NEW? Check the /sec/ Career FAQ and Cybersecurity basics links above. Learn to code, learn computer basics, learn networking THEN work on hacking. It's technical and hard, but fun. Want to hack now? Try Webgoat and use the cheats. Grab Penetration Testing A Hands On Introduction and see what you don't know enough about. Always use a virtual machine for reading PDFs. Wanna be a punk? Read the What is cyberpunk? and start today!
I was trying to get into data science, but I think it's going to get a lot of people doing the same in the next years since it's getting mainstream.
Does it worth to get into the cybersecurity stuff? I don't know if companies here in Brazil care about it or if they require certificates like CompTIA Security+ since it's not so cheap. It pays just like a full stack developer.
Julian Torres
Better pic than the other threads
Nathan Lopez
It's kinda cool, and zines are cool, just read some of it, you can find them online.
Tyler Moore
Idk about Brazil but in the states only large companies will hire you and they usually want you to have a military / police background
Asher Morris
This. Thanks for using a different pic, based new op. It helps to differentiate between the threads. Also please make last thread a link.
Austin Jackson
Can you answer me a beginner question? How do the professional "hackers" delete their traces after a hack?
Is there a simple logfile on a server that can be altered or deleted?
Jeremiah Perez
do you guys think as time goes by systems will be so streamlined that hacking will become impossible? or that the integration of technology into every facet of a persons life will make it so the vulnerabilities and access opportunities will keep growing?
Brody Smith
I don't want to sound like a dick, but if you can't discover this question yourself, you're treading on thin ice. You see, a huge number of people are smarter than all of us, you don't wanna fuck with them. Also a surprising number of vulnerable systems are honeypots, so you will have your ass enlarged in prison if you try to do some real funny shit. It's not any of my business, but I suggest you put your energies towards creating things, it will gain you popularity, pussy, and money.
To answer your question. Logs are usually in the /var directory. Depending upon what you've compromised, touched or otherwise contaminated in a hypothetical situation, the logs for that program are to be found under their respective names or directories. This should find most of them (run as root): >find / | grep -iP --color "\blog\b"
>do you guys think as time goes by systems will be so streamlined that hacking will become impossible? The low hanging fruit is gone. The industry will become increasingly specialized. Skids will disappear, technology will mature. The real power to compromise systems will fall to big money, corporations, state actors. Basically groups that can assemble teams of specialized talent.
Finally machine learning and "AI" will totally blow away any human capabilities with regards to defensive AND offensive capabilities. I hate to do it, but the scene in the Iron Man movie where the good AI is fighting the bad AI to crack passes which it generates every few minutes is a close analogy.
Tyler Cooper
As long as software is written by people, it will have errors, even if software has no vulnerabities, it runs on hardware that can be hacked. Even if a combination of hardware and software does not have vulnerabilities, the systems it interacts with can be hacked. Hacking and cracking will go on forever, it's impossible to consider all current and future possibilities when designing a system.
Cracking in general is a fun puzzle, it's cool to try and break into systems, try and make systems harder to be broken into, it's a cool game. user doesn't need to try to deface a .gov site or some shit, there are plenty of fun legal things to crack and hack.
Consider this. My dude almost spent decades in prison because he made feds look incompetent, and they dug up some stupid shit he did years ago. If he had gone before a different judge who didn't understand tech or didn't give a fuck he'd be doing years in big boy fuck you in the ass prison. Only crack legal shit or you'll get shit on.
Nathaniel Gonzalez
As usual big buisness kills everything fun
Jayden Hall
so they got pissed off cause he fixed one of their fuckups?
Owen Brooks
Yeah they got salty because some random guy who cracks stuff for fun fixed a giant leak (caused by the NSA en.wikipedia.org/wiki/EternalBlue) that owned a shitload of hospitals and important infrastructure. Feds can't hack shit, they just bully companies into putting in backdoors, and occasionally leak those backdoors and fuck everyone else over because lol government.
Connor Bell
i’ve been looking of ways to get a sec clearance without one of those backgrounds and im completely lost
Aaron Robinson
What are the current most popular ways to forcibly access a Wi-Fi? Aircrack + hashcat, et c?
Isaac Moore
>install airgeddon >deauth AP >create wifi with same BSSID >router login page >"enter wifi password to confirm connection to the network" >watch as tech illiterates fall for it
Carson Carter
what can you do once on the network?
Austin Taylor
I'm in school for cyber security rn am I making a mistake? I have the nagging feeling that if I get a job in the field I'll end up as a glorified IT guy and bored out of my fuckin skull
Robert Howard
surf the web
Jacob Hall
thats useful i guess
Adrian Wilson
>brazil Based, i am interested in CybSec as well and i am totally lost on getting a job in the area, i really dont want to spend 2 years or so fixing printers.
Jaxson Davis
Why should i learn 32 bits assembly if almost everything is 64 bits today?
Colton Jackson
MitM sslstrip driftnet exploit samba servers not open to the internet
Parker Foster
>brazilian cyber security those monkeys havent even figured out physical security yet
Levi Hill
Yep, some places here cloud computing is the next big amazing shit on technology. We are so fucking behind, i wonder how i could get out of here without experience. Perhaps if i become good enough to find some security vulnerability someone from outside might be willing to hire me? It doesnt hurt to dream.
Jeremiah Sanders
>curl ipinfo.io/IP >not simply acessing it via browser why are wannabe hackers such niggers
Nathan Jones
I mean, people can see your IP, how do you get not arrested?
Caleb Wilson
83.23.13.103 try me bitch
They COULD see your MAC address if they LOOKED for it. You can still spoof it. You would only get an IP address after connecting to the network, it would still be the network's ip (255.255.255.0) which means nothing outside of that network. If you're really paranoid about mac spoofing you can just buy usb wifi cards second hand and change/cycle them periodically
>I was trying to get into data science, but I think it's going to get a lot of people doing the same in the next years since it's getting mainstream. Data science is still in the process of finding its shape and form. Thus there is a lot of hype, too much buy in but not enough results. That will change. And they will still need people who can think rather than monkeys paid peanuts.
For all the talk of AI this field will still rely on human insight to set up the system for years to come. I would not worry if I were you.
Aiden Gutierrez
Big companies will move into nearly uncrackable security, but normal people will always have free "security", preinstalled antivirus and shit data management. Either way, people will keep releasing rootkits, hackerman programs and unpatchable exploits to keep up with the increasing mid-tier security. Maybe one day we'll reach the point where exploits become so complex you just have to fire and pray it works because you cant even read it, but thats far away.
If anything we're closer to "hacking only" hyperspecialized computers, cyberpunk-ish 80s movie hackers and electronic lockpicks than we are to the end of consumer-grade security and hacking as a concept.
Jack Baker
Maybe do it yourself if you want it
Hudson Roberts
cyberpunk is timeless
Jace Sanchez
>and none relate to Cyberpunk. Because cyberpunk has aged like a fine wine, look at all the horrible surveilance and AI shit going on right now.
Owen Morales
That's not a beginner question by any means.
First get some information about "intrusion detection systems" and forensics. If you shat your by then, you are a smart guy. Like the other user said this isn't the nineties where nobody actually know what he was doing.
But let me answer your question. If somebody asks you "can you hack a machine" he answer is: "can you break into a house?" There are huge differences between breaking into an empty cottage in the middle of nowhere and the metropolitan museum.
And it's the same for computers. There is a huge difference to find some trash site on the interwebs and deface it and getting into a high-value target. The latter might require the money and manpower of a state-level operation while the former is a matter of using google. Also if you do mess with big companies they usualy seek revenge.
As to your question: Most "haxx0rs" are getting caught because they become reckless and lure into a false sense of security.. Only one example: There were two guys in a café and they had their laptops open in front of them, doing "illegal stuff" when two undercover feds came and took the open notebook from their hands. All encyption goes to hell when you have the evidence right in your running system.
Basically doing illegal stuff today is stupid unless you are really really good (protip: if you ahve to ask, you're not). So don't do illegal stuff. But if we consider this option (theoretically) I'd always opt for the prcinciple of "defense in depth": If one layer is compromised, you should notice and the next layer is still there and so on.
Isaiah Sanders
how do i get really really good
Jackson Torres
Couldn't honeypots conceivably hide logging stuff going over HTTP(S) even from tcpdump as root if they use a custom kernel?
The next fields are brain hacking (anyone really things Neuralink is safe!?) and gene hacking (CRISPR/Cas9 really opens up things and DNA is just biological data storage). Chances are .mil is deep into both parts, ref. ethnicity specific gene weapons.
Michael Gutierrez
>anyone really things Neuralink is safe!?
Neuralink will most likely be read-only with the brain, meaning you can't write memories or send signals to peoples' heads.
You can still hack them and get all of the access tokens, secrets, and passwords off of it but that's just like hacking a phone.
We need a huge amount of research before Neuralink is writing data to brains
Chase Thomas
>Neuralink will most likely be read-only with the brain, meaning you can't write memories or send signals to peoples' heads. That is what they say, for now. FB has already stated they are looking for two way communications. I guess that will be ads straight into the cortex.
>We need a huge amount of research before Neuralink is writing data to brains True, thankfully. We just don't know how quickly that will be covered.
Jacob Morgan
>look at all the horrible surveillance and AI shit going on right now Can it get too worse?
Andrew Jones
first thing you do once you get in is disable as much logging as possible. pipe anything you can't disable to /dev/null with a symlink etc.
Ethan Perez
Practice, same as everything else.
Daniel Butler
>Neuralink will most likely be read-only with the brain, meaning you can't write memories or send signals to peoples' heads. It's designed not to be read only. Watch the entire Neuralink talk, don't read articles about stuff like this.
It's not read only, but that doesn't mean it can "write memories" to your brain. It's nowhere near high enough resolution, they're testing connections that have a MAX of 3k electrodes. Further more, it's nowhere near granular enough to detect individual neurons firing, it only detects firings of groups of neurons. It's unclear what can be done with this technology because we simply don't know how the brain works, but people aren't going to be downloading thoughts and memories and stuff.
Wyatt Watson
>Can it get too worse? The question is instead, can we keep it from getting worse?
If you want to avoid the memes that the media latched on to, skip until after musk is talking.
Owen James
im too rich to google my own shit, thanks anyway
Brody James
A professor has a website for her course and has a word generator for a prompt, I want to get access to the txt file that has all the words that can be generated, I don't want to change it, I just want to read it I saved the webpage just to get around the dynamic scripts, I found a js script link to "./name with space--_word generator_files/saved_resource(1).html" and there's a near duplicate ending with "generator_files/f(2).txt"
I tried just copying them into the url after the root page and every directory up to the page, but even without spaces in the src path it wouldn't load
Hope I don't get into a car crash and have neuralink scrape my brain or cause a leak of cerebral spinal fluid
Chase Jenkins
Does the prompt update when you access it? Just run copy the output with wget or whatever a few thousand times, then remove duplicates.
Jackson Long
It's a text prompt not like a computer event, the dynamic parts are just body text, I don't see anything in the document about when the output of the script is written to page html, the structure is constant, certain words change each time you refresh the page, the only things you click just either refresh the page or take you to another page. I don't want to fuzz the domain, and I don't know enough regex to pick out the particular words.
Joseph Williams
oh fuck i'm fucked... fuck fuck fuc....
Connor Bell
>the dynamic parts are just body text This is what you would like to read, correct? The dynamic parts?
>I don't know enough regex to pick out the particular words. Essentially all you would do is make copy the whole page, remove duplicates, then create another text file with the static content, compare the two files and only keep the unique content. It's very very easy to do this in bash with grep.
What you are asking otherwise is how to gain access to a file that you don't have permissions for, assuming >generator_files/f(2).txt Is that file, which it probably is. Essentially what you're asking then is "How 2 hack pls", which is better covered by the OP (and again, if you do manage to succeed it's very illegal and you will go to prison because lol cybercrime).
This plus the man page for wget and a basic understanding of bash should be enough. If you actually manage to get a text file of whatever size containing all of the info I can help you sort it out, as long as the information you need is contained somewhere in a file on your computer it's easy from there regardless of how big that file is.
Easton Parker
>Essentially all you would do is make copy the whole page, remove duplicates, then create another text file with the static content, compare the two files and only keep the unique content.
I read through this an realized it might not be clear exactly what I meant. If you have access to this information in a form that isn't useful to you (the text with the words you want in it) it's much much easier to try and process this information into a form that you DO want, instead of trying to break into something else. Hacking (imo) is about finding cool solutions to problems, not everything has to be hit with a hammer.
What I mean by the actual solution, is that if you can create a text file which is a thousand, or ten-thousand iterations of the full prompt (by pulling off of the webpage with wget or whatever you want), you can then.
1. Remove all duplicate strings, leaving you with one of each word. 2. Make a copy of everything in this
>the structure is constant
in a separate text file.
3. Compare the two files you've created, one with a every string contained in a thousand iterations of the page, and one with every string that is constant between multiple iterations of the page. The strings (in this case words) that are in one file, but not the other, will be the list of words that you are looking for.
Joshua Bell
Is it often that someone gets hired for purely web application related security positions (pentesting etc)? I want to learn more about breaking web applications in the future (I'm currently learning how to build them) and curious what the job prospects are and if I need to know more than just breaking into web applications if I want to get into the security industry.
Jonathan Brooks
I guess I'll just have to do that, their wp-content/uploads etc directories are all open, was just hoping I could find the particular txt file, you can find old recordings over the last 6 years, even with site: filetype: search on google, just not this particular txt file. Thanks though.
Liam Rogers
>Hope I don't get into a car crash and have neuralink scrape my brain or cause a leak of cerebral spinal fluid
They are pretty thin and easy to remove, so it's unlikely they'll be able to scrape your brain. Considering it's a car crash with a head impact, you have bigger things to worry about like your neck being broken.
Otherwise, enjoy wearing a helmet for the rest of your days :^)
>finally get job as security dev >fucking company has me doing front end
At least I have a team to manage.
Jeremiah Clark
how much do you get paid
Logan King
I'm sure they exist but you're more likely to get a job if you know more about pentesting. Web apps are just one stop along the way.
I know there's people that do that specifically, I just haven't seen jobs posted that only request that. They usually require general pentesting skills as well.
That shit fucking SUUUUUUUCKS
Fuck that company but at least it's a job
If they don't move you to something more relevant after 6 months, I'd start looking for something else. They lied to you if you don't do security work
i've never heard of someone going after bug bounties
Carter Richardson
my friend is doing it lol
Michael Parker
why not
Brandon Baker
idk it just never came up
Jason Mitchell
google anti-forensics
Grayson James
Just do ethical hacking in HackerOne
Thomas Anderson
every job gets boring and repetitive even hacking. it's still a job even if it's fun and interesting. writing reports is ALWAYS boring, but the most important part.
Brody Cruz
lotta ms office is 32 bit. lotta legacy systems. eternalblue was 32 bit.
Chase Collins
I actually managed to find the txt file but it seems to be 70k characters of what looks like javascript rather than a list of words, not really sure what to do with it
Matthew Cooper
thanks for the reply, infosec fascinates me and I'm excited to get my foot in the door, just a bit nervous that the actual work will be much less rewarding and challenging than the studying has been so far. definitely gonna stick with it though
Benjamin Butler
is there a market for writing reports for hackers? that actually sounds fun to me and a good way to learn stuff while I'm still a newb
Grayson Peterson
What's a reverse shell?
Parker Kelly
llehs
Evan Gray
Is there a rate limit on how often I can wget a page before it might be considered a ddos?
Nolan Howard
why do it from your apartment
Lucas Jones
so someone won't just walk up to you and steal your lappy
Luis Reyes
We got the FAQ going only the last few years, so why not also this?
Christopher Peterson
Also don't underestimate the importance of a theoretical foundation.
Jacob Price
if you're doing it from one computer, it will never become a ddos
pedantic shit aside, if you're actually concerned you might denial of service the website by wgetting it (ie the server is being run from a raspberry pi or a smart fridge) you could space out the wgets by a second or so
it won't be a distributed denial of service if there's only one system doing it in terms of rate limiting, it all depends on the individual remote web server or any reverse proxy in front of it
Charles Lopez
>True, thankfully. We just don't know how quickly that will be covered.
People will no doubt queue up to get this implanted in their brains. What could possibly go wrong?
Wyatt Gonzalez
How far has he come? One user said he used the FAQ to make zines, same guy?
Bentley Young
Start reading it now. Idk if it's the official one but from the neocities site: >Works completed in the PDF are bold. We have completed 5/8 pieces for the final release. Thank you for staying with us so far! lainzine.org/all-releases/lainzine05/
Hey... guys. Let's let Mark Zuckerfuck IN OUR FUCKING BRAINS. >hehe, what could go wrong. That's the sad part, that people will queue up like Apple store linueps for this shit.
Isaac Morgan
Is fedora a good distro to begin my cybsec studies on?
Hunter Butler
So, only a bit on growing mushrooms (of all things) is missing??
Jace Reyes
>Is fedora a good distro to begin my cybsec studies on?
yes and no. in reality it doesn't matter what OS you're running for your 'studies', however consider using something locked down and secure, like run your studies inside a VM or on a dedicated machine with/-out internet access. most tools these days are on github, so your OS really doesn't matter at all.
Oliver Wood
>run your studies inside a VM Thats the idea, any tips on hardening fedora on vmware aside from the basic shit(no shared folders, clips etc)
Ryder Harris
Nope. It's the ones in BOLD that are done, not the ones that are clickably purp
