/cyb/ + /sec/

What is the most commonly used OS in the security field? I primarily use OpenBSD/Fedora at work and our security guys all run Ubuntu or MacOS, is there a reason they are so popular?

literally just len kagamine and I'd basically just amass len doujins to embarrass my AI partner
hard mode answer: a tachikoma because they're fucking ace

>is there a reason they are so popular?
both are pretty much zero effort to deal with

ubuntu really, honestly just works (assuming you don't have any wifi/video issues because lol broadcom and/or amd is still fucking retarded)
macos "just works" and all their shit would build on it just fine

go install openbsd on a laptop, it's not a fun experience at all because so much hardware isn't supported

>(embed) (embed)

>randomly skip into the vid
>12:40
>"I always find destroy a really violent word"

i would love to have a tachikoma as a pet

Which Linux distros are recommended that don't use systemd?

devuan, i think

Its over. They won.

Made some OC for you good folks

Starting as a consultant after I graduate, have to move to NYC, pretty excited

cyb is dead though its foolish to expect news, when even the link sites are ancient now and not updated.

>/sec/ taking off
>on Sup Forums with javascript active and no way to proxy with tor or something
pick one, there is no sec here, just static noise.

Install Gentoo.

...no, seriously.

what're some /sec/ or /cyb/ things I can buy? (preferably off amazon UK)

>reading all kinds of different things.
Should just do K&R and C programming modern approach with all exercises and after that introduction to algorithms & x86 assembly.
Just do the exercises because with just reading it's pointless.

>freenode
why

That's some pretty good OC you got there.

thanks bro

does hardware level tcp/ip telemetry real?

thinking about all the past surveillance leaks (MUSCULAR, PRISM, etc) make me scared and depressed.

>>freenode
>why
-biggest network out there
- LOTS of channels and resources
- LOTS of hackers and stuff
- no retarded channel overtakes and shit
- ddos from time to time, but most of the time very stable

What do you even want in it if you can't understand this?

Things to learn about sec?

Interesting.. if only op posted a collection of links for you to learn some shit..such a shame he didn't.

OH WAIT HE FUCKING DID YOU LARGE FUCKWIT

legit made me smile

Does hardware real hey

What the fuck are you even asking

>tfw the bay area could be really /cyb/ if nimbys werent such fuckers

One, because I'm borderline illiterate with the attention span of a housefly. I could read every link in the OP on /sec/ front to back and not learn a thing. It's just not my area.

Two, I want these threads to be successful, and I don't think I can really help that much, but it's the only remotely relevant thing I've done in my life. I figure I can host a large amount of /cyb/ things, and someone else can host the /sec/ content.

I skipped over the OP and didn't see the /sec/ links. Sorry.

>OP doesn't even have attrition.org listed.
It's like you all want to be tech illiterate faggots or something...
If you pop an addy and go browse that site for a few hours, you'll probably learn more about hacking than you have over your entire miserable lives.

Thanks for fantastic the trips, based kek. Fits perfectly.

Isn't ubuntu botnet and contain telemetry? Someone in the Friendly GNU/Linux thread mentioned that even the server install contained telemetry.

Surely in the sec industry that would be a big deal?

/fglt/ was more concerned about the amazon addware in the times ubuntu had it on their desktop os, but for what I know some telemetry is given as bug report in ubuntu and also debian, but you can opt out on debian

I recommend devuan though

Why do /sec/fags like anime so fucking much?

are you talking about this?
caida.org/publications/papers/2005/fingerprinting/

Anyone going to Defcon this year?

The nomx meme was a good one.

Blue or red team?

but I don't

>nomx
the fuck is that?

I had comfy discussion around here these days where people knew their shit but the discussion at /fglt/ reminded me not everyone on Sup Forums is an expert

They didn't remember about LKM and failed to take permissions into consideration and fell for a troll, now they have posters claiming windows is more secure

Thread's lost

What is an alternative to OSVDB? Any vulnerability database you guys have?

nomx.com/
scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

>ECB tux
lmao i like you user :3 made me laugh

>Learning: pastebin.com/VNTsyNKp
>Essentials Pastebin: pastebin.com/UY7RxEqp
neither of these really say where/what to start to with, any suggestions?

>scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
was just reading that. top fucking kek, this shit clearly was made for all that sweet VC money, and this guy managed to destroy it, lel

there's also a response to him destroying their shit and it's just more buzzwords and FACT: emails get hacked

>-biggest network out there
So what?
>- LOTS of channels and resources
So what?
>- LOTS of hackers and stuff
So what?
>- no retarded channel overtakes and shit
What?
>- ddos from time to time, but most of the time very stable
Rizon is stable enough.

I don't think you get it, #Sup Forumssec is a chat for Sup Forums people, and Rizon is where most of Sup Forums IRC channels are hosted. Also more good stuff from rizon:
>free vHost
>free BNC
>free bots
>most illegal stuff is in gray area

There is no reason for us to be in freenode. And nothing prevents you from going there, I lurk in many channels from freenode.

We were going to work on a guide but CTFs and other stuff halted us. And they're pretty much in order.
Maybe start reading leaksource.files.wordpress.com/2014/08/hacking-the-art-of-exploitation.pdf

Maybe you can just do nothing and let people who know their stuff do the job, that would be a great thing to do you know.

>I figure I can host a large amount of /cyb/ things
Excellent idea. Why not archive the contents of the following two excellent threads:
Also have you scoured the archived threads to include all contributions made? I made quite a few but cannot find it all in the pasta.

>Why not archive the contents of the following two excellent threads

Done. How do you want this? MEGA? Torrent?

>Also have you scoured the archived threads to include all contributions made?

Currently working on that.

>>Also have you scoured the archived threads to include all contributions made?
Beware some guide I've made have expiration on pastebin, use the latest on this thread

Can anyone with experience answer me this:
When you use neXpose, Nessus or OpenVAS, do you actually connect to their servers or is it a standalone client?
All their terminology makes it seem like an immensely stupid thing to use with little to no opsec.

In what way do you think they connect to their servers?

I'm new to it so maybe I'm just confused but I think the notion of connecting to a server is part of it.

From OpenVAS I presume the confusion is in mixing two parts, the certificate creation, that is for your own server, and the vulnerability database update, that is indeed connected to their servers

Not that I am in anyway an expert in anyway

So it's client side then and you just pull the database definitions from their server?

Is just that at least in OpenVAS digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04

Reminder that this is the holy grail of /sec/ learning materials

allitebooks.com/security/

Here's a piece of news from your local VR fag: youtube.com/watch?v=xxmPJ0DFRPI

TL;DW there's an open source project called Decentraland which uses blockchains to give users ownership of land in an online virtual space.

Pic related is what I found in one of the blocks.

You can mine blocks by running a node as detailed here: github.com/decentraland/bronzeage-node

That seems pretty cool honestly.
Still a bit primitive though.

I'm not sure how valuable their work is now that there are many other competing solutions developing, but since this is open source, it at least might be valuable to other parties who could use it as the basis for a big, well funded virtual world, like an MMO or something.

I just found out about this myself, so I'm not sure what their plans are in terms of the future of their own consumer facing application.

>many other competing solutions developing
Such as?

That looks really cool. Is it possible to 'mine' on a raspberry pi? I couldn't find anything on their website, so I assume not.

Off the top of my head, Project Sansar, High Fidelity, Janus VR, and WebVR, the former two aimed at shared multiplayer spaces, and the latter two aimed at turning webpages into VR. They might not use blockchains, but their goals are similar - of creating virtual worlds with user ownership abilities.

looks like node.js to me

oh and the actual land editor is Unity? Fantastic.

>Done. How do you want this? MEGA? Torrent?
Mega or Uploaded, please. Some ISPs block torrents.

>Currently working on that.
Most excellent, my man.

And I am still working on that FAQ.

Riot gear

>See this from the frontpage, looking for /csg/ to shitpost in
>Do I trust the satan trips telling me to take drugs and look into hacking?
Yeah nice get. I'm gonna start doing bad things with my life, that's an improvement over nothing.

If you develop an addiction you can use that for motivation, all aces from there.

i read a paper a grad student wrote about why hacker culture and anime culture overlaps so much. was interesting

Explain??

is cybrary a legit way to get into /sec/?

Of course, the courses are very high quality.

My recommendations for a beginner would be the A+/Sec+/Net+ courses, you don't even need to get certified if you have to. You need to know how things work if you want to break or work with them.

thanks mr shark

found it
phauna.org/papers/anime/anime.pdf

thanks mr shark

Cyberpunk news on BBC: bbc.com/future/columns/future-now

when cyberkinetic augments start coming out and becoming cheaper and more common, would you get them? e.g. legs that can run faster, make your hearing better, integrate your brain with facebook, whatever

me personally, the only thing i'd potentially be tempted to do is my eyes. my vision's really bad, so severely myopic that they say it's an increased risk of retinal detachment. i figure if my retina detached i'd probably go ahead and just get a cyborg eye put in there instead

>tfw eyes get hacked
>can't see anything

i wouldn't put anything in my body that can be hacked wirelessly desu. i'm sure there's ways to make eyes that are a completely closed system. just have it feed through a wire to the brain, don't use a wireless chip

I've had back problems since always, which implies issues regarding the nerves, so for me it would be amazing getting a titanium spine.

Unless they have physical access to it you just can't get your eyes hacked. Them having some sort of signal receiver from the government to make it stop working wouldn't be too far-fetched though.

that actually does make sense.
pic unrelated

Those types of augmentations won't come out for a long time if ever at all. Normal consumers will never get them, and most likely won't want them either.

>Lots of random information
Good stuff but your statement about "you'll probably learn more about hacking than you have over your entire miserable lives" is absurdly untrue.
You're learn about what is being done to you, but I've been over that site and while there is a lot of stuff RELATING to hacking and security, there's nothing specifically about it or how it's done.
Try to be less hyperbolic next time.

>if ever at all.
bullshit. why are you even in here?

put it in the op next time then

There are so fucking many websites with ALL THE IT BOOKS. I really wonder what % serve up malware with your .pdf of Learn Python the Hardway.

I also really wish there was a better way to sort the good books from the bad.

Cybrary has some really good and some really meh courses. Most people... in IT and in software dev... don't read books, study or apply themselves to learn. It doesn't matter where you start so much as it matters that you start and don't stop and cybrary is good free material.

Go to your local bsides, look up security meetup groups and make friends. Security is starving for people who will do work and filled with people who don't actually know.

thanks mr shark

>"The Invisible Internet Project (I2P) is a garlic routing using overlay network and darknet that allows applications to send messages to each other pseudonymously and securely. Uses include anonymous Web surfing, chatting, blogging and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node"
en.wikipedia.org/wiki/I2P

>"InterPlanetary File System (IPFS) is a protocol designed to create a permanent and decentralized method of storing and sharing files.[1] It is a content-addressable, peer-to-peer hypermedia distribution protocol. Nodes in the IPFS network form a distributed file system. IPFS is an open source project developed since 2014"
en.wikipedia.org/wiki/InterPlanetary_File_System

>"Tinc is an open-source, self-routing, mesh networking protocol, used for compressed, encrypted, virtual private networks. It was started in 1998 by Guus Sliepen, Ivo Timmermans, and Wessel Dankers, and released as a GPL-licensed project"
en.wikipedia.org/wiki/Tinc_(protocol)

>an implementation of Tinc, LibreVPN librevpn.org.ar/

allitebooks is legit though, don't trust that sign up shit

Biomods are better imo, I imagine they don't receive as much publicity because they are harder to profit from, and may even represent the end of big pharma

>tougher bodies
>lab mice are staying alive with 60% of their blood gone, thanks to a shot of estrogen

i think i'm good

Just imagine how extensively you could be tortured! What's not to like?

E.Y.E DIVINE CIBERMANCY REMAKE WHEN.

Seriously, its such a lovely game with a great atmosphere and concepts, but.
>source engine

Imagine an emt being able to keep someone with a severe injury alive en route to the hospital because of this.
How awful.

I can almost hear that conversation at DARPA:

>Mr President, we can now have soldiers continue to fight with sixty percent >of their bodies blown, or shot off. we expect to reach ninety percent in two >years. soon a soldier's severed head alone will be able to roll toward an >enemy, and detonate with brain implanted explosives, and steel teeth that >act as shrapnel.

cybemancy* my bad.

Imagine being tortured. I know you can't. But trust me, the cons far outweigh the pros.

Yeah, man. Why even do anything? It might be used for the wrong reasons!
What if we teach people cyber security? They might use it to break into stuff!
Idiot.

On who's hands?

Nope, the pros are there, and I like it