Challenges: - Matasano crypto challenges cryptopals.com/ - Thread challenge (difficulty = 2/10): compile a C program that prints "hello world" 10 times. edit the binary with bvi and make it instead print "hello" 5 times without crashing. post a screenshot of your results.
For a free introduction to reverse engineering, you can check out Yurichev's work beginners.re/ It's very dense and the challenges (challenges.re) are rather dry.
A very fun read to a tangential topic of malware analysis is Practical Malware Analysis. Labs of malicious binaries are provided for you to work on in a secure VM practicalmalwareanalysis.com/labs/
What was that link some user posted about cyber news? The url was something along cyber.eyes or something but I can't find it. Thank you guys.
Noah Taylor
That does not immediately ring a bell. Perhaps the FAQ has it?
Christopher Clark
Here we go again. >"cybersecurity" Sure. Please enjoy. >plain unencrypted FTP As usual, if you have an alternative service you are welcome to volunteer it. Meanwhile that FTP site does not hold dodgy contents, hardly a warez site. >>thegrugq >EFF So? >>no cybercrime-tracker.com >>no exploit-db >>no PoC || GTFO Not everything fits into the OP message. Some we can add to the FAQs.
Anyone want to share some neat tricks for C&C infrastructure? Currently working on automated spin up of nodes with a few countermeasures in place like port knocking and geo-filtering for operational security.
Ethan Lee
I posted in the last thread before i went to bed and it died. Has anyone tried the Python3 version of pwntools? Is it stable enough to be used, or am i gonna have to keep using python2 for it.
I've tried to search through the archive everything with http/s, news or eyes and I can't find it. I remember the post being something like: >Not linking any good news source >[url] It was almost a plain html website with a lot of news links to be followed.
A Jow Forumsfag was shilling OSCP a while ago as a way for neets to make money. If I were to study hard and load up on certs is this a realistic career path or was user working for OSCP? I have no degree but have been meddling in linux for years
I want to start doing som ctfs and im wondering what your opinion on hackthebox is?
Liam Ward
=== /sec/ News: >Purism Confirms Final Specs for the Librem 5 omgubuntu.co.uk/2019/07/purism-librem-5-specs-confirmed >The Librem 5 is powered by an i.MX8 chipset. This pairs four ARM Cortex A53 cores with an auxiliary ARM Cortex M4 core. Additionally, this chip features an integrated GPU with support for OpenGL 3.0, Vulkan and Open CL 1.2. How do we know there are not hidden backdoors in there? >The device is notable for including hardware kill switches for the Wi-Fi and Bluetooth, cellular baseband, and camera and microphone. Good thinking. >When all three kill switches are turned on the phone’s ambient light and proximity sensors, and its IMU (compass, gyro, accelerometer) are also disabled. This is getting better. Battery time will probably also benefit.
Gabriel Brooks
it's ok but I'd start with some theory.. go to vulnhub, download a beginner box and follow a walkthrough... as you start to feel more comfortable try not to look at the walkthrough anymore, but don't feel bad if you do since this is a huge topic and learning enough to do things without help takes a massive amount of time and dedication... keep at it!
What do you guys concerned with privacy name your desktop user accounts and usernames in lieu of your real name and whatever you would otherwise use for a username?
for as much as id like to use cryptic logins you gotta think on them workflow, so they get names related to their function
maybe someone can point a better solution like using real names just so you can uniquely identify a pc/node without giving any idea its not a real person account
Christian Davis
Linking to some cool posts o off-the-grid computing
many sbcs live on 15w power supplies, wich isnt difficult to do with batteries
heck, its why IoT might be such a menance, you cant be certain there isnt something listening because a arduino doing that is on power saving mode and can last a long time on a 2 AA battery set
Jack Sanders
how does one go about transitioning to security? Do I just make my own encrpytors?
master linux read on pfsense then you should look for certificates
Jason Myers
With new models like the Odroid N2 working 3440p resolution maybe is not the most power saving out there but is more than enough to replace a desktop.
Lincoln Cook
usually just user / admin or if im feeling spicy whack some chars into a string hashing algo
Dominic Watson
tbqh 4k streaming might not even be needed 4k videos as QoL stuff is interesting but at that point id rather game at 1080p60
wich many of these sbc can do. i remember a channel called ETAprime i think that displayed a SBC that could connect to a GPU and actually provide 1080p75 gaming on many current titles
a sbc that can take a gpu can also work as a AI learning platform so maybe theres some future on it
Alexander Bennett
I saw a video of the C2 running Tekken on a PS2 emulator. Now that you mention GPUs it would be extremely cool if an external GPU can be plugged to the SBC whenever needed. I can totally see running that extra power for running a password cracker and other intensive jobs.
Jacob Rivera
It might be but then again the alphabet soup agencies are probably not happy about this phone being made available to the general public.
Sectra, for instance, makes approved phones but do not appear to sell these over the counter.
how are you gonna present yourself? a curriculum? cookie cutters are broken by what they werent taught, how can you sell yourself self taught? how can we know you are good? a actual test? cant bother to do that to dozen of applicants appointed by someone? why bother trainning, just set pfsense and call people when they log in at unusual hours
Close to this but wasn't this one. It had the logo on top and a left sidebar menu iirc.
Thomas Sanders
Can you remember anything about colour used?
Caleb Adams
I think sidebar was purple/green and background grayish?
Cooper Hill
if i get hit with a misdemeanor computer misuse will that kill my chances of getting a legitimate cybersecurity job?
Mason Bell
=== /sec/ News: >NSA creates cybersecurity directorate to unify offensive, defensive operations washingtontimes.com/news/2019/jul/24/nsa-creates-cybersecurity-directorate-to-unify-off/ >“NSA’s Cybersecurity Directorate is a major organization that unifies NSA’s foreign intelligence and cyber defense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base,” the agency said in a statement announcing its creation.
>“This new approach to cybersecurity will better position NSA to collaborate with key partners across the U.S. government like U.S. Cyber Command, the Department of Homeland Security and the Federal Bureau of Investigation. It will also enable us to better share information with our customers so they are equipped to defend against malicious cyber activity,” the statement said.
This is unexpected, it seems to connection foreign and national intelligence operations, something one has wanted to avoid earlier.
Jeremiah Phillips
They if they want to remove cybersecurity threats they should off themselves.
I feel like you're really close but not that. Purple and green was only sidebar at the left side. Green and gray was the rest of the page and the logo. Links wasn't decorated I think. They were sources to news sites directly, no articles or anything. Logo was an eye?
Justin Evans
>Logo was an eye? That rings a bell! It will take me a little time to locate it though.
Austin Mitchell
A guy at my work fucked a system, panicked and tampered with logs to try to hide his tracks, and got fired. He was shortly after hired by Cisco
=== /cyb/ News: With all the excitement generated by NeuraLink, it might be worth looking at alternatives: >Need to print metal tracks on jelly? electronicsweekly.com/news/research-news/need-print-metal-tracks-jelly-2019-07/ >The use of gelatin jelly was as a proof-of-concept, to show that conductive tracks could be screen-printed onto soft biological tissues, such as a brain.
This does not look like it penetrates the brain but that can itself be rather attractive.
Christopher Rogers
>nmap.org/ Holy shit you got me for a second. But I know it is not nmap webpage because it had news sources from everywhere, not just nmap related like nmap.org/nmap_inthenews.html But for a second, user, you made me believe.
Oliver Perry
It will definitely be a problem in getting security clearance. Industry might be more forgiving, unless there is a HR department trying to justify its existence, in which case your application will be used to demonstrate how HR saved the company from imminent collapse.
I vaguely remember a page with an eye centered at the top in a striped pyramid and then a few columns with link. I think it had a lot of archives and a weird URL name. I am searching but struggle to find it.
It was a single column with a lot of links or few columns? My memory is shit but I would say it was only one. Anyway, I think we're talking about the same. thank you again user.
What is /cyb/'s opinion on Tails or Kali Linux? Is Tails effective, and is Kali Linux anything more than a toolbox for people who don't know which tools to use?
Kali is good cover as anyone can use it so it doesn't give away TTPs. Same with Tails, but Tails also forces Tor usage on a live DVD which is great for lazy people.
Aaron Perez
That breakthrough must mean breaking through the firewalls around Lockheed-Martin's servers - again. The rest is propaganda, it is not credible to have one structure that is capable of the huge bandwidth indicated, 0.3 to 40 GHz. Since 300 MHz has a 1 m wavelength and 40 GHz has a wavelength of less than 1 cm, a *microscopic* pattern will probably not cut the mustard. It is interesting, though, that the Chinese considers UHF radars which as used by Russia but not the US.
We are still some time away from the cyber suits of GitS.
I think you have to make it yourself. Get a Pi NoIR and a Raspberry Pi and the right software. You can get motion detection and image recognition.
I have a Dlink webcam but the latest software upgrade demands to know exactly where I am located and a few other bits I see no need to share with Dlink and whoever they leak to.
Jaxson Sanchez
i just want to fly in a custom drone or jet pack where no radar can detect me
therre are too few fuckable cybergirls and neckbears keep sperging out on them. jake appelbaum was going around begging the 2 cybergirls for threesomes. the EFF girl is also cute
Brayden Green
>the EFF girl Who?
Zachary Campbell
This is a man, man. Although the sexaul assault report talks about a clit and vag.
Anthony Butler
there's a lot of good content but it's so badly paced. I feel there needs to be a guide on a way to go through it other than linearly
Nathaniel Gray
pentest from kali, only use windows for analyzing windows binaries