Meme coins all must plummet to zero and then the cyberpunk age will begin. Fresh global conflict. Fresh market/financial malaise against a backdrop of compute wares with re-purposed uses.
Dylan Wilson
Should I go for a Cyber Security BA or a Computer Science BA ???? Need help just wanna hax and help fortify networks from potential hackers
Aiming for Cyber Security Analyst~
Generally wanting to fortify networks and servers stuff , doing ethical white hat hacking pretty much & consultation and analizing
A new /sec/ FAQ is now in the new Security folder on the FTP site. ftp://collectivecomputers.org:21212/Books/Cyberpunk/Security/sec_FAQ%20_V1_Preview1.htm user/passw: guest
The FAQ is drafted using the /cyb/ FAQ as a template so layout is a bit rough. Also structure might have to be redone.
The purpose is to answer most of the basic /sec/ questions we see in most threads so that we can progress from the basic to the more interesting stuff. That means the list of relevant certifications are limited, while the complete list on wiki is around 100.
TODO/need contributions: - more on certificates with why/why not - a list of interesting professions - more on relevant resources.
What would make one program better than the other? Is ABET accreditation for CS and IT programs a meme? What about NSA/DHS accreditation for Cyber programs? Not OP BTW.
Matthew Ramirez
>How about including some podcasts? Indeed why not. FAQ updated accordingly. Filed under ftp://collectivecomputers.org:21212/Books/Cyberpunk/Security/
Looks like it's mostly a referral scam to a bunch of shitty online colleges. There's some decent general info that was probably lifted from somewhere else.
Anthony Cox
Where in the sticky should I start for overall security? I don't want a list of programs to be a 1337 hacker. I want to know how systems work, attack vectors, types of attacks. Shit I can practice on my dummy machine or through a VM.
Grayson Reed
how can i secure my home network?
i have a few internet facing services running on linux boxes
is keeping them up to date and my firewall blocking any other ports enough?
Carson Butler
The standard shit of course. Ensure all your devices have the latest patch/BIOS. Make sure you WiFi password is WPA2 encrypted with a strong password. You can go further and turn off WiFi broadcasting. Change the default ports for stuff like SSH etc.
Christian Flores
math
Jack Bell
Use a firewall running on a separate physical machine (as opposed to a VM). I run Smoothwall but any system with deep packet inspection such as Snort will do.
Check the logs and see just how many attacks there are out there.
Jacob Wood
>Looks like it's mostly a referral scam to a bunch of shitty online colleges. I thought some of the promotions and the ranking was a bit strange, such as CMU at the bottom.
>There's some decent general info that was probably lifted from somewhere else. I prefer to link to the source in the FAQ if possible. That somewhere else was not easy to find, do you know where it is?
cybersecurityeducation.org/ seems to be suspiciously similar and heavy cross linking has spammed Google searches.
Levi Ortiz
>Smoothwall
Not the user you were responding to but is this the smoothwall you're using? Googling it brings several results. I'm assuming it is unless you're paying for Enterprise level software and support.
Is it like a self contained OS for a PC? Or is it just another program to run on a PC? Are there specific hardware needs?
Brandon Bennett
how do I get into cyber security and leet haxoring with basically no experience?
I want to pursue cyber security as a career but I have no idea where to even start learning.
Dominic Myers
have you tried reading the OP? if you did, I recommend reading the new sec faq and old threads
Aiden Kelly
I use the community version rather than the enterprise one.
And yes, you download a CD, burn it and install from that. It is a self contained specialised version of Linux, self contained with the things you need. Administration is via a web user interface. Info is here smoothwall.org/.
Parker Martin
>burning a CD what is this, '97?
Chase Stewart
Perfect excuse to use the stack of 5GB DVDs I bought! What kind of hardware are you using? If I were to use a low power dual core PC I have laying around with a gigabit capable NIC, would that suffice?
Jason Sanders
>what is this, '97? Nope, but the hardware is ancient.
>What kind of hardware are you using? A rather old machine, not sure what CPU but 12+ years old.
>If I were to use a low power dual core PC I have laying around Massive overkill. Single CPU is enough.
>with a gigabit capable NIC, would that suffice? That is good. You need however two Ethernet interfaces, one for red (external) and one for green (internal, protected) net. A third Ethernet interface can be used for DMZ.
Zachary Lewis
It has been a bit quiet lately but here at last is some === /cyb/ News: Augmentation and nootropics are common tropes in Cyberpunk. And what can be achieved?
>BBC - Future - The mystery of why some people become sudden geniuses bbc.com/future/story/20180116-the-mystery-of-why-some-people-become-sudden-geniuses >He woke up nine days later at a hospital 150 miles (241 km) away. The accident left him with a panoply of medical problems, including double vision, bouts of seizures and no sense of smell, hearing or taste. But the most radical change was his personality. >Previously Muybridge had been a genial and open man, with good business sense. Afterwards he was risk-taking, eccentric and moody; he later murdered his wife’s lover. He was also, quite possibly, a genius. >The abrupt turnaround of Muybridge’s life, from ordinary bookseller to creative genius, has prompted speculation that it was a direct result of his accident. It’s possible that he had “sudden savant syndrome”, in which exceptional abilities emerge after a brain injury or disease. It’s extremely rare, with just 25 verified cases on the planet.
Joshua James
So a PC with gigabit LAN on the motherboard and a generic gigabit LAN PC card would be OK I'm assuming?
Connor Ramirez
>have you tried reading the OP
Yeah
I was hoping for someone to give me a straightforward place to start, there is just so much it's pretty overwhelming
Jason Davis
what did you expect from a field that reqires expert knowledge in several fields which are their own profession each
Ryder Walker
yeah I understand that, which is why I was asking for advice on where I should start
Ayden Edwards
well since I don't know where you're at right now, I'll reccomend learning at least one low level programming language and a scripting one. The rest depends on where you want to go but you'll most likely want to get into networking next and perhaps pick up an assembly of your choice if you want to get into reverse engineering.
Aaron Harris
Oh yes, that would be plenty.
You can up the game by adding a honeypot in your DMZ and kill the power to your router the moment the honeypot detects intrusion.
Julian Richardson
LWN has a distribution list with a specific category for secure distributions lwn.net/Distributions/#secure Smoothwall is listed there, as are other firewall distributions.
Jace Parker
They offer Cyber Security courses for the CS BA so I would broaden my options in case I decide to go for a different route and then get a CSA certification and hopefully find something going for my COMPTIA A+ and Network +
If anyone could message me on KIK or Snapchat about their career in Computer Science and another in Cyber Security I would love you Kik-zarithyushihara Sc-zarzarith
Lincoln Moore
Can you give a quick rundown on each of these?
Wyatt Phillips
Night is coming, let's keep the thread going.
In the FAQ (preview 2) there are a few links to home pages and about where I found these. I too would appreciate more input here.
Mason Rogers
Start by reading the pasta. We've already determined you're too stupid for this field, so read it again.
Jeremiah Johnson
The pasta doesn't really answer his question, though. It's just one giant info dump with books and links to security related websites in no specific order.
I think the new FAQ could use some kind of learning path for those starting out, with recommended readings.
David Robinson
The pasta IS THE ANSWER, it's not a place to "find" the answer, it IS the answer.
The WHOLE THING needs to be swallowed and digested. DIGESTED, not quickly glanced at. God has no one in this thread ever studied something on their own before?
Aiden Scott
>some kind of learning path for those starting out, with recommended readings.
this is exactly what I would like.
If you want to get into something and someone dumps a fuck ton of information on you it can be intimidating
Tyler Perez
>The WHOLE THING needs to be swallowed and digested. DIGESTED, not quickly glanced at.
He's not asking for for material to glance over quickly, he's asking for a place to start.
Reading every single piece of information in the FAQ is retarded if you want to learn cyber securty. He doesn't need to know which cyberpunk anime to watch.
The quality of the information in the pasta varies a lot and books quickly become outdated in IT/Sec fields, depending on the subject matter. It seems to focus on quantity of information rather than the quality.
That's why it'd be useful with a learning path with recommended reading.
Zachary Fisher
He's not saying to cut it down. He's just saying to organize it in a way to make it easier to digest.
Chase Torres
yes this, exactly. If we are going with digestion and food analogies, It's like serving the appetizer main course and dessert all at once instead of one at a time in order.
you can't expect anyone to just stuff their face with everything at once
Blake Cruz
Fine, here we go. Here is a fool proof list of steps. Look at each one, write them down, and do it, and fuck off out of the thread until you need more instructions.
>play overthewires BANDIT wargame series to get your Linux skills up Start a private blog you can put notes into, you'll retain shit if you do it and can look it up later >read the book called "penetration testing" by Georgia weidman There's PDF copies in the second google link. This is more than a pentesting book; it shows you how to generate payloads and develop an exploit, how to script, how memory works, and how to do buffer overflows. >set up a virtual lab with Linux, some windows xp sp2, sp3 and win 7 machines Use clean ISOs. Doesn't matter if they expire, you don't need a fucking background in a lab >download boot2roots from vulnhub Try, scrape, struggle, cry, and when you're ready to kill yourself, look up a walkthrough. Do the walkthrough. Sit in the lab until you come up with a new attack vector not listed in the walkthrough. Take notes. >learn sysadmin skills Set up a domain, set up exchange, make your lab sit on the domain, and make it WORK. >GOOGLE STUFF YOU DONT KNOW ABOUT. It doesn't matter if you get a "shit" resource by some pajeet who poos in his mothers breakfast daily; if you get hung up on finding the "best" resources, you'll never learn anything.
Liam Hernandez
>you can't expect anyone to just stuff their face with everything at once Except you need to. I don't understand why people think infosec is in anyway shape or form an entry level sort of thing. Just because it involves computers doesn't mean it's anything like IT. It's a multi disciplinary field and requires knowledge from a wide variety of sources, at the same time. You cannot possibly slowly step through the pasta, having little spoonfuls when you choose. You need to eat the whole thing.
You need networking skills, so you can understand why you're nmaping using SYN or ACK, you need sysadmin skills so you can understand the shortcuts and packages required to install software so you can exploit a weakness in the process, you need Linux skills, you need memory, pointer and register knowledge if you want to be more than a monkey (which still requires all the other things I've mentioned). You'll need programming and or scripting skills to improve your quality of life.
You need so many things at the same time, you can't possibly think you can learn these in order. It's all at once or not at all, because a stepped, teired process means your knowledge will be old and out of date by the time you move into another step.
Aiden Rogers
Goddamn bump this shit
Joshua Green
...
Jeremiah Murphy
Assume you find critical remote vulnerabilities in a Fortune 500 corporate network You have root access to a dozen servers and 500 workstations
Is it ethical to contact them and try to sell them the information? How much?
Wyatt Evans
>How much? tell them to give you a job. lord knows Sup Forums needs one.
Connor Bell
The ethically moral thing would be to report the vulnerability to the corporation and alert them of how the problem can be fixed. The ethically immoral thing would be to steal as much information as possible and never even consider reporting the vulnerability.
The neutral thing would be to reveal the vulnerability to a third party and let them sort everything out instead.
Kayden Mitchell
What about option d) not steal data, contact them with proof and offer a vulnerability report for an amount of crypto currency? = do no harm but demand a reward. Not sure if that's realistic.
Henry Evans
Social Engineering is about Social Engineering. Embedded is supposed to be about embedded systems, but will go general tech if they don’t have one to discuss. Risky Biz is all about info sec.
HV is some admitted former channers (or current, I’d assume they are on this board) talking mostly about tech / sec related to their work. Pure Decking is some dudes who work in tech and like cyberpunk talking about those two things (not so much cyberpunk)
I have a few Sup Forums related ones I listen to not on this list, but none apply to the thread topic.
Hunter Kelly
That's where the bug bounty system comes into play. If they have one, use that first and foremost.
It should be noted that there's generally a thirty-day period within which, upon being alerted of the bug, the corporation must deploy a fix or patch. After that, I believe the vulnerability is free to be announced, generally for the sake of transparency and to alert those who do business with the corp.
Brayden Richardson
This hypothetical company doesn't have a bug bounty program sadly. My friend had unfortunate experiences with the gratitude of large companies. Sometimes they don't even bother with a response, just fix it silently. Professional penetration testing would have cost them tens of thousands
>generally for the sake of transparency and to alert those who do business with the corp. Good point. Haven't thought of it that way.
Josiah Evans
>contact them with proof ... and go to jail.
Rather get a reporter to report it for you.
Eli Cook
Seeing these threads pop up make me a bit more happy. Let's talk about protection from face recognition/AI. There are a few designs that can fool those algorithms. Even some of them look like they would be acceptable in a day to day use.
Landon Cook
An easy way to turn a banana into a toaster
Juan Evans
More designs
Joshua Gutierrez
I really want to find a way to make a spray on infrared to conceal your face, like they did in almost human.
>pic related
Essentially you face looks normal when talking to someone in person, but through a security camera (or any camera) its shiny, and blocked
Joseph Lee
lmao
Ethan Cook
I'm starting a cybersecurity internship as part of a blue team. Besides the Blue Team Handbook/ Field Manual, are there any other good resources for defensive security?
Bentley Long
So, What do you do?
Nolan Hernandez
>Let's talk about protection from face recognition/AI. There was a news item here a few threads ago about just this issue.
Dennou Coil anticipated these hacks.
Eli Gomez
learning to code for the first time, have some experience with html but actually want to learn a real programming language, should i start with python or c
Camden Ward
depends on what you want to do with it. If you want to run your stuff on other boxes which may or may not be your own, don't assume the presence of an interpreter
Jacob Parker
>So, What do you do? What the fuck are you even asking?
The answer is the pasta. ALL OF THE PASTA.
Or, maybe the post above the one you're replying to, which has a fucking roadmap you conveniently ignored.
But you don't actually want to learn, do you? You think it would be cool to be a cyber operator, and apply no further effort than that. You're the guy who buys a guitar, and doesn't even start learning it. Just hangs it up on the wall because it's so hard.
Do the CompTIA+, Network+ and Security+ for very good fundamentals.
Wyatt Robinson
e) steal as much information as possible, contact them with proof and offer a vulnerability report for money then either blackmail them with the information for more money or sell on DWM
Hudson Lee
worst idea if you don't know how to pull it off properly
Joshua Ward
asking your favorite web crawler the right things, you'll find that near-infrared luminescence is a thing
Nathan Carter
GLOWING CIA N*GGERS ARE REAL!!!
Nice, congrats. What are you studying currently? I'd suggest you ask your colleagues once you get to the internship.
Maybe your college courses already covered the basic stuff like this, but have you considered looking into study materials like CompTIA's Sec+/CSA+ or Cisco's CCNA Cyber Ops? SANS courses like GSEC/GCED/GCIA/GCIH are also good but that's probably only after you get hired and they decide to drop a few $$$$ on you.
>tfw want a cyber internship/job too but not going to school
Easton Jackson
>the Blue Team Handbook Worth adding to the /sec/ FAQ?
Isaiah Morales
iirc some user called it a good baseline while the team red one apparently isn't that good. Haven't read both tho
Zachary Diaz
High-quality security cameras have mechanically activated infrared filters that block infrared at daytime (or when the lights are on)
So the spray won't help you unless you move in the dark
Julian Harris
...
Jordan Butler
pick a language between those, since c will kill you and python will give you bad habits, java or something like it.
Cameron Cooper
should i use alpine?
Hudson Ramirez
install gentoo
Owen Allen
What is something I can write in Python that's neat and helpful and cyby?
Owen Reyes
overwatch scripts
Blake Morales
Port knocked.
Levi Torres
Would a CompE or CompSci background be more useful to Cyb? I think both would probably make me employable outside of cyb as well.
Dylan Cook
>c will kill you What?
Carson Hughes
Interesting idea my friend, I personally distrust crypto currency as yet another mass scam but is refreshing to see someone think there will be a cyberpunk age after this.
Christopher Martin
worthless thread
Oliver Kelly
Quality stuff OP, contributing.
Thomas Miller
That regex yields false negatives. Email is notoriously difficult to validate accurately. Here's one that's 99% correct: (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
James Martinez
>must have 2 - 6 characters What about 7 characters?
Noah Jackson
So, how does the elite in the Cyberpunk world live and relax? youtu.be/_a0zGBuTHo8 Key word: opulence.
And this was recently bought by a rather well known Internet billionaire.
It is now a week over 5 years since he died. I had expected more retrospection. He may have been indicted for a lot of things but there are no guarantee the judge and jury would agree. Rather the prosecutors were criticised for a heavy handed approach.
Aaron Baker
have you checked the usual suspects (Google cache, internet archive, ...) ?