Previous thread: Suggestions for new resources are welcome. The Gentoomen /sec/ community is looking for CTF team members, contact them at the IRC channel.
do what you want, its your system if you feel an additional PATH variable would be helpful, do it i personally use ~/.opt/bin
not really a big deal user, barely even worth mentioning desu
Thomas Gutierrez
I don't think you've read the post I've linked
Hunter Johnson
if an attacker has write permissions to your path its already too late does that help?
Thomas Nguyen
> >Elite: Dangerous isn't really cyberpunk though. I know and I agree. The point is that there is a huge market for 1980's nostalgia. moreover this group are willing to pay, a lot. The Elite: Dangerous Kickstarter campaign had the largest request ever and it was fulfilled. 1984 saw the release of both Elite and Neuromancer, while mainstream was only talking about Orwell. Then again mainstream is by definition never cutting edge.
Michael Johnson
No, it doesn't
If an attacker gains access to a user's dir, the amount of damage he can do is limited by that user's privileges, it's not too late (yet). Why should it be too late?
PATH/alias/user's environment issue comes up because it potentially allows the attacker to phish out user's login credentials, and in worst case scenario, gain root credentials if user is a sudoer/in a wheel group/etc.
Caleb Hughes
Noobtard question:
>uncle is really smart and self taught programmer/tech guy who worked his way up to top tier managerial level at IBM >i have no background in tech but he keeps telling me stop being a pleb and to get into a career in cyber security nao >he tells me don't be a code monkey, security is what he'd do x1,000,000 if he could do it again >tells me there's 2 year degree/cert programs that will get me in the door
What say you bros? Do i need to have a highly proficient background in coding to be successful in CS? The field sounds cool as hell, just kind of intimidated thinking i have to be some wünderkid genius to get a job
Adam Johnson
this is precisely why you add the user path after system standards, so you dont get ssh replaced with a keylogging wrapper etc if it requires root it shouldnt be in your user specific path
if the attacker has write access to your home dir they can edit the PATH anyway so what difference does it make
Joshua Peterson
>he tells me don't be a code monkey, True. Much will be automated away, much of the rest will go to India. There is little future for that in the West.
>security is what he'd do x1,000,000 if he could do it again There is a fair bit of money but the work is enormous. To remain at the leading edge you will study many hours a day plus you are looking for a 6 -7 day work week. Not everyone has the stomach for that level of dedication.
Carter Brooks
That's a better answer
Still, it's possible to restirc user's ability to edit his own enviroment settings, I wonder if it's worth it vs. having better audit
Luke Russell
Thanks for the input. Not to say the field doesn't interest me, but the idea of extensive hours/on call/studying does not sound appealing for a long term career :/
>tfw got excited and another dead end
Lincoln Hughes
There's literally no way to get a decent career without constantly studying
Nathaniel Morales
How will Russia looks in the future, if Vladimir The Dick not kill it now?
Elijah Edwards
who up for some 2a's / 3a's?
Kevin Cook
what's that?
Hunter Johnson
Wow I just started the cybrary CompTIA + tutorials.. and oh god they are horrible to listen to. And then I found Prof Messer and lo and behold, someone who can actually talk clear and with passion
Brandon Roberts
Go watch the cbtnuggets courses instead. Keith Barker is my IT waifu
Brayden Rodriguez
Gonna check it out, thanks. Anything but Cybrary, I am still mad for wasting that hour because I though it might get better..
Sebastian Morales
If you want that kind of cash, typically you'd be working serious hours no matter where you are
If he went into Banking it'd be the same shit, just replace that study time with more time on Excel or pretending to work in return for more money
Hell, buddy of mine in real estate does 6 or 7 days a week, he makes bank but it's literally just because he works his ass off for it
Michael Allen
Different guy here
Seconding the cybrary thing, saw them recommended everywhere but their videos are pretty awful for the most part, or are just someone saying "use this tool"
Luke Garcia
It's nice that you can watch them for free, I can respect them for that. But having to watch 45+h videos, where one guy talks in a super monotonous voice and the other mumbles and present the material in a very confusing fashion, is just a dreadful chore.
At least the Linux+ one seemed better, the guy speaks in a much nicer voice.
Thomas Fisher
Cbtnuggets stuff is subscription but anywhere you find pirated content you will find the video files. Be aware however theres flashcards and questions built into the video those will miss, plus premade virtualized workstations for you to follow along with for some of the more hands on stuff. I think they do a free trial as well might be worth looking into.
Andrew Richardson
>he doesnt run :^) dont worry about it chummer
Anthony Baker
quit being a newfag
Jonathan Parker
what's a list of things I can host on a private server in my home?
what are the security benefits of hosting things myself?
Oliver Reyes
>what's a list of things I can host on a private server in my home? TOR node
>what are the security benefits of hosting things myself? Then you know where your stuff is and more what is running on it. If others have physical access to your machine it means your security is shot.
Aaron Williams
OK, so I posted the news to the old thread, rescuing it here. Reason is, I think EW is important both for /cyb/ and /sec/ and this is an example. Also I plan to hack out a small intro paste but that takes time.
Anyways:
=== /cyb/ and /sec/ News
Electronic Warfare, for home use
>DETECTING CAR KEYFOB JAMMING WITH A RASPBERRY PI AND RTL-SDR rtl-sdr.com/detecting-car-keyfob-jamming-with-a-raspberry-pi-and-rtl-sdr/ > It’s been known for a while now that it is possible to break into cars using simple wireless attacks that involve jamming of the car keyfob frequency. Sammy Kamkars “rolljam” is one such example that can be built with a cheap Arduino and RF transceiver chip. One way to secure yourself against wireless attacks like this is to run a jammer detector.
[Basically, do read RTL-SDR for this kinds of news. For a handful of dollars you can make a lot of EW equipment like phase coherence direction finders, passive (or bistatic) radars and a lot more]
David Green
>TOR node cant wait until someone uses it for CP and the cops raid my house
Brayden Walker
bridge only then, let someone else handle the exit also p sure cp is inside of the tor network, so you have little to worry about - if they can identify you they can also identify the actual host
Grayson Butler
I am thinking of making a discussion forum to counter an extremely biased and political correct press in my country. The idea was to make it a .onion site so I have thought about the problem you mention. It is probably the easiest way to attack a site and another good reason to host it on a hidden site.
I might add a layer by using a hidden high gain Yagi to connect to an open wireless node.
Gabriel Davis
Slowing down quite a bit.
Justin Mitchell
Maybe Russia will be a great country, or maybe not.
Blake Cooper
>all the GITS music on youtube is blocked now because of the shitty movie
Levi Ortiz
>what's a list of things I can host on a private server in my home? There's a lot of self-hosted alternatives to popular services, but they're often less feature-rich. Honestly, depends on your needs.
>what are the security benefits of hosting things myself? Generally speaking you don't have to trust your data to some other service's employees and policies (e.g. disgrunted employee or chinese hacker leakaing your data)
This is a double-edged sword because now you're responsible for said data (security, backups, availability, etc.), so now you're safe from disgrunted employees, but you're on your own when the aforementioned chinese hackers come.
Lincoln Cruz
I wish I could run a TOR node. My friends told me my country is quite sensitive now about that kind of stuff.
Jaxon Gomez
It really depends on the legal system in your country
One of the Debian developers is on his fourth month in a bullpen over hosting a tor node, but he lives in Russia, so that's a given
Kayden Roberts
Actually, wasn't some Russian guy arrested because he was running a NON-exit relay?
Michael King
Pretty sure it was an exit relay. Some allaku akbar guy made some explosive posts from his IP.
IIRC it's already known that Bogatov (the guy who hosted the exit node) is not the terrorist, but he's still held as a suspect to scare people away from hosting TOR nodes in Russia.
Jayden Robinson
>IIRC it's already known that Bogatov (the guy who hosted the exit node) is not the terrorist, but he's still held as a suspect to scare people away from hosting TOR nodes in Russia. Yep. That's the situation that I think my country will have.
Aiden Robinson
Yeah, Russia is complete shithole when it comes to privacy.
Never host anything in Russia or deal with anyone or anything that deals with Russian government (e.g. Telegram).
Jason Reed
OP here, I'll be adding all resources tomorrow. I'm going to bed early as I've been neglecting sleep and am bonafidely exhaustive.
Ian Bennett
Global autotype function for KeePassX 0.4.3 unofficial build for Mac OS X suddenly stopped working perhaps after latest update to Waterfox 54.0.1. Anyone else?
The same 0.4.3 package is no longer available on the internet for a re-install to identify whether it's a buggy KeePassX on my end.
Brayden Morgan
KeePassX has been forked into KeePassXC, which is more actively maintained, give it a try
Kayden Mitchell
Thanks, but I'd prefer to stay on KeePassX.
Owen Baker
>another dead end The only dead end here is you mate.
Ethan Sullivan
Did some study last night through my textbooks, and accomplished a few "pivots" in my basic lab to get from one network to another
I have a few questions
>how are you supposed to find the address of the machines in the secondary network in the first place? The examples had you feed routes into msf, so using a compromised machine in both networks, you bounce through that machine to the other network.
You have to feed it an explicit IP address. Where am I supposed to be getting that from in the first place?
>proxychain Same thing again, once I had a proxy chain in place, I could knock of the other network. I'm going to redo this section, because parts of it are slightly lost on me, but once again, I needed the raw ip of the machine in the other network.
>labs in a box Is there such a thing as a fully set up practice lab you can download? Not like a CTF exercise, but firewalls, DMZs, vlan segregation, domains and users etc all ready for you to fuck with.
My environment is a joke. Its xp 7 and Ubuntu in the same LAN as my Kali machine, with the exception of the 7 vm having dual adapters so I can push the others into their own network, and still have the 7 machine be in both.
This isn't very real world, but setting one up myself, Jesus I don't know if I have the time and skills for it. I don't want to be a sysadmin and deploy DCs, I just want to fuck with them.
Ayden Sanchez
Oh lord I ask an actual question and now the thread is dying
Tyler Lee
bumping for you
Jace Sanchez
Saw 'Women in Cyber' merchandise for the first time on LinkedIn today.
Hold me, /sec/, I'm scared of what's to come
Jaxon Long
something worse than heart bleed
Oliver Clark
It has already come, the whole IT scene has the disease already. Nothing is safe from retards.
Jack Sullivan
what are the best practice hacking sites? sites like hackthissite.org etc
Colton Clark
user, could you share these textbooks? I want to learn about network security / privilege escalation, and it will be very helpful. Also, bump.
No I don't have PDFs because I like having physical books to make notes in
Josiah Adams
thanks, user
Austin Reed
what does Sup Forums think of pic related? I currently am on the fourth chapter and i think there is no way i can absorb/memorize this amount of information, almost giving up
Xavier Edwards
>using youtube to listen to music
Owen Flores
read through then keep it around for a reference like any other technical book
Luke Torres
nigger, are you practicing and taking notes while going through the book or just reading it like its a harry potter book?
Ryan Foster
Then learn to study better.
Mason Bennett
here, thanks for the replies
I am reading the PDF version, i guess i will buy the physical book then I am not practicing, i think i will create a lab or something any tips besides taking notes and practicing?
Noah Brooks
>any tips besides taking notes and practicing? That's literally how you study dude
Justin Bailey
>I am not practicing i fucking knew it the second i read your first post. thats your fucking problem right there. did you think you'd just read through and then magically hack every web application?
also, don't buy the physical edition, don't waste your money until you know fucking learn HOW TO STUDY.
protip: READING IS NOT ENOUGH repeat this 100 times before you go to sleep maybe you'll wake up a little less dumber
Jaxson Butler
thank you user, i promise to change my attitude
Jaxson King
yeah, i hope u will. if you need help first SEARCH, if u don't find then post here and surely someone will be able to help you. good luck and have fun
Logan Russell
All good. I've never seen any praise for that Georgia wiedman book anywhere, but honestly, it's given me such a great spread of knowledge; because it's made for beginners, it tells you HOW TO USE the tool, rather than other books that tell you WHAT tool to use.
Ian Sanders
Security always struck me as the kind of business where if you're shit then it'll show very quickly, though.
Or do these people just get by through politics?
Justin Reyes
Every job in the entire world is made up of retards, and a small tiny percentage of people who are capable, and an infinitely smaller number of people good at what they do.
Even roles that the outsider thinks are for "professionals" are full of dipshits.
Jobs are like school. Do the bare minimum required to keep your minder/boss away, and people live by that
Austin Ortiz
extremely reddity image
Eli Baker
Anyone got a good anonymous way to share files. One to many.
Michael Perez
Perhaps
Maybe
It could possibly be
Because it's from reddit?
Juan Perez
idfc if this image is from reddit. The image itself is pretty awesome, love the sights.
Christian Turner
I guess it has something to be privacy related, but why the laugh?
Liam Hall
That image is in my life goals section. The ambiance, view, setup is amazing.
Wyatt Anderson
Your life goal is to live in a highrise in a city? Get some roommates and you probably won't have to pay more than $1k/month.
Brody Young
Paying 1k a month in rent to live with other people sounds fucking outrageous to me.
I cant justify that kind of money.
It's a goal for that reason; I want it to myself, and to afford it and not be broke. Like I can afford my shit unit in the crime part of town and not think twice about the rent money, I want to make enough to be able to pay for that unit and think nothing of it
This one's kind of shitty though, I wish they made separate movies from each of those training sets, not just snippets.
Also, I rewatched Sunpring. I had forgotten that they interpreted it as a story about cuckolding
Michael Evans
Guy living in HK here.
If you want somewhere half decent in NYC, SF, HK or London (or possibly Singapore too), you'll be paying something similar to that.
The /cyb/ meme of scuzzy, high-density living is a novelty for a while, but it wears thing once you've actually done it.
That having been said, I like HK, you just shouldn't live here unless you're making fat stacks, its not worth it if you're poor
Austin Powell
I wouldn't recommend it. Going solo in a big city is like a death trap, unless you already have friends there. At least with roommates you have someone to talk to at home. Living by yourself is basically a huge suicide risk if you're of a typical mindset of many people on this board. Very easy to go from loneliness to full depressive cycle to suicidal thoughts.
Robert Garcia
You do this book, you don't read it. You get a copy of burp suite free edition or w/e and blow up your own VMs where you install exploited old Wordpress suites and shit as you follow along in the book.
Another good book is Tangled Web, a browser security book The Tangled Web is better for learning the underlying causes of various issues presented in Web Hacker's Handbook, and for learning how to prevent them. It has practical checklists at the end of every chapter for anyone building an application which is extremely helpful if you're making some Tor hidden site to drop your cipherpunk manifesto or w/e.
It is a lot to learn but you're not expected to memorize everything, that's why it's a book you can go back to it later for reference or take notes, and make yourself a checklist(s) like Tangled Web does.
Josiah Campbell
Not previous user, but living in a place without huge sky's made me to not be ambitious to love there.
I want a very small flat (I guess I would call it that in english) full of tech that I will hopefully understand at its most when I reach that point.
Hudson Edwards
>I want a very small flat
Welcome to HK, you'll fit right in here
James Morris
Yeah what you want to do is live with your wife or girlfriend, then split the rent across 2 paychecks.
Joseph Watson
I will lie if I told you I never though about Shenzen or Hong Kong, but language barrier makes me discard it fast af, beside the firewall thing (although iirc HK is out of that, righ?)
Samuel Garcia
Shenzhen isn't great tbqh m8. It sounds all cyber, but it's just a newly-built Chinese city. If you want to live on the Mainland, go to Shanghai.
HK is outside the firewall (for the moment anyway), not too sure about SZ as it's an SEZ, but I'd imagine it's censored.
Very easy to get around though. They're clamping down on VPNs a bit, but with Tor it's a piece of piss to get around.
Mainland is also way way the fuck ahead of HK (and even the West) in some regards, e.g. cashless payments (Wechat and Alipay are everywhere, they're crazy good), bikesharing (Mobike and Ofo are everywhere), that kind of thing.
Zero language barrier in HK, I know whites who were born and raised here who barely have a word of Canto, same in Singapore. You need it on the mainland though- it's become a bit less socially acceptable for expats in Shanghai to not have any mandarin, it's kind of expected now, I presume SZ is the same. But if you're going to learn a Chinese dialect/language, Mandarin is the easiest by a mile anyway.
Gavin Ramirez
Well I sometimes use anonfile.com, seems ok
Ryder Baker
)))))))))))
Andrew White
Shenzen is pretty cyber, there's literal dudes on the streets hacking together stuff and dudes hawking electronics everywhere on the street. CHYNA is heavily polluted and overpriced though. You couldn't pay me to live there and eat the toxic food, breathe the unbreathable air, use the toxic toothpaste. One exception is that carless island Xiamen. It's pretty cool but again toxic food and toothpaste.
Taipei is good, breatheable air and eatable food as long as it's not imported from the mainland.
Juan Wright
You've never lived there, how do you know what the streets are filled with?
James Myers
>Guy living in HK here. Last time I visited HK I was told there is a huge air pollution problem, coming from Shenzhen. Still true?
Isaac Howard
Petrosyan, is that you?
Ian Powell
Taipei is not china tho
Matthew Ramirez
Keep it up.
Tyler Allen
There's a bit of pollution but nothing compared to the mainland
Go to Beijing and you'll see some shit.
Taipei is very clear though, same with Singapore
Angel Allen
>Go to Beijing and you'll see some shit. yeah, I have been there. I think it is more correct to say I hardly could see a thing.
Tokyo is clean though hazy. Yokohama had a bad reputation but I think that is now a long time ago. I guess the Minamata disaster has something to do with it.
Easton Edwards
If you've already compromised two machines and one of them is connected to another network you can drop your tools onto that machine to further investigate and see if there are more exploitable machines within the second network. You should also be able to do this through a meterpreter console if that's how you have shell access.
>labs in a box Check out vulnhub, it's essentially what you want, though many are CTFs.
Justin Howard
>you can drop your tools onto that machine to further investigate Shit I didnt know you could do that? Okay cool, thats certainly a good idea Ill check it out.
>vulnhub Ah okay, I just thought EVERYTHING was CTF since I got a few easy ones from there, I didnt know they did labs.
Jace Carter
Be careful about moving tools in a real situation, though for practice it's fine, netcat makes this easy. Though, that being said, I'm pretty sure you can configure nmap to route through the proxy/ssh tunnel, I can't remember exactly how to do it. If you read the man files you should be able to find out more.