Thread challenge: set up a web server on your local host. Serve the OP gif. Use tshark to record the traffic of you downloading the file over http. Load the pcap into wire shark and rebuild the gif
Hunter Stewart
cool dude in another thread offered the 2014 version of OffSec's guide for getting ready for OSCP. mega.nz/#!q8ljCIoA !lPpXhum0n8kuZAZWqadCaPj1iKETBlrhS5lN69ghEJg
Kayden Turner
Thanks for the challenge! I didn't know you could do that with Wireshark, very neat to learn about.
from the last thread: youtube.com/watch?v=SDl4AO4ancI access control is like cyber security. other cool shit: >firefighter mode on US elevators either directly or indirectly use FEO-K1 >the design is public: tubular style 137 blanks with a 7-pin bitting code of 6143521 >you can make your own with a $360 tool and the blanks are about 50¢ each
Leo Cruz
Bumping from page 8 with previous post:
>What was that link some user posted about cyber news? The url was something along cyber.eyes or something but I can't find it.
>I've tried to search through the archive everything with http/s, news or eyes and I can't find it. I remember the post being something like: >Not linking any good news source >[url] >It was almost a plain html website with a lot of news links to be followed.
>It had the logo on top and a left sidebar menu iirc. >I think sidebar was purple/green and background grayish?
>Purple and green was only sidebar at the left side. Green and gray was the rest of the page and the logo. Links wasn't decorated I think. They were sources to news sites directly, no articles or anything. Logo was an eye?
I think it is a web worth the search since it has a lot of /sec/ news sources.
Andrew Bailey
Bro you’re gonna get doxxed we know your IP
Anthony Perez
has tor been killed?
Carter Reed
>The alt.cyberpunk FAQ (V5.26) [ ftp://50.31.112.231/pub/Alt_Cyberpunk_FAQ_V5_preview26.htm ] NB: last thread had an announcement that Preview 27 was released.
Aaron Kelly
Is coffee and toast the most cyberpunk breakfast?
Tyler Green
pic related with tea in your googly eyed mug OR coffee with toast and peanut butter because macros
I know one thing, and that's that a full English breakfast is not cyberpunk. cyberpunks have to be lean little twinks so they can do parkour while evading police officers
James Gutierrez
I wish my work had a tor box so we could do fun vulnerability research on the deep web. We need to put in a request sometime
Jack Bailey
if you don't have enough bitcoin to afford a full english breakfast so you can hack all day without refueling then what are you doing with your bits?
Jaxson Murphy
No
Gavin Allen
Yes
Nolan Hall
No. There has to be tea. I prefer English Breakfast for, well, breakfast. Green tea is nice later in the day.
>Death by typical English breakfast. There is a reason why the UK has such a problem with heart diseases. I can still remember those sausages, they went down like depth charges.
Aaron Diaz
I'd missed this so thanks for reposting it, user!
Jeremiah Baker
Ok I want to be involved for real now. Enhancing my security was the first step.
Kayden Bennett
the first step on a long journey... what brings you to these parts?
Noah Fisher
Feels the need to reach another step. Many hints I didn't listen, but now it's time to chose a side, and that's hacking/technology.
Adrian Walker
We didn't quite conclude in and the suggestions in met scepticism in Are evercookies a thing of the past?
Angel Hughes
Maybe
Ryder Roberts
Coffee + fish oil capsules.
Or if you want to go full Neil Breen, canned tuna.
It's all burnt and salted to the max. You may as well be eating tumours.
Austin Howard
what does Breen have to do with tuna?
Wyatt Thompson
Very vaguely related, in that this is about preventing data collection.
Basically all hotels require ID, but I stayed in an AirBnB recently where the owner just told me the passcode to the door and never met me in person. No ID check. But I paid by card, so he had some form of guarantee I wouldn't wreck the place. Is there a dark web equivalent of hotel booking where you pay in bitcoin and definitely don't show ID?
There was a scene in "The Day of the Jackal" where the assassin character seduces a gay man at a bathhouse specifically to avoid checking into a hotel. This was followed by a scene where investigators are stumped, and can't find any trace of him in hotel registers. This was in the 1970s, so bathhouses were pretty much the equivalent of what I'm talking about. I'd rather not go that far, personally.
Thomas Baker
you can buy prepaid CCs with bitcoin can't you?
Ayden Morris
wats the best linux for security?
planning a firewall and a little server that won't run applications
Jason Jenkins
openbsd
Joseph Cruz
you can buy ccs with live cash if you know what you are doing all info they require can literally not be yours or flat out not exist. this is pretty much a federal crime ANYWAY so...
Bentley Smith
My instinct would be to GTFO as fast as possible if carding was involved. Same as with carding an item. Ideally, I'd leave the country the moment the transaction goes through. (It's probably relevant that I'm only thinking about random Eurasian countries in the context of "leave the country.")
Juan Walker
ah. seems I asked if water is wet.
can I still run dorf fort on it?
Gabriel Lewis
I'm not talking about carding though, just legitimate prepaid debit cards (backed by CC companies) from convenience stores or wherever. Most hotels would probably put a deposit hold on top of the room cost but seems like it would be fine. I vaguely remember 7/11 or someone was doing something with bitcoins.
Michael Jones
>fish oil capsules Capsules?? Don't be a wimp, drink the cod live oil straight from the bottle.
Robert Scott
could probly make a cocktail out of it
Isaiah Rodriguez
a brand new type of bulletproof coffee but this time even worse that the original
Hunter Murphy
i was thinking more like a gibson but i didn't get the reference at the time.
Gabriel Watson
where information is at a premium, and posters are anonymous, people still help others out with their simple questions. restores a little faith.
do you know how many twats come here asking to hack their school wifi?
Mason Murphy
Really? I guess that would work. I didn't realise there were legit things on the dark web, which i suppose is short-sighted. Doe these cards appear under the name of the person who bought them, or are they genuinely anonymous?
Shit oxidises, yo. A gelcap is like an airtight seal. This is more relevant the further you get through that bottle of fish oil, unless you want to refrigerate it, and there's only so much punishment the human palate can take. Cold fish oil is the limit for me.
How? Gelcaps are flavourless. Knock them back with the coffee and you won't even notice. Fish oil is definitely superior to grassfed butter as a nootropic, and nootropics are /cyb/ as fuck.
Alexander Ortiz
well i don't know if they're on the darkweb, they're potentially anonymous in person cause I don't think you even need a name. Carders deal in gift cards for money laundering though, those would 100% be on sale but unreliable.
Jose Gutierrez
Is this the best place to dump privacy dystopian articles? Things such as
I have been collecting a ton of those and I've been wondering where else I should share them, I just have a telegram channel so far but I've been looking for other places to discuss this sort of stuff
oh its been so long since i saw that one, i remembered all the laptops but the rest kinda blends together with the other movies.
Jackson Morgan
Thanks. I have cancer now.
Justin Stewart
It's ok user, post all you can.
Sebastian Brown
I will once I'm back on my computer, wanna properly archive the links and post some good images alongside them, I'm new to /cyb/ threads so I hope to make a positive contribution
Connor Brooks
Welcome aboard. Often news articles start with === /cyb/ News or === /sec/ News, depending on the angle. It is not compulsory but makes life simpler for Compiling user who set out to compile all gems on this general. He has not been heard from for a while.
Gabriel Roberts
Serious answers only
Nolan Lewis
no means to verify many of those things. ie the tracking can be kept server side
Nicholas Jackson
Hey /cyb/ and those working in /sec/, when you got first started working in the industry, what got you prompted to join in the first place? Did you need any background skill in order to work in cybersecurty or was it all self learned?
Owen Morgan
Sys-admin, Web-Developemt, or networking skills are recommended (Any IT or computer skill really)
I'm almost completely self taught All you really need is Google and YouTube
Doing CTF's, following tutorials, building and hacking your own software It just takes curiosity and a dedicated passionate person, anyone can do it
Henry Evans
Physics dude here. Reading Gibson's books is close to compulsory and he was very influential in R&D on software and hardware.
Later got into industry, had an internet connection and some trivial server stuff. I volunteered to check the security, found it was a wide open door, started by bolting shut everything.
Levi Sanchez
they make denonymizing algos now to sell you shit and track your wrongthink easier now. you'll eventually get caught by behavioral analysis. >from the bottle. do they still sell it bottled? it's a matter of the honor system, m80. if you don't trust any of them, your only option is to build your own VPN using a server rented with cryptocurrency and set up over Tor.
>server rented with cryptocurrency and set up over Tor. is this even possible? do you know any providers which allow this?
Jose Hughes
Here's a list of companies that offer VPS for Bitcoin: cryto.net/~joepie91/bitcoinvps.html They all likely log your IP when you order, so you'll have to order it through Tor. Configuring it will be simple at that point, but I'd recommend you read up and practice creating your own VPN server first. I'd recommend VPS over dedicated servers since it's cheaper, the added noise will obscure your IP traffic, and while you'd get total control on logging with the dedicated server, their routers likely still log your activity.
Cooper Morris
The cock.li guy has servers in Romania for BTC. I assume Tor isn't a problem.
Evan Myers
Your neighbour's wifi. Protip: his password is probably one dgiit repeated up to ten times.
Jose Mitchell
Question for anyone working in /sec/. I'm currently a level 1 SOC analyst working in incident response, but I want to go full on incident handler. Anyone got advice for me?
Juan Miller
Hey could someone help me find an article I saw on here a few years ago? It was talking about a sticker that looked like a QR code that would disrupt video cameras, i don't fully remember it all but I think that was the gist of it.
Thanks.
Gavin Lewis
May any of you lend me an invitation to RiseUp?
Sebastian Lee
>do they still sell it bottled? Oh yes. And I have one. I'll take a picture tomorrow.
The clue is to keep the bottle open for as short a period as possible. When you unseal the bottle it tastes nothing. As the oil oxidises the anti oxidant will stop the process for a while, but after that a rather distinct flavour will indeed appear.
Cameron Smith
Yeah, I found some on the internet. Can probably find some at the supermarket.
Since we're on cybersecurity and cyberpunk, people claim that CloudFlare doesn't seem like the kind of company you can trust, with claims they grew too fast for it to be organic and that they pull a Man in the Middle attack when you try to communicate over HTTPS with any site using them (like Jow Forums). What's the likelihood this is the case, and how do you protect yourself?
Evan Price
LOL 15 year old larpers
Nathaniel Allen
why the fuck do you want that?
Hunter Long
But i'm using Kali right now :c And i'm 25
David Clark
>just discovered how to run a linux distro on a pendrive with a VM >can boot from pendrive from any PC i can get my hands on the bios okay this is epic what stuff do i add to this pendrive? i got some OC tools like aida64 and prime 95. what tools do i use to remove/scan for rootkits?
Adam Williams
Yes, this is perhaps the comfiest general on Jow Forums. Rather productive too, there are a couple of FAQs that are written here and still regularly updated.
Should I expect my account to be compromised if the data leak only had hashed and salted password info? I'm changing my password just as a precaution but should i consider that password burnt?
Jaxson Wright
yes afaik the hash itself could be sent in unsecure enviroments so you could be compromised anyway
Julian Evans
For further elaboration, my account is likely in this leak. I don't care if some chinaman knows my shoe size but do you think that password would be burnt already?
That explains why i had suspicious logins on a couple old accounts i had used the same password for (bad habit) over the past couple of weeks
Josiah Murphy
md5 is so bad it sucks for most secure applications to the point its real use is CRC check
Noah Ortiz
I did this at work with Kali so when people forgot passwords on the few unencypted Windows machines, we could boot into it to fix the problem with chntpw.
Aaron Ross
how do websites prevent these catastrophic leaks? Or in the event that it does occur (it probably will), how do they minimize data compromised?
David Robinson
>prevent real hard because most of the time what happens is that a fucktard answered a phone and did something a hacker told them to >minimize sha-512 would have made that leak irrelevant for the next ~140 million years
coming to think of it...
if the logins were all on MD5, their security was breached the moment a hacker got a wireshark of anyone's password
Charles Green
I havent taken cryptography yet, what is so bad about md5 aside from it being a dated algo?
Jayden Watson
>prevent 2-factor authentication helps, as well as mitigating what pointed out as the problem. power companies usually pay security firms to phish the power company and anyone that falls for it twice in their career gets fired. >minimize depends on the data, better hashing algos deal with compromised passwords, but you also have things like IPS that can help.
Luke Clark
need free xmpp server as well as a nice email provider.
Aiden Jones
some fucktard getting phished is potentially fixed by threshold secrets requiring multiple parties..... but that probably won't help even well encrypted password stores unless they had an input-only/output-only scheme which I'm not sure exists. that dated = useless, just a random pc with a gpu could probably crack them all in a month or two if there don't already exist rainbow tables.
Jaxon Jenkins
tldr you can have different input for the same output, since the login would only check if the hash is right all you need is a pw that outputs that hash. md5 uses a easy to calculate hash so its easy to brute force a solution. stuff like sha512 would take signifcantly longer to brute force
i feel obligated to tell a weed joke.
Caleb Baker
so the issue with md5 is that it has a low period?
Ethan Barnes
>low period wat? you mean computational time? yes that is also not a bad way to look at it
Jackson Ward
im an idiot and i mixed terms up, yeah thats more or less what i meant
Hudson Sullivan
also not collision resistant, extremely light & easy to parallelise, also because of its age its used in combination with all other known worst practices.
That GPU estimate of months was a really slow estimate, with rainbow tables and cloud compute shit you're talking seconds.
Dylan Edwards
Sup /cybersex/, what do you think is the most cyberpunk combination of emojis?
>rainbow tables how do i get some of these? go back to /trash/ and stay there.
Henry Martinez
anyone got them OSCP writeups?
Lincoln Young
>writeups you mean the book, or the reports they made after completing it?
Gavin Cox
This is the same question as helpdesk asking how to become sysadmin. You’re missing a few steps. The first thing is to quit your level 1 job, and get something more technical. There is no way to get from helldesk into a higher role in your company. If you’re good at your current job, your manager has no incentive to let you move to another team, because he will have to replace you with a shit eating retard. Conversely if you’re not good at it, the new team don’t want you.
Basically the only way to move up ranks is with a new company.
Jonathan Edwards
Psst That has always been its intended use, not passwords.