This is a general thread for discussion, questions and help about cybersecurity and related topics. Before asking questions, consider these helpful resources:
i recommend to everyone to either buy of make a network tap and have a raspberry pi connected to the tap running security onion
Leo Allen
Thank you for the resource links
been thinking about making an ntap like this for monitoring LAN for any abnormalities
What applications would you use it for?
Brandon Jones
Essential reads on network pentesting and available tools?
Inb4 kalilinux man pages for every package.
Cooper Turner
make sure the network tap goes between your modem and router and run security onion. security onion is ubuntu prepackaged with snoot snort and other firewall and network security software. the plus side to security onion is that it pre configures many of the tools for you so you do not have to spend extra time setting it up. if you do not want to run ubuntu then download security onion boot it up in a vm and look at the configs of software you want and copy and paste where is needed
Carter Mitchell
kali linux is alright but you would be better of running what every OS you like and install what ever tools are necessary also do not assume there will be a tool for everything you are going to have to write your own tool from time to time if you are serious about this
Joseph Phillips
Well, writing whatever I'd ever need is definitely out of the definition of "essential reads", even though I do not disregard it.
Levi Sanchez
>security onion is ubuntu prepackaged with snoot snort and other firewall and network security software I was just going to preassemble the utils I need onto my BBB. I don't think there is much difference besides the extra time I have to spend configuring them.
I doubt sec onion has an OS image for the BBB but I prefer it over the rasp pi for some reasons.
Forgive these amateur questions but do you need a physical piece of hardware between the modem and router or would a properly configured VM do?
I'm willing to read if there is a resource. You don't have to spoonfeed
Sebastian Cooper
it common sense learn to code pick a language and find a book and read as far as other essential reading goes it depends on what kind of pen testing you want to focus on for the time being like cryptography networks ids ect
Anthony Price
i was suggesting security onion because it is very user friendly but since you need a specific image just run what ever OS you like and install the software even though you may not run security onion you should still look at since it provides a list of useful tool to use and you do not need another piece of hardware i just suggest the pi since most people do not have another ethernet port to spare but you can run any OS
Juan Ramirez
From basics and common vulnerabilities to... Sky is the limit, finding a universal algorithm to break RSA is not in foreseeable future, but let's stick to the basics.
And, well, you actually know of such books or just spilling "common sense"?
Blake Campbell
i personally have my old ps3 connected to my network tap while it is running gentoo
Ethan Bailey
>hardware i just suggest the pi since most people do not have another ethernet port to spare but you can run any OS makes sense, thank you I can probably just get by with running sec onion on a machine with a multiport nic to make it easy
However in the future I would like to have a small display connected to a physical device that can feed a summary of network stats
Easton Murphy
that is a great idea i want to say almost all the tool have extensive log files and you could have simple bash script either email the current list to you
Ian Miller
>that is a great idea i want to say almost all the tool have extensive log files and you could have yup, that's what I was planning. Forward log files to email based on event triggers. Have a small screen that shows current network stats connected to a BBB / Rpi.
I will try to publish my steps and share them in this general when I get to work on the project.
Asher Rivera
Looking forward to it!
David Martinez
think of something you like or have an interest in and google the ever living shit out of it if you want to crack cryptography then learn cryptography if you want to break a website learn about how they are built if you want to create a bot net learn how to write bots to become a pen tester you need to pick an area to specialize in then you will know how to break it
if you want this in simpler terms pick something to learn become and expert at it and then you have the knowledge on how to hack it
this is the best advice for learning anything really don't waste your time with trying to absorb a large blanket of formal knowledge
start poking around your interest and learn as you go. Your mind will label everything and you don't need to waste time translating pointless academia complications into the relatively simple concepts they represent.
It's really easy to learn academic buzzwords and domain specific concepts once you have personal mental knowledge of how they work.
Just wanted to share this since the other poster seems to view learning in a similar light
Elijah Phillips
Literally what I am doing now. But in case of studying porgramming or cryptography there's a tonn of classic acadmic books. And when you google "how to write bots" or simply "pentesting", you get reddit-tier guides for beginners.
And I am very familiar with buzzwords, but buzzwords achieve nothing, yet they preceed "something". I like all the Talmud academia stuff and I want some good books to git gud.
Also, this a book that comes up from googling, but is about "routine stuff automation"-bot instead of "remote daemon"-bot. Or worse, MMORPG forums discussing "gold mining"-bots.
Sebastian Lewis
writing bots is going to require programming knowledge also with basic a.i. knowledge you need to slave learn how to read and irc chat for command and what do when it revives an order you need to learn how to host a bot head you need to learn how to automate scanning and breaking into other systems
Jaxon Sullivan
essentially you have to learn how to automate an attack so that book is a good starting point if this is the route you choose
Gabriel Anderson
Are you Chinese, Indian, Russian or high/drunk by any chance?
Well, regarding irc-control - neat, had no idea slaves may be controlled through irc.
Justin Cruz
lol i am none of those i just a random user who enjoys security i have been apart of the community for a while now so you pick some shit up
Gavin Smith
to elaborate further on how they are controlled though irc within irc clients there is often a function where you can execute command on the machine remotely
