NEW? Check the /sec/ Career FAQ and Cybersecurity basics links above. Learn to code, learn computer basics, learn networking THEN work on hacking. It's technical and hard, but fun. Want to hack now? Try Webgoat and use the cheats. Grab Penetration Testing A Hands On Introduction and see what you don't know enough about. Always use a virtual machine for reading PDFs. Wanna be a punk? Read the What is cyberpunk? and start today!
is kali lunux useful or do people have defenses against it
Gabriel Foster
i always set command prompt to color 02 before using it
Alexander White
Whats a good hacker phone that is available to purchase today?
Evan Jenkins
iphone 11 cause they’ll never see it coming
Andrew Harris
How do i install Linux on it?
Xavier Green
google the gravytrain method
Easton Morris
fuck you pleb scum get rekd
1st for parrot os
Isaiah Morris
>kde >mac-style window decorations >green terminal font Dropped
Hudson Parker
today is finally the day i stop being lazy andd start clicking some of the link in here
Connor James
burner phones paid with cash. swapping sims is also not a good idea
Hudson Price
>burner phone im not trying to deal drugs, im trying to do pentesting >swapping sims what do you mean?
Grayson Rogers
the one from watchdogs 2 is pretty good been trying it out lately
Jaxon Adams
I configured Burp Suite correctly but it still blocks me sometimes, why? Here are my steps, i use firefox: 1. Go to about:preference General -> Network Settings 2. Configure http proxy to use 127.0.0.1 on port 8080 3. Go to Privacy&Security->Certificates-> import burp cert i get from localhost. It worked for some time, but then i closed burp suite, rebooted browser, and now i cant request any website until i change proxy settings to automatic. Whats going on?
Hunter Perry
Once again, don't forget to join #cyber:halogen.city if you're using Matrix.
Okay I only know python 3 and some basics of the command line, is bandit overthewire a good place to start?
Evan Taylor
Why does the general say to always use a virtual machine when reading PDF's?
Brody Gutierrez
i tried and it didnt work reeeee
Juan Ramirez
I have the same question
Bentley Miller
2020s are definitely going to be the decade where cyberpunk becomes undeniable reality. This whole situation with rms stinks of a corporate attempt at trying to end independent software.
How would I set GCC (6.3.0) to compile a program vulnerable to a buffer overflow? -fno-stack-protector seems to do nothing, -fno-stack-protector-all isn't recognized as a valid command and I can't find any other flags, I know some sort of protection is in place as the assembly dump of the binary is around 110 lines, (older GCC produces ~70 lines) and none of the optimization flags seem to do anything either. This is driving me insane as I've spent more time trying to get GCC to produce a vulnerable binary than it would probably take to exploit it.
why would u ever want to do that try this though -fno-stack-protector -z execstack makes the stack executable too if that's what you're after otherwise im not sure what problem you're having. is ASLR/PIE getting in your way or DEP shouldnt be a bother disabling security features if you need to. but in all honesty. its more fun to exploit stuff with those things enabled
Hunter Ward
See
Justin Reyes
i didn't know rms had advocated for child porn and abolishing age of consent laws. that's really creepy.
Grayson Turner
Did we conclude on a possible need for a Crypto FAQ last thread?
For your own good, user. Change starts when you start changing.
Sebastian Gutierrez
ASLR and PIE are all disabled, -z execstack doesn't seem to fix anything, and the compiled binary is the same with or without -fno-stack-protector. (Same hash) >it's more fun to exploit stuff with those things enabled You're probably right, but I have to walk before I can run
Robert Jenkins
>swapping sims Don't use different sim cards on the same phone, your IMEI doesn't change >i need a phone for pentesting Does social engineering count? no? Get any rootable phone, put Termux on that bitch, voila!
Luke Martin
how worried should i be about this?
Daniel Taylor
install Qubes :^)
And not very, unless you grab a lot of PDFs from dubious places. For effectiveness you can preemptively upload them to Virustotal prior to opening, if no sensitive shit is in there of course.
Cameron Butler
I pirate all my books Fuck am i screwed even if i use linux?
Hunter Ward
PDF readers available for Linux are okay, if vulnerabilities are found the developers are usually quick at patching them and the fixes come downstream as soon as possible. Update often with your distro's package manager. What's left are potential 0days in those readers. Statistically, PDF malware is usually intended for Windows users or it's highly targeted as part of complex attacks. Nevertheless if you are worried you can at least scan the books with ClamAV which only takes a few seconds.
My source for books is MyAnonamouse, I've downloaded heaps of them and never found any malware.
Jason Williams
Thank you user, i was having a panic attack
Hudson Stewart
>clam av are you joking
Jeremiah Barnes
>you can at least scan the books with ClamAV which only takes a few seconds I wouldnt trust clamAV scans, it fails to detect many exploits.
Most of these "learning materials" is paywalled garbage. Fuck you and fuck your cunt of a mother. This is not a place for shilling data mining paid shit. Fuck you
Jordan Murphy
>Most of Who cares as long as some are free?
Isaac Myers
What are the best beginner-level programming books if I'm only interested in programming for /sec/ purposes?
Say i have a server on port 80 ok, how to avoid it getting scanned/exploited by blackhats or pentesters? I mean i NEED it to be open, is there any rule that can mitigate scans on server ports?
Tyler King
best books for OS/Kernel and exploiting them?
Angel Robinson
Look into port knocking and SPA. Or combine those with SSH.
Luis Foster
always use a host-only virtual machine. snapshot before opening any files then snapshot after if you want to analyze system changes. linux is not magic.
Brody Morris
Which ones are paywalled?
Christopher Carter
Seems to be down while he’s working on Vol 2 of the zine
Landon Robinson
Penetration a hand on introduction is suped outdated and the configurations used are no longer available. Someone update this fucking OP already. You could recommend The Basics of Hacking and Penetration Testing instead.
John Stewart
I'm on halogen but I can't see #cyber...
Jack Williams
>The Basics of Hacking and Penetration Testing year of publish: 2011 >Penetration a hand on introduction year of publish: 2014
god you are retarded
Nicholas Torres
Yet the former is less outdated.
Ayden Reed
how can you be claiming that unless you have been in the industry for a while? yet you are reading beginner books....
Jace Scott
>do people have defenses against it It's a freely available toolkit for penetration testing. What the fuck do you think?
Ethan Reyes
kali is just a distro. the tools on it are useful and the techniques they use are widely known thus detectable.
Kayden Price
This is the dumbest thing ever, if you're good enough to use the kali tools you're good enough to get around detection.
Would reading Operational systems be better before reading these since i would have a basis of how they work?
Kayden Collins
yeah, but it's dry theory about things like semaphores, virtual memory management and scheduling algorithms. if you want to hack NOW then read bug hunter's diary and fill in the blanks as you go. if you want to be a good hacker then read the internals books. bochspwn is a good resource for real world hacking.
Anthony Turner
ha, I was right by that bar in Bangkok recently...story behind the pic?
Wyatt Ortiz
And what do you think the world is full of my guy? Do you think there's an over abundance of quality programmers right now with diversity hires everywhere? It's easy pickings if you're good
Colton Cook
I dont mind reading more to have a more complete base.
Parker Walker
Not even this, many networks are insecure because the admins have to make the sec lax because muh security makes shit slow and muh i cant acess facebook.
Nicholas Morales
Sorry to use this venue This is the model in application for the current marijuana sector being developed. youtu.be/jVUBeKkx83A
We start at the 18th second, with the clarification "I Am Cancerous" for investment firms.
As you can see the role model, being Eminem, to spread the smoke weed every day movement, which is already known to cause cancer significantly by the system.
Bob Marley's official cause of death was the spread of melanoma to his lungs and brain. The hereby referred to as "M&M's.
The plan, in coda, also stipulates that there will be lawsuits filed to keep anyone attempting civil action at bay like with the tobacco industry.
Thank you for your consideration.
Ayden Ramirez
second for MaM, never had an issue with any file from there...
Camden Green
The 2nd edition came out in 2013 and the instructions it gives are still doable today you fucking mongoloid.
Connor Baker
Are there any jobs for freelancers in cybersec or is it corporate only?
Leo Clark
yes, there are jobs for freelancers, tend to be called 'contractors' here in the UK...not sure about wherever you are...
Robert Adams
where can you find tools that undetectable then
Elijah Foster
you make them custom for each job...
Charles Price
Would be interested in freelancing because of the geographical independence
Aiden Hernandez
you have to read a lot of conference papers and do original research. read the source code for tools and play around in virtual machines so you understand what artifacts they leave behind in memory, on the network, in log files and on disk. everything is detectable, but detections aren't written or deployed for everything.
Ryder Peterson
Know how to effectively use the tools at your disposal, know how to code in case you need to whip something up to get into a system. Hands on is the best way, setup a victim box and then your hacker box and attack it. Make sure you don't fuck up your parents computers
Jordan Martinez
ok...so you want to travel for work?... I'd recommend thinking about specializing in something useful the world over that pays enough to live the volatile lifestyle of someone with no regular income... I travel worldwide as a specialist in my field (not cybersec) as a trainer and sometime consultant...however, I have a full time paid contract with a company in the UK so wherever I go I get paid enough to live well...as well as all the other benefits...sick pay, holiday, insurance etc...
Jaxson Turner
A great free way to stretch your legs in this if you haven't done it before is to go to hackerone and do their capture the flag, it's free anyone can do it and you're allowed to use whatever the fuck you want without fear of prosecution
Ian Hernandez
Whats the best way to simulate how would a real atacker scanning and trying to break into your pc over the internet?
Logan Adams
>scanning and trying to break into your pc over the internet? I think you need to read a bit more...or hire a pentester.
Aaron White
they would poison your dns or send phishing messages to you. very few use router bugs and os network bugs.
Wyatt Cruz
>its impossible to invade a pc over the internet spotted the retard
Chase Campbell
didn't say that it was impossible...the retard assumes so much
Aaron Walker
The best way as in the safest way? The safest way is to isolate the two machines to a network and try to do the attacks on on it.That way you don't accidentally attack a box in the network you didn't intend. Know the IP address of the machine is a big cheat help when doing lab. For instances, I have a victim laptop running Mint with a Virtual machine of Windows 7 so I can try out Double Pulsar and Eternalblue
Levi Harris
The point would be to not move at all, and work remotely, get my own clientele, etc. But so far what I see is that customers prefer big companies in this industry. Wouldn't want to go into this field without knowing that you can make it as a "renegade"
Justin Walker
Just go on hackerone and follow the rules
Camden White
well...all depends what you know...do you have any specialist knowledge/experience? Doesn't all have to be in the same field, in fact, combining disciplines is a good way to make yourself valuable. If you are working remotely...why do you care who you are working for?
Adrian Ross
Because he doesn't want to give the glowniggers more than they already have, I also do not want to help the government but instead exploit them
Xavier Jenkins
lol...good luck finding a job then...what you are talking about isn't paid work. You could get a job with a consulting firm for experience then branch out on your own...at some point you'll probably be offered a contract you dont really want to take for the given reasons of 'glowniggers' and 'gobernment' but you're poor and you need the money...
Ryder Myers
Currently I'm workingin enterprise level networking, but have thought of branching out to security, but as it is kind of a high investment area (time and energy wise), i'm reluctant. I'm also much into marketing, but would rather have a cybersec business and deal with that (which i feel like i would get more passionate about) rather than becoming the next learnhowtodomarketing guru
Xavier Morales
well there it is user...spend time and energy in your prime to gain freedom and happiness in life
or just stay slow and take the easy bucks...enjoying the now...
its a decision no-one can make for you and whichever way you choose there are pros and cons...good luck!
In all seriousness, do you know anyone in security/cybersec? go speak to them, get them to find you work/a position. 'having a cybersec business' doesn't just happen
Grayson Collins
I actually don't know anyone who started his own sec business at all
David Evans
its a world you need a leg up in...no one will trust you out of nowhere... go work for a big firm so that you can list the clients you have worked with and talk about X years experience. Smaller businesses will like the kudos that gives but prefer your customer service (unless you are a sperg), lower prices and flexibility...
Jeremiah Campbell
I'd rather starve on the street than take money from the trash American government, I fucking hate everything they have become
Justin Peterson
Are there any modern laptops that come stock with wireless cards that can switch to monitor mode?
Leo Ortiz
I guess you could always leave the country if its that bad...where would you prefer to live?