/cyb/+/sec/: Cyberpunk and Cybersecurity General

/cyb/ + /sec/: 2019 Detective Special Model CS Edition

All resources from past threads (paste and comments) will be present at OuterHeaven by 11:59pm, 10/18/17.

Infosec questions: building an obsessive need to find your own answers could be a key for more than one chain.

Ω All are welcome here; the world is fucked and we are all in this together.

◙ Cypherpunk Manifesto >>activism.net/cypherpunk/manifesto.html
◘ Cyberpunk Manifesto >>project.cyberpunk.ru/idb/cyberpunk_manifesto.html
∆ Hacker Manifesto >>phrack.org/issues/7/3.html
± Guerilla Open Access Manifesto >>archive.org/stream/GuerillaOpenAccessManifesto/Goamjuly2008_djvu.txt

▓ Fables, realities, prophecies and mythology of a community:

░ What is cyberpunk >>pastebin.com/hHN5cBXB

▀ The importance of a cyberpunk mindset applied to a cybersecurity skillset.: >>youtu.be/pcSlowAhvUk

Cyberpunk directory: >>pastebin.com/VAWNxkxH

Cyberpunk resources >>pastebin.com/Dqfa6uXx

Cybersecurity essentials/resources >>pastebin.com/SCUbhpjP >>pastebin.com/VTXRAPxM

Cntrl + F Basic Knowledges, Basic Training, Arms/Arm >>pastebin.com/rMw4WbhX

Endware: Heavy armor for anons, by anons >>endchan.xyz/os/res/32.html

Netrunner: anons are creating Miracle Shoes when few seem to give a fuck ⦿ Shit just got real: >pastebin.com/rqrLK6X0

0ld 5k00l h4ck3rz; we stand on the shoulders of giants >>67.225.133.110/~gbpprorg/#40

Thread archive
>>archive.rebeccablacktech.com/g/search/subject/cyb/
>>archive.rebeccablacktech.com/g/search/subject/sec/
>>archive.rebeccablacktech.com/g/search/text//cyb/ /sec//
Thread backup
>>cyberpunked.org/

/cyb/ FTP
ftp://collectivecomputers.org:21212/Cyberpunk/
user/password == guest

Other urls found in this thread:

youtu.be/4cOeqD80gzY
en.wikipedia.org/wiki/List_of_emerging_technologies
bleepingcomputer.com/news/hardware/researcher-turns-hdd-into-rudimentary-microphone/
youtube.com/watch?v=PHMzCpy0fXc
youtube.com/watch?v=49vZhQlAEyk
youtube.com/watch?v=_WTBkj8gFfI
youtube.com/watch?v=i8JBUktSxvQ
deepspec.org/page/SF/
medium.com/@homakov/why-it-sucks-to-be-a-security-researcher-8a1d17fbffe8
riseup.net/en/security/resources/radical-servers
autistici.org)
aktivix.org).
youtube.com/watch?v=fVKeJ1vGNfo
youtube.com/watch?v=HHgxOXEQaFU
blog.talosintelligence.com/2017/09/brazilbanking.html
en.wikipedia.org/wiki/Glass_house_effect
youtube.com/watch?v=T1UqATi8AH0&feature=youtu.be
twitter.com/NSFWRedditGif

2019 Detective Special Model CS being fired in real life; the prop used in the original Bladerunner consisted of one actual firearm and rubber rep.

The actual (not rubber) weapon was built from multiple other firearms.

For comment above (forgot link):
youtu.be/4cOeqD80gzY

Future tech in varying degrees of development..

SOme pretty awesome stuff.cyberpunk wise...

en.wikipedia.org/wiki/List_of_emerging_technologies

Pasta gets better, good job.
>anons are creating Miracle Shoes when few seem to give a fuck
True, lets support netrunner.

HDDs can be disabled via soundwaves

bleepingcomputer.com/news/hardware/researcher-turns-hdd-into-rudimentary-microphone/

Thanks user.

user for user projects are the extremely important.

I hope to be able to support some/provide some at Outer Heaven.

This place will always be basecamp, so I am trying to adjust the paste...we will get their eventually.

I FORGOT TO LIST THE LAST THREAD:

>.62859380
>.62859380
>.62859380

Looking forward to OH, cool name and I am sure is the ground for serious talk. I bet longer conversations take place. Endware and NetRunner need a place like this.

What's going on with that Cyberpunk game? I keep seeing half thoughts on Sup Forums but dunno what the hell has happened since shit was stolen

I I think its going to be good....it is the next necessary step I think.../cyb/+/sec/ will be a good basecamp, and OH will allow a greater degree of interaction between anons while providing us n environment we have control over, unlike 4chinz under Hiro...

I think I trusted Moot about as much as I can trust someone else with content that is important to me...OH returns it back to us and transparency.

It will be as democratic an environment as possible, the users, the community and the fruit of their interaction are what matter.

Fluke - Atom Bomb
youtube.com/watch?v=PHMzCpy0fXc

Boys Noize - Mayday (Snowden O.S.T.) (Official Video)
youtube.com/watch?v=49vZhQlAEyk

ADAM FREELAND - WE WANT YOUR SOUL
youtube.com/watch?v=_WTBkj8gFfI

Atari Teenage Riot - "Revolution Action"
youtube.com/watch?v=i8JBUktSxvQ

beat level 2 of leviathan on overthewire all by myself. feel really proud

also thinking of going to see blade runner 2049 alone tomorrow bc no mates

Congratulations man!

Go see it alone. I went by myself a couple of times, and only got annoyed when a rather large pack of teenagers spilt the soda on the floor and began laughing and making noises. If you're lucky you'll have pretious silence to enjoy all the details of the film.

Nice to see some icons and changes in the OP, but no link to last thread REEEE

Hello everyone, I have been lurking these threads for a short while, and I have a question.

Could someone please explain to me why "/cyb/" and "/sec/" were merged into one thread? It seems to me that cyberpunk discussion is vastly different from infosec discusion (which I envision as being a more security-focused version of /dpt/).

While I understand the role technology plays in cyberpunk fiction, is it really similar enough to "/sec/" to warrant merging the two?

Similar themes led to the combination of threads who couldn't survive alone.

As for your second part is another separate question which must addressed alone. Historical reasons rooted on the hacker culture + literary roots + current affairs = the same tendencies in culture, career and habits. Being cybersecurity also a habit.

my prof cucked me into focusing on machine learning bc that his focus so i've been having to try to spin it to a security angle for grad school, since that's what i actually want to go into. not a fan

Thanks for the explanation, that makes sense

Bump

These are my favorite threads

Did you all take anything away from 2049? I thought it was well put together, it was super /cyb/ and loved every bit of it, but I never got that gut punch feeling when I feel like my shit was just turned upside down like I did with a lot of my favorite Cyberpunk movies.

I remember seeing this and thinking some are far fetched. Oddly enough, many are possible but not done, like de-extinction. Why? Is like the most simple thing if you want to bring back a baby mammoth, some elephants have been proven to be fit as vessels.

The cultures of both intersect...if you look at when the cyberpunk subculture really started to gain ground in the 80's and 90's, the hacker subclture was adopted in , as well as programming, hardware hacking, etc.

There is the famous image attached to this comment which has since become a meme which shows that intersection in the 1990's...you also have the Cyberpunk doc from the late 80's-early 1990's that feature both Gibson and hacking (though some of the hacker credentials of parties involve maybe suspect)as prevalent parts.

The fact that one of the fathers of cyberpunk (again, Gibson) attributes hacking as cyberpunk (with many of the prevalent characters int he Sprawl trilogy are hackers) pretty much cements it.

ALso, the wider world seems to pack cybersec/hacking and cyberpunk together, but somehow this is supposed to be different here because of some elitists and/or trolls that turn their noses at the union?

Finally, cyberpunk should be considered a movement now, and that movement should be based on the simple idea that common people who teach themselves to harness technology can take that technology and fight to shape themselves or the wider world into a shape closer to their ideals.

Cyberpunk is what we need now; money has ruined the world, and technology, hacking/cybersec is how we get it back...we may be lowlife (in that we can affrd Keyscore or Prism), but what we can do to effect change things with even a Rapberry Pi, Linux, a terminal and knowledge is hi-tech (just as Da Vinci and simple paints and canvas are high art).

Correction:

"we may be lowlife (in that we can't afford Keyscore or Prism"

Joi's fate was a gutpunch...I've seen the same thing done multiple times and it faied to make me feel that way...and K's run in with the hologram was wrenching....

Also, the sadness of finding out the fate of the charcters in from the 1st film...like where Gaff ended up (gone from a swnging dick cop impeccably dressed) to where he ended up, or the respect he seems to have fo Deckard years later....

Also, the feeling I got when Deckard's/Rachels first encounter was revisited...

Trying to keep away from spoilers...

Is there any reason why in my lab that's got a local DC set up, I can't create an exchange server and email between desktops in the local network? As long as I'm not piercing the wan I don't need to register mx records right? Or does it not work that way? Because I'm not going to pay to register domains for my autistic test projects

look up differential privacy with machine learning, it's a way to extract data but keep it anonymous so you aren't Faceberg.

Security is actually a waste of time imho. If you want defensive security you look up verified algorithms and other methods of formally verifying software, forget trying to put out fires they'll just keep burning forever. deepspec.org/page/SF/ not to mention, companies do not want to pay for a real solution. If you want a total redpill on the 'security' industry then look up what Homakov has to say about it: medium.com/@homakov/why-it-sucks-to-be-a-security-researcher-8a1d17fbffe8

tl;dr it's a waste of time. They just pay you for your reputation, so they can continue to make feeble, inferior bug filled junk and just con idiots into using it because your good security name is now attached. If you develop a superior system that guarantees security, they want nothing to do with it.

Old OP here, nice to see this pasta evolving.
Sad to see the greentext aesthetic go though.
Sorry for vanishing, I was battling some inner demons.

Its ok man..I am glad you are ok.

I fuck up the gren text ...you see the >?

That is a mongaloid like me trying to greentext shit.

servers and groups for technoactivism (hacktivists, cypherpunk, technoanarchist).

Forgot link:
riseup.net/en/security/resources/radical-servers

I knew about them, autistici (autistici.org) and aktivix (aktivix.org). Sadly I am not interesting enough to have an account. Hope someone here makes good use of these though.

Yes, I am lame and hang out here.

youtube.com/watch?v=fVKeJ1vGNfo

the new symbols are nicer than the standard issue >meme issue

>meme issue
i meant meme arrows fuck

Thanks...there were actually many more used...like 1 per line, but (including Chess pieces), but Sup Forums didnt render them

youtube.com/watch?v=HHgxOXEQaFU

>including Chess pieces
Aw man such a shame they didn't work

>HDDs can be disabled via soundwaves
I remember this.
In acompany I workted for the inert gas extinguishing system killed almost all hard drives in that datacenter when it went off.
Funny enough it was just a test

>Is like the most simple thing
Apparently it's not that simple. They've been trying for years with no success. That 10,000 year old DNA can't be perfect no matter how well frozen it was.

I believe that's less to do with the pressure of the sound and more to do with the fact that shits literal poison

Nice, I need a few forums to lurk

...

Does a lot of malware use commercial packers like VMP/Themida/Obsidium/etc? All malware unpacking tutorials I see deal with some basic shit that can be dumped in 30 seconds.

How do the AV people deal with those? Do they develop their own inhouse tools to unpack/unvirtualize?

Let's say you can unpack these, can this land you a job since malware is usually less complicated?

>All malware unpacking tutorials I see deal with some basic shit that can be dumped in 30 seconds.
Yes, because it's a tutorial.

But they show how to unpack real malware found in the wild which leads me to believe most of them use simple packing.

I've also read this writeup where they mention Themida and all they could say about it was "it's difficult" without really going into the analysis of it (this makes it sound like they ran into an obstacle and didn't bother)

blog.talosintelligence.com/2017/09/brazilbanking.html

That's one of the greatest mysteries about the IT world at large; there's an endless stream of basic as fuck content, and SSJ3 tier content, and nothing in between.

reading about GANs and they're actually pretty interesting. most interesting thing i've read about so far. until now everything i've been reading is basically just making a classifier... which gets old

page 9 bump

>en.wikipedia.org/wiki/List_of_emerging_technologies

I'm almost positive you need MX records in DNS on your local DC. You don't need a publicly registered domain for internal only.

Source: have done this in a class setting hundreds of times.

Also, don't know why it posted that link. Wasn't in my clipboard or anything.

Weird...

>Does a lot of malware use commercial packers like VMP/Themida/Obsidium/etc? All malware unpacking tutorials I see deal with some basic shit that can be dumped in 30 seconds.
I don't often encounter the more hardcore packers. That's probably because the aim of most malware authors is to spam their malware in big volumes with little time between each wave. Having complicated packers does nothing for them in this respect, a simple packer that shifts some bits around is usually enough to keep, at least their file signature, off the radar for a day or 2. In my experience reasonable anti-reverse engineering/anti auto-analysis techniques seems to have a higher priority; think control-flow flattening, obfuscating api calls, hiding things in SEH, etc..

>Let's say you can unpack these, can this land you a job since malware is usually less complicated?
What lands you a job in this field is having a real firm understanding of windows internals, OS design, c, c++, and to a lesser degree how the PE file format works and how compilers work. Next you need to be really familiar with the ins and outs of a disassembly tool like IDA or r2, and being able to script in them(learn python). Lastly what makes or breaks you is being able to think outside of the box and combining all that knowledge in efficient ways to break malware apart.

Malware analysis is about being knowledgable enough to be able to handle/understand anything being thrown at you, not just how a packer works. (of course no one expects you to be perfect, but the bar is pretty high)

wtf does cyberpunk have to do with cybersecurity

they're both gay

dis
cyberpunk general is a /fa/-tier threads

Do you think pub key authentication only, no root login, non-default ssh port and a basic firewall is enough to secure a server for a few small projects? Should I install fail2ban in addition to this?

Awesome...thank you...I will definitely make use of these.

The cultures of both intersect...if you look at when the cyberpunk subculture really started to gain ground in the 80's and 90's, the hacker subclture was adopted in , as well as programming, hardware hacking, etc.

There is the famous image at >62908962
which has since become a meme which shows that intersection in the 1990's...you also have the Cyberpunk doc from the late 80's-early 1990's that feature both Gibson and hacking (though some of the hacker credentials of parties involve maybe suspect)as prevalent parts.

The fact that one of the fathers of cyberpunk (again, Gibson) attributes hacking as cyberpunk (with many of the prevalent characters int he Sprawl trilogy are hackers) pretty much cements it.

ALso, the wider world seems to pack cybersec/hacking and cyberpunk together, but somehow this is supposed to be different here because of some elitists and/or trolls that turn their noses at the union?

Finally, cyberpunk should be considered a movement now, and that movement should be based on the simple idea that common people who teach themselves to harness technology can take that technology and fight to shape themselves or the wider world into a shape closer to their ideals.

Cyberpunk is what we need now; money has ruined the world, and technology, hacking/cybersec is how we get it back...we may be lowlife (in that we can affrd Keyscore or Prism), but what we can do to effect change things with even a Rapberry Pi, Linux, a terminal and knowledge is hi-tech (just as Da Vinci and simple paints and canvas are high art).

>Historical reasons rooted on the hacker culture + literary roots + current affairs = the same tendencies in culture, career and habits. Being cybersecurity also a habit.

I'm a student doing an engineering masters in networking. Currently studying everything cryptography and securing data exchanges (how, ssh, openvpn, IPSec work..), also did a bit of nmap and metasploit at school. I need to keep myself informed of what's going on in the InfoSec world, do you have any good news website to recommend for that kind of stuff ?

hackernews

This has been happening to me for awhile now.

It is one of the reasons I am making OH; It is probably just a bug ir something, but I do not trust H1r0yUk1...I have the feeling he would sell out any group or indiviual on this site in a second...I have a feeling M00t would have at least had to examine his conscience on a course..H1r0 would likely just examine a dollar amount.

shut the fuck up, stupid bullshitter

I don't doubt this to happen.
But why (testing this with) a wiki page ?

I'll still use 4chinz, Sup Forums, and /cyb/+/sec/, but some separation for the sake of isolating resources and any extreme ideas that may be sensible but dangerous to have directly out on the clearnet.

WHen we have the US going to extemes to prosecute those who are involved in anyway with malware.(or RAT like software) and hacking, I don't think this is to extreme a step...especially if it inspries discourse that helps the community.

I am not bullshitting...and its probably a bug, or a feature that I haven't seen befire...I mean I am kind of a fuck up with the features, I can't even grreen script right...

The thing is I don't think the idea of something like this happening is outside logic given the ownership...and I didn't say anything earlier, because I didn't want to seem like a tinfoil hat alarmist.

But dude, I do post alot in these generals...so you don't think that if it was happening, that I would see the effects as well?

Also,I do not bullshit about these things.

fuck off with your reddit spacing

f2b doesn't make you more secure but it'll keep your logs cleaner.
probing hosts with cert auth would either mean they found yours or they found one and know there's one or more hosts it'll work on (or there's a vuln)

it's not just the US that tries to outlaw certain functionality in software

Completely agree with all your statements. The DIY culture of cyberpunk is slowly growing, such a fundamental concept of becoming reality what we need for security and information harnessing as it is creating and maintaining machines with precious information and networking it is also intersected with keeping oneself at the edge of security. Is almost no guarantee that the layman is aware of basic security practices but in cyberpunk oriented people you have that interest in knowing what's new in information AND security, even if is not working directly in security himself.

>ALso, the wider world seems to pack cybersec/hacking and cyberpunk together, but somehow this is supposed to be different here because of some elitists and/or trolls that turn their noses at the union?

The "wider world" also packs everything computer-related together, so I guess we should merge /cyb/, /sec/, /dpt/, /tpg/, and literally every other general on this board to a single thread.

Why the fuck do you care about what "the wider world" thinks? Use your fucking brain, do you think cyberpunk fashion (because that's all these threads are) should share the same place with infosec discussion?

>The Glass House Effect (or GHE) is the resulting phenomenon brought on by an awareness that one is subject to ubiquitous surveillance. In corporate environments, the transparency is considered a good idea, as it is believed this discourages corporate crime and other misfeasance.
>The Glass House Effect can induce an overwhelming sense of hopelessness brought on those subject to such uncontrolled observation. In such circumstances, solitude is conspicuously absent, and privacy is considered a thoughtcrime. The messages conveyed to the subject in such an environment usually involve some variation on the notion of Catch-22, such as
>1.There is no place to hide; nor should you want to.
>2.Any exhibited avoidance behavior is considered a threat, and an invitation for additional scrutiny.
en.wikipedia.org/wiki/Glass_house_effect

Not that guy but of course they go together. We've literally got DRM'd clothes now, how else are you going to achieve fashion without hacking it?

Reddit spacing?

I f you mean my use of ...it is an effect on my writing from playing RPGs as a child and the way I read text...it translated to a shothand by which I get thought s out quickly without proper grammar.
I don't know why you are being an asshole or something that was so mildly alarmist...people being fucking assholes to each other instead of cooperating is what got us into this mess in the first place.

Granted, this is Sup Forums...bt ultimately the attacking eachother is adding to the problem and dnot the solution...criticism is fine/necessary, but ultimately shit like relating anything reddit to bad makes you as much a meme as the watever sentence structure you are condemning.
. Yes, I am aware of this...however, I tend to deal with the most severe or closest threat first...unerstatng or underestimating a threat can lead to lack of preparedness and disaster.

/cyb/ would discuss the fashion and try to shoehorn Catch 22 into the discussion for the millionth time, whereas /sec/ would actually figure out how the DRM works.

>I don't like two threads got merged
>lets merge everyone
This guy is exaggerating.

Also cyberpunk IS cybersecurity.

You are implying /cyb/ wouldn't discuss how DRM work and how to bypass it.

They would pay it lip service, but that's all. /cyb/ only cares about their cyberpunk "aesthetic", actual technology be damned

>cyberpunk IS cybersecurity
Feel free to elaborate, because otherwise that's pure nonsense.

And the only people concerned how to remove the DRM would be in /cyb/.

I guess this is the same guy who says /cyb/ is not technology, he tries to flame war.

If it was halon you can actually live while being exposed to it. It was designed to displace enough oxygen to kill a fire but not a person

How long until wearables become a concern in security?
>inb4 they already are
Is inevitable this bad trend to be a security liability, but we don't see it shipped en masse, do we?

This is true...but cyberpunk is or can be more than an aesthetic.

I like the relation to aesthetic over the other components is a diservice to cyberpunk's more important components, which I feel are necessary to illicit the change this world may need.

In fact, t think relating cyberpunk with mostly an aesthetic is dangerous now, as aethetics are a means of control or quantification now...this is not Cyberpunk 2020 where evrythign should look cool over al....this is Earfth 2017, and if the little guy doesn't get low life (where they are now mostly, maybe not in Ghana standards, but low none the less) and high tech (using tech to even the odss and buld awareness), then we are fucked.

And the sec component of cyberpunk is going to help get us there...s that is why I reject the classification...bomber jackets and stompy boots aren't going to improve our lot (except for maybe with the ladies...the ladies of the 80's are into shoes. It's the second place their looking...)

Correction to my typo:

I think the relation..not I like.the relation

>relating cyberpunk with mostly an aesthetic is dangerous now
This.

wouldn't you count it towards the internet of shits fallout?

Thanks for making a serious reply, but I don't really understand your argument.

From what I gather, you're suggesting that cyberpunk is about activism. Is this correct? If so, I stand by my original point. While some people may indeed consider security activism relevant enough to have /cyb/ on Sup Forums, it's different enough from /sec/ such that the activism discussion would get in the way of actual technical, security-focused discussion.

And I'm maderas, I'm the one saying this shit...I'm the one with reddit spacing and who knows cyberpunk is more than aethetic, because I'm tired of the man having his fucking foot on my throat...so I'm going to fucking do something about rather than bitch about esmantics or how some motherfucker expresses his or her thoughts

No...its not about activism...if being poor and teaching yourself sec gets you a better job and moves you out of abject poverty, then I believe that is cyberpunk as a movement.

Not everyone wants ti change things...I wiould settle with a movement that changes people and improves their lives, beause that is change..

If that user uses sec to get a better lot in life, then they are more likely to pay it forward...that is change...

They need us lowlives for sec.. so learn sec...you can hacktivist shit with sec....so learn sec...all of it is lowlife high tech, and all of it creates positive change...it is a movement about saving the little guy and fucking up the gears that have sent everything ti shit.

Thanks for the answer. I was asking about packers specifically because that's what I reverse in my spare time. I should have realized malware analysis is about being efficient (like any other job really)

Ha, we were thinking the same. Appliances do indeed have a higher risk right now for their breach represents a potential failure of the device, with cases as the car microchip to anything scada. Wearables on the other hand still depend on just collecting data, right? I won't see many potential dangers except get delivered the wrong data, or maybe raising or lowering body temperature or an electrical shock, but only in the constraints of the devices.
My guess that only data is here the concern, like a possible health data could be used to terminate certain insurance an some hacker could make a ransomware were he threatens to reveal such a thing.

ANd it doesn't matter who I am..except part of the reason I didn't hide my name was becasue I am tired of hiding, not because I am important...I am not...special snowflakes are dooming tthe world.

SOmeone needs to wave the flag...and sometimes I want to do so visibly, then go back to user.

>I'm tired of the man having his fucking foot on my throat
>SOmeone needs to wave the flag
maderas my man, thanks for being you

is the gray hat hacking book a meme? i see it's tied to CISSP and everyone says that's a terrible meme cert

you're the cringiest motherfucker ever bro. get real and stop talking so much shit
so many losers here just talking shit

4U

To go along with this question, which security-related cert is the most rigorous and well-accepted?

I know no cert is a substitute for practical knowledge, but if you were required to get one security-related cert, which would you get and why?

netsec reddit

nutsac*

Is providing information on how DRM works internally even legal under DMCA?

I've heard that you pretty much should stay away from DRM/cracking if you want a career in reversing (or just don't be stupid and release shit that can be traced back to you).

And this will be the cyberpunk of many countries futures if we keep letting shit go the way it is...if a tenth of every programmer or hacker joined forces, we could force change.

You can laugh and say no, but do you think my greatgrandfather would believe Americas people would be living like how they are now?

I volunteered amongst WW2 vets...most of them send (a few years ago) that this isn't the country that they fought for...they felt for the young people of today and the shit they had to deal with.

And its the same in so many places...and the one advantage we have is tech...Ghana is another example of the man fucking the little guy,

youtube.com/watch?v=T1UqATi8AH0&feature=youtu.be

Wearables usually have some wireless connectivity and may serve as a jump to some other target.
Combine that with recent vulnerabilities and you have an excellent horror story for ransomware