/cyb/ + /sec/ - Cyberpunk/Cybersecurity General

/cyb/ + /sec/ - CYBERPUNK/CYBERSECURITY GENERAL
Previous threads: [ archive.rebeccablacktech.com/g/search/text//cyb/ /sec//type/op/ ]
THE CYPHERPUNK MANIFESTO: [ activism.net/cypherpunk/manifesto.html ]

- - - - - -

/cyb/erpunk [20 June 2019]
The Cyberpunk Manifesto: [ project.cyberpunk.ru/idb/cyberpunk_manifesto.html ]

The alt.cyberpunk FAQ (V5.26) [ ftp://50.31.112.231/pub/Alt_Cyberpunk_FAQ_V5_preview26.htm ]
What is cyberpunk?: [ pastebin.com/pmn9vzWZ ]

Cyberpunk directory (Communities/IRC and other resources): [ pastebin.com/AJYry5NH ]
Cyberpunk media (Recommended cyberpunk fiction): [ pastebin.com/Dqfa6uXx ]

The cyberdeck: [ pastebin.com/7fE4BVBg ]

- - - - - -

/sec/urity [20 June 2019]
The Crypto Anarchist Manifesto: [ activism.net/cypherpunk/crypto-anarchy.html ]
The Hacker Manifesto: [ phrack.org/issues/7/3.html ]
The Guerilla Open Access Manifesto: [ archive.org/stream/GuerillaOpenAccessManifesto/Goamjuly2008_djvu.txt ]

The /sec/ Career FAQ (V1.11) [ ftp://50.31.112.231/pub/sec_FAQ_V1_Preview11.htm ]

Why Privacy Matters: [ youtube.com/watch?v=pcSlowAhvUk ]
"Shit just got real": [ pastebin.com/rqrLK6X0 ]

Introductory cybersecurity: [ pastebin.com/z2fisXBd ]
Advanced cybersecurity: [ UNDER CONSTRUCTION ]

Cybersecurity armory (Software and other tools): [ UNDER CONSTRUCTION ]
Cybersecurity resources (Blogs, services, etc.): [ UNDER CONSTRUCTION ]
Cybersecurity practice (CTF, Wargames, etc.): [ pastebin.com/vsXG3uX2 ]

Cybersecurity basics and armory: [ pastebin.com/rMw4WbhX ]
Endware: [ endchan.xyz/os/res/32.html ]
BBS archives: [ textfiles.com/index.html ]

Reference books (PW: ABD52oM8T1fghmY0): [ mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw ]
Additional reading: [ ftp://collectivecomputers.org:21212/Books/Cyberpunk/ ]

- - - - - -

OP Post: [ pastebin.com/8Hk5Ks7h ]

Attached: file.png (1920x1080, 3.61M)

Other urls found in this thread:

businessinsider.com/beijing-smog-and-blade-runner-photos-2013-1?international=true&r=US&IR=T
yro.slashdot.org/story/19/07/06/2019223/hong-kong-protests-show-the-dangers-of-a-cashless-society
i.4cdn.org/g/1562534651168.png,
bbc.com/future/story/20190513-it-only-takes-35-of-people-to-change-the-world
hackerfactor.com/blog/index.php?/archives/846-Fraud-and-Deception-Part-5-Distribution.html
thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html
payatu.com/understanding-stack-based-buffer-overflow/)
en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security
electronicsweekly.com/blogs/mannerisms/shenanigans/lucky-old-vietnam-2019-06/
crowdsupply.com/sutajio-kosagi/novena
crowdsupply.com/eoma68/micro-desktop
crowdsupply.com/search?q=open computer
twitter.com/AnonBabble

Android hacking apps like dsploit, yay or nay?

[serious] where to take practice Security + exams? Either online or if there are any in-person testing centers. Would a community college have practice Security + exams?

...

Is that a screenshot from Blade Runner or a picture of modern Beijing?

Attached: 1*TLs_TbcGZg3rUgiB9u6Xyg.jpg (959x639, 63K)

im interested in this too user. I think certs + cheap education is the sweet spot because you will get foot in the door without much (if any) debt. See what kinds of student organizations/resources they have at local community colleges or public universities

dagah tool

Blade Runner

Any link to download recent OSCP materials?

It's beijing
businessinsider.com/beijing-smog-and-blade-runner-photos-2013-1?international=true&r=US&IR=T

Strange that not more people are wearing face masks. I guess you would need an electrostatic filter to really get all this mess out. It might just fit in a backpack.

Attached: gryllotalpa_orientalis_character10_344.jpg (937x1257, 334K)

=== /sec/ News:
At last someone has truly gotten the message on security:
>Hong Kong Protests 'Show The Dangers of a Cashless Society' (reason.com)
yro.slashdot.org/story/19/07/06/2019223/hong-kong-protests-show-the-dangers-of-a-cashless-society
>T]ens of thousands of Hongkongers took to the streets to protest what they saw as creeping tyranny from a powerful threat. But they did it in a very particular way. In Hong Kong, most people use a contactless smart card called an "Octopus card" to pay for everything from transit, to parking, and even retail purchases. It's pretty handy: Just wave your tentacular card over the sensor and make your way to the platform. But no one used their Octopus card to get around Hong Kong during the protests. The risk was that a government could view the central database of Octopus transactions to unmask these democratic ne'er-do-wells. Traveling downtown during the height of the protests? You could get put on a list, even if you just happened to be in the area.

I guess a government willing to massacre thousands of its own citizens and a track record too, is a good motivator.

I have started planning on how to make a high tech helmet for breathing, when it reaches -30 C. You really lose a lot of heat by breathing ice cold air and from your head in general.

The idea is to draw in air over a visor to keep the visor free from fog and then into the nose. Air is expelled through a simple heat exchanger and out.

Cyberpunk has nothing to do with cyber security.

You are late. Worse, you missed out both of the last two threads:

Attached: 27525_battle_angel_alita.jpg (2560x1920, 479K)

Iran continues to enrich uranium. Will we see Neo-Tehran soon? Expect cyber warfare to reach new levels of intensity.

I have a magnet link

magnet:?xt=urn:btih:f91feb6d2ea93f1c3c03b6be52051c2df72da1b7&dn=CERTCOLLECTION%20-%20BASELINE%20-%20SANS%20%26%20Offensive-Security&tr=udp%3a%2f%2ftracker.leechers-paradise.org%3a6969&tr=udp%3a%2f%2fexplodie.org%3a6969&tr=udp%3a%2f%2ftracker.coppersurfer.tk%3a6969&tr=udp%3a%2f%2ftracker.zer0day.to%3a1337&tr=udp%3a%2f%2fpublic.popcorn-tracker.org%3a6969

God bless you user

Is this part of AEL?

Attached: anton-churunov-16-8-dop-2.jpg (1195x1600, 410K)

AEL?

It is the legendary All Encompassing Library, a herculean compilation task by the epic AEL user. It now has its own thread over in The index alone is supposed to be 2 MB in size.

Make sure you read that entire thread first so that you get the right access.

Also: is AEL user still around?

Attached: alita-battle-angel-epk-aba-189-aff-0070-v0230-87468-rgb.jpg (936x527, 39K)

I don't think this is a part of it, no

When is the OSCP going to be updated ? Working through the materials rn , it's really nice for a beginner like me , but some of the content is obviously from 2014.

Any high-end laptop with no backdoors or are all compromised? Is there any high-end RISC laptop or whatever is called available? Otherwise is AMD more trustable?

Attached: 85a2686eb72635ce7c53aa1377c7b4815f01784501a489ecdebccac1cdbde9c5.jpg (1708x1458, 529K)

Is the Zen-derived Hygon Dhyana safe?

>Any high-end laptop with no backdoors or are all compromised?
Only very old then high end are safe, now all is backdoored to the max.
Is there any high-end RISC laptop or whatever is called available?
You can put together a Raspberry Pi 4 laptop but chances are there is a backdoor.
>Otherwise is AMD more trustable?
No. It is believed that alphabet agencies just demand backdoors of their designs to be inserted, after all they have much to gain and little to lose. All sorts of chips are suspect, also those used for peripheral units.

Unlikely. More probable is that it has twice the number of back doors.

You could download a soft core processor into a FPGA and then make sure no JTAG ports are connected. Chose an oddball design so that any malware hiding in disk controllers can take over the machine.

Is Talon secure? Sounds like is our only hope but fuck if that is expensive. I also didnt hear a laptop based on Talon.

Thanks for the hints, I'll look into FPGA.

>tentacular card
hehehe.

Attached: 1556660627258.png (696x678, 363K)

There's nothing cyberpunk about uranium enrichment, it's a technology from the 1940s. Even Pakistan has nukes.

Anyways anons, I already had a decent idea how it worked but actually bothered looking at packets this time just to verify.

But to verify with other people, normal web traffic foot print (assuming no tunnels, vpns, etc)
>Go website
>Starts a TCP handshake
>Share public keys with the webserver
>remaining traffic would be a mix of TLS (or other web htlm encryption, or plaintext if none) under TCP
And that would continue to go until the end connection.

The artifacts of this traffic would be
>Cookies, history files, etc on your computer
>ISP holding logs of the fact your IP communicated with that IP (without further information due to html encryption, e.g. they wouldn't see you looking up cat videos on youtube, just that you went to youtube)
>Website having logged the connection for indeterminate amount of time, with all the information you sent back and forth (e.g. the cat videos would be visible here)
Though this is where I have a bit of a question since I've never had to administer a webserver so I've never seen web logs. How would they look like in reality? For example, looking at my packet capture of a search for cats on safebooru, for a single search I had somewhere around what I assumed is 20 GET requests (encrypted so can't tell for sure, but I assume its a request for every thumbnail). Would each of these GET requests show up in the web log, and if so, how does it look?
And last artifact that I can assume is
>possible router to router requests, ages off fairly quickly so not really notable


did I miss anything?

Attached: 1539322232203.png (1276x1795, 385K)

Whats about that chinese manufacterers that are was used by Stallman..???
If there was an backdoor it would have been found by our good lords in minutes ...

Lemote Yeeloong or so ???

>There's nothing cyberpunk about uranium enrichment
I know. It does however bring urgency and with that comes cyber war which is heavy duty cyberpunk. Stuxnet was impressive, has anything topped it yet?

BITCOIN IS TEH FUTURE GUISE

The Japanese tentacles have a long reach, all the way to Hong Kong!
Mwahaha!

Bit Jow Forums, but how long do you think china will last?

As a country, while I'd hate to live there, its interesting seeing them go all in on the cyber shit for so many things. Do you think China will manage to keep up an oppressive cyberpunk regime, or are people going to get tired of it?

All I see of China is from American news, which is usually pretty negative about it. Are Chinese people actually okay with it though, or is it just a public "we like it, please don't kill us" type thing?

Attached: 1558042851705.png (627x618, 599K)

Every request of any type shows up unencrypted in the logs which are stored in plain text and secured through file permissions. An entry looks something like timestamp - IP - http response status - URL - user agent

So hypothetically, in the Jow Forums web logs we'd see a bunch of get requests from our ip to , and from there to get an image like say we'd see another get request to i.4cdn.org/g/1562534651168.png, etc.. for all images and thumbnails.

I figured as much, but wasn't sure because especially for a site like the boorus or Jow Forums, where each page has a fuckton of images, that seems like it'd get extremely unhandy very quickly.

Chinese people are far from scared of America, even the regular plebians over there realize that without China's sheer peoduction power America would literally go to shit. It's a nice position for them to be in, and it's exclusively the USA's fault for going there and giving them everything.

Well thats kinda beside the point, my question is whether the government can sustain what they're doing by doing things like where everyone knows they're being watched constantly. or shit like social credit which has screwed people over multiple times.

Logs are compressed and rotated periodically. With automation and help from software such as Graylog/ELK they become searchable for info that's useful, required by local regulations or requested by law enforcement. Large websites (even Jow Forums) are generally comprised of several actual servers and the logging part could be hosted on separate hosts that several webservers feed logs to at the same time.

I believe they can, for now, unless something radical happens. Virtually infinite resources and decades of experience running a communist powerblock, so it's to be expected.

China dynastys also have a habit of not lasting that long.
While they have some strong economic capabilities, its really honestly overblown for the most part.
The world will go on if china exploded. It'd suck and prices would take a huge hike, but its not like there's that many things in the world only china has that we absolutely need.

China is useful for cheap labor and a massive market, but people also get tired of the shit they pull. They're far from some unstoppable force right now, they're still very much in a development stage where they can easily take a few wrong steps and end up back where they were 50 years ago.

>Are Chinese people actually okay with it though, or is it just a public "we like it, please don't kill us" type thing?
There is a lot of tension in China, much is about rampant corruption by party members who are in practice above the law. There are occasional revolts but the authorities are always ready for this and kills it off with brutality. The party members continue and with impunity.

And the rulers know they are sitting on a powder keg, looking for any possible spark. And they know it takes so little to set off the big fireworks:
bbc.com/future/story/20190513-it-only-takes-35-of-people-to-change-the-world
Unlike past dictatorships the Chinese one is loaded to the hilt with all kinds of tech and surveillance to keep the status quo. And it might not work. The survivors of Tienanmen Square are now about 50 years old and slowly getting into positions of power. They have not forgotten.

>Talon
Is Talos

>Bit Jow Forums, but how long do you think china will last?
I won't lie; I'm a tad worried about China. However, they have a long and cyclic history of oppression and rebellion, so maybe all we have to do is wait and see. You can't really escape right now because mass production has lead to almost everything having "Made in China" written on it, and if China goes down they're gonna take the rest of the world with them because of that. However, they aren't the only superpower and I think the world's economy would recover, as said.

almost every country outsources something to china because the chinese keep their currency artificially deflated by not floating the exchange rate on the open market; the us dollar goes three times as far as it should. moving away from them will slow them down, but they built a middle class that's almost bigger than america and the eu combined. their people are oppressed, living in a black mirror-esque nightmare of control and have very few options for freedom. selective enforcement of laws means some people go to prison or get executed while others do whatever they want. they have lots of high iq researchers and are gaining soft power all over the world, but most 1st world countries don't like the way they do business. xi becoming dictator for life exacerbated the situation.

also, fuck Jow Forums.

Thank you based user.

What are good anti-stylometry programs?

Don't forget Taiwan.
There aren't many Koumintang left but you can bet their descendants are acutely aware of their legacy.
There are probably people who would favor the restoration of some Pu Yi-like emperor.
That's why China is so keen to get control of its overseas populations.
There are many Chinese in my country. Most are wealthy refugees from Hong Kong. But there are also some politically active "students" who demonstrate in favor of Beijing when our government does something they don't like.

>hey built a middle class that's almost bigger than america and the eu combined
It is their boast that they have lifted over 300million out of poverty. Or out of a specific sort of poverty, anyway.
Li Cunxin (Mao's Last Dancer) found his parents eating boiled yams when he visited them after his defection. There was nothng else to eat at his celebration. Poverty is different in different countries.

If you buy the totalsem books like this one, they come with a DVD with practice tests and the like, and I like the way they're written. I presume if you look carefully the DVD iso is available online somewhere.

Attached: 51RpWrYxzNL._SX402_BO1,204,203,200_.jpg (404x500, 41K)

hackerfactor.com/blog/index.php?/archives/846-Fraud-and-Deception-Part-5-Distribution.html

5 part series on detecting photoshop and exif data manipulation related to possible criminal activity in russia and china.

His family was in what would be called the projects here in America; poverty is poverty. The Chinese employ lots of those people as slave labor and human environmental filters where their bodies are filled daily with toxins causing them to slowly die over the course of 10-15 years; it's why those Foxconn workers committed suicide. Russia has gulags and North Korea has reeducation camps.

Anyone here know any good note taking softwear that I can fully encrypt with veracrypt of something . I've been trying to figure out how to install onenote in a veracrypt container for the past hour or so with no luck. Seems like you need to have an internet connection for the softwear to run. Anyone here have a good setup?

thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html

Canonical got hacked by someone who just wanted to prank them. Why do this instead of a supply chain poisoning attack? Would it be too easy to detect real tampering?

Because it was a prank and they wanted to get caught. Let that sink in.

They didn't get caught, they got detected. Sounds like a stupid waste that could put someone in prison.

I've got a question about changing code execution,
how do you modify the instruction pointer? The best understanding I can seem to get out of it is writing until you hit the base pointer, then writing the address of the function you want to jump to just after the base pointer, which is then copied to the instruction pointer and the program executes from the inserted address.
(payatu.com/understanding-stack-based-buffer-overflow/)
Is the return address always stored just after the frame pointer ($EBP?) like in this picture from wikipedia? It seems inconsistent with the testing I've done, but I'm not in a position to tell for sure

Attached: ReturnAddress.png (1280x1044, 102K)

fucking cool

I am never going to China. Holy fuck.

Dumb question. Is there going to be a point when encryption is advanced enough that it's essentially uncrackable, or only decryptable after years of work? Or is processing power just going to increase in step with encryption, leaving us more or less where we are?

en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security

>The first key-recovery attacks on full AES were due to Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger, and were published in 2011.[25] The attack is a biclique attack and is faster than brute force by a factor of about four. It requires 2126.2 operations to recover an AES-128 key. For AES-192 and AES-256, 2190.2 and 2254.6 operations are needed, respectively. This result has been further improved to 2126.0 for AES-128, 2189.9 for AES-192 and 2254.3 for AES-256,[26] which are the current best results in key recovery attack against AES.

This is a very small gain, as a 126-bit key (instead of 128-bits) would still take billions of years to brute force on current and foreseeable hardware. Also, the authors calculate the best attack using their technique on AES with a 128 bit key requires storing 288 bits of data. That works out to about 38 trillion terabytes of data, which is more than all the data stored on all the computers on the planet in 2016. As such, there are no practical implications on AES security.[27] The space complexity has later been improved to 256 bits,[26] which is 9007 terabytes.

According to the Snowden documents, the NSA is doing research on whether a cryptographic attack based on tau statistic may help to break AES.[28]

At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented.

jmp esp
you overwrite the instruction pointer with your own code.

>books
> >90GB
>Not 90MB, it'sGB

What the fuck are in these books? Feature length movies?

ENDWARE!
I was fucking looking for that! Thank you.

Attached: GunOwnersOfMaine301.jpg (320x323, 17K)

Neat.

The future is not looking good.

>China dynastys also have a habit of not lasting that long.
Yes. They end by invasions. That too makes sure leaders and party members are extra cautious.

>China is useful for cheap labor and a massive market, but people also get tired of the shit they pull.
True.

>You can't really escape right now because mass production has lead to almost everything having "Made in China" written on it, and if China goes down they're gonna take the rest of the world with them because of that.
People are preparing and have done so for a while, moving things out of China and to Vietnam, a country small enough to follow the WTO rules. The latest trade conflicts has provided an excellent alibi, but really this has been going on for over 5 years. Check out the trade press on the issue:
electronicsweekly.com/blogs/mannerisms/shenanigans/lucky-old-vietnam-2019-06/

From a /cyb/ view point this will be an immense shift. Vietnam is going all out on education and is far less of a pressure boiler than China. I visited the country a few years ago and it really feels intense.

Videos probably

>Sounds like is our only hope
>I also didnt hear a laptop based on Talon.
the Novena Open Laptop:
crowdsupply.com/sutajio-kosagi/novena

Attached: novena-open-rotate-small.gif (335x189, 1.05M)

>Sounds like is our only hope
the EOMA68:
crowdsupply.com/eoma68/micro-desktop

Attached: eoma-all-2-1_jpg_project-body.jpg (749x480, 32K)

>Sounds like is our only hope
Found a bunch of other links.
crowdsupply.com/search?q=open computer

The main developer seems like the kind of person who is ten minutes away from a nervous breakdown at any given time. I say this as someone who really wants the EOMA68 over any of the Librebootable alternatives

I have effectively taken control of most of the computers in my dorm.
What should i do with them?

>The main developer seems like the kind of person who is ten minutes away from a nervous breakdown at any given time.
There's a fine line between genius and madness.
He seems goofy, but a nice guy. On that note, for the sake of the project I hope the project takes off.
Everyone wants open hardware, but when it comes time to pay no one buys in. Then we're stuck with the situation we have today.

Eat your tendies. Even if it is true, what you've done is not commendable. It's low lying fruit and scum.

It uses Allwinner, a Chinese CPU. Who believes that is free from backdoors?

>pozzed white hat faggot
That's a huge yikes from me, xir.

No, no one is any hat.
What you are pulling off is unauthorized access with physical access or at best you're an insider. You're a skid. You're also a scumbag.

Well, as long as it's open hardware, just like software, it can have them. However it's the fact that they can be discovered that makes it good.

Get off your high horse, bitch.
I don't need a morality check on Jow Forums of all places, you spastic.

What high horse. You're cracking devices of people you call friends. That's not cool.
Why not create something good. Or at least do something worthwhile with your life. Maybe something that requires serious skill.

Lol they didnt even hack canonical, just a shitty little repo what phony bullshit that's easy to see through

If you want open hardware I recommend downloading a softcore into a FPGA. There are such softcores available that are capable of running Linux. That also gives you the benefit of inspecting the Verilog/VHDL yourself and even modify it.

Check out Opencores.org for examples.

>Look at how cool and edgy I am, guys!
>>stfu
>waaaaaah why won't you vaaaaliidaate meeeeeee?!

I don't have any experience with FPGA. What kind of performance could I expect from one?
It sounds like a very cool project.

cringe.
it's not that serious, faggot.

Dude people could go to prison and get sued and lose their jobs! It's pretty serious.

>I visited the country a few years ago and it really feels intense.
How so?

Clock frequencies about a few 100 MHz, not the multi GHz of an ASIC. Then again it has a lot of flexibility so you could implement your own instructions and structures for things you find important.

A large modern FPGA has rooms for dozens of ARM clones.

Good morning lads, could anyone recommend me a solid VPN service?

There were enormous crowd of mainly young people rushing everywhere, clearly with business to do. All sorts of vehicles with cement, rebar and other tools. Evidently the country was being built before our eyes. There were many technology parks sporting well known brand names, doing production.

And I saw absolutely nobody just hanging about on street corners.

Interesting. I guess I have to keep a close eye on Vietnam now. Funny how we hear so little about it in the mainstream.

Reminder that /cyb/erautism requires you to keep fit, so get some exercise and watch your diet

And run from surveillance cameras lest you get exposed which of course was always part of your plan

>the warez """scene""" is totally secure guys!
>found sheepnet, dutchnet, artispretis, zonenet, lysnet
>nothing is passworded
>no random port numbers, everything is standard, unaltered irc config
just what is it with these faggots that makes it so fun to dick around with them.

Attached: girls_laughing.png (449x401, 490K)