Any tips? Shoukd I be studying material on the side?
Landon Sanders
yeah, do ctf's and join a hacking club if you can. put ctf's you rank in on your resume
Nathan Robinson
Cyberpunk has nothing to do with cybersecurity.
Gavin Allen
i have you covered
Jaxon Scott
I've recently been considering the idea of a cyberpunk themed BBS. Or it could be a terminal-based forum like U413
Michael Roberts
Terminal based forum? You can actually access it via terminal? How would I connect to U413 in terminal.
Ian Diaz
whats a CTF
Charles Gonzalez
Capture the flag.... two teams try and root each others boxes.
Joseph Foster
It's been a while since I've rooted someone's box
Gabriel Hernandez
>cyberpunk themed BBS what would make yours different from anyone else's? How would you keep out larpers? The best "cyberpunk" themed forum/board is lain, which even then is 25% larpers and 75% hobbyists. Honestly if you wanna get any deeper than that, just use fucking mailing lists.
Samuel Baker
oh. no where near that yet. also unfortunately my college is small and doesn't have a hacker club
Aaron Sanders
There is no more U413.
Jose Sanchez
U413 doesn't exist anymore. By terminal-based I mean that the interface would be controlled by terminal commands.
It's just an idea. Perhaps it might not be a BBS, maybe a SSH textboard, like whisper or einchan.
There's always going to be larpers on any forum, it's just a given. I only really have two ideas for how to keep out larpers. The first one would be some sort of challenge that needs to be completed in order to enter. The second would be requiring an invite code to enter so the only people that can come in are people that have been invited. I prefer the first one, as the second one would likely hurt growth a lot.
Joshua Nguyen
>some sort of challenge that needs to be completed in order to enter that's a nice idea on paper but solutions for it will eventually be made public just try to search "hackthebox invite code" and you'll see what I'm talking about.
Angel Young
larp is generally roleplaying IRL right? Live-Action Roleplay A live action role-playing game (LARP) is a form of role-playing game where the participants physically portray their characters.
since cy*punk is a bit of a scene already and not remotely exclusionist I don't believe this would merit the label LARP...I understand it sometimes can occur in the digital realm...people can actually physically embody the person in front of the computer who they believe would post a certain style...and it's usually cringe and crippled...
>end rant
Grayson Gray
I usually call out people for LARPing pseudo-sarcastically (a kind of meta irony, so to speak) when they've done something to really annoy me.
I have a really dry manner of dealing with those who try my patience |:
Chase Morales
Fuck off back to lainchan.
Alexander Thompson
I also understand the posts that result from LARP can result in totally awesome content Bacon Rider on is a great example of someone who embodies this. his persona carries out into the physicality as any poet does. I need to read his posts more carefully. I feel bogged down and too stupid to emulate his genius. I do not post on lainchan because lain doesn't need a chan imo. it's a little silly but I'm this pretentious I would like a ran-chan.
You can do all kinds of shit with it user >mitm >evil twin >passive/active network monitoring
Nolan Turner
no shame in it, Ran uses pretension masterfully.
lain is ego-death and hardware critical
I avoid both. by zen 2 I will be about done modifying my hardware. ego-death is imminent on my horizons and I actively wish not to succumb.
Caleb Brown
Stop trying so hard. You come across like a fedora wearing mall ninja.
Lincoln Richardson
I became overwhelmed with the amount of possibilities when I first got into the security subject. Even within the CTF world there are several different topics of study (crypto, web, reversing, etc.). I would suggest picking one and really diving into it
Cooper Baker
meme do I come across as meme?
Brandon Turner
>my college is small looks like you fell for a meme user
Leo Adams
You really do. But to each their own
Nathaniel Reyes
Neat
Thomas Harris
it's only for 2 years then I'm transferring to another college. I'm basically getting my college for free because of autism bucks so i can't really complain.
Carson Martin
I posted in a lain thread thank u for spreding gemini my adopted father is here
get a bunch, make a wifi network with your personal website as the default gateway and ride around on a bicycle or something leaving them at random spots ppl might search for wifi at then get elected mayor
Michael Anderson
Bump on page 8
Also, I'd add a link to packtpub. They have a free daily book and some other freebies, which could help those in here.
Jackson Richardson
This is the larp thread so there's no problem.
Caleb Perez
what's the best way to encrypt a linux boot drive? dmcrypt+luks?
Considering how easy DNS cache poisoning attacks are to pull off (since they don't require getting inside the network, social engineering, or relying on the human factor), why don't they happen more often?
Wanting to get started with some Crackmes for fun but even the ones marked as beginner are too much for me right now. I'm trying to learn some assembly to help out with this but do any of you know of some resources that could help someone just starting out? I've looked through the links in the OP already.
Christian Thomas
Plzz teach me 2 hack good leik u. I want my brothers runeacape acount
Justin Rivera
>DNS cache poisoning requires being on same network >DNS rebinding requires SE (or at least human intervention)
wait, wat... you mean DNS amplification ?
Jeremiah Cruz
DNS cache poisoning doesn't require being on the same network at all if it's the DNS servers that are attacked.
Angel Bell
>if it's the DNS servers that are attacked what does it make it so easy to attack a DNS server ? Easiest route is use rebind to change victims's router's DNS to an attacker-controlled one.
Kayden Mitchell
My brother once lost everything in his account by entering his password on a phishing site. You can try that.
Blake Cooper
No, easiest way is crafted packets which would insert the desired domain name resolutions in the DNS server cache.
Xavier Robinson
you basically spam the resolving DNS with DNS 'replies', you'll need to hit a transaction ID that is currently being used. So, low chance and anything but silent
Kevin Thompson
This. There are some ways to increase the probability of guessing the correct session ID, too.
Nathaniel Bailey
>anything but silent so this would be noticed and prevented with ease, at least with major DNS, I can only guess. And it's only going to work if you don't care who will get the answer (so no targeted attack possible). Then even if you hijack some high profile website, you'll have to deal with the SSL certificate. While technically possible, DNS poisoning has lost much of its appeal since a lot of time, can't even reckon major such incidents in last 10 years.
Dylan Wood
I'm currently having cybsec classes in order to pass the CEH, is it true that it's a meme certification ? Also, which programming languages should I study ? I can read java and basic C, and I have some training in SQL.
Jace Ortiz
Other text based BBS'es were mentioned in an earlier thread, did you check out those?
Christopher Hall
it's a meme/HR cert but will help you get in the door. one of my lab's 2 crypto guys who does nothing but math & theory passed it without studying. eventually, you want to have more certs than you list on your resume, and tailor the ones you put on there for the position you're applying to based on getting past HR. more impressive to the technical interviewers will be placing well on CTF's
some useful programming languages: bash -- don't worry about memorizing commands, worry about learning input/output redirection and iteration python -- you need to know this for developing anything more complex than bash is suited for. C and assembly -- to understand how memory corruption works javascript -- for XSS powershell -- memorize some important commands for when you're interacting with windows PHP -- because websites use PHP SQL -- basic knowledge, for SQL injection HTML/CSS -- for creating dummy websites Lua -- extend wireshark Ruby -- extend metasploit
in order of priority. you can go your whole life learning most of these, and just googling it when a situation arises.
James Robinson
=== /sec/ News >Irony meters explode as WordPress GDPR tool hacked, cell network hack shenanigans, crypto-backdoors, etc... theregister.co.uk/2018/11/10/security_roundup_101118/ >Roundup This week we had broken promises in China, broken keys in Steam, and broken ..err, everything in Apache Struts. >Here's some other stuff kicking off in infosec beside everything else we've reported since this time last Saturday.
The world has enough fools to keep /sec/ people busy for the entire foreseeable future and then some.
Jonathan Harris
let's talk hardware briefly. Zen 2 will be the CPU to own
I may order myself a few parts if my court case goes favorably. Full plate GPU water cooling, ordered from China. I plan to semi-regularly add copper/silver drops to the solution. balancing pH and UV exposure will also help kill unwanted bacteria. Zen 2 will be the CPU to own...I want to write my own frequency scaler and become as source mage for a minute so I can take on irl unperturbed by glitchy or dumb UI. gotta get a 144 Hz low latency Freesync ViewSonic with non pwm dimming also: XG2401
Ian Young
I've heard that hackers have started using AI. In what way do hackers use AI as of now? And what are the possible future applications of AI in hacking?
mmm now I'm looking at portable projectors .................... imagine the possibilities of being able to project your viewport on any surface... you could stream RT in liberal safehavens or introduce fellow cyberpunks to new ideas with slideshow style presentations...anywhere without it even needing to have the overhead of organizing an auditorium or the whole works...
Nathan Phillips
binary decomposition and repainting into legible code for proprietary software...
Samuel Richardson
chatbots real time object recognition (yolo) rigging videogame economies
Thomas Perry
actually I'm watching yolov3 demo right now and it's got some irritating quirks. doesn't do well with context and thinks donkeys/mules are horses...and fireplaces are chairs...b-but it's real time and yet this is version 3, bugging as I'd expect an alpha software
Kevin Kelly
stupid blaring pop music and camels labeled as horses yikes
Camden Campbell
intelligence is organic AI is a trope, a category of projects that will be put into the pigeonhole to make them digestible for the public AI is just machines learning from machines, finding the point of departure and managing grammar is the job of an AI developer. there will be a few smash hit programs that really embody the need to have machines tackle spacial information/bridge gaps in knowledge, and spit out something delectable ...
some more tasks I would trust for "AI" is translation between UI toolkits and sanitization of wikis (undoing censorship, cleaning broken links/references, throwing warnings when sentences to weird unconventional stuff that makes readers pained, improving images)
I could also see AI improving visually lossless compression to the point where it's a sea change
are frozen waffles the most cyberpunk breakfast?
Xavier Kelly
waffles.fm
Luis Richardson
look how gay I'm being right now someone stop me before the thread tanks
I feel like connecting to a BBS is enough of a challenge.
If you want to convert larpers into actual hackers, why not offer them challenges? Those willing to even attempt the challenge obviously show more promise than those who don't bother to try.
Blake Sanders
Laughed and laughed
Eli Cruz
>Zen 2 will be the CPU to own OK, why?
James Long
youtube.com/watch?v=HCQVG7mfT1I&t=47s >Zen is held back by frontend, frontend will be improved on Zen 2 no idea what this means but super stoked bro :) buy one on Amazon with my affiliate code
Ian Turner
I also don't expect much improvement in terms of CPU performance over the next 20 years. The generational gap should increase to reflect the lack of performance gain. I have confidence that AMD will transition to the 7nm process smoothly for CPU, and will purchase on day 1 if their new 7nm GPUs launch without hiccups.
Thomas Watson
is learning Lua worth? wireshark and nmap both use it; anything else?
David Hernandez
I appreciate your enthusiasm. A modern CPU, however, is probably loaded with government mandated backdoors.
>I also don't expect much improvement in terms of CPU performance over the next 20 years. I agree. A new architecture is way overdue, x86-32 and -64 are revolting with layers upon layers of added cruft. Sadly RISC-V is excessively orthodox and there are severe doubts about performance.
it doesn't matter about backdoors in your desktop PC dude, if you have a opensource firewall without backdoors the governments can't touch your stuff, remotely anyways.
Brayden Peterson
and if you're on a public network, just make the firewall portable and give it a de-botnetted wireless card.
Zachary Perez
Cool idea for a thread op but we need more about le grandma finding my computer, traps and reddit
Parker Reyes
no, keep it away from me never post about those things itt
Alexander Morris
>final year computer eng >individual project is to break into closed wifi systems >reading up on krack attacks Cyber security is gonna be a wild ride
James Miller
Recently heard about it. What's the issue with it?
Andrew Long
no issue, they just wanted to get me off their territory I suppose. hack the planet, I don't use wifi krack attack sounds like something out of phixion
So I have a dilemma I want to get into cybsec stuff, but I find learning python boring as all hell are the other languages less boring? I understand its not always gonna be the most exciting thing in the world, but does it ever stop being boring?
Do you know what make great the BBS of old? They were places of file exchange and menu driven interaction. Let me give you a talk on the subject youtube.com/watch?v=RvhLK8Mbw_g
Brayden Adams
anyone here a water sanitation engineer or work with water treatment ics/scada stuff? i just read that report and it was pretty scary, but i had a question. the main threat people seem to be worried about is someone adding chemicals to the water and the usual answer to that is that it would be almost impossible to add enough chemicals to actually do something. what about taking out the chemicals? if you don't treat the water then it would basically be mexican brown water that could kill you, right? are there failsafes in place to make sure that kind of thing doesn't happen? i know they do testing of water supplies, but i don't know if that's automated at target collection points or manual.
>inb4v&
i have a water filter already. i'm just scared that the russians or some crazy muslims will do something.
Chase Gutierrez
Are there any good hacker communities/forums online? Whatever color hat
Samuel Perez
ICS are very insecure. Good thing is most of them are offline. Bad thing is only most. Abour 20% of US ICS are online and are still running xp sp2. The only thing stopping anyone ig getting immediately vanned. Good luck
Adrian Bell
HackForums /s
Logan Myers
accomplishing things isn't boring. you're probably just memorizing syntax
Daniel Williams
the water treatment and control ics stuff in that recent paper talked about how many systems are discoverable via shodan. most of them were outside the us, but they were running junk software that was out of date and usually had default user/pass stuff still enabled. cyberwar seems on the horizon and iran and syria have groups that are already targeting scada systems. you can buy a step 7 demo board for $130 on alibaba. forget iot botnets built by pros who link a handful of different devices into something that makes mirai look like the morris worm.
If the failsafes are integrated into the system, they're almost useless in that scenario. Just think about stuxnet - it worked by operating the uranium centrifuges beyond safe levels while control systems were reporting everything to be fine. As long as there's software involved, there'll always be a way around
Eli Nelson
i was thinking there might be offline pure hardware failsafes to detect if water leaving the treatment plant passed a certain tds level, something that would be an independent enclosed system so it pretty much couldn't be hacked by anyone outside of the facility, just a sensor connected to a loud horn and spinning red light, ya know? same thing with downstream water testing where certain chokepoints would have tds meters and maybe other things like arsenic and lead testing devices built in and operating on a daily schedule, but that might be too costly for a city to deploy.
Christopher Clark
What attack vectors don't rely on social engineering?
Thank you user. I was just thinking of the CEH as a neat addition to my resume before passing ECSA, and I'm currently studying for two degrees, which are one non-meme master's degree in IT engineering, and a more memey one that has nice technical courses. I'll do some CTF when I'll be more technically proficient. In the meanwhile I'll do some rootme and steganography. >bash Been using it for GNU/Linux admin for 4 years, I still need to learn scripting >C Studied it for six months, learned the basics up to and including memory management. I should get back to it in my free time >Assembly I learned a bit of Motorola 68000 for fun, I should learn Intel ASM seriously >Python Gonna have classes for that >JS Can read it somewhat ok >Powershell Can't seem to find a decent tutorial online for it >Php Already learnt some >SQL Learnt it extensively along with Merise for DB representation >HTML/CSS Learnt only the basics >Lua/Ruby Will learn when I find some goddamn free time, for now I'm busy working to pass CCNA 3
Christopher Hughes
How do you use Bash for 4 years and not know scripting?
Asher Thomas
Only thing I do is networking stuff, like editing config files and setting up various servers, I must have whipped up some init script for a service on Debian a year or two ago and know the very basics, but I wouldn't trust my ability to not write shit code.
Dylan Hughes
You have to get into scripting. It's a whole other level of power. Find anything and automate it. Editing config files? Use sed to do it and write a script to accept target file and edit to make. Setting up a server? Automate it via script so you can feed package name to a script and add options. Bonus: make it so you can use ssh to remotely do the changes without having to login.
Ethan Wright
Doesn't ssh require logging in...?
Blake Lopez
You're right, I definitely need to get into scripting in order to save some time, but I always feel uneasy at the idea of automating anything in case I fuck something up. Not to mention I never got around to using sed.