It makes a pretty good introduction to ASM and Lua too.
Brayden Scott
Found it on Library Genesis, thank you.
Chase Gomez
>regale Word of the day. I used to be into game hacking as a kid. Usually just altering memory values and using custom dlls. Most new/beta/indie games are ripe for this because they're teeming with vulnerabilities to be exploited. You can make some money off of it, by selling expensive IG items for cheap or just running bots for various things (ranks, farming, etc.) and they're as simple as hooking your program to memory. Me in the RAM chips. For mission critical software, remember to audit everything yourself and verify signatures from multiple sources. Otherwise it's all in vain.
Anyone have any helpful resources on vuln research? I have a pretty clear path ahead of me that I'm gonna stay on, but more info is always helpful.
Kevin Young
>You can make some money off of it Can't you get sued pretty bad though? Not that I care much, I know my opsec, but could be pretty worrying in the long term.
Also do you know where I can learn some techniques for cloaking my actions? There's a chapter about that in game hacking but some other sources could be nice.
Jaxson Carter
>tfw a baby is more technically competent than you are
Alexander Richardson
if I want to discuss reverse engineering on a firmware, where would I go?
Asher Brown
Yeah you can get royally shafted if you don't stay low and out of the eye of behemoths. Two that come to mind recently are Blizzard and Epic suing cheat makers. Blizzard is suing some company (wew, >incorporating a company) because they've done "irreparable damage" to their game only because the tool was, allegedly, so widespread in use. Epic is suing under some legal loophole bullshit because the guy uploaded a video, Epic filed a copyright notice, and the guy disputed it so now he's getting leeched. The lesson here is to go silent and make a new identity once you start getting any heat at all. You'll lose rep and recurring revenue, but this a hit that has to be taken for long-term survival. And it's better not to fuck with companies with the resources to find your ass and make a statement.
I think OPSEC is generally the same no matter what grey-area endeavours you partake in. Mask your fingerprint, compartmentalize, and be risk-averse and hyper paranoid. This is theory, but you can search through the OP links for info on these and I can try to answer any questions you have to the best of my ability.
I meant cloaking the actions so the server doesn't notice me as much, or stuff like that.
I'll obviously don't try to go for big companies, since they have their dedicated teams. And they use companies to launder the money I guess.
I really don't know one thing, and that's which browser to choose when fiddling with bad stuff. Tor with several add-ons?
Aaron Brooks
me on the right
Austin Torres
Hi, what are some unknowing mistakes I could make when securing my KeePass database in an insecure place?
Is it possible to get the data if you have many versions of the encrypted Databank with always only one password changed or added?
Elijah Nguyen
Why are you putting your KeePass db in an insecure place?
Grayson Adams
I consider everything that isn't my local machine insecure. I want to plan for the worst case scenario, that's all.
I consider using a cloud service as the convenience gain would be very high, I am just asking here if the security gain is negligible.
Matthew Nelson
Just get it on a few USB Drives and call it a day, cloud is the devil.
Brandon Russell
>I meant cloaking the actions so the server doesn't notice me as much, or stuff like that. Realistically, you can't. Any developer worth their salt is using an anti-cheat engine. If you have the time and inclination, you can find out what engine they're using and look for holes yourself, through documentation/RE. This takes an assload of time though, and when I was active I'd just enumerate over exploit identifiers over different accounts to see which ones they used.
You could also do some black magic with exploiting Windows itself to get past the anti-cheat engines, but that requires a lot of domain knowledge.
If you want to know more, check out the Black Hat archives for gaming. IIRC they had a few: infocon.org/cons/Black Hat/
Chase Cruz
>cloud is devil Why? Do you include self-hosted too or only the big names?
Thomas Martinez
Self-hosted is alright, hosted by others is where the problem lays.
Levi Thompson
If it's password protected with a large-bit pass, what is the issue with keeping it on the cloud unless you're talking about a long-term brute-force?
Logan Anderson
me on the left
Jordan Phillips
even if you encrypt everything?
Ian Robinson
Use opera vpn it is free
Samuel Jackson
what problems explicitly
Eli Brooks
Weak to side-channel I guess, it's their hardware after all.
Yeah, long-term bruteforcing is what I'm talking about.
Josiah Parker
Data selling.
Ian Brown
>Encrypt locally >Use VPN >Fake Email
The only thing they can sell is that they have a user who encrypts data, which is valuable information, but less valuable to them then the normal info they would get. This might even cuck them as they lose money on you if you don't shill their services to friends
Easton Reyes
Sweet thanks for the info. As far as I know most anti-cheat systems are crap and easy to bypass, but I wouldn't know since I'm new to this.
Do you know if "impersonating" the anti-cheat would work fine? As in disabling the original and acting as it for the game to still start properly and the servers to not be concerned.
Asher White
You can store your encrypted data on an untrusted machine safely if you do all the encryption at home and then just upload the encrypted payload. But doing COMPUTING on an untrusted server is not something you can make more secure with encryption, for the untrusted server has all the keys.
>inb4 homomorphic encryption
Kayden Richardson
Yeah that could work.
Joseph Clark
Yeah but what can I do to make my encryption at home more secure?
If a plaintext file always changes in little steps, is it possible to derive the key from the differences in the cipher?
Should you change the key everytime you change the file?
Landon Clark
>Yeah, long-term bruteforcing is what I'm talking about. We could lessen our risk by taking the fastest known operations per second value, calculating how long it would take to crack a certain (pseudo)random password, and change our passwords before that time period is reached. This also introduces the trade-off of only storing dynamic data like account passwords and not things like banking/cc info and wallet seeds. Though the later could also go through the aforementioned process of moving all of your coins to another newly generated wallet and ditching the old one.
Cloud services are incredibly convenient, if proper steps are taken to secure your data. Wrote so much I almost forgot about your second question. >I really don't know one thing, and that's which browser to choose when fiddling with bad stuff. Tor with several add-ons? It depends what you mean by "fiddling with bad stuff." Are you trying to stay secure or anonymous? >Do you know if "impersonating" the anti-cheat would work fine? As in disabling the original and acting as it for the game to still start properly and the servers to not be concerned. You should always try whatever comes to mind. Some may think it too obvious, but you never know what opportunities human error can open. In your specific case, a good anti-cheat would be off-loaded to the companies server and not be client-sided. And if it is client-sided, there would likely be a hash-check to make sure it wasn't tampered with. However those two may be able to be spoofed with packet interception.
Anthony Cruz
Should I go to the networking path if I want to pursue cybersecurity/infosec?
Thomas Brown
Networking is integral to a lot of professions in the domain of "cybersecurity/infosec," but its importance is modulated by what exactly you're interested in.
Carter Gomez
> (You) >Networking is integral to a lot of professions in the domain of "cybersecurity/infosec," but its importance is modulated by what exactly you're interested in. I'm Interested in secure systems and penetration testing. So a little of blue and red team
Nicholas Cook
those forums are pretty dead, i mean the first link is still semi active. Thanks for the links!
Angel Murphy
Then networking is going to be pretty important along side everything else (like understanding the OS and programming).
Jayden Wright
Thanks! That was what I was thinking about.
Aiden Phillips
I just went through the essentials hastebin.
If I do everything browser related and use a VPN, will I leave any trace of my online activity?
Lucas Reed
any book recommendations for someone with a computer science background looking to concentrate in security?
Jonathan Hill
Try to stay anonymous, mostly.
Hacking: the Art of Exploitation is a good start.
Adrian Watson
Even with a VPN the website can still see all of your hardware UID's which can be used to identity you, for example;
You used the same hardware to sign into your personal email. Or you purchased the hardware online/not with cash.
Dominic Brown
>tfw there is no open source anti ddos platform
Oliver Gutierrez
i've heard of that one before, i think it's one of the free books you can get if you're an ACM member. will have to read it sometime