Previous thread: Suggestions for new resources are welcome. The Gentoomen /sec/ community is looking for CTF team members, contact them at the IRC channel.
OP message: Have a good time and enjoy yourselves. I'll also be adding any resources I missed from the last thread, during this thread. So make sure to keep an eye on the OP for new content, thanks to community efforts.
Hello, /cyb/ + /sec/, I would like to know if it is possible to run a 24/7 solar powered rpi email server. Included with it is a battery of course. Reccomend any battery packs for ez set up or just doing it on my own?
Chase Cruz
Holy shit dude
I too was thinking of something similar.
I was advised to be very careful about what sort of batter pack to use, as pis are very prone to damage from over volts
Cameron Parker
This new thread needs some libreboot
Colton Watson
im thinking of recycling some old laptop batteries (testing to see how many volts and just they got in em first), then, purchase a small enclosure rather than just a long bit of metal to connect the cells all at once, soder a solar panel on to the case of the pi and the battery pack below it, soder the battery pack to a board with a usb female port slot, then thats it. not sure if plan would work or not with my skill in electronics but i have some ideas on the schematics.
Grayson Butler
I thought so.
Thomas Campbell
I got a bunch of computers at work mining monero. Getting about 2 coins a month for free
Joshua Rogers
how much monero do you think you get per week? or how many computers are mining?
Jordan Collins
4 machines running xmr-cpu-stak. I'm getting about .3 or .4 a week
Andrew Williams
user mentioned Automate the Boring Stuff; Automate is a much better book (there is also a video series) for actually learning Python...Violent Python, Blackhat Python are great for giving you ideas to work off (like templates almost) and showing you what is possible (especially with different libraries, which I think is a strong suit for Python).
The Jessica Mckellar videos are pretty awesome for learning basic Python as well.
Personally I use Python a ton at work and play; it has almost become a crutch where I should be improving my C programming (though I am by no means anything near a good programmer).
Jonathan Nguyen
aww fuck I missed that guys post, was hidden by the announcement of a new thread.
I seem to prefer books, I don't really soak shit in with videos or lectures. Not sure why
Gabriel Lopez
So what /sec/ tv shows exist?
John Smith
Obviously other than mr robot
Caleb Perry
Not maderas, but here is his advice for someone starting out:
Specifically: >When I got really serious about developing my skills, I developed a training regimen of at minimum, 4-8 hours of study/research/practical training a day, at least 6 days a week (I did this with a full time job working between 40-60 hours a week) .
The best way to learn is to do; when I was pushing forward with my development, there were a (slowly) increasing number of (a few) vendor bounty programs (now called a bug bounty).
Google had been doing so for awhile at that point. They were offering bounties and allowing most (it may have been all)of there domains to fall within scope.
(Note: In the present, Yahoo's bug bounty program has all of their domains within scope, including acquisitions.)
I took full advantage of these real world opportunities; I didn't even bother to graduate past the enumeration phase for months.
Attacking/enumerating applications like DVWA , Windows/Linux/Unix VMs, or any of the Metasploitables are good practice.
However, I would probably join BugCrowd, find a program/customer where attacks on most (if not all) of their domains are within scope, and begin/conduct your live training that way.
This method has multiple advantages, not the least of which being that you will develop more current, real world skills . This will also make your research/study more efficient as you will invariably gear some portion of your training by experiences you have against live hosts.
Juan Roberts
I messed up the greentext, but you'll get the point.
Jack Martin
I need to break it into smaller chunks I think. The whole thing is so dense I can't process it all. I've read it a few times and have somehow missed that entire bounty section
Benjamin Harris
Perhaps you were reading the OP, whilst I quoted one of his comments in the thread.
Asher Stewart
Should be possible.
For safe power management you might want to look over Adafruit, if not to buy then at least see how it is done.
Zachary Cox
I'm glad people are finding something of merit in my shared experiences.
I'm thinking of live posting screenshots/webms/gifs in one of these generals while I pentest a live network.
That way, if anons have questions I can answer them or they can at least follow along...also, I will likely learn something from the comments and questions. . I am just working out the logistics of it all.
Aaron Stewart
Damn, that's a great idea. It'd be quite the experience for me (and I assume most other regulars in this thread) to see the real deal at work. Please do so, if you can.
Samuel Garcia
Shit I missed part of your question...
CTF's are definitely worth doing. Any live practice is good practice. Some live practice is better than others.
As user stated, bug bounty's are a great training ground. Many have a large enough scope that you can get some great practice attacking/enumerating web apps and network targets.
And you neer know what you will find if you dig deep enough. My company no longer allows me to freelance, or I'd still be at it.
Alphabay (which was down for awhile, with many yelling exit scam) was raided...reports state that one of the administrators past or present (there is some argument within that market's community) committed seppuku in their cell in Thailand.
>On Wednesday, Cazes was found dead, hanged in his Thai jail cell. Since he had Canadian citizenship couldn't he have asked for prison sentence in Canada? Or is that not how it works.
Maybe the sudoku in cell was just a play from the feds to hide that they killed him in the raid or something.
Also what is going to be done with the BTC that alphabay had? Any word on that?
Ryan Cox
Oh fuck.... I haven't drilled into the comments?!
I'd fucking love that.
Ha nice. This is like being told I can play games and get smarter. I genuinely find war games enjoyable.
Eli Morales
He was living in Thailand for 8 or so years, so I am not sure...Thailand is pretty serious with it's drug laws though, and prison there is nototrious for being a pretty terrible place.
As for the Feds, I put nothing past them. The degree of fuckery that seems to go on out of direct sight of the public points at anything being possible.
Some of the BTC could end up in some corrupt fed's wallets like what happened with Silk Road...Ulbricht's OPSec fuck ups aside,much of what happened with that investigation and trial was a shit show...I don't expect this latest development to be any different.
Brandon Ramirez
How about some links to .mil related stuff such as electronic warfare lexicon? pastebin.com/u/sadieq54
Lucas Garcia
I'll add the resource soon, I'm busy right now. Thank you though.
Cameron Howard
What languages should I learn to pen test / secure my shit as much as humanly possible by myself? I'm learning Assembly and C as are, but I assume other languages can provide the same utility with a better library when it comes to hacking/security
Dominic Ortiz
I never fought the end. Went away on a school camp for a week and came back to him dying of old age when I turned it on next
Mason Morgan
I just want a good, affordable VPN. My ISP is on my ass because my idiot roommate can't into torrenting. He's using pirate Bay ffs.
Christian Turner
See the instructable below. What's the use case? Dead drop? Then you wouldn't strictly need a mail server, just a web server with DAV. Also, how would you network it? A wireless network interface will eat up a lot of power and a wired interface would be a bit obvious, so I probably wouldn't use an rpi for that use case, maybe an ESP32 or an Orange Pi Zero?
Building Li+ packs is not for the noob. You need to match batteries that go into a pack, especially if you plan on leaving them unattended, so that you don't set the building on fire. Consider something like this instead: instructables.com/id/Solar-Powered-Raspberry-Pi/
Thomas Murphy
Python or/and Perl, LISP for complex systems.
Justin Cooper
Where do you live? In France I think they just don't give fuck about us torrenting. I'vebeen doing this for YEARS and just received a warning letter that I ignored and never heard of them again. Hadopi is such a fucking joke.
Owen Diaz
>prison there is nototrious for being a pretty terrible place Yeah that's why I asked about extraditation.
Do you know if any other market has gone big yet?
Logan Miller
Anyone heard of this back door before?
>Navigation Warfare defensemedianetwork.com/stories/navigation-warfare/ >The JLOC software is built into the terrorists’ GPS receivers. When the terrorists turned on their GPS receivers to test their jammers, they unwittingly broadcast a digital message to the Global Hawk, saying “GPS jammers present.” The receivers also provided the exact location where those jamming transmitters are located.
This implies a radio transmitter is hidden in GPS receivers. That is a gigantic backdoor. Article is from 2010 and I am still surprised.
>Every element of this imaginary attack scenario has already actually occurred in Iraq and other locations. It illustrates the importance adversaries place on jamming GPS and the major efforts under way to counter that jamming.
Caleb Hall
Post youtube channel or websites that you love anons.
eater.net/ He built an 8-bits computer from scratch documenting the whole thing. It's pretty good and he's still posting update and progress.
Elijah Russell
I don't like to throw any names around (if you are in this general, you'll probably find them easy enough anyway).
There are a couple that started filling in the void as soon as AB went dark. (as always, the vacuum will be filled)
The way things generally go with federal hidden service ops, I wouldn't be surprised if the others are under really close federal scrutiny now.
The majority of their operation is probably already through since there is this kind of coverage occurring now.
I'll be interested to find out where the chain of OPsec broke(or if their is some bullshit miracle discover y like what happened and was ignored in the Silk Road case)....there is already a supposed snitch who was a vendor on AB being thrown to the mob.
Where Feds are concerned though, there is no telling what is misdirection.
Wyatt Robinson
PIA has been good to me. I don't know if being US based is a problem for you but they have lots of servers and are cheap.
Aaron Perez
Good stuff.
Adrian James
I am gradually picking up Python and am looking for a compiled language to learn. Is rust a good language to learn (bug-hunting/exploit engineering)? Is it superior to C/C++ for this purpose? Is there an alternative language, the learning of which would force me to have good habits in other languages?
Gabriel Baker
currently using codecademy to learn python, would you user's say this is an okay source to learn python?
Jeremiah Murphy
Shouldn't you ask on another thread like /dpt/ or something?
>rust Isn't rust just a meme language promoted by SJWs that can't into programming?
Go with C or C++.
Dylan Garcia
thoughts on ProtonVPN?
Landon Scott
I got it, very comfy. Secure core and VPN to tor are excellent features, and it works flawlessly in GNU/Linux
Nathaniel Johnson
Yeah, was going to ask about this. It seems like it's a new service, I'm gonna pick up a monthly subscription just to see what's up.
Jackson Scott
The VPN service is new but it was available to visionary members the past year through protonmail accounts.
William Ortiz
I see. Well, I'll go on using it and see if it's worthy the yearly upgrade.
Owen Gray
hey guys, I've been organizing my space and I've been planning to make it cyber punk, what ideas do you guys have to make it comfy yet cyberpunk? for example, other than RGB lights, bamboo lamp shades and hanging them around my main shnazzy pc, or having a comfy space with a futon with built in charger or anything of use. any ideas?
Hudson Gray
Cyberpunk is a lifestyle and philosophy, not an interior design option
Xavier Wilson
don't be like that user, some of us like how cyberpunk looks and are still actively involved in it, dont take it as an insult. I DO like cyberpunk media, literature, and etc.. i just want my space to resemble that of the media.
Hunter Reed
Technically speaking, as per my understanding, that would be Cypherpunk.
Ian Anderson
Lots of monitors, workbench, tools lying about, maybe a server or two, tech everywhere.
Dank method: google image search cyberpunk rooms - lots of great stuff there for inspiration!
Henry Cook
I'm just giving you a hard time, do what is comfy for you
Joshua Hall
thanks for the ideas user, gonna try some styles out.
Jackson Collins
Post pictures of your room if you have them, I am sure we can give you some specific tips then.
Samuel Thompson
Gonna post a couple more room pics
Joshua Sanders
One of my favorites
Evan Murphy
...
Isaiah Flores
Last one (I need to to sort my files..) And a little link to various cyberpunk pictures
These threads are worse than the desktop/neofetch cancer
Logan Davis
Only because you don't understand them.
Elijah Anderson
gonna take a sec, arch isnt reading my sd card.
Joseph Scott
bit of a poorfag, replacing the sheets rn so dont ask about that, cleaning and organizing room so i thought i could renovate it a bit. gonna pick up junk tomorrow since tomorrow is large trash day so i can kinda use the PC's and furniture people are just gonna throw away. excuse the broom
Aiden Wilson
Do you know how to code already? I yes then just try to do stuff on your own using the python's doc. Like a Sup Forums scrapper using the API or a proxy grabber from a proxy list website.
Why are people paying for VPN? Just rent a VPS and setup your own VPN, you'll pay less and know what's happening and make sure it's no-log.
Also, no one gave links for Feels bad man
Jayden Bailey
>make sure its no log logs dont matter if you're the only one using it dummy
Kayden Cooper
>imblying the VPN owner won't give up the log if paid enough or asked by the police.
Robert White
>implying implications literally what with a vps your host can still see everything you do, they're a lot more likely to comply as they have a hell of a lot less to lose than a privacy-focused vpn provider
also, no, because then they lose any customer that cares about logging by showing they keep logs and comply
fuck off retard, vps is in no way safer than a vpn service.
Josiah Ward
There is potential, and good thing your are sorting yourself out.
Anyways, change the curtains to something more modern and sleek. Also, the left corner from the windows would make a nice place for a workbench, put some lamp on the ceiling there.
I like having my desk directly at a window, but I don't know how much room you have. If it's enough, you could put a huge desk from wall to wall.
Xavier Johnson
whatever dude
Asher Brooks
I'd say its large enough to fit an L desk, also planning to pick up a cable modem so i can get faster speeds.
Isaac Peterson
>make sure it's no-log. You have no possible way of knowing this other than taking the provider's word for it.
Sebastian Martinez
just fuck off already so what? dont rely solely on a vpn
Juan Brooks
maderas, in that comment in the 0x00sec thread you mentioned your training regimen, how was that structured?
Parker Hall
Still doesn't help you unless you're absolutely certain the machine you're connecting to hasn't been compromised which isn't possible either unless you have physical control of it at all times. The internet was not designed to be anonymous. At best you're building on shifting sands.
>"Nelson applied for a renewal of his Nevada identification card on June 5, 2017. Investigators withheld the card after the DMV's facial-recognition system showed the same person had previously held a Nevada driver's license in the name of Craig James Pautler," Nevada DMV officials said.
Camden Wright
why is precisely why you shouldnt rely on a single point of failure
Ethan Anderson
what tools do y'all use when hunting down malicious links? For analysing phish links do y'all use something like phishkithunter or just a cursory glance at the DOM and wireshark? For possible malware links is something like REmnux more advised or is it better to just send the link straight on to VT or Hybrid Analysis?
Jaxon Reed
>Why are people paying for VPN? Just rent a VPS because I want multiple servers
Gabriel Gray
How are cybersecurity and cyberpunk related?
Jace Bailey
the cyber
Jordan Wood
Quoth WmG: >I put the shotgun in an Adidas bag and padded it out with four pairs of tennis socks, not >my style at all, but that was what I was aiming for: If they think you’re crude, go technical; if >they think you’re technical, go crude. I’m a very technical boy. So I decided to get as crude as >possible. These days, though, you have to be pretty technical before you can even aspire to >crudeness. I’d had to turn both those twelve-gauge shells from brass stock, on the lathe, and then >load them myself; I’d had to dig up an old microfiche with instructions for hand-loading >cartridges; I’d had to build a lever-action press to seat the primers – all very tricky. But I knew >they’d work.
So don't make it *look* /cyb/. In a world where green ascii on black background monitor will raise suspicions you should rather add potted plants.Put your servers and workstations in a separate partition which is hidden and locked. Self destruct charges are optional extras but UPS are not. Use noise damping and just bring cables to your work bench. No cables on the floor, everything squeaky clean and tidy so your Roomba can amble freely around. Clean bench, oh yes and with those potted plants.
I connect air intake through filters into my servers and use the exit air to maintain fresh air in the house.
Maintain proper humidity to avoid ESD. An aquarium will do. It also lends you an air of respectability. Crazy people don't have aquarium or potted plants.
Since /cyb/ is also about functionality your personal server room should be functional. A separate backup is needed. Avoid wireless nets - that just invites snooping and activity monitoring.
Most of the pictures look stylish and cool but are messy, impractical in case of evac and screams suspiciousness.
Jace Lewis
Read the Sprawl Trilogy. Watch Johnny Mnemonic and the Matrix trilogy.
Then you will see it.
Hudson Martin
So basically just because the fiction genre often features hackers they get in the same general as "real" hackers?
That's like merging /mlp/ and /an/ because ponies are animals too
Landon Davis
they're not, but the people interested in one are often interested in the other, so both subjects were combined to one thread so that it would actually survive (so far it's working)
Josiah Taylor
ok seems reasonable thanks
Brayden Clark
Not to mention that we are living in a cyberpunk reality (knorr: 2011) and cybersecurity is a fundamental part of this societal discourse.
Caleb Jenkins
Any of you want to share /cyb/ related radios? Maybe you know of any /sec/ related too with talks? Please no podcasts. Here's my current list, you can save it as .m3u:
Maybe someone should write up a list of good defcon and C3 talks? First one that comes to mind is youtube.com/watch?v=J1q4Ir2J8P8
Owen Smith
>So basically just because No.
It is because /cyb/ is both about these things as well as a huge source of inspiration about these things.
Also, if you see a dozen threads back or so, you will see that the /cyb/ and /sec/ threads when separate didn't last that long, usually going out of steam before reaching 100 posts. So since there are commonalities it was tested to see how it would work out and so far we routinely pass 300, have plenty of good discussions with the only noise being people asking why these two should be married.
Dylan Allen
Anybody use OSSEC?
Noah Brown
Monero or Verge
Nathaniel Cox
Isn't Verge the more private of the two?
Adam Cook
Monero is by far the best one to use. Verge is just a meme.
Luke Murphy
It looks perfect for money laundering. I wonder how long until governments and corporations attempt to outlaw it?
