/cyb/ + /sec/: Cyberpunk and Cybersecurity General

>the website is forbidden
You have to be 18 to post on this website.

I'm at home though, I'm using my home network. I'm sure it was working a few days ago. aircrack-ng.org/ tells me I don't have permission to access / on the server. Isn't it like that for everyone right now?

err, yeah, the site's down I guess.
internetarchive ftw ?

cool cyber/cypherpunk hardware or tools to buy?

Could you be a little bit more specific - what do you want to cyber ?
Are you thinking about something like a Bus Pirate or a JTAG debugger?

>lockpick kit
>rpi to use as cheap web server
>nexus 5 + nethunter
>metasploit pro
>more ram to feed your Cisco IOS VMs

Hey John, I'm gonna need that vulnerability assessment ASAP.

It's not like you have other methods of contacting me

it's down here too, it's recent it was working 4 days ago

Sounds more like a 502 or something. Their website is down/broken, not on your end.

I just got a nooelec ham it up ham radio receiver that should be getting in over the next few days.

I have a usb sdr that I "borrowed" from a radio astronomy class I'm taking, and have been fascinated by radio tech lately.

Super excited to be able to tune in to lower frequencies and see what's out there. Thinking of looking for some numbers stations and have found an irc for pirate radio operators.

Still very much a beginner, but already pretty excited about the topic. Something worth looking into anons.

>>more ram to feed your Cisco IOS VMs
absolutely disgusting.png

I would just like to say that this is the most /comfy/ board on all the chans.

Question, what would it take for me to switch from being a lowly angularjs dev to working in security.

Also what sort of workflow can i expect daily if i decide to go down this path.

Using a non librebooted pc with a cutting edge specs with linux OS through a librebooted firewall/router, vpns, and tor. Is this just dumb, and self defeating?

>Is this just dumb, and self defeating?
Why would you think it is?

>Why would you think it is?
Windows ME, and AMD PSP might be able to passthrough the firewall undetected.

Inte ME, AMD PSP, Arm TrustZone.

then dont use a physical connection to your nic. ME requires power and a physical connection.

Outerheaven is going to use a relay of hosts which will move redirect encrypted traffic through multiple hosts; traffic will be encrypted/encapsulated at least two layers, with at least one layer of encap/encrypt extending past the Tor exit node.

There will likley be a new onion and a self signed certificate for HTTPS/TLS/SSL.

After this last step is done, I do not see anymore down tie in the immediate future.

And good evening everyone.

Didn't mean to jump right into OH stuff.

I will go through the last thread and this one and answer some unanswered questions maybe.

And for the OP that ,mentioned it, I am calling the hidden service hardening process/config I am working on Adamant Jacket REX

Is OH to be a backup in case cybsec and or Sup Forums goes down, or a migratory project?

>good evening everyone
wassup maddy

hows your Halloween been?

Pretty good brother, thanks for asking!

I like to try and make everyday a little bit Halloween, but Halloween itself is tough to beat

I hate holidays, but Halloween and NewYearsEve/NewYears day are exceptions.

How about you user? You enjoy your All Hallows Eve.

>How about you user?
I am getting very anxious about the future, and how junior roles dont seem to exist. im a general IT tech; so i swap boxes. so im unskilled as fuck. and getting too old to not have a real career.

i just dont like the uncertainty of what will happen in the future.

OuterHeaven will be whatever the community needs or wants it to be.I do have plans though, but note that these could evolve or go to hell at any time.

1) /cyb/ + /sec/ will serve as a sort of basecamp that creates/attracts new ideas, people and resources that OH seeks to archive, distribute, evolve and potentiate.

For instance, the pentest network I will integrate will serve to make hacking/pentesting resources posted here (and the anons interested in them)much more actionable.

2)Privacy is underattack, and OH will serve as a bastion of thid for as long as I live;eventually, regulars will have access to room space at OH which they can secure with their own password, or they can use it to communicate with others in a compartmentalized space ( a private room in a hardened hidden service) where theycontrol the configurations of the environment.

3) OH will be as trasparent and democratic as possible/sane with the users/community

OH 's resources will belong to everyone: different Citadel instances can be connected regardless of geography (so 8 different Citadel instances could become 1 huge Citadel instance, tand each instance keeps its autonomy).

This could lead to a sort of superstructure that ensures the surviivaal of the community and resources (if a government desttroys 1 Citadel server of the group, the fotherCitadels can detach grab the vanned Citadel servers resources, then scatter,

Replicating a Citadel server and it's resources is as easy as the site admin rsyncing or sshing a single Berkely DB into a newly created Citadel server.

This means resources that many members can store and protect, while having the freedom to develop their vision of the collective's pursuits with their own Citadel;

There are many more,but the most important part of OH will be providing a means for anons who want to change shit to find eachother organically in a place where mmany of the ttools they need are in place and they can collaborate freely.

Sounds like a classic Sup Forums pipedream but I wish you luck

This, currently it looks like intel ME only uses the internal NIC. The other two haven't been extracted afaik so there's no telling

nice one. I love the idea of selfsigned certs.

I take it you've already been monitoring the outgoing traffic? afaik silkroad got busted by leaking DNS on the server side

nth for offline android """security""".
Your daily fucking reminder.
Also that CORS is fucking retarded and gets my autism flared up whenever someone asks you to do anything and they forgot to activate CORS on the backend but don't even encrypt the payloads.

Brother, you are worrying way too much.

I was pretty much on my own from a young age. I have a GED ILater on,was homeless in a big city where I didn't know anyone for at least 50 miles.

I spent three months living in a shelter where the city housedtheir problem homeless they didn't want in anywhere downtown after dark..

One morning I went to the cafeteria before leaving in the AM; I came down the steps, and there was so much blood on the floor that i couldn't imagine the person survived.

Here is the point man:I am guessing you are ain your early to mid 20's, and you seem to have 500% more gong on for you rresponsibility wise then I did at that age.

You are working hard, you are training yourself up; keep working hard, do not give up, and you will get where you want to get,

It is hard work and dedication, which I feel in my guts you have.

So do your thing man; life can easily become one big worry about the future.

I only know of a few constants in life, and one of them is that if you work hard, stay discplined and NEVER GIVE UP, you succeed.

There are many people out there who are willing to give a shot to someone who works their ass off, perseveres and has passion about waht they want to do.

Life is hard, and hiring managers are not above its hardships; thus, people are willing to take a chance and pay it forward for someone working their ass off to make a living do what they enjoy

Apply for everything within reason and get after it,; your going to be more thsn ok.

You know there's ssomething terribly wrong when even Google starts to take action against UEFI/ME

osseu17.sched.com/event/ByYt/replace-your-exploit-ridden-firmware-with-linux-ronald-minnich-google

>Sounds like a classic Sup Forums pipedream but I wish you luck

I have had multiple people tell me here that I was full of shit, and yet the site is up.

Over a 4 day period of puking blood and falling in and out of consciousness, I was able I take an old BBS program and turn it into a mini beast with one hell of a custom hidden service configuration (that I haven't seen elsewhere) and hardening to address a couple serious vulns I found.

I do appreciate you wishing me good luck. Thank you.

As far as pipe dreams go, I have heard that phrase so many times, and thus far I have made it a habit of extracting the dreams and hammerign the pipes into an iron will.

>nice one. I love the idea of selfsigned certs.

>I take it you've already been monitoring the outgoing traffic? afaik silkroad got busted by leaking DNS on the server side

I have spent awhile working on a privacy/anonymity project of my own before this, so I have been seriously obsessing overdifferent anonymity/privacy configurations for at least 2 years.

I am going to release my secret service config eventually; what is good about Citadel is the simpleness of it's design and implementation,

Like you stated, the devil is in the details, and I have been assessing over them.

Stumbling into Ciyadel was kind of a blessing because it was the missing piece of the hobby/project I was working on.

Also, I obssees over traffic captures and general security details; I do not want anyone being vanned on my watch.

thanks man. thanks a lot. you always make me feel better.

ill tell you what tho, reading about the cafeteria and the blood on the floor with the dancing spooky skeleton in the bottom of the page really is some strange shit.

A gun.

Perhaps it is a pipe dream, but we're being given quite a lot for free and all that we need to do in exchange is populate OH, teach and learn seems like a fair deal to me.

Any anons here that doesn't study C.S but still do pentesting on VMs on their spare time ?
I have less and less time to work on my hacking skills since i got into higher degrees, have to work for my loans, do sports, have a gf etc...
What do ? should i definitely forget /cyB + /sec ?/

Reddit thread

better than cringe edition

I want to be a hackerman. What are some items in my starter pack?

only if you want to. a day has 24 hours, i doubt you have a purpose for every single one of them to the point in which you can't spend an hour or two studying sec

You open your [Starter Pack] and find a [Screwdriver], a [Flashlight], a [Used Panty] and a [Manual, How to be a 1337 H4ck3rM4n v2] inside.
As rour Eyes wander through the room, you notice something.
What is it?

>Any anons here that doesn't study C.S but still do pentesting on VMs on their spare time ?
yes, i doesn't study C.S, and I do pentest my VMs in my spare time.

Its quite easy because I doesn't study CS.

>Manual, How to be a 1337 H4ck3rM4n v2
Read Manual

You start reading [Manual, How to be a 1337 H4ck3rM4n v2]

As you're reading, you realize this journey won't be a short one. Simply learning a programming language won't fill you with knowledge of the inner workings of those miracle machines. What you're looking for is something that escapes the grasp of most others

you def need a hoodie

the panty will have to do for now :^)

>used panty as headwear
kek

>Simply learning a programming language won't fill you with knowledge of the inner workings of those miracle machines
[Sell Panties]
[Purchase TCP IP Illustrated]

Thanks dude.
Well i almost do, 8h sleeping, 3h job for the loands 3h for the dog 2 for the gf, 2h working out, already a 18hours used.
6hours left to work for my grades, or to be in class. Its pretty hard right now :/ i'd really love to have more time for /sec/

Do you have enough time to learn more in depth-stuff ? I'd like to go into more advanced techniques

You feel your understanding of networking technologies grow. You realize, you've been playing with the [Screwdriver] while collecting your throughts. Since you now know how these machines are interconnected, maybe it's a good time to find out what's going on inside of them ?

>Do you have enough time to learn more in depth-stuff ? I'd like to go into more advanced techniques
I was making fun of your typo; the only studies I do are those in my own time, I dont go to school anymore.

The issue Im facing isnt going in depth; its having a wide enough knowledge base to cover all the facets infosec looks at.

Hackers playbook has been sitting on my desk open for a month now. I havent progressed past the 12th page, due to all the other things I had to learn to get up to scratch.

Book requires a domain controller for your lab
>install server 2012
>work out how the pieces of it interconnect
>work out how to get dhcp, ad, dns etc working
>work out WHY they arent working and how to make them work
>fugg dhcp wont work
>fugg dns is FUCKED
>learn why
>learn more about user privlages and how they are the source of my dhcp pain

>pfsense is giving me grief
>oh look vmware isnt set up right
>learn to set it up and why it wasnt working before

Ok the lab is up after a week of troubleshooting. Oh shit, I need to learn powershell

>go through exercises recommended by book
>stop and take notes in two hour intro video recommended

I fucking guarantee Ill turn the page after this and be presented with another wall to climb.

At least im powering up quickly..

>Since you now know how these machines are interconnected, maybe it's a good time to find out what's going on inside of them ?
[USE SCREWDRIVER]

/sec/ needs its own thread to stop these hipster fucks from giving shit advice to people. /cyb/ is possibly the worst thing that's happened to Sup Forums

Oh sorry i guess i need to re-learn my grammar kek
Yup it's what i did to get some very precise knowledge in few fields, happy hacking !

the threads have gotten better since the remerge after the split a few months ago.

the cyb provides the aesthetics, and keeps this thread bumped. theres literally nothing wrong with that.

>aesthetics
This is the hipster garbage I'm on about. Security and faggotry should be kept separate.

Also
>needing to bump on Sup Forums

>As rour Eyes wander through the room, you notice something.
>What is it?

It's a server rack set up as a heterodyne receiver connected to a 4m dish outside. Next to the rack is a monitor and keyboard. On the monitor is a log in screen with a background that says "Fedora Core 2".

There is a sticky note on the monitor that says:

>RA 18 36 56
>DEC 38 47 01
>1337.420 MHz

You rotate the [Screwdriver] in your hand. It's small and won't help to open a cassis. You get a feeling that you might be able to manipulate memory with it.
The flashlight is no ordinary one either. As you shed a light on a program, you see its instrctions flash up quickly

/cyb/ philosophy and /sec/ practice. Studying both keeps us working for "good". /cyb/ is our religion/culture that guides us to using our /sec/ powers for good. If you just want to be a fuckass-cracker y'allr in the wrong place. Here, we think about the consequences of our actions and work towards a freer future.

Was supposed to be a reply to

>doesn't understand why bumping is important
>posts confusion to thread on page 4

Sup Forums is the busiest board I visit. /cyb/+/sec/ is an important staple of our culture. Important to keep them around imo

...

...

Confirmed trap

Seems the FTP OP has rearranged everything but I am not sure it is systematic or any better. In any case I was able to locate the Cyberpunk folder:
ftp://collectivecomputers.org:21212/Books/Cyberpunk/
This is a bit silly since Cyberpunk is not limited to books.

anyone else not able to access OH?
Was able to on monday but not afterwards.
I'm not that familiar with tor but I recall being inconsistently able to access hidden services when I last used it. After reconnecting, I could access those, but not others I just accessed.
Is that known or am I missing something?

Hey bros should I encrypt my SSD? I heard it greatly increases wear on those drives but my Home folder is on there.

Make a copy on your data on another drive and encrypt that one.

got a 3k bug bounty for a very stupid but impactful vuln I found. first one I've ever had.

>I heard it greatly increases wear
it shouldn't. You're using TRIM, right?
as for general information on that topic see
wiki.archlinux.org/index.php/Disk_encryption

nice one. What kind of product and vuln was it?

can't talk about the company yet until I get permission. but let's just say the sector they deal in has a ton of wealth, growth, and tons of brainlets pumping money into it so its full of things like this.

they had their git authenticate via http on a test server which means the user and pass is in plaintext... Which is fine if you disallow public access of /.git/config which they did not.

>can't talk about the company
It's fine, i'm not into naming-and-shaming anyway. Finance sector would've been plenty
But it's interesting to find something like this - I recall a few reports of exactly that mistake in recent times. Figured, it's being heavily scanned for already

Yup, cool stuff. Did you see the pasta we made for this?

Also worth following rtl-sdr.com.

I have not seen the pasta and would appreciate a link. Thanks for the info.

what is a /cyb/ approved laptop?

pi-top.com/

minifree.org/product/libreboot-t400/

Look for open hardware.

Certainly, here it is: pastebin.com/9uYXMhVm

Well, I checked and I got something like this:

>sudo fstrim -v /
>[sudo] password for root:
>/: 13.1 GiB (14031626240 bytes) trimmed
>root@home:/usr/share/app-install/desktop$ sudo fstrim -v /home
>/home: 885.4 GiB (950658785280 bytes) trimmed
>root@home:/usr/share/app-install/desktop$ sudo fstrim -v /boot
>/boot: 744.3 MiB (780455936 bytes) trimmed

So if I do a system encrypt I should be fine, yes?

What does this mean exactly?

Someone posted it on another board.

Thinkpad

what does /sec/ think of Cyber Patriot?

>Cyber Patriot
From Wackypedia:
>Goals and objectives[edit]
>CyberPatriot, designed to be accessible to any high school or middle school student, provides a path from high school to college and the workforce, and benefits all CyberPatriot partners and our nation. The program increases the awareness of cybersecurity by delivering a basic cybersecurity education in a competitive format that enhances leadership, communication, and cooperation skills among its competitors.

Leadership?? This sounds like military indoctrination rather than training for critical thinking.

you cant hide

newfriend here, what's this outerheaven thing?
thanks.

It's a thing that a guy made to do stuff.

cool.

Your answer is in this thread.

Yeah, silly me.
My bad.

...