No.1497
Face to face or online?
No.1498
>>1497I'd prefer online, but both will do!
No.1501
>>1496All study groups go to soykaf without structure.
What kind of things do you want to do and cover?
Doesn't have to be a super rigid schedule or plan, but it'll just be rando netsec chat if there's no topic in my experience
No.1503
>>1501I wanted, not so much a hardcore topic per meetup, but rather a solid showup time where we get together every week
No.1504
>>1503You don't want a study group, you want a soykafty insider trade.
No.1505
I think if you extended the study to topics other than security you'd have more chance. I'd join for symbolic AI, or computational intelligence fields, machine learning, optimization etc.
No.1506
I don't know how would you do it online, but offline you would usually first find people who are willing to participate and a space that you can use regularly. Then for each meeting somebody would volunteer to research a topic (a technique, a tool, a particular exploit, etc.) and present it for the others. After that you discuss it and anything else that comes to mind, like security news, projects you are working on, problems you need help with, etc. Of course you can watch videos (boring) or attempt challenges (might take too much time without any result) too.
No.1507
I'd be interested in this! Here's the timeline I'd propose in terms of planning things out:
1. Find someone that already has hacking knowledge and could compose topics together.
2. Create a digital space to meet every week. This should not be IRC since it should be easy to embed images and documents within the client. Maybe mattermost or matrix.org?
3. Create meetings every week where that one person displays a topic and the resources related to it, then gives some "homework" – stuff to research and exercise. Things like tutorials, books, videos, and case studies that people would be required to spend concerted time on.
4. After a few meetings, people that are starting to catch on and self-study would be able to lead meetings in the future, alleviating the responsibilities of the starting people.
What this needs is clear leadership and hacking talent, both which might be hard to find on hacking LARP imageboard. The obvious criticism to this post is why I couldn't do it, and my excuse is that I am working on two majors, running a small organization, and have a part-time job as well as knowing little to nothing about pentesting specifically. I'd love to participate and eventually help plan if this gets off the ground, but it takes a lot of time and work to get the ball rolling.
Maybe people could start posting resources in this thread? Attached is one I found interesting.
No.1513
>>1507Thanks, Ill try getting something set up the best I can!
No.1520
>>1507>This should not be IRC since it should be easy to embed images and documents within the clientlooking for a disaster here, but IRC allows sending files, just make sure they stay on the server with ftp/http access
No.1526
So are we going to do this? what irc servers are good for everyone? i2p irc? tor irc? freenode?
No.1528
>>1526I think a basic irc room, resources and a timetable would be enough for now. I don't think tor is needed for a study group (even if it's about hacking)
Also a proper choice on what to study, book etc.
No.1529
If you guys want an encrypted chat room you can have your own channel on the unofficial arisuchan matrix I host. #arisuchan:layer02.club
No.1530
Here is a mega I got off 4chan a while ago.
Beware tho, this contains example software too so your antivirus system(lol) may give off a false warning.
https://mega.nz/#F!yRVgCZwa!X2dBn1YuOd4ureIxjM-mZgmod edit: if you are dumb enough to click this… No.1537
>>1533I tested it myself on a virtual machine before and it's fine. It's just pdfs, you can leave out the .py files in the python folder.
No.1555
>>1528I think TOR/i2p is a good idea as many of us already use these services and well, it's good to practice what we preach, no? :)
No.1557
>>1555>TORYou definitely don't know how to use Tor, since you didn't read it's documentation.
No.1561
>>1557Project Tor is really making me feel uneasy and at the same time make me feel safe. There is to many thing to tor that i couldn't point out that simply look shady. Couldn't we have another alternative ?
No.1566
>>1561For onion routing network to be stable and anonymous, you need large scale of adoption. Anyone can always fork their code and start running another OR, not as anonymous as already existing one.
What things do look shady to you? Is it that every running node reports "anonymous" statistics to central server? Or is it because of their gimped client software that lost it's features along these years? Please elaborate.
If you want a network designed for anonymity within itself without too much overhead, try exploring garlic routing networks like Freenet and i2p, with all precautions of course.
No.1569
>>1566Well i'm no specialist neither am a professional so what i'm about to say isn't based on solid proof/evidence.
I've been using, reading, learning about Tor project for 4 years. What i've been reading and seeing is that it's really safe and have been proving all the time that using tor work, but there is a huge problem which are nodes are run by XXX agencie it's been reported on and off everywhere that people running nodes/relay have been contacted by people from these same agencies. That is one reason why i can't rest in peace using Tor, not only that but you need to have really good opsec to prevent man in the middle attack too.
No.1576
>>1573Now that arisuchan has a mumble server we can see if they mind we use theirs.
No.1578
Is this hacking club going to focus on resources and learning only, or is it focusing on hacking targets as a group and building our skills together? Which one?
No.1583
>>1578What you are talking about is highly illegal and can be considered a federal crime.
Resources and learning sound more about right.
No.1584
>>1583Sorry for bringing that up but a "hacking club" can be interpreted in multiple ways and assuming that even we have a learning to hack club, you can't predict how an individual will use that knowledge. I only brought targets up because I thought it would be fun group activity and if everyone here agrees that it's too illegal than we should at least have a CTF group
No.1585
>>1584Agreed. We all have different paths to choose but a believe there is a middle ground for all of us.
No.1586
>>1584That a interesting point to brought up to the light. the idea is still highly attractive but i think that we don't have to think about the ''illegal'' part of it. Sharing knowledge is one thing using it for illegal activity is another, but what ever some choose this path doesn't concerne the group i don't see a problem.
Do we have any idea where this is going to be setup ?
No.1588
>>1586if there's no grey area, why not a discord server?
No.1590
>>1588I honestly cannot find anything else, so let's just use Discord for now.
No.1591
>>1588why not irc.
discords annoying since you need to use the browser or their soykafty bloated program and you can only use one account per browser at a time.
No.1592
>>1591Matrix and IRC appservices are the best you can do in this day of age that follows our interest groups
No.1596
>>1588Let's use Matrix, it's FOSS and secure.
No.1598
>>1596>>1597>>1592i'm down with that more than Discord.
No.1601
>>1598Once we get a Communication system setup, what time can everyone meet up?
>late night>weekdays>weekends>etcIf we can all meet up together we can get some team CTF's, wargames or something.
No.1602
We now have an official mumble and can use any IRC like Rizon and Freenode. There also may be an official arisuchan.jp IRC server running soon as well.
I'm currently working through
https://hackthebox.eu and reading / following various resources for learning and such. I'd be glad to host or take part in this infosec group. Resource thread incoming soon most likely from me.
A personal opinion of mine is that Discord
should not be used for anything related to this group or Arisuchan but Seph has made her opinion on it quite clear, and it comes down to whatever the fuck you want to use.
No.1604
>>1597that works.
The only reason I suggested discord was because it'd be nice for those who wanted to talk to be able to and for files, etc,
with chat.
I had no idea matrix even existed until now. Ty for learnin me a new thing
>MMXVII>not using an oxford comma No.1605
>>1604I switch on and off. Keep the botnet guessing.
>>1601Weekends would probably be best. But of course we can always pop in any time of the week to shoot the soykaf and learn.
No.1606
>>1605Alright, we'll meet up tomorrow!
No.1612
>>1602>We now have an official mumble…Would you guys like a room added?
No.1613
>>1612that would be badass!
No.1614
>>1613>that would be badass!Added! ^_^
mumble://arisuchan.jp/HACKING%20TEAM%20(CTF)?title=arisuchan
No.1618
Any update on this?
No.1620
>>1614Thanks admin your the best!
you probably wont regret this.
No.1641
>>1624'twerks for me
stoked!
No.1657
>>1507>>1520What about matrix? (
https://matrix.org/)
seems to be pretty decent and secure without being too restrictive
No.1658
>>1657Well, Matrix is a protocol rather than actual chatting platform. Someone would have host a central matrix service in which other services would hook into to have a centralized chatting experience. e.g. I would have an IRC server and you'd have a riot chat server running, we'd use matrix to connect and unify the experience between them.
No.1659
>>1657>>1658My offer still stands with the unofficial arisuchan matrix, e2e is on
>>1529 No.1662
>>1624Do you mean 0400 or 1600?
No.1664
Is IRC too difficult nowadays?
RE: sharing images and documents, its common use to upload them (there are semi-automated scripts) to an hoster of your choice and just send the link.
Also keep off the propietary discord.
No.1665
Name 5 reasons why matrix is better than xmpp for study group cooperation. Let's see how good you are at reading documentation. Good hacker needs reading comprehension and attention to detail.
No.1668
>>1665I'm not at home so I can't do a full comparison, but for the majority, knowing each service is capable of e2e is usually enough. Matrix technological wise is able to pull multiple services, because it's a wide protocol built for unification and security. Unlike xmpp which was built for primarily one on one communication and text based messaging. Nor was xmpp built around bridging and web friendliness. I'll iterate more when I get back.
No.1669
>>1668I just realized how soykafty of explanation and response I made. I'll actually make real thought out one.
No.1674
>>1602>https://hackthebox.eu getting through the fucking captcha was the most annoying part of signing up.
No.1676
>>1614I can't connect to the server with SOCKS5 is it normal ?
No.1677
>>1674Honestly true, but the machines are quality and the community is great.
No.1678
>>1676It might be a misconfiguration your part? I connect just fine with my SOCKS proxy.
No.1680
>>1678Could you show me how to properly set my SOCKS proxy ?
No.1685
Is the meeting still happening tomorrow at 1600 UTC?
No.1690
>>1689But I was there and no-one was there!
No.1691
>>1690Such is the challenge when trying to organize an event.
We could retry tomorrow or do it again next weekend with better, more specific timing.
No.1692
Just a reminder tho, UTC 4:00 is 00:00 EST
No.1693
>>1692the date command is a wonderful thing.
> date -d "this saturday UTC 400"
Fri Sep 29 23:00:00 EST 2017
# or whatever for your time zone
