say, how can i break into wifi by whistling to the modem?
Cooper Watson
Yay! And thanks for the start. Last thread died far too early.
Seems during European daytime it is mainly about /cyb/ and US daytime the topic turns to /sec/, this time mainly about jobs. We get teh same /sec/ jobs questions every time, how about some pasta or a FAQ from someone experienced?
Michael Butler
>Oops Also FAQ was updated last time to Preview 13 (>>p64036070).
Kayden Roberts
Quiet lately. Thankfully Charles Stross helps us out with some === /cyb/ News, asking >What can possibly go wrong? antipope.org/charlie/blog-static/2017/12/what-can-possibly-go-wrong.html >AI assisted porn video is, it seems, now a thing. For those of you who don't read the links: you can train off-the-shelf neural networks to recognize faces (or other bits of people and objects) in video clips. You can then use the trained network to edit them, replacing one person in a video with a synthetic version of someone else. In this case, Rule 34 applies: it's being used to take porn videos and replace the actors with film stars. The software runs on a high-end GPU and takes quite a while—hours to days—to do its stuff, but it's out there and it'll probably be available to rent as a cloud service running on obsolescent bitcoin-mining GPU racks in China by the end of next week.
Indeed, what could possibly go wrong?
Aiden Mitchell
You need a froot loops butthole whistler.
Nathaniel Walker
I need some help/advice. I'm trying to cross-compile a C program with libssh and MinGW. When I try to compile it, the compiler complains that it can't libssh. I have libssh-dev files installed, and complies fine for *nix. Help!
Luke Carter
From last thread: ▶ >>Princess Fatale >You are indeed a dark soul, user. Not at all, she is never nude. The rumour about feasting on virgin blood to remain forever young is probably an exaggeration.
Ayden Nelson
More news, again from UK, this time BBC === /cyb/ News >Five visions for the future of music bbc.com/news/entertainment-arts-42359324 >1) Your favourite singer is not real >One of Japan's biggest pop stars Hatsune Miku (above) is not a real person. >But that small detail didn't prevent the humanoid singer from releasing another new music video last week.
Dylan Davis
▶ >CWSP, GSEC; CompTIA Security, CCSP; CISM, HCISPP; CISSP and OSCP. >Though, this is by no means an exhaustive list.
OK, can we together compile an exhaustive list? Gotta start a FAQ here so that discussions can progress rather than restart for every thread.
Adam Flores
Lads i'm losing my mind over this
When i'm using waterfox this happens exactly every 25 minutes
these packets (blue) are being sent from my computer to the 41.xx.xx.xx IP
Thing is, only waterfox does this
Most unsettling this is 41.xx IP belongs to my the ministry of comms in my country
i'm currently blocking it with peerblock, but i want to know what the fuck's causing it
Jonathan Gray
>he is such a retard that needs something like peerblock. Kill yourself my man, and learn to firewall
Henry Rodriguez
isn't peerblock just a preconfigured firewall that updates itself?
Jeremiah Jones
chris hansen get on this muthafacka
Parker Cook
I'll try to not let this thread die. I enjoyed the previous one and it's a shame that it turned 404 so fast. I whish that the cyberpunk and cybersecurity had a common hub. Just one website we could all use. Also do you think that there's more interest towards cyberpunk and cybersecurity?
Jack Reyes
Old OP here, we still suffer the lull? That's what used to kill older generals prematurely too.
Robert Carter
Check out lainchan and arisuchan
Juan Martin
I know that I should spend more time there but there's not a lot happening there... Or at least not as much as on Sup Forums. Oh well. I'll give it another shot.
Parker Myers
I just wish those sites were more active, though I suppose by avoiding it I’m part of the problem.
Aaron Ortiz
Just call it your cunt in the right intonation.
Jayden Diaz
/dpt/ is better for that. but checking the path is always a start
Nicholas Price
Those are all useless in security. You get those certs to sit on a board and be the sell-it biz guy who 'manages' security.
If you want to actually learn security, do CS:APP book. It even has lectures: cs.cmu.edu/~213/schedule.html and especially do the labs, like learning Return-Oriented Programming (ROP) so you can take snippets out of a binary and inject it back in, forcing a program to do whatever you want csapp.cs.cmu.edu/3e/labs.html
When you are finished that book, or at least finished the attack lab, do this: microcorruption.com/login which is what NCC Group uses to hire people. Become a jr, security analyst there then work your way up to consultant status. That's how you do security in 2018.
Alternative is to get a shitty job somewhere as a bottom tier developer, BUT... write your own security tests. Do some SAT/SMT solving on the programs you are writing. Learn invariants, and start using them to find bugs. Shit like that. They will just make you a position, say 'security team lead'. After you go and get those certs, like CISSP so you can sit on the board as a real developer w/security experience and be the CSIO or just go into contracting, and be a nomad going from place to place making money auditing shit like @Homakov does.
Adrian Gray
>Old OP here, we still suffer the lull? Yes. Switchover cyb to sec often brings us to page 10.
Jonathan Roberts
The ultimate revenge porn site.
Henry Mitchell
here again I just wanted to thank everyone who replied before
Thank you very much for the help. I did everything you suggested.
The addons I use for firefox are Adblock Plus, Rikaichamp and EPUBReader.
The youtube account that was succesfully logged into used my most insecure, short password that i've used on multiple various sites in the past.
I tried the peerblock thing twice. As you suspected, most of the IPs that it blocked were microsoft and avast related, but there were also multiple different Akamai Technologies related IPs. I've no clue how that works. I guess it could be related to Avast as well. Other than that there were was nothing.
Since last time there have been four attempts to login to my main email from Brazil, but I haven't noticed anything else. All attempts were once again unsuccesful.
Id advise palemoon, also, ty ima test palemoom tmo
Logan Watson
>Brazil Probably just proxies. The command servers are elsewhere, perhaps in China. Rangeban both CN and BR. That will limit traffic but not be a permanent solution.
Lucas Cook
>Do some SAT/SMT solving on the programs you are writing. That topic is interesting in itself, but how does it apply here?
Benjamin Cook
Jesus christ is waterfox bust, I was just getting comfy with it, is there any alternative to palemoon? Is basilisk any good?
Jayden Cruz
What happened?
Noah Nguyen
poster at has waterfox pinging an ip address of his government
btw user where are you generally located?
Cooper Cooper
What I would usually do is answer nearly all questions/replies directed toward me, and leave one or two to bump without drawing attention to the fact that I was bumping.
Austin Hall
Windows firewall is absolute trash that doesn't work
Tunisia, northern africa.
Palemoon is outdated as fuck
i'm not sure if it's waterfox itself does this, i'm 90% it's some government shenanigan that i'm not aware of.
I'm gonna reinstall waterfox and see what changes
Charles Wilson
Ty for the links dude
Blake Lee
>putting cyberpunk and cybersecurity in the same thread >implying there is any relation between the two other than the word cyber
Ryder Cooper
OSCP is pretty good if you want to be a pentester :D
Logan Wright
I wonder what led to the lull recently. Do you think it has anything to do with the holiday?
Justin Stewart
I just left my waterfox running for about an hour and it didn't seem to send anything, so so far it's just you
Henry Williams
Much the same here except that I also follow up on loose ends from last thread.
Wyatt Ross
can somebody point me in the direction of resources on how to see what my installed apps are sending back to the mothership? not just detecting if theyre reaching out, but analyzing the content of those communications and how to block it?
looking primarily for this type of info for android systems, but windows would be nice too.
I see peerblock mentioned in this thread, but it won't actually let me know what is being sent, no?
Parker Roberts
>get twidere to follow prominent infosec people >its all one big circle jerk
The only people I enjoy following is x0rz, Krebs, and evilsocket. Who are some other non meme people?
Michael Baker
Do you think you're the first person to say this? It's getting tiresome.
Brayden Rogers
thanks for posting this
Jordan Morris
Viss is okay too.
Christopher Turner
U used a packet sniffer and didn't find anything? Well fuck guess it's time to go linux
He posts this every time. Don't fall for the troll.
Logan Barnes
Most of those certs require 4-5 years working in cyber security though besides opsc
Liam Jones
>Anonymity Sure, and facebook can recognize his face in any picture and he has coverage from an international news company. This is meme anonymity.
Dylan Rogers
rull
Kayden Brown
>he regularly updates his profile with personal information - where he is going on holiday, what he has cooked for dinner and the state of his health. >I choose to share virtually everything about myself on social media >I trust Apple with my data. Is this guy fucking serious? I'm so triggered right now I'm literally shaking. I'm not gonna make a personal army request but I wish somebody would track this guy and leak his face. Nothing else, nothing harmful, just his face.
Nicholas Murphy
Did you even read the article?
Matthew Edwards
A sufficiently evil application will install a root kit and hide all traffic. The safest solution is to run a fire wall software on a separate uncompromised machine networked between the net and your possibly compromised machine, and then review the logs..
I use Smoothwall for that.
Christian Baker
>OSCP is pretty good if you want to be a pentester :D Care to expand on why? Especially as prior poster disagrees.
Matthew Lopez
=== /sec/ News You can learn from your mistakes, or from those made by others. Or neither. >8 Top Innovations of 2017 >#4 Baidu’s DuerOS voice assistant eetimes.com/document.asp?doc_id=1332783&page_number=5 >By contrast, Baidu, China’s Google, argues it was the first to invent smart voice assistants on the Web. They just happened to speak Mandarin so a lot of people in the U.S. didn’t notice them.
>Baidu’s Kun Jing (below) is in his own way a charismatic tech leader calling for all devices to be voice enabled.
I bet. And again: what could possibly go wrong? Other than multiple intelligence agencies listening on just about everyone?
Nicholas Russell
Did you?
Ian Morris
Which country do you guys recommend I run a VPN from?
Zachary Bennett
Because its a cert where you have to know your shit, it's practical exam not just checking boxes with pencil.
=== /sec/ News >It’s 2018. Do You Know Where Your Data Are? Now that is a pertinent question. eetimes.com/author.asp?section_id=36&doc_id=1332778 >Expect the top IoT agenda in 2018 to be "transparency" for collected data. People will want to know where their data is being moved, who's using it, and what for. Let us at least hope people will wake up BEFORE they find it all on a Russian server. >People will want to know where their data is being moved, who’s using it, and what for. Above all, smart folks will be asking who’s making profits off their sensor data.
The author has great hopes for humanity.
Austin Perez
Oh yes indeed. And I noted the parts where he described how he stayed out of records and also salted the search engines with junk.
I have myself experimented with Google bombing and it was successful beyond all expectations and even now, about 5 years later, the craters still work.
Adam Roberts
i have been studying computer engineering for three years but i cannot took security subject yet but im really interested.
how should i start?
Levi Parker
And yet he isn't anonymous.
Daniel Morris
> >>he regularly updates his profile with personal information - where he is going on holiday, what he has cooked for dinner and the state of his health. >>I choose to share virtually everything about myself on social media >>I trust Apple with my data. >Is this guy fucking serious? I'm so triggered right now I'm literally shaking. I'm not gonna make a personal army request but I wish somebody would track this guy and leak his face. Nothing else, nothing harmful, just his face. Yeah, right? What a fuckin' dumbass. >I trust Apple with my data >I put all my personal information on the internet >muh anonimity
Eli Jackson
He is to the extent he describes: that his picture is not known.
Night is here, we have ended on page 6. Let's keep this going still. I am looking for more info on what certifications are relevant and why. I want to compile a FAQ on this. It won't be a complete /sec/ FAQ like the /cyb/ FAQ which is rather large, just one on getting into /sec/ work.
Sup Forums has a track record for leaving projects at the logo stage so let's see something completed together, right?
I've been away for while. First off, what the prefered Sup Forums extension? Thanks in advance.
Benjamin Hill
Probably Sup Forums X.
Caleb Thompson
dollchan
Logan Bell
is Michael Bazzell legit or a shill
I know he's one of the more popular figures in the subject of privacy and OSINT but listening to some of his podcasts some of his privacy tips seem like total bullshit
Camden Carter
Just wanted to say hello and wish everyone a safe, happy (or at least less than completely miserable holiday season).
I have worked through the holidays on engagements to catch up with back log while moving; thus, OH will not be back up until January 1st 2018 (I have put New Years eve aside to focus on this, as New Years Day/Eve is my favorite day of the year and I like the figurative/metaphorical context).
With the current state of Sup Forums and the web, I am hoping to make OH more inclusive; while many of the resources I am planning (pentest network, Martini/BSD SSH shell accounts, mirrors of OH content) will be restricted to Tor/I2P (and other anonymity/privacy configs) only, the meat of OuterHeaven will be moved to the clearnet (though HTTPS only via hosting such as SDF/Cockbox with other steps taken to ensure safety).
With the concern/want of a Cyberpunk/Cybersecurity imageboard, OH will be the resource lists, videos/walk thrus of pentests I have conducted (since about 2011, maybe 60% of clients have allowed me to retain/use/keep reporting resources;also, my employer from 2013 to 2016 went out of business) one imageboard (literally one, so ideally a single thread which I would like to see drag on into infinity using as few boards/threads as possible; Citadel can allow millions of characters on/in one board/thread).
I just want to thank everyone here; this thread has been a means of personal growth for me, both in the ideas/resources/knowledge provided and the criticisms (and antagonism/doubt/trolling/disgust) thrown my way: all of it was fuel for self examination (even if the periods born of a strangers negativity were exceedingly short).
I see this community/thread as some of the most fertile ground left in a precious digital ecosystem being polluted/pasteurized to shit; threads like this and people like you are where the solutions will grow from.
No larp.
Be safe (but not too safe), and I'll see evryone in 2018.
Dylan Campbell
What's the best VPN for a burger who makes minimum wage?
Jacob Lewis
>OH will be the resource lists I've gotten a lot of good shit from the greysec security post you put up a few threads ago; the list the expanded on the GitHub resource list. Im not near a pc nor do I remember the exact names to link em up, but your links always are useful. >videos/walk thrus of pentests I have conducted (since about 2011, maybe 60% of clients have allowed me to retain/use/keep reporting resources
You have no idea how excited this makes me. I have been going through piece by piece this other video you linked a while ago; a Spanish/Portuguese freedom fighter put up a 40 min video of how he conducted a hack. It's good to deconstruct the methods and tools used by people who know what they are doing in a video, rather than reading about it in a fucking book.
You're doing gods work mate.
Easton Thomas
Once New Years is over, I'm shelling out the money for PWK. It's time to start. No more """preparing""", its time to fucking start.
Im not ready, and I'm not on the level. But I will do the course and keep doing it until I am.
Austin Bennett
...
Luis Baker
...
Nathaniel Jones
This and 34c3
Bentley Price
I fucked up hard and got a macbook on amazon for $700 I mean i love my little computer, helped me in my java and unix classes this semster but my vision is FUCKING TERRRIBLE. Anyways gonna pawn the little guy on craigslist, get a T420 and install arch. Now for my phone I want to get rid of my old iphone and get a non-botnet phone, so which one?
Jaxson Edwards
dayum
Charles Thompson
Non botnet phone is hard if you want to have smartphone capabilities. Take a look at sailfishOS and LineageOS I guess
William Price
sealand
Wyatt Peterson
>not getting a t60 come on this is cyberpunk
Gabriel Clark
well all i know is the t420 can swap out the cd drive for an extra battery so I'd like that.
Easton Bell
make something happen then? Of course Sup Forums is faster, but if you have on topic threads to post on {arisu,lain}chan I am sure some of us over there would appreciate to chime in. Its just a smaller community.
Also check out the related irc communities, if you're into that sort of thing. They tend to feel a little faster moving in that you can hold a meaningfully interesting discussion in real time, if you show up at the right time of day.
Wyatt Howard
Why would you combine two completely different topics into one thread? do you think you're a l33t cyb3rpUNK haxor for understanding a minimal amount about hacking?
>b-but i read da haxer manifesto ecks dee
Juan Garcia
its far cooler to talk to geeks in person.
why go to a chan when I can go talk to Tor devs in person, or skip and dance through the sea of people hunched over laptops many not even running a gui, each operated by a person with whom I could hold a meaningful discussion about so many topics of interest to me and yet so many of these people that I cannot even manage to talk to but a small handful and oh what a handful that is.
>34c3
Carson Young
Convinced my gf to get a proxy and use protonmail. She is from the middle east and likes to watch beheading videos. Not even memeing, she goes to this NSA site : 3arablive.com and watches people get thrown off buildings while listening to algerian songs. Anyways it was interesting how I convinced her. I basically explained the only way we could have a secure conversation is if we went deep into the woods with no phones and whispered in each others ears, even then someone may be listening with a directional mic. i then explained pgp and encryption to her.
Looking for ways to redpill normies on this stuff
Jacob Jones
your "girlfriend" is autistic
Lucas Adams
Hello people. Here's a nice (at least the nicest I've been able to find) YT channel that does malware behavioural analysis. >/channel/UCND1KVdVt8A580SjdaS4cZg
It's definitely worth checking out. I'm also sharing this I saw posted yesterday: a semi-comprehensive guide to securing a mobile device (1) such as a smartphone or a tablet, written by the people at tor. I realise it's the ultimate paranoia, but I'm trying it just for fun on my tablet. I said semi-comprehensive because the recommende browser (FF) can be even more secured with (2), a list of modifications I found on the cyb+sec pastebins.
And since this post is somehow turning into things I did that I enjoyed doing, I suggest you check out nethunter (i only recently found out about its existence) which is now at version 3.0: it's an application for android that uses kali linux tools. Quite neat for wifi audits on the go. There are many missing features that can be obtained with apt-get and it is likely that your device's wireless card is not sophisticated, so buying an external one is advisable.
Finally, since this is my first post I wish you all happy holidays. Cheers guys
Jose Wilson
Yeah, that is a good idea to draw anyone missing back into the new thread.
