally I've noticed the open source philosophy and anti-intellectual property movements also leaning further left than is comfortable for me.
How do the regulars of this thread see a well ran society, and is that preferred version of the world further to the ideological left or right of today's situation? Just curious, not going to judge you on an anonymous anime forum.
You can no longer use just the private key to decrypt data. You'd have to do something convuluted like ssl downgrade or get the session file from your browser, like I mentioned earlier.
Cyberpunk is not inherently anti capitalist or anti communist. It can be used to tell an anti capitalist or anti communist story, or whatever other theme you want.
Jacob Morgan
How come these threads never derail into Batman conversations?
Ryder Richardson
trying to get back into the pc gaming scene. was all consoles for the last 10 years. now I can finally afford a decent rig.
wanna learn coding as well but have no idea if its worth the pursuit. I don't think I will get a job like that, here in Germoney they love official certificates, degrees and shit. might invest more time in learning how to trade instead.. I dunno.
Nicholas Walker
tor creates a SOCKSv5 proxy. your search keywords are "iptables output redirect", the default policy of your OUTPUT chain should be DROP
Aiden Bennett
bump
Levi Foster
Cyberpunk tends to be set in a post capitalist society, close to corporativism. Capitalism in itself just means there is private ownership but already Adam Smith realised that this requires transparency. And that part is gone in most of the West. The funny thing is that it is in the social democratic European countries we have the greatest difficulties in getting that cigarette paper in.
The protagonists in Cyberpunk literature do not run the world, they just want to get by and stay under the radar.
Carter Barnes
not the guy you're replying to but can more people make posts like this one? >provides the main goal (make a SOCKSv5 proxy) >provides keywords >gives a tip (OUTPUT chain should be DROP) >doesn't spoonfeed 9/10 post tbqh famalam, just need a smug anime girl for that extra point
>here in Germoney they love official certificates, degrees and shit
Get a short diploma/certification. A 2 year diploma can make you into a sysadmin. You can do it via distance learning, too. As long as it's accredited in Germany, it's fine.
When lots of big companies implement bans on some authors at the same time, is there usually some other, third force behind the said ban?
Jackson Cruz
Or they wanted to ban that inconvenient actor for a while, and only delayed it because they didn't want to be the first and get backlash. When a bigger, stronger organization issues a ban, suddenly you have precedent to ban that actor yourself, and quote the larger organization as excuse.
Sebastian Anderson
Got any examples?
Ethan Torres
Alex Jones
Benjamin Thompson
"third force" usually boils down to a vocal minority demanding tolerance, equity and free speech - except for those that don't share their opinions. But I don't think Jow Forums is the proper board for political discussion
Parker Young
all 4 at the same time with different CEOs. come on, you dont see anything fishy there user?
Jeremiah Ramirez
absolutely. it was done by Media Matters. they recently a few days back released hate sites/activities on internet and alex jones was first on that list.
it's a tricky subject though, because you want control over media to not let it run rampant and post illegal stuff but at the same time when you're pandering to different audiences. one thing offending a group may not be the same to others.
narratives and political influence is the third force but how much control they should have is needed to study a bit more
Cooper Allen
Political oppression in the coming Internet age is cyberpunk related.
Blake Ward
How secure is Intel SGX? Can it truly be used to kill piracy on PC?
I know that this can be beaten by hardware vulnerabilities like meltdown or spectre, but Intel is obviously going to fix those bugs in a later revision.
Nathaniel Green
=== /Cyb/ News: The world of Cyberpunk is coming closer. Or, as they say, he future is already here – it's just not evenly distributed.
>12 new tech terms you need to understand the future bbc.com/future/gallery/20180731-the-new-tech-vocabulary-you-need-to-understand-the-future It is a 14 page gallery with titles that could be straight out of a Cyberpunk movie: >BRAINJACKING >Medical implants with wireless functionality are becoming increasingly common. They can be programmed, controlled and recharged without the need for surgery or wires.
>While more convenient, these wireless medical devices are also far more vulnerable to hacking. Former US Vice President Dick Cheney, for example, had the wireless function on his pacemaker turned off in case foreign powers tried to use it to assassinate him.
>Now cybersecurity experts have warned that medical device hacking could take an even more disturbing twist as patients begin to receive implants in their brains. Known as Deep Brain Stimulation, these devices deliver electrical pulses to neurons in the brain on or off. They are already being used to treat conditions such as Parkinson's Disease, but are being trialed in patients suffering from Tourettes Syndrome, chronic pain, depression, anorexia, mood disorders, and obsessive compulsive disorder.
Also a page on AI cyber-attacks.
Jacob Bailey
as a cyber security analyst for a fortune 100 company, i want to know: Are generic users dumb as shit everywhere you go? i literally have to deal with users reporting as possible phishing attempts automated emails from payroll reminding them to submit their timecards by noon.
Redpill me on how to remove malware, rootkits and backdoors adequately. As far as I remember from learning it a while ago you have to to integrity checking (sfc /scannow), plus verify the hardware drivers (sigverif) which is usually enough to tackle most ring 2 and ring 3 malware.
What other methods are good? Also, is Kaspersky rescue disk any good for low-level malware/sophisticated ring 2 rootkits?
What's the usual protocol for getting rid of modern backdoors, by the way?
But yes, generic users are usually figuratively retarted. I work in IT (fresh outta college). I had this one guy ask me if he could still recieve calls if the wifi on his phone was on, and also why he didn't see the little wifi icon on his status bar, because it's usually there. Not only had this guy primarily made and received calls while the wifi was on, he didn't know how to turn it on or off in the first place. I had to show this guy how to turn the wifi on on his phone and explain to him that yes, you can in fact still make calls with wifi on. That's when it hit me. Most people are DUMB when it comes to tech.
Kevin Watson
=== /Cyb/ News: Among the places cited as the most Cyberpunk in style of vibe, comes Shenzhen. And here is what it looks like: >Inside China’s ‘skyscraper capital’ bbc.com/capital/gallery/20170809-inside-chinas-skyscraper-capital >In just 40 years, Shenzhen has transformed from a fishing village to a booming innovation hub, with skyrocketing economic and population growth.
Isaac Edwards
Are the comptia+ certs any good? is it good to jump into sec+ rather than starting from the basic certs? pl srespond
Jordan Diaz
the left most circle.
Levi Flores
how did you come to that conclusion I'm pretty sure the image was a trick question.
Camden Jones
pls respond
Andrew Turner
its the only shape without a unique trait.
Dylan Richardson
I'd probably choose the square but that's an intresting point of view.
Carson Morales
This is disputed, check the FAQ. Many have stated that certifications are mainly useful to get past the HR department but that it is the skulls that get you the job.
Noah Watson
At the lowest, if you have no actual networking education, start with net+ then sec+.
Bentley Hill
we must begin to adopt/learn about/use brain-computer interfaces if we are to to begin our collective transcendence from meatspace into cyberspace. i look forward to the day when I can learn new languages and skills with simple neural updates. until then we will have to be content wearing Arduinos on our heads.
>The funny thing is that it is in the social democratic European countries we have the greatest difficulties in getting that cigarette paper in. I must be slow, I can't parse this. What are you saying?
Jaxon Rogers
What is a cyberpunk approved code host?
GitHub is now microsoft owned.
Connor Williams
your own
Joshua Parker
I was planning on getting certified in Sec+, are any books recommended? I'm just reading the Sec+ study guide right now