Bump. I've been doing over the wire and binging through cybrary vids. Doing the a+ vid series now as I have no prior experience sides cs classes. Is that a good place to start? Btw thanks for the links I'm definitely going to add them to my autistic schedule.
Zachary Sanchez
sounds like you are off to a great start
Christian Allen
ubumptu
Levi Bell
bump
Christopher Smith
>cyber war game
please stop throwing cyber infront of everything
Julian Fisher
...
Jason Bennett
Stop cyberbullying
Nicholas Allen
>network security Anyway. Has anyone here done anything with Intel SGX or AMD SME? I'm thinking of learning some of that. But frankly AMDs SME seems fairly limited in its use. SGX is super useful on the other hand. At least as far as I can see.
I just don't know where to put my effort because Intel doesn't want to let anyone in it looks like. You need a commercial licence and shit and they don't give them out freely or anything.
Oliver Myers
Looks like you're not cyber enough to be able to handle the cyber-activity.
Hudson Young
Been playing with the witchcraft compiler collection. It blew my mind how it could work with elf binaries from any is and several different CPU archs
Aaron Cruz
bump
Joseph Morris
anna-senpai is nasty.
David Perry
>Satan being sold on Skiddy Forum #3 >"underground website" wew
How's your lab looking, /nsg/? Currently only have a pi and some Centrino laptops to play with.
Eli Ross
Well at least our smart toilets are safe
Aaron King
it sounds like you already made up your mind
Jeremiah Rogers
i would use my pi for security onion
Joseph Miller
20gb's of various skidware, some orange pi's and a whole bunch of Attiny85 boards (arduino) loaded with fun payloads
Jaxson Fisher
I have an odroid and plan on setting up an intranet to learn, but with basically 0 knowledge dis gonna get hard.
Ayden Cook
Is a university degree in computer networking a good career prospect?
Mason Foster
Decent as long as you get some certs to go along with it and use your time at university wisely doing things like making connections not just partying 24/7.
David Wood
kys
Josiah Harris
make sure you classes are based around work and less theory ask around to find out. on top of that find out if your uni has local a CTF meet up or something along that line. it also helps to pick up C as a programming language
Connor Collins
rude
Josiah Richardson
How much math do you need to learn for this compared to programming? Calculus 1/2?
Grayson Ortiz
depends on what you want to do, cryptography requires a math degree, programming you'll be fine with calculus, but designing an IDS will require more than what is needed for programming
Juan Sanchez
Damn... I'm so bad at math.
Lincoln Bell
Respond to this post if you have not done the overthewire bandit wargame
Levi Williams
Learn it if you want to, math will always be there together with programming.
Colton Rivera
...
Parker Long
n.n
Samuel Harris
U.U
Carter Barnes
>cyberimplying
Asher Ward
>programming >calculus what is this I don't even
Christopher Hughes
I miss seeing Lain everywhere on Sup Forums
Jackson Garcia
...
Isaiah Thomas
...
Cooper Young
...
Nathaniel Myers
...
Aaron Cruz
...
Lucas Brown
...
Tyler Russell
I wonder how this pic was made, would be cool for making an animated Lain wallpaper.
drives me crazy finding how to make the same effect
Kevin Brooks
i found out about that site recently lurking a /wsg/ thread
Jace Campbell
any with minimal *nix experience should try leviathan
Luke Gutierrez
What are the best ways to harden security on a home Linux box facing the internet?
Isaiah Morgan
disable root login and use certificate only login
Elijah Collins
This, and use fail2ban. If you have to use password login, make sure it's a difficult password and not in any password databases, because it will be tested.
Changing to a non-standard port will clean up your logs (you're going to have hundreds of botnet login attempts per hour on port 22 but 0 on any other port) but won't increase the security.
Elijah Cruz
Im using an old netbook to learn how to do some server stuff
ifconfig shows the ethernet interface is enp9s0, when I am downloading somehting, the internet cuts out completely, nothing comes in or out (pings for another machine etc)
any ideas?
Aiden Torres
Never log in from a Winblows or Mac. Only hardened setups you trust.
Sebastian Reed
>What are the best ways to harden security on a home Linux box facing the internet?
>disable root login and use certificate only login this, plus disabling services you don't need, is 99% percent of what you need to do
> fail2ban + non-default ports as said, doesn't increase security by any real degree, but it will make keep your logs near empty, and minimizing distraction is useful in itself
> Never log in from non-hardened setups unless you're in charge of Hillary Clinton & Friends' cheese pizza delivery service, this is probably overkill. just use distinct certs for different client devices, and avoid sudo'ing etc. from machines you suspect might have been compromised.
Zachary Martin
>unless you're in charge of Hillary Clinton & Friends' cheese pizza delivery service, this is probably overkill.
Cameron Ward
iptables and ip6tables everything. Then install knock
Jaxon Hernandez
Bump to give me time to read the thread.
Cooper Robinson
>fail2ban how 'bout Sshguard? agree about the password, I use keepassx/kpcli password generator
this
kek
Oliver Thomas
>I am dead on the inside Edition Did you fapped to dead again user?
Carter Allen
nah just feel that way on the come down
Logan Rogers
what i do you not get
Eli Peterson
Wow I legit just closed out every thread i was in when i saw this one. OP was not a faggot today! gg.
So i have a stupidly large amount of fucking questions for this topic, and it seems easier to just dump all of them in one stream of post than flood the thread with a billion comments. I'm currently working through a AS in Network Administration, and have about 1 years experience in a professional network environment. I recognize that makes me about as capable/valuable as a potato with a clock plugged into it, but i do in earnest want to learn/do more than I am now.
>My current life situation won't allow me to pursue a bachelor's, or a master's degree in computer science. It sucks but it's my own damn fault, so that said I want to work my way into cert's / experience equal to or slightly less than those degrees. My plan is (hopefully) so far is CCENT, CCNA Security, and then i don't know what to do from here between the CCIE, or the SSCP, or the CISSP. I know CCIEs make pretty good money, but the SSCP sounds like a lot more enjoyment, and the CISSP is really more of a manager's deal than a security tech as i understand. so the actual questions, does this sound viable? does it make any sense? in your experience what's your opinion on the certs?(aside from making the company pay for them, which ill try to do, but if not i still want to grow and progress.)
TLDR; which of this shits cooler my dudes? CCIE, CISSP, SSCP? I want to get into security consulting and probably Security Systems Engineer.
>o wait there's more!
Grayson Rodriguez
Told you i had to many questions!
> My school is only going to teach me so much at an associate level for the more interesting things in scripting, and math, and actually hands on using applications, so i've been teaching myself as much as i can lay my hands on. I'd say i'm a mediocre java and python programmer at best, been at it for maybe 1 year now but it takes me fucking ages to make a project and then not to mention make it work. (nothing fancy like a little calendar or some shit.) I'm also working a lot of different VM's right now to get used to different OS, mostly all linux systems. So my question is what is the best way to learn something totally fresh? How do you know you're getting quality information online? What kinds of things should someone really be focusing on, and what's just bells and whistles that most people get stuck on?
TLDR;So many things to learn, how the fuck is it all gonna stick? how does a newb avoid bad advice? what's some pro shit to learn? whats some shit to avoid?
>last one i (definitely don't) promise. I want to get my hands dirty with some networks that I can fuck up real good without costing a company bundles of money, or getting into a system that i don't have access to. Any time i try to ask my professors(most of them) they lose their shit and tell me all about the rules of ethical hacking, and so on and so forth, but i really just want to do it to see if i can put anything i've learned to use. So my question would be what would be the cheapest and most effective way to practice pen. testing? Should i save up some cash and get one big beefy server and make a bunch of VM's, or should i just start grabbing as many road side P.C.'s that i can find? Can i trust the war game sites to practice on, or should i be concerned about a malicious individual attempting to trick new players in the game?
TLDR: this shits expensive or illegal to do. How do i practice without going broke or gay in prison? Are war sites legit?
Bentley Kelly
You're a fucking idiot. Install gentoo
Eli Thomas
You should do some war games to apply what you have learned, retain it, and find out what you enjoy. Through working on problems you should be able to figure out what cert you want. But all of this can be void if you want to chase money
Thomas Lopez
thanks annon
Hudson Myers
Thanks i will! so far HackThisSite and OverTheWire look amazing, but i'm going to need to do some work before i'm ready i think. I need to start a fresh OS (in a virtual environment), and a bunch of new tools from what i've read so far from the gentoowiki. I went through the flow chart i noticed Kali wasn't listed, it's what i currently have the most experience in. Is it a meme OS, or is it just not very popular? Working on gentoo VM atm and then i'll look for some tools.
Michael Perry
So I have 2 weeks to get ready for a CTF competition and I don't really know a ton about CTF. What is the best use of my time to prepare? I've been going through overthewire but is there anything else I can do to help myself get prepared?
Joshua Sanchez
Kali is purpose built for pen testing. Its not really good as an everyday OS, but its great at what it was designed for because it has pretty much every tool you could every need already installed so you don't have to waste time grabbing them all.
Alexander King
You should not need any prep work for overthewire all the beginner challenge tell you want commands to use and give you useful reading materials, pwnalb.kr also does the same thing. You will be fine with what ever linux OS you are using but the thing about kali is that is has many tools you may not use.
Dylan Thompson
Practice online CTF and make sure you a familiar with linux. You could also brush up on C, bash, reverse engineering, and cryptography.
Carter Turner
Sweet! damn it feels good to know that i didn't waste my time learning that OS! Also awesome i got the tools! I will work out gentoo as a general OS though so i'm just more familiar with linux as a day to day OS. thanks annon!
Jose Lopez
If you are trying to learn gentoo make sure you take your time reading the portage section and maybe then learn about kernel config
Matthew Davis
Anyone here currently an network admin? What is the daily life of that job? I will be going to school in the fall for network infrastructure.
Hunter Cooper
I want to make a LAN tap, if I just get some old ethernet cables and cut and splice the wires, would that result in packet loss?
Or do I have to buy some connectors and solder etc?
Joseph Morales
I have a networking question (not security related). If you have at most 100 hosts, is there any benefits of using a subnet smaller than /24?
James Morales
Unless you're scraping for free IPs, not really. Also, you'll run into issues once you get some more hosts/printers/swicthes/things.
Dominic Mitchell
he has some idea. he has the taskbar on the side
Ethan Thompson
Daily reminder:
Become better with threading in python.
Asher Green
all post sandy bridges provessors have a 3g chip embedded on the dye so only pre sandy bridge cpus are safe
Anthony Thompson
Not really unless you're sure that your network will never expand beyond 100 hosts ever and have a hardon for saving ip addresses, but speaking from personal experience its a much bigger pain in the dick to swap everything over to a bigger subnet then to just leave enough room for growth in the first place.
Let's assume there is indeed some hidden "3G chip" in all modern Intel CPUs that tries phone home. Even if it's there, it's completely useless without a SIM card, and it's simply not feasible for Intel to distribute SIM cards along with their CPUs. Even if their NSA overlords ordered them to, it's not reasonable for technical (SIM cards are huge, unique and what networks are they going to connect to?) and financial reasons (they'd be essentially giving free internet to everyone who bought their CPUs).
Jonathan Cruz
That's pretty neat. I might have a weekend project now.
Isaac Brooks
i agree with you that his claim of embedded 3g chips is highly questionable, but for different reasons >SIM cards are huge yes, because handling a 1 mm by 1mm card would be a PITA but you don't even necessarily need one: "A virtual SIM is a mobile phone number provided by a mobile network operator that does not require a SIM card to connect phone calls to a user's mobile phone.
At the 2015 Mobile World Congress in Barcelona, Simless, Inc., a US-based startup unveiled world's first GSM phone without a SIM card slot. The reference phone was capable of downloading multiple virtual SIM cards over-the-air." >they'd be essentially giving free internet to everyone who bought their CPUs) how so? Just because something exists, doesn't mean you have access to it or can get access to it easily enough. Embedded 3G modems are more common than you think some intercoms have them(media.ccc.de/v/33c3-8027-intercoms_hacking) "All new car models in the EU will need to have one by 2015 to instantly connect the car to the emergency services in case of an accident" and some "smart" devices have them too
