/cyb/ - cyberpunk and cybersecurity

New bundle on cybersecurity books:
https://www.humblebundle.com/books/cybersecurity-wiley-books

Is there someone who bought it who's willing to share?
I'm particularly interested in:
>Investigating Cryptocurrencies
>Wireshark for Security Professionals
>Advanced Penetration Testing

>>3120
Don't give money to Wiley. I think they get a tax benefit if you give everything to charity, so don't even give them that. Is there something you can't find on Libgen? Ask and I'm sure we can find it.

>>3121
Yeah that's the reason I asked if someone's did that already.

>Wireshark for Security Professionals
>Advanced Penetration Testing
are actually reperible on libgen, I got misled by the "new" label, but

>Investigating Cryptocurrencies
which was released 1,5 months ago is to be found nowhere

>>3123
tyvm anon

>>3050
<excite>

see you there alice.

Also do we want to chat about quite how all the we should all find eachother (apart from that everyone with an arisu or lain sticker is probably a Cool Kid.) ?

>>3051

Hey Alice's. I forgot my lain sticker to walk around with, but I'm wearing a BlackHat (like the con) messenger bag. If you see me say hi.

>>3068
hi alice!

Pretty sure I was sitting behind you in at least one talk, I noticed the bag, but alas was offline the entire weekend so didnt know it was a lain till too late.

>>3073
That's awesome.

>>2795
nah

I was able to get in the site, but I'm a scrub at utilizing new exploits outside of msf, let alone privesc. Still reading on it. I was able to get user access on the easiest box, but did not have time to read up on privescing from the user part.

Other than reading up what some running processes exist, is there any other pro tips for these kinds of CTFs?

test

>>3052
It's almost always never a fire and forget exploit.
There's a machine on that network that makes you create a custom payload using a stuxnet attack vector.

Fuck I'd be down but just started working on a cert, once I'm done I'll do some HTB w/ ya

>>2941
could you fill us in on what hardware your looking to using? Maybe we can help

I like how the Rockbox project makes that alternative open source firmware that you can flash over the stock firmware in couple models of those old portable mp3 players, and you gets loads of new features. The same thing for old mobile phones would be seriously cool stuff.

>>2953
I looked at getting a raspberry pi zero w but i feel i should look for something with more power in about the same size. Im not sure how i will fit the heatsink in there. Charging and battery shouldnt be hard to deal with. I thought that i could use the spaces where the ribbon cables plug in the Lain's modified Navi for usb ports. The second screen will probably be a solar pannel with a transparent touch pad over it. Wont get much power from that but i could be using it to power some led whenever the screen opens. Lain's modified Navi has an exterior antenna which ill probably add for a boost in wifi range. Or it could be a radio tuner module. Or maybe even both, having them be interchangeable. For charging it will hopefully use usb C and it will have a headphone jack at the bottom. Stylus will probably be something like one from a 3DS which will have its own place where to be inserted in the phone. It will be pretty bulky but so was the Lain's. For the software i really dont know. I'll probably need to learn to code and make my own UI for the thing on top of debian or some soykaf. Shouldnt be hard but ive got to get myself together and actually start working on it. I had a friend who was doing the 3D modeling for it and the end product looked pretty good. Once collage starts again he'll 3D print it.

>>3078
I run a full sized RPi without a heatsync, and I've seen them used without way more often than with. Why do you think you need one?

>>3078
Unless you're just wanting to game on something that looks like a glorified digivice (which with a touchscreen, should be out of the question) you really won't need anything more powerful than the zero. If you're wanting to stuff a GSM board and other related components in there, the zero will most certainly be able to handle that as well. We've gotten to the point with our computers that the only reason you would need a CPU faster than budget hardware is if you want to play modern games or you're doing super sciency Big Data™ things. Unless that applies to you, any of the Pis should be fine.

>>2877
>>2878

Oh man. I haven't delivered soykaf, I totally forgot I'm super sorry. Got caught up with the second semester doing an android app / an Apache website with some teamates (aka ended up writing 60% of the java/php/js in a team of 5 people) and finished 3 days ago doing some OS stuff for the end of the semester. Totally forgot because I had to carry people. I'm home for now and away from my desktop, will probably return next week, since the only thing I can do here is drink/smoke/fuck around with friends. I need to go back and start tackling websec and my dissertation for next year.

Only update I can give is that the error log is long gone from the directory, but I saved it. Thing is, to look at the thing and actually try to understand anything.

Run a 'host -t mx <domain>' on their email, telnet to the host, and start sending emails. It's easy enough to spoof your IP (or do it from a public computer) because those show up in the headers.
That one's pretty easy. My college's blackboard (online assignment submission system) ran on HTTP so it was also trivially easy (cain & abel) to steal credentials from other students and post to class forums as them, or submit garbage as their assignments. Of course, I only showed my professor proof of concepts and didn't do anything to anyone.

>>2973
>That one's pretty easy. My college's blackboard (online assignment submission system) ran on HTTP so it was also trivially easy
Or deploying a keylogger/form-grabber implant at a public (class) computer in case their web infrastructure is secure. It is surprising how many faculty staff logs into their account by using public computers which usually have no PSP software besides a soykafty DeepFreeze-like kernel level disk driver which can be easily bypassed and even weaponized.

I found a similar scenario in my university campus where also BIOS was not password-protected in which case DF is useless. When I reported it to IT they said this is not a real threat vector and somebody needs to be Mr. Robot good to do something with it. Let's just say I didn't report any of my new findings afterwards. :)

In 2018, we are pretty much living in the cyber-era and carelessness of people regarding such matters makes me cringe. They still think just locking their doors and having a soykafty security guard made of "random middle-aged dudes" is enough to keep them secure. This is not USA though, they already have enough Mitnicks, NSAs or whatever to make them care a little bit.

>>2974
hacker_vs_salt_shaker.txt

OP here, a little late, I should have done this about a month ago. I want to know whether this error file that was uploaded on the claroline/backends is usefull at all. A sample of this file is number 1. In number 2 is a snippet of the same file that kept repeating from April 2018 till 2014.

And on 3 is a pic of the claroline/backends and waht it contains. I really like hearing to your ideas and exploits, even if I believe myself too inexperienced to try them out. Also, am expecting some parts for another pc I could use solely for said purposes

>>2928
I think in U.S. there is quite a strange melting of politics and subcultures. I have never considered using the word "punks" referring to leftists in general.
Anyway, corporations are pushing liberal/libertarian ideologiez much more than lefty ones. What do you mean when you refer to "left-leaning cyberpunkesque philosophy"? Cause the first things coming to my head when i hear that are Fisher and left acelerationism, which are completely opposed to any kind of neoliberal ideology embraced by silicon valley and big corporations.

>>1418

Nah, this is just the bare minimum of knowing your rights. The idea that asserting your rights at all has become the turf of right wing idiots is the real problem here.

That and their weird obsession with navy-fringe flags.

>>2928
The difference is, the police are an institution and tha punx aren't. If you sign up to be a cop there is an assumption that you accept not only the rule of law as a concept but also the current order of that rule as opposed to that of some other political vision. Being punk ultimately means you like a type of music and nothing more, as a total unifying concept. It means more to certain people but not as a universality.

There are punks that are squatter junkies, ones that see squatting as a political protest and might kick the junkies out of their squat, punks that are hipster record collectors or merely fashion obsessed, people who just get stoned and ride a skateboard and do graffiti, etc. Some are literally hippies with a better soundtrack. As a broad stereotype, the ones from Vegas you mentioned tend to have been among the more violent and stupid.

Most punks aren't actually anarchists or very far left. Most are probably liberal or apolitical, there's even some prominent US musicians who support the republicans.

If you want to argue that there are decent people who become cops, fair enough. I'm still taking issue with the instituion itself and can only see them as OK people by seeing them as separate from that instituion.

>>2864
>>noise pollution apparently legal
noise pollution is legal just like air pollution.
t. someone who lived next to a train

What is Noise Pollution? https://en.wikipedia.org/wiki/Noise_pollution

>>1401
this was published 5 days ago.

>>1735
>ad hoc meshnets

setting one up before hand is probably nice, but simply having the software and documentation on hand to build one if things turn bad, is not at all difficult. my neighborhood does (sadly) not have a meshnet running at present, but it could have one within a few days of a blackout just with the resources I have in my house, and some extra routers.

I need to read more of the Arab Spring things, a fascinating topic about which I know too little.

One thing I have also been considering (in light of several recent large disasters) would be the possiblity of setting up a meshnet within a recovering disaster area (Puerto Rico of right now, as an example). If the phone and ISP nets are damaged to a high level, that might be about the best chance one could have to establish a meshnet on a large scale with the participation of nongeeks.

>>1715
I may misinterpret your term: sharing network.

in the case that I dont, I would posit that there is a great amount of data being shared, and collected, in many many nodes the world over. I on my own disks have more than a few websites, a fair ebook library, quite a large amount of software inclusive of sourcecode, news archives, among other things.

Presently this is not available to the wider world, I havent the interest, the bandwidth, or the need to make it accessible outside of my network. If suddenly my country were to impose strong restrictions on the internet, there would be motive for me to make that which I have collected useful to other people, and whether its by a sneakernet, hidden service, local meshnet, or other scheme, I would do what is in my power to share that which has been shared with me.

I would do so, and I am sure there are many other people in the world with similar mindsets. These archives are not visible today, but in the event of a disaster, they will doubtlessly emerge.

Invest in a shortwave radio. It takes absolutely no skill at all to fuss around with the dial until you can pick up a foreign broadcast of some sort, should the state ever move to curtail access to information. It is true that shortwave, like any other terrestrial radio signal, can be jammed, but prolonged radio jamming requires a large number of very powerful transmitters to constantly be in operation, and deploying all of that infrastructure can't be done at the drop of a hat like forcing ISPs to go offline. Most of what I pick up is just southern religious stations, but I can easily tune into broadcasts from China, Cuba, Canada, and a couple Latin American countries that I've never heard give station identification in English but have pretty chill music sometimes. If the USA ever were to crackdown in a big way, you can bet that the Chinese and Cubans would be more than delighted to tell American citizens all about the situation, in the same way that Russia has always liked to distract from it's own faults by indignantly pointing out US hypocrisies and infringements of civil liberties. And if there ever should be a protracted emergency, I'm sure some sort of pirate radio would start to appear.

>>1712
IPFS can be blocked? Nah, they didn't.

If you're so paranoid about the internet why don't you go outside and live?

>>1714
>with 4G or Satellite
one of those would be much more impressive than the other.

>>2919

"too much like gta"

Second time I've seen this today. What are you people on about?

Open world =/= gta
Character stats =/= gta
Missions =/= gta

>>2939
I think we are talking about the general aesthetic of the game, which is not very "dark or gritty" and looks like GTA/whatever instead… Which I agree with personally, but I think it will be a nice game nevertheless.

>>2906
i don't usually enjoy FPS but if they ever release it on linux i might get it.

i'll watch a let's play whatsoever since it just looks good (visually speaking)

>>2906
It does look pretty interesting. Being a first person game sounds alright to me, that's how I generally choose to play if the option is available anyway. Plus it's not like there isn't a precident of first-person action RPGs. Limited feild of vision could be annoying, but having a setting with cybernetics might be a nice excuse for playing with various projection methods (see: Fisheye Quake and Blinky) since they could be presented as resulting from optical augments.

Actually, I've been coincidentally thinking about making a first person action RPG in a near future setting, just because it seemed like it'd let me take a lot of tropes from Zelda games while forcing myself to avoid making an outright Zelda clone. Now everyone will think I'm trying to copy Cyberpunk 2077 instead. :p

Really, the only thing that seemed off to me is that we're looking at what seems to be an American city that has both a solid public transporation and traffic that actually flows smoothly enough to allow for car chases. I don't really see it as GTA looking, though? If it was more dark and gritty, I'm sure it'd instead be getting compared to Arkham city.

>>2906
After seeing first trailer, I thought it's gonna be dark, and I liked it. After E3 2018 trailer, I'd say I'm kinda sad, but maybe I'll give it a try when it will come out (if I will have a good PC/console then)

>>2936
Hackforums is filled with wannabe the next big fbi hacker. Most of the information you can find is loosely incorrect. Every second a kid writes "HELP crack this software" … Enjoy.

https://www.reddit.com/r/ReverseEngineering/

>>2936
>you don't have to thank me
kek

>>2927
see
>>2965
and also try some of the pwn and RE challenges on hackthebox.eu
Hacking:TAOE and windows internals (the newest one, I can't remember it rn) are phenomenal books.
Honestly, Malware analysts cookbook is a REALLY good RE book with tons of relevant examples.

The heart of all "cracking" lies on digging deeper to see what's doing what, and how.

It encompasses a soykaf ton of fields/practices, from forensics to malware analysis to exploit dev and (though very lightly) threat intelligence.

I'd encourage you to write a list of things you want to be able to do and write down qualities of your dream job.
First, get some breadth of knowledge, then find what you like most and get depth.
At my job pentesting/Red Team I do a LOT of the RE/Exploit dev stuff and I love it.
Idk, I'm also a big pee pee head, so ymmv.

>>2966

Practical Malware Analysis is another really good RE book for people looking for RE literature (especially for beginners)

>>2967
Be sure to also check out +ORC and Fravia+.