NEW? Check the /sec/ Career FAQ and Cybersecurity basics links above. Learn to code, learn computer basics, learn networking THEN work on hacking. It's technical and hard, but fun. Want to hack now? Try Webgoat and use the cheats. Grab Penetration Testing A Hands On Introduction and see what you don't know enough about. Always use a virtual machine for reading PDFs. Wanna be a punk? Read the What is cyberpunk? and start today!
see you can't do anything until after the attack happens. it's all done without any end user interaction and your phone will stop working once the cell service company switches your account to the new imei number.
Ethan Martin
to log in twitter you need a password and the password given by the sms how did they get the password in the first place if it was the case? and to modify the password you need to at least control the affiliated email
also my question about phone number spoofing was unrelated to that, just want to know how it is possible and how to make a spoofer, but also how to detect one
Ryder Smith
Anyone knows about any update about the Myonics Cybersuits? Thes ite is Russian and everything is rather vague. Pic. related.
fuck me just read the tweet, anyway need documentation about phone number spoofing
Jackson Garcia
lmao so this general who "is very active because of the " punk trash died again? like how many hours? seriously tho, when will you guys stop this BS?
Jason Diaz
>cybersec gen Missed you guys.
Brody Cook
Can generating a regular (non-secure) random number and then applying a secure hash function like SHA-256 on it achieve the same result as a secure RNG? Secure RNGs just seem really slow and complicated and this seems way easier.
Andrew Miller
>Myonics Cybersuits Do you really plan going out like this on the streets?
Christopher Evans
I am simulating a atack on a simulated network on gns3, i am suposed to then analyse the traffic through wireshark and explain how the atack works through forensics, and how firewalls recognize them, any tips welcome.
use a stronger hash and maybe, but know this: the nsa paid rsa to backdoor one of their weaker prng algos so your idea is not outside practical attacks.
Has links to deep dives about the exploit chains and implant from the Google people who discovered them. Wonder how long they sat on those.
Jose Walker
How hard is to survive being a bug hunter?
Adam Garcia
hi bug bounty spamfag, can you stop spamming the same question again and again?
Hunter Robinson
? No sorry, i am not him, its just that i am a bit awkard socially(specially at college) and i love security so i wanted a security related job where i can work at home.
Ryan Johnson
>fetching $1 million bounties Maybe if you're friends with someone at Apple, otherwise they pay out an insult and are happy to lawfare you into committing suicide if you try to get more money. People who find 0-days are better off sellijg them on Russian forums.
Ethan Jones
hard. lots of people are looking for the same bugs and you'll have to be good to find any. there are still a lot of bugs out there because hackers don't report them and the bounties are small compared to the value they can derive via nefarious methods of abuse.
Colton Carter
Ah, thats okay, i have no morals to speak off.
David Russell
there are companies that buy them, defense contractors and the like, as well as exploit brokers who will pay that much. zerodium comes to mind.
Tyler Clark
Do i need to learn russian to sell exploits?
Grayson White
>sell exploit on black market for 1 million >turn around and sell it to apple as well
>Accept $1mm from underworld sources >Turn around and render their investment worthless >Somehow don't expect to get whacked immediately
Dylan Cruz
how would they know it was me that reported the bug?
Benjamin Hernandez
there's a pattern of 0-days they bought from you getting discovered/reported two weeks later.
Charles Thomas
literally just use an online randomizer or one made by myself to determine how many days before reporting the bug. could be a month, could be 2 years.
can't claim there's a pattern if no pattern exists
Jacob Gray
then you run the risk of losing your second payday when whoever you sold the exploit to uses it in something that brings it to the vendor's attention.
Jackson Myers
they pay less anyway so who cares? A 50% chance of a getting payed twice is better than no chance at all
Zachary Lopez
Ok, what do i need to study to become bug hunter/exploit developer?
Ethan Hill
very few live off bug hunting there is no stable income don't do that
Jason Morgan
>exploit developer wut
Jordan Butler
>no stable income Do you really need when you get 100thousand per bug/exploit?
James Scott
lmao keep dreaming check hackerone and laugh at yourself critical tier exploits are generaly very hard to find and require some in depth knowledge in a field, and very rare are those who are experts in all fields also there are a lot of people doing the same thing as you, a lot of them in groups
Nathaniel Brown
however, you are more likely to live off bug hunting if you live in a 3rd world country
Brandon Bennett
Why? What does living in a 3rd world country make it better to find bugs?
Charles Martinez
no, life is cheaper don't tell yourself that you'll live off X or Y, especially when you still have no clue about those
Colton Walker
If you have the skills to find a bug worth $100k, you have the skills to be salaried for $130k
Grayson Diaz
But i always drop my spaguetti
William Howard
yes, probably another kiddo who watched some documentary video and told himself it was easy n shiet there is a reason why cybercriminality is a thing
Hunter Ortiz
Is there any work on sec where i dont have to interect with people?
Michael Lewis
No. I just wouldn't mind if femoids were dressed like this on the streets.
Elijah Adams
I can't capture EAPOL packets in wireshark for some reason. I have 5+ chipsets and only my laptops internal nic can pic them up. I've tried different computers, different operating systems, different packet viewing programs, im at wits end.
Christian Price
Perhaps something to add to the /sec/ FAQ?
Owen Gray
don't report to the vendor, just sell to other outfits. zerodium, defense contractors, private intelligence agencies, etc. all want weaponized exploits and won't report the bug.
Camden Garcia
i assume linux and the latest drivers? maybe try beta drivers and see if there are any eapol related bugs on bugtrackers.
Cameron Brooks
Are any of the books in the IT humble bundle worth it to get a foot into security certification with only small doses of experiences, aka principles of networking, MSCA, no degre?.
Thomas Gomez
come on i really need those phone number spoofing documentation gib me dat
Leo Murphy
I get a lot of spoofed numbers shown, strangely there is one digit too many.
Landon Watson
how does phone number spoofing work? what are the protocols involved? and how do you detect a spoofed numberN
Newbie, here. I am capturing nmap packets to study how the program works, but even when i set scans only to a specific ports there is still connection to two ports, 443 and 8-, which receive immediate RSTs from the destination, what are those two connections?
Cooper Adams
Detection is simple: it says it is a national number but the voice is foreign. And the number is invalid. I have no ideas about protocols, I guess SS7.
Xavier Butler
maximum privacy/security setup? (I mean NSA level)
Brayden Bell
baiduu firewall
Nolan Sanchez
Local net with no contact with Internet. Do not even use partitioned routers. No WIFI or wireless keyboard/mouse. No CRTs, only screened LCDs. Log all internal traffic to make sure it really is internal. Even so, rangeban the whole of Russia and China, just to be sure (always a good idea even when not airgapped).
Jackson Thomas
thx user
Anthony Reyes
what is a recommended resource, thats up to date, that can teach me gdb and mona.py on linux? want to learn well enough for oscp and ctf games
Cooper Ward
Is it possible to become good with sec while not giving up animes and muay thai?
Eli Green
Not sure if this is the right place to ask, but how do I build up my portfolio to get a cybersecurity job? The only guy I know who's in cybersecurity got it through family connections.
Gabriel Bailey
Corelan's materials are still worth looking at, especially since he wrote it. There are also a lot of resources out there that about it. I don't think you need really up to date refs for this tool
William Howard
read the pcap...
Jaxson Sanders
no.
Noah Sullivan
tough without pcap. browser refresh in the background?
Dylan Peterson
Start small and accumulate experience. Which field do you plan to take? The two main categories are offensive and defensive (arguably there's a third but it's the most boring one: compliance). Most offensive jobs are pentester jobs and defensive jobs are network monitor/soc jobs. There are ctfs and reading materials for both so you may want to start practicing skills for whichever you like. Build your resume. There are a lot of HR advice out there on how to write a resume for your intended job and career. Basically you want to take everything related to the job you want and relate it to how you can use it to perform the job. When I say anything it means anything: from your previous work, school, hobby, freelance work, personal projects etc.. They need to be current though. Then start applying. In addition to that, network! Get yourself introduced to someone. Maybe your guy can help you get introduced to cybersecurity folks. If not, look for a mentor. Someone you know who can teach you. It can start with a simpel email, tweet or linkedin request. These things are basically free and just need the time investment to accomplish.
Ethan Nguyen
Considering there are few, if any, jobs out there that doesn't have human interaction at some point, then dubs no
Angel Cook
Yeah but guess what? You need to give up something else to make room for something right? Maybe give upa bit of them anime tiddies and muay thai tiddies
Lucas Sanchez
Thanks. Any certs you would recommend?
Ryan Carter
Which country are you from? And which category would you want to pursue?
Brandon Cruz
see . good advice.
OSCP help a fuckton as well.
Adam Jackson
Australia. I don't mind either but I'm leaning on defesive cybersecurity. Also, i
Dylan King
is it weird to ask your lecturer about job openings?
Kayden Sanders
You might also want to consider Red Black networking en.wikipedia.org/wiki/Red/black_concept And check the references in that article to the military standards. It is safe to assume they have experience in this. Also make sure red and black machines are not even in acoustic connection with each other. It is unclear if BadBIOS ever was real but it is plausible.
Gavin King
>>how do I into cyberpunk? >You start by reading. A lot. >- Cheap Truth (the zine) >- everything by Wm Gibson, starting with the Burning Chrome collection and then Sprawl trilogy >- most of what Bruce Sterling, John Shirley et. al wrote >- Shockwave Rider, and Last Stand on Zanzibar >- Tiger, Tiger >- most of the early writings of Neal Stephenson >- the Altered Carbon series (if you can stomach the blood bath) With which sould I start?
Jonathan Powell
>altered carbon
The if it's anything like the netflix atrocity no thanks
Leo Torres
No, these two vms do not even have configured interface to ethernet, the literal only thing running is nmap, i meant port 80 btw, even if i target say, only port 8080, i will still get those port 80 and 443 connections, maybe its a bug? i tested numerous times and it happens in every single one
Christian Young
>tfw love cybsec >tfw live in brazil How the fuck am i suposed to even get a work here, fuck.
wish I had the patience to learn nip so I can go to japan.
Liam Young
reminder that Paypal throws internal server error on their most used API endpoint, the one that you get the oauth2 bearer token for accessing all resources
How bad is current gen wifi security wise? Should i tunnel all my wireless clients through openvpn?
Grayson James
>How bad is current gen wifi security wise? Not sure >Should i tunnel all my wireless clients through openvpn? In general you should assume everything is compromised and use all relevant means to improve security.
This isn't widely known yet, but PMCs routinely take human safari trips to places like this, instigate fights, pop a few skulls open to defend themselves, then gtfo. Sometimes there's a VIP they take a long.
Keeps the skills fresh
Henry Fisher
Who even gives a fuck, i even give kudos to these fuckers for riding the place of some of these subhumans.