/cyb/ + /sec/: "It's too bad she won't live...but then again who does?" Edition

>Poweredge R710
I thought those were really noisy.

I have a few servers that are noisy and keep them in the basement. I have a few HPPA machines I am about to boot up. Old can be safe as in no backdoor. Perhaps.

We never concluded on /cyb/ servers. That might be a topic to keep us alive over the night.

Nice work man, have a bump

downloads a virus don't run this

that OP imagen is using jp2a?

look so nice

Is I2P Alive, or just kiddie porn?

i was setting up a new dc for my lab last night, and spinning up some fresh clients to hang off the domain.

i was going spastic trying to workout why the clients would not reach the dc, and then it occured to me they were trying to reach it using ipv6.

why the FUCK does windows prioritise the v6 adapter over the v4? as soon as i disabled the v6 adapter, everything worked FINE.

Shit user your right...I was looking at the Poweredge on the table beside me when I wrote that at work and got Poweredge on the brain...my server closet/case (it is large, but has doors that do not stay open with the sharpest fucking corners ever) is stacked with 5 or 6 HP 380 Gen7s, and some switches..

My company just started really investing in security a few years ago, and that hasn't really trickled down toward my lab yet, so I am stuck with hand me downs (though I don't give a much of a fuck, what I have is better and way more fun then nothing).

The unofficial/official rule for the sublevel is that any Proliant/Poweredge servers have to run in a cabinet or server closet..

The level I work on is full of greybeard engineers and devs, and they despise noise...most chucked their Poweredges and Proliant for the HPZ440s and above with max or near max specs (Dev and Engineering get all the good shit while I wait for what ends up in the crate in the halls between labs).

So I have a lab full of their scraps...the HP 380's, multiple PrecisionT3500's , the Poweredge 710, HP Proliant 380s, 2 x HP Z440s and a couple other HP workstations in a current test config...

I am thinking of either taking the Poweredge 710 home for hosting/the community pentest server (it is already set up with Vmware/ESXi though I think I may go with Proxmox if possible)...

I also have a Proliant 350 G6 that I can take home to my lab to use for the community pentest lab/hosting...we can only have machines like this after the drives jhave been destroyed...I was able to scrape together enough spare drives for the Poweredge, but the Proliant G6 is bare...

Somebody pls respond:

post some aesthetic shit

...

>assetised equipment
>underfloor patching

this is someones workplace.

rogerwater.world/

Redundan layers of privacy/anonymity always:

VPN provider claiming no logs has their logs used to bring stalker to justice

bleepingcomputer.com/news/security/cyberstalking-suspect-arrested-after-vpn-providers-shared-logs-with-the-fbi/

Further proof Trump is a jackass (I am apolitical as I think both parties are disgusting for the most part, but facts are facts):

Trump/DOJ looking to pass measures that would brand weakened encryption "responsible encryption":

arstechnica.com/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/

i love the examples of "responsible encryption" they give.

yeah cause a simulcast transmission is really an alternative to encapsulation inside a tunnel. what the fuck is this dickhead even saying? how is that even a form of encryption?

its responsible because it beams from the source to myself and the feds at the same time?

fucking WOW thanks obama

Super interesting read in how an escort service has advanced Tor Hidden Services/Hidden Service OpSec:

medium.com/@PinkApp/pink-app-trading-latency-for-anonymity-and-other-techniques-815ee21c6da4

>i love the examples of "responsible encryption" they give.

It is fucking terrifying, not only in the moral/ethical considerations surrounding privacy/anonymity, but also due to the severe weakening this will have on security posture of the average United States citizen.

Of course, most big businesses will probably be spared his indignity, so the little guy will be an ass and mouth representation of a finger trap.

How Companies Use Personal Data Against People

Automated disadvantage and personalized manipulation? A working paper on the societal ramifications of the commercial use of personal information, with a focus on automated decision-making, personalization, and data-driven behavioral change.

crackedlabs.org/en/data-against-people

A thousand years of stupidity and darkness; or, wasn' it freedom that made AMerica great?

USA Liberty Act: Government's attempt at indefinitely enabling the patriot act. Call your representatives now and tell them that this is unacceptable.

judiciary.house.gov/wp-content/uploads/2017/10/100517-USA-Liberty-Act.pdf

This is pretty damn amazing.

>Of course, most big businesses will probably be spared his indignity
i dont believe so tbqh.

who better to hoover up data from than the ones collating it in the first place?

of course they want to ram their ignorant fists into businesses asshole; this whole thing came about from apple defending our right...thats certainly a sentence i never imagined id be writing...

apple; defenders of freedom. they deserve to rerun the big brother ad..

Fuck, had the name from the last time I shitposted.

when you said any woman who comes into your office will get raped?

No, it was something about the smell of dicks in the morning.

How many people larp as maderas?

this is stupid but it's doubtful that anything will come of it. banning encryption isn't even possible.

I wouldn't know, I just did it once, about 2-3 threads ago, don't really post much. So considering there's another one, at least 2.

Aw shit, it's my man
track3.mixtape.moe/iefciu.webm

What is OuterHeaven?

Go play Metal Gear Solid.

a safe place for those the government wish to abuse, suppress and oppress.

i want to POUND an anime

ok, but what is it specifically in regards to what OP mentions being ready next wednesday?

a hidden bbs we can use. this place isnt the most secluded or private.

I use an ancient Pentium III dell for my home VPN server, only because that's what was available. Does everything I need it to do (or at least it did, before I fucked up the config), but it's defintely not scalable for new projects with larger tasks.
I haven't had the time to get things working again with it. When connected to it my client is somehow limited to a select few sites. It seems like the problem is that winblows refuses to have its default gateway changed, but at this point it's more likely that I'll fiix the issue by making a full switch to Linux.
What do you guys use your servers for?

Nothing amazing about this, they came up with a simple Tor abstraction, and are hyping it to the max, basically making the exact same mistakes every other criminal has done since Iceman which is flaunt your criminality in the face of feds by writing long medium posts or talking to journalists and bragging.

I'll try here too, just for redundancy

How does someone with next to zero programming experience get into wargames/ctf?

Hey goys! 4chin isn't safe because anybody can read it! Instead come to my """private""" bbs I guarantee total privacies!

The best phony 'private' forum was that illegal card fraud forum where you needed to have the cert just to connect to the server, then of course somebody just stole and leaked the cert and their entire db of posts were everywhere

Take a simple systems course to start, lectures are on youtube cs.cmu.edu/~213/schedule.html

i dont want "total privacies", i want to get away from retards such as yourself.

>cyberpunk thread
>using a proprietary pastebin service

Thought I was schizo for a sec...

Excellent points....the reality that a very tiny minority of Americans are going to give a fuck about this is the most terrifying part...

It seems that rancid political systems always further a state of control even when jackasses are in charge...it is like the banking system: rigged...they will always be at 1 and we at 0 for as long as we play their game.

All we can do is fight/resist in the manner our conscience can bare; personally, if I really stop to long to think about this shit I will sink to my death in this sewage.

So I prefer to fight.

WHat the fuck??!?!!?

Hahahaha...fucking Sup Forums!!!!! I love it!!!!!

It was me up to the insanity above me....hahaha....

Just the idea that it would be put forth as any attempt at law is enough...especially if criminal charges are attached.

Human history is full of gradual slides into insanity that seemed unrealistic at first.

Multi-Form Technique (四身の拳, Shishin no Ken, lit. "Fist of Four Bodies")

>track3.mixtape.moe/iefciu.webm
That animation is so fucking sharp...what is it about anime from that era?

And...We are all the Midnight Eye...we are the terminals...

An act of defiane on my behalf, but a refuge of resources I am making available to any who wish to use them (or collaborate to add more) for whatever means they will (within reason)..

Every user who gains Infosec skill can improve the system: whether they get a great job with a financial security their education or life circumstances shouldn't have afforded hem, or they go blackhat/greyha/black...

Cybersecurity skill is now power, and I want to give the power to as many anons as possible.

Thank you for recognizing this

.Yes. Thank you. Multiple other services should be available shortly after as well..

You can do beginner CTFs without a ton of programming knowledge as long as you stay away from things like reversing challenges. Most of the noob friendly ones are designed around using publicly available tools. Eventually though you really will need to learn how to program if only to make your life easier. As an example I just had to generate 10,000 hashes to figure out a password for a challenge. I was able to get it done in a few minutes with a quick python script as opposed to god knows how long it would have taken by hand.

been skipping last few /cyb/ threads, but it's good to see it alive and well.
thanks to maderas for all the stuff done/posted

I use an old Dell 4700 with 512ram for omething similar.

I like that the rticle points oward furthering the Hidden Service model...I can give and take the rest.

We'll see...I am not to concerned about it though....The good thing about the format I have chosen is i can be burt to the ground and raised again on another Bulletproof hos in no time....this contingency is already in place.

Also, Citadel has features like a timed purge and network connetion to other nodes via rooms that make this especialy convenient...i.e., move anons. purge Citadel...or move the main Citadel around daily through any of a dozen hosts since he software and configs are so light.

That is about%10 of the contingency perhaps. I would not invite my friends and family to a death trap.

Thank you.brother.

Any materials in Pastebin currently are temporary...I am doing quite a bit just now.

You are most welcome.

This place is awesome, and I just need t ensure that the fire is carried forth to be lit agin.

Wen the fire goes out the darkness comes...then the fear and ignorance.

I see great things in the DNA of this place, and I cannot wait to see how it evolves.

Military security should be pretty safe from the threat of offshoring.

And then we get this gem:
>Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack
zdnet.com/article/secret-f-35-p-8-c-130-data-stolen-in-australian-defence-contractor-hack/
>Around 30 gigabytes of ITAR-restricted aerospace and commercial data was exfiltrated by an unknown malicious actor during the months-long 'Alf's Mystery Happy Fun Time' attack.

Combined with the massive leak at L-M one just have to assume most about F-35 is compromised. The enormous complexities will make any fixes very hard. Could this be the reason why F-35 is supposedly operational yet not used on the battle fields?

>zdnet.com/article/secret-f-35-p-8-c-130-data-stolen-in-australian-defence-contractor-hack/
>admin:admin
what the FUCK

i have no idea which company this was, but christ on a fucking bike mate.

another user, been thinking about that aswell.
But waht happens when you retire or puikc another job?
Your skills are considered a weapon, it's safe to assume you'll have your steps watched.
I'd rather not have my name on any lists, that's why I'm staying away from infosec biz atm

Kind of sucks I'm in Canada.

I really need to figure out a good way to immigrate to the states from this... rapidly deteriorating shithole.

Anyone have a guide on how to identify native languages based on writing style?

Cyberpunk discord by any chance?

uh, no thanks sweetie

Anyone recommend me some Cyberpunk literature? and with a possible mega link to them?

Yea, I can see a market for security auditing coming up.

>Anyone recommend me some Cyberpunk literature?
The FAQ covers this extensively.

It'll be handled internally by the ASD, and someone will report to ASIS for why the fuck they let it happen. It'll be an enormous internal shitfight, and it'll be happening very quietly.

Given US tech was copied I am pretty certain US agencies will also involve themselves. I am not sure the US side will be equally quiet.

bump

That's not how it works. Boeing, Lockheed, Leidos, Fujitsu all work here under Australian subsidiaries. The work they perform, is for their Australian branches.

It's no more "American tech" than the maccas down the road sells "American products"

>The work they perform, is for their Australian branches.
Sure. However to get the job done they typically receive documentation that are secret. These things can be for interfacing US products to national infrastructure.

Then again, how can you be sure these are not sub system suppliers making parts for the US companies? Offset agreements are the norm in defence procurement contracts.

>However to get the job done they typically receive documentation that are secret.
Certainly not classified secret, no. The restricted and secret networks are heavily audited, monitored, and locked down to prevent this from happening. A lot more than 50 people would have been affected if the DRN or DSN were breached.

The TS networks dont touch the WAN, so the point there is moot.

>how can you be sure these are not sub system suppliers making parts for the US companies?
I certainly cannot.

Until the name of the company is released, I have nothing more concrete to add to this, really.

I myself have never seen offset agreements as you call them; perhaps they do indeed exist, I have never come across them.

bump

>3 years of CRUD development
>OSCP cert

I should be able to get a job with this, right? And OSCP should take no longer than 6 months to study for?

A lot of these fuckers have no coding skill at all

concise-courses.com/oscp-certification-advice/

>I myself have never seen offset agreements as you call them; perhaps they do indeed exist, I have never come across them.
I used to work in a defence contractor and those were common. Hugely expensive projects such as F-35 involve such contracts which is why you find contractors all over the world. F-16 also involved such contracts and to supply the parts you did necessarily get information.

This question comes up in just about every single thread and the answer remains the same: it has massive security risks.

>One person managed all IT-related functions, and they'd only been in the role for nine months

This kind of stuff happens way more often than the public thinks.

And honestly, I hope contractors continue fucking up so every major company is immediately suspicious of them. Most of them make way too much money for as incompetent as they are.

New netrunner thread

I asked in /fglt/, but I'll ask again here. In GNU/Linux, how do I completely strip a program of its ability to go root if I don't trust it and want to ensure if it was malicious it couldn't do any real harm? I know openbsd has privilege removal that is used with chroot, but what is there for GNU/Linux.

Make sure the binary is not suid root
linuxnix.com/suid-set-suid-linuxunix/

you could use firejail, a VM, some old laptop.

Permissions, ID permissions, hardened/selinux patches. seccomp implementations (like firejail). I could have sworn they had something else on syscall restrictions but I don't remember what it was called.

How bad of an idea is to use a popular hosting (e.g. DO) to host my own VPN server and seedbox? Do companies like these care whether you use their services for pirating? What the alternatives? Dedicated VPN/seedbox services?

Find some domains/sites (all precautions to protect your browser should be in place) slinging porn/malware (etc.), and see who hosts them.

SOme hosts may only tolerate adult content, but find enough of these sites, rent enough VPS/services (I say sample by renting the lowest cost offer), and you will build a fine list of bulletproof/shady hosts for all types of hosting.

I'm a bit confused, is suid and sgid supposed to be the same thing as regular RWX permissions or is this an entirely different thing?

They're a special case. SUID/SGID programs run with their owner's permissions instead of the current user's permissions. It's useful for isolating services from users without giving them increased permissions.

So sudo would be an example of SUID to run any program as root?

:^)

yep but you don't have to give it ROOT permissions, it uses the OWNER's permissions which can be a specific user running another user's programs or something like a traceroute command being owned by the network group. It exists solely to stop you from adding users to additional groups that have larger scope than that one command.

Alright, I think I'm understanding how SUID works. What if a privilege elevation exploit happens for a program, would removing RWX permissions for all but a non root user stop it?

if they can't run it they can't exploit it but good luck with all that

>Many are huge whitehat/pentester resources. Be warned, they may turn you into an idiot
what did he mean by this.

discord.gg/chPZsVR
Attempt at a cyberpunk discord

Gracias .

From what I read fromthe thread, I believe the devs may have abandoned the project...I hope this isn't true.

If it is, I hope someone will pick up the flag and run with it....wave it from the highest hill (the flag not your schlong...or maybe wave the flag at anons and scchlong at theauthorities that wouldcage our freedom)..

We must fight for each other.

IIRC the developer should hopefully complete a text refactor or some shit like that and then development will continue.

OuterHeaven may have encrypted , opensource XMPPwhich can be integrated through CitdelBBS...it depends on whether the community wants to use this functionaliy or not.

Excellent. Thank you for the update!!!!!!

I am a fan and busy with so many things that I need to focus my attention or nothing will get done.

How do sysadmins keep rogue devices off of their internal networks (e.g., some guy walking in with a laptop and connecting via ethernet)?

Point me to some devices/software as an example.

I know IP4/IP6 comes from DHCP and that can be done from CISCO routers/hubs, but I'm not sure about strategies or tools beyond that.

there will always be idiots that will leave their computers unlocked or let anyone who claims to be a maintenance worker look through company files on it. Other than that, make sure employees that leave the company have their old port's removed from the vlan and most importantly send out some sort of security lessons for employees to do.

tldr: focus on solving error error id10t