Come back in 4 months after you finished with everything.
Joseph Diaz
Programming is too shallow for me (atm), i want to know how and why stuff works
Dylan Parker
anyway I can install the bandit wargame on my server? or any CTF shit but on my own server?
Jaxson Parker
Enroll in EE/CE.
Benjamin Bell
Yeah, just head on over to Vulnhub and grab some vm's. That's basically what a pentesters lab consists of, a server with some vm's. That's what I've been doing because I start getting overwhelmed with having a shitload of screens going in the same workspace. It also "feels" a bit more like breaking into a real machine, too.
Ethan Hall
El bumpo.
Dominic Wilson
Anyone else running Metasploit on their Android device? It works and all, but I'm not able to figure out how to assign it a postgres database. It runs pretty slow without it being set up. I've done it numerous times on a computer, but for whatever reason it doesn't seem to work the same way on Android.
Cooper Robinson
>i want to know how and why stuff works go through NAND2TETRIS, and if you still want to know how everything works after that course, build your own shit. that course is enough you will be able to piece together how to do it
Charles Cox
Complete noob here. I work at an ISP (as a fucking callcenter) and would like to know if there's any tool like RouterScan that could give me the option to automatise logging into routers and changing their configurations, like DNS and admin password. We have been suffering "attacks" in which our clients' routers' DNS are changed en masse to spoofing ones, so I was thinking if there was some way of fixing the already fucked up routers, and some way of preventing this, like blocking the remote management port or something like that. Thanks in advance.
Jordan Campbell
Sounds like you work at a shit ISP with shit network security
Anthony King
>as a fucking callcenter you're probably not in a position that would allow you to make these changes anyway. Leave this shit to your network engineers you fucking mongoloid
Gabriel Harris
It is. It's a small ISP at a shitty little city.
Like I said, it's a really small ISP and we all end up doing everyone else's work.
Joshua Sanchez
Do you live in Kansas by chance?
Nathan Taylor
sauce?
Joshua Howard
No, I live in Brazil mate.
Her name is Kelly, there's always pics of her being posted in various threads on Sup Forums.
Jack Gomez
ty user
Kevin Russell
If you have Cisco routers try running ISE
Caleb King
thats a cute trap
Jeremiah Powell
I've got a masters in Infosec, CISSP, OSCP, CEH, and PMP. If anyone has career questions I can give advise on that and/or things from a management perspective.
Source: CISO for a fortune 1000
Lincoln Kelly
What's it like knowing you skated your way to a ciso position while knowing literally nothing technical about security
Chase Hill
what's some of the most valuble hardware tools you use? (this can be raspis, lock picks, lock bypass tools etc) please be as specific as you can
Jonathan Powell
That's what im going to do, don't want to be an useless piece of shit in the meantime, tho
Leo James
studying VR is hard though ;)
John King
honestly go this route user, if you want to get into VR or hacking you will be ahead of your CS peers. I am an IT major and i feel like the curriculum has pushed my learning back a few years. Embedded and C programming plus knowing how electronics work will make you a better hacker.
Thanks. I'm going to use this for my powerpoint. I'll just put it as the first slide
Nathaniel Scott
CISO don't do anything actually security related.
A good CISO makes sure his team(s) can have the funding, support, and authority to support the process of finding, fixing and preventing risks.
A good CISO isn't some super-leet haxor, but knows a little of how to walk the walk. He's not a basement dweller but a benevolent Chad who knows how to run his army of pet virgin-hackermen.
Carter Kelly
We use Mikrotik routers, is there something like Cisco ISE for RouterOS?
Sebastian Green
I'm not sure, I usually weep into my money when I'm sad I progressed past having to be on the floor with my teams grinding out vulns.
I spent a lot of time (7 years) as a red team member in the USAF when they were standing up specific infosec careers, and I moved over to it from server admin stuff. Most valuable tool is a clip board, and what is made to look like a visitor ID / vest. But everyone knows that. Technical tools back in the day was the simple backtrack suite (now Kali), a hirens disc, and a boot loaded usb console. Now a days the most useful tool comes from vendors and is usually heuristic analysis based, for defensive. Our best offensive tools are our prog guys who can look over code for 8 hours a day straight god bless them, because fuck that.
A good CISO is a dependable liaison between the security teams and the CIO. A good leader gets with his hackermen anyway, and never accepts what they know as enough. And also cutting the crew out early on a friday helps.
Adrian Carter
Typical ciso lmfao values money over everything else, pathetic I'm sure your no name company with 80 employees pays great and your employees definitely don't hate you :)
Alexander Edwards
I typical CISO does value money, as they should. If your position handled any I'm sure you'd understand why
Oliver Brown
Because you ride your investors dick instead of treating your employees as your equals? Yeah I get it Shitty csos like you are the reason I use pirated Ida at work
Matthew Price
That's a lot of inferring, but you could read
Using a pirated Ida at work is why you're still helpdesk
Oliver Fisher
Actually I'm app sec at a fortune 200 I'm sure you've never opened up Ida much less found 0day though have you
Brandon Edwards
I have a few dumps of a mifare card from my gim I just opened, but they are ciphered in XOR, how the hell do I uncrypt it?
Luke Jackson
use the xor key to decrypt it??
Nathan Lee
If I had it i would
Oliver Scott
how large is the dump
Gavin Cook
4096 bytes
Isaiah Taylor
if you're lucky it could be a single byte xor key, try to find a high frequency of a single byte, which would be a 0 byte xor'd with the key
Hudson Fisher
>Fortune 200 >Pirates Ida >App sec
lol
Brody Powell
yep, welcome to corporate america
Owen Richardson
I'm at a BigN rn on contract and most of my team members use an unregistered version of sublime text
Aiden Gonzalez
If you throw me your CISO's name I can meet up with him at a conference sometime to see if I can get you some licensed gear
Joshua Brown
what do you mean you need this 80 dollar software???? isn't vim good enough??????
it's fucking insane, i stopped trying to put purchase requests in, i'll either buy it or pirate it now i've bought 010 editor, vmware, .net reflector, visual assist x, and who knows what else because it's so fucking annoying getting idiot management to approve any purchase request because muh investors
Daniel Hill
Hey don't know if you anons know but if you have a llibrary card you can use that on lynda.com and access there security courses and the various comptia courses they have set up.
John Peterson
Will getting the OSWP be worth anything in the long run? Or did I just waste my money on this course?
Michael Gray
I know mid-senior level positions open for that with amazon right now. HR using the cert as the hiring benchmark like they do with CISSP. 120-145k depending on experience. If you're a junior associate, this will give huge ups for promotions.
Parker Perez
If I don't have a firewall, is there anyway I can get security for the rest of my internal Network without using VLANs? I'm a bit poor, and my router is nice but doesn't support VLANS. I wanna do Pfsense at some point, but can't justify the extra cost for the Nics at this point. Thoughts? I just wanna isolate a workstation with Kali on it from the rest of my network in case some funny guy trys to pop my box.
Would wire-shark be of help to locate it? Even if its not the faggots IP, i could contact the site hosting it and force them to gib his ISP.
There any online bots or anything to trace the location of URL's, or give their source code or anything? The guy behind it is an obvious amateur since he can't even tell an ISP from an IP.
Epic! pwnd! I now own all teh things! Like and subscribe to my patreon @Hak5.
Adrian Russell
if I make an open AP and chose to sniff traffic am I breaking the law since it's my network? assuming I only harvest creds not use them
Dominic Jones
Is bit locker good enough to secure my windows laptop?
Angel Watson
secure it from who?
Xavier Watson
Random niggers than can could access my laptop physically
Lucas Allen
yes bitlocker is fine for that, not fine for microsoft and the government though
Aaron Gonzalez
Will try thx
Evan Butler
bump.
Charles Brooks
Say I'm running apache2 with nothing but a simple web page on my old laptop, no other forwarded ports (but is running ssh on a non-standard port) and it has a *.ddns.net domain pointed at it if that matters, what are the odds of someone breaching my home network through it? (Xfinity combo gateway/router with simple firewall/IDS built in [yeah yeah I know, but it ain't my dime]) I've been noticing a lot of scanners and such filling up my access.log, mostly from China.
Julian Bell
>mostly from China. well trace that shit back and send a virus as a warning.
Zachary Richardson
Is Sense the least enjoyable box on HtB?
Hurrdurr bruteforce directories for 3 hours.
Brayden Morris
I ain't clicking that shit...
Oliver Myers
Here do this. Whenever you get ip from china, just send a packet with pic related in it. Should help.
Leo Rodriguez
>yoütübe
Joseph Ross
Is this true? What do I send, the utf-8 string for these characters?
Jack Adams
gonna give me info on what i can do with this? How to fight back against an IP Logger?
Jacob Stewart
>How to fight back against an IP Logger? two options >don't be dumb enough to click a clearly fake url >use a VPN
Evan Taylor
i mean find the secrit sauce, where is it located? who's hosting it? etc?
Caleb Rodriguez
just use maltego or an ip lookup website
Brody White
you can try utf-8, I personally haven't tried it, but I just realise ssh displays banner before login.