[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology


Thread archived.
You cannot reply anymore.


[Advertise on 4chan]


File: 1727390859926002.jpg (499 KB, 1920x1080)
499 KB
499 KB JPG
>>102844591
This isn't your jobs thread or cert thread, it's a group therapy session. /Cyb/er/sec/urity/pri/vacy general is for the discussion of anything and everything related to cyberpunk culture, cybersecurity, and digital privacy.

--[/Cyb/erpunk]-----
The FAQ: https://sizeof.cat/post/cyberpunk-faq/
What is /cyb/erpunk? https://pastebin.com/pmn9vzWZ
How do I into /cyb/erpunk? https://pastebin.com/5tpNFQds
Huge list of cyberpunk media: https://sizeof.cat/post/cyberpunk/
The cyberdeck: https://pastebin.com/7fE4BVBg
Cyberlife: https://jinteki.industries/files/cyberlife.7z
Bibliothek: https://www.mediafire.com/folder/4m5hd2065hde8/Bibliothek

--[/Re/verse Engineering]-----
Getting into /re/: https://igwiki.lyci.de/wiki/Reverse_Engineering

--[/Sec/urity]-----
"Shit just got real": https://pastebin.com/rqrLK6X0
Cybersecurity basics: https://igwiki.lyci.de/wiki/Cybersecurity_-_/sec/_guide
and armory: https://igwiki.lyci.de/wiki/Cybersecurity_-_basics_and_armory
learning: https://igwiki.lyci.de/wiki/Cybersecurity_-_Learning/News/CTFs
Reference books (PW: ABD52oM8T1fghmY0): https://mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw
/sec/ PDFs: https://mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkA
EFF anti-surveillance: https://ssd.eff.org/
Other library: https://mega.nz/file/UCgEGAjb#rwNcnMAQCUUbSp8supsFvn9QEHCWUW86eLcZa16ZG4Y

--[/Pri/vacy]-----
Tools: https://www.privacyguides.org/en/tools/
Hitchhiker’s Guide: https://anonymousplanet.org/guide.html
Hardware: https://ryf.fsf.org/products
Frontends: https://igwiki.lyci.de/wiki/Privacy_friendly_frontends
OSINT Guide: https://inteltechniques.com/index.html
Firmware: https://libreboot.org/
RMS: https://stallman.org/facebook.html

--[/hmg/ Hackerman General]-----
VM/CTFs:
http://overthewire.org/wargames/bandit/ - easy beginner
https://www.vulnhub.com/ - prebroken images
https://www.hackthebox.eu/ - super secret club
Huge info dump: https://hmg.neocities.org/
>>
epoxy on my ram and rom
>>
File: Jen.jpg (399 KB, 750x1000)
399 KB
399 KB JPG
Threadly reminder to go read Fisheye Placebo for more cyberpunk goodness!>Vance just wanted to make the most out of his college experience under a totalitarian regime, and if that meant hacking into the university to assign himself a hot female roommate, then so be it. The last thing he expected was to be dragged into a crazy conspiracy to overthrow the government by his most-definitely-not-female roommate.

Archive
Chapter 1 Part 1
https://desuarchive.org/co/thread/138433030/
Chapter 4 Part 7 (latest)
https://desuarchive.org/co/thread/145447092/

https://www.yuumeiart.com/fisheye-placebo-chapters
>>
>>102881590
threadly reminder that you all need to take your meds
>>
Calibre tells you to download a binary installer from their website without checking the cert (pic related )lmao
Also, for whatever reason, they use a self-signed cert for a subdomain where they host the signature files: https://code.calibre-ebook.com/signatures/
That cert is embedded in the installer: https://download.calibre-ebook.com/linux-installer.sh . This is supposed to be more secure, apparently... I don't think this would resist a mitm attack, but, whatever, I'm not expert on this.
>>
>>102881900
That's so weird, has anyone told them why?
>>
>>102881900
FOSSsisters, our response?
>>
File: media_GZVvlBjaEAAcgOh.jpg (255 KB, 1080x1350)
255 KB
255 KB JPG
>>102880421
Last thread fell off page 10 far too quickly, clearly a lack of cybergrills.
>>
From last thread:
>>102870426
>>102858356
>>the sad reality is that things are bad everywhere, it is just more open and more visible in the US
>Personally I think that the behaviour of western governments towards people like me (an ordinary citizen) has been much less malicious than the behaviour of authoritarian governments across the world.
There are many kinds of evil. There is the purposeful, psychopathic and malicious evil, and there is the careless, banal and contemptous evil and a wide spectre in between. To wit:
https://archive.is/n4wq5
>A few days later, Josh was given another detention for playing with a water pistol at break time. His parents were called in for a meeting to discuss it. As they got up to leave, the assistant headteacher said in passing that, as a result of Josh’s Isis-K story, the school had referred him to Prevent, the UK’s deradicalisation programme. “Oh, we don’t think he’s a terrorist or anything,” the deputy head joked, before leaving the room to let his junior colleague answer questions.
The assistant headteacher probably considerd this a brilliant piece of rhetoric but in the end it was as evil as it gets. It smells like Oxbridge, while the "junior colleague" was probably at best from Russell Group. A lot of people lose all contact with morals once they reach a position where they can lord it over other people with impunity.
>So when it comes to cyber-security, I'm more worried about authoritarian governments.
Sure, but that is just a matter of degree.
>But of course you should be wary of all governments,
Indeed
>because all of them could potentially do something bad.
And here is the crux of the issue, it is not something the could, but it is something they would, as the Iron law of the Oligarchy proceeds, ever forward to the failure point.
It is also as /cyb/ as it gets, since what saves your bacon is social engineering. Ultimately, /cyb/ is where tech meets society, and what you do to survive.
>>
>>102881984
Where would you ask him?
>>
>>102885255
At their GitHub
>>
>>102880421
>https://igwiki.lyci.de/wiki/Cybersecurity_-_/sec/_guide
Down. Anyone here know the operator?
>>
>>102885508
You'll never know my address glowie
>>
>>102886794
>You'll never know my address
I didn't ask for it, I hoped someone reading this could poke the operator into rebooting the server, or whatever it would take to get it going again. https://lyci.de/ seems to be working, though.
>glowie
You are not authorized to know.
>>
didnt know this general was back
>>
>>102887907
It never left
>>
File: TheFall.png (87 KB, 2736x1660)
87 KB
87 KB PNG
>>102888050
It did.
>>
>>102885508
its me, server rebooted itself(?) and wont come back up

>>102887176
>https://lyci.de/ seems to be working, though.
different server

wiki will be back, dont worry
>>
>>102888263
why is this place being recorded in such detail
>>
File: NSA_wuvs_you.jpg (144 KB, 1600x1200)
144 KB
144 KB JPG
>>102888719
Who knows.
>>
>>102888542
in dire need of the wiki
>>
>>102889185
Why can't we have nice things?
>>
>>102888767
Imagine being the NSA Agent assigned to this general.
>Hey boss I found a thread on 4chan about Cyberpunk, but it's also about Cybersecurity and Internet Privacy
>"Hmmm... do they talk about hacking?"
>Uhhh.... yes.
>"We need to take action"
>We'll actually discussion is fairly benign. If you'd like I'll monitor it and keep you guys posted.
>"Good idea, anon. Monitor the threads, and keep us informed of any dangerous activities or discussions happening."
>proceeds to spend the rest of the job shitposting /cyb/ babes and about certs
I only wish that was the case... This general might actually be slightly more active. NSA-chan please posts your hottest /cyb/ babes.
>>
File: media_GZVwRZ4a8AAho7n.jpg (183 KB, 1080x1350)
183 KB
183 KB JPG
>>102890350
Old but unconfirmed lore are that they are slumming it here during the lunch breaks and that cybsec.io was their server. Cyber babes are easier, though.
>>
Some good news, at last:
>Celebrating two years of empowering public digital infrastructure
https://www.sovereigntechfund.de/news/celebrating-two-years-of-empowering-public-digital-infrastructure
>The Bug Resilience Program, our proactive approach to increasing the resilience of open source software infrastructure projects, started accepting applications. Participating projects have been able to take advantage of the program’s services, from support with deal with technical debt, to code security audits to the bug & fix bounty platform to discover, responsibly report, and fix bugs.

My hunch is that German, perhaps European intelligence agencies are behind this. I wonder when American agencies do the same. Or are they too optimistic about NOBUS classification?
>>
>>102890986
Awesome, I missed your news, anon
>>
>>102891909
You are welcome. News have been a bit quiet lately, not sure why. Considering the Israeli intelligence agencies are firing on all cylinders, and then some, I had really expected more.
>>
>>102892014
I guess most of it is kept under wraps
>>
>>102892337
Most things leak, eventually. People can put together scraps from different sources and arrive at the truth, especially if they have some abilities in lateral thinking. I have seen that myself, followed by the inevitable "where did you hear that!?"
>>
>>102884489
404 am died to hurricane obviously
>>
whats a good set up to torrent without getting sued or ISP ratting you out? basically a VPN and encrypted linux box?
>>
>>102880421
Where can i go to learn as much about hacking and cyber security overall hack the box certs and page seem good and a couple of youtube channels like the cyber mentor any other stuff you guys recommend ? And what is a good way to start this career ?i know the military has a couple of cyber security jobs people say it is hard to get into
>>
>>102890986
the US gov getting too cocky? nah that doesn't happen
>>
Dead general
>>
>>102894553
read the sticky newfag
go to the hacker infodump
>>
>>102895957
Nah dead forum. People that actually care about cybersecurity don't bother with 4chan because 4chan is a dead forum for shills to spam crap and give gookmoot shekels.
>>
File: reg.png (13 KB, 854x174)
13 KB
13 KB PNG
Microsoft says that state-sponsored hackers should be punished:
>Microsoft says tougher punishments needed for state-sponsored cybercriminals
https://www.theregister.com/2024/10/15/microsoft_digital_defense_report

That article mentions China and Russia as sponsoring hacking.
>>
File: Intel_logo_2023.svg.png (18 KB, 1024x398)
18 KB
18 KB PNG
After China alleges that Intel CPUs feature backdoors for US spying, Intel responds:
>[Intel's statement] responds to the claims of vulnerabilities and poor quality, but doesn't quite address the backdoor allegations – unless Intel means to say backdooring its products for Uncle Sam would break Chinese law, and it's not breaking any laws.
https://www.theregister.com/2024/10/18/intel_china_security_allegations/
>>
>>102897240
So themselves?
Because they are state sponsored malware developers.
>>
>>102897545
No, their smaller competitors. Classic Microsoft move.
>>
>>102897545
Are they? I look forward to seeing the proof of this, which you obviously definitely have

Unless you're a moron making claims that you can't substantiate?
>>
>>102897265
Intel ME ?
Never heard about such a thing ...
>>
>>102897265
They literally sell this backdoor as a product - https://en.wikipedia.org/wiki/Intel_Active_Management_Technology
It allows total control over a computer without the knowledge or agreement by the OS. It can remotely boot ISOs.
>The association also claimed Intel's products often include exploitable vulnerabilities and have high failure rates.
Obviously. AMT was letting in everyone who sent an empty password for YEARS - CVE-2017-5689.
>>INTEL-SA-00709
>All versions of Intel® AMT and Intel® Standard Manageability.
>Note: Firmware versions of Intel® AMT 3.x through 10.x are no longer supported versions.
So no fixes for old hardware, sucks to be you old cheap Dell OptiPlex buyers.
There's tons of vulnerabilities for Intel ME and AMT. Just imagine how bad the undiscovered ones are.
>>
>>102897265
>but doesn't quite address the backdoor allegations
Perhaps because denying the official line will end with a head shot?
>>
>>102897672
>Are they? I look forward to seeing the proof of this
Nigger please I just assume they are.
Google and Apple admitted to doing shit because the government forced them to.
I have no doubt MS were forced too.


All of them often have the same complete - it makes their product uncompetitive, compromises security even for US government users and generally makes bugs because of the secret nature of things.
I suspect this is why memory leaks in the kernel often happen. Only employees privy to confidential information know of the embedded surveillance systems.

As always, it makes everything shitter for all people of every country. I don't understand why governments do this when it blows back FAR too easily.
>>
I have been reading a little about this new generation weight control medicine, and there seems to be a lot of vague things going on in the background. First off there are news about problems such as loss of muscle tissue. More interestingly there are news about efficacy in treating drug addictions.
Just a long shot here: is this in reality a treatment for the drive for immediate gratification, which in some is barely controllable? If that were the case, the impact on society would be huge, and the /cyb/ angle would very much be there too.
>>
>>102896242
Where do they actually post, plebbit? I believe more and more in the Dead Internet Theory
>>
Anyone here sandbox their programs?
I want to fully isolate Firefox from the main OS but I am not sure what's the best option.
I already use FireJail but I have been trying to run it in Alpine (for low resource usage) in Incus/KVM but the performance hit is significant.
>>
>>102899815
i have considered it, but truth is that Google is probably smarter in figuring out how to exfiltrate data than I am in detecting it. Mozilla has also become an advertising/influencing company, and can no longer be trusted.
Ladybird is our last, best hope.
>>
>>102885508
>>102888542
>>102890239
Because we don't do our own backup and count on unpaid third parties.
Good work, mr maintainer.
>>
>>102899038
Got some hits:

https://pennstatehealthnews.org/2024/04/qa-can-weight-loss-drugs-help-in-addiction-treatment/
>Bunce: Patients have told me that it slows down their need for immediate gratification of their craving, allowing them to make better — and healthier — decisions. It’s like craving food. Most of us have had days when we craved pizza or chocolate. One way this medication appears to work is to minimize that drive, allowing you to slow down and make a healthy choice.

There are a few more, many restate the above quote. If this really helps against the urge for immediate gratification, it will quickly go into the medication mix along with Ritalin to millions of school children.
>>
>>102900089
We now have an update:
https://lyci.de/wikimaintenance.html
>>
>>102892014
>>102892337
>>102892402
They sure are using and abusing their Intelligence services but probably there is some blackout from the media after how massive the discussions on the pager explosions were.
>>
>>102894244
Pretty much. You hear people using Tor and other protocols too but that can be a hassle.
>>
>>102899287
Reddit can have even dumber discussions than here. And it often does.
>>
>>102900264
>probably there is some blackout from the media
I skimmed through >>>/int/isr and saw a few comments that indicate all rumours are shot down systematically. That includes, according to that general, 4ch mods who delete all attempts to spread rumours. So the blackout is very, very extensive. What has been published, including official channels on X, suggests their agencies are on a roll, such as showing the video of Hamas leader Yahya Sinwar and his final moments.
>>
>>102900008
>Ladybird is our last, best hope.
After they decided to move to swift I gave up on then.
Librewolf is the best right now but even that could probably do better.
Reading the amount of patches they had to apply on Ungoogled Chromium is depressing. One can only imagine that some stuff is slipping off from these project's grasps.
>>
>>102900530
Ofc, it was made to be a warring state and it's doing its job. And all the world be dammed in their eyes.
>>
>>102899038
>>102900125
I don't work in this area but I have been reading a lot about it because I am a health nut, but yes, it affects consumption by regulating how some hormonal gateways work and, yes, there is a governmental push to have this be as easily accessible as possible, to the point that you hardly hear about the risks of stomach paralysis and major loss of muscular mass.
>>
>>102900624
The law of unintended consequences always strikes, and in unexpected ways. One of the chief researchers has gotten cold feet, but big pharma sees monstrous incomes, so what could possibly go wrong?

The upside is that this could lead to more research on how the human mind works. Very little is known, and one scientists compared the research to setting fire on a car, measuring the height of the flames, and from that trying to determine how fast it could have gone. Yet most people see no problems in medicating people with drugs that nobody really understands how work, far less long term effects. So what will happen 30 years down the line when a generation of Ritalin dosed school children try to get a job? Or when they grow old? Moral hazards such as governments being OK with mass suicides among oldpeople just to save pension cost does not help much. I really have a bad feeling about this, in case you couldn't tell.

Long shot here: next up might be drugs to let people hit the flow. That too could be a bestseller, especially when combined with Ritalin, Wegovy and what else is coming up. I can easily see this become compulsory for all school children.
>>
>>102890350
I'm sure there are still boots on the ground but the majority of work is probably just scrapers looking for keywords.
>>
File: 1728481482836.jpg (332 KB, 1440x1351)
332 KB
332 KB JPG
Between Bitwarden and Proton Pass, which one would be better? Ignoring whatever the retards are crying about regarding bitwarden right now
>>
File: media_GNijvYLaQAAMqh0.jpg (449 KB, 1380x2048)
449 KB
449 KB JPG
>>102900993
As long as we keep posting hot cyber babes, the boots will remain firmly on ground and bums firmly on seat.

>>102900089
>Because we don't do our own backup and count on unpaid third parties.
I'll look into how to extract a backup - regularly - from the new wiki. I remember the old FTP server, there must have been a TB of documents there. Much was lost when it fell off the net.
>>
>>102901109
Just self-host Vaultwarden
>inb4 Rust
Better than nothing.
>>
>>102894553
The party is over. Rust, AI. Pretty soon we will all be downgraded to physical security.
>>
>>102900326
Reddit has entire threads of people arguing and all sides are wrong. They are NPCs that conflate information they don't understand and confidently parrot it in the comments. There is actually informed discussion on Twitter, but it's all recycled tired arguments "muh open source C2 is dead" "muh microshart doesn't pay me for me UAC bypass"
>>
>>102899287
Believe it or not,discord.
>>
>>102902580
Exactly, everywhere is hell, here including.
I miss the old times.
>>
>>102903104
There is a major difference here, in here people who are wrong can be shot down with facts. In fora where people hunt scores, they go with the common misconceptions rather than the truth, which to them is an irrelevant nuisance anyway. Reddit is far from the only one, The Reg is just as bad.
>>
>>102903331
What are other good sites to discuss cyberpunk?
>>
>>102904039
I don't know. anon.cafe was comfy but it closed down a while ago. There are other imageboards but not as good as this one. Also alt.cyberpunk used to be good but last I checked it was mostly spam.
>>
Anon, do you even pop boxes???
>>
>>102904162
>do you even pop boxes
What did anon mean bu this?
>>
>>102900744
Lovely vehicle, girl is fine too
>>
>>102903104
Very few people actually hack they're too lazy. Most guys just read reddit and discord and regurgitate things they see. So any places that could be good are quickly overrun with posers.
>>
>>102905549
What is there left to hack anyway? I see most modern hackers are either spooks working for them or scammers. There's no real hacking done anymore
>>
>>102897672
Microsoft teaches people to write malware, and for whatever reason they don't fix their vulns, keep introducing more and being slow at the ones that people report, even for free... Do the math.
>>
>>102906195
HahahahaHAHAHAHAHA
This is the level of discussion in this fucking general And people were discussing about how you "can talk" about hacking. You faggots are useless.
Do you even read news or follow people (bug hunters, exploiters, corporate hackers, ...)?
>>
>>102906299
...no, I wait here to be spoonfed all my data like every anon in this site. And meanwhile waste my time discussing the next meme distro I should scrap my entire setup for.
>>
>>102906195
case in point
>>
>>102906252
I used to think Microsoft was malicious. Then I red teamed a critical infra company that literally had a direct line to MS where they bitch at them regularly for any minor change. There are people at MS that want to get rid of NTLM, force SMBv3, etc but at the end of the day MS is run by subservient jeets that veto any serious change.
>>
>>102904474
Do HTB, offsec proving grounds, vulnhub, etc.
>>
>>102904039
textboard dot echobubble dot xyz
>>
>>102902528
how the fuck ?
>>
>"100% Free" GNU Boot Discovers Again They Have Been Shipping Non-Free Code
https://www.phoronix.com/news/GNU-Boot-Second-Fail
>>
File: 1727315129635123m.jpg (122 KB, 723x1024)
122 KB
122 KB JPG
Got that privEsc challenge complete.
>HACK COMPLETE
>EXP +50

The crux of the challenge was that the find binary was owned by the user who owned the flag, but runnable by me, so I just had to run find on their homedir with the -exec flag to execute cat on the file or something
>>
>>102904162
Just popped one kek, all while high af
>>
>>102880421
I have been doing over the wire.
Currently on bandit 6. It's boring but Bandit is mostly about teaching file structure and basic cli usage. I hope I can finish this and move onto more interesting stuff. Also writing in cli is just so fucking cool, typing ls and seeing all the text just feels cool mann
>>
I want to play games like League of Legends that have kernel level anti-cheats on Windows. If I encrypt my Linux disk is that enough or can they access it somehow? At this point it seems like everything is possible to me.
>>
>>102908945
Quit wasting your time on games, League hasn't been good in ages. You know, there was a time before it was gay
>>
>takes down another CTF challenge

>>102908626
Bandit is basically common Linux box hax 101. The same hax work in CTFs. I'm literally learning the shit i learned in Bandit to defeat HuntressCTF. Same exact tactic.

>.bashrc is modified to do some retarded shit and/or log you out as soon as you log in
>so you just pass a command with ssh
Learned this in Bandit, used it in nearly every CTF I've done so far. A useful trick.
>>
>>102909546
I know, the game is complete garbage yet there's nothing that's as addicting.
>>
>>102900139
And now it is up! Good work.
>>
Another solve for Zarathustra. I offered if anyone wanted to be on my team, but I guess ya'll have better things to do. Fuck it, I'LL SOLVE THIS ENTIRE CTF MYSELF! THE OVERMAN DOES NOT NEED THE UNTERMENSCH
>>
File: Zarathustra.jpg (137 KB, 1920x995)
137 KB
137 KB JPG
Literally doing this because bored, these challenges were worth 500 points each at first but I'm late to the party.
>>
>>102906195
>What is there left to hack anyway?
There's never been more to hack, depending of your definition of hacking.
The most popular computing devices are completely jailwalled bu Google, Apple and their manufactors and the only distro that gives you a complete FOSS experience is limited to Pixels.
All communication services are backdoored.
We are fed media in every possible way, digital and analogue.
Open source hardware is still crawling.
>>
The digging (>>102863933) is continuing over in >>102910555
I still think somone raised an army, in Maryland.
>>
>>102908169
>GNU Boot
Btw
>Don’t Support the Coreboot Project
https://www.malibal.com/features/dont-support-the-coreboot-project/
Never heard about this company before though.
>>
>>102906195
bro there are so many systems to get into where I live (Central Europe)
Fuck I could probably just hack into easily half of the government services, its THAT bad. You can still just sql inject into a ton of them. And don't even get me started on industrial stuff theres just so much legacy shit around
>>
>>102912628
>industrial stuff
Yeah we are 100% fucked. At some point someone is going to 9/11 some municipal services
>>
File: shame-bell.gif (20 KB, 220x326)
20 KB
20 KB GIF
>>102906195
Dumbest post of the thread award, might as well go work at McDonald's with that mentality KEK. You're American aren't you?
>>
>>102906299
>news
Gay

>soifacing on social media
Also gay

>DIY
Straight
>>
File: 1724154259476473.jpg (434 KB, 1080x1110)
434 KB
434 KB JPG
Challenge Void: I SSH in, but there's just a bunch of random bullshit spamming across my screen, as if .bashrc was modified to spam text to stdin ceaselessly...
I wonder if an on-connect ssh command would do anything
>>
File: Void_screencap.jpg (769 KB, 3824x1036)
769 KB
769 KB JPG
This challenge is kinda weird, I'm not sure what to do. First of all, I don't even get an SSH into the level, it's a netcat. Second of all, the output is a bunch of bullshit, but it's not all the same. Clearly I'm supposed to do something with the output somehow.

>how to pipe netcat output to terminal
This is actually less trivial than it appears at first. I've learned how to do this, forgotten, and had to learn again. The way to control terminal pipes like a hacker is to use the 'tubes' library in Python. The real question is, what should I do with the output once I have it?

>what to do with the output
My first instinct is to filter out all the stuff that isn't the following string:
[0m[30;40m

>BIG THINK
Ohhhh wait... This might actually look different on Linux! I'm running Powershell here, the CTF is meant for Linux! Let's see how it looks on a Linux VM
>>
File: Void_from_Linux.jpg (202 KB, 3840x1041)
202 KB
202 KB JPG
Ok the good news is, I know why it's called Void. On Linux, it just fills your terminal with this infinite grey bar. But the bar seems to contain some secret in it. If I take away the color, let's see what remains...
>>
By the way, if you have any hacking-related questions, now's the time to ask. Hurry up before Zarathustra returns to the mountains to meditate. He does not like to stay long among the mortals.
>>
>>102914489
Try to redirect stdout to your pty.
exec 0< `tty`;
>>
>>102915281
fuck I mean
exec 1< `tty`; exec 2< `tty`;
>>
>>102915281
Thanks anon, but the challenge actually involves netcat, not SSH. There was a similar one with SSH, and the problem was a running loop in .bashrc. The CTF wanted you to learn that you can pass commands upon connecting with SSH. Solved that one pretty fast. This Void challenge is netcat. And I'm still thinking about it...
>>
>>102915295
In a netcat reverse shell? You probably have stdout connected to the wrong socket. or /dev/urandom. If you can figure out what your socket fd is you should redirect it to that.
exec 3<&1? or maybe you could write a little loop that starts from 3 and works up.
>>
File: kill_the_janny.png (410 KB, 1050x858)
410 KB
410 KB PNG
>>102915097
>>102915153
If you pay close attention, you'll see that I'm getting two very distinct terminal outputs depending on whether I connect to the server using Powershell or Linux bash. Powershell does not interpret the same escape characters for color and stuff as Linux, so what would appear as a pretty character on Linux, can appear as the code for that character on Powershell. Thus, your terminal outputs can look wildly different. This is why when I write a script, I make sure to have a disable feature for Linux-only color output, in case the script gets run on Powershell (because hello, Python is king due to cross-platform compat?)
>>
>>102915350
thinking about it the wrong way again sorry. it would be something else writing to the socket somehow? is that possible?
>>
>>102915350
What does this code do?
[code[
exec 1< `tty`; exec 2< `tty`;
[/code]
I'm afraid I don't follow doc
>>
>>102915380
That assigns your pty fd to your stdout and stderr. But if you're in a netcat shell, you don't have a pty connected to your standard streams, you have a socket. That's why I'm saying maybe something is writing some random bullshit to the socket to fuck with you.
>>
>>102906195
My friend, hacking is like lockpicking. If you follow the Way of the Hacker, you will go through the following phases, which are the same as the phases of a locksmith:

>Normie
Level 0 skill, ignorance of concept. You only see it in movies, and assumes it's a magic skill. At this stage, you would see a key lock as unbreakable, and you would also see computer systems as secure. To the extent that you worry about, anyway. This is where most people are, but not you. Moving past this point is easy, because it only requires passion and a small amount of clarity.

>Novice
For some reason, you've taken an interest into the Way. Maybe you decided you weren't dangerous/intimidating enough, maybe you need money, who knows. Maybe it's just who you've always been, and you're only now awake and working towards your destiny. Maybe others decided to arm you with this knowledge so you can serve them as their pawn. I won't judge. But you're bad and unskilled as a novice, so you're demoralized because everything seems unhackable. This is the point where you're frantically trying to hack, frantically trying to pick the lock but failing, reading everything you can, learning from masters, but you cannot yourself do it. You start to question the Way, and even if it's possible. Most people get broken exactly here. And then... Eventually, sooner or later, the lock opens. You find yourself able to hack. Just like that, you have surpassed.

>Adept
Just because you can pick 1 lock or solve 1 challenge doesn't mean you've mastered the Way. An adept becomes a Master through much hard work. This is the longest phase.

>The Master
Usually an old man, this is a teacher of the Way
>>
>>102915401
I think the key is inside the random bullshit itself. Anyway, I'll be back in a few hours with an update.
>>
cyb+bump
>>
File: voidflag.jpg (98 KB, 2017x999)
98 KB
98 KB JPG
>takes down the Void challenge
Took me a good while, but I solved it. The solution was simpler than I expected it to be, and my instincts were right all along. I knew I just had to filter out the [30;40m and I would get my flag. Because I'm way too dumb to filter the text, even with the help of ChatGPT, I just used tee to pipe my netcat output into a text file, and then ran the strings command on it. Then, I managed to find the answer manually before I even removed the filter string. I think I'll remove the string now just for the hell of it.

[code[
# port and url are changed
nc challenge.url 69420 | tee void_output.txt &&
strings void_output.txt
#instead of manually scanning output of above line, you could try to grep anything that doesn't match [30;40m
#I found the flag before I could try filtering like that, but I'll do it anyway in a sec

[/code]
>>
Gotta say, void was interesting. It's listed as a warmup challenge because it simply entails grepping through your netcat output. I solved it with something like:

nc challenge.url 69420 | tee void_output.txt &&
strings void_output.txt > void_strings.txt &&
grep -o '[A-Za-z0-9{}]' void_strings.txt
# the above code should show the flag


On to the next one, Zarathustra goeth.
>>
File: void_cleanview.jpg (70 KB, 1921x1000)
70 KB
70 KB JPG
Here is what the Void flag looks like if you clean it up according to the codebox above
>>
Got the Matryoshka QR challenge. It was easy, all I had to do was read the big QR. That QR had a hexadecimal representation of another QR png image. I had to use python to convert the plaintext hexadecimal representation to actual binary so that the image would be rendered. GPT saved me a lot of time by giving me this nifty script:

png_data = b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\'\x00\x00\x00\'\x01\x00\x00\x00\x00\xa4\xd8l\x98\x00\x00\x00\xf5IDATx\x9c\x01\xea\x00\x15\xff\x01\xff\x00\x00\x00\xff\x00\x80\xa2\xd9\x1a\x02\x00\xbe\xe6T~\xfa\x04\xe4\xff\x0fh\x90\x02\x00\x1a\x7f\xdc\x00\x02\x00\xde\x01H\x00\x00\xbe\xd5\x95J\xfa\x04\xc2*\x15`\x08\x00\xff\x9d.\x9f\xfe\x04\xfd#P\xc3\x0b\x02\x97\x0e:\x07d\x04/vIg\x19\x00\xbb\xcd\xf3-\xd2\x02\xfb\xd6d\xb5\x88\x02E\xc7^\xdf\xfc\x00\x84\xfb\x13\xf3J\x02\xfd\x88a\xefD\x00\xc8t$\x90\n\x01\xc7\x01\xee1\xf7\x043Q\x17\x0cH\x01\xa5\x03\x1c6d\x02\r\xf0\xbfV$\x00\xcf\x13d3\x06\x01\xee\x08J\xf5E\x00\x9b\xee\n\xac\xfa\x01\xea|\xf2\xe86\x04\xb3\xc9\x84\xf7\xb4\x02\t\x90U%\x14\x00\xbf g\xa5\xee\x02\xfbH\xf1#4\x00\xff\xa1!;\x86\x02\x81VB\xdf\xfc\x04>\xb1s\x00\x10\x02\xe4>\xab-p\x00\xa2\xc6\xfe\xf6\xee\x04\x00\x05\xcbl5\x02\x1c\xfc\x85;\xd0\x02\xc2\xfb\xe6A\x00\x01\xff\x00\x00\x00\xff\xf9\xdb_g\xf4\x9a\xddH\x00\x00\x00\x00IEND\xaeB`\x82'

with open('output.png', 'wb') as f:
f.write(png_data)

>>
>rules page has a flag in the page source comments
That one's getting old, thought I saw that 3 years ago. Anyway that's another one down.
>>
10 more days left, ye hunters. Wishest thou into the fray, then come join 4chan's finest:

https://huntress.ctf.games/teams/invite?code=eyJpZCI6Mjg3MywidiI6IjcwZDY5Yjg1OTgxY2Y5MjJhZmRjOGJmNDc5OThjMjVkYjkwZmRjODUifQ.ZxcGVg.u7vsEPuNSllnp43eVkkQGej4SOg
>>
Exactly like bandit, one of the challenges was an mp3 file which was actually a PNG image. All that was required was to change the file extension. I figured this out in 2 minutes with the file command.
>>
>tell me to do HuntressCTF
>no one interested
We legit could have unironically come #1 if we started early
>>
File: cattle_screenshot.jpg (246 KB, 742x915)
246 KB
246 KB JPG
>I find one I can't solve
It's an ascii file named cattle. I'm supposed to herd them, I guess. I know there's a multiplication "moo" challenge in there somewhere. The file is given in a grid.
If this involves some kind of base-4 multiplication, I ain't about to do it all for 50pts. Doesn't mean I won't solve this later, but there's no way I can get the answer anytime soon for this challenge. I'm guessing I need to write some code to put them in order for this challenge? I have no idea.
>>
After being unable to solve 1, I've fizzled out. Gonna have to take a break.
>>
If you're depending on me to keep the general alive, don't. I have other stuff to do.
>>
>>102921127
One of the news guys here. Nope, I don't make demands or assumptions, I have just been busy.
>>
I'm sufficiently warmed up. Tackled all the warmup challenges except the gay Discord one and 2-3 others. Tomorrow, the real fun begins. Gonna start out with a Forensics challenge on Macintosh. Stay tuned my niggas
>>
Infant-tier overflow challenge, if you cannot solve this you should be ashamed

#include <stdio.h>
#include <unistd.h>

//gcc -fno-pie -no-pie -Wno-implicit-function-declaration -fno-stack-protector -m32 babybufov.c -o babybufov

void target(){
puts("Jackpot!");
char* executable="/bin/bash";
char* argv[]={executable, NULL};
execve(executable,argv,NULL);
}

int vuln(){
char buf[16];
gets(buf);
return 0;
}

int main(){
setbuf(stdin,NULL);
setbuf(stdout,NULL);
puts("Gimme some data!");
fflush(stdout);
vuln();
puts("Failed... :(");
}


>>
>>102922197
Is it worth learning C?
>>
>>102922450
>the absolute state of /cyb/+/sec/+/pri/
The funny thing is, the answer to your question is that you should learn go first
>>
>>102922450
C is a must, as is at least one assembly language
>>
=== /cyb/ News:
>Defence groups bet big on drone-destroying laser weapons
https://archive.is/TIFXX
>Earlier this year, British and American ships were forced to fire multimillion dollar missiles to shoot down drones launched by Houthi rebels in the Red Sea.
>“It is ultimately not economically sustainable to shoot down a $100 or $1,000 drone with a $1mn plus interceptor,” said James Black, defence researcher at Rand Europe, a non-profit research institute.
The premise is straight forward, but what about the "solution"?
>For decades, the US has been conducting research into so called “directed energy weapons” like lasers and high-powered microwave systems, most notably under Ronald Reagan’s “Star Wars” defence initiative. Although lasers have been used as rangefinders and to dazzle pilots on the battlefield, it is only now, with advances in computing, optical technologies and fibre optics, that countries are seeking to exploit them as effective weapons.
Straight to the Rube Goldberg money guzzling projects, in other words. RMA, Revoilution in Military Affairs, remaisn dead in the West, while Ukrainian operators make do with available tech.
>>
>>102922450
Yes. You don't have to become a C programmer but you need to understand how it works: the stack, memory allocation, pointers, etc. These concepts show up a lot in many other areas and understanding how to program in C helps with your intuition. Plus it's really not that difficult.
>>
>>102924428
(you)
>>
>>102880421
Asking you guys the same as in >>102927935
>>
>>102927961
It's way easier to just take your meds anon
>>
>>102927961
Here, you're asking a general that couldn't figure out a buffer overflow from the 90s. They're not going to figure out any firmware hax anytime soon. Too busy grinding for certifications.
>>
Have you guys ever wondered why certs don't teach you to hack? Because certs are designed to waste your time and energy into knowledge that is exactly tailored how the CAs please.
>>
>>102880421
Anyone can recommend a faraday bag I can put my thinkpad x230 and my phone into that can be ordered off amazon?
>>
File: 1728781232175450.jpg (146 KB, 1000x1024)
146 KB
146 KB JPG
>>102922197
fuzz with pwntools cyclic, find EIP
do shellcode at that location, get shell
>>
Daily reminder to not trust hostile governments who hate you.
>Huawei in particular has long been an entity of concern for the US over fears that the company's telecoms equipment is laced with backdoors that Beijing could exploit for the purpose of espionage.
https://www.theregister.com/2024/10/22/tsmc_huawei_sanctions_report/
>>
>>102931348
Daily reminder that American government is the biggest threat to American citizens, and anyone who says otherwise is a fed
>>
>>102888767
Wasn’t this Symb0l who started this entire trend? Miss that tripfag, he always had insightful nuggets to learn from
>>
>>102888767
That anon hasn't been seen since the incident, I wonder if he's still breathing
>>
>>102931399
This might be the stupidest thing I've read all day
>>
>>102922197
I really want to point eip to target but gets fucks with my \x91. So the best i can do is \x91\xc2 but that puts me in the middle of target. I don't want to spend more than 10 minutes on this so I guess I suck.
>>
=== /sec/ News:
>Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia
https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop
>Sent out last week by Linux's second-in-command Greg Kroah-Hartman was the patch dropping a dozen maintainers from the kernel. Greg simply commented in there:
>"Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided."
>This includes the maintainer of the Acer Aspire 1 EC driver, Cirrus Logic CLPS711X ARM architecture, Baikal-T1 PVT hardware monitor driver, Libata PATA drivers, libata SATA AHCI Synopsys DWC controller drivers, ASCOT2E media drivers, MIPS Baikal-T1 platform driver, NTB IDT driver, PPTP driver, Renesas R-Car SATA driver, Renesas Super-H Ethernet Driver, and the UFS file-system. Just the maintainer entries are being removed and not the actual drivers themselves.
>The commonality of all these maintainers being dropped? They appear to all be Russian or associated with Russia. Most of them with .ru email addresses.
>In response on the Linux kernel mailing list it was asked by others what are the "compliance requirements" and "sufficient documentation" needed... So far there isn't any public comment by Greg Kroah-Hartman. Presumably this is due to sanctions on Russia involving the war in Ukraine.

Someone has been leaning on someone. And were Russians leaning on the developers to sneak in security holes or is that what others fear?
>>
>>102931514
Which one of them? About a dozen are missing.
>>
=== /cyb/ News:
>Breakthrough from REMspace: First Ever Communication Between People in Dreams
https://www.businesswire.com/news/home/20241008878282/en/Breakthrough-from-REMspace-First-Ever-Communication-Between-People-in-Dreams
>On September 24, participants were sleeping at their homes when their brain waves and other polysomnographic data were tracked remotely by a specially developed apparatus. When the server detected that the first participant entered a lucid dream, it generated a random Remmyo word and sent it to him via earbuds. The participant repeated the word in his dream, with his response captured and stored on the server. Eight minutes later, the next participant entered a lucid dream. She received the stored message from the first participant and confirmed it upon awakening, marking the first-ever “chat” exchanged in dreams. Additionally, two other people were able to communicate with the server through their dreams.

Shades of Inception? And what could possibly go wrong?
>>
How does cell tower/SIM pinging work? Can the SIM still be pinged if the phone battery is removed?

I ask because the similar chips in a credit card work remotely without ever being connected to a power source.
>>
>15 minute countdown timer
what in the actual fuck
>>
>>102934380
lurk more wikipedia can answer this, no the simcard isn't a NFC and even if it was it can't broadcast hundreds of meters
>>
>>102934380
In theory, you can design a circuit to be selectively excitable with sufficiently powerful beams. It appears to be conceptually simple to solve the inverse problem and find out if a given pcb was designed with that in mind, but I'm not aware of any public research like that. If you have tons of spare time, go ahead and fill this niche yourself.
>>
How exactly do malware/viruses/trojans infect your system by just plugging in a drive? Don't you have to execute something?
>>
File: 1725814363471984.png (322 KB, 717x1024)
322 KB
322 KB PNG
>>102935961
BadUSB attacks, they pretend to be a keyboard and type commands really quick to download malware.
>>
>>102936157
That requires a specific device. What if it's just and SSD. People say oh don't plug in a HD if it's got viruses it'll infect you. What's the mechanism?
>>
>>102936174
If it's via USB it can still do what the other anon said
>>
>>102936197
What about over SATA?
>>
>>102936205
Maybe it's possible via some wizardry but certainly much less likely than via usb, wouldn't personally worry about it
>>
>>102936242
So it's safe to plug in an SSD? Is there software that can identify anything malicious? Like ransomware? Does defender do that?
>>
>>102935102
>It appears to be conceptually simple to solve the inverse problem
Does it?
>>
Interesting about salary levels:
https://www.electronicsweekly.com/blogs/mannerisms/ten-best/top-ten-best-paying-jobs-in-tech-2024-10/
4 of 10 relate to security.
>>
>>102935961
>Don't you have to execute something?
The file can be autorun exeecutable, it it could start an image viewer that has a vulnerability, or any other autorun functionality on what should have been a pure data file.
>>
>>
>>102904162
As you can see the troons here don't have the skills or the balls to pop boxes, they can only play in the safe controlled environment of a CTF. And they're proud of it, for example the latest tripfag who thinks he's hot shit for using grep. Call them out on it and they expect you to contribute (really, spoonfeed) your hard work.
>>
Do you ever worry about firmware rootkits?
>>
>>102937958
Yeah I do, but then again I can't afford to get safer material since I can barely afford enough to eat.
>>
>>102937697
This hasn't worked in a while. The new hotness is replacing files with a .lnk.
>>
>>102937958
Nope
>>
>>102939038
I think there will be a lot of upheaval late next year when Win10 runs out of support for a lot of old machines that cannot be upgraded to Win11. Will people buy new machines knowing that modern CPUs self destruct regularly and are loadd to the hilt with major holes such as Spectre/Meltdown/whatever_next where each "fix" drags performance down? Old hotness will probably remnain for a lot longer, knowing that Win7 is still in use.

And it is a bit early still for "Year of the Linux Desktop" Mk 939, probably also for SerenityOS. Time to go back to in-order execution CPU, at least for critical stuff? I guess a 3 GHz in-order with ample cache would be fine for most office use, perhaps even fan free solutions too.
>>
A bit suspicious that NPU is so popular in Russia:
https://snapcraft.io/intel-npu-driver
Is the NPU used in battle drones in Ukraine?
>>
>>102920370
I didn't even notice it in the thread. Fuck man, that would have been fun.
>>
Anyone here do physical pen testing for no reason? I just think it'd be fun to try and get inside a server room you're not supposed to be in. Like, not to steal anything but just for fun
>>
>>102940961
>would have
It's still got 1 more week. You can come try the challenges I already solved too. Fun and exp, if you have nothing else to do. I'm actually making even more use of it, because I'm using my write ups to apply for jobs. That's how it works.
>>
>>102941047
Works for me then. I'll prob run through it when I get home after work tonight.

I've always wanted to do something collaborative with /cyber/ but I never really get any bites in the thread. I suppose it's more of a "if you build it they will come" sorta thing so that parts on me.
Maybe I should start just posting a box and see who tries to solve it with me. Even if it's one anon it would still be pretty schway.
>>
>>102941032
You don't need to do that when you get hired as an inspector, because then you say how you could do it, and write something on paper. With that said, I don't do that, and if I did do it, it would be for a very good reason like I need to do my job or something.

>>102937958
I worry about VM rootkits, son

>>102931736
No, you have to run the actual binary they give you. The 'standard' way to do this is to use the unchecked buffer for overflow and shellcode. Although, your way of using a debugger could work, so I'll actually give it a shot, when I get a chance. Got some actual work that needs doing besides CTFs.
>>
>>102931841
>dropping Linux kernel devs for being Russian
Lmao toss out some of the top dogs what could possibly go wrong? Kek
>>
>>102941145
>You don't need to do that when you get hired as an inspector
Wow look at this dude and his cool job and his 401k...
>>
>>102934597
It's rolled out on the vidya boards and is coming here. It's an anti-spam measure. Lurk 15m before posting rule.
>>
>>102936205
>>102936197
I have nothing to do with this conversation, but yes it's possible over SATA and even over Bluetooth. Emulating a keyboard device isn't that hard. It's a great vector.
>>
>>102941101
Wanna join my team?
https://huntress.ctf.games/teams/invite?code=eyJpZCI6Mjg3MywidiI6IjcwZDY5Yjg1OTgxY2Y5MjJhZmRjOGJmNDc5OThjMjVkYjkwZmRjODUifQ.Zxkg1A.62E6Xsf1T2DPRk8KfnAkKwynBUg

I left the buffer overflow one up for you to try, if you'd like. Start with it. You'll need to know how to do this if you ever want any hope in hell of hacking for a job.
>>
my friends says im a schizo for worrying about this type of things and they´re starting to stop talking to me
it´s over

it´s over
>>
>>102941360
>drop social media apps
>friends like you less
kek

>not being able to show your friends why they should fear it
makes sense they see you as a scary clown with 0 IQ
>>
>>102941447
yeah definitely talking to them about surveillance capitalism will make them scare less of me
>>
>>102941192
But how does the software run automatically when stuff like autorun is disabled? What if the permissions are set to not execute files too?
>>
>>102941851
Obviously the USB keyboard is a lovely attack vector
>>
>>102941907
But what's the mechanism that the software runs from a SATA drive to attack a keyboard then?
>>
>>102941946
It doesn't attack a keyboard, it makes itself look like a keyboard
>>
>>102942064
The entire SATA drive? But wouldn't you notice something like that? I mean would it still mount and operate like a drive?
>>
is there a guide to know/estimate how much of a browsing footprint I've left out there? Like, how much of my porn habits google and my ISP and so on have kept track of?
>>
>>102942116
If you use your ISP's DNS you should at least assume the ISP has recorded every DNS lookup and saved it. Lots of sites have the same IP for multiple domains, that's why you shouldn't use your ISP's DNS.
>>
>>102942097
Define 'entire SATA drive'

>>102942116
>>102942205
There's so much of it that most of it doesn't mean much
>>
>>102942285
I was told that it's risky to plug in a drive, say one that belonged to someone else. I wanted to see the files on it, though. So I just wondered what the mechanism that such a drive would infect me with something is.
>>
>>102919615
This actually doesn't work because the grep is wrong, oops
>>
>>102941145
Yeah I assumed they removed all jmp esp and similar gadgets since they put a target() function. My thought was there was another gadget they wanted you to use to point eip at target or even at execve.
>>
>>102942958
ya it's infant tier
>>
>>102939249
Seems Qualcomm might be forced to change architecture:
>Arm cancels Qualcomm’s chip design licence amid legal dispute
https://archive.is/IJIW1
>SoftBank’s Arm has told US chipmaker Qualcomm it will cancel its chip design licence, raising the stakes in an intellectual property dispute set to go to trial in December.
x86 goes back to the 70s, ARM back to the 80s, and a new architecture is way overdue. And RISC-V is not it.
>>
>>102942097
That's the thing, I don't know. I've never done it. I'm thinking you just add on to the firmware, then get in through the firmware or something. Then once you're on the disk, you can get something to autorun. Way easier through USB.
>>
>>102943944
Dude they'll give back the loicense after the ransom is paid, what do you think this is all about? Money
>>
>>102943953
Ok, so if some guy just had a bunch of pirated software on a drive and then I plug it in and don't run any executable files, it's unlikely to infect me? It sounds like software wise (without specially prepping a drive) it requires something to be run.
>>
>>102944008
>what do you think this is all about?
Risk management. And just now ARM appears to Qualcomm as a risk that they can eliminate. Apparently infighting between Qualcomm divisions is the reason they have not turned their Hexagon DSP into a complete CPU. Now they might change that. They might have to fire some middle managers, and now is the season for that.
>>
Quick I got access to a phone number that will be overwritten in a few hours, what to sign up for that usually annoyingly requires a phone number? Google Voice and Telegram I guess.
>>
File: adO47r1_d.jpg (42 KB, 480x480)
42 KB
42 KB JPG
Hello /cyb/sec/pri/

I just had a couple quick questions if you don't mind enlightening a normie like me.

I have a colorful online history to say the least. Now that I am really entering my career I would like to clean up my internet footprint for potential private investigators.

My questions are these:

1. How deep do background checkers actually check if the job is not related to security or anything classified? My career is not computer or security related but it could be considered "skilled labor" and is very technical.

2. Is there a way for PIs to see your email accounts, and associated emails and every website you have registered on using those emails?

3. What is the best most comprehensive guide for purging one's digital footprint?

Thank you
>>
>>102945670
Much depends on where you are. Where I live, we have had a few known instances where HR bosses (who tend to have military background) called old friends still in military with access, who did some major digging into registers they should never have had access to. What is known is presumably the tip of the iceberg.
>>
bump!
>>
Anyone here uses Waydroid?
Do you compile your own AOSP version?
I don't know if I can just trust an their image.
>>
>>102945670
as the other anon said, depends where you are, first world countries will naturally be more observant. However, if you're not gonna deal with sensitive data or legal stuff, I'd say you have nothing to worry about, they'll probably just search if you have criminal records and maybe just stalk your social media if you have any and that's it. Hiring people to actually investigate you is kinda pricey so not many companies will bother with that if they don't need it
>>
>>102945670
>I have a colorful online history to say the least
pron?
>How deep do background checkers actually check if the job is not related to security or anything classified?
Probably not that deep. They will probably only look at your criminal history and possibly your social media accounts.
>Is there a way for PIs to see your email accounts, and associated emails and every website you have registered on using those emails?
It depends on how bad your opsec is. Unless your email was in a leak, there's no way for them to know you have an active account on Pen Island.com.
>What is the best most comprehensive guide for purging one's digital footprint?
It depends on how bad it is. Obviously you should delete whatever accounts you have that associate your name or email address with your activity. If your cock and butthole are online the best coa is to get a lawyer to issue a DMCA request to google, bing whatever. This will at least prevent your cock from popping up as the first search. But Yandex doesn't give a fuck about DMCA so they can still potentially find it if they really want to see your nudes.
>>
>>102946074
>>102948202
>>102948347
Thanks for the tips! Really appreciate it.
>>
>>102941248
Waiting on the confirmation email. I wonder if they don't allow proton
>>
>>102949991
It worked. It's late so I'll poke at it tonight but I might not get it done because it's 1am.
>>
>>102941248
Okiedoke so I can have it crash because it doesn't say failed anymore. So looking at that I'll then need to reference the line of code using objdump for jackpot which I believe should get me execution because of the bin/bash
Understanding and doing that is different so I'm diving the net right now.
I've understood the concepts of buffer overflows but haven't actually done them out.

I'll poke at it a bit longer but like I said it's late here. If I'm wrong please call me a faggot and maybe post a smug anime girl.
>>
>read threads on pol trying to get an emotional response
glow niggers
>read news articles about retarded shit
paid glowies
>see marketing spiel about privacy or security in the modern era
paid glowies and retarded offshore developers
>slowly ignore most news
>slowly garner an interest in taking care of plants and diving into my own weird interests
i am ready for this world
>>
hacking is 10x the work, 10x the risk, 10x the pay.
does that seem worth it to you.
>>
File: 81f.png (18 KB, 646x655)
18 KB
18 KB PNG
>>102931615
t. Agent Lopez

Agent, the Chinese and the Russians aren't gonna come grab me from my house at 3am, because I'm American. It's the fucking Americans who are gonna do that. Good thing you're fat and fucking retarded, or I might be in serious trouble when you come over.
>>
Interesting how glowfaggots invade this space as soon as it goes against their propaganda. maybe they got new budget again?
>>
Daily reminder the people who tell you to distrust Russia/China are also the same ones telling you to distrust Snowden
>>
What does /g/ say about Intel IME and AMD PSP? I see different places say completely different things and I'd rather get a computer that has a more secure chipset.
>>
its looking like this is our only way out isnt it boys. this is going to suck.
>>
=== /sec/ News:
>White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024
https://www.securityweek.com/white-hat-hackers-earn-500000-on-first-day-of-pwn2own-ireland-2024/
>The highest single reward, $100,000, was earned by Sina Kheirkhah of Summoning Team, who chained a total of nine vulnerabilities for an attack that went from a QNAP QHora-322 router to a TrueNAS Mini X storage device.
>>
>>102955414
the bar is lower for blackhat hacking with phishing and spreading malware. The bar is specially lower if youre a regular criminal leveraging things like radio jammers to jam cameras or rf to steal cars or use stolen documents to apply for credit, but thats for organized people.
a zero click for watsapp must be impossible tier but then what do you do with that.
>>
Need more Solarpunk!
>>
>>102953874
Don't worry about that shit. You don't have the IQ to worry about it, the only thing you can do is go full schizo
>>
>>102955414
Whitehats get pennies kek. Imagine $60k after taxes for work that must have taken 2 years
>>
File: Amerimutt_Image.png (216 KB, 500x500)
216 KB
216 KB PNG
>>
>>102958505
>must have taken 2 years
How do you know it took that long time?
>>
>buy prepaid card in retail
>what email we send the code to
im so sick of this gay world man
>>
bump for privacy!
>>
Bump for cyberpunk!
>>
Assuming that your x509 communication with a server can be MITM'd (+Spoofed) (Say, through someone stealing root cert keys, or somehow proliferating their fake root cert on your machine via malware), and considering that a lot of client pages send passwords 'in the clear', though encrypted with TLS...

How could you protect against that situation?

Would it not make sense to do the following:
>Salt 1 requested through the connection based on the fact that you know the username
>Salt 1 concatenated with password
>Combination is hashed and sent through the possibly insecure connection
>When it hits the server and is decrypted, it still has no password information but it still has one consistent result
>Server hashes with Salt 2, checks db, builds session if matching
>>
File: 1676334231980117.jpg (63 KB, 735x587)
63 KB
63 KB JPG
>>102964077
you have malware on your computer, there's no protection anymore

ignoring that for the sake of your thought experiment, are you just trying to protect the password?
attacker has MITM with TLS decryption, they can just do a replay of any hash to login, or steal the session cookie
>>
File: 1684203340675582.jpg (99 KB, 800x800)
99 KB
99 KB JPG
https://auth.lol/binja/
https://auth.lol/ida/

enjoy
>>
>>102960284
skid issue for not having 6,000,000 emails
>>
>>102964151
Thanks for your answer.
You're right, you would have to add time or nonces to the exchange.

I was mostly thinking about the case like in Kazakhstan where the government muscled the Root CA's keys and were able to spoof certificate chains (to serve up mitm websites) for local sites because the government could now sign trusted certs.
>>
File: Zarathustra.jpg (39 KB, 613x619)
39 KB
39 KB JPG
Still a week left in HuntressCTF 2024. Zarathustra just took down another challenge. It was a simple crypto challenge.

>have I done the baby overflow yet?
I literally need to create a 32 bit VM in order to do that challenge, so Nein. Gotta waste my time setting up a 32 bit VM now. Unless, does anyone know how to run a 32 bit ELF binary on a 64 bit CPU? I've tried to execute the executable that the CTF provides, but my bash either says that it cannot find the executable, or that it cannot run the binary.
>>
File: sekiro.jpg (75 KB, 1126x902)
75 KB
75 KB JPG
This is a fun challenge, with a similar style to Void where I just netcat in. I have to figure out the correct moves to counter my opponent, and then automate it to go really fast. This time, I can't just run netcat for a few seconds and tee my output. I actually have to automate I/O on both ends.
>>
>>102931399
Second biggest. American citizens are the biggest threat to American citizens.
>>
=== /sec/ News
>No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer
https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html
>This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn’t bad but was taken widely out of proportion.
>Cryptography is safe, and will be for a long time

Another case of nothing is true until officially denied?
>>
>>102937790
Imagine thinking you have skills becausw you do ctf on htb haha..

This is why this general suck and will always suck.
>>
>>102906299
Look at dis corpo shil lgo suck a donkey cock u fukin faggot piece of shit

U 100 year old slut!!
>>
hi guys, any way i can get my telegram account back? i was logged only on one device, the number was fake and can no longer access it, the HDD stopped working and i don't know what to do
>>
Reposting the updated Data Broker Removal Links:
https://pastebin.com/yhWpAgXb
>>
>decide to clean up fuckerberg account
>have to delete +15 years worth of comments, likes, reactions.
>it's two or three different logs
>pages load 25 comments at a time
>it fails one time out of two
>always buffers
>spent nearly eight hours on it
>only five years in and it keeps getting more dense
>all scripts to automate it are outdated or provoke log lockdown
Do I give up? Clicking this shit is making my wrist hurt.
My main target here is to make sure all the likes/comments on other publications will be gone once I finally delete my acc. And I'd rather do it manually than trust fuckerberg to do it.
>>
>>102937790
>>102966206
CTFs are fun. They don't count as real hacking, but they're still fun. Imagine hating on someone on /cyb/ for doing a CTF. Besides, you have to be an idiot to post real hax here, because they go straight to glowies. I've posted 0 days here, and they get reported instantly and patched. Faggots will just steal all your work.

>hot shit for using grep
Grep isn't exactly that basic. Regex requires some IQ
>>
>>102965265
American feds count as citizens. They view themselves as super citizens, with more rights than non-feds. That's the key reason why they're evil.
>>
>>102964151
NTA but you could just block with firewall
>>
File: 1668729212290719.png (209 KB, 510x346)
209 KB
209 KB PNG
>>102968527
how would you login to your website then?
>>
>>102969226
Proxy maybe
>>
File: murica2.gif (958 KB, 404x402)
958 KB
958 KB GIF
>defeated yet another CTF challenge
For all you retarded Muttmericans REEEEEing that this 'isn't real hacking', I have a few things to say. First of all, let's see your retarded ass solve these challenges. Secondly, let's see your retarded ass post some 'real hax'. And finally, to reiterate upon a point I previously made, you would have to be insane to post any type of cool stuff here.
>>
>>102931615
>how to tell everyone you don't read anything
>>
File: media_F7Mkdm1aUAA7J0J.jpg (330 KB, 1920x1080)
330 KB
330 KB JPG
>>102966762
>https://pastebin.com/yhWpAgXb
Great stuff, thanks!
How about putting it on the (new) wiki?
>>
Time to tackle the GoLang challenges on the HuntressCTF. Go has been getting more and more popular recently. I do say, I like this lang. It's better than C++ in my humble opinion. HuntressCTF 2024 offers a boot camp of exploiting and reversing Go. Fun times. Oh, and one more thing: if you faggots shut the fuck up about Russia and China, I promise I'll stop posting Mutt memes. American government is no better than the ones they criticize.
>>
>>102970135
proxy would also suffer MITM and potentially spy on you.
>>
>>102973551
Well I guess I'd be running the proxy/VPN in a container

>>102964151
>>102965113
>>102964077
I believe the scholar's answer is to have the password hashes hashed and encrypted. That's the easy solution to the problem. Use a trustless approach that is built securely from the ground up.

>thought experiment
Some jeet somewhere has done this, so it's more than a thought experiment. It happens a lot I might even say, cuz if a jeet can do it, a Chang can do it in half the time.
>>
>>102968354
>I've posted 0 days here, and they get reported instantly and patched.
>Regex requires some IQ
Your dumb ass that struggles with regex has no 0 days to burn lol
>>
How do I waste as much glowie office work time as possible without ever actually getting vanned
>>
>>102975193
Kek that's what you think, ever heard of skill trees? People have different skill trees. And who says I struggle with regex?
>>
>>102975302
You literally don't. You accept that there's millions like (you), glowies can't watch us all, so they've been using bots this whole time. For a while.
>>
I got the correct regex very fast, just dont think i posted complete solution cuz im using it for a writeup somewhere other than 4chan.
>>
File: NIO.png (751 KB, 1230x1034)
751 KB
751 KB PNG
General reminder:
If you're using anything developed by a Corp, you're at their mercy.
Independent Devs and Open-Source Volunteer Devs are the only trustworthy sources.
>>
>>102937790
tough scene out here...

>>102970985
Literal middle schoolers run strings and grep for flags. Doing a billion low hanging fruit variations of overthewire bandit simply isn't worth posting about anon.
>>
Is it better to give out credit cars info to jewmazon or use something like paypal or whatver else is there
>>
>>102975584
You're right, those were warmups
>>
>>102975739
both are safe
>>
>>102975584
when i was in middle school, I blocked ads and pirated better than most adults now
>>
So how important are updates on "smart"phones anyway? Why do people bitch about it? My idea is that if it calls, texting apps work and I could use maps and music then I have no complaints. Only concern is the planned obsolescence and having all the key details onto one device, which i never do and make backups anyway. What's the actual security concern?
>>
>>102977331
New version of apps basically. Also UI and certain performance upgrades, although only with compatible hardware
>>
File: hack.jpg (51 KB, 849x730)
51 KB
51 KB JPG
How can you keep your computer safe from nation-state hacking, /sec/?

Pic related is not meant in any political way at all - instead it just shows that ANYBODY can be the victim of nation-state cyber-attacks. You could argue that high-value targets run a greater risk, but remember WannaCry? That attacked tons of computers, and it was linked to the North Korean government.

>a highly sophisticated nation-state actor has reportedly targeted several US telecommunications providers to gather intelligence
https://www.bbc.co.uk/news/articles/cwyg9w7g6zlo
>>
File: oil-down-sink-1.jpg (85 KB, 1200x800)
85 KB
85 KB JPG
>>102977331
Security on other people's phones? Not my problem
>>
>>102977671
Honestly you just practice data hygiene. Store stuff offline.
>>
So Israel bombed Iran. What are the chances that Israel had prepared by taking control over the Iranian air warning and defence network? There is strangely little information on this.
>>
>>102977671
There are glowie bulletins about this. As a courtesy i wont link. I'll summarize!

>use at rest encryption
Chang can steal encrypted data, but he won't break a good password till his quantum pc is working, or you lose password elsewhere

>use obfuscation
Obscuring through obfuscation can frustrate even a nation state opponent

>use VMs and containers
Wipe them often

>control your OS and updates
People REEE, but it's always easier to hack old stuff. The only time this is untrue is if you have someone like The Barefoot Anarchist who takes a Windows server on a set api level and just hardens it until all known vulns are patched. Unless you wanna do all that (and still get hacked), just stay on the update cycle. I know the update cycle introduces bad shit too, but it's harder to hack on average.

>use a firewall
Extremely important

>antivirus
Intrusive and lagging, all it really does is stop known malware, and unsigned exes. But it can save you.

>Lineage
Not a 100% solution, but DeGoogled Lineage or lefthand Googled Lineage is easier to harden than Googled Android. Don't forget about the firmware blobs! I don't think all glowies say this, but it's common sense. Also you should have a secure tablet that's wifi only.

>my opin
You gotta worry about every1. You're so worried about glowies, when a skid could prob hak u.Git gud @ defense
>>
>>102978697
Doesn't it get boring? You can connect the dots all you want but you'll never truly know anything. Like the ancients would ponder stars.
>>
>>102977699
thanks for tagging that post, gave me a good kek, imagine posting that on the cyber sec thread no less, simply memetically beautiful
>>
File: eddie-mendoza-the-pod.jpg (419 KB, 1680x960)
419 KB
419 KB JPG
>>102978845
>Doesn't it get boring?
Not really.
>You can connect the dots all you want but you'll never truly know anything.
Information will leak out. Part of what is at stake here is Israel depended on hacked air defence network or F-35 stealth. The quality of the latter is uncertain, only the enormous price tag is known.
>Like the ancients would ponder stars.
Thinking is what we do in 7cyb/.
>>
>>102972442
If anyone has an account there, feel free to add it.
>>
>>102975739
Paypal or any non-mega corporation source is better
>>
>>102975302
>>102975407
Pretty much. They have infinite money so ofc they have a couple of DCs with millions of GPUs analysing all traffic in many countries.
People are so overwhelmed by LLMs that they forget ML is a thing since many decades.
>>
>>102975739
>>102980344
>>102975909
>PayPal wants to share your data – unless you do this
https://www.techradar.com/computing/cyber-security/paypal-is-set-to-share-your-data-with-third-party-merchants-unless-you-do-this
>>
>>102980748
Still better than borg Amazon
>>
>>102978697
Are u really think thats possible?Write killchain how to do this
>>
File: scr.png (196 KB, 476x640)
196 KB
196 KB PNG
The MALIBAL dude is /g/ autistic chad and you cannot convince me otherwise

> fails to implement coreboot
> bans entire countries of Germany and Poland in process
> bans states of Texas, Maryland, Colorado
> probably bans even more shit and calls people zombies
> refuses to elaborate

Those consultants weren't ready for a real autistic dev and now everyone learned about his laptops. It's a W
>>
>>102981175
They both suck.
Buy local or direct from companies if possible.
>>
>>102981555
>MALIBAL
I haven't even heard about this company before the Coreboot fiasco.
>>
>>102981806
What happened?
>>102981786
This. Also support your local farmer's market
>>
>>102982453
>Don’t Support the Coreboot Project
>Why do so few companies offer coreboot on laptops? After a 15-month journey to port coreboot to our own, we discovered firsthand the challenges—and it wasn’t what we expected.
https://www.malibal.com/features/dont-support-the-coreboot-project/
They sound very anal, in a bad way.
>>
any teams I can join :)
>>
>>102983185
Thanks for the info anon!
>>
>>102978885
Agreed half the fun is in the conspiracy
>>
File: EZtbhx.jpg (458 KB, 2334x3207)
458 KB
458 KB JPG
>>102880421
>>102880421
Dumb question. It is possible to break an rsa encryption for a systemverilog file? I check the file and its has two parts.
`pragma protect encrypt_agent = "QuestaSim" , encrypt_agent_info = "2020.1_1"
`pragma protect key_keyowner = "Mentor Graphics Corporation" , key_keyname = "MGC-VERIF-SIM-RSA-2"
`pragma protect key_method = "rsa"
`pragma protect encoding = ( enctype = "base64" , line_length = 64 , bytes = 256 )
base64 rsa text
`pragma protect data_method = "aes128-cbc"
`pragma protect encoding = ( enctype = "base64" , line_length = 64 , bytes = 3920 )
`pragma protect data_block
base64 aes128 data
`pragma protect end_protected
>>
apparently bootkits are being sold fir $5000 these days
https://thecyberexpress.com/blacklotus-uefi-bootkit-hacking-forums/amp/
that is malware that you cam only get rid off by flashing the bios with gator clips
>>
>>102985033
Huntress CTF Team Dazbog, if you want. The comp is going into the final days, so now's when it's the most fun with the most challenges. Have some fun, learn some stuff. Each CTF teaches you something, it doesn't count as "true hacking".
About 6 more days left.
>>
fooling antifraud is enough of a challenge that people that get stolen credit card info dont bother.
if you can just do that you can buy cvvs from sites like prozone and buy stuff online and have it shipped. if you wanted to buy google credits or steam thats even harder.
the very few that can pull it off have a 1% chance of getting caught and make most of the money.
>>
>>102987189
do my points transfer if I switch teams?
>>
>>102987368
Agreed there's nothing that can be hacked nowadays
>>
>>102990265
well antifraud can be reverse engineered or analyzed but people rarely do that and the antifraud companies dont give samples to non companies. i assume the cvvs if theyre legit are obtain via hacking databases often times.
>>
>>102983185
You can imagine the sort of emails they sent to the the consultants directly.
I mean the dude thought he had 80% of the port done while he didn't even boot it once because he couldn't figure out how to flash it, didn't pay anyone a dollar and is now seething incessantly that we didn't want to work with him.
>>
File: Rust smoking.gif (1.75 MB, 500x281)
1.75 MB
1.75 MB GIF
>>102968354

U TALKING TO ME! U LITTLE BITCH IM GONNA FUCK YOU UP! IM GONNA FUCK UP JUST U WAIT U LITTLE BICH!!

gatcha: GLOWIES SUCK MY COCK uWu
>>
>>102990297
>>102990265
>>102987368
Hackers love to use sites like Mercari with stolen cards. You don't need any real hax to do this, just a VPN
t. Had card stolen



[Advertise on 4chan]

Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.