/cyb/ + /sec/ - Cyberpunk/Cybersecurity General

That's great to hear, thanks! I've started Professor Messers videos but I notice he has two series of A+ vids now, do I need to watch all of them?

Maybe I'm just doing something wrong. Haven't used IRC in years. Says the channel name is illegal. Boooo

I just use the books I got from the /netsec/ general and that's been fine for me, I think the only study material I've downloaded with video guides has been the OSCP prep course which is in either one of the pastebins here or in /hmg/ and /netsec/, I always forget which of these generals has which and I'd post the other general in this thread but someone would cry about it not being purple enough or something

No wait. It seems to be insisting I'm not connected via ssl. Reee

Its nice to install on top of arch or manjaro, as it basically adds a repo to pacman and has some nice meta packages.

it can go on top of manjaro as well? hmmmmmmm might just install then, I've been using pretty much just nmap and metasploit on HTB so far, and I know as I progress to the harder boxes I'll need more and better tools

I just don't want to get arrested for texting my dealer

use a burner phone

on pc you usually do /server irc.server.here +6697
notice + symbol near port that forces ssl. But that's the standard for pc version, not sure about mobile, but worth a try.

Salaries and job title? I'll start: 78k, junior security analyst.

Also, what do you guys think about the current state of infosec? Market feels hot but I think it'll get oversaturated v soon. Plus we got our Recession of the Decade™ coming up so idk how resilient the job market is going to be.

>Salaries and job title? I'll start: 78k, junior security analyst.
N/A - I no longer work in /sec/.

>Also, what do you guys think about the current state of infosec?
The demand has been there for a while and will remain hot for a long time yet. The main news is that more people actually understand this.
>Market feels hot but I think it'll get oversaturated v soon.
Considering the never ending string of /sec/ News listed here, one disaster after another, I cannot see this will saturate anytine soon.
>Plus we got our Recession of the Decade™ coming up so idk how resilient the job market is going to be.
The recession started with Lehman Brothers imploding in 2008 so we are now 11 years into the recession. We are seeing a jobless recovery, as usual, but big time hiring, 1999 style is a while off yet. Like the 30's the financial markets recovered quickly but the private economy is still dragging along the floor. And 40+ years of stagnated middle class purchasing power does not help much either.

Do you have you very own cyberpunk themed personal site? Surely you own your personal cyber space, right user?

Attached: battlestation01.jpg (1331x748, 409K)

I have a web page I use, you could say. It is the /cyb/ FAQ. And I read it from file rather than http(s).

t.FAQ editor.

Attached: battlezone.gif (961x617, 296K)

>salary and job
0 burgers, student

>current state of infosec
it's a fucking mess as far as I can tell. The IoT is only accelerating though, and I feel like most markets in the tech industry it will eventually fragment into a more structured system. Less of a homeboy hookup and even more cert-based. Right now it's a great industry to break into if you can network with people because if you know what you're doing you really don't need all the certs or anything, I know lots of "cybersecurity specialists" that don't even have their Security+. Not saying it's necessary, just saying it's atleast some form of proof you know something, as opposed to where it's like "oh bob? yeah he's good don't worry"

>plus we got our recession of the decade
this is a fact, and like I said above, anything that you can stack on your resume to prove you actually know things will help you keep a job. All the people who don't have something on their resume flatly proving they are knowledgeable and capable are going to have a hard time arguing to keep their jobs when cutbacks happen.

Seems collectivecomputers.org again has fallen off the net. We really need a better spare site than what we have now.

The same old problem. If only we could store files in a blockchain inside I2P...

Night is right above us.

>so many biopunk news lately
Time to re-watch Dark Angel.

Attached: 010.jpg (2438x3000, 543K)

The /sec/ career guide is broken. I'm tired of being a codemonkey how do I switch to a /sec/ career?

Cyberpunk has nothing to do with cybersecurity

i was looking at taking CEH, but it seems like you can only take it after they background check you to make sure you've been in the industry for two years already? do i have that right?

it's without a doubt the gayest part of these generals and more than likely why nobody posts here

Hey /sec/, I take sec+ next week cause the air force told me to. I've studied the 6 domains fairly well, but is there anything you guys think I should know before giving it a whirl?

Attached: spurdo_sparde_vector_by_kevinino_d6ehtjk-fullview.png (1024x750, 157K)

cry harder

Burner + use Signal

Teach your dealer to be secure too

no u

Cram. The navy sent me to a 4-day bootcamp for Security+ and I passed it.

>The /sec/ career guide is broken.
OK? The positive thing is, you can tell us what is wrong or missing and it will be fixed. It has been revised 8 times already.

t.The /sec/ editor

>>so many biopunk news lately
True. And here is another onbe:

=== /cyb/ News:
>Precise brain stimulation boosts memory
bbc.com/news/health-47852578
>The team at Boston University, in the US, gave people in their sixties and seventies the working memory of someone in their twenties.
>The effect lasted at least 50 minutes after the stimulation stopped.

>But larger studies are now needed to see if stimulation could help people in the "real world" or in treating brain diseases like Alzheimer's.
Whoever is the first to treat Alzheimer's effectively has a license to print money.

Just a follow-up from last thread:

>Link on the article?
There are many but also one on Wikipedia:
en.wikipedia.org/wiki/Albert_Einstein's_brain

Take a practice exam

learning python and reading violent python. How do I set up a VPS for pentesting so when I port scan its just localhost I'm just beginning so go easy

Attached: 1554068167647.jpg (649x656, 57K)

watching this youtube.com/watch?v=ShOb8bQ_h_I

Saved. Midday for us.

so I installed metasploitable 2 and I installed parrot OS and now I'm just stuck I don't know what to do what book do I read to understand

Any reversers here? What are your initial thoughts on Ghidra?

Attached: IMG_20190412_030256.jpg (1497x1015, 106K)

Is there any difference really between Chromium and Firefox? I've been using Chromium for years and am aware that it is still botnet. Is Firefox any better really?

Did he asked a friend how to do it?

I am no reverser but any reverser should keep foremost in mind that the task is an uphill battle against the best. Those guys know how to camouflage an elephant as a rabbit. I would never use such a tool on a machine that was not very strictly airgapped. Even USB drives that have once been inserted into that machine should be considered tainted and treated as radioactive waste. Strangely a lot of people fail to realise that USB sticks have at least one microcontroller that can be hijacked.

I passed it yesterday. You can read/watch stuff forever, but the more valuable study activity is to do as many practice tests/questions as possible.

It's open source. If there's a backdoor you can just go and find it. You can't really hide anything in a program meant for reverse engineers.

I used to post links to the OSCP course in handsome man general. I don’t know why going forward they were cut from the pasta. Oh well.

>You can't really hide anything in a program meant for reverse engineers.
I normally don't say this but I'll make an exception here: that is what they want you to think.

How many years did the Debian security hole or the ZIP-issue last before it was found? Source was available throughout all these years.

If you aren’t even in the industry why bother writing essays about shit you literally don’t know anything about?

>How do I set up a VPS for pentesting so when I port scan its just localhost

>how do I set up a virtual private server hosted in the cloud with only a local adapter

Have a think about where you went wrong

Have you tried literally fucking googling

Any news from the bunker dude? After the market value of crypto coins took a nose dive I wonder how he is doing.

===/sec/ News
>Smart speaker recordings reviewed by humans
bbc.com/news/technology-47893082
>Amazon, Apple and Google all employ staff who listen to customer voice recordings from their smart speakers and voice assistant apps.

Anything goes, still.

I haven't seen him in months. Maybe he is living the dream inside his bunker waiting for the apocalypse?

you guys having fun?

https twitter com / your_user_net

I guess this is the alphabet agencies sweeping up the last stragglers.

I saw a Tweet suggesting that a spokesperson for Anonymous was arrested. I then saw a Tweet from said spokesperson saying the report was a blatant lie.

I just want to know why Anonymous has a spokesperson and why said spokesperson would have a public identity.

There are people that unironically believe anonymous is a thing?

Apparently so.

>apt install i3
Copy your dot files from your manjaro and select i3 in lightdm at login. Done

>Night is right above us.
Once more, night strikes back!

Also, from last thread: Are there any sources on this?

Is it true that if you become a person of interest (for the good or bad), the government can disconnect you from the Internet and connect you to a WAN or their own proxied Internet?

What is this practice called? Any keywords to search for to study the topic?

en.wikipedia.org/wiki/Anonymous_(group)

>salary and job
$85K, incident response engineer

>current state of infosec
shit, most of the people working infosec haven't written a line of code in their lives. they memorize some contrived policy BS in their CISSP manuals and think they know how to configure networks and software properly.

Does anybody know of any neat programs a programming newfriend can write? Just got into /sec/ without much previous programming experience, so I'm trying to learn about both cybersecurity and programming simultaneously. Making my way through K&R and books on Common Lisp at the moment.
I'd imagine something like a brute-force program (e.g. coming up with every possible combination of user-given parameters and outputting it into a text file) or something like that would be pretty basic. Everybody keeps saying that practicing with tools in Kali is a good way of learning but I kinda want to build my knowledge from the ground up.

You know what I think the best thing to start with CRISPR on?

Allergies.

Tell me how you think this is physically possible

Write implementations of programs you don’t like. I find hydra that’s too many switches and is overly complicated for the simple type of attacks I want to do, so I wrote my own ssh brute forcer.

I noticed no one was doing implementations of eternal ROMANCE; all the love was going to eternal BLUE so I wrote my own manual exploit script to use in the OSCP.

You’ll find things you want to build as you use the tools

I never thought to look at it from that angle, thanks guy

I'm pretty sure that's the wrong URL under "cyberpunk media".

A dude from /sci/ was attempting to cure his impeding blindness by all means and /sci/ gave him advice. But the advice was legit and he had to go through years of study and preparation before trying anything.

Curing allergies depend on what kind it is and how much we know about it. Like anything else really.

That is not to say we should go for the always short path science often takes: trial and error.

After all, that is how we discovered things like vaccines and anesthetics.

How much custom coding does OSCP need? Did they set up boxes specifically for those two exploits?

Of course, of course. I was just thinking out loud to get it out there.

But I do feel like allergies might be the easiest way of testing the efficiency of CRISPR treatments, rather than trying to alter your DNA for novelty purposes/functions. Start with something that can help others rather than simply yourself.

BOYS BOYS BOYS, YOU NEED TO TAKE A LOOK AT THIS SHIT!

youtube.com/watch?v=hLjht9uJWgw

I haven’t had to code shit. I did it because the exam you only get one Metasploit shot, across all 5 exam boxes. So I want to in case it’s in there. I have used my custom script on 8 machines in the lab though.

I bought the CEH study guide 2 years ago when I was first getting into infosec, I can tell you now as a professional it's a fucking meme don't waste your time and money on it, most professional bodies in infosec don't recognise CEH go get a CCNA they're worth so much more.

I do agree though, my commentary was just reinforcing the idea than targets can be all and anything but success depends on our knowledge level of said subject. The rest is hands on experimentation.

Pinpointing an specific target is a logical idea for testing. And there are chances said allergy is already researched enough to come up with an specific gene to target.

DIY biohacking gets more accurate from previous knowledge but again if someone is willing to test it we all benefit by knowing the results. Experimentation is fundamental to science.

I am a CCNA user and I was wondering if I should get a CEH. What about the Offensive Security course? The folks who made Backtrack/Kali?

government has hooks at the isp level where they can reroute your traffic through pass through proxies. saudi arabia and others like it probably already do this. would be hard to do to cell phones and wifi networks at the same time, but china could easily do it.

And how do these hooks work? Tell me more about it, especially the technicals. Because at the moment it sounds like something you pulled from your arse with a few terms you barely understand thrown in.

so i'm homeless and i found a wifi that's unprotected

1. how do i know it's not a honeypot or something?

2. how can i safely tell the owner to secure his wifi (it has no password and it's a basic linksys###### name)

3. how can i see who else is logged onto the network atm? Or is that only possible with more direct access

i'm running ubuntu and i've allready changed my mac, and tbch i don't NEED this wifi at night since i mostly try to sleep and get my work done during the day, but i figured i'd make the world a more secure place and rename the wifi to something like "SECURE THIS WIFI BEFORE HOMELESS STEAL IT" or something.

>work
what do you do?

To answer your questions
1. You don't. The best thing you can do is have a VPN/proxy where all your traffic is masked/encrypted.
2. Leave a sticky note on their door/mailbox. If it's an apartment complex or you can't locate the source of the Wi-Fi, then you could try to print (if they have a printer attached to the network) what you want to say to them.
3. If you set your wi-fi adapter settings to 'Promiscuous Mode' and use a packet sniffer, you can see all the traffic be passed through the network. There typically isn't any authentication packets being passed around like there would be in a business network since most people don't use a domain.

You could research the SSID and see what router is typically attached to that and then see what admin credentials are associated with it. I'd imagine they haven't changed that since they didn't secure their network.

>work

normally labor jobs and shit, like i'm real good at moving and digging and i even have some experience in concrete, but i'm in california (won't say where, but not the shitty city), so there are metric fucktons of illegeals and the market is dried up. probably applied to 100 craigslist gigs this month, only got one reply to a job that was count tea bags for a few hours - they moved forward with another canidate.

i also work on politcal campaigns from time to time - they pay for housing. but that...didn't end too well last time. car broke down, spent my whole paycheck on a new one, didn't have the cash for insurance, whatever, i'm a safe driver - hit from behind by teenager bitch. She had insurance, i didn't so it's my fault, and now i don't even have a drivers lisence. So, tent. And with a drug bust (1 gram of weed) on my record, i can't even get a job doing postmates or door dash.

In my tent atm, i'm trying to learn python to build a resume and get a tech internship. lot of tech work in this city, and i'm trying to network (going to meetups) all that nonsense.

2. So i'm kinda in a suburban neiborhood and it could be any of these apartment buildings, i'm in a tent outside on the street atm, it's not like i can really tell which is which. and doing it in person, i mean, how would you react to learning the homeless guy who occasionally sets his tent near your house is in your wireless network and shitposting online. I figured doing more tactfully would be the answer.

oh wait, no, i did get another job offer - an ad wanting muscular men to take a cruise with the patron. yeah i still have some shread of dignity. i'll jerk off for people but not touch them or let them touch me, and tbch the whole "jerk off for old faggots" was creepy enough.

tried making my own thread but upload failed. no idea why. net works fine otherwise.

linksys03588, btw. it's bout 60% strong. normally i just watch tutorials at night in my tent

this is the most cyberpunk lifestyle story I've ever read
holy shit user good luck and hope for the best bro

thank you. one of my friends is a seattle tech guy, he has helped me in the past, he makes bank and has helped me, but i owe him like 3k and i know he'd help me if i asked but i really want to pay him back and not be a leach and shit. i allready have to ask my dad for money and like 2 years ago i was offering to send HIM money because i had a good delivery job.

and just saying, i like playing around with security tools. it takes courage to not run kayak to get a warm car for the night or some shit like that. and every time someone passes the tent and pauses i get nervous like they're gonna attack me randomly. that's happened here. it's fucking crazy.

on the plus side a /soc/ girl is replying to me and i might get laid, so wish me luck. Also for the whole "get a car so you can lock up your stuff while you teach yourself technology to stop being homeless" shit, or "get your painful medical condition delt with" shit, but no, i need the luck getting my dick wet. Priorities in order.

...you know 90% of homeless are male? because women aren't homeless, they're just single with high standards that rapidly fall until they're taken.

and just a note but i think "cybergrunge" works better. I'll be cyberpunk when i know enough to work digitally for money as opposed to just building a resume

It's called a proxied Internet connection, retard. And it's a very common practice.

>page 10
bump

It's not bad however IDA is still superior

Yeah, and they most certainly don’t work the way you are suggesting they do, fuckhead

>en.wikipedia.org/wiki/Anonymous_(group)
So, if it is a distributed group, how on Earth can they have a spokesperson?? Also, what happened after 2016? Were all rounded up that early?

Anonymous never was a thing outside a couple of /b/tards using LOIC. The biggest LARP in history. Normies actually think it is a real thing.

>Making my way through K&R and books on Common Lisp at the moment.
K&R is a good reference book but it was never meant as a study guide. I started out as an assembly programmer and got into C by K&R. This means I still think as an assembly programmer (C is by some considered just a high level assembler) and I always think about optimising but I never really got into the pattern stuff. I know the compiler writers have always bleated that their compilers always beat assembly programmers but that has always been utter garbage.
>I'd imagine something like a brute-force program (e.g. coming up with every possible combination of user-given parameters and outputting it into a text file) or something like that would be pretty basic.
That is close to what a fuzzer does.

An update on the Hydro attack. Feed this into your favourite translator:
e24.no/digital/norsk-hydro/kripos-vi-vet-at-angriperne-fikk-opprettet-brukere-paa-hydro-sitt-nettverk/24601865
The essence of this is that the attackers had created users in the Hydro IT system, according to the police. How this happened is not yet known. Earlier it was suggested the attack was at least partially an inside job.

Several intelligence agencies are involved in the investigations, it will be interesting to see what they come up with. So far it seems it is a lot more involved for them than just bark orders and push buttons.