/cyb/ + /sec/ - Cyberpunk and Cybersecurity General

Thank you for the responses and the ideas for the zine. As one of you guessed I've already mined the FAQs for the previous seven issues but I still have some stuff left over to put in this years zine. I'm thinking a zip bomb tutorial, usenet guide, encryption how-to, homemade suppressor and something on nootropics or other, harder drugs. I'll also used one user's idea to list books and movies. As you can probably tell this zine isn't intended for those with a ton of technical knowledge but more to give the average Joe a taste of what cyberpunk is all about as I do only distribute them to the local public and not online. I also lean heavily on manga for art within the zine due to it popularity on campus. I'm going with Alita this time around since it's currently in the zeitgeist. Thanks to all of you for these continued threads. My cyberpunk obsession wouldn't have gotten this deep without them. Again, if anyone would like to contribute or has any suggestions I'm all ears.

Attached: cover.jpg (448x790, 241K)

Bro cheers,thanks for the direction to the right ftp!

Haven't seen this site in a while; I was sat at first place for quite a while.
So atoi translates a value's ASCII representation to an integer, from the context provided it looks like all you need to do is make the "password" return the value of 0xcafef00d when passed into atoi. Remember to take byte order into account also.

It turns out the ZIP bomb is not mentioned in the FAQ. Here is the article earlier discussions were referring to:
blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html

Addemndum: here is the funny story
hackerfactor.com/blog/index.php?/archives/762-Attacked-Over-Tor.html

I'm working on a beginner's assembly programming course. It should fit on a image that can posted on Jow Forums. I'll post it when I'm done.

trying to type a basic assembly execve program that launches a shell
and for some reason it doesn'ttry to launch /bin/sh but something like "shHsh/bin(random stuff)"
a hexdump showed me that it was indeed that thing that was written into the memory

xor'd eax/bx/cx/dx
pushed eax (null)
pushed 'n/sh' and then '//bi'
wrote esp into ebx
put an interruption

(i did specify bits: 32)

(and i did put 11 into eax)

hacking is dead

Call write first with a parameter of "ABCDEFGH" to make sure it gets printed in that order. Normally, you would have that string be in the initialized data section, and pass it the address through referring to the label. But I assume you're practicing smashing the stack.

also, you have to include a null byte at the end of your string.

Why not publish on the net, say, a year after original release?

"Corporate Cannibal"
youtube.com/watch?v=Cc61C-VsTko

Pleased to meet you, pleased to have you on my plate
Your meat is sweet to me
Your destiny
Your fate

You're my life support, your life is my sport

I'm a man-eating machine [x2]

You won't hear me laughing, as I terminate your day
You can't trace my footsteps, as I walk the other way

I can't get enough prey, pray for me [x2]
(I'm a man-eating machine)
Corporate cannibal, digital criminal
Corporate cannibal, eat you like an animal

Employer of the year, grandmaster of fear
My blood flows satanical,
Mechanical, masonical and chemical
Habitual ritual

I'm a man-eating machine.. [x2]

I deal in the market, every man, woman and child is a target
A closet full of faceless nameless pay more for less emptiness

I'll make you scrounge, in my executive lounge
You pay less tax, but I'll gain more back

My rules, you fools

We can play the money game
Greedgame, power game, stay insane
Lost in the cell, in this hell
Slave to the rhythm of the corporate prison

I'm a man-eating machine…
I can't get enough prey
Pray for me
Corporate cannibal…
Digital criminal…

I'll consume my consumers, with no sense of humour
I'll give you a uniform, chloroform
Sanatize, homogenize, vaporize… you

I'm the spark, make the world explode
I'm a man-eating machine, I'll make the world explode
Corporate cannibal…

Attached: 60721e6a-bae4-4779-9ff3-eb6c9eddad2c..png (2560x1600, 438K)

Wrong previous

fixed a mistake, now get segmentation fault
write does work if i don't push and call just before declaring the string

post your assembly code

More open questions in addition to .
Looking fo rinforamtion on Pic.

Attached: BB_Compendium.png (989x611, 41K)

not that user but absolute goldmine. I need to find more blogs of these

Haha, yes, the text is pretty Gibsonesque too:
>Bobby and Chuck were almost as fast. Bobby downloaded 8 of the 1 gig zip bombs and then vanished. Chuck could handle the 1 gig zip bombs, but couldn't handle a dozen of the two-gig bombs.

that's a truly shitty list

Have y'all read all of phrack magazine? That website in general is just woh.

Movie/TV suggestions-

"Deep Web" - Documentary regarding the case against Dread Pirate Roberts and the Silk Road.
"Operation Freedom Downtime" - documentary about Kevin Mitnick's time spent in solitary confinement awaiting trial and the cultural/media responses to hacking.
"Ghost in the Shell" - Anime is technology
"Metropolis" - The singularity, but, in a 1927 German Silent Film
"Altered Carbon" - If HBO had a Cyberpunk Noir

Attached: FB_IMG_1440948174673.jpg (960x960, 122K)

The last 3 are in the FAQ.

Made a how-to for learning assembly. It's a decent book but about a quarter of it is tangential and not really necessary. It's one of the few books that teaches amd64 though.

Attached: asm.png (1107x2793, 381K)

Ya got me

Attached: FB_IMG_1440948183408.jpg (960x960, 106K)

In many cases, especially in the embedded world, ARM is a more popular ISA. RISC-V is expected to make major inroads soon, WD is expected to have 3 RISC-V processors on each hard disk.

If you want to go full on retro there is the 6502 which 40+ years after introduction is selling 200 million units per year.

see

Attached: putkevinback.jpg (1200x348, 53K)

I have read bits and pieces.

And his reminds me that we still need the Dose Magazines. I have obtained full PDFs of issues 1, 2, and 3; but we are missing issue zero.

I have opened a new sub directory, Zines, under which I placed the 3 issues in TheDoseMagazine:
ftp://collectivecomputers.org:21212/Books/Cyberpunk/Zines/TheDoseMagazine/

Attached: TheDose4.jpg (904x1277, 576K)

i imagine if you know intel, it won't be hard to pick up ARM

Just a heads up that LWN releases the free versions on Thursdays and that has a section on security. The canonical URL for the free version is always
lwn.net/free
Two of the main features are /sec/ related:
>A container-confinement breakout: details on a recent container vulnerability.
>The Thunderclap vulnerabilities: the kernel remains vulnerable to hostile hardware.

hacking is as dead as the wild west

see, I'm liking this style, I'm even listening to some of the DJ's music. And like, this isn't so bad, I could get into this culture. Except, I have been stepping away from scene/goth because drugs. Drugs r bad. Or rather, are incompatible with my particular path to success.

Just reading up on format string vulnerability, why does the format string itself get on the stack so it's bytes can be accessed through stack offsets? Does it really push the whole string on there? Thought it was typical to push pointers to strings on to the stack?

yeah it's called penetration testing now

yes, printf does do that, on x86 at least. it pushes the string on the stack and then pops bytes as it interprets it

wait sorry i'm actually not sure. i think sometimes you have to pop enough bytes off the stack with %x to get to where the string is actually defined, where it's a local variable of the calling function (which means it's far up on the stack).

gross, why would i test penetration

yeah i remember now. the string is passed by reference as always. but if it's a local variable of a prior function frame, you can still get to it. in that case, it won't be that far away. you do enough %x's to get to it, and can use the width specifier to do arbitrary writes

Mean no offense to cyberpunk fags, i really love akira since i was a kid back then and it's plot telling how shit and gloomy the future is but seeing this red high rpm bike being referenced to hell fucking bothers me.

Thanks mate, ill give that a go

Awesome. Thank you for sharing, user.

My accomplishments of the week: Got into hackthisbox.eu and solved 4 stenos so far. Settled on Kali KDE, and am excited about what I will learn, but also realize that I know fuckall, because even the easiest retired machine I didn't know what to do on, without watching a walkthrough. Tips?

I was in the same boat, i still know fuck all, just a little bit more than i used to. Honestly just google things, and if you do use a walkthrough, only use it to get over what you are stuck on, and then keep going without the walkthrough.
LiveOverflow on youtube is pretty good when it comes to tutorials and explanations of recent big exploits. The first big step is really just teaching yourself how to learn.

Well, now's the perfect time to figure where to go after Jow Forums gets Chinawalled by politicians. Will the answer always be IRC?

>Jow Forums gets Chinawalled by politicians
What?

>chinawalled

Entirely depends on how the server is handling the parameter. 504 Just means the website tried to give your parameter to something and never heard back. All in all it's not likely you're damaging the website.

China has its firewall, and after the shooting today they're going to port it over to America.

Well, probably.

Jow Forums is regularly in the news so firewalling it will be hard.

=== /sec/ News:
Code is not just running on computers, DNA is the code for cells:
>BBC - Capital - Who’s making money from your DNA?
bbc.com/capital/story/20190301-how-screening-companies-are-monetising-your-dna
>If you’ve ever sent off your DNA to an ancestry or health-screening company for analysis, chances are your DNA data will be shared with third parties for medical research or even for solving crime, unless you’ve specifically asked the company not to do so.
Probably very few do, fewer than read the fine print. And fine print there is:

>She rejects the idea that customers don’t understand whether they are agreeing to share their data, pointing to a “very explicit” three-part consent document that asks whether customers want to consent to research, and whether they consent to this research being shared with third parties. The key thing, she says, is that their research relies on people answering survey questions. “Their genetic information, if they don’t provide the survey information… is really not interesting to us. So not only do they knowingly consent, they have to affirmatively participate in these studies.”
Essentially yet another click through.

add anime to the list:
ghost in the shell
akira
ergo proxy
texhnolyze
serial experiments lain
psycho pass
steins;gate
cowboy bebop

I really hope the gobbermint shutsdown Jow Forums

>ghost in the shell
>akira
Both are in the FAQ
>ergo proxy
Why? It sure is post modernism overload but I don't see the /cyb/ angle.
>texhnolyze
>serial experiments lain
Also in the FAQ.
>psycho pass
>steins;gate
>cowboy bebop
Why x 3 ?

>Why? It sure is post modernism overload but I don't see the /cyb/ angle.
Not same user but that part of "Perfect citizen" really got me hard.

>>ergo proxy
>Why? It sure is post modernism overload but I don't see the /cyb/ angle.
This, so much this. Ergo Proxy has no components of cyberpunk except for the androids.

Not sure I see how, can you tell us more?

it's more likely their web server is forking a process to deal with your request, and that process then crashes. the web server itself isn't affected.

Hey lads, I don't want to shit up the thread too much but I'm just looking for advice. I don't know shit about IT or PC's in general but after some research Cybersec really jumped out at me as an interesting field, I decided to enroll back into school for an associates in it and to pick up some certs because I'm sitting here directionless at 25 and I need to start heading towards a career. What are some tips you guys could give a newbie trying to get into the field? Have any of you went to school for it? If so, did it help? My associates comes with 5 vouchers for any certs, which ones are key?

The /sec/ FAQ on the FTP site is a good start. And keep in mind that this can be a really intense job.

i graduated with a BS in CS, but i could only get jobs with data science and software development crap, so i went straight back to get a masters in a CS program tailored for cybersecurity. i'm glad i did. this stuff's way more interesting and i have cybersecurity internships lined up so i can get work experience.

If you're paying for your own certs, don't get the GIAC ones. they're way overpriced. OSCP is good for penetration testing and CISSP is good for managers, other than that I don't know

Thank you lads, I can handle intense, and I'm ready for a "big boy" job. I just can't keep working part time at a grocery store forever. I think the way it works is that I have any 5 covered under tuition and then I get discounts on any I take afterwards (I'm going to be attending a tech centric school) so I figured I should make 3 the basic ones (A+, Net+ and Sec+) unless those don't carry any wait in cybersec. All the jobs I've looked at here in Virginia say they either want certs a bachelors or both though

Where in VA are you? University of Richmond and VCU offer good courses for certs from what I hear. There's also a cybersec group/hacker group that meets in Richmond every third Thurs of each month (or something like that.)

Looks like Beto O'Rourke is gonna get some credit in /sec/ circles:
reuters.com/investigates/special-report/usa-politics-beto-orourke/

>While a teenager, O’Rourke acknowledged in an exclusive interview, he belonged to the oldest group of computer hackers in U.S. history.

>The hugely influential Cult of the Dead Cow, jokingly named after an abandoned Texas slaughterhouse, is notorious for releasing tools that allowed ordinary people to hack computers running Microsoft’s Windows. It’s also known for inventing the word “hacktivism” to describe human-rights-driven security work.

>Members of the group have protected O’Rourke’s secret for decades, reluctant to compromise his political viability. Now, in a series of interviews, CDC members have acknowledged O’Rourke as one of their own. In all, more than a dozen members of the group agreed to be named for the first time in a book about the hacking group by this reporter that is scheduled to be published in June by Public Affairs. O’Rourke was interviewed early in his run for the Senate.

What a world we live in. This headline fresh from Slashdot:
>Consumer Groups Want To Tax Facebook To Save Journalism (vice.com)
When will we read
>Consumer Groups Want To Tax Journalism To Save the Truth (onion?.com)

Virginia Beach at the moment, though we're probably gonna move after school. My brother and I are both heading to ECPI since we know a couple of people who had good luck after graduating there and from everything I can see online their degrees aren't worthless

>Japan's buddhist robot preacher
youtube.com/watch?v=_XdQugsDz8E

>In Japan a spiritual robot is making the teachings of Buddha more easily understandable. Preaching in the Kodaiji Temple in Kyoto, the aluminum and silicone robot priest stands almost two metres tall. Its creators hope it will encourage people to take more of an interest in Buddhism.

I'm looking for a good zero-knowledge encrypted cloud storage. What are my options?
I have been eyeing pCloud lifetime 2TB for one-time payment, but that seems expensive for amount of data that probably won't be enough in a few years.
Is there a software that could store data securely on botnet services like Google Drive?

rclone.org/crypt/

Cashing out hacked paypal accs on tor. Monero, tails and decentralised exchange the cyberpunk way or is the gov already a step ahead?

No shit, I'm in Williamsburg not far from you, small world. If you're looking at ECPI, I'd also rec looking at Community Colleges in VA, some good programs. May be worth looking into taking some night courses at them. VCU and UofR also offer online courses relating to comp sci that (I think) have lower tuition for in-state students.

No kidding? We go down there every summer for Busch Gardens, Colonial Williamsburg is fun too. I actually went to a local community college for a bit (TCC) for general science before I had this career epiphany, but I didn't know if a degree from them was worth as much as one from a specialized school. On the bright side my gen Ed class credits will transfer which is gonna save me a decent chunk of dosh.

So I have to be on the road a lot right now, and instead of taking the plebtop with me I'm thinking of SSHing through phone.
Any terminal emulator or ssh thingy for android?
that has ssh-keygen so that I don't have to log in manually all the time.

I usee the free version of JuiceSSH and I've been pretty happy with it.

Looks alright, thanks.

It is possible to learn cyber security online?
It will be possible to find a job after?

opensecuritytraining.info/Training.html

get a cert like OSCP after for employers

So, today's packpub freebie is pic related, seems like an interesting video which could be of interest for many here.

packtpub.com/packt/offers/free-learning

Attached: freebie.png (810x1000, 59K)

I mean, it was 8ch that had the OG thread and had the muh pedo hitpieces against it recently

Apparently the chinz got firewalled in NZ
reddit.com/r/Jow Forums/comments/b1aqz4/pol_member_commits_mass_shooting_in_new_zealand/

>also yes, i know, plebbit

Desperate late nite page 9 bump

Attached: 1527264738748.png (657x527, 25K)

New Zealand authorities demanded that the video footage and other ephemera be removed from the Internet, so while websites like Twitter and Scribd complied, 22/23chan, KiwiFarms, and other sites where it was not possible to remove the footage were firewalled and made inaccessible.

Fun fact: Apparently US law enforcement and other PDs have reached out to the Farms in an attempt to get copies of the video since it's being taken offline everywhere else.

Sunrise again.

Attached: _.gif (1152x1152, 2.55M)

sauce?

Attached: atmos.jpg (3996x2250, 864K)

> What are some tips you guys could give a newbie trying to get into the field?
Realize that to be good at infosec, you have to understand the technology itself. If you want to be good with development and application security, study those. If you want to focus with network security, start with networks. I wouldn't recommend A+. Network+ is ok.
> Have any of you went to school for it? If so, did it help?
I went to school for computer forensics. I'm in a different area (crypto and wireless) but I'd say the experience and exposure definitely helped.
> My associates comes with 5 vouchers for any certs, which ones are key?
Start off with the associates and a good general infosec cert. If you are planning to work with the fedgov/dod, look into DoD regulation 8570, it outlines what certs are required for what level of positions. Take time to look into each aspect of infosec (application/development, crypto, networking, etc) and find which interests you the most. The field is broad and you can't be an expert in all things, especially at the start. Pick a niche after you get the basics.
>General certs that required little to no work experience (pick one)
Sec +, SSCP, GSEC
>PenTest
OSCP is still the best, although CEH is more recognized by the government, although it's a sham really.
>Information Assurance
CAP (RMF focused)
>Necessary once you are in the field
CISSP
>Wireless networking
CWSP, GAWN

apparently it's made by someone called waneella

Attached: waneella_1.gif (540x960, 347K)

It’s not it’s just not as fun or easy as it used to be

How do you buy monero with PayPal?

How do I expand my knowledge of interwebz? I just finished Network +. What would be the next step?