>Last thread: [ Yes, once again felled by the Euro night.
Josiah Gray
I have an old motherboard, which didn't get patced BIOS for Spectre/Meltdown/etc. Will a simple microcode upgrade with up-to-date OS keep me safe from CIA niggers?
Dominic Hughes
Likely, yes. Spectre/Meltdown etc. are processor vulns, not BIOS. Exploits for them are, by themselves, not persistent. But update BIOS just in case anyway, it's mostly useful.
Landon Perez
A few threads ago I saw someone post a magnet link to some OSCP literature. Anyone got that handy?
There's "Penetration Testing with Kali Linux" in the OP's "Reference Books" Mega link, but it's several years old.
Sebastian Cooper
Cyberpunk has nothing to do with cyber security. And cyber security sounds like a buzz word and means pretty nothing.
Adam Jenkins
You are late. And you missed out on the last thread.
Benjamin Thompson
you sound like someone who has never checked to see whether any of your accounts have had their details leaked in a data breach
Jeremiah Powell
Not him but I am a bit sceptical about entering my collection of passwords into a web page for it to check if there is a match. Who knows what they do with the input. I'd rather have a list I can download and search myself.
Eli Cooper
You don't need to enter your password... If you enter your email address on haveibeenpwned it will tell you if the data dump contained your password, or a hash, or whatever other details were leaked
Jose Thomas
That's up with the OP image and Jow Forums? Opening it in a separate window gives me is2.Jow Forums.org/g/1563952637764.gif which throws NET::ERR_CERT_DATE_INVALID
Mason Lee
looks fine to me, post the certificate details?
Chase Brooks
I have the same error.
David Richardson
OK, several parts: NET::ERR_CERT_DATE_INVALID Subject: *.Jow Forums.org
it asks you for permission to use. However it auto updates itself and has been un-ironically been considered a botnet by people that actually use it.
Ethan Bennett
Is CYBERSECURITY interchangeable with hacking? By that I mean do I get to understand and get better with how hacking works by getting more experienced with cybersecurity? And the reverse, do I get better with cybersecurity by learning how hacking works? I feel like this thread is somewhat of a treasure trove but I can't seem to use it properly.
Easton Long
Giving the add-on permissions will let it do basically whatever the fuck to your in-browser activity, but extensions have repeatedly ignored it. It'd take some high level faggotry to let it gain access to your desktop shit, but it's definitely possible.
Kayden Peterson
>Is CYBERSECURITY interchangeable with hacking? Not entirely, though "hacking" as a term is ambiguous. In its origins, "hacking" was to do something unexpected or something nobody even thought possible. Passing through security measures is then a subset of that. After Hollywood and the press had their days, hacking tends to mean malicious acts that violate laws and security by people in dark basements wearing ski masks. Some proposed using the term "cracking" for malicious acts but that never caught on. >By that I mean do I get to understand and get better with how hacking works by getting more experienced with cybersecurity? Probably, yes. >And the reverse, do I get better with cybersecurity by learning how hacking works? Yes, though in the full scope of the original term you learn a lot more than that. >I feel like this thread is somewhat of a treasure trove but I can't seem to use it properly. It is, and it is the comfiest general around here. We all started from scratch back in the day, so welcome, and do hang around. We talk about these things and much more.
looks like an oob read and the devs are saying "it doesn't crash so it's not a bug." silly devs.
Mason Harris
its a good idea to throw people off their trail
attacking attackers is unethical and causes doubts about who really did what of illegal. as a rule of thumb you should always be capable of considering calling the police with incriminating evidence without endangering your case on whatever happens just because of liability
Luis Thompson
I can see two ways a: respond to links with an endless maze of auto generated new pages, with heavy payloads b: respond with en endless stream of unterminated random data As an optional extra start tarpitting where the response goes down to a few bytes per second, just to keep their ports busy.
no, but the devs do not understand security bugs. they are working on a patch regardless of what they say in the comments.
Gabriel Johnson
To add to this, no, it can't steal any data the browser doesn't have access to unless there is a permissions issue with the browser security model or there is a bug which allows them to read anything from the filesystem.
What are your opinions on the intel microcode patches for spectre? Have you applied them or are they a backdoor?
Logan Roberts
All major ships are likely backdoored already so I cannot see any reason why microcode patches can make that risk bigger.
Aiden Allen
opinions on the Sec+ exam? Been going through prof messer videos and seems super boring. what's the exam really like? Been off and on in IT for a decade with half a dozen other certs and MIS degree.
Ryder Clark
How many graphic novel from William Gibson, are there?
Ryder Bailey
I can only remember two - a partial Neuromancer - a complete Alien-story (cannot remember which one) based on his script rather on the films
Henry Williams
Are there any cyberpunk graphic novel from other authors that are similar
Anthony Gonzalez
The /cyb/ FAQ lists several but uses the term comics rather than graphic novel. Transmetropolitan is perhaps one of the better known ones.
Jayden Hill
Latest free LWN issue is out: lwn.net/free Interesting stuff on load tearing for creating wild pointers.
Charles James
ethical hacking is for faggots and women.
Landon Turner
Why? Do you enjoy imprisonment?
Joshua Bailey
How to check if a motherboard BIOS has been maliciously modified? I read about this new malware that replaces the BIOS and is resistant to reflashing, which would mean the general ways of detecting and fighting malware would be of no help. So how would one detect this, if it is possible at all?
Also, are there other programmable chips on a motherboard that can potentially be a target for malware? Could malware of this nature (firmware/hardware malware) possibly spread to other programmable chips in a system or would each chip have to be separately infected?
John Butler
You'd have to have at least a checksum, if not the whole original ROM, disconnect the suspect BIOS ROM chip, connect it to a programmer and dump its contents, then check them against a known good ROM. Not too complicated, but pretty involved.
It COULD spread to other PROMs in the system, but the payload would have to be designed specifically for each device infected that way. All this is likely too expensive for your threat model.
Thomas Kelly
>Also, are there other programmable chips on a motherboard that can potentially be a target for malware? Potentially all major chips such as graphics, networking, disk controller and more.
>Could malware of this nature (firmware/hardware malware) possibly spread to other programmable chips in a system or would each chip have to be separately infected? Sure. A hidden track on a USB drive could reflash your BIOS. It would take a lot of effort but when we have things like Stuxnet it should not be dismissed. The effort means it wold be for high value targets.
do you mean trhu a flashing tool or trhu commands to dump whats written in bios?
could the command be altered or literally denied?
Brandon Adams
Probably the best place to ask. Do any of you know how to get apache to properly log failed zoneminder logins so fail2ban can ban them?
Cooper Foster
isnt that firewall's job? afaik its manual but im sure you can do some script to catch those fails and send a command to whatever the firewall is
Bentley Sanchez
apache doesn't log web app stuff, but you might be able to write a cron script that parses the apache logs for any requests to the 'login failed' page.
James Sanders
this wouldnt be automatized? i suppose you could get it to run for every new error trhown, or purposefully make apache call it with failed login error exceptions?
Jason Adams
you can run the cron job every minute since it's unlikely that you're experiencing much web traffic or need the cpu/mem/disk for something else.
>isnt that firewall's job? Seems there is an optional module for Soothwall with this functionality: smoothwall-info.net/dataking/mods/fail2ban/ It is mentioned that it can easily go wrong.
Caleb Young
So there is no way other than desoldering the bios chip?
Seems like if you get this its probably best to just throw out everything connected to it and start again.
>Potentially all major chips such as graphics, networking, disk controller and more. Graphics on the motherboard?
Brandon Hughes
>Graphics on the motherboard? Sure, including on-chip with the CPU.
Jayden Hill
hey anons, i got a problem here, sorry for the quality, im no paint artist the prob is, my admin page only lets directly wired pcs log in to it(pc1 for example being allowed meanwhile pc2 cant), no problem there, the problem now is that i have a wifi repeater that has its own ipv4 so everyone connected to the wifi repeater (the most used in my house bcos of its layout) has that ipv4, no problem there too, the problem is that wifi repeater is wired, so everyone connected to it is capable of login in to the admin page (which is represented as pc3), which is making me quite paranoic, is there any way i can block that ipv4? thanks in advance
what do you mean user? sorry for sounding newbie but i really cant find a whitelist page for the configs
Gavin Ross
Where would you guys recemmond buying/investing in Bitcoin and other cryptocurrencys?
James Peterson
monero and zcash are very cybsec.
John Young
Asked my manager to pay for SANS’ SEC401 boot camp in Raleigh this September and she said it should get approved. Any other anons gonna be there?
Jacob Lee
Why are untrusted people connected to your WiFi?
Logan Wilson
I had an UNO and learned embedded programming isn’t as cool as it seems. Now making a mini OS with it? That would be cool. But too time intensive for me
Elijah Allen
I was talking about stuff on the motherboard itself, not things connected to it. Worrying though that even an iGPU can be affected
Leo Allen
well i sometimes invite people to my house and let them connect to the wifi throught the repeater.
Ian Hernandez
I wouldn’t worry about your friends hacking your admin page. They probably don’t even know it exists, and they’re your friends
Luke Wilson
There's no place to list the MAC addresses of connections you want in the admin? Maybe in the same place you set it to wired only?
Hudson Foster
yeah i know but should i reinforce the pass of the repeater? i mean its a differentwifi whilist being a relay so the main router has more security the wired setting is set by default and i cant find where to change it
Robert James
If it has its own IP address it’s not a real repeater because repeaters just repeat the physical signal. You can increase the password length by a lot if you want
Lucas Reyes
i called it a repeater since i dont know how to call it, relay? the thing is that relay is the most used so id prefer being able to config it as a kind of "guest" wifi so they cant access the admin page, im going to check on the relay page and see if that lets me blacklist that page for those connected to it
Brayden Myers
Ik this sounds cliche as shit but what are the first steps to "becoming" a cyberpunk
Ryan Rogers
leave the botnet OSes(windows, debian, osx) leave the botnet programs/languages (all of javascript, java, and all of non FOSS programs) read 1984 leave all botnet things in real life (watching tv, using credit/debit cards, having a bank account in genereal, using social media and the like) join anarchist groups (that you search for yourself :*)) now your cyberpunk
Aiden Cook
So I have PIA vpn set up and it seems to work. I have the kill switch on. Am I good to go? I use transmission for my torrent client. Do I have to configure anything with that? Is there a way I can verify it is using the vpn?
Isaiah Rodriguez
Ah, like the SuperMicro story?
Gavin Wood
Hello. I currently use Trisquel with a librebooted X60. It runs the LXDE desktop and has a quick login screen and lock screen+screensaver. It had all this stuff built in so I could get right to work. I would like to try Parabola. But I don't know how to go from the empty Parabola base to a full desktop+login+screen+lockscreen without a an assload of work. Plus all the documentation on the subject seems to require systemd, and Parabola does not used systemd. What should I do or look at?
there are bios flashing kits that have a clamp like adapter so you dont need to desoder the bios chip
Ryan Green
dont do this bitcoin itself will crash when zucc releases his coin
Kayden Hall
Start by reading the FAQ.
Jonathan Johnson
What is oob? Out of board?
Hey guys. So right now one of the biggest things I do is run power word doxing for my boss who occasionally loses peoples contact and wants to cold call x, I just use Google or a spare landline to sign up for those bullshit services
What websites does everyone use to get peoples information like phonenumber, addy, email, shit like that.
Lucas Miller
I work in embedded security (secure boot, tpm/hsm, anti-tamper etc.) but it's honestly so boring -- the field is unbelievably slow compared to websec, netsec, appsec etc. What do? I have no certs but strong programming skills. I can't see myself working like this much longer.
Matthew Carter
You know you don't have to make up stupid stories to ask questions, right?
Mason Long
Eurobros live in 1984
Someone in britian litterally looked at orwels house and said "this is the PERFECT" place for a government surveillance camera
Cameron Lee
you really think libra won't be regulated to shit by then? the doj is starting antitrust investigations into google, amazon and facebook. many democratic presidential candidates have endorsed the idea that facebook is too powerful.
Oliver Sullivan
out of bounds. fuzzing is also referred to as boundary condition testing and memory sanitizers typically test for things like oob reads/writes.
Liam Wood
I see. So it's like an mysql injection that leaks userdata
So how do you exploit VLC? I mean I have mpv and parade but...
Also is VLC worse on linux? I just feel it's worse then the win10
Gavin Kelly
What kind of projects have you done in the past?
Landon Green
it's an in memory exploit where it can read past a certain data structure and into things beyond it. that could easily allow aslr bypass by figuring out relative memory addresses.
Isaac Powell
What encryption framework for servers can I find that only allows remote access? it needs to completely isolate the system from physical access, I know I can just uninstall the input device drivers put that would be too sloppy, I'd like to use something that was made for this. If it comes with the same handiness as TC that would be nice, though I'd like it to have a decryption function as well, just in case.