/cyb/ /sec/

To post in this thread you need to post one thing you are currently working on.

I recommend the Edx micro-masters in Cybersecurity from RIT (Rochester Institute of Technology).

edx.org/micromasters/ritx-cybersecurity

I recently finished the Forensic module and now I'm in the Risk Management module.

Each module last 8 weeks. There are 5 modules in the entire course.

I'm really liking it.

i think it may just seen easier because they're working on more trivial things in assembly than in C, or because it's clarified any confusion you may have had about what pointers are or w/e. although it's true that you don't have to memorize the workings of malloc vs calloc when you just have the memory in your bss section. but in total C is probably the better of the two to develop with if you had to pick :)

ironic. all he did was say that you are not free to voice your opinion at google if you are right of center, and in google's response they say "we LOVE when our employees share their opinions!" not surprised though. our time will come soon enough

I hope google starts to lose talent long term because of this. Definitely making me think twice about trying to go for project zero.

>CCNA Cyber ops
>setting up a professional data centre type lab with domain controllers, firewalls and dmz
>pen testing book
Slowly slowly learning more and more than my peers. I'll be entering the stratosphere soon while they continue to be shitful scrubs

take joy in your own success, not the failures of others

I do take some joy in it because these people dismissed me and looked at me like I was retarded for CHOOSING to study, for VOLUNTEERING to be sent on PAID courses; they are happy and content to do the same hardware repair forever, but try make me feel like a loser for wanting more.

61788022 (last thread)

Your right man...whenever I have thought about exploit development, for some reason my mind always falls back on binary stuff, not development toward web apps...what you said makes sense, as drive-by exploits are incredibly lethal...I thinking combining even the poorest level of exploit develpment in that are would pay big dividends for me given my other skills...

I have exploited basic web application vulns in the past, but these were always much more predatory/opportunistic then I would like...

I appreciate the new looks on things man...Thank you!

Guys my spelling is atrocious tonight given my working and trying to keep up on the thread as well...

user who got this thread up again after last one closed, thank you.

All g

TGG always here to keep this thread up

Whats a good documentation for wireshark?

youtube.com/watch?v=qzGLCqW_wrM
Pretty generic explanation of a javascript dropper if you were interested in it.

Whats a good assembler to get into? Any good resources for them?

MASM is too narrow, and NASM seems to not have alot of resources, even if I am learning it.

Definitely am. Thanks!

So there's probably no way to say it without actually spelling it out.

How often do you pro guys wrap things using veil evasion?

I cooked up a real basic Trojan into a portable application, used veil evasion and it with no issues slipped past and worked on a 100% updated w10, 7, server 2012, and once I installed wine, os sierra for fucks sake.

That made me real paranoid about how often I've used warez cracks with reverse shells in them, but I was just blown away how easy that was..

FASM is good, but all the x86 ones do the same shit really.

If your payload gets spread around it will start being picked up by AV. Until then it will be relatively undetectable. You might want to set up a bunch of VMs with up to date anti virus and test in there if you know your target will have a certain vendor. Just make sure it can't submit the sample to the cloud. Enjoy your new found paranoia.

Veil is real cool, I use it on occasion. I generally spend an hour or two making a batch of payloads amd keep a text file noting the differences of each file.

Honestly, just run them in a sandbox and monitor network communications. If any, something's up. A keygen has no business calling home.

Do you need some background for it?

t. EE freshmen.

I have a question leading on from the other thread about ISP's.

I always thought that your ISP only see's what comes out of the router and not the individual devices behind the router, if this is the case then how does an ISP have such detailed information about the hardware you are using?

The best reason to use python is the libraries and programs written in it

not really answering your question, but take a look at shellter. AFAIK it's the golden egg for AV evasion.

Shellter free is kinda meh, the paid version is uber1337 tho

Is this the place to be asking how exactly veil works? I don't like even bringing up the name because eventually it'll get banhmered like msfvenom exploits ala nakashakita (yep that's totally how you spell it /s)

But if I get the same Exe, make three copies,and run all three through veil with the same properties three separate times, am I going to get 1 or 3 different payloads?

it's spelled shikata na gai, baka

or shikata ga nai

Veil is on it's third iteration to be honest I am not sure how it works on a deep level anymore. nakakashakbaka was just an xor encoder.

Are you asking if your ISP can only see that traffic is coming from the router?

If so you are correct, the ISP won't know how many people or what devices are being used behind the router, they would need physical access to the router to gain that information. In the case of ISP provided routers, they come backdoored so that the ISP can remotely update the firmware.

>nakakashakbaka
I cannot stop smirking

i'm using NASM

You're not going to get code exec from browsers easily, downloading a file is one thing, forcing a browser to execute it is a lot harder
real browser 0day is worth a fucking lot of money for a good reason

Was there a big fuck off gpu cluster put together to crack NTLM V2 hashes?

I guess I was mistaken then

...

...

Im still going to get this done on myself. I love it so much. Not a replica, the general idea

man wireshark

I've heard wireshark man is a good guy

...

...

For cybsec C is the only answer.

For the most part it's quicker and easier to write userland exploits in python. For kernel exploits however, yeah. Quite strong knowledge of C or some other systems language is advisable.

Google is not what it seems, by Julian Assange
wikileaks.org/google-is-not-what-it-seems/

I will buy this when it comes ot

Tokyo Metropolitan Building appears to have a few DF antennas. Looking over using Google maps shows something else. Strange.

So as I promised in the previous thread, I'll post my brief points about Neuromancer. Generally it's a worthwhile read, at least for the cultural aspect alone. It's not as outdated as some people talk, it goes beyond being just an 80s rendition of the future. Pic related in the cover from the graphic novel, that thing is horrible and is no substitute for the book.

The presentaiton of low life high tech is really good, though I don't appreciate how far it goes into the future with outer space colonies midway through the book, as at that point the cyberpunk aspect takes a nosedive. That's why I liked Burning Chrome more, it's more minimal, less ambitious or unrecognizable.

I found the portrayal of the cyberspace quite confusing. Previously I read Burning Chrome and the matrix there was described as something geometrical, bearing no lifelike form. The abstractness was easy to grasp. In Neuromancer however there seems to be a mix of everything, physical and abstract representation. The storytelling when both are in play is absolutely chaotic, hard to follow. Things I was imagining as abstract blobs turn out to be in physical shape of sorts in other parts.

continued...

(continued)

3Janes' motivation seems very dubious, I would say badly written even. She is familiar with the characters for several hours at best, her compassion seems unfound, moreso foolish as she fails to see how her willing cooperation leads to an apparent downfall. She takes no step to verify the claims of eminent destruction. Everyone else is always on their toes, except this girl.

Wikipedia article says Gibson rewrote the first two-thirds of Neuromancer after seeing Bladerunner. Well he should've rewritten the rest too.

I think a somewhat missed out point about Neuromancer is how everything is interconnected and how that might hurt those who follow the naive wiredness. In the book, society and even the people or machines that utilize the weaknesses of extreme wiredness don't seem to express any estimation of how they are sucessful thanks to that, everything seems so complacent. Maybe that's why the interpretations are muted when it comes to interconnectness, it's not signaled explicitly anyhow.
Anyhow, the relevance and risks have a strong current day foothold as companies rush out products with internet connectivity without properly investigating how the devices might be utilized to remotely intrude upon owners or how said devices with little or no protection might be used for attacks large enough to cripple even the biggest internet providers.
The book here really has some predictive power for the situation that is still evolving.

And that's about it, this cover is taken from a smaller graphical novel that tried to publish whatever was left after the discontinued original.

>I found the portrayal of the cyberspace quite confusing.
My understanding was that information and databases in Cyberspace were represented by geometrical structures but actors and AIs were not.

The inspiration was computer games from the 1980's where Wm Gibson saw players looking deep into the screen, absorbed in the virtual world of the game.

Pic. related is probably close to what we are talking about.

In Burning Chrome everything is abstract geometry. After having read that, that's what I imagined the cyberspace would be too in Neuromancer. Gibson made no attempt to portray it as having physical properties at the start so when it shifted to having humanoid visions got me really confused. I then went to imagining these semi-geometric semi-humanoid descriptions. For example, I imagined the cyberspace description of Armitage as a flying cube with one side textured with his face (pic related minus ears).

The graphic novel while shit, attempted something sane, both abstract and concrete at the same image for cyberspace. Attaching

Oh and just so no one feels left out, attaching the book in two formats. Pick whatever you like better.
ran.2hu.moe/izcene.epub
ran.2hu.moe/jfxuah.pdf

I started reading it last year when I first got my kindle. I read some 50~ pages and found it boring, even though I really love cyberpunk. Should I give it another shot? Does it get better later on or does the book keeps on the same pace?

If you didn't enjoy anything following the Sense/Net hacking, don't bother, it will not get better.

>even though I really love cyberpunk
What in particular?

To me the book feels like riding shotgun, so just strap in and enjoy the ride. It's writting in fast pace anyways, so you can finish it in a couple of nights.

Give it another shot and then pick up the other books of the Sprawl.

>Sense/Net hacking
I don't remember any hacking in the book, though it's been a while since I read it. Though this idea piqued my interest.

>What in particular?
I'm not sure how to put it into words (English is my second language) but I find it very interesting the way that the "net" is portrayed in GitS. The idea of you projecting (is this the right word?) your conscience into the network and directly interacting with it has a very high appeal to me and I'd like to see more of it. Does it make sense?

Yeah, I just re-read the points the other user (or was it you?) made about the book and I'm considering giving it another chance. I just might do that.

Also, directed to both of you, what do you think about the other books in the trilogy?

>Also, directed to both of you, what do you think about the other books in the trilogy?

They are more focused and thus structured. It still feels like Cyberpunk obviously, but Neuromancer is literally all over the place. At least it felt like that when I first read it. Now that I read it again it makes more sense, but compared to the other two, it's much more "anarchic punkish".

Yeah, modern day browsers are battle tested and go through quite a rigorous secure development lifecycle. You need to jump through a number of exploit mitigations after you find a vulnerability and it can be a major pain in the ass during exploit development. So it's certainly possible, but it generally requires a lot of time/effort which translates to higher payouts.

>I don't remember any hacking in the book, though it's been a while since I read it. Though this idea piqued my interest.

The start of the book has the main protag play a street degenerate until his senses and abilities are restored. There's much less neo noir moments as such afterwards. The whole backstory starts to get uncovered as separate missions get completed. Cyberspace exploration is key in this.
If you haven't yet gotten through the very first hacking mission, at least consider finishing that. If you still don't feel good about it by then, then consider skipping.

Do the courses cost money?

I see. I'll start reading it again since I forgot most of it and I'll report here in due time. Thanks.

>install linux
>fuck up
>stuck on tty1
>keyboard doesn't work
>usb keyboards don't seem to take either

fuck

How can I keep myself as safe as possible while using windows 10?
I work in an industrial environment where windows is a real necessity because of all the retarded proprietary software (I use linux at home).

Safe against what and against whom specifically?

Against peeking eyes. Privacy.
I know, I know, windows and privacy, hence "safe as possible". Or is it a pipe dream?

Do your work on your employer-issued Windows machine. Do nothing on it that isn't work. Do all your non-work stuff that you want to keep private on your own non-windows machine when you aren't at work.

Your employer will always have a lot of visibility into anything you do on their machines, networks, or that involves them in any way, so keep your activities segregated.

Well, I would not say pipe dream, but you probably know the limitation of windows for all around privacy already.

Standard OPSEC is obvously advices. Seperate your private life as much as you can from your work life. Don't use Social Media during work, encrypt your emails, use seperate passwords that you don't use anywhere else.

And again, you need to get more into detail. Not trying to talk you down or anything, but if you know the potential threats you are facing, it makes it easier to find appropriate defence.

which distro?
a lot of people use debian or ubuntu because it just "werks" and does stuff for them.

Opinion on adnauseam?

Also, if you want to have some stuff to read in that regard:
1. The art of deception - controlling the human element of security
2. Secrets and Lies Digital Security
3. Social Engineering - The Art of Human Hacking
4. Security engineering

If possible, read in that order.

Ubuntu, but I tried to install a script to get the trackpad working properly.

I think if I can get control of it again, I'll just wipe it and reinstall Ubuntu. How do I boot from USB exactly? Hold Shift?

to boot from devices, there should be a prompt telling you how on start up screen which will show the logo of computer manufacturer (lenovo, dell,etc..) or motherboard manufacturer (asrock, evga,) press that then press enter after going on your usb device

I don't get that when booting up. I did when I had Windows, but last night I wiped it and installed Ubuntu.

Did I fuck up even more severely than I though?

Does anyone know if those little programs to stop windows 10 from phoning home are effective?

Try F1-F4 or F9-F12, usually one of those eight keys brings up the bootloader

nah, the motherboard of your system has a bios battery which you probably havent been tampering with, so you probably have fast boot, or utlra fast boot on, im not sure if your pc manufacturer has the program to remove ultra fast boot supported on linux.

I'll keep those in mind, then.
Meanwhile, I think I'm just gonna have to either wait out my laptop's battery running out, which sucks because the battery tends to last for several hours, or until it finishes processing whatever events it claims to have when I hit the power button and bring up a message that the CPU clock is throttled.

How do Install gentoo on my Intel thinkpad laptop? Is there a certain iso I have to get for laptops? I also how do I install I never installed Linux before except on a rasberry pi but I know the process is different.

Also does disabling the drivers for the Webcam and mic in the bios safe? Or am I better off tearing the system down and removing the camera and the mic?

just use the regular iso, not the minimal one, installation is the same as arch and is pretty easy if you follow the instructions, OR, do it repetitively

Is there like special drivers or something I need to get because it is a laptop?

How do websites know exactly what hardware I'm using then? I'm behind a Pfsense router

nah, its just software

You're OP for as long as you want to be OP, user.
I'm 'usual OP', by the way.

Imo Veil is shit. It was good, but not anymore.

Come back please. You were doing a beautiful job. Although the other user kept the game alright.

I will, but I'm still working on updating and streamlining the pasta.
A New OP pointed out to me last thread, it is mammoth.
However, I don't want to stop adding it to as I think the information should be kept as up-to-date as possible, so this means that it needs to be easy to navigate.

Cool, we will be waiting, OOP.

How about presenting the compilation so far? Perfection is not required.

There is also the FAQ. And the FTP site.

And the long dark tea time of the quietness of /cyb/.

I was just checking some pasta:
>pastebin.com/9JaJFqB2
A link there goes to Planet Damage
>planetdamage.com/

Last update appears to be April 2017. Is it on hiatus?

Also on the FAQ there are further pointers:
>planetdamage.com/faq/
Several magazines are listed including The Dose (Pic related) Seems rather Cybergoth. Are there anything newer than 2010?

Knowing assembly also gives you an opening into embedded software. that is a line of work less prone to be outsourced to Asia. Embedded with C code is often done in China and Taiwan, hence all the GNU problems. Assembly stuff is loser to the important IPR of the company and they will not let that part out of the gates. Unless they are suicidal.