/nsc/ - netsec general

Why noone ever replies to these edition.

/netsec/ is dedicated to everything about computer security, networks, exploits, reverse engineering, social engineering, hacking, tricks, etc.


How To Become a Hacker: catb.org/~esr/faqs/hacker-howto.html

>Learning
cybrary.it/
n0where.net/
offensive-security.com/metasploit-unleashed
resources.infosecinstitute.com/
windowsecurity.com/articles-tutorials/
sans.org/reading-room/
corelan.be/index.php/articles/
opensecuritytraining.info/Training.html
blackhat.com/html/archives.html
securitytube.net/
opensecuritytraining.info/Welcome.html
beginners.re/

>News/CVE releases
threatpost.com/
deepdotweb.com/
packetstormsecurity.com/
cvedetails.com/
routerpwn.com/
exploit-db.com/
rapid7.com/db/
0day.today/

>Wargames
overthewire.org/wargames/
pentesterlab.com/
itsecgames.com/
exploit-exercises.com/
enigmagroup.org/
smashthestack.org/
3564020356.org/
hackthissite.org/
hackertest.net/
0x0539.net/
vulnhub.com
ringzer0team.com/
root-me.org/
microcorruption.com/
starfighter.io/

Other urls found in this thread:

reddit.com/r/netsec/
wiki.gentoo.org/wiki/Security_Handbook/Securing_services#ssh
dev.gentoo.org/~swift/docs/security_benchmarks/openssh.html
twitter.com/AnonBabble

>Why noone ever replies to these edition.
Sup Forums is Sup Forums now, etc etc. Also maybe you just have a shortage of offensively-minded rather than defensively-minded folks.

I'm chasing down a glitch in a VM that happened after I updated the kernel for that recent privilege-escalation problem. fun times.

there aren't enough of us here,
that's why nobody posts

are attacks on qemu really something I should be worried about? It's not that common, is it?

Escaping the VM might fuck your shit up.

How probable is that a website can inject a vm escape malware even when maximum security is toggled on, on tor?

>How to become a hacker.

Nearly impossible. Just nearly.

A website? I'd imagine there are exploit kits targeting versions of Firefox associated with the Tor browser bundle.
Most modern browser exploits require JS to be enabled in order to work though.

Nice. We should make these threads a regular thing, like the daily programming threads. We need to build a hacker culture on Sup Forums

VM escapes are one of those exploits that are possible but rare and difficult to pull off. Worry about stopping arbitrary code execution and elevation-of-privilege attacks first, those are a lot more common, and if an attacker can't get his own code running on your machine he'll never have the chance to do a VM escape in the first place.

First rule of using Tor is to disable JS. So many browser exploits rely on JS that its not even funny. Not all of them, every once in a while you'll see something where (for instance) a malformed image file can lead to code execution. But lack of JS makes things awfully difficult for a malware-writer right off the bat.

Your forgot to add reddit :^)
reddit.com/r/netsec/

How plausible is it to get malware on your android phone? I'm talking ads on websites that you can't block. Even if you don't click on them can they get access to your files?

Best way to harden ssh security for a vps?

- Turn off root login. Use another user to work with your VPS.
- Use a key authorization rather than a password.
- Use fail2ban.

How do i completely delete myself from the internet?

is there a guide to
1. fake, untraceable email, that can be used in other websites that ask for it [even social media] ?
2. completely remain anonymous / untraceable on the internet?

i want to know about anything to do with anonymizing my internet experience.

What's your goal?

an hero, eventually.
but right now i'm just trying to erase myself from the internet.

>use disposable mails like 10minutemail.com
>don't trust companies like Google, Facebook, et cetera
>don't use windows or apple software
>use linux as your daily driver and tails for sensitive data
>use open source or free software

That's all that I could thing about right now.
If you already gave out your info, is nearly impossible to stay off the grid. However, anonimizing yourself isn't an all-or-nothing job, every bit counts.

>1. fake, untraceable email, that can be used in other websites that ask for it [even social media] ?
Create one time use emails at cock.li.

>2. completely remain anonymous / untraceable on the internet?
Use Whonix/TAILS.
Buy SSH tunnels from some shady Russian to circumvent constant "Fuck you" for TOR users.

was meant to

thanks.

>you already gave out your info
how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?

> nearly impossible to stay off the grid
yeah, unfortunately.
maybe i'll keep protonomail for absolute necessary shit.

>However, anonimizing yourself isn't an all-or-nothing job, every bit counts
you said it.

>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
Never. Seriously.
You done fucked boy, pack ur shit.

>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?

Well, depends on how well your data is distributed. If you're on old backup servers, never.

>how long [if at all] until fb [and other sucidal media] deletes my shit once i deactivate and/or delete my account?
sit around for a few decades and hope the only FB server holding your data explodes into flames

Depends if those sites have an exploit.

Most malicious ads will try a whole range of JS exploits, mainly for outdated browser exploits.

Disable Root login.
Change the port to evade common port 22 attack.
If you use key based auth, set the login retry to a minimum.
AllowUsers
DENYusers

"forgot"

Kill yourself.

eventually, ya stupid cunt, eventually.

B U M P

Thanks for compiling all these resources
First time I see them in this thread

the fact that you're not using dedi hardware is bad sec practice in the first place

Why take unnecessary risks?

strong pass
fail2ban (optionally)
everything else is a waste of time or sec by obscurity

while properly segmenting your services to non root users is good sec practice disabling root login by no way helps

a box with a net facing root and a strong pass is as secure as a box with only lower priv users that are net facing

Everyone has moved to libressl right, or is it too hard for most retards on Sup Forums?
>- Use a key authorization rather than a password.
This is incorrect. You should be using both.
To add to the others:
disable empty passwords
disable keytypes other than your own
Here is some more info:
wiki.gentoo.org/wiki/Security_Handbook/Securing_services#ssh
dev.gentoo.org/~swift/docs/security_benchmarks/openssh.html

imo most of those spam ads are "safe" ads without malware but rather they force u to idk fill out some survey that in the end in order to submit data want you to subscribe with your mobile phone or whatnot to some other 3rd party shit that will take montly fee out from your phone

that is so far from my experience

bump

There are multiple better chans that have ongoing security discussion and that aren't full of constant shit flinging.

which chans? i know about /sec/ on lainchan, but it's slow as heck, with generally very little technical discussion period

whats the common / best rules for a firewall?

Block all incoming and outgoing ports

infinichan, lainchan is good as well.
>slow as heck
Who cares. It means that people actually give well thought out responses.
They aren't just spoonfeeding generals, its expected that you know how to do your own research and that questions asked aren't ones that can be answered in a 20 second search using a search engine.

>our system thinks your post is spam

And i have no internet then

idk, it'd just be nice to have a nice chillout general or something to discuss exploit development and reversing when we're not actually doing it.
communities/discussion on the topic of netsec being slow can make conversation feel pretty disjointed and difficult to get invested in

the internet is harmful

>general
Well then someone already linked a place to go here There is already a hacking genreal on lainchan. But as usual """"Generals""""" are better suited to IRC, and the lainchan one is usually pretty active.

/r/netsec is good for news but it's not much of a community
i suppose i'll give the lainchan irc another go