Previous thread: Suggestions for new resources is welcome. The Gentoomen /sec/ community is looking for CTF team members, contact them at the IRC channel.
For general usage is it better to run Kali as a VM, boot to it from a live USB or have it installed on disk and dual boot it?
Anthony Lopez
Jesus /sec/ is dying , i guess I'll need a new site
Jonathan Fisher
I'd say boot it from a live USB, I don't really like the idea of kali's root forcing.
Blake Watson
HackerNews, HackerOne, /r/netsec are the good ones. And follow infosec people (MalwareTech, etc.) on Twitter to stay in the loop.
Jackson Price
I just got $250 in BTC for a bug bounty. What should I do with it? Hold, or invest elsewhere?
Nolan Gray
Idk, buy drugs or something
Sebastian Lee
Just keep them I guess, sounds like you don't need the money. BTC is bound to go up.
Tyler Edwards
Hold it, unless you need the money.
Charles Hall
>$250 >invest
Josiah Davis
Invest in books or hardware/tools
Jaxson Flores
This.
Austin Lee
I've done all of the about:config work in Firefox and installed the recommended add-ons.
Are there any similar recommended configurations and add-ons for Thunderbird?
Nicholas Evans
just disable html and you're good to go
Carson Walker
Pls /sec/ you cannot die.
Jaxon Cruz
We might have to remerge if this lull persists
Adrian Jones
Someone needs to say something to trigger people.
Thomas Miller
I was too busy hacking to post but I'm here now! In case you're unaware who I am; I'm one of the 4 people in this thread who know anything at all about anything.
Elijah Hughes
thought you were on vacation ? or has user been talking shit again
Isaac Allen
Nah, that's the other 3. Bunch of fucking normies...
Colton Sanders
You're so edgy and cool, I wish I were an expert like you!
John Thomas
Do something do something! Show us!
Isaiah Gomez
mari is objectively best girl
Joseph Martin
Lovecruft is objectively best girl.
Hunter Hughes
...
Ethan Price
Whoa, you're so hardcore! How do I change my NAT type?!
Benjamin Foster
Skulls 2spooky4me
Tyler Ross
>NAT type uhhhh check your router settings?
Chase Green
How do you motive yourself to keep doing bounties?
Nathaniel Ross
WokFi is so comfy.
Literally what I think of when I see Sup Forums. In a decade we will be running reverse engineered smart toasters and microwaves with GNU/Linux LibreKernel Penguinator Edition XXII frankenstiened together with childrens electronic toy components and ancient pheripherals
the normies will all be using locked down ijails without any interfaces but voice
no I/O with wireless charging and centralized global wifi
no switches or buttons and integrated with all the cameras and every database
THIS SUMMER >Botnet:2040 -The last cyber crusade.
Leo Anderson
That money and fame attached to your haxxer moniker.
Plus you get to support the open community which has given free knowledge to you and is probably of personal interest.
Do you even white hat?
Alexander Cook
Aren't grey and black hat so much more c00l3r and l337?
Jace Miller
This. I cannot wait. The moment you have to start producing your own hardware, is the moment you know it is getting good.
Dominic Martinez
>fame >99% of reports are classified
Xavier Jones
>hackernews >hacker >news
Adam Torres
Is electronic (not electrical) engineer a nice career if in the future I want to do something cybersecurity related? (In my 3rd werld hellhole we don't have a cybersecurity career, and computer engineering seems kinda meh)
Justin Brown
literally I just came into this thread, and you remind me of this faggot I had in my line at college bookstore, how he knew "9 programming languages" while he was buying greenfoot book. Wearing fedora, had a cane, and fingerless gloves, wearing a trenchcoat.
Jonathan Howard
I'd love to see a picture of that.
Daniel Long
We need a reading list.
Tyler Taylor
I wish I had one, the motherfucker couldn't even list 9 languages, he hesitated. I was the cashier.
Nathaniel Rodriguez
They were all BASH, I'm sure.
Cameron Ward
Computer engineering is shit, the best thing I've been taught in a year has been the math.
I don't know about EE, maybe, if you like hardware. Don't expect to get taught proper cybersec stuff at college.
Hunter Kelly
Become autodidact, you have almost an unlimited supply of free university quality information and learning resources within a few keystrokes. If you want to forge a legitimate career out of it, get certified and find a job outside of your shitty country. If I were you, I'd teach myself CE/EE for utility, as you'll be needing it as a survival skill in the near-future.
Lincoln Howard
Gentle bump, page 8
Jayden Watson
Yeah, I figured, I'd like to go on EE because of research of any of its subfields sounds really interesting to me, but I'd like to work in the cybersecurity "biz" in the meantime, ofc I'm thinking longterm, but in anycase thanks for the input though!
pretty sure krebs and schneier work for govt agencies...
learn how to trade at exchangers, how to read stoc charts, buy shitcoins, ride the waves. samefag
Ryder Brooks
come on fags, bump this shit ffs
Jackson Davis
How about I bump my cock right into your ass fuck boy?
Jackson Stewart
Is a 1.5 year postgrad specialisation in Information Security worth it?
Grayson Jones
obligatory
anyone been working on any projects? ive been trolling an ISP support forum past few days posing as multiple admins ive already established vulnerabilities and circumvented their ability to ban me
Angel Allen
Is OverTheWire's bandit wargame down? I'm just getting an error because I can't connect channel 0.
Dylan Bennett
Has anywork worked with making Tox bots using Ratox and Python/Ruby? >en.wikipedia.org/wiki/WokFi This looks cool as heck.
Julian Wood
Have you tried getting a VPN for all of you?
What do they even teach in it? If you already have that knowledge you maybe shouldn't even bother.
Alexander Cooper
I'll be competing, would be cool to see others' takes on the challenges
The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
looks good, but the lesspipe error wasn't there a few days ago
Jayden Perry
use code tags
Nicholas Myers
how do I into them ?
Brody Campbell
like this
Logan Gray
Thanks!
Anyone have any recommendations for a good nmap video tutorial?
Kevin Cruz
I stumbled upon AOSP docs source.android.com/security/encryption/full-disk and the way it was written made me wonder which partitions are being encrypted using the default system option in custom ROMs like LineageOS.
My point is that obviously firmware factory reset partition and bootloader are left unencrypted. I was wondering if same applies to some partitions that may contain sensitive data, such as /AppsLog.
Let's say that I left ADB debugging with root access switched on in my phone. The ROM was the newest LineageOS (14.x)
I tried to connect to the phone through USB from another computer. It wouldn't let me connect as long as I didn't turn on the phone, decrypt it and add the PC to the list of known hosts. $ adb shell ... error
Then I tried a different approach and live-booted another recovery image through the fastboot mode. $ fastboot boot twrp.img
from there I could enter USB debugging mode and browse through the encrypted content $ adb shell [phone] #
I was concerned about apps logs [phone] # find / -name "*log*" It did return me a long list of files, none of which seemed to contain any "apps" word in it.
Then my ADB connection broke and phone became inresponsive. I rebooted it, tried to reproduce the previous connection but without success. I can no longer use "fastboot boot" as it makes my phone's screen go dark and do nothing. Somehow it worked first time when I tried it, but doesn't anymore. Read somewhere that google disabled "fastboot boot" option in newer versions of Android, but why the fuarrrk did it boot correctly for me, once?
My question is, are there any partitions left unencrypted? Are they worth attention?
Pic related. Also after I quit trying, I booted the phone normally. I had like 20 MB of mobile data transfer left to use before trying to fastboot boot (we pay for mobile internet transfer in Poland). Even though data roaming was turned off the whole time, my remaining transfer run out. Creepy as fuck.
Xavier Barnes
I'm divided guys. In my country there's a new part of the army that focuses on cybersecurity. Sounds pretty cool but I would have to survive 3 months of basic training, cut my hair, get /fit/ and deal with a bunch of conservatives/traditionalists (the army is full of them)
What should i do? Doe anyone have experience with professional/government education on cybsec?
Cooper Ward
yes
Chase Campbell
Don't do it. You'll be working with the enemy of a free and open internet
Angel Powell
▲ ▲▲
James Phillips
r-rude~
Benjamin Walker
Educational or entertainment?
Alexander Mitchell
The encryption sucks, it's basically a kernel mod they build because they wanted to avoid using any GPL code (so no cryptsetup/LUKS)
Also remember a year ago you could just smash in any random garbage into the "enter password to unlock this phone" screen and it would just magically unlock.
If you want a phone that has real encryption you're stuck with shit iProducts, as they use 'Secure Enclave' meaning your key is local to the device stored in hardware. I'm not sure if Appslog is encrypted, prob not, I assume only /data is encrypted. There's whitepapers around for AOSP encryption but of course if you have a rooted phone that leaves open many other problems of grabbing keys
Ethan Young
Most of the really good ''hackers' went this route, like Charlie Miller who worked for NSA before becoming a contractor and breaking into car software.
You get to see advanced tier shit, do a bunch of capture the flag type competitions, and an assload of 'security management' which means you can be Chief Security Info Officer at some corporation afterwards. The guy who ran out team at an appsec outfit I once worked for was Ex army, he's now on their executive board last time I checked.
Of course downsides: >being a state actor means ppl spying on you or possibly murking you if you travel to wrong country >if you fuck up and leak anything you go to jail >low pay, but free education
Angel Thompson
>2017 >willingly getting yourself on a list
Aiden Hall
Been writing some custom fuzzers for macOS/iOS and have found a couple interesting vulnerabilities in some proprietary drivers, but have had trouble reverse engineering the drivers to find the core bug itself due to the RTTI from C++ :(. Any tips for RE in IDA? Any places where I might be able to ask some more questions on the subject? Been really enjoying doing this work and I'd like to keep on going, but it feels like I've hit a wall because each time I figure out one call theres 20 more calls I now have to figure out.
Elijah Stewart
>each time I figure out one call theres 20 more calls I now have to figure out I feel you. I reverse a lot of enterprise software and it is just the fucking agonising fact of it.
Blake Gutierrez
Do you know of any places to talk about RE? Not something skiddy like hf, just like a nice academic/professional community to talk about IDA and shit.
Camden Martin
Unfortunately not; sorry dude. If you find anywhere let me know.
Mason Clark
Still me but do you have any tips on doing structs in Ida? I heard it's really good for figuring out RTTI shit since you can get the vtables figured out and then see shit like obj->vtable->methodCall(); but I haven't been able to make a struct since those fucking keybinds suck shit and theres no undo.
Wyatt Green
ycombinator/hacker news, make an ask HN thread. Also stack exchange/overflow lots of RE ppl
Lincoln Thomas
I heard HN is more focused on startups/silicon valley esque stuff. If I ask a technical question/discussion will that be frowned upon?
Jonathan Richardson
I don't use IDA; I mostly use binary ninja and radare2. I'm probably a fucking caveman but I normally end up manually working out what the members of an object are and manually defining structs in my tools.
Camden Hughes
holy shit dude you have my respect, I'd be dead without the HexRays Decompiler. Any chance you have an XMPP/Email I can hyu at?
William Watson
Sure thing. You should be able to reach me at wxboy at myfat dot wang.
Tyler Rogers
awesome. you can email me at bezos at amazon dot com have a good day familioni
William Morgan
Do not let Kali near your actual operating system. It has a large amount of packages that they don't verify, anyone of those could get compromised and it's all over. If you have a powerful enough computer, use a VM. Otherwise Live USB, but unplug your hard-drives (or better yet, keep them encrypted) and don't let Kali near that shit.
Cameron Ortiz
That's a cockli address you uber nigg.er Don't expect anyone to know anything. It's a bunch of inside-voiced small talk and self-promotion out the waxed asshole.
Austin Diaz
oh I didn't know that cockli got that one. I'll hit you up in a bit.