/cyb/ + /sec/ - Cyberpunk and Cybersecurity General

Cypherpunk Manifesto
>activism.net/cypherpunk/manifesto.html

Cyberpunk Manifesto
>project.cyberpunk.ru/idb/cyberpunk_manifesto.html

Hacker Manifesto
>>phrack.org/issues/7/3.html

Guerilla Open Access Manifesto
>archive.org/stream/GuerillaOpenAccessManifesto/Goamjuly2008_djvu.txt

Fables, realities, prophecies and mythology of a community:

What is cyberpunk
>>pastebin.com/hHN5cBXB

The importance of a cyberpunk mindset applied to a cybersecurity skillset
>[YouTube] Glenn Greenwald: Why privacy matters

Cyberpunk directory:
>pastebin.com/VAWNxkxH

Cyberpunk resources
>pastebin.com/Dqfa6uXx

Cybersecurity essentials/resources
>pastebin.com/SCUbhpjP
>pastebin.com/VTXRAPxM

Cntrl + F Basic Knowledges, Basic Training, Arms/Arm
>pastebin.com/rMw4WbhX

Endware: Heavy armor for anons, by anons
>endchan.xyz/os/res/32.html

Shit just got real:
>pastebin.com/rqrLK6X0

Archive:
>textfiles.com

Cybersecurity essentials/resources:
Reference books:
>mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw
>PASSWORD : ABD52oM8T1fghmY0

>FTP://collectivecomputers.org:21212/Books/Cyberpunk/

Thread Archive:
>archive.rebeccablacktech.com/g/search/subject/cyb/
>archive.rebeccablacktech.com/g/search/subject/sec/
>archive.rebeccablacktech.com/g/search/text//cyb/ /sec//

IRC:
>Join: irc://irc.rizon.net:6697
>#Jow Forumspunk
>#Jow Forumssec
>#nfo
>(All require SSL)
>IRC guide:
>github.com/mayfrost/guides/blob/master/IRC.md

Last Threads:

Attached: cyberpunk_party_wojack.jpg (1280x1256, 396K)

Other urls found in this thread:

youtube.com/watch?v=pcSlowAhvUk
captf.com/practice-ctf/
superuser.com/questions/448965/does-full-disk-encryption-on-ssd-drive-reduce-its-lifetime
wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29
bbc.com/news/technology-44482380
jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
youtube.com/watch?v=pDAdmoaKjCI
sites.nyuad.nyu.edu/moma/pdfs/sgxcrypter.pdf
bbc.com/future/gallery/20180731-the-new-tech-vocabulary-you-need-to-understand-the-future
bbc.com/capital/gallery/20170809-inside-chinas-skyscraper-capital
openbci.com
twitter.com/SFWRedditGifs

Ugh, youtube link didn't link.
youtube.com/watch?v=pcSlowAhvUk

What books are you guys reading and what are ya'll working on? Anyone got any recs on recent books, specifically on IoT?

Is this mocking shadowrun?

That took way too long since the last thread died
I was seriously getting worried. Happy to see it again though

These threads are the comfiest on Jow Forums plz don't die

Gonna post cyb pics from older threads just to bump

Attached: Ghost_in_the_Shell.jpg (900x2142, 600K)

so how is/was your day anons?
what are your current plans or what have you learned recently?

Attached: gif_1514219506282.gif (561x600, 43K)

Kinda shitty. Preparing for my OSCP hackerman exam soon

Yeah m8s I was wondering where they were. Figured I'd throw one up. All the threads have been boring ass bait and browser threads for the past three days anyway.

My day's going OK. I'm the user from the previous thread who graduated college and can't get a job, if you were there. My next project I think will be doing some recon on this wifi security camera my parents bought. It's a YT. They're leaving for Spain later this month and I wanna see if I can do something like feed it video of my living room so when they look at it it's not a live feed. You know, like in the movies.

Othet than that, just finishing my last couple of classes.

Okay, just got back from my wageslave webjob, might pick back up on my Network+ cert study playlist.
Currently reading Hacking The Art Of Exploitation per anons recommendation. Trying to get into C off it as I've been jumping around various languages for years, never having built a solid foundation.

Attached: 1507749435405.jpg (375x500, 40K)

What's your rig and how cyberpunk are you?
>03:38 AM
>Macbook air with only two screws holding the baseplate on so I can quickly pull out the SSD and wireless card when I need to boot from a flashdrive to do airgapped shit
>Sitting in my Toyota Aqua with all my shit charging from an inverter that screeches whenever my laptop does anything CPU heavy
>Parked outside my country's main federal police building because there's a free wifi hotspot with fiber
>Ripping trap threads over a socks proxy because can't browse Jow Forums on public wifi
>Mostly just fucking around paying bulls and shit
>-1c outside so I'm in a sleeping bag

I was wondering if anyone was using pocket laptops or shit but what I've got is pretty cyberpunk actually

>what are ya'll working on?
still trying to decrypt traffic mitm'd by squid.
It shouldn't be difficult, I just need to find out what I'm doing wrong

Working on some stuff from captf.com/practice-ctf/
While listening to the cyberadio.

Attached: giphy.gif (842x474, 2.94M)

>Hacking The Art Of Exploitation
Great book. I'm re-reading it now.

As long as you've got the traffic and RSA key and squid will let you export the traffic, you can probably move it over to Wireshark and do it from there. I usually do it all in Wireshark. Never used Squid before.

The fourth industrial revolution by Schwab and Zigbee Wireless Networking by Gislason are both worth reading for understanding IOT more.

Does FDE kill SSDs? if so what is the estimate lifespan of a samsung evo 850 with and without it, would just hibernating the PC expand lifespan then just powering off when needed?

You are cyberpunk, just incredibly pathetic.

Are not*

should specify I mean software FDE not hardware

my setup is as following:
> CA on pfsense
>squid told to use said CA and to mitm (works, I see the visited pages in squid's access.log)
> dumping traffic via pfsense's packet capture feature on internal interface
> private key of CA entered in wireshark's SSL settings
yet the traffic still shows up as TLSv1.2, no matter if I dump at the client or at pfsense's internal interface

what am I doing wrong?

It is good to be back!

I hope you contribute these to the FTP site. Nice pic. by the way.

no, for elaboration see
superuser.com/questions/448965/does-full-disk-encryption-on-ssd-drive-reduce-its-lifetime
be aware that TRIM has impliations on security, see wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29
plus the links in that block

Seems about right to me. The traffic should show TLS in the protocol field but there should be a tab on the bottom of Wireshark that says "decrypted SSL data" when you highlight the packet. It's not there?

The only other thing I could think of off top would be that it's something with the import of the dump. Or maybe your RSA key is encrypted?

Meant for

I can only see Encrypted Application Data. My certs' CName pops up in the Server Hello, So I guess squid does its job correctly. The private key looks fine to me and is not password protected. I'm really flying blind here...

Honest question, considering that most software today is being developed in high-level garbage-collected languages, what's the future of Reverse Engineering as a profession? Does it have a future at all?

Did you put the traffic encryption key (or maybe it doesn't request) in and are you sure you didn't put in the hash of the private key?

>Ripping trap threads

Faggot.

I think it's still valuable. How else will people figure out how to hack stuff? Gotta figure out how the thing works before you go and try to work on it. Else you'll just be shooting in the dark.
Even with garbage collection, if you figure out how the implementation works then you're a step closer to reverse-engineering the thing. Granted I'm no engineer but I think it's still important for /sec/ and hacking.

Awful, Protecting IoT is a nightmare, keep all IoT devices on a separate network, if you see that an IoT device that isn't in that network, move it there and wall the shit out of that network, jesus christ it's horrible. Any skiddie can just break that shit, cars are no better.

Attached: 1514558098829.jpg (851x853, 72K)

RE will be around so long as kernels are written in C/C++ and rootkits are attacking kernels. RE isnt even remotely limited to those languages, in fact a lot of work is being done on mobile/ARM based devices for Vuln Research and RE. At the very least it is a good tool to have in your skillset.

Reverse engineering also includes hardware and protocols.

There's been such a huge rush to crank out these IoT devices that I'm not surprised they're hard to protect. I guess they sell well but I wouldn't be surprised if we started seeing a lot more news about how all these devices are getting compromised.
This all being said, I was bored so I started deauthing that camera I was talking about in the OP (it's a Yi camera, not a YT). I think my dad is pissed at me but it's his fault for being a brainlet. And also putting a camera in our house so he can watch everyone while they watch TV. Still gonna see if I can do something more interesting with it.

You could put it on your front door and have it connected to a motion sensor, or write your own code for it, great way to skirt around all these AAS cameras like ring, fuck that noise.

Just got my Sec+, now trying to get a comfy SOC analyst job

Taking Security+ exam in a few days, reviewing stuff. Too many acronyms.

Are certs actually worth it? I've been thinking about getting one but I'm not sure which. Also I don't really have $800 to drop on one

Attached: 1522759636576.jpg (894x894, 77K)

I'm this user
I hear a lot of certs are shitty. I wouldn't bother unless your job is paying for it (in which case why not) or if you know it will really will help for the kind of job you're looking for.
I would definetly shill for OSCP, but that's specifically if you want to pen test.

Didja flip-flop those replies?
Anyway, I do want to pentest but I don't have enough expertise to do it as a job. Maybe it's still a bit too early to do a cert. I guess I should get a solid job first before I start trying to put the icing on the cake.

Wrong way around yeah.
You dont need a cert to start off with learning pentest stuff, you're time would be best spent doing ctfs/vulnerable machines first. Once you get some basics and some money try for the oscp if you want to. It's still "entry level" but that doesnt mean it isnt hard as fuck for a beginner.

Your*. Ignore my spelling I haven't slept.

>implying traps aren't the next step of evolution
It goes trap -> transhuman

wireshark doesn't decrypt tls data, AFAIK. I've never used squid, but I'd assume you'd need something at the application layer to do the decryption, like a browser would.

Wireshark can totally decrypt TLS as long as you add the key but I really don't know what that guy's issue is. It's probably something small that fucks everything up. Always is.
Last bump before bed. I hope this thread is still alive tomorrow morning.

Attached: 1522988218942.gif (191x199, 224K)

goodnight chris

For me, they've been helpful. They can be educational and they help score a job. Because of the knowledge I got from my CWNA job, I impressed the guys at my interview and got it. Also, many positions look for certs. Not all of them are expensive. My SSCP and CWSP were very affordable.

doing ICS sec course at BHUSA

Good luck!
And yeah, the acronym situation is horrible, I was ranting about it a few threads back.

Cyberpunk has nothing to do with cybersecurity.

We missed you.

=== /sec/ News:
On the rceiving end of a cyber attack:
bbc.com/news/technology-44482380
>What's it like being the victim of a live cyber-attack? What should you do to protect your company from further damage? And should you pay that ransom demand? Technology of Business eavesdropped on a "war games" exercise hosted by cyber security firm Forcepoint that was based on lots of real-life experiences.

whats some good cyberpunk fashion that isnt total edgelord level

Still no agreement on that and it is also missing from the FAQ.

Attached: teruyuki-and-yuka-courir-finallook-tw.jpg (1357x1920, 571K)

Page 8? Enjoy some edgelord grade stuff meanwhile.

Attached: motorrad51185700_1_display700.jpg (1052x700, 81K)

Hey, punks, what are you think about riot.im, matrix and all that jazz?

There was a Cyberpunk 2077 thread on yesterday, and multiple people were arguing that cyberpunk as a genre of fiction is inherently communist, as a critique of all things non-communist.
Some authors were listed as having "communist" views to reinforce that. Browsing occasionally I've noticed the open source philosophy and anti-intellectual property movements also leaning further left than is comfortable for me.

How do the regulars of this thread see a well ran society, and is that preferred version of the world further to the ideological left or right of today's situation? Just curious, not going to judge you on an anonymous anime forum.

Attached: racism test.jpg (1080x867, 92K)

You can no longer use just the private key to decrypt data. You'd have to do something convuluted like ssl downgrade or get the session file from your browser, like I mentioned earlier.

Here's an article on the issue:
jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/

Ok, how do I use Tor as a VPN on Linux? I know its possible on android so there might be a method to do the same in Linux, right?

Attached: 1533346142479.gif (324x333, 857K)

Cyberpunk is not inherently anti capitalist or anti communist. It can be used to tell an anti capitalist or anti communist story, or whatever other theme you want.

How come these threads never derail into Batman conversations?

trying to get back into the pc gaming scene. was all consoles for the last 10 years. now I can finally afford a decent rig.

wanna learn coding as well but have no idea if its worth the pursuit. I don't think I will get a job like that, here in Germoney they love official certificates, degrees and shit. might invest more time in learning how to trade instead.. I dunno.

tor creates a SOCKSv5 proxy.
your search keywords are "iptables output redirect", the default policy of your OUTPUT chain should be DROP

bump

Cyberpunk tends to be set in a post capitalist society, close to corporativism. Capitalism in itself just means there is private ownership but already Adam Smith realised that this requires transparency. And that part is gone in most of the West. The funny thing is that it is in the social democratic European countries we have the greatest difficulties in getting that cigarette paper in.

The protagonists in Cyberpunk literature do not run the world, they just want to get by and stay under the radar.

not the guy you're replying to but can more people make posts like this one?
>provides the main goal (make a SOCKSv5 proxy)
>provides keywords
>gives a tip (OUTPUT chain should be DROP)
>doesn't spoonfeed
9/10 post tbqh famalam, just need a smug anime girl for that extra point

Attached: laughing_anime_girl.jpg (1024x1011, 77K)

>here in Germoney they love official certificates, degrees and shit

Get a short diploma/certification. A 2 year diploma can make you into a sysadmin. You can do it via distance learning, too. As long as it's accredited in Germany, it's fine.

youtube.com/watch?v=pDAdmoaKjCI

Attached: 1510159397463.jpg (657x387, 39K)

When lots of big companies implement bans on some authors at the same time, is there usually some other, third force behind the said ban?

Or they wanted to ban that inconvenient actor for a while, and only delayed it because they didn't want to be the first and get backlash. When a bigger, stronger organization issues a ban, suddenly you have precedent to ban that actor yourself, and quote the larger organization as excuse.

Got any examples?

Alex Jones

"third force" usually boils down to a vocal minority demanding tolerance, equity and free speech - except for those that don't share their opinions.
But I don't think Jow Forums is the proper board for political discussion

all 4 at the same time with different CEOs. come on, you dont see anything fishy there user?

absolutely. it was done by Media Matters. they recently a few days back released hate sites/activities on internet and alex jones was first on that list.

it's a tricky subject though, because you want control over media to not let it run rampant and post illegal stuff but at the same time when you're pandering to different audiences. one thing offending a group may not be the same to others.

narratives and political influence is the third force but how much control they should have is needed to study a bit more

Political oppression in the coming Internet age is cyberpunk related.

How secure is Intel SGX? Can it truly be used to kill piracy on PC?

sites.nyuad.nyu.edu/moma/pdfs/sgxcrypter.pdf

I know that this can be beaten by hardware vulnerabilities like meltdown or spectre, but Intel is obviously going to fix those bugs in a later revision.

=== /Cyb/ News:
The world of Cyberpunk is coming closer. Or, as they say, he future is already here – it's just not evenly distributed.

>12 new tech terms you need to understand the future
bbc.com/future/gallery/20180731-the-new-tech-vocabulary-you-need-to-understand-the-future
It is a 14 page gallery with titles that could be straight out of a Cyberpunk movie:
>BRAINJACKING
>Medical implants with wireless functionality are becoming increasingly common. They can be programmed, controlled and recharged without the need for surgery or wires.

>While more convenient, these wireless medical devices are also far more vulnerable to hacking. Former US Vice President Dick Cheney, for example, had the wireless function on his pacemaker turned off in case foreign powers tried to use it to assassinate him.

>Now cybersecurity experts have warned that medical device hacking could take an even more disturbing twist as patients begin to receive implants in their brains. Known as Deep Brain Stimulation, these devices deliver electrical pulses to neurons in the brain on or off. They are already being used to treat conditions such as Parkinson's Disease, but are being trialed in patients suffering from Tourettes Syndrome, chronic pain, depression, anorexia, mood disorders, and obsessive compulsive disorder.

Also a page on AI cyber-attacks.

as a cyber security analyst for a fortune 100 company, i want to know:
Are generic users dumb as shit everywhere you go?
i literally have to deal with users reporting as possible phishing attempts automated emails from payroll reminding them to submit their timecards by noon.

Attached: anime girl rabbit.gif (450x450, 278K)

Redpill me on how to remove malware, rootkits and backdoors adequately.
As far as I remember from learning it a while ago you have to to integrity checking (sfc /scannow), plus verify the hardware drivers (sigverif) which is usually enough to tackle most ring 2 and ring 3 malware.

What other methods are good? Also, is Kaspersky rescue disk any good for low-level malware/sophisticated ring 2 rootkits?

What's the usual protocol for getting rid of modern backdoors, by the way?

Attached: they_glow_in_the_dark.jpg (474x400, 37K)

Pease hire me.

But yes, generic users are usually figuratively retarted. I work in IT (fresh outta college). I had this one guy ask me if he could still recieve calls if the wifi on his phone was on, and also why he didn't see the little wifi icon on his status bar, because it's usually there. Not only had this guy primarily made and received calls while the wifi was on, he didn't know how to turn it on or off in the first place. I had to show this guy how to turn the wifi on on his phone and explain to him that yes, you can in fact still make calls with wifi on.
That's when it hit me. Most people are DUMB when it comes to tech.

=== /Cyb/ News:
Among the places cited as the most Cyberpunk in style of vibe, comes Shenzhen. And here is what it looks like:
>Inside China’s ‘skyscraper capital’
bbc.com/capital/gallery/20170809-inside-chinas-skyscraper-capital
>In just 40 years, Shenzhen has transformed from a fishing village to a booming innovation hub, with skyrocketing economic and population growth.

Are the comptia+ certs any good? is it good to jump into sec+ rather than starting from the basic certs?
pl srespond

the left most circle.

how did you come to that conclusion
I'm pretty sure the image was a trick question.

pls respond

its the only shape without a unique trait.

I'd probably choose the square but that's an intresting point of view.

This is disputed, check the FAQ. Many have stated that certifications are mainly useful to get past the HR department but that it is the skulls that get you the job.

At the lowest, if you have no actual networking education, start with net+ then sec+.

we must begin to adopt/learn about/use brain-computer interfaces if we are to to begin our collective transcendence from meatspace into cyberspace. i look forward to the day when I can learn new languages and skills with simple neural updates. until then we will have to be content wearing Arduinos on our heads.

openbci.com

Attached: 089e5dc2-9181-49a6-9a83-e469ef6fea86..png (2343x1545, 1.54M)

Matrix is fantastic. I've been using it for a few days. I got some friends to move over from Wire/Hangouts.

Interesting. I'd realized one was red, and that one was bigger than the other three. I guess every answer is somewhat valid.

Not sure why I said days, I meant weeks.

How was everyone’s Black Hat Trainings?
Did you learn anything?

Attached: 3ca243bd5269a463520cb4a051bb6dfc.jpg (736x1109, 186K)

>The funny thing is that it is in the social democratic European countries we have the greatest difficulties in getting that cigarette paper in.
I must be slow, I can't parse this. What are you saying?

What is a cyberpunk approved code host?

GitHub is now microsoft owned.

your own

I was planning on getting certified in Sec+, are any books recommended? I'm just reading the Sec+ study guide right now