Kremlin Edition
/cyb/ /sec/ general is for discussion of anything and everything related to cyberpunk and cybersecurity.
>what is cyberpunk?
pastebin.com
>cyberpunk directory
pastebin.com
>nothing to hide? please.
youtu.be
>cybersecurity essentials
pastebin.com
>cybersecurity resources
pastebin.com
>thread archive
archive.rebeccablacktech.com
>thread backup
cyberpunked.org
>previous thread
>irc://irc.rizon.net:6697
join #Sup Forumspunk and #Sup Forumssec
Other urls found in this thread:
pastebin.com
support.mozilla.org
eetimes.com
downlode.org
youtu.be
bbc.com
youtube.com
opennic.org
strawpoll.me
pastebin.com
zeltser.com
pastebin.com
pastebin.com
pastebin.com
pastebin.com
pastebin.com
twitter.com
bump
I've an lfi on a Java servlet app (tomcat). Found access log. Attempted to inject an out.print by appending the line after filename (s.jspbut it shows as plaintext, doesn't get interpreted. Any ideas?
* your new browser is firefox.
be sure to go into options, then security, and uncheck block malicious content.
why?
>why?
It seems the objective of the guide is to have a browser free from 'automatic connections' to the other parties trusted or otherwise. See:
support.mozilla.org
cringe thread
it didn't have to be this way, but OP decided he had no choice but to combine two separate subjects into a cluster of ew.
How can I overpass ISP lookup on my data sending? Buying a VPN service? Or what?
HTTPS everywhere is free, and hides the traffic, but your ISP will still see the domains you request
A VPN like PrivateInternetAccess is relatively cheap and hides all of that.
Lately firefox has a default option to check for HTTPS sites. How would this app make a difference?
>OP
it's been a thing for a few weeks now
lfi doesn't give arbitrary code execution unless you can upload a file somewhere then include it with the requested page.
Remember
Would it be any better if we split /cyb/ and /sec/?
Sure it is the same OP? One used a trip code.
i'm not against the merger
===Cyberpunk News
eetimes.com
> Counterfeit components are just about everywhere these days. Some are obvious if you give them a close inspection, but others are nearly impossible to identify. It's going to get worse as hackers add rogue code into programmable parts such as FPGAs.
tfw ill never have a cyber-waifu like klossy to protect me from ebil russiab habbers
why eben lieb?
just got my crypto class grade. not too bad, considering i bombed the first midterm but rallied enough to get it done.
not posting it since eve might intercept
>not posting it since eve might intercept
This brings up a fun story: downlode.org
>Often the interference is so bad that Alice and Bob can hardly hear each other. On top of that Alice and Bob have very powerful enemies. One of their enemies is the Tax Authority. Another is the Secret Police. This is a pity, since their favorite topics of discussion are tax frauds and overthrowing the government.
What do you study?
That was an interesting read.
>===Cyberpunk News
Microsoft presents novel designs for virtual and augmented reality near-eye displays based on phase-only holographic projection youtu.be
>===Cyberpunk News
bbc.com
How automation will affect employment and especially the middle class.
whose the girl though?
Emergency bump from 10!
Alisa Shevchenko , a Russian hacker.
key the metal idol is cyb
Yea, except
1) using a VPN for all traffic most likely puts you on a watchlist
2) it's the VPN provider instead of the ISP who sees all your traffic
3) the VPN provider can be made to hand over all your traffic history just as your ISP would.
Doesn't change the fact that it's bullshit. No serious security-related discussion will take place in a thread shared with (or dominated by) a bunch of "hurr muh cyb" roleplayers/posers.
Then use proxy chain and browser fingerprint randomizer over it.
What are the best cybersecurity sites/blogs for checking daily? Don't want management shit and shilling for products, just interesting analysis of tech, protocols, vulns, tools etc. Also a decent clean layout is a bonus.
You mean cracker?!
""""""""hacker"""""""""
You're nobody until you're being chased by the feds
U.S. gubmint placed sanctions against her, so ....
How can ameriwomen "coders" compete against her?
it's a cs elective class, i'm not the best at the maths but i tried at the end and it paid off. will stick with it, since i like that career path as opposed to some webdev trash everyone wants to do for some reason with their degree.
but the class was just an intro 2bqh
>Also a decent clean layout is a bonus.
shouldn't matter. gotta do the rss feeds for that shit.
I'll place my sanction on her if you know what I mean.
(I want to fuck her)
OP has a good list in the cybersecurity resources paste.
I'd have full sexual intercourse with her, if you know what I mean.
Anyone have a recommendation for Kali linux training?
Installed debian as my first linux distro. How do I learn linux? I feel like my grandma when I try to show her how to use windows. I don't even really get how to install stuff using Synaptic. Managed to use apt-get install to install wireless drivers but other than pasting a command from google I'm not sure how I edited sourcelist.
takes time, even some years in it i'm still learning things. just keep at it, and try to use it as your main OS. and don't wipe when it fucks, try to fix it yourself. web searching is your friend
> klossy
> securing any network
> coding anything else than a fucking tetris
You can do better, cyber poser cuck
Your new best friend is 'man [command]'
how do i find 0day
Download the free ebook The Linux Command Line from No Starch Press. Good way to get started with a terminal, figure out what the commands are actually doing
linux from scratch my friend
I forgot, there's a really good set of videos on Youtube for beginners: youtube.com
This guy has good videos in general on his channel. Don't worry about the fact that he's using Ubuntu.
That's honestly terrible advice for somebody who says they feel like their grandma while using Linux. LFS is going to intimidate the living hell out of them and probably scare them away. LFS is great for learning about Linux, but you should really have the basics down before you start fucking around with it (unless you REALLY enjoy never understanding what the fuck you're supposed to be doing.)
Easiest way is to go to opennic.org
It's not encrypted or anything, but at least you're not sending DNS requests directly to your ISP's servers.
For better security you'd want DNSSec or DNSCrypt plus VPN, but fuck if I know how to get that running.
>For better security you'd want DNSSec or DNSCrypt plus VPN
Problem with this is that obfuscating your traffic is going to draw attention, just as walking around a city center with a mask on would draw attention of cops or other security personnel.
Cheers guys, will have a look at all this.
>tfw everyone here is a skid who doesn't find 0day
Fuzzing.
Is it safe to turn off automatic time zone syncing on my smartphone with my OTP credentials on it? On the chance the skew becomes too great, will it be fine if I manually sync?
How do people get viruses? Do they just download files they're not supposed to? Open email attachments that contain shit?
I mean, besides getting into your network or getting physical access to your computer, how would someone even go about infecting through a browser, especially a sandboxed one like Chrome?
I have no idea what I'm talking about desu, just wondering.
wew not the same guy, but I'm also using debian as my first distro and jesus fuck just getting it installed on my laptop was fucking hard.
First I installed it with no wifi and that fucked me up because I needed it for a full install, and all I got was a terminal.
Had to start from scratch and somehow the partition got fucked and couldn't boot into windows anymore. So I had to use my googl-fu and get that shit fixed by myself.
Then I finally understood that I needed to install some nonfree iwlwifi shit and load it during the install.
Now I finally have it and am using it right now.
By the way, how do I make it look better? I'm using xfce as the DE. I want to get rid of the dock at the bottom.
I'm of the opinion that "this guy uses perfectly legal and common methods to encrypt his traffic" is preferable to "here's a list of every weird porn site, imageboard, and torrent tracker user's ever used, plus an archive of every post he ever made". Even if the second option is also totally legal and indistinguishable from the average user, all it takes is motivation to use that data to destroy you. I'm sure we've all posted some things "anonymously" that would incite a Twitter lynch mob and bar one from public-facing positions in the tech industry.
Don't use xfce unless your hardware actually requires it. Yeah it's lightweight, but there is a lack of easy-to-use/configure packages for it. It's OK to use Gnome or another more noob-friendly DE.
xfce's fine, there's all sorts of DE-requirement-light applications that don't require all of gnome or kde to do just fine.
>viruses
First off, the press in their supreme ignorance conflates worms, trojans and virus and malware all into the one single word virus. Thus in the real world the way it happens depends on the actual type of problem.
Last time I experienced this was when consultants plugged their festering lap tops into our air gapped network.
A more recent problem is when archives have been manipulated so downloaded binaries or source comes with a backdoor through which malware flows in.
they aren't russian government hackers who will sell you out to putin?
intelligent fuzzing or source code path analysis with constraints
>i'm not against the merger
This is weird. The merger was based on the idea that there were common interests and thus a better chance that these threads would survive for more than one day.
Seems to be though that /cyb/ has more interest in /sec/ than /sec/ has interest in /cyb/. Perhaps time for a straw poll?
>strawpoll
>not a botnet
How do I get rid of botnet "features" from Ubuntu?
>Ubuntu
That is your problem. Use a less cucked distro like Debian.
I had similar problems. Didn't have a big memory stick so had to install the one without a DE (unknowningly) until I reinstalled it with ethernet. Had problems with GRUB/ windows bootloader and last on UEFI you have to turn secure boot on to set the file as trusted before turning secure boot off again because it's unsigned.
Lens, you mean? I thought these had all been removed.
If not, use a firewall on a separate machine and block all suspect addresses. There are gigantic hosts files you can use.
strawpoll.me
Botnet, not okay.
There's is no need for a strawpoll, the merge with /cyb/ was mostly out of convenience even though not asked at all. /sec/ simply doesn't have enough people to sustain a general, and /cyb/ is the most suitable general to be merged with because the rest are mostly pa/g/eets or Sup Forumsermin, at least your culture sorta resembles ours.
Would changing my legal name before I move to my new apartment help me escape from the botnet? Also, ow do y'all at /cyb/ handle using non-legal aliases?
YouTube. Google. Please just apply a single ounce of effort once in your miserable life.
Do the "bandit" wargames from "overthewire"
It's how I learnt Linux. Gets you used to basic shit, like rooting through directories, copying, moving, chmod, ssh, keys.
Wargames need to be in the OP, and overthewire is the site everyone even remotely interested in learning about Linux and security needs to look at.
What kind of question are you actually asking here?
Safe in what way? Are you worried your phone will blow up because you changed some setting? What do you think is going to happen you need to be "safe" from..?
Wargames were in the OP until fucking retarded OP decided to remove the /sec/ pastebin and put some bullshit pastebin he pulled out of his faggot ass and refuses to change it.
>air gapped network
I'm going to ask you to have a little think about what you just said.
No it would not. Why would you think performing an act that requires you to provide information to the public, MORE THAN IF YOUD JUST KEPT YOUR NAME, would free you from people knowing you exist? Do you think, ever?
Do you think really, it would be good OPSEC to tell the government that you want to be officially referred to by one of your aliases from now on? What do you think you'll achieve by doing that?
Fucks sake. I'll spend some time on Rebeccablack then and find the old sec pasta.
Continuing with this, does there exist a way to be anonymous and secure, while also keeping under the radar?
I've pasted it in every thread since, pastebin.com
As said LEGALLY changing your name is a terribad idea, you're just giving the government information to track you.
What you would have to do is use a fake name, get a fake ID, driver's license, etc. and do everything under your new fake name. You'd run into problems with that too though.
Was browsing F-Droid and saw this app, AIMSICD. Does anybody have any info on it? Is it any good?
>Botnet
Are there any poll services that are not botnets out there?
Done.
Basically we had an internal network (think: lab with server and client) very much NOT to be anywhere near the Internet or any public network.
Are you familiar with red/black rules?
Quick question: if you include a log file and can force a log entry to be code can you inject that way?
Of course not, they're literally information gathering websites. That information gets sold to bigger brokers and ends up with google and facebook's data in god knows what corporate databases.
Does anyone here by any chance know a good place to source malware samples? I love fucking around with them, but I have no idea where to get them from.
>lab with server and client
This does not sound airgapped at all.
zeltser.com
The first result after punching "malware samples" into google
Seriously what the fuck is up with this thread? How are you people this fucking useless?
Did you read the question?
He didn't ask for just any place, he asked for a GOOD place.
pretty much a cybersec newb taking steps to improve.
I have my ISP completely locking my router, I can't even change wifi password, add mac filtering, let alone change DNS. I have to call them to do anything, open a port and shit. Also had to call them to activate the router.
I feel opressed like shit, and the contract (which had no mention of this whatsoever) says I gotta stay with these fuckers for at least 2 years or I have to pay like 150$ fee.
How does this work? Do they have a backdoor in my router, and they can possibly intercept any traffic going on my network, redirect DNS to w/e they want to, despite what DNS I set locally and more I suppose?
What can I do until the 2 year period expires, besides buying a logless vpn to have more privacy?
Fuck me sideways
I was more looking for recommendations from people with experience than whatever google gives me as the first result.
Will they not allow you to replace the router?
> /sec/
Learning: pastebin.com
CTF/Wargames: pastebin.com
News: pastebin.com
Other useful stuff: pastebin.com
Essentials Pastebin: pastebin.com
Yeah it's the same pastebin but split. If you go to the account of the pastebin it's all the same, I split it because they felt the links from /cyb/ outweighted those from /sec/.
That's what ISPs do nowadays to have an almost complete overview of and control over the customer's own LAN. Your local network is basically a private subnet admnistered by them (you can set up the endpoints as you wish, but they can monitor all the traffic on the LAN (assuming it's just one L2 network with no other switches/access points than those integrated into the router) and have control over all the firewall/NAT/gateway/access point/etc. settings.
What you should do is to look up information on that particular device model they gave you and figure out if it can be switched to bridged mode, essentially stopping being a router and making it a pure residential gateway. If so, ask them to switch it to bridged mode and buy a router of your own which is then going to have a public IP on its internet-facing interface and which is going to be under your control (and which will prevent them from directly seeing hosts and traffic on your LAN.
Thanks for the detailed response, user.
> ask them to switch it to bridged mode
Thought about something like that, or even asking if I could switch router, but the paranoid me also thought it could trigger them into looking in my traffic, or they could simply tell me to fuck off, like they did when I first called to setup the router, when I asked "Why the fuck should I tell you my wifi password if I wanna change it?" and they told me "It's a proprietary router, it's just like this".
Now, I basically don't care if they know what porn sites I visit and I torrent for just anime, ebooks, and such, but I feel like it's a severe violation of my rights, I pay them the connection from my router to the internet, not to put them inside my LAN, ffs.
One more thing, as far as torrenting goes, can they see specifically what I download or just that I'm torrenting? Any way to hide it beside going VPN? Could using a VPN trigger them into telling me "hey fucker, we don't allow VPN traffic, turn it off or we throttle you" or something.