"A new life awaits you in the Off-world colonies..."
The Tower and the Farm at Outer Heaven are being built and will resemble (hopefully) a hybrid of Citadel BBS/onion gou with many privacy/security customization in place, plus an arsenal, armory, library and dojo.
Discussion of anything and everything related to cyberpunk and cybersecurity; this includes (but is not limited too) hacking/penetration testing, computer science, futurism, Information Security, privacy/anonymity and the effect cyberpunk/cybersecurity have had on human history.
If you want to ask an Infosec question here, ask yourself if you have exhausted every resource you have to find the answer yourself.
Building an obsessive need to find your own answers could be a key for more than one chain.
All are welcome here; shit is a long way from being right and we are all in this together.
Fables, realities, prophecies and mythology of a community:
Thank you. It is a basic infographic. I would not generally utilize what is on the graphic in the wild, but it is a good visual source for those looking to learn the basics of Denoal of Service.
Ethan Brooks
Also I agree...with the profile Denial of Service has in public, HTTP is a solid protocol to choose for most webservers and ARP (smetimes in combination with Modbus) for embedded devices/SCADA/IoT
Hunter Reyes
huh this is pretty good
Brody Thompson
Infographic for some /cyb/ media
Carter Reyes
Thank you brother (or sister).
I am organizing my data for a project and am going to throw a bunch of the infographics I have up.
Aiden Watson
Infographic for help building online personas.
Ryan Long
I am going to post a bunch of my favorite privacy projects/programs may be flying under the radar a bit
That doesn't matter. They still need to act on it. Dropping it is an act. It's not as CPU intense as replying, but it still has a hit against it. It just needs more bots to equal a reply.
However, it is still better to bounce it with something that will create a lot of CPU activity. One of the best ways is hitting query servers with as basic searches as you can get. Most searches now block common words like "and", "or" and so on, but there are still common English words you can search for. And if there are settings for date ranges, search title and post / article, etc. enable all of them as large as they can go. Thrashing query pages can fucking wreck a sites performance. If it isn't on a dedicated server, RIP site for a bit. It is a hard issue to deal with. I remember some forums had global query limits back in the day. Or some per-IP / -user.
If you are speaking firewall on your end, disable the blocking of it obviously.
Evan Russell
Good Stuff!!!!!
More privacy/anonymity stuff (which have other uses as well):
This doesn't work for several years now. Sup Forums specifically looks for any non standard chunks in image files and additionally magic numbers. Only snowcrashes that reverse bytes for sensitive file formats (say lsb->msb) and least significant bit embeds can pass through the initial image posting filter now. Snowcrashes however can easily be spotted because they're so noisy, so least significant bit embeds are the only viable image hiding technique. 16bpc images actually allow 50% of the size be used for ancillary data without hurting rendered image quality at all.
David Thompson
nice, real nice
Wyatt Perry
God tier. Bless you based user. I've been looking for this kind of protocol for fucking YEARS. Have a shekel.
1. open it in gimp then save it as .data with default settings (RGB) 2. change the extension to .mp3
>muh it does not work
Connor Butler
The method described in the image is unrelated data appending that jpg and a few other formats support. What you posted is a snowcrash. It hides data but doesn't hide the fact the data is hidden. A niggermod can see it and issue a ban because it supposedly breaks one of the rules. I got issued a ban for posting few too many.
Juan Jackson
is there any difference here if u dont swap out "Sup Forums.org" for the actual ip address?
Aaron Cruz
Documentary time. This time it's both /sec/ and /cyb/. Early 90s hacker culture. Topics include: getting caught by the feds, dumpsterdiving, phreaking, hacking in search of conspiracies.
Not really much difference but I'd use the IP address just so it isn't dependent on any (3rd party) DNS severs.
Nolan Parker
guys
so you know how you can verify incoming blocks in a blockchain by checking if it hashes all the way down to the genesis block, right?
so that's all fine and dandy if the nodes are just static ledgers that don't really do anything.
but now, what if you add out-of-mining execution into the mix? (unlike ethereum)
so assume everyone runs a node, but you need to verify that the node of the dude next to you is legit, and if it's not, expel him from the network
if he runs an illegitimate node he's just a black hole for traffic, because it doesn't do what it's supposed to. it just says "feed me data" but some or all its emitted packages (if any) will be rejected.
how do you, without talking to other nodes, figure out that you need to stop sending data to them?
Thomas Morris
pls
Cameron Flores
dis killd the thred
Eli Reed
Good youtube website to learn about networking and compsec? I want to eventually take the sec+ test and a+ certs down the line for my job but I want to start by getting the fundamentals down
William Ortiz
Any cyberpunk discords?
Logan Bailey
Bumping for interest.
Charles Smith
Some of you wanted to see parts of the Downgrade Thread's content merged here about a week ago. Well, here you go:
>Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground goodreads.com/book/show/9319468-kingpin >an embellished recount of how several people "carded" for years with FBI unable to catch up, and almost got away with everything
Gavin Perry
>>Communications: >snipped, since the thread already has enough resources about comms already contribute to existing open source social networks, don't dilute the selection with even more GNU Social clones with paltry feature additions
>>Memos, reminders: buy a paper notepad, they're practically free
>>Bills, payments, interacting with the financial world: avoid online bills prepaid cards, if you dislike carrying cash but want the convenience of a card rent mailboxes for receiving packages don't let Equifax-like companies steal and lose your data again, opt out of credit pre-screening: consumer.ftc.gov/articles/0148-prescreened-credit-and-insurance-offers always buy with cash, especially if you're gonna buy things that insurers can use against you (cigs, booze, fast food, car mods, etc) build credit with ubiquitous items like gas, never with items that can fingerprint you
Hudson Flores
Is it possible to get a job reversing malware (or other binaries) all day?
What kinds of companies/organizations could one get a job like this?
Sebastian Edwards
Yes, Crowdstrike hires for this, so does NCC Group and Optiv and the NSA plus whatever government agency runs your country will hire for this. Kaspersky Labs, pretty much every security outfit.
They're actually desperate for people so I guess start by applying to Crowdstrike/NCC Group or the NSA
Matthew Wood
reversing isn't really work for me either, more like solving a puzzle
on the other hand I feel like it doesn't contribute to society in a meaningful way, because in my utopia you should be able to waterboard developers that don't publish their sourcecode.
Blake Diaz
I see, thanks for the reply. I enjoy reversing, but have a LOT to learn before I can apply for a job in the field. It's my long-run goal, though.
IMO if someone is willing to pay well for work that I enjoy doing, I'll go for it in full force. I'm too autistic to entertain the notion of "contribution to society" and other philosophical mumbo-jumbo. I just want to improve my technical skills and watch anime
Zachary Watson
Are there any regular /sec/ events (CTF, attack defense, etc.) which anons participate in?
Sebastian Perry
nah, you maintain a blog about reversing. You write posts like "Reversing the Docker binary, what does it do?" and you post it to Show HN on Hacker News and you get job offers immediately afterwards or use it as a resume for Crowdstrike or NCC as a junior consultant, they teach you all this on the job.
It ramps up in difficulty real quick. The payload could have been modified (to obfuscate its origin / source language) using a product named codesurfer/x86. If it has access to source code, it can instrument the build process, and obtain disassembly that is high quality enough to support rewriting. Using it's scheme API you can modify the CFG of each procedure directly, serialize the rewritten parts out as nasm, and even relink with the object files you don't have source for. The result is a highly confusing mess.
There's other tricks too, like the talk given at Defcon that one year "Trolling with Math" about fucking with people trying to reverse your binaries.
Eli Scott
>Docker I mean Dropbox binary
Jack Peterson
Not since I dropped out of school.
The real life CTF is hacking those ethereum contracts gentlemen. They're piles of shit, and all you need to do is some simple, manual identifying of a loop invariant and test it holds throughout the procedure, which it won't. Collect your (fake) money.
Jordan Bailey
bumpin with papes
Joshua Gomez
dope
Owen Cox
What OS do you bro's run?
Best friend moved to U.K. not long ago to work for a private security firm and said they're all running Fedora Linux and Windows.
I thought the whole UK thing was Ubuntu?
Anthony Lee
american here, debian stable at home and work
David Perez
if they have the talent, fedora's fine. Probly got some redhat/centos somewhere, too. Ubuntu is for big corp contracts like RHEL. I hear they use SUSE in germany, but I'm on opensuse.
Kevin Green
I'm participating in a reverse engineering CTF called FLARE-ON challenge. It ends October 13th so there's still time to check it out: flare-on.com/
So far it has been a really interesting and challenging test of RE skills. Lots of IDA Pro usage.
Any other anons been making progress on this?
Gavin Morris
>Trying to ping of death someone in $CURRENT_YEAR
Angel Butler
Please don't use pastebin. They track IPs and delete hacker pastes. Please don't yell at me, I mean you no harm.
Carson Perez
...
Austin Foster
American here, running antergros. Couldn't be bothered with arch installs, couldn't stand full system upgrades breaking my shit on Debian. Still run it at work but home machine runs antergros.
Camden Davis
GuixSD after debian broke my shit numerous times over a decade.
Sebastian Rogers
Awesome...had to run into work...glad the thread is still alive. Thanks everyone! I will get to answering any comments and questions soon
Colton Martinez
Thanks user...I haven't seen this infographic before....I am looking to collect them for a project I am working on...anyone else with any relevant infographics, if you can drop them it would be appreciated...just clean all possible meta data please.
Carter Morales
nice buzzwords buddy, you sure you know what they mean?
Dylan Cruz
>private security firm running windows Not even surprised. I use Qubes, a reasonably secure operating system.
Unrelated, should I use Tor?
Aiden Jones
>pay with crypto
as soon as the IRS figures out that there's a blockchain explorer you'll be fucked, sonny.
Cooper Torres
Thanksfor the concern user...why would I yell? Certainly not because you give a shit about a stranger!
Also, I assume every entity online does so (logs) whether intentionally, accidentally, etc...I didn't know about pastebin axing hacker pastes though...what a waste of what I believe could become historically significant content...I believe hackers will become a historically significant population at some point.(I believe this is the case already, but humanity tends to need a fair amount of diistance to gain perspective)
Carter Flores
antivirus companies are big and usually hiring
Kevin Cruz
Holy fuck maderas. This is the best thread I've seen in a while. You're pumping good info
Caleb Hernandez
it would, if you find out the backend IP. 4chins uses a CDN again afaik so DDOS'ing the front end will do little to nothing
Connor Young
Fulltime reverse engineer here. It is definitely possible to find work doing this all day, but it's a very specialised area with not as many job opportunities. The best tip I can give is it's not only anti virus providers that need this kind of knowledge, so don't get set on just the more conventional companies.
Played the ctf up to challenge 5, challenge 4 was a bit of a buzz kill
Ethan Cooper
Thankyou for the insight. The infographics are only a basic idea. A first step showing the basics and theory, hopefully for newbies to build off of. This happens quite often...for instance, an old exploitation method being reworked for a new vector or technology or very specific circumstance.
It is awesome that you provided such a thorough accounting which I think affs to the graphic
I like the.laughing troll...please see above...also, I spend most of my lifetime hours working at or training exploitation techniques...and I am definitely not a denial of service expert...most of my ddos professionally are against scada or other embedded systems if a client or regulation requires it...most of the time this involves ICMP redirect ARP related stuff, bpdu/stp root bridge take overseas and maybe reflective, smurf like ICMP( a much smaller scale variant) than I believe another user thorougjhly articulated. Also some ddos smash and grab type stuff...but I am definitely not an expert on ddos admittedly
Joseph Howard
regarding the backed - checking the DNS history of the site helps. Also check the IP's surroundingthe MX record if it doesn't point o outlook.com. If it does, you know that they use O365
Bentley Reyes
Where do I start with cyber security? Is it worth studying at University?
John Garcia
regular CS and self study gets you farther imho
Jeremiah Davis
whenever we get reverse engineers here i feel like the thread gains at least a +2 bonus...there had been a red team reverse engineer here a few times, and I took notes on their contributions like a creep...I can do some exploit mods, but serious exploit dev/reverse engineering is my dream skillset and the next one of mine I am going to spend serious time on so thanks for hanging out mang. I seriously enjoy whenever I get too noon again.
Nathaniel Martinez
Thanks
Camden Barnes
Noob again I meant...l like when I feel like a lost noon again, because I know there is some super sweet skills building in my future
David Anderson
Yup...I manage the cyber security lab for an international company with 200k employees..I just pentest most of the time...mostly blackbox and red team engagements...and I have a GED...I am almost completely self taught...I just got kind of obsessed and did not cut corners on base level knowledge's and continue to work at being the best I can...its been so fucking cool to actually want to go to work.
Leo Long
Dropped after I solved notepad. Fuck that retarded challenge and fuck FireEye.
Wyatt Taylor
Personally I think tor is good as part of a strategy, but I don't think reliance on any one method or tech is a good idea(though this all really depends on the level of threat you feel you are under/adversary you feel you are most likely to face). The same goes withVPN...I wouldn't trust anyone provider or self hosting.so I may use multiples in a cascading/chain/vpnencap like config that also may utilize Tor, I2P, obfsprox, ssh tunneling...
Qubes is pretty awesome due to the compartmentalization aspect..I also like subgraph and adore whonix...adding privoxy to your Tor plus HTTPS everywhere in never except unencrypted requests mode plus s script blocker with some iptables goodness (maybe from within a VM or whonix) should be fine for common threats to your privacy/anonymity
Henry Bennett
... depending on who you're up against be aware that visiting the tor website will get you Xkeyscore'd
Jonathan Cox
You sound like you have the passion you need to learn. To me the thrill of the job is that the solution is always in there, you just need to find it. It's an intellectual game where determination is what makes or breaks you. If you can be determined enough to look at everything in a binary for weeks just to find another dead end, to which you then again need to come up with another creative way to approach, slowly getting more and more familiar with the intimate details of the obfuscation or the coding style of the author, and then finally amassing enough knowledge to have the power to get anything you want from the binary.. If that power and knowledge excites you like nothing else, then you'll make it.
Dylan Watson
Thanks user...this general is too important to die...the BBS will be done soon...I am just making sure everyone will be safe and that all logging and account type bullshit is cut out(unless someone wants an account on the server)...I am also thinking of using onion gous peer to peer file exchange..implementation beside citadel...I already have a second server(large capacity vps) for sftp and picked up a proliant to build a remote lab/pentest lab for t regulars...I am getting altruistic as I get older, but I want to give back, and I am terrible with half measures...this general will serve as the ground floor...best yet, I want to aggregate posted resources so that they don't dissapear as easily.
Elijah Davis
That's how I feel attacking a network!!! The advantages arr there in the environment. I just need to find them and use those advantages as efficiently as possible to wring every utility out of them...I am just building onto advantages but I also need economy of movement within the lan, because each action I take raises the probability of my discovery...it is hide and go seek in a place where the landscape always changes...its a game where the blue team, IT or SOC are the DM/GM, and I am looking for their blindspots...its a challenge where its me,my wits and my determination against millions in expenditure...but money and bodies doesn't matter as much as skill there, and skill or lack of it will almost always be proven by the end...and its finding unfound door...
Bentley Anderson
My fuck up user...this is my first try at posting a general...I will fix it this next thread
Hudson Taylor
>discord >cyberpunk
Only in the way that your online identity is getting ass pounded.
Nathan Long
>as soon as the IRS figures out that there's a blockchain explorer you'll be fucked, sonny. You are behind the curve, they are already in on it.
e24.no/lov-og-rett/digital-valuta/skattedirektoeren-om-kryptovalutaer-utfordring-at-de-ikke-er-sporbare/24150608 (Google translate) >This week, 50 tax advisors met to a summit on tax in Oslo. Their job is to make sure that 750 million taxpayers pay the right tax. >Together, they constitute the OECD Network of Tax Directors, Forum on Tax Administration (FTA). They meet to discuss taxation of multinational companies and combat tax evasion. >Norway's tax director, Hans Christian Holte, is the incumbent chairman of the FTA. >- Transactions in crypto currency, what do you think of this in a taxation perspective? "Crypto currency has some of the same challenges as cash because they are not necessarily traceable," Holte said to E24. >He adds: >"We have to figure out how to handle this and it is solvable. But the general challenge is that they are not traceable. We must follow how we can control that part of the economy, "Holte says.
It is well worth noting that he states the problem can be solved. He just does not say how. We can however safely assume vast sums are available to solve this.
Eli Hill
American here.FreeBSD Come home, Unix man
Jose Brooks
OK, no probs. I saw the formatting was different so I guessed it was a new OP. The most important thing is that you got this ball rolling again.
Also, where is the OP that was compiling all the inputs from the previous threads? It is an Herculean task but would be greatly appreciated.
Adrian Roberts
Wow user...these look fucking interesting!!!!
All resources that are shared here for aggregation in The arsenal, the armory and library...
I am planning for the home page of the Citadel BBs to be one huge repository of links and possibly infographics...this way, the collective wisdom of the tribe is never lost or wasted...all of your contributions will live on as an act of defiance and for stoned anons to gape at and search at random.
If anons wish a resource to go into the paste enmasse, then I will add them...I intend to keep this general going each day, since i am in the position to do so, though I would likely renege to 0G OP
Carson Phillips
I do not know where that OP is. However, for at least the last year I had wanted to host a simple HTML page of resources.
If the list does not materialize, I will go back and ad everything to the resource wall of the project I am working on. It will be available to all anons there.
Thomas Sullivan
Bladerunner 2049 receiving incredible reviews...I generally could give a fuck what critics say. But when even outlets that give shit reviews to SciFi in general lower their noses to say the movie is better than the first and an incredible schievenent, I am happy.
I liked Sicario a lot, but when heard ridley wasn't coming back, I almost shit a brick.
I so fucking glad if it had to happen that it is not a total abortion..
Now if we could get Ridley Scott to make s Black Rain sequel happen...
Fuck. I don't know who i would be without Bladerunner. Black Rain and Ridley Scott.
Jaxson Barnes
>However, for at least the last year I had wanted to host a simple HTML page of resources. Most of that is in the FAQ. Did you check it out? It was updated recently.
Henry Morales
>Now if we could get Ridley Scott to make s Black Rain sequel happen... Black Rain has a very self contained story and there's way too much of the era appropriate fascination with Japan. It got made just before the economic downturn and even weeaboos nowadays are seemingly disillusioned. I really can't imagine a sequel or a reinterpretation in the same vein. Bubbling future life is happening in coastal China, not Japan anymore. If however you want westerners meet Japan storyline told in a more modern fashion then you should check out Enter the Void and Lost in Translation. They however are not action films.
Ryder Anderson
When will you start boycotting supermarkets and buying future food like Huel and Joylent? (Soylent is crap,since it contains lots of sugar) I've been buying Huel and some food like peanuts at the local supermarket, but the fact that I went to buy my usual big pack of roasted peanuts and learnt that they stopped making it and now make a medium sized version more expensive than the previous big pack really annoyed me, making me not wanting to participate in this highly capitalist society anymore. I've put everything I had in my basket away and went back home.
Nathaniel Sullivan
>possible $ on bookmaker's site need to be protected from any kinds of hacking What machine? What OS? What soft? Other setting?
Sebastian White
May I get some information about how to get or how to search good DNS servers for privacy? I want to enter lil by lil into privacy and security, and I think changing DNS and trying to set up DNScrypt would be a nice 1st step.
May I get some tips? Thank you anons.
Blake Foster
I'm pretty out of touch with Linux but isn't Ubuntu riddled with spyware anyway? I know that Canonicals CEO, Mark Shuttleworth, is a shady chap and Canonical being UK based isn't exactly comforting.
Nathan Morris
>there's way too much of the era appropriate fascination with Japan Cyberpunk literature also had this fascination. There is also "Rising Sun" that also showed Japan as invincible.
Shenzhen is perhaps the happening place just now yet the culture is vastly different so transplanting Cyberpunk into China would take a lot of open surgery.
John Barnes
>isn't Ubuntu riddled with spyware anyway? The mess with the "Lens" search system was resolved a long time ago and in any case it was possible to configure out.
Bentley Sanchez
Google it. There's a guy who does YouTube videos, he has a security+ cheat sheet that's ~30 pages. I forget the name though. People will tell you certs are a waste of money, but the process if studying for them is very useful for teaching you the topic. Could it be better spent elsewhere? Probably, but the structure and goal helps.
Ryder Diaz
A kindly bump.
Benjamin Smith
search for anti censorship dns in your country - ping them to get a overview which ones are responsive. Since that server gets queried all the time, it's no use setting one with 500ms latency. Look for ones that are operated by somewhat trustworthy institutions
Leo Jenkins
Thank you for the tips. I will be search in a little while.
I will be researching on DNScrypt after that. Should I take something in consideration beside googling?