/cyb/ + /sec/: Cyberpunk + Cybersecurity General

/cyb/ + /sec/: Better to burnt out then fade away edition

The Tower and the Farm at Outer Heaven are being built as we speak.

If you want to ask an Infosec question here, ask yourself if you have exhausted every resource you have to find the answer yourself.

Building an obsessive need to find your own answers could be a key for more than one chain.

All are welcome here; shit is a long way from being right and we are all in this together.

Fables, realities, prophecies and mythology of a community:

What is cyberpunk: >pastebin.com/hHN5cBXB

The importance of a cyberpunk mindset applied to a cybersecurity skillset.: >youtu.be/pcSlowAhvUk

Cyberpunk directory: >pastebin.com/VAWNxkxH

Cyberpunk resources: >pastebin.com/Dqfa6uXx

Cybersecurity:

The arsenal, the armory and the library: Cntrl + F for Basic knowledges, Basic Training, Arms/Armor: >pastebin.com/rMw4WbhX

Endware: Extra heavy armor for anons, by anons:
gitweb2zl5eh7tp3.onion

Cybersecurity essentials/resources/ >pastebin.com/SCUbhpjP
>pastebin.com/VTXRAPxM

Shit just got real:>pastebin.com/rqrLK6X0

The Old Skool; What we do, we do standing on the shoulders of giants:
>0ld 5k00l h4ck3rz: 67.225.133.110/~gbpprorg/#40

Thread archive:
>archive.rebeccablacktech.com/g/search/subject/cyb/
>archive.rebeccablacktech.com/g/search/subject/sec/
>archive.rebeccablacktech.com/g/search/text//cyb/ /sec//
Thread backup:
>cyberpunked.org/

Previous Thread:

Other urls found in this thread:

gist.github.com/Zenithar/f2052d4174f592e0083f
github.com/butteff/Ubuntu-Telemetry-Free-Privacy-Secure/blob/master/ubuntu_secure.sh
rtl-sdr.com/reviewing-the-pandwarf-cc1111-based-transceiver-for-rf-security-analysis/
gizmodo.com/putin-praises-patriotic-russian-hackers-he-definitely-d-1795720505
humblebundle.com/books/hacking-reloaded-books
m.youtube.com/watch?v=xava8FCQUn0
github.com/CaseAnon/Dump/blob/master/Links.txt
github.com/ytisf/theZoo
github.com/darkoperator/Meterpreter-Scripts/blob/master/auxiliary/scanner/smb/psexec_scanner.rb
github.com/PowerShellEmpire/PowerTools/blob/master/PewPewPew/Invoke-MassMimikatz.ps1
github.com/huntergregal/mimipenguin
github.com/zendesk/punchabunch
github.com/1N3/Sn1per
pastebin.com/yvTdhdjd
pastebin.com/Hd9BT17L
pastebin.com/4Ams27Z
pastebin.com/raw/0SNSvyjJ
pastebin.com/cRYvK4jb
vimeo.com/167411059
file.io/nbBu8c
mediafire.com/download/xvgjnq...iddler.rar
zempirians.com/ebooks/
cybersecuritybase.github.io/
mediafire.com/folder/y952n29.../Documents
mediafire.com/download/0i9b46...e-docs.rar
mediafire.com/file/02om55j9itey5x6/Perl.rar
mediafire.com/file/g83pv4ov2v...RedHat.rar
mediafire.com/file/j6bgke83y4...eering.rar
mediafire.com/file/zfnt7r9gkm...sembly.rar
github.com/onlurking/awesome-infosec
github.com/juandecarrion/awesome-self-hosted
github.com/paragonie/awesome-appsec
jivoi.github.io/2015/06/19/oscp-prepare/
jivoi.github.io/2015/07/03/offen...bookmarks/
github.com/kurobeats/pentest-bookmarks/
greysec.net/showthread.php?tid=1563
twitter.com/NSFWRedditVideo

1th

2rd? Is this a race now?

Will try some network setups maderas dumped some info in the previous thread gist.github.com/Zenithar/f2052d4174f592e0083f

If you guys have more info, do share.

I remember the old days on forums when being first meant a big epeen

>old days
it has never gone away

Whats SSH?

I haven't set foot on a forum in over a decade. I wouldn't know

Something you say to people being too noisy in the library

HAHAHHHAAHAHHAH!AAA EAT A COCK AFTER YOU SHIT ALL OVER IT!

That's just rude

This thread is off to a good start. Two first posters and a dickhead talking about cock.

It's amazing to me that opportunistic hacking still exists. After the Sony debacles, I thought people learnt how to keep skids out of their shit.

The Equifax incident is amazing. Absolutely amazing. They performed like amateurs, needing to run whoami after popping a box to see what the fuck they had even stumbled into.

It's kinda exciting. I thought when the Sony ones happened I wouldn't ever see another massive, simplistic hack again

>It's amazing to me that opportunistic hacking still exists.
The world has an endless supply of short sighted idiots so this kind of quite avoidable intrusions will remain until homo futuris has taken over.

Also keep in mind that we know of this story because t was published. In many cases companies will keep it secret. So we have no ideas how many truly massive security breaches there have been.

>So we have no ideas how many truly massive security breaches there have been.
Good point. I like it

Neurobump

Seems you forgot the FAQ and the FTP site in the intro.

Reminder that all of your attempts at privacy are useless and irrelevant if your device does not run a FOSS bootloader.

please share the FTP site of cyberpunk

i wanna ask you about libreboot, i saw the installation instructions. Can i run it if my hardware arent in the supported hardware?

no

>asking about visual appearance
The narc has become the narced.

I am glad anons are aware of the high probability of LE being present on this forum and or on this thread.

However, if you believe that I am a narc, then I am the GOD NARC, because I somehow constructed my work so that i got the approval of some pretty high visibility InfoSec professionals such as Weld Pond and The Grugq, both of.whom retweeted my work just a couple months ago.

Also, I haven't asked a single person here for shit, so I must be a Super +5 Psyop Mind Narc, focused solely on +5 Super Psyop Narcing the minds of those whose minds could be Super +5 narced due to their minds having been Super +5 narced by Super +5 mind narcs.

>In general, why would you ever want to add distinguishing characteristics to your appearance?

Because when your enemy dictates every consequence of who we are, then we have lost

You should remember that your disadvantages can harm an adversary and their foe (you, me, whoever) alike:If I do not know where you will move, or if you are unpredictable but I feign a weakness,or I if I make a weakness visible, I now know where you will move, or have an idea what you will do.

Once a foe deems your trait/circumstance a resource and begins to to conceptualize some gain from it, then you have suceeded in narrowing their focus...you now know what angle they will play.

Or, my tattoos are a no issue unless a persona I have states they have the same ink, You may infer any personas I may have (if I have any) do not have tattoos, but tattoos can vary enough (if you stay away from flash and only go custom) to be a safe prop for a persona's personality:if a a persona has a ink, and I state the design, and I have an idea as to how one may react, then the tattoo becomes a means of control.

For instance if a persona has a swastika you may think that person is an asshole, and a fed may waste time researching hate group affiliated hax0rs.

Fuck...I will make sure the FTP site is in their for now on....that is one of the most important resources we have.

ftp://collectivecomputers.org:21212/Cyberpunk/
user and password: guest, opetionally encoded in URL as
ftp://guest:[email protected]:21212/Cyberpunk/

Also note you are encouraged to upload.

Good to hear.

Got it to work - my flashdrive was the culpit.
Subgaph looks very promising so far, thanks for bringing it up

And for the record - If anyone tries to run Virtualbox - It's not compatible with grsecurity. It's even in the manual but who reads those anyway. They suggest to use QEMU

>You should remember that your disadvantages can harm an adversary and their foe (you, me, whoever) alike:If I do not know where you will move, or if you are unpredictable but I feign a weakness,or I if I make a weakness visible, I now know where you will move, or have an idea what you will do.
I can see the point if the tattoo is made with henna. Otherwise I don't really understand the argument. My thought was purely about identification but I am not sure what you mean by narrowing a focus.

>The narc has become the narced.
There he goes again, Maderas did it again. I think the user was referring to the user who was querying about your tattoos and not you, who goes off on why he's not a narc at every instance the word spook is spooken ; )
>Weld Pond and The Grugq, both of.whom retweeted my work just a couple months ago.
Time to get to work.
>The Grugq
>He вepь, нe бoйcя, нe пpocи
Based.

(cont.)
>Weld Pond
>The Grugq
Fuck, how do these guys get so good. I just read a bit about them and the blog posts of people they associate with and I was just blown off my feet. I just recently found my first zero-day in some improperly coded PHP app, but the stuff they're doing makes me look like a goddamn skid. What's their secret, maderas? I thought I was already at a high level and it's like I haven't even started the race ;___;

emergency bump

does anyone know a yubikey-like device with storage capabilities?
That'd be quite useful

Seems the FTP is down, just as I was to upload pic. This has happened before, took a few days before it returned.

There is also a Books folder with many interesting books relating to software, reverse engineering etc. Whoever uploaded it was fairly systematic in his library.

Also, anyone other infographics out there to be added?

thanks for posting

I need advice: I'm currently reorganizing my email accounts and I need to figure out what absolutely needs to be moved away from gmail.
I'm not that scared about google reading my personal stuff, I just don't want them to collect data about me for the botnet

Hello guys, can anyone clear up the whole Canonical (Ubuntu) spyware/telemetry thing for us?

Is there anything in Ubuntu that would compromise a users privacy that isn't in Debian/Arch etc?

I'm talking the base distribution, not the Unity desktop.

Thanks everyone

I don't think Ubuntu gets audited and I doubt anyone here knows enough to audit the source code themselves

>knows enough to audit the source code themselves

wrong.

The thing is, no one has the time / inclination to do it unless theyre paid to do it or looking at a specific peice of software for one reason or another.

Not many people just go home and start reading source code or fuzzing random shit.

there's quite a few packages that spy on you - namely the Zeitgeist ones.

found
github.com/butteff/Ubuntu-Telemetry-Free-Privacy-Secure/blob/master/ubuntu_secure.sh
which looked good on the first glimpse but made me rage at
sudo apt-get purge -y xserver-xorg-video-vmware # Can be used for virtualization [potential problem]
sudo apt-get purge -y openvpn #bad software can use it for proxy servers connections [potential problem]


but, as the others pointed out, there's no way of guessing what they hid in the binaries

It seems these are Unity specific? I could be mistaken.

looking through the list, I found at least apturl and snapd to be canonical crapware

Next neon sign design: applel 80's aesthetic logo.

This time I'm going to document it so people can make them if they want.

What's the black stuff for?

=== /sec/ News

>REVIEWING THE PANDWARF: CC1111 BASED TRANSCEIVER FOR RF SECURITY ANALYSIS
rtl-sdr.com/reviewing-the-pandwarf-cc1111-based-transceiver-for-rf-security-analysis/
>The PandwaRF (formerly known as GollumRF) is an RF analysis transceiver tool that can be very useful for investigating ISM band devices that communicate with digitally modulated RF signals. It can be used for applications such as performing replay attacks, brute force attacks, and other analysis. The RX/TX frequency range of the device is from 300 – 928 MHz, with a transmit power of up to +10 dBm.

Those are backers. They hold the diffusers in place and the lights. Not only that but they give the light some depth.

Taking action always creates blindspots, because taking action means focusing attention on the means /mechanisms by whihc that action is achieved.

ANy action creates a blindspot, but those who would strike at that blindspot need to be ready to act.

If you are caught flatfooted, all there is left for you is luck...You could take a billion insane actions against me: send me poop, jumpkick my dog, suplex my mom.

But if I have examined myself and my mission, if I have built my contingencies and am prepared before I take the field, then my weaknesses are pretty predictable...if I act cautiously and have trained/have the proper amount of experience for the operation, then experience should give me a good idea of what disadvantages my actions will create.

Whatever I reveal on here is thought out and part of a plan, because I have a framework in place. I want to contribute the system to the community someday...if you are prepared, nothing you reveal means anything unless it can be tied to a persona you are operating with.

For example:

Yesterday when I was asked if I was tatooed, I answered with a nonsense answer...A response came, I saw the sentence began with a derogative ("You're a pest"..).an evaluation of how I act here may have told a fed that I was eager to help, and that a derogative maybe more likely to spur me to respond...I did respond, but only because I was interested to gauge the response...so I responded, and there was no answer.

The sacrifice of intel was worth it, and I sacrificed somepoints to try and flush out an enemy...I likely won't take the gambit again, but I have prepared for this for years and am curious if my assumptiosn are correct.

(cont'd)

But really, if a persona is being used whenever you operate, then you should have developed it with another persona over a period months or years.

That persona has a persona has a persona creating a persona; your OPsec is ok when you have creating an operator persona who is at least five personas deep.

I don't think you can safely operate without a framework of defenses and contingencies anymore.

Me? I know who I am. I'm a dude playing a dude disguised as another dude...

>Hackers are free people, just like artists who wake up in the morning in a good mood and start painting a painting. Likewise, hackers get up in the morning and read the news about what’s happening in international affairs. If they feel patriotic, they try to make what they see as a fair contribution to the struggle against those who speak ill of Russia. Is that possible? Yes, theoretically possible.
Land of the free am I right, fellow burgers.
gizmodo.com/putin-praises-patriotic-russian-hackers-he-definitely-d-1795720505

Yeah I mean to go in there...but I am super busy and I have a pretty good idea I would not leave for for hours...maybe days

Who misses work because he is working and works through work...this guy right here...if I fond something that interests me as much as that FTP, everything else is fucked.

Wow....

Man, its fucking tough to be patriotic right now...yeah I am aware of Putin's human rights issues and Russia's problems...

But fuck...the closest we have gotten to Putin
comments was maybe The L0pht testimony, and that was the fucking 1990's...

It's pretty fucking depressing to love something that hates you.

Yeah, like I mentioned in one of the threads, your VM options do not iclude VirtualBox and maybe VMware, but I could be wrong.

I really like SUbgraph though....throw a VPN and something like antergos VPNfirewal in therel, maybe portions of ENdware and RK Hunter and you should be good.to go.

There are people in this thread who've straight up said they aspire to work for the spooks. If you're really worried then leave this thread, it's probably already infested

>You could take a billion insane actions against me
>send me poop,
> jumpkick my dog,
> suplex my mom.

Im fucking dying over here

>so I responded, and there was no answer.
Oh my bad, I put up the photo I thought was your tattoos, you didn't respond to it, so I assumed the matter was dead

>people
*spooks, is only logical they publicize themselves here

>Me? I know who I am. I'm a dude playing a dude disguised as another dude...
Are you fucking kidding me bruh

I love tropic thunder so much.

Christ, I wish you were real so we could be friends

hello fbi how are you

I am good fellow netizen.

Are you following correct left wing protocol and policies? Have you disabled the encryption on your drives? You know only nazis use encryption.

You're not a nazi are you?

I'm behind six fursonas I'm not worried about nothing.

Yiff yiff.

Cyber warfare.

>left wing protocol and policies?

If you don't think the SJWs are a government psyop you aren't paying attention.

whose acting more Orwellian; the right who just want a place to put their hatespeech (it's still free speech and it still deserves a platform) or the left who are trying to eradicate it entirely, censor it completely and adjust history to their liking?

I witness enough in these years to understand "SJW" itself is "newspeak".

Hahaha...Thanks mang!

The mystery is solved.

Info dump coming up everyone....Got some good stuff for the thread.

i dont like the term SJW.
just call them what they are. progressives. or regressives if you really want to use an insult.

I was about to clear some misconceptions, but then I realized the spook always present will stir up division no matter what.

Left, right, it doesn't matter. We can't make politics without being sabotaged.

>I realized the spook always present will stir up division no matter what
You can't run from me

Anyone have humblebundle.com/books/hacking-reloaded-books ? Could you put them in a megaupload link if possible?

>He thinks that sjw's are left-wing.

Many lols, sir. SJWs hate actual communists because we don't generally give a shit about the gender-based struggles of rich white prople.

Bump for this

>SJWs hate actual communists because we don't generally give a shit about the gender-based struggles of rich white prople.
If they don't give a shit, why do they complain what rich white people are the devil

That sounds like something a communist would say

just look them up on libgen or something.
theyre probably all on there.

They say white people, primarily men, are the devil. They are fine with rich people. For instance, SJWs love Lena Dunham and Hillary Clinton.

>They say white people, primarily men, are the devil.
Always reminds me of

m.youtube.com/watch?v=xava8FCQUn0

How can I achieve this effect or similar with raw footage. Is there away to distort raw data to cause fractal noise without relying on an after effects script or something. I've done the audacity trick with raw photo data, could it work the same for video?

Has anyone here taken OSCP? What prerequisite knowledge should you have besides networking, Linux, and scripting?

This doesn't look distorted. It's not random enough, and it's very consistent. If this is the look you're after, you're gonna need post processing tools.

Fucking with the video in audacity will produce results, sure. Not the results you want though.

almost looks like a filter over caca

I haven't but I'd like to eventually. Trying to fix myself so I'm not always exhausted no matter how much I sleep, though. I have the textbook (From 2014, at least) in pdf form if you want it. Don't know if it has been updated.

hey maderas, and anyone else in here that's in the game;

How'd you get your first job in security? Did you grind at a soc or is that shit for chumps? I've been doing a lot of looking, and this isn't something I EVER see junior roles posted up in. Junior sysadmin, junior devs, junior network engineers, junior desktop, but NO junior security.

The descriptions all say you need to know how to pen test in the environment before applying. Well how the fuck do I get that experience if there's no junior roles? I mean bouncing shells around my lab is good and all, but if my degree in IT didn't do much to fix the experience gap I have when applying for IT roles, how wood certs fix my experience issues in a regimented area like sec?

I dunno I guess I'm just feeling a little in a rut. I've thought about kicking off a side business, where I offer pen tests to SMEs, but this then brings two questions

a) is this actually legal
b) is anyone who runs a small operation going to give a single fuck and actually take me up on this

> and this isn't something I EVER see junior roles posted up in. Junior sysadmin, junior devs, junior network engineers, junior desktop, but NO junior security.

I think this is because having any idea about security stuff requires knowledge of being a sysadmin, a network engineer, and a developer, so you're not really "junior."

I don't really work in security specifically. I'm a network engineer, but I'm generally the one called if there is a security problem on our network, one of the other engineers has a security question, or so on. I think this is how some people transition into an explicitly "security" role.

They've probably updated it by now. Like eLearnSecurity, I assume OffSec updates their course materials periodically.

I might look around for a more current PDF, but I'm pretty busy with school + work otherwise I would probably attempt the course.

Yeah, I would hope so. I haven't been able to find it unfortunately.

On that note, if anyone has taken it recently and wants to post the textbook I will give you many (you)s.

Fuck this guy, I'll gladly take the old version too!!

Junior security roles want you to know networking, Linux and Windows, security fundamentals, and scripting/programming is a plus.

Otherwise, you're just a SOC ticket monkey looking at alerts in a SIEM. Not knocking anybody that works in such a role, it's a way to get your foot in the door.

Watch the videos, learn all the things:github.com/CaseAnon/Dump/blob/master/Links.txt

I bring my computer to pet the animals:
github.com/ytisf/theZoo


Loud, big boom weapons...

The hacker equivalent of the Conta Spreadgun: github.com/darkoperator/Meterpreter-Scripts/blob/master/auxiliary/scanner/smb/psexec_scanner.rb

Got some privileged access? Let's rain katz;
github.com/PowerShellEmpire/PowerTools/blob/master/PewPewPew/Invoke-MassMimikatz.ps1

A cat dressed as a penguin: github.com/huntergregal/mimipenguin

Quick SSH bastion hosts: github.com/zendesk/punchabunch

Barrett 648 of scanners (loud, powerful): github.com/1N3/Sn1per

Part of the reason I think they narc the hacker community so hard is fear...I really believe that they know that if every hacker and security researcher in the United States decided to join forces right now and change shit, shit would be changed...net neutrality would be a non-issue fight a guerilla war against the cable companies that made fighting for it unpalatable

Humans are fallible...and no matter how powerful their computers are, three letter agencies have humans making the decisions drawing conclusions from the intel... have you heard about them catch anyone who didn't make an immensely stupid mistake with those milions or billions?

pastebin.com/yvTdhdjd
pastebin.com/Hd9BT17L
pastebin.com/4Ams27Z

At this point in history, if every hacker/security researcher in the USA decided to unite,that group could constitute one of the most powerful forces in human history.

Some of us would probably get a laser guided Hellfire sent up our ass by a Predator Droid...some of us would go to jail or have
accidents....but shit would change:

Study the work of your peers:
pastebin.com/raw/0SNSvyjJ
pastebin.com/cRYvK4jb
vimeo.com/167411059

Any idea when the site will be back up?

Here you go. Couldn't upload it here since it's too big.

file.io/nbBu8c

I'm doing the Flare-On CTF, still kind of a newbie when it comes to reversing though. I'm pretty stuck on challenge #7. Has any user made it past #7 that would be willing to share a hint?

Education: Let's get dangerous...

mediafire.com/download/xvgjnq...iddler.rar -- Fiddler

EBooks
zempirians.com/ebooks/

Hyperboluc Time Chamber
github.com/CaseAnon/Dump/blob/master/Links.txt

cybersecuritybase.github.io/ -- Free course series by University of Helsinki in collaboration with F-Secure

mediafire.com/folder/y952n29.../Documents -- 160 books on security stuff

mediafire.com/download/0i9b46...e-docs.rar -- Useful PDFs about a huge amount of topics regarding hacking, extracted from repository.root-me.org

mediafire.com/file/02om55j9itey5x6/Perl.rar -- Perl documents

mediafire.com/file/g83pv4ov2v...RedHat.rar -- Red hat documents

mediafire.com/file/j6bgke83y4...eering.rar -- Reverse Engineering

mediafire.com/file/zfnt7r9gkm...sembly.rar -- Assembly

github.com/onlurking/awesome-infosec -- A curated list of awesome information security resources

github.com/juandecarrion/awesome-self-hosted -- A curated list of awesome self hosted alternatives to cloud services.

github.com/paragonie/awesome-appsec -- A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.

jivoi.github.io/2015/06/19/oscp-prepare/ -- OSCP Prepare
jivoi.github.io/2015/07/03/offen...bookmarks/ -- All you need to pass OSCP

github.com/kurobeats/pentest-bookmarks/ -- A collection of handy bookmarks

>F-Secure and University of Helsinki

Based Mongolians

>Helsinki
>Mongolians
U wot m8?

Great stuff man, many thanks.

Also bump

I had a very successful career in another field, but I wanted the IT teams job not mine.

I had been playing with sec tools and teaching myself hacking/pentesting type stuff back around/between 2005 or 2005 I think...I had Knoppix STD on a 700 mb pen drive....

I would practice running tools against the network of that first job I spoke of...I would also do network security type stuff for free...the company had almost no security in place except host AV, so the owner didn't care what I did as long as nothing broke..

Back then, it didn't seem like you could get a pentesting job without networking or knowing someone, and I wasn't that keen on knowing anyone yet (I was pretty antisocial back then; also I had thought I might go blackhat).

So I got other paying jobs doing sec stuff through networking and the owner of the company at the prior job i mentioned..

Also, Google and a few other other companies started a bug bounty program around 2006 -2007 I think... so I took full advantage of that as well (it gave me a chance to attack the enterprise networks of a huge corporation).

Eventually I wanted to jump to full IT, because it was almost 2011 and security work was becoming more plentiful, so I took a helpdesk job for a pretty big pay cut...they saw I had some network security experience and moved me to a junior netadmin type job, mainly working with Active Directory and their Unix/Linux machines

A huge client demanded they have a Network Security Analyst on staff. who had pentesting/vuln assessment experience; (being cheap fucks they chose me), so less then four months after starting as helpdesk they gave me another shit raise and promoted me again.

I began doing remote pentesting and bug bounties on the side wjhile I worked there for years; eventually I left and found my current job.

they're mongolian rape babies everyone knows that

I have done contract work for a bunch of the SOC farms before they started their own pentest puppy mills (Nessus and Qualys scans are not pentests, fuckers) in the last couple years.

If you look at the arsenal, armory and library paste, the knowledges section has the exact knowledge one of the larger SOC companies out there.

I can answer more of your question in a bit.

>I would also do network security type stuff for free
>I can answer more of your question in a bit

I think you already did. I guess that's the way. Volunteer

Hi, some of the links seem... shortened (particularly, the mediafire ones), can you repost them?

c'mon - 15$ isn't that much.
The books are really worth it

greysec.net/showthread.php?tid=1563

specifically the
=== Other Resources ===
section

Many thanks.

Have a last bump before bedtime.