I want to become professional in the field of cybersecurity, besides some Scriptkiddie shit I have no experiences in the field. I am thinking of CEH, is this a good start for someone who wants to start from scratch to become a professional?
Landon Morales
Hi /hmg/, does anybody have any decent ideas for a final year uni project that doesnt require any coding? My interests lie more in the vulnerability and attacking sides of security. The requirements for my project are: "The project allows the student to define and solve problems mainly focused in computer forensics, information security or cyber assurance". It needs to be substantial enough to plan and carry out an entire project on it.
>The hell y'all been? Always around, always click on these threads when I see them (they're my favorite). Been reading the intro the pentesting book written by that tranny and been hurting my head with reading through googlectf writeups but recently I've started to actually feel like I'm gaining ground in learning about 1337 haxing. Feels good.
>computer forensics try and compromise tails
idk though, be more specific. Right now you're just saying 'anyone got any ideas for hacking stuff to do'
fuck off
Robert Stewart
How the fuck do I get the virtual machine from Hacking: The Art of Exploitation to work.
fuzz a set of new/existing executables with bleeding edge grey-box fuzzer. compare to existing fuzzers. find bugs. write an overview of developments in grey-box fuzzing.
there's a project that has minimal programming.
John Garcia
1. I don't fucking know why don't you post your error 2. fuck off and ask in the gnu/linux thread
Colton Evans
why are Jow Forums such retards and failures in cybersec. Is it because they're all niggers ?
Matthew Taylor
doesn't look like there's anything you can do at all. what do you have access to? do you have fs access?
Thomas Gray
how did you come to that conclusion?
Charles Wood
because, i bet you stupid niggers never hacked anything in your lives. You all should just give up and go work at your local glory hole
James Kelly
what have you hacked, oh superior white man?
Cooper Perry
i've probably been doing this longer than you have
Connor Bell
i don't have access to admin/secret, but i could read bin but not modify it
Colton James
well; what does it do?
Luis Reed
well then in that case i've misjudged you. I think the lesson here is racism is bad folks. Not all niggers have low iqs
Gavin Garcia
I don't know what is a final year project but I did a comparison of multiple techniques of statistical analysis to detect attacks on a LAN for my thesis, I only had to make a small python script to convert some datasets.
okay; well it doesn't seem to be using absolute paths. can you create a binary in /tmp/admin/ for it to read instead?
John Collins
yeah you can, but i tried that. My guess is i'm supposed to read the "content" buffer. But i have to clue how i could do that. And also ASLR is enabled
Kayden Phillips
>android >best market share >muh bloat >no one trying to haxor it you guys are really just jerking off to lehachthebox and CTF's instead of real haxoring
Nolan Collins
Glad to have this thread back. Anyone know anything about ROP? I'm the second to last challenge of ropemporium.com.
well execve keeps the UIDs so can you read out admin/secret ?
Gabriel Moore
explain the latter
Brayden Morales
yeah, I've done a fair bit of ROP in the past
Matthew Gutierrez
nope, it lowers your privileges before the fork. And i tried creating a bin that can sleep indefinitely and attach gdb to the parent process and read content but that didn't work for some reason
Xavier Johnson
have you tried raising your privs again? if the user is non-root it may be doable.
Jack Gomez
nope you can't. One question, what happens if execve has null arguments like this execve("/bin/sh", NULL, NULL); Normally you get a warning from this, is there a way to exploit it ?
Ethan James
Oops; misread your post and ended up writing a ROP chain for write4 instead.
Most of the content in this torrent is from many years ago, some as far back as 2006. Is it really still useful?
Angel Parker
maybe :)
Jacob Wood
I'm not having issues. I can figure it out. I'm just seeing if others are doing the same. This is my solution for badchars64. I did mine solution with some bash scripting and my own C programs (xor, radix, big2lil). I'm trying not to be a script kiddie. pastebin.com/KMZQX1XC
Landon Torres
beauty
Christian Richardson
Thanks, mang. I was up till 5 in the morning tinkering with that script and gdb trying to get it to work. No cheating too, feels good.
Cooper Harris
Anyone has any kind of ruby standard that he/she follows when making metasploit modules?
Aside of metasploit classes, how to make code more readable in ruby?
Alexander Davis
wtf was this response
Leo Thompson
He is acting coy with you Probably to seduce you into filling his boipucci
Jose Scott
Do you guys know another sites like phrack, packetstorm, 2600, textfiles?
Cooper Evans
What can I install to an Android phone to monitor WhatsApp/other chat apps or to key log it? I have physical access to the phone, but it is not rooted.
Can anyone tell me WHY kali is "the hacker distro"?
Asher Gonzalez
It's because backtrack was the de facto distro for hackers back in the day; kali rose from the ashes. I use arch.
Christopher Kelly
But why does there need to be one to begin with
Jaxon Collins
Kali has become more than just a distro. You can do some cool things with the image. Also, the packages for kali are tailored for "hacking." You don't have to use it, you know.
Liam Smith
>You don't have to use it, you know. Not like I dont want to, I'm just curious about the distro itself wrt it being specialized for hacking/pentesting
Andrew Reyes
It's literally just Debian but with a collection of pre-installed pentesting tools on the image. This makes it useful for when you need to get some quick and dirty pentesting done and don't want to do it out of your main OS install, or if you usually use windows but need linux-specific tools. Another idea behind it was having all the tools installed locally so you could pentest without having to actually connect to the internet first, say if you want access to a wifi network but need the internet to download the required tools in the first place, Kali would have you covered here. It's also nice for beginners as it has a pretty good selection of tools there for you, so you don't need to already know what the 'standard' is for a specific task.
Also it's a meme. In mr robot they literally just have the default desktop image on random screens at times for no reason, and obviously during the anonymoose days loads of skiddies would download it to be cool haxors.
Julian Morgan
I have a question. So my roommate has cameras in his house, and I went to see if there was a firmware to download, and Reverse engineer just to pick around in it.
Apparently the only way to update the firmware is through the android app.
My question is, is there a way in wireshark to grab the download link of the firmware?
Asher Butler
if it's carried out over https, which it probably is, then no.
Wyatt Bailey
>My question is, is there a way in wireshark to grab the download link of the firmware? >wireshark to grab the download link of the firmware? >firmware
Thomas Perez
or not the link maybe the file transfer through whatever protocol?
Lincoln Edwards
also, firmware isn't usually (or ever) updated by transferring over new binaries of the firmware altogether, but rather specific upgrade programs that you can't really do much with on their own.
Kevin Young
I'm just fucking with you. Use arpspoof, under the package dsniff. See if you can see the stream(tcp not video feed). It shouldn't be https if it's locally managed or not centralized. You can at the very least, cause a DOS attack on the camera.
Mason Edwards
Hey anons, ArcheryOS fag here, been a while since i have seen this thread. I bring updates. >ArcheryOS 1.1 Is almost out, im just adding a few more tools (w3af, shellnoob, and nipe) >v1.1. Will come with an OpenRC version, along with a systemd option. >Upgraded installer, that gives the user more choice in what DE/WM they want to install, among other things Anyone have any suggestions for v1.1? anything else i should consider adding?
Michael Rivera
hey, I'm one of the user's who gave you some suggestions last time, glad to see you're making progress! How difficult is making your own distro, anyway? Do you need a lot of knowledge in C or something?
Julian Ward
>How difficult is making your own distro, anyway? Its not that hard, but it also depends how you go about it. Making a good distro from scratch (LFS) is quite difficult, mainly because you need to list all the installed packages in the package manager database, but by the time you install a package manager, you already have quite a few tools installed. However, I'm just using the arch "archiso" package, which makes it pretty easy (if you are making it with systemd, openrc has been a pain). >Do you need a lot of knowledge in C or something? Honestly, its more a good knowledge of bash, and a general understanding of linux in general. At the moment, the main thing i am doing is creating .pkg.tar.xz files for Archery's repo, which is just time consuming, to fix all the deps and everything. I have had to do quite a bit of C debugging when compiling packages for the repo though.
Ayden Harris
You fool. It's always a kernel panic
Robert Carter
I believe the vm used was ubuntu 8. You could always turn off stack protection and disable aslr.
Cooper Diaz
Ah thanks for the info. Maybe I could find something, doubt it though.
I'll give that a shot and see what shows up, its zmodo brand. Its a chink company so I'm sure theres a backdoor or a video feed going back to china.