NEW? Check the /sec/ Career FAQ and Cybersecurity basics links above. Learn to code, learn computer basics, learn networking THEN work on hacking. It's technical and hard, but fun. Want to hack now? Try Webgoat and use the cheats. Grab Penetration Testing A Hands On Introduction and see what you don't know enough about. Always use a virtual machine for reading PDFs. Wanna be a punk? Read the What is cyberpunk? and start today!
Using ProcDump, ProcMon and mimikatz to find NordVPN credentials in memory. PROTIP: don't use Local Machine for DPAPI protection of secrets. AES and PBKDF2 are fine tho.
malware that splits itself into multiple base64 pieces then reassembles and decompresses before loading a dll. it uses [System.Reflection.Assembly]::Load($obj) to load the dll then uses [custom.type]::method() syntax to call dll functions.
Benjamin Jenkins
The foundational books in the genre involve cybersecurity.
Aaron Wilson
I have no idea what this means but I want to learn how to write shit like this. where do I start? Should I learn programming first then learn the inner workings of windows after?
Assuming a firewall was configured by a sane human person the literal only ports that will allow scans with nmap will most probably be ports with services who absolutely NEED to allow incoming conection. How am i suposed to scan other ports then, is it impossible or are there tricks to bypass the policies?
Thanks, i was wondering for a while, is the NMAP site enough or should i buy THE nmap book?
John Roberts
Liveoverflow on yourube
Grayson Johnson
Networking fag here, applying for a SOC job and the interviewers are russkies. What should i expect bros, first time applying for cyber security job.
Michael Martin
powershell and .net stuff allow this. base64 encode/decode is usually included in most default scripting language installs. reflection is a powerful capability of some programming languages to self alter their code in memory. raw 16 bit real mode dos code could do that and anyone who knew c and assembly could figure out how.
breakdown of the ios exploits that went undetected for 2 years. very good stuff.
Nathaniel Lopez
What's so insecure about ftp? Is there a new CVE out for the entire protocol or something?
Dylan Barnes
Allows for collecting of metadata plus full contents of file transfer. Can be MITM'd and is deprecated outside corporate intranets for said security issues. HTTPS post requests allow for uploads as well. Using a protocol that doesn't allow you to verify you are talking to the server you want to makes it trash.
Im looking for an archive of leaked user databases, preferably raw (not cracked). I want to train hashcat data sets/masks. Any one have a link or general directions?
Joseph Brown
I have. But I don't wanna share it. you can google it. if you can't, then this is not your place.
This actually helped. I apparently started my search with bad terms. So I started to explore .onion which led me further down a wrong path. re-evaluated my search terms and started clean. Thanks.
Evan Scott
will --script "not (broadcast or brute or dos or fuzzer or intrusive)"
do what I mean in nmap?
Ryan Smith
nmap site is great, no need for a book
Ian Barnes
People who are into /cyb/ are in my experience not barbarians, And that movie was a giant embarrassment. Just who thought that speed hacking while being "aided" by Halle Berry was a good idea!?
Austin Parker
My point is that Jow Forums is for Jow Forums things. Fictional entertainment stories don't help you secure your system and they aren't Jow Forums.
Cameron Edwards
>what are logical operators user please, it literally means what is written there TO NOT USE (stuff in list)
Caleb Roberts
can anyone help out a broke user and share Giac GCFE materials with me?
Nolan Morales
You have missed out on a lot if you think /cyb/ Is literature only (and you posted a movie poster). Rather it is about thinking about where we are and how we can get forward and advance things.
People who just think about tech without considering the inevitable implications gave us the massive botnets like FB etc.
Matthew Morris
Base64 is too easy to detect via regex. When I code my malware, I prefer to use for with a 32 bit key.
Austin Barnes
what's more cyberpunk then a l337 h4x0r hacking the planet?
Jaxon Parker
C
Lucas Sanchez
hashes[.]org there was a torrent on tpb called PUBLIC DATABASES can never get on tpb these days and i don't think it has seeders but i will upload to mega if ppl interested older sources but wordlists you probably need blog.g0tmi1k.com/2011/06/dictionaries-wordlists/ wiki.skullsecurity.org/Passwords it used to be so much easier to acquire DBs, you can mostly get them from RAIDforums. try to download ldick.tar. when infintechan was around /baphomet/ was the place to go to find leaks. i bet archives would be good source. good luck i doubt i have what is talking about though unfortunately.
Levi Young
ITT: People who do not comprehend the difference between CYBERpunk and CYPHERpunk
(cipher as in cryptographic primitives)
Jonathan Edwards
python or C# are easiest but easily reversable for pentesting that wont matter anyways theres lots of sources where you can get sample malware from so id start there anyways
Ian Ward
Cyberpunk is basically the use of IT to overcome the "system" pretty much all cyberpunk plots involve some combination of hackers, AI, and massive corporations. it's about the relationship between low quality of life and high tech and the things that spin out of that. cypherpunks are under the subset of hackers, they're just a specific type. hackers are cyberpunk therefor cypherpunks are cyberpunk. look at bitcoin the cypherpunk holy grail, that's incredibly cyberpunk in it's nature. hacked together by some pseudonymous person (wei dai with a help from hal finney and a couple other guys) to fight massive banks after greedy wall st players bet on horrible loans and crashed the world economy. that's a cyberpunk plot if u ask me. now 3rd world countries use it to subvert massive inflation. low quality of life, high tech. cyberpunk is more than just a sciencee fiction genre dressed in japanese aesthetics and synthpop. we're living in a cyberpunk world.
What's the deal with all those laser pointers? Do they try to mark targets for drones or damaging the eyes of the protesters?
Levi Torres
You can always obfuscate Python scripts with some success and package them for different platforms, but C would be the fastest for ransomware. I think some Python crypto libs are built in C though so it almost doesn't matter. All code can be reverse engineered.
Thomas Bailey
this is in hong kong, china has heavy surveillance and makes use of facial recognition technology. they use the lasers to fuck up the cameras and to deter police and bystanders from taking photos.
>Cyberpunk is basically the use of IT to overcome the "system"
Yes I know all that. Cyberpunk is just high tech low lives. It is more about how technological advances can outrun societal improvements by far.
The focus lies more on excessive globalism, cleptocracy and corporations repalcing governments more and more. CYBER is not about security, that is what CYPHER punks are all about.
CYBER is more about cyberspace and VR. Think of TRON, Ghost in the Shell and Neuromancer. CYPHER is crypto nerds.
>look at bitcoin the cypherpunk holy grail, that's incredibly cyberpunk in it's nature. hacked together by some pseudonymous person (wei dai with a help from hal finney and a couple other guys) to fight massive banks after greedy wall st players bet on horrible loans and crashed the world economy. If you actually believe that you are crazy. Cryptocurrencies are a pyramid scheme worse than anything. Manipulated by the people that amassed the most coins before the average joe got on the bandwagon: twitter.com/whale_alert/status/1169815776733220866
>cyberpunk is more than just a sciencee fiction genre dressed in japanese aesthetics and synthpop. we're living in a cyberpunk world. I'm not saying you are wrong, but essential cyberpunk is more about society and tech than security. There are no ice-breakers, barriers, cyberbrains and no virtual reality version of the internet. There are no shadowrunners making heists on megacorps like google and facebook. It's all entertainment.
Brandon Anderson
Thanks for the link. It sucks that everyone and his mother is pro camera surveillance. I never really realized until the snowden leaks that camera surveillance is like a time machine for anybody in power. Whoever will rule a country or region in 20 years from now can look back like a god-like demon while we here and now are neither able to predict the next election nor what powerful parties will exist in 20 years. It's somehow weird people aren't nervous (at least a little bit). You can get take a photo of a random someone in a european city and that person will likely be confused or angry but he will not even think about the fact he's monitored via CCTVs the moment he leaves the house. Sad somehow.
Samuel Moore
I'm a different user, but if you enjoyed that you may like this as well:
First China, next the U.S. Beware of these doorbells, they are wired to an Amazon cloud used by cops
Henry Bailey
>people actually replying with anything but assembly Yes, no one ever wrote a malware in this thread.
Jackson Butler
hello glowie
Liam Miller
Thanks. I live in euroland but the ring shit is present here too. Flooding the market if you want. I don't know why but the socities somehow lost their intrinsive survival mechanisms like in 1984. If I talk to old fags (like 70+ yo) they tell you it was normal that despite your position in the society you had something like a partnership with people. Like a common sense for dangers to the society. Installing a mechanism for whoever might be in power to purchase or access the data of our everyday lives would be considered a danger. But people nowadays seem quite isolated when it comes to perceptions and conclusions.
Blake Green
East Germans and Russians will relate as well. The KGB, Stasi and other agencies were still active just 32 years ago. Humans have an extraordinary bad memory for past mistakes. You'd expect some Zoomer kids listen to their parents. In the GDR a police van in disguise could pull up and put you in the slammer for the spoken work. I expect this to be no different in old Russia.
>But people nowadays seem quite isolated when it comes to perceptions and conclusions. They are all fucking high and dull from social media. Narcissism and hyper-inflated egos only caring about themselves and their e-idols.
Christian Nelson
>for the spoken work word*
Levi Martinez
>>look at bitcoin the cypherpunk holy grail, that's incredibly cyberpunk in it's nature. hacked together by some pseudonymous person (wei dai with a help from hal finney and a couple other guys) to fight massive banks after greedy wall st players bet on horrible loans and crashed the world economy. >If you actually believe that you are crazy. Cryptocurrencies are a pyramid scheme worse than anything. Manipulated by the people that amassed the most coins before the average joe got on the bandwagon: >twitter.com/whale_alert/status/1169815776733220866 That's one of the biggest mistakes people make when they divedeeper into that crypto thing. I'm not advocating the use of coin xyz or so but bitcoin and most of its derivates (from a technological point of view) allow a majority of users to directly control the system. This is a feature the usual monetary systems do not have. Take the euro zone and the EUR for example: Even if the majority of the citizens wants to stop negative interests rates then it would not be possible to achieve that. (Theoretically we could all vote 'correctly' to achieve that goal.) The insitutions are hard to overcome in that point so if they decide it's necessary to establish negative interest rates, print money and on, they can do it because our consensus mechanisms are not fast enough to stop them. That's what I meant with theorectically. The majority of users of the euro can't do what the majority of bitcoin users can do: establish a state through consensus. Although there a whales causing enormous movements with their bags they can't control bitcoin cause the majority could come to the conclusion "these coins are invalid". The consens would be to not accept the whale's coins anymore what effectively renders them useless. I forgot what my point was so I stop writing anymore nonsense here...
Ian Cox
>The consens would be to not accept the whale's coins anymore what effectively renders them useless. You don't understand how the blockchain works then at all. If you can manipulate transactions and refuse certain people to be part of it, it goes against its very concept.
Such a manipulation only is possible if you have enough computational power to fork. But then it would be controlled again by the 51%.
A whale sure as hell can cause prices to dip or get pumped. He just needs to move money from let's say bitcoin to ethereum or vice versa.
Cryptocurrency is a pipedream of being free from International Monetary Fund, whilst you just surrender yourself to a different elite controlling the crypto market. Most people who shill cryptocurrencies just have massively invested money in them and wait for their chance to cash out before the bubble fully bursts.
Friendly reminder: At the current transaction speeds per second, the system will bottleneck so hard, no one of the average Joes will be able to sell their coins when they drop into double digit dollar regions.
Are we cyberpunk now, cypherpunk or coinpunk? Because I am missing the security and tech right now. smells too for my taste, my whole point was that only cypherpunk truly is about security cyberpunk is entertainment cryptocurrencies are a ponzy scheme
Jacob Carter
next time let's make a /sec/ general and leave these cyberpunk faggots out
Landon Jones
Word!
Matthew Johnson
Does anyone know of any good resources for tips on documenting and evaluating a (large) enterprise's data security processes/procedures?
Zachary Jackson
Facebook said that they are working on an algorithm that can identify whose phone was used to take a photo just by analyzing the scratches on the lens, so if you are with X person and he takes a picture of you or a scene (like a lot of people takes pictures on the same place) it will know that you were together just by analyzing those parameters, but they said they are just making it for "experimentation" and don't plan to use it
Evan Johnson
We have two different conceptions of "the majority". Yours: >50% of the COMPUTATIONAL POWER of the network which enables the majority to temporarly accept transactions. Mine: >50% of the PARTICIPANTS of the network who can split fork from the chain. Thread closed. I won.
Adam Stewart
have you used nmap or lua?
Carson Davis
How can i check what rules are active on my pfsense?
Jaxon Bailey
Emergency cyberbump
Lincoln Gray
Just managed to solve reloader(e)d from flare-on. But the anti-debugging techniques went above my head, I attached my debugger when the binary was reading the input and judging from the state of the process, I already triggered the detection by then.
Can anyone point me to some resources explaining what happened?
Jaxson Garcia
What's the most cyb OS?
Aaron Long
any OS made for pentesting/hacking
so basically parrot or kali
Colton Clark
Kali has too many tools, which do the same fucking thing, its literally bloated as fuck
Nathaniel Turner
>which do the same fucking thing,
if one doesnt work having another tool might be good
dont see an issue with this
William Rogers
Yeah one would think that but it really doesnt work like that, here i have the best bruteforce tool, and then i have the 2nd best, problem is, i will literally never have to use the 2nd best. It is simply not worth it, i'd rather have a normal distro of choice and pick my tools of choice.
Nicholas Thomas
build your own kali then
you can do that you know
Cameron Gray
Thats what i am saying, tough i'd rather just build my own debian.
Easton Watson
why do that when you can just build a custom kali and remove the shit you don't want
or use the light version
Jaxon Reyes
Because i dislike kali on a base of principles.
Kayden Brown
what principles would those be?
Kayden Davis
>using kali You guys know that kaliOS signature is blocked by any non nigger security admin right?
can't seem to find anything on google. how exactly are you blocking things from kali specifically? The packets and frames are just packets. I don't know of any way to selectively block traffic from a specific operating system.
Carter Hernandez
>you can google it Looks liek this is not your place as well.
Lucas King
>I have. But I don't wanna share it. This attitude is pure trash. Even in the most elitist communities, they point a new user to a man page, a search query, or even a fucking keyword. You anons relied on the knowledge of thousands of others to get where you are, you should keep that in mind when you're in the position of potentially helping someone new.
Luke Morris
Anons I have reason to believe that someone had covert access to my phones microphone and camera and was using it to spy on me
This person came into my convenience store every single day. Regular customer. Over the course of some months he started to say things to me that he should have had no knowledge of. At first it was brushed off as strange coincidences but then he kept getting more and more specific to the point that he is either a full blown psychic or the realistic option was that he was stalking me thru my own phone.
It came to a point of absolute harassment and that’s when I started telling people. My gf, my family, my friends and lastly my coworkers, boss, and district manager.
Just like that this fucking faggot stopped coming into my store
Apple won’t provide me with evidence so I can press charges. Neither will Verizon. What can I do?
I have a vpn now and went thru all the settings in my phone. The guy has completely left me alone now, ghost.
Still I need to get to the bottom of what happened
Henry Foster
Help
Connor Adams
Maybe he was a magician from another world testing you to see if you are worth getting isekai'd, you failed the test congrats user
Anthony Brown
That's called schizophrenia user. He wasn't a real guy.
TO SOLVE THAR PROBLEM YOU CAN DO 2 TASK, DISCONNECT FROM THE BOTNET, I MEAN, THE INTERNET, OR GO TO THE COURT AND MAKE MONEY :) OR ALSO YOU CAN BECOME A HACKER AND SECURE YOUR ELECTRONICS :)
base64 is used all over the web for a lot of legit things so just using it probably won't set off too many alarms. all it does is encode 3 arbitrary bytes into 4 alphanumeric bytes and you can use a custom base64 scheme. megabeets.net/xor-files-powershell/ works for xor stuff.
