/cyb/ Movies: >The Machine (2013) >Johnny Mnemonic (1995) >The Matrix (1999) >Chappie (2015) >Elysium (2013) >Virtuosity (1995) >The Lawnmower Man (1992) >Lawnmower Man 2: Beyond Cyberspace (1996) >The Terminator (1984) >Blade Runner (1982) >TRON (1982) >TRON: Legacy (2010) >Escape from New York (1981) >Escape from L.A. (1996) >Rollerball (1975) >RoboCop (1987) >Nirvana (1997) >Transcendence (2014)
/sec/ Movies: >Sneakers (1992) >The Net (1995) >Takedown (2000) >The Fifth Estate (2013) >Blackhat (2015) >Enemy of the State (1998) >Hackers (1995) >WarGames (1983) >WarGames: The Dead Code (2008) >Swordfish (2001)
Jow Forums Movies: >Disconnect (2012) >Antitrust (2001) >Pirates of Silicon Valley (1999) >Office Space (1999) >Her (2013)
/cyb/ Documentaries: >The Cyberpunk Educator archive.org/details/cyberpunkeducator >The Internet's Own Boy: The Story of Aaron Swartz (2014) >RiP: A Remix Manifesto (2009) >TPB AFK: The Pirate Bay Away from Keyboard (2013) >The Net - The Unabomber, LSD and the Internet (2003)
/sec/ Documentaries: >Hackers: Wizards of the Electronic Age (1984) >Hackers Wanted aka Can You Hack It ( (2009) >New York City Hackers (2000) >We Steal Secrets: The Story of WikiLeaks (2013) >Citizenfour (2014) >Terms and Conditions May Apply (2013) >All Watched Over by Machines of Loving Grace (2011) >Snowden (2016) [Biopic?] >Zero Days (2016)
Jow Forums Documentaries: >The Code (2001) >Revolution OS (2001) >BBS: The Documentary (2005) >Get Lamp (2010) >From Bedrooms to Billions (2014)
>We need a new OP >Let's make it the same as the old new OP but formatted differently
As the caretaker of the old new OP, I feel entitled to this REEEEEEEEEEEEEEEEEEEEE. That is to say, I'm not retarded about keeping the OP post exactly as I've drafted it out, but I'm autistic enough to demand people yell at me with any potential additions.
Personally I feel like "Jow Forums Movies" and "Jow Forums Documentaries" is too generic/encompassing for a thread as specific as cyberpunk. I wonder if I should make a "Cybersecurity Media" list based on the /sec/ movies here, though.
Jaxon Robinson
>Let's make it the same as the old new OP but formatted differently There's a decent reason for the "different" formatting, user. Pic related. I did it in good faith, nothing malicious. but since some are hostile, I'm done making OPs anymore then. Sorry.
Pic related got posted in the thread with 100% seriousness, I kid you not.
People just ate that shit up. Im not a friend of china, nor do I think script injection is a good thing, but this is a whole lotta nothing. Did packet traces myself with the script injected. No endpoints that look chinese owned. Sounds like horse shit. Could even be a chinese psy-op to condition the people into not believing the real smoking gun, if and when it comes out.
I'm trying to figure out the real smoking gun. Don't know how long that will take me, but I hope I do.
I've been around these /cyb/ threads for a long time. your doing good work. don't be discouraged by hecklers. This is one of the few comfy threads and that's the result of a good OP. Change is good, and often necessary and unavoidable. take for example, the 'shit just got real' section. I was lurking when that was suggested, and felt it to be redundant, as we have our news user who regularly posts here, as do I. its just a small, outdated list of /sec/ headlines. I think it should be MURDERED. The thread archives serves us well enough for that purpose, and a search engine is far better for that anyway. speaking of news, this happen yesterday...
>Sounds like horse shit nah, for what I understand it only worked when a chingchon sim was insterted in some chingchong phone. The mobile ISP injects the script in non SSL pages, only if certain conditions are met, while it could be technically possible to inject on every phone, because the ISP can, no need for further phone backdoors. Only if more people will be able to replicate it will be possible to know if this is a targeted attack, or some kind of dragnet. I also read some of those server are getting nuked, so probably we'll never know. That's why you want to gather more data and evidence within your private circle before going public with it. They will be quick to shut it down.
William Evans
Just say NO to Intel hardware- unless you enjoy getting backdoored. You prolly do, DONTCHA!
help me /sec/, my home ssh server broke after a bitvise server update yesterday. Now it's only working over lan and gives timeout errors over internet. It's supposed to automatically configure the firewal and router for port forwarding, and it has worked perfectly until now.
Adam Reyes
>bitvise >not freesshd what motivated your choice ?
>It's supposed to automatically configure the firewal and router for port forwarding that should not change, as it (should be) using the same ports. Check that. Try manually configuring your router. Also, did you reboot the pc ? Did you see if port is really open? >canyouseeme.org/ Did you try to revert to previous update ?
The script injection is definitely real. Saw it for myself. It is injected in every single non-SSL secured site. The phone home that they claim is not backed up by any evidence.
Xavier Jenkins
real life isn't a blade runner or hackers movie
time to leave your basement
Joseph Young
What really is the problem? There is no "you" in here, just a few hundred anons. I guess we have had at least half a dozen different regular OPs as it is.
Jose Powell
>The script injection is definitely real sure, that was not in doubt.
>The phone home that they claim is not backed up by any evidence by injecting the script they could easy syphon your internet history (useless, the ISP is injecting the script, so they already know the history) or your cookies / POST (useless, again, the ISP could see that too because they're no SSL sites). One good test would be: >browse a site with a 'clean' line >sniff all the traffic >browse same site with compromised line >sniff all the traffic >compare the 2 captures >figure out the differences there must be something that's not either cookies or browsing data, so maybe some exploit kit that activates if certain conditions are met.
Nathaniel Mitchell
>real life isn't a blade runner Now that Chinese authorities have arrested the Chinese scientist who manipulated the DNA of two girls I'd say we are pretty much in Blade Runner territory. We just don't know yet if the Chinese have "retired" the girls yet.
I'm wanting to get back into Cybersecurity stuff, has anyone following the path laid out in the OP? I feel like I've gotta either start working on a cert or join the military.
Jacob Scott
so innocent...
Leo Turner
Is there any theoretical way to avoid government logging your position via phone tower triangulation while still maintaining 4G connectivity?
I assume not but I thought I’d ask here to be sure
Christopher Lewis
you can't prevent logging, but maybe you can try to confuse it and make it harder to triangulate. It would raise lots of red flags, but it should work at least in theory. If you could build a high power directional 4g antenna with adjustable power, a firmware hack, and a mid-density place, you could point the antenna to one tower, then another, then another, all while adjusting your signal strenght. A firmware hack will then check the Cell ID and reject the closer one to the further, or vice versa. With all these inconsistencies in your signal, it will be way harder to triangulate your precise location, and you'll be a bouncing *bleep* on their screen.
David Rivera
why is hackerman general dead, it was way better than this neckbeard larp shit
Asher King
FCC has probes looking for redirection, jamming or anything broad casting at high power.
Elijah Lee
>muh hacker manifesto cringe and bluepilled
Angel Lopez
Yesterday I heard that the future of internet is some sort of wireless signal satelites that will just orbit over our cities providing us all with wireless internet signal we'll all be able to connect from any point in our country. All of this led by a Japanese Mobile networking company.
Cooper Miller
>don't choose a cell tower slightly further away goyim
Jacob Hernandez
have to admit I didn't try doing it from an unclean line, I just injected the script onto the webpages shown in the thread and did the packet capture. I'll try that. Discussion about it on reddit says that the script looks like it's incomplete, that there might be others that could be loaded on certain sites.
In any case, surface level inspection reveals that the js doesn't cause any requests to be made on your behalf.
Juan Long
>FCC has probes just don't put too much strenght in the signal, basic triangulation will give you out with a few meters precision, but just being able to alter constantly your signal strenght in a particular direction will bring down their precision a lot. If the area is dense enough, it will be really painful to reliably track your position, but you will surely stand out as a big anomaly in the system.
>I just injected the script onto the webpages shown in the thread and did the packet capture then probably the script performed some internal checkings and did not proceed. Just like recent ASUS hack that had a hardcoded list of MAC targets, if you're not the target, the malware is silent >thehackernews.com/2019/03/asus-hack-mac-addresses.html find the checks, find the targets. Some hints to dig in are checks for >browser language >browser version/internals >os >plugins installed >computation capabilities
Jaxson Cox
an audit of the script just doesn't show anything like that.
Sebastian Myers
>an audit of the script just doesn't show anything like that. any metadata on that file ? I mean the headers when you GET it. Knowing which server version, last modified, cache options, and all that bunch of information could be useful, NSA told me.
maybe off-topic. I'm never posted in cyb+sec. what do you guys think of this?
and other videos on .
Do you now any company that offers related software, but is not totally abstract when explaining, what the software does _technically_ and how? Or is everyone telling the same '100% safe internet experience, thanks to realtime, cloudbased anti virus software'-bullshit?
side question: how does the uk 'porn filter' work? is it just a dns based 'filter'?
Jose Martinez
You're doing good work and it is appreciated despite what others may post.
While isn't too far off the mark you have to realise the towers can determine your distance (time of flight and also the phasor rotation of the IQ signal). Thus connecting to towers in sequence will both reveal your location and raise more red flags than a matador.
Instead, connect to just one single tower, preferably NOT the closest one. That gives them the distance with no intersection, so it is along a large and fuzzy circle.
That will still raise red flags but will not be jamming or a problem. In fact the telecom companies will save resources when you connect to a single tower rather than the normal 3 - 10 towers.
Nolan Cooper
what is the /cyb/sec/ laptop of choice?
Zachary Howard
>any theoretical way to avoid government logging your position via phone tower triangulation Yes >...while still maintaining 4G connectivity? Well, not really. If you could find a way to mod the SIM card and change the IMEI number on your 4G device, then you're good to go. You could probably get away with not being found inside a concert audience, but keep in mind that your device has been logged for months and is connected to the SIM number purchased under your name. If you however acquire a SIM card which isn't under your name and you get a phone which was never associated under your name, once they send people to search for you, they wouldn't know who to look for. Just like said, if you can modulate your signal strength, that'd be great for making it difficult for anyone to triangulate you, but then again, you'll be walking around with an antenna.
Still, if one wishes to hack through a 4G connection, one connects to it securely, and does what they please. Get it up and running, user. Link? 多谢大哥, 你好厉害! I'd go full libre autism on this one user. T420 / X200. Anything you can put Libreboot on and hopefully a CPU without the Intel Management Engine (but you'll still be susceptible to Spectre/Meltdown).
Carter Baker
i thought cell towers had three antennae rather than 1, so >a large and fuzzy 120degree arc seems more appropriate. correct me if wrong
Bentley Edwards
for /cyb/ aesthetics, something with a backlit keyboard, and an AMD processor. pome have some sort of badge / logo on the back of the LCD. cut out the plastic behind the badge the back of the LCD and make your own custom backlit badge with a removable window. this let's you change the background image at will. that's what I'm doing.
Jack Gray
US Military hackerinos need to sign up for 6 years minimum for AF I believe. Navy might be different. The AF job was transfer-only when I was looking into it ~6 months ago so you'd need to join as something else and re-train. Consult with recruiter though.
You *will* be set for life if you can get through: Military experience + clearance + infosec skills = you can almost write your own checks
disregard if you aren't from our shithole country though
Julian Gutierrez
>Librebooted laptop >Tails OS >Public Wifi >VPN to 1x VPN provider payed for in XMR >Socks 5 to 2x VPN provider payed for in XMR >TOR browser to access dark web
How is anonymity broken in this setup? How does the government trace this traffic?
Adrian Foster
I am, thanks for the info. I'll look into other branches as well. I'm a bit apprehensive about making such a big commitment but I suppose it doesn't hurt to consider.
Isaac Ross
Each antenna projects a fan of coverage. If there is little mobile traffic I guess 3 antennas will do. For a high density area you aim one antenna down each street plus numerous fans in the populated areas. If the tower is tall (as opposed to antennas on a building) you can also project fans that does not provide coverage near the tower but further out in which case you have perhaps 10 more antennas.
Each generation mobile phone system tends to employ higher frequencies and provide higher bandwidths, both of which result in smaller cells. I have used towers 10+ km away, the newest systems have perhaps less then 1 km radius of coverage.
Jacob Young
>Librebooted laptop Only if you check the code by yourself before compiling and flashing. CPU might be succeptible to exploits. >Tails OS >Public Wifi Bad idea. You're exposed to trouble from other attackers. Also, using public wifi means logged Mac address and soem need phone SMS login. >VPN to 1x VPN provider payed for in XMR >Socks 5 to 2x VPN provider payed for in XMR >TOR browser to access dark web While it isn't being fully run by 3-letter US agencies, many exit nodes are run by them.
VPN from a country that isn't friendly with your country would be fine, preferably purchased through cryptocurrency. Another thing would be to get bounce from pwned boxes.
Christopher Taylor
If we assume for a second that the VPN and socks5 do their job correctly and don't trace back to the original ISP, how do the exit nodes reveal your original connection?
Wouldn't a compromised exit node just reveal your socks5 proxy, which you've connected to via another VPN. Thus leaving a good amount of layers securing you not being exposed by a compromised exit node.
It is 20 years since The Matrix. And of course the critics find reasons to dump on it: >BBC - Culture - The Matrix’s male power fantasy has dated badly >Ahead of its time when it was released 20 years ago, The Matrix is a monument to Generation X self-pity that is out of step with today, writes Nicholas Barber. bbc.com/culture/story/20190319-the-matrixs-male-power-fantasy-has-dated-badly The "analysis" is mostly generic blather and the "male power" part makes limited sense in view of the Wachowskis' gender changes. In fact the review got so pumped up on his own verbiage that he had to be reined in: >This article has been amended to remove a line referring to the character Neo as a ‘white male saviour’. The actor Keanu Reeves has mixed-race ancestry. Bazinga !!
Connor Brown
Yeah apparently it's not opening the port anymore, that site can't see me on port 22 either. I already rebooted and reset my router btw. I don't know if this was really caused by the update, but it has worked fine until now (last time I checked was on tuseday actually). I even used to get countless connection attempts from random bots lol
>not freesshd Honestly I just stumbled upon bitvise and it worked so I never bothered to make further research. Should I try that?
import subprocess, os, optparse subprocess.call("service network-manager restart",shell=True) subprocess.call("ifconfig wlan0 down",shell=True) subprocess.call("macchanger wlan0 -a",shell=True) subprocess.call("sudo killall -q chrome dropbox iceweasel skype icedove thunderbird firefox firefox-esr chromium xchat hexchat transmission steam firejail",shell=True) subprocess.call("sudo bleachbit -c adobe_reader.cache chromium.cache chromium.current_session chromium.history elinks.history emesene.cache epiphany.cache firefox.url_history flash.cache flash.cookies google_chrome.cache google_chrome.history links2.history opera.cache opera.search_history opera.url_history &> /dev/null",shell=True) subprocess.call("macchanger wlan0 --show",shell=True) subprocess.call("ifconfig wlan0 up",shell=True) print("Don't worry, it's a new day and you're a brand new man motherfucker")
so yeah, it's barebones and i stole some code from anonsurf, but using this is better then macchanger to hide from xfinity. if you need wifi for a few quick updates or are just a perpetual cheap ass this is the fix.
taking suggestions, i'm self taught, i've been tinkering with this for a while. borrowed a bit of bash from anonsurf to run bleachbit on the cache.
I'm running this from Parrot OS sec edition btw.
Alexander Robinson
my next plan is to move and encrypt the cache files so you can keep cookies throughout different logins, as i noticed anonsurf just deletes it all and calls it a day. i also want to automate the sign up for xfinity's wifi so it could be done in the backround 100%.
btw, i'm gonna try to redo this in bash because i've noticed that sometimes the bleachbit takes longer then the python to execute and i'd like it to not keep fucking my command line up. any advice?
Dylan Martin
the bbs is a fucking joke and i wish it was legal to spam their inboxes mercilessly.
run macchanger wlan0 -a instead of -r, and make sure you're not on a camera while you're logged into the wifi. like i'm on a train right now and it'd be real easy to figure who i am with my usage window.
Parker Baker
a cheap thinkpad you use for the occasion and then melt under thermite for good measure. while i'm here, last night i was reading through the anonsurf.sh bash script and a guy noticed i was rocking the green text terminal and asked me to hack his gf's phone. i told him no even though he said any price because i knew it would be a shitshow and he wasn't rich.
did i do the right thing, or should i have milked him and left him to dry when his retarded plan to read his girlfriends text messages on a phone he knew the password too inevitibly went tail end up.
Alexander King
>the bbs is a fucking joke and i wish it was legal to spam their inboxes mercilessly. I want to install Dissenter and see the barrage of criticisms raining over their pages.
Austin Torres
indeed
unrelated, has anyone tried commando VM yet? just found a iso of win7sp1 so i'll be giving it a shot. i figure it's a new project so i could get some easy wins by contributing minor shit to it as a starter project
Nathaniel James
Anyone know about this?
Would a corrupted exit node just expose your socks / VPN connection or could it expose your real Isp
>>The man who hacks his own body >bbc.com/capital/story/20190326-the-man-who-hacks-his-own-body That's too short of a story but leaves me wanting more. I know from some time of a group on the Internet doing body modifications called "grinders", they had documented tutorials on all sorts of experiments they did.
Nathaniel Hughes
been getting into data bending images, any of you got some inspo for me?
what in the fuck are you trying to do here. i would suggest making this a bash script instead of a python script.
Gabriel Parker
Xfinity will install cookies on your machine so you cant just change your mac and get another hour of free wifi. The script changes that by deleting you cookies.
I was about to look more at bash scripting . Question
What is the difference between bash and cli? Is cli just like idle for python except it's running on the computer instead of an isolatedenvironment?
Can I manually type every line of a bash script into a bash cli or is it like python where certain things autocomplete and you need an ide to do it?
Camden Miller
Here is some Max Headroom, are you into datamoshing? I always wanted to try autodatamosh.
Bash is an sh-compatible command language interpreter that executes commands read from the standard input or from a file. Bash also incor- porates useful features from the Korn and C shells (ksh and csh).
Bash is intended to be a conformant implementation of the Shell and Utilities portion of the IEEE POSIX specification (IEEE Standard 1003.1). Bash can be configured to be POSIX-conformant by default.
Liam Turner
ayy my boi you need to read more, but i'll help u.
cookies are not something you install. they are created by a website and stored in your browser for such website to identify u bcuz http is stateless. probs xfinity uses a combo of cookie and mac address to identify u. pretty sure even after deleting your browser's cookies xfinity will know you have used your allowance because of the mac address, therefore it should be enough to change it after deleting the cookies, just like ur doing.
what you have inside subprocess.call is pretty much what you'd put in a bash script.
bash is a shell. cli is "command line interface", you can have many things besides a shell that offer you CLI. for example, the console in games like counter strike and what not.
autocomplete is a feature of whatever IDE ur using like netbeans or eclipse. autocomplete aint a feature of the language itself.
Julian Sullivan
I've been getting my dickstuck inside of python optargv and cant quite get it right but I'm watching a shell script tutorial rn for bash.
Any shells better then others or is it like python vs perl for scripting?
Luis Wright
stick with it
Isaiah Cruz
import sys print(sys.argv[0]) print(sys.argv[1])
run as "foo.py ayy lmao"
and stick to standard bash
Adam Ortiz
I'd suggest taking a break from this stuff for a while and learning some theory depending on where your interests lie computer architecture would serve you well to investigate. you just sound like you're floundering and don't really have the precursory knowledge required to get anything particularly technical done
Jaxson Carter
Sorry, opt parse. I want to learn more python but in interested in bash since I was able to open up anonsurf in cli with cat and reading through it I took the bleachbit and killall lists and put them into the python script. The service network-manager restart is a safety net. Not sure if I have the order of commands right tbch.
Is putting the script into bash aa easy as removing the python syntax and changing print to echo? Or is there other syntax ?
Jason Howard
More generally the 'shell' is how your talk to the kernel. Instead of telling your OS what you want to do, you're telling python what you want to do which is then telling the OS what to do.
Which is fine, but it's always fun and enlightening to go one step lower. And bash / sh doesn't actually 'fee' lower, it really is just the commands you'd type into the terminal and it has support for logic like loops, if/else, case switches, variables etc.
This video and this channel are great for learning some quick bash scripting. It assumes you already know some really basic shell stuff, like moving around with cd and ls. Once it's in your fingers you'll use it for everything.
This guy talks a little slow but also watch this, it'll get you using your new scripting skills immediately by automating the creation and $PATH process. youtube.com/watch?v=QGUmMtEnIkI
Jason Hernandez
service network-manager restart # the rest goes here
save it as lol.sh and run chmod +x lol.sh. run it as ./lol.sh dont do the browser shit there, i recommend you do the cookie deletion manually or use incognito windows all the time.
Gavin Murphy
>More generally the 'shell' is how your talk to the kernel lolwut
Camden Walker
I wanted to save and move the cookies to an encrypted file to allow the user to manage multiple identities for trolling purposes. Why do you say to manually delete the cookies? I mean I heard that automation is key in being secure and hackermany
I've gotten pretty of experience with cli navigation. It's so much faster for routine shit. I like apt a lot, it's really convenient although I prefer .exe files because of how it's easier to transfer them from phone (excellent speed) to laptop (often with no internet)
Ayden Peterson
learn where browsers store cookies and just make copies of such files. learn moar.
One more thing - what is more useful in getting a tech job, bash or python?
Nathaniel Anderson
both
Mason Russell
Wouldnt bash be harder to get a job with because it's a linux language and not as windows friendly as, say, c++ or python?
Jaxon Davis
I'm becoming a Cyber security Major where do I start what do I program what books do you guys recommend reading? I hate having to ask. feelsbadman
Lucas Cook
unless you want to be doing first line shit you're more than likely going to be using linux
Julian King
I do enjoy linux. It's so handy to have cli. Like I hate that the searchbar in win10 is so slow compared to the cli. I can pop cli and run libreoffice before I can open notepad on my windows laptop
Joseph Jackson
Just finished reading about the Hydro attack using lockergoga and I have some questions
>At what stage will hydro re-enable their systems using their backups?
Wouldn't they first need to ensure that the ransomware isn't in a backup? That would take days
>They've flown in outside help from Microsoft and Cisco
What does this mean for the internal IT team? Should they have been able to stop this attack?
>Where/how to learn?
I'm interested in cyber security and other than reading the news I don't know where to start. Do I learn python? Install Kali and mess around on VMs? What's a good path to begin learning?
Grayson Phillips
>what books do you guys recommend reading Violent python metasploit unleashed (or something like that) >inb4 everyone bashing go read em. Thank me later.
James Hughes
no idea, ask your professors
Jose Morgan
i met the guy who wrote violent python
Noah Morales
thanks user I had no idea where to start after taking a break like as long as I have
Parker Perry
>Wouldn't they first need to ensure that the ransomware isn't in a backup? Yes, but even if ransomware was somewhere hidden in the backups, it would need to be re-activated. So if they clean AND patch their systems, their data will be ok. >Should they have been able to stop this attack? if they didn't figure out how they've been hacked, they will be hacked again. >Do I learn python? that's a good start, it's a powerful scripting language that allows for rapid prototyping on multiple platforms and has libraries for almost everything imaginable. If you were to manipulate network packets or wireless frames at the lowest level you'd use python. If you wanted to develop machine learning algo to rate boobs, you'd use python. Take an overview of the capabilities and make up your mind. >Install Kali and mess around on VMs? Absolutely, you need a lot of practice, along with the theory, like I suggested in other threads. Choose kali, choose debian, choose running a ssh / apache / ftp whatever server. Choose a firewall, choose iptables, choose forwarding / redirecting traffic, choose auditing your logs trying to figure out how those fucking russians hacked your mongo db server. Choose your future. Choose life... But why would I want to do a thing like that? that's truly a privilege youre welcome
