I've an lfi on a Java servlet app (tomcat). Found access log. Attempted to inject an out.print by appending the line after filename (s.jspbut it shows as plaintext, doesn't get interpreted. Any ideas?
it didn't have to be this way, but OP decided he had no choice but to combine two separate subjects into a cluster of ew.
Leo Jackson
How can I overpass ISP lookup on my data sending? Buying a VPN service? Or what?
Alexander Gonzalez
HTTPS everywhere is free, and hides the traffic, but your ISP will still see the domains you request
A VPN like PrivateInternetAccess is relatively cheap and hides all of that.
Robert Stewart
Lately firefox has a default option to check for HTTPS sites. How would this app make a difference?
Jack Turner
>OP it's been a thing for a few weeks now
Michael Brown
lfi doesn't give arbitrary code execution unless you can upload a file somewhere then include it with the requested page.
Kevin Ramirez
Remember
Joshua Perry
Would it be any better if we split /cyb/ and /sec/?
Jack James
Sure it is the same OP? One used a trip code.
Charles Reyes
i'm not against the merger
William Edwards
===Cyberpunk News
eetimes.com/document.asp?doc_id=1331769& > Counterfeit components are just about everywhere these days. Some are obvious if you give them a close inspection, but others are nearly impossible to identify. It's going to get worse as hackers add rogue code into programmable parts such as FPGAs.
Juan Flores
tfw ill never have a cyber-waifu like klossy to protect me from ebil russiab habbers
why eben lieb?
Austin Smith
just got my crypto class grade. not too bad, considering i bombed the first midterm but rallied enough to get it done. not posting it since eve might intercept
Jack Davis
>not posting it since eve might intercept This brings up a fun story: downlode.org/Etext/alicebob.html >Often the interference is so bad that Alice and Bob can hardly hear each other. On top of that Alice and Bob have very powerful enemies. One of their enemies is the Tax Authority. Another is the Secret Police. This is a pity, since their favorite topics of discussion are tax frauds and overthrowing the government.
Ryder Wright
What do you study?
Evan Perez
That was an interesting read.
Bentley Cook
>===Cyberpunk News Microsoft presents novel designs for virtual and augmented reality near-eye displays based on phase-only holographic projection youtu.be/lN4tFV16mU8
Yea, except 1) using a VPN for all traffic most likely puts you on a watchlist 2) it's the VPN provider instead of the ISP who sees all your traffic 3) the VPN provider can be made to hand over all your traffic history just as your ISP would.
Joseph Bailey
Doesn't change the fact that it's bullshit. No serious security-related discussion will take place in a thread shared with (or dominated by) a bunch of "hurr muh cyb" roleplayers/posers.
Isaiah Flores
Then use proxy chain and browser fingerprint randomizer over it.
Ian Sanchez
What are the best cybersecurity sites/blogs for checking daily? Don't want management shit and shilling for products, just interesting analysis of tech, protocols, vulns, tools etc. Also a decent clean layout is a bonus.
Gavin Edwards
You mean cracker?!
Sebastian Anderson
""""""""hacker""""""""" You're nobody until you're being chased by the feds
Josiah Foster
U.S. gubmint placed sanctions against her, so ....
Logan Reed
How can ameriwomen "coders" compete against her?
Leo White
it's a cs elective class, i'm not the best at the maths but i tried at the end and it paid off. will stick with it, since i like that career path as opposed to some webdev trash everyone wants to do for some reason with their degree. but the class was just an intro 2bqh
Jason Sanchez
>Also a decent clean layout is a bonus. shouldn't matter. gotta do the rss feeds for that shit.
Kayden Thompson
I'll place my sanction on her if you know what I mean. (I want to fuck her)
Connor Hughes
OP has a good list in the cybersecurity resources paste.
Aiden Bennett
I'd have full sexual intercourse with her, if you know what I mean.
Blake Martinez
Anyone have a recommendation for Kali linux training?
Gabriel Powell
Installed debian as my first linux distro. How do I learn linux? I feel like my grandma when I try to show her how to use windows. I don't even really get how to install stuff using Synaptic. Managed to use apt-get install to install wireless drivers but other than pasting a command from google I'm not sure how I edited sourcelist.
Hudson Torres
takes time, even some years in it i'm still learning things. just keep at it, and try to use it as your main OS. and don't wipe when it fucks, try to fix it yourself. web searching is your friend
Tyler Carter
> klossy > securing any network > coding anything else than a fucking tetris You can do better, cyber poser cuck
Caleb Cook
Your new best friend is 'man [command]'
Owen Reed
how do i find 0day
Christopher Hall
Download the free ebook The Linux Command Line from No Starch Press. Good way to get started with a terminal, figure out what the commands are actually doing
This guy has good videos in general on his channel. Don't worry about the fact that he's using Ubuntu.
Leo Reed
That's honestly terrible advice for somebody who says they feel like their grandma while using Linux. LFS is going to intimidate the living hell out of them and probably scare them away. LFS is great for learning about Linux, but you should really have the basics down before you start fucking around with it (unless you REALLY enjoy never understanding what the fuck you're supposed to be doing.)
Dylan Ortiz
Easiest way is to go to opennic.org/ and point your router's DNS at the nearest servers to you.
It's not encrypted or anything, but at least you're not sending DNS requests directly to your ISP's servers.
For better security you'd want DNSSec or DNSCrypt plus VPN, but fuck if I know how to get that running.
Joseph Cruz
>For better security you'd want DNSSec or DNSCrypt plus VPN
Problem with this is that obfuscating your traffic is going to draw attention, just as walking around a city center with a mask on would draw attention of cops or other security personnel.
Nathan Morales
Cheers guys, will have a look at all this.
Tyler Rogers
>tfw everyone here is a skid who doesn't find 0day
Owen Brooks
Fuzzing.
Chase Wood
Is it safe to turn off automatic time zone syncing on my smartphone with my OTP credentials on it? On the chance the skew becomes too great, will it be fine if I manually sync?
Jaxson Butler
How do people get viruses? Do they just download files they're not supposed to? Open email attachments that contain shit?
I mean, besides getting into your network or getting physical access to your computer, how would someone even go about infecting through a browser, especially a sandboxed one like Chrome?
I have no idea what I'm talking about desu, just wondering.
Nicholas Miller
wew not the same guy, but I'm also using debian as my first distro and jesus fuck just getting it installed on my laptop was fucking hard. First I installed it with no wifi and that fucked me up because I needed it for a full install, and all I got was a terminal. Had to start from scratch and somehow the partition got fucked and couldn't boot into windows anymore. So I had to use my googl-fu and get that shit fixed by myself. Then I finally understood that I needed to install some nonfree iwlwifi shit and load it during the install. Now I finally have it and am using it right now.
By the way, how do I make it look better? I'm using xfce as the DE. I want to get rid of the dock at the bottom.
Grayson Jones
I'm of the opinion that "this guy uses perfectly legal and common methods to encrypt his traffic" is preferable to "here's a list of every weird porn site, imageboard, and torrent tracker user's ever used, plus an archive of every post he ever made". Even if the second option is also totally legal and indistinguishable from the average user, all it takes is motivation to use that data to destroy you. I'm sure we've all posted some things "anonymously" that would incite a Twitter lynch mob and bar one from public-facing positions in the tech industry.
Logan Allen
Don't use xfce unless your hardware actually requires it. Yeah it's lightweight, but there is a lack of easy-to-use/configure packages for it. It's OK to use Gnome or another more noob-friendly DE.
Jordan Turner
xfce's fine, there's all sorts of DE-requirement-light applications that don't require all of gnome or kde to do just fine.
Samuel Parker
>viruses First off, the press in their supreme ignorance conflates worms, trojans and virus and malware all into the one single word virus. Thus in the real world the way it happens depends on the actual type of problem.
Last time I experienced this was when consultants plugged their festering lap tops into our air gapped network.
A more recent problem is when archives have been manipulated so downloaded binaries or source comes with a backdoor through which malware flows in.
Lucas Hall
they aren't russian government hackers who will sell you out to putin?
Connor Adams
intelligent fuzzing or source code path analysis with constraints
Gabriel Brooks
>i'm not against the merger This is weird. The merger was based on the idea that there were common interests and thus a better chance that these threads would survive for more than one day.
Seems to be though that /cyb/ has more interest in /sec/ than /sec/ has interest in /cyb/. Perhaps time for a straw poll?
Gavin Stewart
>strawpoll >not a botnet
Austin Carter
How do I get rid of botnet "features" from Ubuntu?
Jaxon Gomez
>Ubuntu That is your problem. Use a less cucked distro like Debian.
Jonathan Davis
I had similar problems. Didn't have a big memory stick so had to install the one without a DE (unknowningly) until I reinstalled it with ethernet. Had problems with GRUB/ windows bootloader and last on UEFI you have to turn secure boot on to set the file as trusted before turning secure boot off again because it's unsigned.
Cooper Rogers
Lens, you mean? I thought these had all been removed.
If not, use a firewall on a separate machine and block all suspect addresses. There are gigantic hosts files you can use.
There's is no need for a strawpoll, the merge with /cyb/ was mostly out of convenience even though not asked at all. /sec/ simply doesn't have enough people to sustain a general, and /cyb/ is the most suitable general to be merged with because the rest are mostly pa/g/eets or Sup Forumsermin, at least your culture sorta resembles ours.
Carson Edwards
Would changing my legal name before I move to my new apartment help me escape from the botnet? Also, ow do y'all at /cyb/ handle using non-legal aliases?
Aiden Barnes
YouTube. Google. Please just apply a single ounce of effort once in your miserable life.
James Martinez
Do the "bandit" wargames from "overthewire"
It's how I learnt Linux. Gets you used to basic shit, like rooting through directories, copying, moving, chmod, ssh, keys.
Wargames need to be in the OP, and overthewire is the site everyone even remotely interested in learning about Linux and security needs to look at.
David Perez
What kind of question are you actually asking here?
Safe in what way? Are you worried your phone will blow up because you changed some setting? What do you think is going to happen you need to be "safe" from..?
Kayden Lewis
Wargames were in the OP until fucking retarded OP decided to remove the /sec/ pastebin and put some bullshit pastebin he pulled out of his faggot ass and refuses to change it.
Luis Walker
>air gapped network I'm going to ask you to have a little think about what you just said.
Bentley Collins
No it would not. Why would you think performing an act that requires you to provide information to the public, MORE THAN IF YOUD JUST KEPT YOUR NAME, would free you from people knowing you exist? Do you think, ever?
Do you think really, it would be good OPSEC to tell the government that you want to be officially referred to by one of your aliases from now on? What do you think you'll achieve by doing that?
Logan Peterson
Fucks sake. I'll spend some time on Rebeccablack then and find the old sec pasta.
Adam Bailey
Continuing with this, does there exist a way to be anonymous and secure, while also keeping under the radar?
Cooper Cooper
I've pasted it in every thread since, pastebin.com/UY7RxEqp. It's in #Sup Forumssec's topic.
Benjamin Gray
As said LEGALLY changing your name is a terribad idea, you're just giving the government information to track you.
What you would have to do is use a fake name, get a fake ID, driver's license, etc. and do everything under your new fake name. You'd run into problems with that too though.
Joseph Wood
Was browsing F-Droid and saw this app, AIMSICD. Does anybody have any info on it? Is it any good?
Chase Fisher
>Botnet Are there any poll services that are not botnets out there?
Thomas Smith
Done.
Basically we had an internal network (think: lab with server and client) very much NOT to be anywhere near the Internet or any public network.
Are you familiar with red/black rules?
William Hughes
Quick question: if you include a log file and can force a log entry to be code can you inject that way?
Blake Torres
Of course not, they're literally information gathering websites. That information gets sold to bigger brokers and ends up with google and facebook's data in god knows what corporate databases.
Landon Richardson
Does anyone here by any chance know a good place to source malware samples? I love fucking around with them, but I have no idea where to get them from.
Connor Nguyen
>lab with server and client This does not sound airgapped at all.
The first result after punching "malware samples" into google
Seriously what the fuck is up with this thread? How are you people this fucking useless?
Camden Young
Did you read the question?
He didn't ask for just any place, he asked for a GOOD place.
Daniel Rogers
pretty much a cybersec newb taking steps to improve.
I have my ISP completely locking my router, I can't even change wifi password, add mac filtering, let alone change DNS. I have to call them to do anything, open a port and shit. Also had to call them to activate the router.
I feel opressed like shit, and the contract (which had no mention of this whatsoever) says I gotta stay with these fuckers for at least 2 years or I have to pay like 150$ fee.
How does this work? Do they have a backdoor in my router, and they can possibly intercept any traffic going on my network, redirect DNS to w/e they want to, despite what DNS I set locally and more I suppose?
What can I do until the 2 year period expires, besides buying a logless vpn to have more privacy?
Fuck me sideways
Jeremiah Turner
I was more looking for recommendations from people with experience than whatever google gives me as the first result.
Yeah it's the same pastebin but split. If you go to the account of the pastebin it's all the same, I split it because they felt the links from /cyb/ outweighted those from /sec/.
Michael Thomas
That's what ISPs do nowadays to have an almost complete overview of and control over the customer's own LAN. Your local network is basically a private subnet admnistered by them (you can set up the endpoints as you wish, but they can monitor all the traffic on the LAN (assuming it's just one L2 network with no other switches/access points than those integrated into the router) and have control over all the firewall/NAT/gateway/access point/etc. settings.
What you should do is to look up information on that particular device model they gave you and figure out if it can be switched to bridged mode, essentially stopping being a router and making it a pure residential gateway. If so, ask them to switch it to bridged mode and buy a router of your own which is then going to have a public IP on its internet-facing interface and which is going to be under your control (and which will prevent them from directly seeing hosts and traffic on your LAN.
Jack Collins
Thanks for the detailed response, user.
> ask them to switch it to bridged mode Thought about something like that, or even asking if I could switch router, but the paranoid me also thought it could trigger them into looking in my traffic, or they could simply tell me to fuck off, like they did when I first called to setup the router, when I asked "Why the fuck should I tell you my wifi password if I wanna change it?" and they told me "It's a proprietary router, it's just like this".
Now, I basically don't care if they know what porn sites I visit and I torrent for just anime, ebooks, and such, but I feel like it's a severe violation of my rights, I pay them the connection from my router to the internet, not to put them inside my LAN, ffs.
One more thing, as far as torrenting goes, can they see specifically what I download or just that I'm torrenting? Any way to hide it beside going VPN? Could using a VPN trigger them into telling me "hey fucker, we don't allow VPN traffic, turn it off or we throttle you" or something.