>>mines crypto to heat his bunker He could add a LED farm to his enterprise. Would also make the air better.
Thomas Thompson
Where's bunkerbro? Haven't read from him in a while.
Isaac Sullivan
Geographically speaking he is in Sweden. It appears he he has extended his lair with another two sites.
In the non-literal sense he is often in >>>/diy, last seen in
Tyler White
Yeah, I meant non-literal sense, I already knew from him from a time where I lurked /diy/.
Liam Wilson
Finishing loose ends from last thread:
>What are you all working on? Still working on the FAQ. Paid work is taking a lot of my time leaving less for the FAQ. I see it is being mined for at least one zine, good to see it is being spread wide. I have added a bit on Solar Punk (unpublished yet) and will add a section on Cyberpunk in academia (excessive POMO) and in the military (no, really).
>Going back to some IoT/BLE projects we've had on the backburner too long. And maybe hook up the LCD sign I've been neglecting forever. I recognise that project, please don't give up.
>Need to also find a form of passive income since I've been out of work (voluntarily) for about 6 months and the money's starting to dry up. Open a YouTube channel where you post your progress on the LCD project.
Chase Stewart
Yo, so i'm using a free firewall(comodo) on my windows machine i use for some games/stuff for my job, and sometimes it blocks the ARP protocol, which i cannot understand why. Does anyone know what could it be? Is just a false flag or some kind of infection?
Bentley Hernandez
Old OP here, glad to see this still going strong as it shows I didn't waste my time keeping it going. I'm glad to see the greentext aesthetic back, very pleasing. Keep up the good work.
Thomas Ortiz
IDK but please use a non botnet firewall like pfsense.
Gabriel Richardson
>sometimes it blocks the ARP protocol, which i cannot understand why
Maybe to prevent arp spoofing and mitm. Are there potential malicious users in your network ? Roommates, brothers, sisters, neighbours ? Or are you the only one using the network ?
Blake Robinson
>Is it bad that I've actually met and hung out with one of these very individuals at a cyberpunk con? What? Where are these cons?
Juan Stewart
Thanks dude
Jose Green
=== OS News 9front had a new release, a bit of work happening on libsec. No sign of auditing.
Redox-OS is progressing, no mention of security. Then again there are several new contributors here, how many working in alphabet agencies to pump the OS full of backdoors?
i've recently been given a rubber ducky and LAN turtle
are these things still useful at all?
Isaac Phillips
Goddamn that's fucking cool
Cooper Foster
HOPE RIDES
ALOOOOOOOOOOOOOOOOOOONE
HOPE
RIDES
ALOOOOOOOOOOOOOOOOONE!!!!!!!!!!!!
Chase Thompson
YES THEY ARE
their only limitation is it requires you to have physical access to the machine you're attacking
Jayden Sullivan
HACKER_SLAV
Jason Foster
is hastebin the most cyberpunk pastebin alternative
Charles Ward
What is a bugman
Anthony Barnes
>requires javascript no ix.io is better
Joseph Robinson
Anyone remember a post about the possibility of embedding malware in a machine learning algorithm? I remember the poster saying something along the lines of the malware being impossible to detect because the algorithm is opaque to the operating system. Is there any truth to this or was he full of shit?
Aaron Anderson
That would be some crazy shit if true
TIG IF BRUE
Noah Ward
Don't get caught out by SLAAC IPv6 DNS leakage
Jose Gomez
No, its 0x0.st
Carson Reed
I'm feeling cyb right now, but got nothing to do. Guess I'll post a wall or two
Carter Williams
>google comes to build you a city Would you live in it?
Joseph Thomas
Couldn't you consider, e.g., the Tay incident, evidence of this? E.g. teach the ML algorithm something bad, and it'll do something bad. If you had a ML algorithm with operating system primitives on the recieving end of all the neural pathways, you might be able to teach it to do something nasty. That's an interesting thought. People get incredibly clever with shellcode or other injection exploits. I think I once saw an article about producing shellcode that forms readable ASCII text (sentences, etc.). There's no reason ML is off the table. Remember that hacking is really about knowing a software better than those who deploy it.
good, Google needs to get rid of the bullshit urban planning we have right now
Kevin Anderson
Always love jaypon posting
Adam Cruz
...
Ethan Flores
...
Samuel Thomas
Good pics. Where have you found them?
Joshua Ward
Termbin easily. foo | nc termbin.com 9999
Jaxson Flores
What are your thoughts on protonVPN?
Matthew Phillips
I got from a thread on r9k about an user whose living in Japan
From the same thread
From an old cyb thread at the start of the year
Gabriel Perry
We got a nice cyb thread going for once eh?
Cool.
Has anyone been doing their sec studies though? I've been running more through my CCNA cyber ops, and by Christ man, it's fucking mind numbing. Im certainly not learning anything from my studies; I feel like I'm only continuing the studies because I told myself I would get the cert.
Anyway has anyone got a list of super basic, real fucking beginner level boot2roots/vulnhubs/CTFs?
Instead of using to avoid tax, setup a network owned by the company in the three countries?
Parker Hernandez
cool pic i found on reddit
Aaron Myers
10-4 on that - you are never alone with a rubber duck.
Lincoln Jones
anyone has examles of real life cyber punk apartments? I like the style but I have a feeling that it only looks good when drawn.
Aiden Hall
A lot of these are in the Cyberpunk folder on the FTP site. There are both landscapes and rooms.
If you find more please add to the FTP site.
Jonathan Jones
Having a screening night for a college infosec club. Suggestions for movies or TV to fit in 4 hours? Thinking of Hackers and Sneakers and some random tv eps.
Look pretty neat. Reminds me of my older setups from way back.
Cooper Lewis
Is there a higher res version?
Landon Lee
I'm doing my CCNA R&S + I've got a linux module at uni. I started just doing networking but I'm thinking security might be a more interesting path to go down. I'll be doing a dedicated security module next trimester so I'll see how I find it but it looks pretty fun.
Brody Nguyen
Is the Linux module part of Cisco netacad or just uni coursework?
Juan Rivera
CCNA is completely seperate from the uni stuff. I did do netacad modules at uni but there was no linux in those.
How reliable is Buzzfeed? Strangely absent from the article is any mention they reached out to him for a chance to defend himself. Or is it a degenerate European thing to give people a chance to defend themselves?
Ian Lee
>>Last thread >>Maderas, are you around? Yes I am around now; in the middle of very challenging remote pentest; network is locked down, so after exploiting first host I am moving Python to each host toward the host that traffic analysis shows is hosting a VM that connects to the ultimate target of the engagment.
Compiling tools/using pip for python based tools like Impacket on each host as I move laterally; I hate moving executables to a host, but I am cleaning up as I go.
Network has Zscaler that uses pac file, restricting normal tunneling; I have never seen such a locked down proxy firewall environment: Ipsec, Socks4/Socks5, virtual ethernet connections, ssh, OpenVPN, VPNpivot, Rpivot Trustedsed tap, all fail to circumvent the proxy to connect back to my preferred machine.
Just hit SMBv2/NTLM2 SSP relay; grabbed SMB hash, using Responder with Multirelay and SMBrelaxy, initializing attempts at share access/service access to initiate target to grab my Shellter payload which has been tested against target McAfee AV/AM with exact dat on another host.
DNS /ICMP tunneling maybe working for cicumventing z-scaler, though; I am actually using an NX based protocol (NoMachine) which is circumventing LAN firewalls/proxies between VLANS; target area is using conduit/zone type security zones, NX connects back to beachhead (Windows 7 machine used for target jumpoff point);Zscaler pac file is restricting Unix/Linux terminals (including Cygwin), pip/pystaller/apt (etc.) outside this machine, so I create at the beachhead and move tools into place on current host.
Network to secure for anything except a painfully slow portscan; within each zone; most network recon is being done via Wireshark already on certain machines...manual exploitation only, good fun.
Robert Anderson
cont'd
>>Maderas, are you around? >>There's been word that you've uploaded said course materials - is that correct? >>I browsed the archive but haven't been able to locate it
I have been taking the OSCP for months now; I enjoy the lab environment and am not in a rush to complete the test and lose access to the labs; I don't know how you get access gain via OffSec's "Playground" program.
When I am done I may put up materials; if I do it now and I am caugfht I loose lab access and am barred from any further courses.
I stated I am going to put up footage of past pentests I have completed; I have footage of hundreds of different exploitation/testing sessions, including my exploiting the OSCP lab's (Master) Primary Domain Controller and gaining a golden ticket on the machine.
I still plan to do this, because it is the most I feel I can give back, as I've had engagements against everything from Fortune 500 corps to PLC/Scada to PCI environments to Industrial Energy Sector.
Austin Ramirez
Thank you Maderas
Brody Brooks
bumpy bump
Owen Stewart
I'm a raging scrub and I've agreed to be part of my uni's security/hacking challenge, it's mostly about learning but there is a competitive element. where would you recommend I look to get a head start.
Jeremiah Ross
Why do all CPUs come with debugging features anyway? Can't let's say Intel release two separate brands for users and developers, the latter having hardware breakpoints and all that stuff?
Jeremiah Smith
cost
Chase Anderson
I'd live in it but I wouldn't own a property.
Dominic Wilson
Thanks brother...you are welcome and I am glad to be of help.
It depends on what the challenge consists of and what your personal IT/CS/InfoSec background is at the moment.
Hacking is about learning and having an obsessive need to overcome challenge, learning from those challenges, facing other challenges, then learning onward forever.
I wouldn't worry about the competitive aspect; learn as much as you can and enjoying the ride.
However, if you are crazy competitive (I am when I commit to competition, which is rare), then it really depends on the parameters of the competition (and your background vs the background/strengths and weakneses of your team).
If we are talking CTF and you already have a background in C/C++ and some Assembly, then you may want to begin looking at RE (reverse engineering), especially if your team doesn't have those skills.
If you have Web Dev skills, I'd focus on Web App exploitation (especially if your team does not have Web Dev experience).
Ultimately, you want to backup your specialization with a wide range of knowledges on networking , operating systems (I'd go Windows and Linux; for exploitation I'd start with Windows Active Directory structure/services/processes/exploitation while learning practical Linux skills for actually using the OS for InfoSec/hacking
Here is a good list of basic knowledges that SecureWorks expects from a new hire in any of their departments:
Networking: Good understanding of OSI layer model / Understating of communication flow through each layer / Good understanding of functions of each layer / Understanding of major protocols in each layer / In-depth understanding Layer 3 & Layer 4 protocols / IP, ICMP Protocols (layer 3) TCP, UDP Protocols (layer 4)
Overview of TCP/IP Layer model: ARP / Understanding of Client & Server communication model / Ports common services run on / Ephemeral port vs Well known ports (cont'd next comment)
Samuel Robinson
Understanding of major (everyday Layer 7) services/protocols: DNS/DHCP/HTTP HTTP Header Fields HTTP Status Codes/How HTTP maintains state - HTTPS vs HTTP/FTP
Active vs Passive data transfer o SSH / SSH handshake /Telnet /Telnet Handshake /SMTP / SMTP handshake (Mail from/ rcpt to) / How attachments are handled Network
Troubleshooting Methodology: Understanding of Network Address Translation (NAT) / Understanding of Port Address Translation (PAT) - Understanding of Proxies / Overview of Virtual Private Networks (VPNs)
How to read packet headers - Know common packet header information for IP, TCP, UDP +
Understand which device operates at which OSI layer: Hub - Switch o Managed vs Unmanaged - Firewall - IDS/IPS
Ability to read devices logs: IDS/IPS - Firewall - Windows
Advanced Concepts (Possible Self Study Topics):Content Delivery Networks (CDNs) - HTTP Pipelining - IPv4 vs IPv6 addressing scheme / IPv4 and IPv6 differences
Security Security Device Operations : Understanding of IDS/IPS technologies o Signature vs Anomanly based o HIDS vs NIDS How Snort works / How IPS systems prevent attacks o Drop packets o TCP reset
Security Attacks: Detailed understanding of common web attacks o SQL Injection / Blind o Cross Site Scripting ? Stored / Reflected DOM o Cross Site Request Forgery o Local File Inclusion o Remote File Inclusion o Basic understanding of buffer overflow o Denial of Service o Remote Code Execution / PHP attacks o Heartbleed o Shellshock o Brute Force attacks
Nathaniel Bennett
(cont'd) Understanding of the Malware Kill Chain: Worm vs Trojan o Phishing email/Landing redirect page o Exploit Kit o Malware Download o Malware Install o Phone Home o Data Exfiltration/Command and Control
Linux Overview of file structure:Knowledge of filesystems used: NTFS, FAT vs ext2/3/4 - Overview of a journaling filesystem + The Shell: Executing commands and command options / Interactive features: job control, history / File Utilities (cp, mv, rm, etc.) Editors: vi/vim o vimtutor (Homework) / Process Utilities (ps, kill, wait, sleep) / Filters: cat, head, tail, sort, uniq
How to read man pages: man vs info /apropos + man -k + Command line tools for common SOC tasks Detailed knowledge of tcpdump / Detailed knowledge of grep / Overview of: sed , awk, cut, screen, nohup
How to background a process o At start of process o Mid-way through the process o How to bring process to foreground
I would start out with focusing on your strength or your largest interest as it relates to cybersecurity/hacking, then add knowledge about networking, programming, scripting, general hacking/exploitation theory, etc.
Here is a good site filled with tons of well put together beginner's tutorials (the site owner \/admin used to be the m,ain contributor to NullByte):
Are VPNs memes? They say they dont keep logs, which is fair enough, but most of them do not have their own infrastructure and just lease servers in data centers. If fbi want logs they wont even bother asking some VPN located in some foreign country, they will just ask hosting provider or server owners in the datacenter
This has to be the worst website I've ever visited for infosec. Even CyberAces is better.
user is better off starting there to learn about networking and then picking up a book like The Art of Exploitation or Gray Hat Hacking.
Evan James
I stated "basic"...they are very basic tutorials.
Eli Flores
thanks for the responses, I'm this guy so my strengths are definitely networking > linux > windows > c/asm > powergap > webdev. I've got no idea what the format of it is going to be or what my teammates skills are, (I'm a very last minute draft). Regardless the main reason I'm going is to learn and buddy up to the companies.
David Williams
>this entire post Pic related.
Mate what the actual fuck. I honestly did not understand most of what you just said. Im going to have to do some real extensive research on what the hell you just said. I feel like you've just dropped a goldmine of important tools though, I appreciate that.
Henry Brooks
What they say is one thing, what they do is the other. Nevertheless, they're yet another piece to the puzzle.
Charles Martin
What are you doing for the cyberpunk future? Going to be getting a degree in mechatronics for robot waifu companions. Machine learning as a hobby pasttime to help develop the bots. It may not be pretty right now but to get something you must give something up.
Tyler Reyes
>What are you doing for the cyberpunk future? I don't know. I feel like I should change something, but I don't know. Maybe I'll be fine.
John Gray
...
Noah Mitchell
soulless materialist who lives day to day life as if they were writing a reddit post in their head or as if they were a character in a sitcom. insect-like mentality and should be treated like human cattle. most likely a left winger, but can also be seen as materialistic lolbertarians or neocons. its a very useful word to describe someone that you should treat as less than human, but it also makes it harder to define imo
When will it become feasible and socially acceptable to wear masks and/or helmets outside at all times?
Owen Phillips
The network I am testing as we speak has a perimeter secured by a really tightly defined Z-scaler implementation; the clients gave me remote access to a single stripped down Windows 7 host (looks like Tiny 7 really) with limited network connectivity to a few hosts (the target is on another subnet which I had to move through multiple hosts to be within reach of).
Usually, I would take the jumping off point (The Win 7 box) and immediately set a reverse/forwarding connection of some kind to my home pentesting box (I call her Ruin) or a beastly, 90+ gigs of ram server/pentesting box at my work lab (I call him Deathstar or Lucifer).
The Zscaler implementation is really tight though and will only allow traffic out via the HTTP proxey which is secured by a pac, and this proxy is not letting out any tool I have attempted so far, regardless of whether I tunnel through SSH/Socks/Obfs (etc.) or use programs meant to tunnel another through HTTP, regardless of how I fucjk with the pac config or introduce intermediate hosts (including exploited hosts).
LLMNR/Netbios is in play oncertain subnets, which is a god send thanks to Responder and Multirelay; most of my work this engagement has been done through Impacket though.
Also, there is tight firewalling between the Vlan s and well configured routers/Arp tables (etc.) with McAfee and Symantec in play on every host I have seen.
So I downloaded Python, grabbed some libraruies and have gone to work using Netcat/RDP pivots to circumvent subnet issues, NX based programs like Nomachine to beat some restrictions on RDP within the LAN, etc,
The HTTP/Pac/Zscaler issue also restricts using a Unix(Cygwin)/Linux/Windows terminal/cmd for many tasks, like pip, pyinstaller, etc; DNS/ICMP tunnels may be in order if I get stuck
I am like Santa Clause, carrying my bag of toys with me as I move; I pick my shots, do not take stupid riskd, and I am almost at the targets: VMs with isolated RDP connections to Thin clients.
Adam Robinson
Complacency is your greatest enemy, user
Andrew Taylor
just move to some poor eastern European country (Poland for example) where there is huge smog problem.
Henry Torres
>I am like Santa Clause, carrying my bag of toys with me as I move
This made me laugh.
Thanks for breaking it down man. Fuck you've really got some chops.
Jordan Myers
>where there is huge smog problem. This sounds terrible
Carson Sullivan
Japanese wear masks all the time
Adam Hall
1) poland is west european 2) stop making shit up nips and koreans wear masks casually
Caleb Davis
Hello /cyb/ I'm working on a project for uni to perform a penetration test. I want to target my phone via the KRACK vulnerability, but I heard the attack scripts aren't released yet. Do you have any advice?
Jackson Ortiz
>Do you have any advice? Change your project.
Dominic Thomas
>1) poland is west european Nope its east or central at best