/cyb/ + /sec/: Cyberpunk and Cybersecurity General:

/Cyb/er/sec/urity general is for the discussion of anything and everything related to cyberpunk and cybersecurity.

What is cyberpunk?
>pastebin.com/jS37Vu7A

Nothing to hide? - The importance of a cyberpunk mindset applied to a cybersecurity skillset.
>youtu.be/pcSlowAhvUk

Resources:
Cyberpunk:
Cyberpunk directory:
>pastebin.com/9JaJFqB2
Cyberpunk resources:
>pastebin.com/7DWCsAc8

Cybersecurity:
Cybersecurity essentials:
>pastebin.com/JWx5xeEM
Cybersecurity resources:
>pastebin.com/NaUPUDF0

Harden your OS, reroute your DNS and fire up the VPN!
Shit just got real: - Looking for more resources, help is welcomed.
>pastebin.com/JXyM4fTe

The Old Skool: - Looking for more resources, help is welcomed.
>0ld 5k00l h4ck3rz: 67.225.133.110/~gbpprorg/#40

IRC:
Join: irc://irc.rizon.net:6697
>#Sup Forumspunk - Requires SSL
>#Sup Forumssec - Requires SSL
IRC guide:
>pastebin.com/YDbEWRHV

Thread archive:
>archive.rebeccablacktech.com/g/search/subject/cyb/
>archive.rebeccablacktech.com/g/search/subject/sec/
>archive.rebeccablacktech.com/g/search/text//cyb/ /sec//

Thread backup:
>cyberpunked.org/

Previous thread:
Suggestions for new resources are welcome.
The Gentoomen /sec/ community is looking for CTF team members, contact them at the IRC channel.

OP message:
See:

Other urls found in this thread:

rtl-sdr.com/detecting-car-keyfob-jamming-with-a-raspberry-pi-and-rtl-sdr/
captf.com/practice-ctf/
reddit.com/r/securityCTF/comments/35rsy3/best_wargames_for_ctf_practice/
gist.github.com/fakhrullah/e8794f4847f3114316235ad7b0530dec
github.com/apsdehal/awesome-ctf
nostarch.com/pentesting
amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-9781587147029
dvwa.co.uk/
youtube.com/watch?v=5qPgG98_CQ8
twitter.com/NSFWRedditGif

Any consensus on custom PATH? ( )

do what you want, its your system
if you feel an additional PATH variable would be helpful, do it
i personally use ~/.opt/bin

not really a big deal user, barely even worth mentioning desu

I don't think you've read the post I've linked

if an attacker has write permissions to your path its already too late
does that help?

>
>Elite: Dangerous isn't really cyberpunk though.
I know and I agree. The point is that there is a huge market for 1980's nostalgia. moreover this group are willing to pay, a lot. The Elite: Dangerous Kickstarter campaign had the largest request ever and it was fulfilled. 1984 saw the release of both Elite and Neuromancer, while mainstream was only talking about Orwell. Then again mainstream is by definition never cutting edge.

No, it doesn't

If an attacker gains access to a user's dir, the amount of damage he can do is limited by that user's privileges, it's not too late (yet). Why should it be too late?

PATH/alias/user's environment issue comes up because it potentially allows the attacker to phish out user's login credentials, and in worst case scenario, gain root credentials if user is a sudoer/in a wheel group/etc.

Noobtard question:

>uncle is really smart and self taught programmer/tech guy who worked his way up to top tier managerial level at IBM
>i have no background in tech but he keeps telling me stop being a pleb and to get into a career in cyber security nao
>he tells me don't be a code monkey, security is what he'd do x1,000,000 if he could do it again
>tells me there's 2 year degree/cert programs that will get me in the door

What say you bros? Do i need to have a highly proficient background in coding to be successful in CS? The field sounds cool as hell, just kind of intimidated thinking i have to be some wünderkid genius to get a job

this is precisely why you add the user path after system standards, so you dont get ssh replaced with a keylogging wrapper etc
if it requires root it shouldnt be in your user specific path

if the attacker has write access to your home dir they can edit the PATH anyway so what difference does it make

>he tells me don't be a code monkey,
True. Much will be automated away, much of the rest will go to India. There is little future for that in the West.

>security is what he'd do x1,000,000 if he could do it again
There is a fair bit of money but the work is enormous. To remain at the leading edge you will study many hours a day plus you are looking for a 6 -7 day work week. Not everyone has the stomach for that level of dedication.

That's a better answer

Still, it's possible to restirc user's ability to edit his own enviroment settings, I wonder if it's worth it vs. having better audit

Thanks for the input. Not to say the field doesn't interest me, but the idea of extensive hours/on call/studying does not sound appealing for a long term career :/

>tfw got excited and another dead end

There's literally no way to get a decent career without constantly studying

How will Russia looks in the future, if Vladimir The Dick not kill it now?

who up for some 2a's / 3a's?

what's that?

Wow I just started the cybrary CompTIA + tutorials.. and oh god they are horrible to listen to.
And then I found Prof Messer and lo and behold, someone who can actually talk clear and with passion

Go watch the cbtnuggets courses instead.
Keith Barker is my IT waifu

Gonna check it out, thanks.
Anything but Cybrary, I am still mad for wasting that hour because I though it might get better..

If you want that kind of cash, typically you'd be working serious hours no matter where you are

If he went into Banking it'd be the same shit, just replace that study time with more time on Excel or pretending to work in return for more money

Hell, buddy of mine in real estate does 6 or 7 days a week, he makes bank but it's literally just because he works his ass off for it

Different guy here

Seconding the cybrary thing, saw them recommended everywhere but their videos are pretty awful for the most part, or are just someone saying "use this tool"

It's nice that you can watch them for free, I can respect them for that. But having to watch 45+h videos, where one guy talks in a super monotonous voice and the other mumbles and present the material in a very confusing fashion, is just a dreadful chore.

At least the Linux+ one seemed better, the guy speaks in a much nicer voice.

Cbtnuggets stuff is subscription but anywhere you find pirated content you will find the video files. Be aware however theres flashcards and questions built into the video those will miss, plus premade virtualized workstations for you to follow along with for some of the more hands on stuff. I think they do a free trial as well might be worth looking into.

>he doesnt run
:^) dont worry about it chummer

quit being a newfag

what's a list of things I can host on a private server in my home?

what are the security benefits of hosting things myself?

>what's a list of things I can host on a private server in my home?
TOR node

>what are the security benefits of hosting things myself?
Then you know where your stuff is and more what is running on it. If others have physical access to your machine it means your security is shot.

OK, so I posted the news to the old thread, rescuing it here. Reason is, I think EW is important both for /cyb/ and /sec/ and this is an example. Also I plan to hack out a small intro paste but that takes time.

Anyways:

=== /cyb/ and /sec/ News

Electronic Warfare, for home use

>DETECTING CAR KEYFOB JAMMING WITH A RASPBERRY PI AND RTL-SDR
rtl-sdr.com/detecting-car-keyfob-jamming-with-a-raspberry-pi-and-rtl-sdr/
> It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.


[Basically, do read RTL-SDR for this kinds of news. For a handful of dollars you can make a lot of EW equipment like phase coherence direction finders, passive (or bistatic) radars and a lot more]

>TOR node
cant wait until someone uses it for CP and the cops raid my house

bridge only then, let someone else handle the exit
also p sure cp is inside of the tor network, so you have little to worry about - if they can identify you they can also identify the actual host

I am thinking of making a discussion forum to counter an extremely biased and political correct press in my country. The idea was to make it a .onion site so I have thought about the problem you mention. It is probably the easiest way to attack a site and another good reason to host it on a hidden site.

I might add a layer by using a hidden high gain Yagi to connect to an open wireless node.

Slowing down quite a bit.

Maybe Russia will be a great country, or maybe not.

>all the GITS music on youtube is blocked now because of the shitty movie

>what's a list of things I can host on a private server in my home?
There's a lot of self-hosted alternatives to popular services, but they're often less feature-rich. Honestly, depends on your needs.

>what are the security benefits of hosting things myself?
Generally speaking you don't have to trust your data to some other service's employees and policies (e.g. disgrunted employee or chinese hacker leakaing your data)

This is a double-edged sword because now you're responsible for said data (security, backups, availability, etc.), so now you're safe from disgrunted employees, but you're on your own when the aforementioned chinese hackers come.

I wish I could run a TOR node. My friends told me my country is quite sensitive now about that kind of stuff.

It really depends on the legal system in your country

One of the Debian developers is on his fourth month in a bullpen over hosting a tor node, but he lives in Russia, so that's a given

Actually, wasn't some Russian guy arrested because he was running a NON-exit relay?

Pretty sure it was an exit relay. Some allaku akbar guy made some explosive posts from his IP.

IIRC it's already known that Bogatov (the guy who hosted the exit node) is not the terrorist, but he's still held as a suspect to scare people away from hosting TOR nodes in Russia.

>IIRC it's already known that Bogatov (the guy who hosted the exit node) is not the terrorist, but he's still held as a suspect to scare people away from hosting TOR nodes in Russia.
Yep. That's the situation that I think my country will have.

Yeah, Russia is complete shithole when it comes to privacy.

Never host anything in Russia or deal with anyone or anything that deals with Russian government (e.g. Telegram).

OP here, I'll be adding all resources tomorrow.
I'm going to bed early as I've been neglecting sleep and am bonafidely exhaustive.

Global autotype function for KeePassX 0.4.3 unofficial build for Mac OS X suddenly stopped working perhaps after latest update to Waterfox 54.0.1. Anyone else?

The same 0.4.3 package is no longer available on the internet for a re-install to identify whether it's a buggy KeePassX on my end.

KeePassX has been forked into KeePassXC, which is more actively maintained, give it a try

Thanks, but I'd prefer to stay on KeePassX.

>another dead end
The only dead end here is you mate.

Did some study last night through my textbooks, and accomplished a few "pivots" in my basic lab to get from one network to another

I have a few questions

>how are you supposed to find the address of the machines in the secondary network in the first place?
The examples had you feed routes into msf, so using a compromised machine in both networks, you bounce through that machine to the other network.

You have to feed it an explicit IP address. Where am I supposed to be getting that from in the first place?

>proxychain
Same thing again, once I had a proxy chain in place, I could knock of the other network. I'm going to redo this section, because parts of it are slightly lost on me, but once again, I needed the raw ip of the machine in the other network.

>labs in a box
Is there such a thing as a fully set up practice lab you can download? Not like a CTF exercise, but firewalls, DMZs, vlan segregation, domains and users etc all ready for you to fuck with.

My environment is a joke. Its xp 7 and Ubuntu in the same LAN as my Kali machine, with the exception of the 7 vm having dual adapters so I can push the others into their own network, and still have the 7 machine be in both.

This isn't very real world, but setting one up myself, Jesus I don't know if I have the time and skills for it. I don't want to be a sysadmin and deploy DCs, I just want to fuck with them.

Oh lord I ask an actual question and now the thread is dying

bumping for you

Saw 'Women in Cyber' merchandise for the first time on LinkedIn today.

Hold me, /sec/, I'm scared of what's to come

something worse than heart bleed

It has already come, the whole IT scene has the disease already. Nothing is safe from retards.

what are the best practice hacking sites?
sites like hackthissite.org etc

user, could you share these textbooks? I want to learn about network security / privilege escalation, and it will be very helpful. Also, bump.

captf.com/practice-ctf/
reddit.com/r/securityCTF/comments/35rsy3/best_wargames_for_ctf_practice/
gist.github.com/fakhrullah/e8794f4847f3114316235ad7b0530dec
github.com/apsdehal/awesome-ctf

nostarch.com/pentesting

And

amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566

And

ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-9781587147029

Are the three books I'm working through atm

No I don't have PDFs because I like having physical books to make notes in

thanks, user

what does Sup Forums think of pic related?
I currently am on the fourth chapter and i think there is no way i can absorb/memorize this amount of information, almost giving up

>using youtube to listen to music

read through then keep it around for a reference like any other technical book

nigger, are you practicing and taking notes while going through the book or just reading it like its a harry potter book?

Then learn to study better.

here, thanks for the replies

I am reading the PDF version, i guess i will buy the physical book then
I am not practicing, i think i will create a lab or something
any tips besides taking notes and practicing?

>any tips besides taking notes and practicing?
That's literally how you study dude

>I am not practicing
i fucking knew it the second i read your first post. thats your fucking problem right there. did you think you'd just read through and then magically hack every web application?

also, don't buy the physical edition, don't waste your money until you know fucking learn HOW TO STUDY.

here, nigger

dvwa.co.uk/

also im

protip: READING IS NOT ENOUGH repeat this 100 times before you go to sleep maybe you'll wake up a little less dumber

thank you user, i promise to change my attitude

yeah, i hope u will. if you need help first SEARCH, if u don't find then post here and surely someone will be able to help you. good luck and have fun

All good. I've never seen any praise for that Georgia wiedman book anywhere, but honestly, it's given me such a great spread of knowledge; because it's made for beginners, it tells you HOW TO USE the tool, rather than other books that tell you WHAT tool to use.

Security always struck me as the kind of business where if you're shit then it'll show very quickly, though.

Or do these people just get by through politics?

Every job in the entire world is made up of retards, and a small tiny percentage of people who are capable, and an infinitely smaller number of people good at what they do.

Even roles that the outsider thinks are for "professionals" are full of dipshits.

Jobs are like school. Do the bare minimum required to keep your minder/boss away, and people live by that

extremely reddity image

Anyone got a good anonymous way to share files. One to many.

Perhaps

Maybe

It could possibly be

Because it's from reddit?

idfc if this image is from reddit. The image itself is pretty awesome, love the sights.

I guess it has something to be privacy related, but why the laugh?

That image is in my life goals section. The ambiance, view, setup is amazing.

Your life goal is to live in a highrise in a city? Get some roommates and you probably won't have to pay more than $1k/month.

Paying 1k a month in rent to live with other people sounds fucking outrageous to me.

I cant justify that kind of money.

It's a goal for that reason; I want it to myself, and to afford it and not be broke. Like I can afford my shit unit in the crime part of town and not think twice about the rent money, I want to make enough to be able to pay for that unit and think nothing of it

Sunspring sequel released:

youtube.com/watch?v=5qPgG98_CQ8

This one's kind of shitty though, I wish they made separate movies from each of those training sets, not just snippets.

Also, I rewatched Sunpring. I had forgotten that they interpreted it as a story about cuckolding

Guy living in HK here.

If you want somewhere half decent in NYC, SF, HK or London (or possibly Singapore too), you'll be paying something similar to that.

The /cyb/ meme of scuzzy, high-density living is a novelty for a while, but it wears thing once you've actually done it.

That having been said, I like HK, you just shouldn't live here unless you're making fat stacks, its not worth it if you're poor

I wouldn't recommend it. Going solo in a big city is like a death trap, unless you already have friends there. At least with roommates you have someone to talk to at home. Living by yourself is basically a huge suicide risk if you're of a typical mindset of many people on this board. Very easy to go from loneliness to full depressive cycle to suicidal thoughts.

You do this book, you don't read it. You get a copy of burp suite free edition or w/e and blow up your own VMs where you install exploited old Wordpress suites and shit as you follow along in the book.

Another good book is Tangled Web, a browser security book The Tangled Web is better for learning the underlying causes of various issues presented in Web Hacker's Handbook, and for learning how to prevent them. It has practical checklists at the end of every chapter for anyone building an application which is extremely helpful if you're making some Tor hidden site to drop your cipherpunk manifesto or w/e.

It is a lot to learn but you're not expected to memorize everything, that's why it's a book you can go back to it later for reference or take notes, and make yourself a checklist(s) like Tangled Web does.

Not previous user, but living in a place without huge sky's made me to not be ambitious to love there.

I want a very small flat (I guess I would call it that in english) full of tech that I will hopefully understand at its most when I reach that point.

>I want a very small flat

Welcome to HK, you'll fit right in here

Yeah what you want to do is live with your wife or girlfriend, then split the rent across 2 paychecks.

I will lie if I told you I never though about Shenzen or Hong Kong, but language barrier makes me discard it fast af, beside the firewall thing (although iirc HK is out of that, righ?)

Shenzhen isn't great tbqh m8. It sounds all cyber, but it's just a newly-built Chinese city. If you want to live on the Mainland, go to Shanghai.

HK is outside the firewall (for the moment anyway), not too sure about SZ as it's an SEZ, but I'd imagine it's censored.

Very easy to get around though. They're clamping down on VPNs a bit, but with Tor it's a piece of piss to get around.

Mainland is also way way the fuck ahead of HK (and even the West) in some regards, e.g. cashless payments (Wechat and Alipay are everywhere, they're crazy good), bikesharing (Mobike and Ofo are everywhere), that kind of thing.

Zero language barrier in HK, I know whites who were born and raised here who barely have a word of Canto, same in Singapore. You need it on the mainland though- it's become a bit less socially acceptable for expats in Shanghai to not have any mandarin, it's kind of expected now, I presume SZ is the same. But if you're going to learn a Chinese dialect/language, Mandarin is the easiest by a mile anyway.

Well I sometimes use anonfile.com, seems ok

)))))))))))

Shenzen is pretty cyber, there's literal dudes on the streets hacking together stuff and dudes hawking electronics everywhere on the street. CHYNA is heavily polluted and overpriced though. You couldn't pay me to live there and eat the toxic food, breathe the unbreathable air, use the toxic toothpaste. One exception is that carless island Xiamen. It's pretty cool but again toxic food and toothpaste.

Taipei is good, breatheable air and eatable food as long as it's not imported from the mainland.

You've never lived there, how do you know what the streets are filled with?

>Guy living in HK here.
Last time I visited HK I was told there is a huge air pollution problem, coming from Shenzhen. Still true?

Petrosyan, is that you?

Taipei is not china tho

Keep it up.

There's a bit of pollution but nothing compared to the mainland

Go to Beijing and you'll see some shit.

Taipei is very clear though, same with Singapore

>Go to Beijing and you'll see some shit.
yeah, I have been there. I think it is more correct to say I hardly could see a thing.

Tokyo is clean though hazy. Yokohama had a bad reputation but I think that is now a long time ago. I guess the Minamata disaster has something to do with it.

If you've already compromised two machines and one of them is connected to another network you can drop your tools onto that machine to further investigate and see if there are more exploitable machines within the second network. You should also be able to do this through a meterpreter console if that's how you have shell access.

>labs in a box
Check out vulnhub, it's essentially what you want, though many are CTFs.

>you can drop your tools onto that machine to further investigate
Shit I didnt know you could do that? Okay cool, thats certainly a good idea Ill check it out.

>vulnhub
Ah okay, I just thought EVERYTHING was CTF since I got a few easy ones from there, I didnt know they did labs.

Be careful about moving tools in a real situation, though for practice it's fine, netcat makes this easy. Though, that being said, I'm pretty sure you can configure nmap to route through the proxy/ssh tunnel, I can't remember exactly how to do it. If you read the man files you should be able to find out more.