NetSec Thread

Does anyone else suffer from crippling procrastination? I look at all the sites OP posted under learning and just get overwhelmed by the amount of stuff that's there. I wish I had matrix-style insta download of knowledge.

Thanks for threads like this.

are there any good rainbow table tools for linux that are legit, no viruses or anything?

anyone want to team up for picoCTF? only 2 days left tho

I got this too. What I learn is just jump into it and expect to fail. Even hope to fail and just try to do something else.

Find something that looks really cool or sounds like something you can get into and once you excel at it, you will either love the other fields or you will learn you hate it(in which case you only wasted some time learning instead of learning all of it and then hating it or worse go to school and waste money.

I'll start posting them weekly. If any one has any good resources feel free to share them.

k&r's pretty good

I've actually always wanted to go into cyber security but I didn't because I thought I was too much of a brainlet

Jack the Ripper

thanks so much, this is exactly what the question was intending me to use! i'm not sure why it didn't show up on google

Just start.

Buy a book. A real book. Any book on this topic. Once you spend real money on it, you'll read it, because you don't want to waste your real money, do you?

>tfw using john the ripper
actually the base install didn't work for md5 so i'm having to install the "jumbo" edition

It was preinstalled on backtrack.
You could find a lot of good tool suggestion from that community.

the jumbo version worked like a charm, the reason the base install was taking forever was because it was resorting to incremental mode so brute forcing.. i had to set it to raw-MD5 mode manually b/c it didn't recognize it but i suspected that was it. capture the flags are so fun, i'm doing pico ctf right now

is he right? is debian the script kiddie distro?

if you want to investigate forums in native language and pick tidbits from hacked docs/code then yes. otherwise use google translate.

is it true that once you have a solid foothold inside a company network that it's mostly a matter of when not if you get access to domain admin?

No, that's Arch.

Anyone have any ideas for a birthday gift? It's for my brother who is a pentester. He's been there for me and I remember reading Little Brother together which sparked his interest initially.

"solid foothold"

Why not get something he's interested in as a human being?

Are there any online video resource about this kind of stuff? especially about networking

>cybrary.it/
The very first link...

What resources do you guys recommend for someone who wants a bigger and in-depth understanding in networking. NOT HACKING. Since you need a good basis on networking to become a good hacker, anyways.

some of the gargen variety stuff is implementing VM checks so it doesn't execute in a VM.

Cybrary, they have a free network+ class and some other networking stuff I believe.

thanks mr shark

Learning the OSI model and where each layer exists in a network is very very useful, learn how a switch works, learn routers and common routing protocols

not really netsec, but what do you think about number stations and other radio related things like SDR etc?

amazon.com/Computer-Networking-Top-Down-Approach-6th/dp/0132856204

It really isn't. Most professional (retard) security people love to talk about this all day, but there are few things to do on layer 2 and 3. Setup firewall, memorize ports. Most of the security action is layer 7 and 8, although I wish SANS would shut the fuck up about the 8.

Take adderall. It's a wonderful drug.

I fucking hate the OOOSPOOKY mood that surrounds number stations. They're nothing mysterious. In fact they're quite well documented. We just don't know what the content of the messages is but it's clear that they are meant for spies using one-time pads.
There was even a guy on youtube that used to collect some of the hardware that is used to generate the noise and number sequences. I can't remember his name though.

Thanks mr sharko

>Most of the security action is layer 7 and 8

I thought there were only 7 layers of the OSI model

Learn Cisco. You'll learn about routing protocols and how to configure networks properly. CCNA material is what you're looking for.

There are a few more. The 8th layer is the human layer.

Layer 8: The individual person.
Layer 9: The organization.
Layer 10: Government or legal compliance

this sounds stupid

>Why noone ever replies to these edition.

Where do you think you are? Go make a whatsapp emojis thread or something more appropriate to Sup Forums's interests.

underrated

OP Should link the vault 7 leaks, they're an interesting read.

>implying anyone reads those

People just like to shit on things, not actually study them

I'd study them if I knew what they were talking about.

tl;dr CIA is hoarding zero day exploits for a shit ton of devices/operating systems and they're super spooky and can hax your tv

computer network's and internet's alright. i have to read it for a class, one of those where the professor doesn't teach and you have to learn it yourself. they're super jewey about not letting you even download the ebook so idk if there's any pdf's

layer 8 is social engineering, which is an important part of security

Security Level: Reddit

fucking reddit..

Non-free software

You betcha they are.
Pretty much this, but not just it.
They developped a lot of tools and ways to utilize em. Also lots of procedures.
They basically threw redonkulous amounts of money to hire good engineers dedicated to giving them the technical means to reach their goals.
You can take a wild guess what those goals are.
Then again, the more you think about it, the more it sounds like super fun doing that.
No wonder they brag in their documentation.
>Paid fucktons o' shekels to devise new ways to fuck with people
>Where do I sign

bumperino

netsparker.com/blog/web-security/hacking-smart-tv-command-injection/

cyberpunk style hacking everyday objects when?

with the rise of the internet of things, we should definitely see an increase of attacks like this.

bumping

i'm scared that cyber sec will become a meme like software development overrun by wannabe hackers / people doing it because the media told them its ez

I mean
isn't that every field now

i'm not too sure on that, I have been seeing it more in "coding" with the media going insane over how much programmers make and how easy it is to start (girlswhocode, regular code camps, etc)

...

delet

holy shit is that Carmen San Diego?

THIS

Women have their tits in a twist because there aren't as many women in tech... so what?? some fields are dominated by different genders, women for education, men for tech, etc. There's nothing wrong with a gender gap, it's not doing any harm at all.

more important to get results/good code rather than pander to sjws..

Already for a team from work.

bah meant to reply to

bull fucking shit

>not meth
skiddie

Shit, I'm confusing something here. If the IP packet encapsulates the TCP segment or UDP datagram, how the fuck does TCP proves reliability to the IP packets being delivered?

its not really what the TCP message says, its how its handled. look into TCP handshakes, that will get you started understand why TCP provides reliabilty

should we bring back the irc or use something else like discord or tox

strawpoll.me/12736081

Can anyone give me a quick rundown of what the fuck Spanning Tree Protocol is?

there's really no way to get into a cyber security career without a security clearance right?

There are many careers in cyber security that don't need security clearance. Security clearance are usually for government jobs.

ah ok, I live in an area composed of mostly defense contractors so I've been getting that impression from most job listings.

Go ask Mitnick, don't be a fool

Weakest part of security is the human using the machine

...

Any recommended CTF's for beginners?

read

What is CTF?
Also thanks mr shark

>Security level: Reddit
ooh, my sides

wargame

Is there any forum about this topic?

what are you trying to read

This, minorities always get offended by being a minority it doesn't matter what it's about. It saddens me they can't accept it and move on.

How do I know if I'm smart enough to work in netsec

If you need to ask then just don't.

Bump.

Does anyone here work in network security/cyber security? Whats your day at work like? Work-life balance?

>that they are meant for spies using one-time pads.
Wouldn't they be using RSA by now?

Something like hackforums, but way more mature and serious. Not about hacking like a kid.

What would be the best option for running a VM OS?

I was thinking of installing a barebone stable OS that doesn't need updates frequently which is also hardened and install QEMU and Veracrypt.
It'd be great if I could run multiple VMs at the same time.

Are there any tutorials out there?
Maybe there's a setup already made for this?

>I was thinking of installing a barebone stable OS that doesn't need updates frequently which is also hardened

debian on vmware
done

So am I supposed to install vmware onto my hardrive and boot that?