Anyone working on any cool projects? I've got an old oculus dk2 I want to do something with. The lag is bad though. Thought about adding camera and a heads up display. Basically a super fucking complicated android overlay. Anyway. Kinda cyberpunk.
Evan Adams
Is it worth running a botnet?
Cameron Ortiz
People complain about Win10 phoning home
Is there no way that outgoing requests to Microsoft can be blocked automatically?
Meaning wangblows phones home as normal, but the request is blocked from actually going through
Possible?
Jose Ward
tfw i still cant even find some browser that doesn't try to fucking spy you
Elijah Russell
Yes its possible. Install windows firewall controller 4 freeware. set to medium security and secure rules Disable non WFC rules. it will stop all outgoing except what you chose.
even win10 apps is blockable like cortana and such bullshit.
check it out man
Luke Moore
For what purpose?
I might have to stop using DDG, earlier it popped a message up offering to give me tips on privacy in exchange for my email address. It was amazing.
Jason Ortiz
To make money.
Jaxon Harris
I'll try it, cheers dude
Know of any full lists of botnet requests that it makes? Think the Sup Forums wiki used to have one but it's down
Adam Gutierrez
How?
Brayden Rivera
With fraud
Matthew Cooper
Meme post here and I apologize, but someone stole my personal and work phones in early April. I've gotten several two-factor authentication texts from their accounts, which is weird. Are they using my number? How can I backtrack the phones?
Asher Wright
Report your phone as stolen to the police. Report the work phone as stolen to your IT dept.
Charles Reed
you can add a lockscreen remotely, and enable GPS so you can see where your phone is.
on an android anyway
Luis Garcia
>tfw OP keeps using the shitty /sec/ resources pastebin
Xavier Hall
Yo what distros do you guys use? Thinking about getting into Void Linux.
Jayden Martin
hahahahahaha
ok
Adam Sanchez
Is that CDE?
Daniel Fisher
You're gonna become a fucking gargyle? Aren't you socially retarded enough as it is?
Iridium and Brave are the only serious browsers at the moment.
Samuel Bennett
What can you even do with a botnet? I'm not actually interested in doing anything malicious. Back when I was a kid, I went through a phase where I would download those runescape phishers from YouTube and then find the gmail account it mailed all the data to. It was incredibly effective, I ended up with hundreds of username/passwords. I never did anything with them, I just signed into people's accounts and read all their stuff. It was usually mundane stuff but some of it was cool. I also used to look at people's unsecure webcams and stuff. I've always had a weird interest in watching strangers, while having complete respect of privacy of people I know.
Joshua Nelson
Most of us use Debian/Ubuntu or Windows. In the industry you will find either Windows, RHEL/CentOS or FreeBSD.
Thomas Sanders
How did you get the passwords? I'm not quite sure I follow.
Anthony Ross
Only worth it if you don't mind eventually being jailed for 20 years at some point in your life.
Justin Evans
...
Julian Edwards
cute
how do i get into this
Luke Turner
The way those phishers usually worked was by claiming to be a "gold generator" or something, and telling the victim to enter their account information into a GUI. It logged whatever the victim inserted into the Username/password field, then immediately sent it to a gmail account. 9 times out of 10 the username and password of the gmail account was unencrypted, so you could just sign into that gmail account and piggyback off of it. Sometimes I'd change the password of the email account, but that was stupid as it just let them know something was up.
Asher Wood
any cheesy but fun cyberpunk movies like Hackers(1995)?
Jaxson Nelson
Swordfish lol
Bentley Bennett
I consider Logan's Run (1976) to be the earliest movie I ever encountered that had most of the common cyberpunk elements.
In Logan's Run, there was a central computer system that tracked every person in society, and when they turned 30 years old, the computer summoned them to enter "Carrousel" -- a ceremony in which they would end up getting killed. The plot was classic cyberpunk -- it focused on a small group of people who resisted the system, escaped it, and ultimately wanted to destroy it.
Has anyone seen any movies prior to Logan's Run that have most of the common cyberpunk elements? (Dystopian or authoritarian urban society, a heavy reliance on information technology, and a focus on those who are marginalized or who resist the system.)
Jaxson Gomez
Is it true that there's a shortage of cyber security workers? Is it even a good job to have?
Gavin Moore
It's a lot better than Software Development/Being a code monkey.
If you can't find a job just go black hat, after all crackers are the reason Cyber Security workers are even working. Who knows you might score big.
Nolan Sullivan
Stop it at your router.
Cooper Ward
I'm rewriting Forban in Ruby.
Hudson Peterson
This. If you get into hacking and infosec just go blackhat after your job or some shit. That's where all the 'cool' hacker type stuff is at anyways
Charles Bailey
Now that Lavabit email is back, is there anyway to get all your old emails back? I lost a lot of memories when they went down.
Alexander Walker
I'm working with making a solar charged light system for my bike.
Jeremiah Hall
What is the most easy way to make a meshnet B.A.T.M.A.N OLSR or Wifi-S?
Jace Ward
...
Joshua Morgan
lynx
Carson Ramirez
>and read all their stuff >complete respect of privacy did you ever once notify them? grey hat at best.
Jeremiah Cox
there's a shortage, but imho it's not worth the risk.
Jonathan Evans
Yes there's a shortage. Yes it's a good job, often pays twice what developers make.
You can quickly get into the executive board if you go into security as well. This is how:
- get dev job, either junior or senior. - program shit - start writing your own security tests of whatever it is you're making (read gray hat python to do this, Art of Software Security Assessment, ect). - often corporations have no security department so will just appoint you security lead or head. - from there start taking infrastructure security, read books about security management (google has written many, or read google's SRE book and apply it to security tests) - apply to be Chief Information Security Officer - congrats your CISO on the board
Ryder Edwards
>often corporations have no security department so will just appoint you security lead or head. valid
Leo Foster
This has probably been asked before, but how reliable is the security on Signal?
Kayden Collins
Extremely reliable.
The problem is how reliable is the security on your device. Probably joke tier. So don't use it for anything super seekrit that involves you going to jail.
Hunter Long
your favorite phone's chipset is compromised. the manufacturer can keylog you no problem. the software is secure though i think. these phones might be legit though: silentcircle.com/buy/
Bentley Green
>the software to clarify, Signal
Colton Robinson
I'm starting college with a major in Computer Networking/Cyber Security how fucked am I
Thomas Allen
when if ever should one use selinux?
Carson Watson
you'll know the first time they tell you what software to use for class. if it only runs on windows, you're fucked.
Kayden Allen
It's not.
If you want a decent phone, get a Nexus 5x or 6p. Install CopperheadOS on it. Then use Signal. That's as good as security as you can get with a mobile device.
Also phones these days no longer allow the baseband any DMA. It's a (micro) serial connection these days.
Joshua Anderson
if that happens, drop out immediately and do your own research and if necessary, work at mcdonald's
Adam James
what's not, the blackphone?
Christian Fisher
SELinux is useful for creating a sandbox for looking at PDFs or for your browser. Like if you ran Firejail and then created an SELinux lockout for Firejail otherwise not very useful.
SELinux was just supposed to be a temporary fix, it was a Proof Of Concept that the NSA showed the Linux dev team what could be done to minimize attacks and Linux team being lazy as fuck never did sweet fuck all to roll their own mandatory access control and just went with the SELinux kernel mod/hooks.
I'd suggest Grsecurity but that ship has sailed I don't even know if arch/gentoo fags can still use their patches anymore
Grayson Lee
Blackphone has had a lot of problems, thegrugq has written extensively about them in the past.
It's a proprietary phone without any kind of real exploit mitigation. CopperheadOS does have real exploit mitigation, and costs 1/4 the price.
If you were any kind of drug dealer you would be using Iphones anyway (latest ones with secure enclave) and texting each other in code. If you were some sort of nation state agent you'd be using SubgraphOS
Alexander Taylor
seems legit. every time i've tried implementing it, it was a massive timesuck. i'm aware it was an nsa thing...go figure it's not practical.
interesting
Noah Nelson
>tfw too intelligent for computer programming so you had to settle for cyber security
>you will never be an operating system/kernel developer
Isaiah Rogers
>larping that never using phones (or computers for that matter) is possible i just realized you didn't address the issue of firmware backdoors. do either of these OSes update the phone's firmware? if not, especially if it's proprietary firmware, there's no way to confirm or deny the existence of firmware vulnerabilities.
Lincoln Gutierrez
texting as in using Signal, and iPhones as in buying them through a third party and using VPNs out of the country. Typical street gang running a dial a dope operation is doing exactly this.
I'm actually reading Modern Operating Systems right now and pretending I'll actually some day be able to write for the linux kernel
Daniel Murphy
sure that works, until you get keylogged and triangulated. i'm still waiting for an answer to
Jeremiah Young
Of course there will be firmware vulnerabilities, but the question is does it have DMA to the application OS which is no.
It does however have access to phone storage, as evidence by the Samsung backdoor discovered by ReplicantOS, however if you're using Signal that is encrypted so useless.
If you're really paranoid put your phone in airplane mode and carry around a mobile wifi AP, use that with a VPN. Problem is that mobile wifi will likely leak your location everywhere by broadcasting your mac (which you can't change as mobile AP's are all proprietary) so don't be carrying it to any hits of your drug dealer enemies with it leave the phone at home.
Carter Morales
>tfw working in my dream job, infosec >people think I'm awesome, knowledgeable, etc >very insecure about myself and my knowledge, I feel like a cheater. there are much better people than me (perhaps not at this place, though) love my job, but fucking hell, sometimes I wonder if shit will hit the fan some day because of my (known or unknown) mistakes, or something
Josiah King
that's called imposter syndrome, everybody has it.
there's always somebody 'better' than you at whatever it is you're doing, but I guarantee they have the same imposter syndrome
Grayson Young
Did you pursue a traditional education or are you self-taught? Just curious. I'm interested in getting into the field and I'd like to know what actually works for people.
Josiah Williams
>drugs are bad mmkay
>access to phone storage and devices like touchscreens which can be keylogged
>mobile AP's are all proprietary this seems questionable but i don't care enough to research it myself right now
Justin Gray
I wouldn't start with the linux kernel.
I would go to FreeBSD/OpenBSD instead first as it's easier to do commits. Or try GuixSD they're always looking for people, and have a Linux Libre kernel they use you could work on then later push upstream the changes.
Just keep at it and read shit, like the classic Lions Guide to a TImesharing OS. Personally I wouldn't bother with kernel.org because it's entirely samsung and corporate shills who work on it these days
James Diaz
this is why i refuse to work in the medical industry. supply and demand is a thing. thank god hajeeb didn't get your job. keep researching.
Landon Rodriguez
>cyberpunk >cybersecurity >uses pastebin
???
Jose Foster
the problem is I don't even know how to program and I only have a basic grasp on the concepts behind it
Owen Smith
yep. we're all gonna die. soon.
Cameron Reed
How are they going to keylog with CopperheadOS or Iphone. Maybe if you're a terrorist and they want to burn a 100,000+ USD 0day. If you have a VPN how exactly are they supposed to get the telemetry back of the screen movements now we are talking a 150,000+ USD exploit as it needs to hide itself in LinkedIn updates or something and piggyback to it's C&C server.
I'd be more worried about police just watching you with binoculars typing on your phone and following you around than any kind of remote exploit at that level.
Then do CS:APP as linked above (you can buy that book for $20 on Abe Boks).
Then finish the Tanenbaum book it will actually make sense. CS:APP is self contained you don't even need to know C it will teach you enough or crash course read K&R as you go.
Logan Lewis
Well I understand Modern Operating systems 100% and I find it absolutely fascinating. I just don't know how to program.
I'm going to check out the other resources though because I really wanna learn how to do this stuff
Brayden Richardson
what kind of router would let you do this?
I've got a netgear something or other, it's decent but the interface is total dogshit and I doubt it'll let me block things so specifically
Kayden Jones
he's talking about a Router router, not a consumer wireless access point/modem/router combo
Oliver Reed
for the sake of the argument, i'm being as paranoid as possible. wouldn't "they" only have to burn that $150,000 0day once? what if "they" used a hardware exploit that talked to exploited cell towers. can't patch that without replacing the phone and/or tower server. that wouldn't require linkedin or anything...just straight send serialized keystrokes over 3g/4g from the phone to the tower then to fuckall.
Joshua Long
make your own router openbsd runs on those cheap arm boxes or buy a ubiquity lite
Jaxon Hernandez
a hardware exploit would definitely be more expensive, but you only have to spend the money once.
Pick and choose from it. The authors of HtDP also have a second book here free papl.cs.brown.edu/2016/ but it assumes you've already done how to design programs (HtDP) book/course, which is the above edx.org linked course. It's a 3 part series, easy to do, done in Racket, you get really good and writing functions and can just ease into C it's how I learned.
But the hardware would need direct memory access to the application OS which it does not anymore, not since like 2009.
Just get SubgraphOS on a laptop and change the wifi MAC every day. Throw out that laptop after a month and use a new one bought used off craigslist or something. I assume you aren't a terrorist if you are I suggest you immediately join ISIS and hopefully die in the deserts of Syria.
Levi Hernandez
what if there was memory built into the cpu though? lol no i'm i voted for Trump. MAGA. libertarian for like 10 yrs.
Jaxon Bailey
There is, it's a system on chip but it's connected serially to the application OS (for now) so a hardware exploit wouldn't do shit. Police are much more likely to just find you via opsec failures (you giving away too much info like every hacker has ever done) and holding you for a week without a lawyer like they typically do.
You should just follow people on twatter who know these things like thegrugq or twitter.com/jcase
Eli Brown
>There is, it's a system on chip i'm gonna go ahead and count this as a win. also, i'll agree with you that >Police are much more likely to just find you via opsec failures this proves nothing, but i don't actively test this kind of thing. i like reading about it though. great conversation.
James Harris
>Did you pursue a traditional education or are you self-taught? failed engineering student, dropped out before 3rd year of college (and 6 actual years in 2 different unis...) what worked is contacts + CVEs + a bit of knowledge of a lot of things. in fact, me joining the company was almost an accident.
you have to keep learning, reading articles/news, doing/trying things, etc. infosec is broad and fun, and now you can even make a lot of money while learning. for example, OWASP + bug bounties = $$$, and stuff like this makes it rewarding: slashcrypto.org/2017/05/17/5k_Error_Page/ also, keep reading stuff from bug bounties, these things are very motivational. I mean, some people find really cool stuff, some people make easy $$ from dumb mistakes
Zachary Morgan
That is an awesome resource you assembled, thanks a ton for doing the legwork. Wish more anons were helpful like you.
Dominic Hernandez
If you get any kind of good at Standard ML go apply to Janes Street Capital they use OCaml, and it's fintech so you make a stupid amount of money.
They have a security department too, in fact the 'hardened' OCaml libraries they use are pretty interesting which I use these days
Luis Fisher
Thanks for the goldmine
Sebastian Morgan
>The lag is bad though
Is your PC under-powered? If it's dropping below 75 fps then something's wrong.
Alexander Jones
What are some good/fun vulnhub images? Bored as fuck.
Tyler Jenkins
Yes. And add to this links et al. text based browsers are the safest with the fewest dark corners for malware to hide.
Ian Hernandez
>management That's where all the boring stuff happens, you want to get in on the good security stuff you have to learn it and put tons of effort in it. Minimum cert you want to get is CISSP in you want to get into management.
Lincoln Cook
You can still use grsecurity with 4.9 LTS look up minipli maintains 4.9 LTS with grsec.
Nathaniel Williams
Metropolis (1927) is frequently cited as early Cyberpunk.
I saw Logan's Run. Talking sense to a computer to blow it up was old after Star Trek.
Charles Jackson
The chance to get rich of bug bounties is very small, hell the worst part about it is there is no way to check if your bug has already been reported and if it is you ain't get shit poof wasted hours/days/months..