Just finished up with a cyber and physical pen test on a government agency before Christmas. Fly out in two weeks for a 1 month full red team op on a major utility provider.
...yet I still accidentally locked myself out of my apartment yesterday and had nothing on hand to pick the lock back in.
Imagine my shame when I had to get a locksmith out.
I'm sure they make picks small enough to fit in your wallet
Nathaniel Parker
Hello me
Liam Harris
I have picks in my wallet. I literally was locked out with nothing but my phone. Was taking the trash downstairs and grabbed the wrong set of keys heading out.
Jaxon Wilson
so is this stuff fun?
Samuel Peterson
Pays good. Unique working environments. Sometimes boring. Sometimes stressful and intense. Get to be technical and creative at the same time. ...yep, I enjoy it.
Lucas Young
hey frens, I am interested in learning cyber sec part time but there are a lot of learning links up there. Is there a specific order priority wise in which I should delve in or do I just start from the top and work my way to the bottom?
Daniel Jackson
Im working on getting my oscp cert atm. Do you guys have any tips for me?
Isaiah Hernandez
Monster Energy Drinks
Kevin Ramirez
Why is there a book named "People of Color Get the Fuck Out" on your reading list?
Christopher Richardson
Awkward
Gabriel Johnson
did you sign uo already to take the tests? if not try doing the hackthebox.eu labs.
Camden Edwards
How do I get into the field? What are mt options in europe?
Jackson Ross
In a professional pentesting environment, how important is social engineering vs exploitation? or are they both equally as important to get good at?
Connor Brooks
No one cares. Fuck off back to hell where you spawned.
We started doing static code analysis on our apps. The developers threw hissy fits over needing to fix the security issues but now have most of the critical issues under control. Then we scanned all of the open source libraries they use. They're were on the verge of tears saying they can't go without open source libraries but also can't fix the open source security issues because there are so many of them. Senior management just sees the number of vulnerabilities in our apps and is freaking out. They're demanding it all get fixed, the developers say it is impossible and we should just live with the vulnerable code because no one would want to hack us anyway. We do back office processing for insurance companies and have plenty of PCI data. It's disturbing to see grown men holding back tears as they realize how fucked the next few years of their lives are going to be remediating all the vulnerable code.
Jordan Lee
Get mgmt to hire contractors to fix it :)
Ayden Lewis
I haven't been to Jow Forums in a while, is this the new version of hackerman general? I hope it's doing well.
>inb4 dead before bump limit fucking always always. Actually I don't know where to start. I already know a bunch about Linux, but not on the security, privilege escalation and shit. I know how to be secure myself but I haven't started to use virtual machine to try and gain root
Aaron Jackson
Is there anything you should know before you read these books and is there any preferred order of reading? I started reading Hacking: The Art of Exploitation ages ago and it seemed like it was probably a good starting point, dabbling in a little bit of a lot of different things.
Cooper Morales
Can't fight poo with poo.
Charles Allen
No not yet. Ill check that out thanks.
Cooper Robinson
It depends on the type of engagement you're on. Some engagements are technical tests only, some are more broad.
The recent op I just finished up entsiled both. But in my professional opinion the human is almost always your weakest link. High level security is meaningless if you can get people to just give you their login details...which is exactly what we did on the last op. I also bypassed the client's physical security by pretending to be a printer tech and tailgating employees through security doors.
Hacking people is way easier than hacking networks and cracking passwords. Maybe less so if you have the social skills of a potato.
Daniel Brown
Doing a hackthebox and trying to put my dick in telnet
Adrian Davis
Whoever makes the next thread should add 2018 pico ctf, netgarage, and microcorruption to the CTFs.
Wyatt Morris
I would start with a good architecture book (I like Digital Design and Computer Architecture or something by Harris and Harris). Maybe an OS textbook too if you are looking at that kind of low level exploitation. And maybe a Python textbook (I like Introducting Python).
David Torres
Do lots of vulnhub and hackthebox.eu vms. Don't spend too much time on them; you can read/watch walkthroughs when you get stuck.
Jonathan Jackson
What the fuck did you just fucking type about me, you little bitch? I’ll have you know I graduated top of my class at MIT, and I’ve been involved in numerous secret raids with Anonymous, and I have over 300 confirmed DDoSes. I am trained in online trolling and I’m the top hacker in the entire world. You are nothing to me but just another virus host. I will wipe you the fuck out with precision the likes of which has never been seen before on the Internet, mark my fucking words. You think you can get away with typing that shit to me over the Internet? Think again, fucker. As we chat over IRC I am tracing your IP with my damn bare hands so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your computer. You’re fucking dead, kid. I can be anywhere, anytime, and I can hack into your files in over seven hundred ways, and that’s just with my bare hands. Not only am I extensively trained in hacking, but I have access to the entire arsenal of every piece of malware ever created and I will use it to its full extent to wipe your miserable ass off the face of the world wide web, you little shit. If only you could have known what unholy retribution your little “clever” comment was about to bring down upon you, maybe you would have held your fucking fingers. But you couldn’t, you didn’t, and now you’re paying the price, you goddamn idiot. I will shit code all over you and you will drown in it. You’re fucking dead, kiddo.
Evan Turner
going to install either Debian or Centos to arm a hackbox. Which one and why. Debian big repository can suck my dick because I rather compile to not have 3 years old software
Luke Martinez
install gentoo
but unironically though, why? If you're trying to install a bunch of hacking tools, go for ParrotSec or Kali because most tools will be preinstalled. If you want something to practice hacking, CTF often provide docker images for challenges or metasploitable will provide you with enough practice.
MIT isn't very good at security shit Should have said ucsb or cmu
Jeremiah Wood
probably because even if you hack into it you won't be able to do anything cause it's all gibberish to you anyways.
Joseph Nguyen
what, why would I install something that is insecure by default for security purposes?
Jack Clark
how to start a career in this? i am good at programming and decent at ctf
Jaxon Nelson
lmao you could make pretty much any linux system to be default if you strip shit away. In fact, if you want to be super secure, a bare bones OS like gentoo where you have to install all the shit manually would be best.
The most insecurities come from your browser if you're just a normal person. Somewhere, maybe on the wiki, there is a guide on how to de-wire your firefox browser. Alternatively, you could just use icecat.
To be ahead of most trackers is quite easy, actually.
Camden Anderson
huh no? If you don't get proper security updates and you let ssh open what do you think could happen, Gentoo and slackware are dead projects. I don't want to worry about my shit getting ddos'ed because I have to manually patch my packages against CVEs or wait months for the incompetent devs to port it. If ever, they would just push the upstream fix on the package and break everything
Angel Butler
Browsers are probably the most secure things on your computer, Google does a ton of fuzzing internally to find most chrome bugs before release, Firefox isn't as good, but it's pretty close And none of you are important enough for someone to burn a browser 0day on you
Nathan Nelson
lmao who just randomly starts an ssh service nigga?
>Google >security lad they have control of your brain if you use chrome. I'm not talking about "this small exploit with some special version in an abandoned closed source project". I'm talking about every day tracking.
If you want security from outside, sure, trust jewgle and stuff. If you want security from them as well, you gotta do the hard stuff that Jow Forums constantly shills about.
You're not going to be secure privacy wise regardless The NSA decrypts literally all SSL traffic in the us at their Utah data center
Grayson Gray
so you have no arguments? the absolute state of kalitard kiddies
William Hall
lmao you would you rather protect yourself from script-kiddies + jewgle or give yourself up to jewgle to protect you from script-kiddies (bonus offer: hot sexy singles in your area who want to fuck).
you can at least make it damn hard for them to know anything about you. You can also use a VPN and/or Tor to protect your IP.
Is this unironically a good reading list? I'm totally new to this stuff but I've seen some of these before for subjects I know about that were retarded.
Brayden Lopez
>The NSA decrypts literally all SSL traffic in the us at their Utah data center
l o l
Levi Mitchell
there are 2 options: waste your life running from imaginary "jewgle" bogeyman or have more time to make money. I choose the latter. >The NSA decrypts literally all SSL traffic in the us at their Utah data center lmao good meme
Joseph Hughes
is there any type of reading that could explain hardening a internet facing linux distro? Everytime I set up a server I always feel like its vulnerable.
Robert Taylor
l2google
Oliver Ramirez
Just close every port
Dylan Flores
i could do that or I could get some wisdom from here.
Andrew Wood
Depends on what service is Internet-facing. A lot of it is context specific. For starters, learn how to use iptables and only permit traffic that you expect should exist. For internet-facing services you can set up something like fail2ban to catch common forms of attacks. Security is done in layers, and you want to put as many road blocks at each point as possible. So you could keep your service running in a chroot jail, so that even if someone roots your application, they wont own your server. Selinux is also very powerful, and you should try not to be one of the people that don't understand how it works and turns it off as part of setting up a server. Likewise, proper filesystem permissions and account delegation can help prevent exploits as well. If you set your service to run as a certain user account, and that account can't execute files from directories that an attacker might be able to upload to, then that can help prevent exploits. Don't just run everything as root. Additionally, it's good practice to limit a server to one service. If the service is compromised, it makes rebuilding easier, and you can also prevent them from exploiting other services by blocking traffic between your servers to only what is necessary.
Jason Reed
thanks m8
John Long
opinions on bug bounty programs? i was looking on h1 and it looks like you can get some decent cash from finding xss vulnerabilities.
Levi Anderson
only good answer so far: securing Debian, it's on their wiki
Jack Young
Another thing that a lot of people neglect to do is set up a logging server. This is pretty important for root cause analysis because if someone actually does root a machine they can wipe logs from it. If the logs were forwarded to another server as the attack was underway, then you'll still be able to analyze what they did unless they also compromise your logging server.
Gavin Adams
Most of those are absolute last resort tactics. If you're at the point where someone has gained access to your server and you're down to preventing unknown stack/heap/whatever attacks then you've still already got a problem that should have been addressed at a higher level.
Oliver Wilson
>wisdom This is Jow Forums. The majority of the users here don't know shit about shit. You're not going to get wisdom. You want to learn? Read. What should you read? Look into SELinux, find out why and what they do. Look into Hardened Gentoo, find out how (and why) it is different from Gentoo. Etc. Etc. You need to figure out your threat model. That's all. Good luck, have fun, and get the hell out of here. I'm here for two things. pdfs and lewd images.
Evan Sanders
>users here don't know shit about shit you'd be suprised
Jose Perry
hacker's playbook, hacking exposed, black hat python/violent python/c# books are all kinda lame. they have a lot of practical info, but very little theory so what they teach will be out of date in 3-5 years or so. you could do better by just looking at the table of contents of each of those books and researching the stuff yourself.
Liam Sanchez
I agree with Hacker's Playbook but disagree about Black Hat Python and Violent Python. They will help teach you to whip up scripts in Python based on core TCP/IP protocols, which is a skill that will probably be valuable for the rest of your career.
Jeremiah Kelly
I'm doing RedCross on HTB, I think the only thing left for me to enumerate are subdomains, but since there's no DNS I was adding the hostnames into /etc/hosts (eg: 10.10.10.113 intra.redcross.htb), sadly there's no support for wildcards and I can't seem to be able to setup dnsmasq so I have to add an entry for every subdomain. The problem is that I can't seem to find hints for other subdomains, so I made a python script that makes the requests to the ip with a different host header to check for other subdomains but it is very slow and I'm lazy to rewrite for multithreads. Is there a tool to do this or am I doing something stupid?
Brandon Thompson
you can find the stuff they have on the internet and by looking through code docs. you don't need to spend money on a book.
Eli Sanchez
But a book can organize it better, no?
Josiah Rogers
In my experience... not always. Some free resources are well organized. But if you can get these books for free, what's the harm in trying
Leo Fisher
Is this good advice? Watching walkthroughs if you get stuck? How long should one try to figure it out thenselves before calling it?
Grayson Gonzalez
what do you mean by "figure out"? Is watching a walk-through considered "figuring it out"?
Not that guy but I assume he meant how long should he try before looking at a walkthrough.
When I get stuck and have to go to a walkthrough I try to use as little as possible and go back to it, e.g. if it says to use nmap to scan something don't copy their command instead try to figure it out yourself by reading documentation/watching guides and then compare your result to the one from the walkthrough. Also once you are done check multiple walkthroughs as there are often different methods used.
Carter Cook
Bumping with silly question, how would you keep yourself safe and connectable to the maximum while torrenting? I thought on some iptables rules dropping everything I do not want to but I would be limiting the amount of ports anyone can connect, am I right:?
>the developers say it is impossible and we should just live with the vulnerable code because no one would want to hack us anyway.
What
Adam Davis
Acceptance. The final stage of dealing with FOSS code.
Kevin Watson
I've been doing overthewire bandit challenges and it's been fun. I'm at level 12 after a day (yes i'm probably retarded), my question is, after looking at the manual for the recommended commands, and doing some googling, and still not being able to figure it out, is it ok to look at walkthroughs? I make sure to understand why the walkthrough works, not just skip the level.
I'm also doing CS50 course, can anyone else recommend really good resources for other areas of programming/compsci? Just dipping my feet in everything at the moment.
One more question - how do you guys post without using your real IP? VPN's are blocked on Jow Forums
Given the first 128 bits of the SHA-512 digest of a salted password, how feasible would it be for an attacker to find the original password through a preimage attack?
Hunter Rogers
I'm not sure about the implementation specific details of SHA-512, but an ideal hash is very difficult to defeat with a preimage attack.
Salt does not matter in a preimage attack (you're literally just trying random inputs).
Suppose that 2^n = number of bits in the hash.
Your example has 2^8 out of the 2^n bits of the hash, leaving 2^n - 2^8 bits unknown, but again, that doesn't matter in a preimage attack since there's only one correct hash. The expected number of hashes will still be 2^2^n, like in any normal preimage attack.
goddammit this question was so retarded that it's contagious.
The target of a preimage attack is, given H(original)=Y, to find any input X such that H(X) = Y.
You're not trying to find the original input, you're finding any input (by randomly guessing, in the case of an ideal hash) that has the same hash as the original. You might luck out and get the original input, but you will never know for sure given the definition of hash functions. This is literally impossible.
This shit becomes doubly impossible when you don't even have the hash Y to begin with.
Evan Kelly
My use of preimage attack was incorrect. The attacker needs to find the exact original where H(original) = Y given Y as well as a method to verify the original. I think I have the answer to what I wanted to find out now. Thanks, anons.
Isaiah Cox
Similar boat. I'm looking to get deep into the cybersecurity Feild (currently trained for PC support and administration). I know some of the basics from a security class in collage.
Where does a newfag break in and get into a bitch teir job? Payed programs or self directed?
Samuel Roberts
I meant exactly what you said. I do that for a lot of things. For example, on overthewire they'll be like "Use grep to..." so then I go back and see if I can figure it out with that hint.
Since there are multiple methods to cracking it, I think watching videos after the fact is a good idea. Didn't even consider that. Thanks.
Evan Ramirez
a) I didn't realize there were walkthroughs for overthewire b) in this case walkthroughs would indeed be giving you the answer. When i was talking about "walkthroughts" I meant it more in the context of "here is a tool, watch a YT video on how it works and then apply it to your need".
Luis Rodriguez
Theoretically, I wonder how this is even possible. I know you're talking about SHA-512, which is a real world hash, but an ideal cryptographic hash has this property:
Where H :: Z (integers) ->{0...2^n - 1}
For any random X, the probability of H(X) = Y for any particular Y is 1 / 2^n.
How can you possibly derive some specific solution (out of the infinite solutions) to H(X) = Y given only a certain Y? (in your example it's more extreme: you only know the first 128 bits of Y) Please share if you do know something like this.
Of course there are hash collisions. By the pigeonhole principle, there must be infinitely many (for at least one hash).
In practice, finding even a single pre-image is all you need to bypass the security of the hash function. For example, finding an alternate password that hashes correctly.
The user also has a "method to verify the original", meaning that if finding an input that creates a matching hash is insufficient, you can keep trying until you get the "correct" pre-image according to the verifier.
Nicholas Reyes
What are the most hackerman programming/scripting languages to learn?
Matthew Allen
if you don't code in binary you're hacking it wrong
Jose Gomez
What's wrong with posting from your house or phone? Lol.
Also yes looking up those OTW walkthroughs are fine, given what you said about trying to understand the walkthrough, etc.
Walkthroughs or tutorials of how certain programs work would be nice. But usually people just post the answer in their videos go get more views.
Henry Wright
>can anyone else recommend really good resources for other areas of programming/compsci? Read SICP
Nathan Davis
I was watching Hackersploit's metasploit tutorial. Very, very basic but super informative. It was like a "documentation for dummies" tier, which was very helpful. But why would you want to have the answer to CTF anyways? I'ts not like you're hacking a production system, it's just practice, you're supposed to learn...
I was explaining the pigeonhole principle part in that post.
The only part that confuses me so much is: How do you "verify the original" when all you get is verification that the hash of your input is equal to the hash of the unknown original input, when there are an infinite amount of inputs that could be sufficient for that?
>if finding an input that creates a matching hash is insufficient, you can keep trying until you get the "correct" pre-image according to the verifier.
That's the exact same thing.
Look, if you're given H(X) = Y, and are asked to find X given Y, if the domain of H is at least twice as large as its range, and if you find R such that H(R) = Y, there is absolutely no way you can verify if X = R, even if you compute all the hashes for every possible input. We are already working with a finite domain here, and it's already impossible at this point. We'rr talking IMPOSSIBLE here, not computationally infeasible.
Thomas Johnson
Maybe you can learn by doing AND watching, idk. That's actually how this all started, I was asking that other user if it's a good idea to watch a tutorial for hackthebox stuff. I could see how it could be but maybe the cons outweigh the pros. Though for something like OTW I think tutorials are more acceptable.
I agree though, the point is to practice and learn.
Jack Scott
it seems like it really depends on the kind of tutorial you're watching. If it's one that doesn't explain much but just "code-pushes", then it's not worth your time, otherwise you might learn something.
Samuel Gutierrez
I stumbled upon the iMesh leak from ages ago and saw that the decrypted data is still being updated. How do you even decrypt salted MD5, even if the salt value is known. All I could find about it was ancient posts saying it can't be reversed...
