/cyb/ + /sec/ general: cyberpunk and cybersecurity: serial experiments lain edition

Is there such a thing as a secure password manager?

I'm sick of password reuse, as I'm sure it's going to cause me problems down the road.

try storing your passwords locally, or just in a book or hidden in a book you can casually bring with you that wont be stolen
Ex: Written down passwords in a book about Python or C#

I like cyberpunk though

bit of a cynic reply but
paper

what else? any tips other than whats in the OP?

=== /cyb/ News:

>Call for a ban on child sex robots
bbc.com/news/technology-40428976

The headline is rather tabloid, the contents of the article is far broader, and more interesting.

>But Prof Sharkey has doubts about how human-like such dolls will become.
>"I can't see them as being like humans in the next 50 years. They will always be slightly spooky, and their conversation skills now are awful," he said.

>bbc.com/news/technology-40428976
Why has the BBC become so baser?

>I can't see them as being like humans in the next 50 years. They will always be slightly spooky, and their conversation skills now are awful," he said.
Doesn't matter if we combine it with VR BABY

the way i see it there are two types of adversaries. the script kiddie to mid level and the high to state level actors.
for type A something like a local password manager is good and secure given you follow safe practices (don't open sketchy links, close down your browser, etc.)
type B really isn't possible to defend for, since it is assumed they have unlimited funds. GPG and the like could probably deter them, but if you catch their ire, you are probably donezo.
Type A are my main adversaries, so feel ok using pass as my password manager. but hey, maybe i got it all wrong and someone here can show me the light, security through obscurity isn't a thing after.

hey anons, i just found a post that is shocking realistic on a /cyb/ site
cyberpunkforums.com/viewtopic.php?id=3857
addiction to information.

>donate with paypal
could be bitcoin/eth/other assorted buttcoins, but nope had to be paypal

Check OP m8. Beside resources should he a "/sec/ level tier" pasta.

There are times I wonder if BBC staff follows Sup Forums. They have had plenty of articles on Sup Forums in the past, especially one on Cicada.

My thoughts exactly. You can confiscate physical products at the border as the Canadian guy has found out. A digital version is harder to detect and also harder to enforce a law against. There is already some case law regarding pictures of adult models where the pictures were regressed in age. This, the judge found, was not cp. Of course new rulings can differ.

i found this music video weeks ago and forgot to share it here, just the mood and the set it gives makes it feel cyber

youtube.com/watch?v=H5rcE0ixytY

(from reply to question in last thread)
Vuln research and exploit development in general can open many doors for you: it is an extremely valuable skill to have (it could/can be one of the most financially viable skill(s) in this field)., and relatively few people have any capacity for it, let alone a talent for it.

There is a broad canvas of places this skillset can bring you too: you could work for almost any branch of the defensive InfoSec/NetSec tree (AV/AM companies, in analyst positions within service providers akin to Secure Works, in an engineering capacity developing/improving signature based/heuristic detection technologies).

On the offensive side, you find yourself doing anything from selling custom exploit kits on darknet markets, to investing yourslf in serious zero day research for the purpose of sake trough a broker. or just collecting bounties on products and programs.

I know of a guy who makes a really good living finding buffer overflows/memory corruption issues in SCADA/PLCs/Industrial Infrastructure and selling them to brokerage firms.

You could definitely go the Red Team route too; having someone who can get you ingress via custom exploits is invaluable.

If Vuln research is what you want to do, then you definitely are going to have a ton of options now and in the future.

What are your thoughts on non linux operating systems like BSD?
What about non UNIX such as Redox OS?

What's /sec/'s choice in browser? Currently considering Iridium and Icecat.

I've personally never used it, from normies i hear its great, better than linux in some cases.

From Sup Forums, I havent seen any recent discussion or shilling about FreeBSD lately.

Oh shit user. This really is me.

This is why I deleted my fb because I was constantly refreshing it, but now I think I'm more productive because I refresh HN or this place or some blog four times a day

I don't know what the answer is other than discipline

>this entire post
That all sounds fucking amazing. Christ, I need to level my skills up. Why the fuck didn't I start ten years ago?

Lol sometimes I feel the same, but it was only around 5-7 years ago. I dabbled on and off with coding but could never get far since I felt like I never understood anything or how to apply it, but now I'm going in balls deep. We're all gonna make it brah.

Science fiction has had an incredible effect on the course of science, especially rigid disciplines such as the various branches of Physics.

Authors like Isaac Asimov inspired generations of scientists who changed the world.

I do not see cyberpunk as any different in its effect on cybersecurity; in many ways, cyberpunk media makes us reflect on many magnitude of human and socio-politica/socio-economic issues regarding technology.

Even the basic application of cybersec skillsets involved in the defacing of a website in defiance of some unethical corporate entity shares a parallel with many cyberpunk themes.

At least to my mind, at base, cyberpunk represents technologies effect on any individual or group's humanity.

In our current age, much of the technology that fits the latter definition resides on the internet (especially in the pseudo-realities created by social media) or in the scope of computer technology.

Cybersec are the disciplines that alllow you to effect the latter change in the technology effecting both your and civilizations humanity.and thus effect your humanity.

Personally, I know that cyberpunk has made me care more (and better recognize my responsibility) in my occupation managing a Cybersec Lab.

>have used simple passwords
If you haven't already, start using a password manager and replace simple passwords with longer, randomly generated ones. you can do this one-by-one, i.e. whenever you log in somewhere by typing in a password, change it for this particular site.
>havent encrypted any drives for the fuckos
if you haven't already, crypt them now. not only your pc/laptop but also your phone

what applications do you recommend for me to use to encrypt my phone?

>in my occupation managing a Cybersec Lab.

maderas? Are you here again?

Your posts in the last thread and the guy posting his latest hacks have made me think that the textbooks im working through are worth fucking nothing, since they both focus on metasploit for a significant portion of the book (georgia weidmans intro to pen testing and hackers playbook)

What the fuck should I be reading and working through that's applicable to the real world?

I thought exploits and shit were important to learn..

If you are on a UNIX(-like), give pass (passwordstore.org) a try. It's basically a well wirtten shell script that wraps gpg and pwgen and can synchronize via git. Ir you are extra paranoid you can use a yubikey or a smartcard for the gpg crypto. If you are not into cli programs, there exist also many GUIs for it and also dmenu and rofi scripts.

This can't be done with an app, you need support from the OS. Both Android and iOS have it built-in in all recent versions.

I pretty much always have a tab open to this general. I feel this place is worth investing my time and it entertains me through many 16 hour days.

DOn't feel that way about Metasploit, especially if you are just inside a year or two of your studies.

Being able to use Metasploit is a huge boon, especially early in your development. It's when people don't learn to program and rely solely on tools like Metasploit (or if they aren't working toward independence) where there is a problem.

Metasploits auxilliary and post exploit modules can be extremely valuable, and Meterpreter is still one of my favorite tools.

The Hackers Playbook is definitely a good book man, especially the enumeration sections.

Most of the tools we mentioned come a little later when you have proper theory in place for achieving ingress (which usually comes down to solid enumeration).

Just the fact that you questioned your materials shows you are doing fine. So chill and enjoy the journey; develop the methodology and workflow that works for you(especially where enumeration is concerned).

ANd if you ever have any questions I'll likely be here and supply an answer eventually.

If I had to choose between a certification to get, should I go with CPTE or CompTIA Security+?

Different user, but in addition to these, thoughts on OSCP?

Disclaimer: Certs are always a tricky thing in this field.

The Common View: The Upper Echelon companies don't really care about them except maybe the OSCP and GPEN; they want to see projects and experience and education.

Most of their decision will be made based off of conversations regarding security they have with you during the interview where your future co-workers will be heavily involved.

Yet where certs are also concerned, the OSCP isn't generally (officially) regarded by the DOD and some other US governmental employers.

My view:, I think if you are just trying to break into this business (especially with the wealth of job postings out there), that certs with projects (Github, web page detailing projects and/or research) will get you your first job (or at least past HR for an interview) so you can get in the door

Some form of prior IT/programming/development work is a huge boon as well.

WIth all that said, I'd go with CPTE; Mile2 has gained some traction by providing training to US and Canada government/military bodies.

For all intents and purposes, it seems to be regarded as a cert that necessitates greater technical understanding then Sec+.

I don't know if you are aiming this at me, but if you are going to get a cert, I'd recommend the OSCP.

Again, my prior comments and disclaimer on experience, projects, research, context, (etc.) apply.

You the real mvp man. Thanks a bunch for chilling with us.

pls tell me they're not backdoored :'(

>CPTE
what you said about defence adoption is nice, but holy jesus their site looks fucking dodgy as.

Nah...I'm just another dude chilling with some interesting cats in my favorite non-pc corner of the interwebz

Yeah brother, if I remember right they were shilling against the the ECC and the CEH pretty hard for awhile (which left a bad taste in some peoples mouth).

They are a legit company though. When I weighed your question I was only concerning myself with what will get you past HR and in contention for a job.

That being said: mile2 itself seems a bit dodgy all around; sometimes the steps on the path are shady.

Has the following certifications aligned to site network architecture: Security+ and
Cisco Certified Network Associate (CCNA) or equivalent (ie, BCNE for Brocade, etc)
I see this for almost every job contracted with the
US government / military.
Can't speak for Canda.
Just understand the content, then flash memorize practice exams.
I know you didn't ask about CCNA, but if you do it memorize a subnet chart so you can do the math really fast.
Both are really easy.
Certs are certs though, what people expect could change in a few months or years and they expire.

hey user, what laptop do you personally use, if you dont use one, what do you think about the /cyb/ anons who use thinkpads or etc.. for security measures or pentesting or hacking/programming? really curious as I've only been in these threads for a couple weeks, nearing a month and a half.

Thread is talking certs so when is a cert worth renewing? I got the CompTIA Sec+ to get into the field and succeeded, now it expires in a year but I don't see the point in renewing it when I'm going to be working on higher level certs now. Besides, when I help with interviewing I don't really care if a cert is expired, I just take it to mean that candidate didn't feel like paying more money for no tangible reason.

If you have an expired cert and the company you want to go to needs it, they will most likely hire you and require you to renew the cert within the month.
At least US government contracted companies will even pay you to renew the cert.
You are absolutely doing it right.

Forgot to say
Some certs like Cisco might need to be renewed while you are still employed because the company gets discounts on Cisco equipment if enough of their employees are certified (great scam I know), but usually your company will pay for that and if you get the next level of a Cisco cert it auto renews the previous ones.

Thanks, I somehow never thought of companies paying to renew it if they need it, good tips, have a birb.

Not a BSD, they look like a scam and probably are like in the case of FreeBSD in which you work for Cisco, but is also lacking a lot things and adds practically nothing. The Hurd is different, the structure is well thought and even if is just a concept is already something else.

Non Unixes are plenty, but then again not many offer something distinguishable. You probably saw the Plan 9 thread, so let me tell you some Unixes already taken good ideas from it.

The only other OSes really worth to mention are FreeDOS, KolibriOS, JNode, ReactOS and the FreeVMS project. We know FreeDOS already works and is a lightweight alternative, KolibriOS is even more lightweight but because everything is assembly and you can't ask every developer to do that. JNode is more interesting, it works in pure Java I think, and is supposed to be only for Java applications. ReactOS came late to the game and I don't think it worths more than for developing WINE, which they cooperate. The best alternative OS is not explored enough and is FreeVMS, which thought to have an environment and be a dedicated server.

In my opinion, pay no attention to other OS other than FreeDOS, FreeVMS and the Hurd. Collaborate on those three projects when possible.

i'm most concerned with state actors as everyone else should be.

i strongly disagree. the market can better provide the services that the state has monopolies over. taxation is theft.

whats the difference between iridium and chromium? i use chromium with a few plugins. canvas defender changes my fingerprint (they're working on an update for it to change with every tab automatically) safescript (noscript) privacy badger, https everywhere, cookie autodelete, webrtc disable, ublock origin, active user agent. are there any other recommendations?

Have you read any of the cyberpunk books? Like Neuromancer? Or Count Zero?

What does /cyb/ /sec/ to consider the best way to set up a 'secure router'?

Get a NGFW/UTM for layer 7 application scanning to protect against advanced threats
Set up the firewall to allow by exception
Change the default password

How does Smoothwall rate?

>>nothing to hide? please.
>youtu.be/pcSlowAhvU
tdlr?

It's 20 minutes not 5 hours you lazy fuck.

>bunch of kids on Sup Forumspretends they are le hackers anonymous by encrypting their anime folders
>to ingnorent to realize that their pc's always have Intel ME botnet enabled

lmao

yeah ive got other things to do though, like and

>Intel ME
>not reverse engineering intel's entire processor architecture and constructing your own chip from scratch
pleb

>not living in the forest without any electronic devices where evil corporations can't get you
plebier

>selfishly hiding from the evils of the world instead of putting in the effort to make a difference for your fellow man while keeping yourself safe and anonymous
sometimes hard work pays off user

>not using an fx cpu
enjoy your botnet.

>she doesnt route all tcp/ip traffic through a risc-based whitelist-only firewall, free of botnet worries

scrub

>Not using a pre-botnet ThinkPad.

>cpu infects packages
>host that recieves has a backdoor too
>fowards to desired address

well, ok.

>secure

This is what makes backdoored hardware so scary.

>not writing your passwords down as a caesar cypher and reordering the characters in a way only you memorize and having no legible words in your passwords

pretty much, and its something often overlooked. if your router and cpu are backdoored for example they have a secure coms line you cant detect

Augments irl when?

Now that CNN is trying to shut down Sup Forums. What do we do?

Call everybody niggers, faggots and niggerfaggots.

Anyone else crack their neighbors WEP wifi networks?

Feels /cyb/ as fuck to drive around sniffing packets

This post is top lel material

>your IP is being traced you damn racists! shut it down!

Don't forget cucks if they're white.

Imagine if CNN got Sup Forums shut down.

Imagine all the people who's primary social outlet is Sup Forums and vidya with total rage. Imagine the response.

And then CNN think twice what you are doing.

Hey, if I wanted a good way to manage my passwords on both pc and android, without being in the botnet, what could I do?
My thoughts were:
-find a good password manager (but I am wary of that)
-make a text file, password protect it somehow, and upload it to Dropbox, and then inside the text file list all my passwords but using a ceasar cipher to shift them all, and only have the key in my head. Is there a way for me to password protect a text file reliably?

HAHAHA GOOD FUCKING LUCK

Either use gpg or write it down in a notebook

Lain is so ugly.

I live in a middle class suburban area, nobody is using a router ancient enough to use WEP as default. Feels bad.

Sniff WPA handshakes and try to bruteforce or dictionary attack it

back to l*inchan faggot

I might try that. Is a bruteforce method actually viable for a decent length password (8-9 characters), though?

No it takes a long fucking time for 8 alphanum chars (which is the minimum)

Isn't this quite literally illegal?

Deep down you know cyberpunk has nothing to do with fighting the corporation boogeyman, it's just a scifi genre about futurism and a specific aesthetic, you just force that name into your hobby to sound cool

"WE DEMAND YOU SHUT DOWN ONE OF YOUR MAJOR PAYING CUSTOMERS BECAUSE THEY HURT MY FEELINGS!!!"

How can I find information about this ip?

74.14.180.202

Is it safe or full of Malware?

>whats the difference between iridium and chromium?
The difference is that Chromium still sends your shit to Google. Unless you use Ungoogled Chromium.

>awaiting for their accounts to be shut down

Just read this thread, or any of the previous ones.
Shitposters like you have said this, often multiple times a thread and it gets shot down every time.
This time, I'd like to not waste any time and simply tell you where to look for your answer.
Thanks, now fuck off.

not an argument

When the biotech industry gets a license like the GPL, otherwise you get patent trolls.

>ungoogled chromium

Could it be that maximum lawmen would force a company to remotely shut down their patent infringing IOT augments? I would imagine companies advertising that they would never shut down internet enabled augs and thousands of people falling victim.