Cybersecurity thread

learning assembly would be a good first step. offsec's CTP course focuses on exploit development, which involves reverse engineering. closest thing i know of

spectre is a class of exploit

Anyone have experience with freelance penetration testing? I'm very self motivated, have a broad skillset, and don't want to work for toilberg. I don't know what to charge, though.

>no bright future

Attached: 2CC2E8DB-352B-4512-B3D1-C4C064B5CBE3.jpg (500x312, 80K)

Just cold call companies and tell them that you offer penetration testing.

Getting a job and some experience is more valuable than a masters.

Use netdiscover

>crack.me
>liveoverflow
>art of hacking

Post that up, sounds cool as shit

You need to fabricate an entire company, and charge out the ass. It gives the air of professionalism than some kid going “lol I dunno 50$ will do”

The future is as bright as you make it.

I left cybersecurity to become a developer. Was it a good or bad decision?

>You need to fabricate an entire company, and charge out the ass. It gives the air of professionalism than some kid going “lol I dunno 50$ will do”
I'd make a sole proprietorship. It's really easy in my state. I planned on doing freebies/high discounts at first, but i don't know what a pentest usually costs and how much depth I should go into them
You can pivot to cybersecurity from being a developer, easily. You can get CSSLP and try to horizontally move to being more involved with the security side of the development process.

ahhhh ok
and what is a cybersecurity?

virgins

i did this but went into a security development role. in my experience, most security people (a few exceptions like crypto people, some pentesters and security researchers) aren't super technical, so i switched. a developer who knows security stuff is much more valuable imo, and you can easily switch back into security stuff in the future.

>crypto
>technical
every crypto person i know does math more than programming

true it's more math, but i've never met a crypto person who couldn't program. i have met tons of "security" people who couldn't program though.

i think it's because crypto people went to college, and you can't get out of programming. whereas some cybersecurity people come from IT

do you think eve put the snake up her fanny the greeks used to do that for """medicine""" bet the kids werent adams at all

I work as a pentester, and, honestly, I'm getting tired of this bullshit. I'm supposed to know it all, I'm EXPECTED to know everything, and I constantly fear that any mistake I make will bite me in the ass.

AI for theoretical stuff, infosec is much more practical

(I do mobile/web/internal/... testing)
also, lots of egos and bullshit. it gets tiring after a while

mostly in the networking side of IT, right?

are you an employee or a subcontractor?

going to start with some noob ctfs. playing overthewire for a few nights see how far i can get

I haven't due to school taking up my time. The only thing I've been doing is watching defcon videos

I have no idea how to penetrate anything, I feel like I should get into comp sci so that I can make sense of how network protocols work.

i dont know abnout pentesting but pretty sure you do NOT have to go to school to learn it

employee. was a NEET before joining a company, this is my 2nd job in the industry, and it sucks IMO

Really? Then I start studying harder.

Guys, I'm on the fence with this stuff.
I know that Cybersecurity will land me a job in the future if I pursue it, but I'm afraid of ending up as the dude who's just in it for the money and absolutely hates it.

On the other hand, I know I've got a healthy interest in the arts(music, vidya, etc.) but that's a competitive(depending on what field it is) area I'd rather not stick with.

Anyone have any advice/input? I'm currently studying for the A+ exam, 901-902.

Attached: 1469352741276.png (321x339, 10K)

College is a bunch of educational primers and opportunities to meet potential employers. But your little piece of paper on the wall makes people look at you more.
if you don't go to college, you haveto get certified, have achievements to boast of, and natural people skills.

I'm tired as fuck, hold up
>area I know can be a hit or miss, and certain projects require money that I don't wanna spend the rest of my life making it in retail.

beginners.re/
Reversing: Secrets of Reverse Engineering
Practical Malware Analysis

how much actual experience/skill do you need to get into the industry? i'm about to graduate with a compsci degree with a concentration in Cybersecurity. i'd say i have a good grasp on the basics of exploitation, networking, firewalls, etc. but i don't feel remotely "leet". i know for software engineering you can get a job with half of your skull missing, are cybersecurity jobs difficult to break into? i have a SWE job lined up rn but i really dig security, i've just been too swamped to really dedicate to it out of class lately :/ would love to jump ship eventually

>but i don't know what a pentest usually costs and how much depth I should go into them
call other pentesting companies, make up a story about your non-existent company and ask for a quote. if you don't know how much everyone charges, just ask

get some networking certs and then get OSCP

that's actually a really good idea. thanks m8

talk to your manager about incorporating your cybersecurity skills into a software security position, and keep nudging towards cybersecurity

So then those are the devices on your network. The only time there is a flag is when then is more than there should be.

>cybersecurity
please stop using that word
it's information security/network security, not "cyber"security

Just start with Kali then. Watch tutorials online

its cybersecurity, just be glad we aren't saying "cyber". THAT one gets me going

Where the fuck is the living document text for the OP, you mong?
We have to keep the resources available.

Speaking of, we need to update our current certification dumps. We also need to increase access to SANS material.

I need to brush up on my namescrubbing/anonymizing techniques for PDF.

It's cybersecurity, you retard. Stop letting management types dictate your lingo.

You have to: they decide who gets what budget.
Welcome to hell.

Should I take a low-ball "IT-Security" job?

>will have CS degree in May
>haven't had any internship experience
>haven't been applying to places
>haven't updated my already weak portfolio in over a year
>I'll basically get hired as soon as I apply, no technical interview

Im left wondering what this will do to my cybersec career though. Will I be stuck as an IT guy and not advance? Should I just keep looking?

Attached: my_brain.jpg (960x956, 73K)

>cybersecurity
define "cyber" as used in "cybersecurity"

>management types
it's the other way around, you fucking retarded faggot. no one in the infosec community calls it "cybersecurity", only retatded journalists and kids who've watched too many movies call it that way.

I'm trying to understand how meterpreter technically works.

github.com/rapid7/metasploit-framework/wiki/Meterpreter

github.com/stephenfewer/ReflectiveDLLInjection

Just found this:

vimeo.com/108076345

I'm doing it for past few years.
What do you mean don't know how much to charge?
They set the contract time, people involved you charge based on amount of work you are doing.

Usually it's around 300-350€ a day for three week assessment for larger companies.

how do you find these? ive been out of school for a while looking for a SE job and cant find any. if its true what you say, theyll hire you right away just cause of cs degree, then id love to apply

how would i go about looking for these

Is CEH a good cert to go for to start out in the industry?

is there any explanation apart from MS spying on me, why the system process connects to almost every domain I visit shortly after I do?
Even if my browser where to use a WinAPI function for something related, it should show up as originating from the browser process, shouldn't it?
It's not just web traffic but even other stuff like SSH I connect to by IP
>pic rel

Attached: image.png (1681x312, 71K)

There is a /Sec/ FAQ. What do you want added to it?

So let's say two people use a custom built application to communicate with each other over IP over UDP/TCP using multiple-encryption where the secrets for encryption/decryption are pre-established in person then what would the secret vulnerabilities be?

There's obviously the vulnerability if attacker has physical access to a device. There's obviously social engineering. What other flaws could be abused?

both

>"studying" for A+
>wants to go into "cybersecurity"

this field is not for you brother

first, turn off v6. It's not secure and there's a new CVE for it that will likely bleed into windows platforms.

2. Use Windows Message Analyzer and see if you can get a file of this behavior and trace it back via initialization times - are those system processes actually starting after you close tabs or are they actually synchronous? WMA will let you search by process and time frames a little more granularly than wireshark, which is what I'd normally recommend.

Well to establish an actual connection you need a bunch of stuff. First you need a transport protocol (choose UDP, TCP or a mixture of both, and the architecture of how they are supposed to be handled on the application end in case of issues)

Then you need to establish a Key Exchange mechanism. Research Diffie-Hellman as an example.

After that you need to choose how rekeying is handled, IVs, etc.

There's a reason people have already built all this stuff, it's difficult to get all of it right. Rolling your own encryption is a no-go completely unless you can explain to me in the next post why an LFSR should be used in a TRNG without multiple DRBGs for whitening.

network protocol*

fuck me it's late

You completely misunderstand.

Messages are encrypted and decrypted in the application. A transmission of "Hello World" would involve:
1. User types in "Hello world"
2. Application uses key to encrypt "Hello world into "ak@(9#$0js7$93dk"
3. The previous character string is transmitted without any network encryption. (It could be using TCP or UDP)
4. The message is received and decrypted on the receiver's computer.

lol just use gpg and netcat in that case

is penetration testing what you wanna do?
then yes

Thanks, will look into WMA. Now that you say it, I was't able to pick up those connections with wireshark. There are some HTTP ones every now and then - but I couldn't find second instances of GETs.
Does anyone know if Firefox / waterfox uses WinHTTPRequest or WinSock?

are there any reports of Domain Flux / Fast Flux usage of botnets, as in, how many are using them and at what frequency?

So here's a couple of ways you can go about it.
Friend you say? Let's assume you know this person IRL or know a mailing address of theirs.

Say you have at least one secure way of transfer, such as physically moving a usb from one PC to another (at least secure enough that it's more effort to get than anybody is willing to put in). Let's also say that you're going to keep this program just between the two of you, so no one else knows the algorithm you're working with. Then you can set up almost perfectly secure systems. At the end of the day the most secure encryption technique is OTP encryption.
Just store a list of values in a json file or something, then do something like
output[i] = message[i] + pad[i]
If you're still paranoid just for the hell of it throw in some algorithm to reorder all the bytes, then throw in some random bytes at the end so no one knows how long a message is.

Practically uncrackable. If you have a unique pad for every message it is literally uncrackable.

Obviously doesn't work if a third party gets access to your software, but try looking for patterns when literally none exist. This also assumes your values are ACTUALLY random. None of this pseudorandom bullshit, grab some atmospheric noise.

I could see getting into trouble with the law if some woman from HR answers the phone

wait, is this not a cyberpunk general? what's going on?

My degree is literally named cyber defense

congrats, you fell for a meme.

so like a pgp email but more suspicious

heres what you wanna do user...

make the app embed the messages in memes
post them on a stupid image board
agree on what meme/key will be used before hand
browse stupid image board and get messages without any suspicious transports from your ip

I've been learning a lot of theory, which I then turn around and make purposefully vulnerable programs to turn around and exploit.

Use a ping scan for that (-sn).

learnt any interesting techniques lately?
i'm looking to improve my confidence with heap-based exploitation but there aren't a whole lot of CTF challenges out there I can find that cover the topic and aren't painfully simple to solve.

I have a CTF up to do a heap overread. Helped me learn some networking in C. I'm pretty sure I could also make a program that could be taken over by a shell script.

Hello cryptlet, your "practically uncrackable" thing is vulnerable to statistical analysis.

I'm going out on a limb and know some things about smart cards. You know any resources? I got a book, but I need to re-learn C to make use of it.

looking at crcgen on pwnable.kr now
some of the security mitigations seem to be tripping ltrace up, which is annoying

Really makes you think

Attached: c4eb1acd46949a7b62f98d3d23fe8a25.png (297x317, 64K)

I wouldn't write anything involving a PC/SC driver in C, all of the libraries for ISO-7816 for C are geared towards credit card companies

also what is the reason you wouldn't want to end-to-end encrypt anyway? It's trivial to do with certificates.

FIPS cards physically secure the private key and can lock themselves after botching the PIN.
Plus, I think password cards are cool.

I don't, but I suspect they are pretty vulnerable to side channel attacks.

yeah I do too I have a PIVKEY

I'm just saying avoid most of the shitty libraries in C and program whatever you're trying to do in something else, even python has better libraries available.

DPA (Differential Power Analysis)

but that's mostly only if you have a really shit reader

Well, maybe I can read the card in Python and find some way to secure passing the key into a C executable.

I can vouch for this. In other roles you're a "Network engineer" or "Infrastructure Architect", as a Pen tester you are EVERYTHING.

Smart cards DO have a key, but they have another function in them.

They have a function that you pass a time stamp, a transaction amount, and some other details (I can't remember off the top of my head) and it uses a hashing function that's only known by the card and the card company (Visa, Amex, etc) to generate a token that's passed to the company to authorize the transaction.

This actually led to a rogue ATM that would queue up future transactions and make them, and the bank accepted them despite hashing clashes. This was, however, way back when it was still only Europe that used smart cards, not sure if it was all fixed coming to America.

I'm not using them for financial transactions. I bought a pivkey and am trying to map a certificate to it and use that as my ssh login.

Which team are you in? I've read that RED team is pretty interesting

I'm starting with Kali, getting it a little bit, in beginning is a little bit boring but later it gets interesting... Just asking, is it illegal to break into others people phones?

almost every country I know of has laws for that to get you into jail for >5years for that

I have a question. I found open public wifi of some network printer, i think its some security flaw that i can connect to it from my laptop but i dont know shit about this thing. After connecting i checked IP address and i nmap it: few ports are Open. Can i do something funny with that?

you'll never know unless you try it. best start would be the webinterface and to look for a firmware update functionality

it comes from the greek word for control

i know a guy who's pure crypto theory and he got it without studying. if you're above 120iq i don't think you need to study for it or know the material to pass