/cyb/ + /sec/ - CYBERPUNK/CYBERSECURITY GENERAL

Previous threads: [ archive.rebeccablacktech.com/g/search/text//cyb/ /sec//type/op/ ]
Last thread: [72773786]
- - - - - -
/cyb/erpunk
the cyberpunk primer: [cyberpunked.org/]
The alt.cyberpunk FAQ (V5.28) [ ftp://50.31.112.231/pub/Alt_Cyberpunk_FAQ_V5_preview28.htm ]
What is cyberpunk?: [ pastebin.com/pmn9vzWZ ]
Cyberpunk directory (Communities/IRC and other resources): [ pastebin.com/AJYry5NH ]
Cyberpunk media (Recommended cyberpunk fiction): [ pastebin.com/Dqfa6uXx ]
The cyberdeck: [ pastebin.com/7fE4BVBg ]
- - - - - -
/sec/urity
The /sec/ Career FAQ (V1.11) [ ftp://50.31.112.231/pub/sec_FAQ_V1_Preview11.htm ]
"Shit just got real": [ pastebin.com/rqrLK6X0 ]
Cybersecurity basics and armory: [ pastebin.com/v8Mr2k95 ]
Reference books (PW: ABD52oM8T1fghmY0): [ mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw ]
/sec/ PDFs: [ mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkA ]
Learning/News/CTFs: [ pastebin.com/WQhRYB59 ]
FTP Backup: ftp://50.31.112.231/pub
thegrugq OPSEC: [ grugq.github.io/ ]
#! sec guide [ pastebin.com/aPr5R1pj ]
EFF anti-surveillance [ ssd.eff.org/en ]
- - - - - -
Thread challenge: Sniff your own traffic, can't spy on you if you're spying on them spying on you. [wireshark.org/]

NEW? Check the /sec/ Career FAQ and Cybersecurity basics links above. Learn to code, learn computer basics, learn networking THEN work on hacking. It's technical and hard, but fun. Want to hack now? Try Webgoat and use the cheats. Grab Penetration Testing A Hands On Introduction and see what you don't know enough about. Always use a virtual machine for reading PDFs.
Wanna be a punk? Read the What is cyberpunk? and start today!

Attached: zzz.jpg (1280x720, 314K)

Other urls found in this thread:

krebsonsecurity.com/2019/07/no-jail-time-for-wannacry-hero/
en.wikipedia.org/wiki/EternalBlue)
ipinfo.io/IP
bbc.com/culture/story/20190920-the-cult-books-that-lost-their-cool
youtube.com/watch?v=r-vbh3t7WVI
stackoverflow.com/questions/4078933/find-difference-between-two-text-files-with-one-item-per-line
forbes.com/sites/rachelsandler/2019/09/23/facebook-acquires-brain-computing-startup-ctrl-labs/
lainzine.org/all-releases/lainzine05/
twitter.com/SFWRedditImages

lainzine 5 when

Its been years.
Let it go.

please no

Attached: 1556466232191.jpg (469x752, 44K)

There's a thread up on lain dot org about it that's still semi active.
Half the posts are people offering to make the front page (logo)

Attached: 446277-angel-halo-pc-98-screenshot-playing-hentai-games-on-a-pc-98.gif (640x400, 27K)

Why is this shit any good?

I was trying to get into data science, but I think it's going to get a lot of people doing the same in the next years since it's getting mainstream.

Does it worth to get into the cybersecurity stuff? I don't know if companies here in Brazil care about it or if they require certificates like CompTIA Security+ since it's not so cheap.
It pays just like a full stack developer.

Better pic than the other threads

It's kinda cool, and zines are cool, just read some of it, you can find them online.

Idk about Brazil but in the states only large companies will hire you and they usually want you to have a military / police background

This. Thanks for using a different pic, based new op. It helps to differentiate between the threads.
Also please make last thread a link.

Can you answer me a beginner question?
How do the professional "hackers" delete their traces after a hack?

Is there a simple logfile on a server that can be altered or deleted?

do you guys think as time goes by systems will be so streamlined that hacking will become impossible? or that the integration of technology into every facet of a persons life will make it so the vulnerabilities and access opportunities will keep growing?

I don't want to sound like a dick, but if you can't discover this question yourself, you're treading on thin ice. You see, a huge number of people are smarter than all of us, you don't wanna fuck with them. Also a surprising number of vulnerable systems are honeypots, so you will have your ass enlarged in prison if you try to do some real funny shit. It's not any of my business, but I suggest you put your energies towards creating things, it will gain you popularity, pussy, and money.

To answer your question. Logs are usually in the /var directory. Depending upon what you've compromised, touched or otherwise contaminated in a hypothetical situation, the logs for that program are to be found under their respective names or directories.
This should find most of them (run as root):
>find / | grep -iP --color "\blog\b"

>do you guys think as time goes by systems will be so streamlined that hacking will become impossible?
The low hanging fruit is gone. The industry will become increasingly specialized. Skids will disappear, technology will mature. The real power to compromise systems will fall to big money, corporations, state actors. Basically groups that can assemble teams of specialized talent.

Finally machine learning and "AI" will totally blow away any human capabilities with regards to defensive AND offensive capabilities. I hate to do it, but the scene in the Iron Man movie where the good AI is fighting the bad AI to crack passes which it generates every few minutes is a close analogy.

As long as software is written by people, it will have errors, even if software has no vulnerabities, it runs on hardware that can be hacked. Even if a combination of hardware and software does not have vulnerabilities, the systems it interacts with can be hacked. Hacking and cracking will go on forever, it's impossible to consider all current and future possibilities when designing a system.

Cracking in general is a fun puzzle, it's cool to try and break into systems, try and make systems harder to be broken into, it's a cool game. user doesn't need to try to deface a .gov site or some shit, there are plenty of fun legal things to crack and hack.

No offense taken.

Thanks fren.

krebsonsecurity.com/2019/07/no-jail-time-for-wannacry-hero/

Consider this. My dude almost spent decades in prison because he made feds look incompetent, and they dug up some stupid shit he did years ago. If he had gone before a different judge who didn't understand tech or didn't give a fuck he'd be doing years in big boy fuck you in the ass prison. Only crack legal shit or you'll get shit on.

As usual big buisness kills everything fun

so they got pissed off cause he fixed one of their fuckups?

Yeah they got salty because some random guy who cracks stuff for fun fixed a giant leak (caused by the NSA en.wikipedia.org/wiki/EternalBlue) that owned a shitload of hospitals and important infrastructure. Feds can't hack shit, they just bully companies into putting in backdoors, and occasionally leak those backdoors and fuck everyone else over because lol government.

i’ve been looking of ways to get a sec clearance without one of those backgrounds and im completely lost

What are the current most popular ways to forcibly access a Wi-Fi?
Aircrack + hashcat, et c?

>install airgeddon
>deauth AP
>create wifi with same BSSID
>router login page
>"enter wifi password to confirm connection to the network"
>watch as tech illiterates fall for it

what can you do once on the network?

I'm in school for cyber security rn am I making a mistake? I have the nagging feeling that if I get a job in the field I'll end up as a glorified IT guy and bored out of my fuckin skull

surf the web

thats useful i guess

>brazil
Based, i am interested in CybSec as well and i am totally lost on getting a job in the area,
i really dont want to spend 2 years or so fixing printers.

Why should i learn 32 bits assembly if almost everything is 64 bits today?

MitM
sslstrip
driftnet
exploit samba servers not open to the internet

>brazilian cyber security
those monkeys havent even figured out physical security yet

Yep, some places here cloud computing is the next big amazing shit on technology.
We are so fucking behind, i wonder how i could get out of here without experience. Perhaps if i become good enough to find some security vulnerability someone from outside might be willing to hire me?
It doesnt hurt to dream.

>curl ipinfo.io/IP
>not simply acessing it via browser
why are wannabe hackers such niggers

I mean, people can see your IP, how do you get not arrested?

83.23.13.103
try me bitch

They COULD see your MAC address if they LOOKED for it. You can still spoof it. You would only get an IP address after connecting to the network, it would still be the network's ip (255.255.255.0) which means nothing outside of that network.
If you're really paranoid about mac spoofing you can just buy usb wifi cards second hand and change/cycle them periodically

Attached: scriptkiddie.jpg (960x591, 112K)

Books age badly: bbc.com/culture/story/20190920-the-cult-books-that-lost-their-cool
Strangely few few on that list are science fiction and none relate to Cyberpunk.

Phew.

>I was trying to get into data science, but I think it's going to get a lot of people doing the same in the next years since it's getting mainstream.
Data science is still in the process of finding its shape and form. Thus there is a lot of hype, too much buy in but not enough results. That will change. And they will still need people who can think rather than monkeys paid peanuts.

For all the talk of AI this field will still rely on human insight to set up the system for years to come. I would not worry if I were you.

Big companies will move into nearly uncrackable security, but normal people will always have free "security", preinstalled antivirus and shit data management.
Either way, people will keep releasing rootkits, hackerman programs and unpatchable exploits to keep up with the increasing mid-tier security. Maybe one day we'll reach the point where exploits become so complex you just have to fire and pray it works because you cant even read it, but thats far away.

If anything we're closer to "hacking only" hyperspecialized computers, cyberpunk-ish 80s movie hackers and electronic lockpicks than we are to the end of consumer-grade security and hacking as a concept.

Maybe do it yourself if you want it

cyberpunk is timeless

>and none relate to Cyberpunk.
Because cyberpunk has aged like a fine wine, look at all the horrible surveilance and AI shit going on right now.

That's not a beginner question by any means.

First get some information about "intrusion detection systems" and forensics. If you shat your by then, you are a smart guy. Like the other user said this isn't the nineties where nobody actually know what he was doing.

But let me answer your question.
If somebody asks you "can you hack a machine" he answer is: "can you break into a house?"
There are huge differences between breaking into an empty cottage in the middle of nowhere and the metropolitan museum.

And it's the same for computers. There is a huge difference to find some trash site on the interwebs and deface it and getting into a high-value target. The latter might require the money and manpower of a state-level operation while the former is a matter of using google. Also if you do mess with big companies they usualy seek revenge.

As to your question:
Most "haxx0rs" are getting caught because they become reckless and lure into a false sense of security..
Only one example: There were two guys in a café and they had their laptops open in front of them, doing "illegal stuff" when two undercover feds came and took the open notebook from their hands. All encyption goes to hell when you have the evidence right in your running system.


Basically doing illegal stuff today is stupid unless you are really really good (protip: if you ahve to ask, you're not). So don't do illegal stuff. But if we consider this option (theoretically) I'd always opt for the prcinciple of "defense in depth": If one layer is compromised, you should notice and the next layer is still there and so on.

how do i get really really good

Couldn't honeypots conceivably hide logging stuff going over HTTP(S) even from tcpdump as root if they use a custom kernel?

Attached: 1397689988675.jpg (550x778, 336K)

The next fields are brain hacking (anyone really things Neuralink is safe!?) and gene hacking (CRISPR/Cas9 really opens up things and DNA is just biological data storage). Chances are .mil is deep into both parts, ref. ethnicity specific gene weapons.

>anyone really things Neuralink is safe!?

Neuralink will most likely be read-only with the brain, meaning you can't write memories or send signals to peoples' heads.

You can still hack them and get all of the access tokens, secrets, and passwords off of it but that's just like hacking a phone.

We need a huge amount of research before Neuralink is writing data to brains

>Neuralink will most likely be read-only with the brain, meaning you can't write memories or send signals to peoples' heads.
That is what they say, for now. FB has already stated they are looking for two way communications. I guess that will be ads straight into the cortex.

>We need a huge amount of research before Neuralink is writing data to brains
True, thankfully. We just don't know how quickly that will be covered.

>look at all the horrible surveillance and AI shit going on right now
Can it get too worse?

first thing you do once you get in is disable as much logging as possible. pipe anything you can't disable to /dev/null with a symlink etc.

Practice, same as everything else.

>Neuralink will most likely be read-only with the brain, meaning you can't write memories or send signals to peoples' heads.
It's designed not to be read only. Watch the entire Neuralink talk, don't read articles about stuff like this.

It's not read only, but that doesn't mean it can "write memories" to your brain. It's nowhere near high enough resolution, they're testing connections that have a MAX of 3k electrodes. Further more, it's nowhere near granular enough to detect individual neurons firing, it only detects firings of groups of neurons. It's unclear what can be done with this technology because we simply don't know how the brain works, but people aren't going to be downloading thoughts and memories and stuff.

>Can it get too worse?
The question is instead, can we keep it from getting worse?

why were they in a cafe

can you link the talk

Literally just googled neuralink talk but here you are youtube.com/watch?v=r-vbh3t7WVI

If you want to avoid the memes that the media latched on to, skip until after musk is talking.

im too rich to google my own shit, thanks anyway

A professor has a website for her course and has a word generator for a prompt, I want to get access to the txt file that has all the words that can be generated, I don't want to change it, I just want to read it
I saved the webpage just to get around the dynamic scripts, I found a js script link to "./name with space--_word generator_files/saved_resource(1).html"
and there's a near duplicate ending with "generator_files/f(2).txt"

I tried just copying them into the url after the root page and every directory up to the page, but even without spaces in the src path it wouldn't load

Hope I don't get into a car crash and have neuralink scrape my brain or cause a leak of cerebral spinal fluid

Does the prompt update when you access it? Just run copy the output with wget or whatever a few thousand times, then remove duplicates.

It's a text prompt not like a computer event, the dynamic parts are just body text, I don't see anything in the document about when the output of the script is written to page html, the structure is constant, certain words change each time you refresh the page, the only things you click just either refresh the page or take you to another page.
I don't want to fuzz the domain, and I don't know enough regex to pick out the particular words.

oh fuck i'm fucked... fuck fuck fuc....

>the dynamic parts are just body text
This is what you would like to read, correct? The dynamic parts?

>I don't know enough regex to pick out the particular words.
Essentially all you would do is make copy the whole page, remove duplicates, then create another text file with the static content, compare the two files and only keep the unique content. It's very very easy to do this in bash with grep.

What you are asking otherwise is how to gain access to a file that you don't have permissions for, assuming >generator_files/f(2).txt
Is that file, which it probably is. Essentially what you're asking then is "How 2 hack pls", which is better covered by the OP (and again, if you do manage to succeed it's very illegal and you will go to prison because lol cybercrime).

stackoverflow.com/questions/4078933/find-difference-between-two-text-files-with-one-item-per-line

This plus the man page for wget and a basic understanding of bash should be enough. If you actually manage to get a text file of whatever size containing all of the info I can help you sort it out, as long as the information you need is contained somewhere in a file on your computer it's easy from there regardless of how big that file is.

>Essentially all you would do is make copy the whole page, remove duplicates, then create another text file with the static content, compare the two files and only keep the unique content.

I read through this an realized it might not be clear exactly what I meant. If you have access to this information in a form that isn't useful to you (the text with the words you want in it) it's much much easier to try and process this information into a form that you DO want, instead of trying to break into something else. Hacking (imo) is about finding cool solutions to problems, not everything has to be hit with a hammer.

What I mean by the actual solution, is that if you can create a text file which is a thousand, or ten-thousand iterations of the full prompt (by pulling off of the webpage with wget or whatever you want), you can then.

1. Remove all duplicate strings, leaving you with one of each word.
2. Make a copy of everything in this

>the structure is constant

in a separate text file.

3. Compare the two files you've created, one with a every string contained in a thousand iterations of the page, and one with every string that is constant between multiple iterations of the page. The strings (in this case words) that are in one file, but not the other, will be the list of words that you are looking for.

Is it often that someone gets hired for purely web application related security positions (pentesting etc)? I want to learn more about breaking web applications in the future (I'm currently learning how to build them) and curious what the job prospects are and if I need to know more than just breaking into web applications if I want to get into the security industry.

I guess I'll just have to do that, their wp-content/uploads etc directories are all open, was just hoping I could find the particular txt file, you can find old recordings over the last 6 years, even with site: filetype: search on google, just not this particular txt file. Thanks though.

>Hope I don't get into a car crash and have neuralink scrape my brain or cause a leak of cerebral spinal fluid

They are pretty thin and easy to remove, so it's unlikely they'll be able to scrape your brain. Considering it's a car crash with a head impact, you have bigger things to worry about like your neck being broken.

Otherwise, enjoy wearing a helmet for the rest of your days :^)

Attached: 1405365484997.gif (500x452, 39K)

>finally get job as security dev
>fucking company has me doing front end

At least I have a team to manage.

how much do you get paid

I'm sure they exist but you're more likely to get a job if you know more about pentesting. Web apps are just one stop along the way.

I know there's people that do that specifically, I just haven't seen jobs posted that only request that. They usually require general pentesting skills as well.

That shit fucking SUUUUUUUCKS

Fuck that company but at least it's a job

If they don't move you to something more relevant after 6 months, I'd start looking for something else. They lied to you if you don't do security work

Attached: 7rxthjtu14k31.jpg (1033x1292, 156K)

how do i work on pentesting skills

I forgot to mention, if you can get your own reputation via bug bounties or CVEs, you can probably make your own job and do only web app pentesting

It's not a short road though

Attached: 943408_391800514261873_1981716387_n.jpg (480x640, 72K)

i've never heard of someone going after bug bounties

my friend is doing it lol

why not

idk it just never came up

google anti-forensics

Just do ethical hacking in HackerOne

every job gets boring and repetitive even hacking. it's still a job even if it's fun and interesting. writing reports is ALWAYS boring, but the most important part.

lotta ms office is 32 bit. lotta legacy systems. eternalblue was 32 bit.

I actually managed to find the txt file but it seems to be 70k characters of what looks like javascript rather than a list of words, not really sure what to do with it

thanks for the reply, infosec fascinates me and I'm excited to get my foot in the door, just a bit nervous that the actual work will be much less rewarding and challenging than the studying has been so far. definitely gonna stick with it though

is there a market for writing reports for hackers? that actually sounds fun to me and a good way to learn stuff while I'm still a newb

What's a reverse shell?

llehs

Is there a rate limit on how often I can wget a page before it might be considered a ddos?

why do it from your apartment

so someone won't just walk up to you and steal your lappy

We got the FAQ going only the last few years, so why not also this?

Also don't underestimate the importance of a theoretical foundation.

if you're doing it from one computer, it will never become a ddos

pedantic shit aside, if you're actually concerned you might denial of service the website by wgetting it (ie the server is being run from a raspberry pi or a smart fridge) you could space out the wgets by a second or so

Attached: hqdefault.jpg (480x360, 18K)

it won't be a distributed denial of service if there's only one system doing it
in terms of rate limiting, it all depends on the individual remote web server or any reverse proxy in front of it

>True, thankfully. We just don't know how quickly that will be covered.

FB just acquired a new piece of the puzzle

forbes.com/sites/rachelsandler/2019/09/23/facebook-acquires-brain-computing-startup-ctrl-labs/

Attached: 45178698.png (519x564, 153K)

People will no doubt queue up to get this implanted in their brains. What could possibly go wrong?

How far has he come?
One user said he used the FAQ to make zines, same guy?

Start reading it now. Idk if it's the official one but from the neocities site:
>Works completed in the PDF are bold. We have completed 5/8 pieces for the final release. Thank you for staying with us so far!
lainzine.org/all-releases/lainzine05/

Attached: what.jpg (560x371, 42K)

Hey... guys. Let's let Mark Zuckerfuck IN OUR FUCKING BRAINS.
>hehe, what could go wrong.
That's the sad part, that people will queue up like Apple store linueps for this shit.

Is fedora a good distro to begin my cybsec studies on?

So, only a bit on growing mushrooms (of all things) is missing??

>Is fedora a good distro to begin my cybsec studies on?

yes and no. in reality it doesn't matter what OS you're running for your 'studies', however consider using something locked down and secure, like run your studies inside a VM or on a dedicated machine with/-out internet access. most tools these days are on github, so your OS really doesn't matter at all.

>run your studies inside a VM
Thats the idea, any tips on hardening fedora on vmware aside from the basic shit(no shared folders, clips etc)

Nope.
It's the ones in BOLD that are done, not the ones that are clickably purp