[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 888 KB, 680x680, 837B34F2-A4F9-490F-98FD-C14620CB5107.png [View same] [iqdb] [saucenao] [google] [report]
64764052 No.64764052 [Reply] [Original] [archived.moe] [rbt]

In /hmg/ we discuss pentesting, ctfs, exploits, and general being a hackerman.


>easy beginner bullshit

>prebroken images to work on.

>super secret club

>meme dragon distro but it just werks

>scriptkiddie starting point and swiss army knife

>From zero to OSCP-hero rough outline

>IppSec, video guides for retired HTB VMs.

>CEH, only looks good a resume to non-technical in HR

>OSCP, the big dick swinging exam, 24 hours to own 5 machines and a further 24 hours to write up a report detailing your methods.


>web app hackers handbook.
Thanks IBM!


>OSCP videos


>Advanced Penetration Testing


>learn assembly and C

>> No.64764112

everyones favourite thread is back for another round!

>> No.64764126

what are we all working on this weekend?

>> No.64764156

Why learn assembly and c?

>> No.64764176

>Why learn assembly and c?
its a link to a book so you can learn assembly and c

>> No.64764189

So you can reverse engineer malware

>> No.64764343

Been refreshing my memory of Python lately. It's been awhile since did anything with it. Been going through Black Hat Python and Violent Python and a few other books
i dont wanna be a script kiddie

>> No.64764639

>Black Hat Python and Violent Python and a few other books
Nice one mate, keep at it

>> No.64764786

Any books like this but in Python 3? The reason I’ve been avoiding it is because it’s written in Python 2

>> No.64764866

>Any books like this but in Python 3?
theres a few repos with the code from violent python converted to p3

>> No.64764873

Links pls

>> No.64764887

Messing around on htb. Working on Node right now. Just finished the easy mode boxes, having a bit of a challenge on node, but I’m making solid progress. My copy of advanced pen testing just came in the mail. Might start reading that in my downtime.

>> No.64764912


>> No.64764938


>> No.64765174

My favorite general is back. Yay

>> No.64765183

I don't think there's much of a difference between Python 2 and Python 3
I think it's mainly just the input and print functions and that's about it

>> No.64765249

Just finished Bandit. The last two levels were pretty tricky, especially the one where you had to trick More into showing more than a single page with your terminal size.

Also fuck *nix permissions.

>> No.64765262


>Hacked CSGO skin faucet app with an easy ram editor like a years ago
>Withdrawed the most Expensive skin
>I still have it

>> No.64765269

>last two
the ones that really spun me out were the FINAL one with the shell, and the setuid one. I was over thinking it hardcore, and had to look at a walkthrough to realise how fucking simple it was.

>> No.64765372

have you tried selling it yet?

>> No.64765883

>CSGO skin faucet app

is this external to csgo?

>> No.64765951

This. Some networking libs and path handling etc have changed somewhat for the better but if you can into Python 3 you can Python 2 with ease.

>> No.64765978

Any other interesting certification to have apart from OSCP or CEH?

>> No.64766132

Dragon lore? How many years ago is this?

>> No.64766161

Can Apple ever recover?

>> No.64766194

>Can Apple ever recover?
the update to fix this dropped before the exploit became public

>> No.64766197

Which level was that?

>> No.64766224

>Which level was that?

i kept trying to feed it other shit not necessary to run the tool

>> No.64766262
File: 393 KB, 1080x1920, Screenshot_2018-02-17-14-12-05-052_com.whatsapp.png [View same] [iqdb] [saucenao] [google] [report]

It can be still widely used though.

>> No.64766265

>girl from berlin
i feel like saying L O N D O N would be a bit redundant, wouldnt it

>> No.64766353

a dude on the other thread said, vuln research / RE is the only real security.

>> No.64766367

depends on your "interesting" mean.
these days, people like to have CISSP, because yeah you know, first you have over 5 years experience. second widely known by HR and easily invited to interview

>> No.64766375

you know its a management cert, right

>> No.64766521

Making a video on Shocker for when it goes retired and then hopefully getting User and Root on it's replacement today.

>> No.64766578

Not exactly management, you can stay in technical but you have a point plus for that, because you understand high level "company security".

>> No.64766773

oscp is still the better techincal choice

>> No.64766925

if you already on technical side, why the heck you have to take an OSCP?

people take an OSCP, they want to go to pentesting side, OSCP 75+% focus on web-apps pentesting.

Or just have fun, to trying to explore their technical knowledge.

There's available another cert for another field, of course its "practical exam".

stop spread frigging OSCP if people don't want to focus on web-app.

You can't explain technical on people who don't understand technical..

Even it's "practical exam" how many people take another script just to pass an exam? I give an example for that, take a look at securityshift he provide script for that.

>> No.64766955

Not hard to adapt to python 3, in fact it would be a great exercise adapting the methodologies into python3 or even another language entirely

>> No.64767005

Some functions have changed. Range is a generator now instead of making a list.

>> No.64767143

>why the heck you have to take an OSCP?
Because the lab is worth it’s weight in gold. Clearly you haven’t taken it if you can’t see the attraction

>> No.64767209

read a whole point you faggot.

>> No.64767225

I don't need an OSCP because I already on the field.

what an OSCP can do, if they instructed to pentest except web-app?

>> No.64767426

>read a whole point
Fucking what

>> No.64768424

How good is https://microcorruption.com/ for someone that never doing CTF and interested in trying it?
Also any good beginner resource?

>> No.64769683

Shocker vid.


>> No.64769960

Don't forget Flare-On.
It's an awesome CTF.


>> No.64769997

does india have its own local certs you could take?

>> No.64770263

not pajeet. and the answer is no.

>> No.64770583


>> No.64770703

Nice writeup (and wallpape). I just finished this one a few days ago, just in the knick of time, it seems. For some reason, I had a shit ton of trouble getting the intial curl method to work. I must've spent an hour running various forms of it through curl and Burp before I called it quits. When I woke up the next day, I ran the last curl request I tried once and got through.
On a side note, is there a schedule to view for machines? I'd like to know which are close to retirement.

>> No.64771415

What are the prerequisites for doing something like OSCP. I have no knowledge in pentesting and the likes. Would it be overkill to start with it?

I also started a very well rated Udemy Course today which goes into this direction.

(It's getting a bit voring with my Front-End Web Dev Job with some Salesforce in it..)

>> No.64771487


>> No.64771491

There is a link in the op that answers this question

>> No.64771884


>> No.64771901

fuck meant MS not MC

>> No.64771926

Are you fucking serious

You’re gonna decide what to study based on what people on the internet tell you to do?

>> No.64771981

idk who else to ask kev

>> No.64772139
File: 2.64 MB, 320x240, E57E2DA4-7803-453B-8A40-04B205A5E5F9.gif [View same] [iqdb] [saucenao] [google] [report]

>idk who else to ask

>> No.64772158

>black hat python

>> No.64772437

Not the guy you're replying to, but have you actually coded in python? I bet you code in visual basics.

>> No.64772474


>idk who else to ask kev

if you don't know how you study most effectively, then why are you entering a master's program?

>> No.64772720

bc it's a prestigious school and they're offering me a load of money

>> No.64772799

So what?

Do you even have any skills or knowledge of the field? How can you expect to pump out a research paper if you don’t know any anything?

It seems like you don’t know anything if the first choice in your poll is attend a course to learn industry skills!

>> No.64772845

>Do you even have any skills or knowledge of the field?
>How can you expect to pump out a research paper if you don’t know any anything?
by learning
>It seems like you don’t know anything if the first choice in your poll is attend a course to learn industry skills!
i didn't write the blurb, it's from their website

>> No.64772846

because real hacking consists of creating your own 0day exploits and not just downloading dogshit w32 "tools" and scanners and using other peoples exploit kits.

ASM and C are essential in binary exploitation.

>> No.64773034

>by learning
masters is not for learning, its for refining.

>> No.64773174

if you think you can't learn anything more after an undergrad, you're probably wrong

>> No.64773201

i have no idea where you got that impression. but if you read what ti says it says research. youre expected to have the skills and knowledge to be able to do the post research yourself.

how are you offered a masters without a bachelor anyway? you already got one?

>> No.64773428

i'm graduating this semester

>> No.64773435

what in?

>> No.64773449

comp sci

>> No.64773513

heres the real steps, i think this would serve you better

>follow the links in the op post to learn more about infosec
>do most of your learning on this topic yourself
>do the masters to make your resume tighter and to say youve got a masters

if you struggled scraped and starved through a compsci degree, youve got the ability to learn the shit you need on your own

personally i think a masters is more good than two bachelors

>> No.64773577

i should have been clearer, the masters degree can be obtained 3 ways: a thesis track, a development track, and a coursework track. another bachelors isn't on the table

>> No.64773607

>i should have been clearer
holy fucking shit yes you should have.

development sounds like it can lead to a job if its doing real shit for actual companies.

>> No.64773655

i doubt it's developing in tandem with a company, it's probably just developing a toolkit that implements an exploit. but it would be fun to develop a spectre/meltdown kit even though i know nothing about them now. my gambit would be that a degree for CMU would be enough to get a job regardless, though, and i could pick the less risky coursework option, and rely on internships during the summer

>> No.64773656

I must be fucking retarded.

Literally copying an pasting solutions for overthewire level 0 (i did figure it out but didntk now why it wasnt working) and still says password is incorrect.

What the fuck?

>> No.64773667

>i doubt it's developing in tandem with a company
im going off the wording written on your poll mate, if you dont know things about the degree, then go ask your uni

>> No.64773693

overthewire what? there's many wargames. bandit?

>> No.64773733

yep. copied this https://www.yalpski.net/bandit-wargame/bandit-walkthrough-level-0

permission denied. i don't understand why.

>> No.64773767

type man ls, read that page
type man cat, read that page
then you'll know how to get the password

save yourself some time and read a short beginner linux book before doing bandit

>> No.64773770

>visual basics
>visual basic(s)
Holy shit
There truly are pajeets in here. Go back to your Indian pooping forum fag

>> No.64773774

youre using port 22

use port 2220

>> No.64773812

Anybody tried OpenSecurityTrainings?

Currently doing the Intro to x86 series and it seems pretty legit, but also outdated

Should I continue with it?

>> No.64774512

>Go back to your Indian pooping forum fag
Top zoz

>> No.64774532

can't follow them, too tired to listen their voice.. confusing AF. since then I stop watching them.

>> No.64775204

I want to be a scriptkiddie. Where do I start, coming from a complete beginner.

>inb4 fuck off newfag

>> No.64775358

the resources in the op

Do you think I added all that shit for fun? Do you think I added the magnet to the oscp videos, or the web app hackers book because it was enjoyable for me to find resources?

Fuck no. It was so you fucking people can stop asking this question! The resources are RIGHT THERE! In order from beginners onwards!

>> No.64775450

What he >>64775358 said.

Seriously I put good links in the original OP and people expanded on it to make it even better. Follow and you'll find the path to your answers.

>> No.64775487

Python is pretty great for scripts, don't think you know what you're talking about

>> No.64775489

Fuck off brainlet.
If you haven't the minimum capacity of READING links in a post how do you think you can be even a scriptkiddie?

>> No.64775497

not even close to being true.

>> No.64775584
File: 106 KB, 1280x720, wpid-hack-813290_1280.jpg [View same] [iqdb] [saucenao] [google] [report]

I started recently trying to use HSS on the Overthewire site and got to level 5 in maybe 5 or 6 hours and i got interested on entering hackthebox.
Even though i know i'm a beginner and everything, what do i need to know to hack my invite in?

>> No.64775752

>what do i need to know to hack my invite in?
if you cant get your invite yourself, you wont be able to pop any of the boxes.

>> No.64775764

Hey there genius, i'm not asking what i need to do. I'm asking which knowledge i need to have so i can hack myself into it

>> No.64775779

bringing down e-corp

>> No.64775783

>I'm asking which knowledge i need to have so i can hack myself into it
all of it

nigger just fucking try

>> No.64775787

because it's relatively easy? good bang for buck ratio

>> No.64776111

this is your chance to make something that proves yourself to a company like ForAllSecure

don't fuck it up.

>> No.64776128
File: 99 KB, 880x487, c58y4w8hgu701.jpg [View same] [iqdb] [saucenao] [google] [report]

Why is the US so shit at cybersecurity/cyberwarfare compared to Russia and China? Obviously the US excels at global intel collection through the NSA, but why can't US agencies/military keep up in anything else? Stricter hiring practices for TS/SCI clearance in the US while Russia lets Dmitri's hackforums botnet participate in state sponsored cyber operations?

>> No.64776315

You joking?
Have you read Vault 7/8 by WL?
CIA uses Russian shells on their exploits that leave behind the trace of a Kremlin... They employ these tools Internationally for who-knows what purpose?

>> No.64776390

I think the format of it is pretty self explanatory in regards to what you need to know...

>> No.64776909

This entire post is “I dont know anything but am going to post bullshit anyway”

>> No.64777088
File: 775 KB, 903x903, 1518941970649.png [View same] [iqdb] [saucenao] [google] [report]

>AV companies releasing technical whitepapers
These are really great for learners as they're basically tutorials, but what's the purpose since they're obviously directed at amateurs outside the industry?

Look at this:

>Deobfuscating and devirtualizing FinFisher
This is simple enough that any reverser would not need a tutorial, but technical enough that any non-computer sawwy person would not know what it even is.

>> No.64777098

Not to mention that each of these "whitepapers" always explain the basic terms all over again.

>A Computer Worm is ...
>now we're going to use a taint engine to...

>> No.64777139

Fuck society, amirite?

>> No.64777210
File: 136 KB, 1200x901, 1518923250535.jpg [View same] [iqdb] [saucenao] [google] [report]

>us is shit in cyberwarfare


>> No.64777216

>Stricter hiring practices for TS/SCI clearance in the US while Russia lets Dmitri's hackforums botnet participate in state sponsored cyber operations?

Then how did Edward Snowden weasel his way into having access to confidential material? Degreeless numale, literally a /g/tard

>> No.64777289

>Then how did Edward Snowden weasel his way into having access to confidential material?
You require one level above the system you’re working on in order to administer it.

Given he was working on the top level shit, naturally he was granted above TS clearance.

How did he get the job? By being a fucking weapon at his job. Dell doesn’t take you on to do consulting unless you’re the best.

>> No.64777752

Anyone doing https://ctf.tamu.edu? Fairly interesting/decent CTF. Especially some interesting config editing ones that involve CI/CD, and some easy-as-fuck web flags.

>> No.64778134

Never heard of it, thanks for the link bruv

>> No.64778641

What? No it didn't. The beta versions of iOS and macOS fix this (whether inadvertently or not), but there is no public release fix for this yet. iOS 11.2.5 and macOS 10.13.3 are both vulnerable to it, and those are the current public releases.

>> No.64778905
File: 147 KB, 750x988, 9313BE56-BE86-4390-AAA2-5B0D2DCCD3FB.jpg [View same] [iqdb] [saucenao] [google] [report]

>but there is no public release fix for this yet.
Then why am I browsing g every day on an iPhone with 11.2.5 and nothing ever crashes for me

Go and copy paste the character in here

>> No.64780427
File: 128 KB, 833x625, BlueCheeseVarietiesStorybo.jpg [View same] [iqdb] [saucenao] [google] [report]

Anyone here attending the Department of Energy competition in April?

>> No.64780856

Whilst being a technical wizard and proficient in everything IT are the "soft skills" needed for this hackerman shit, a desire to figure shit out, and persistence are the cornerstones.

Figure shit out! And don't give up!

>tl;dr stop being a fag

>> No.64783211

Is cheese this years theme

>> No.64783225

No, it's mold.

>> No.64784031

im stuck on bandit 8->9

im using sort data..txt | uniq -u

but it repeats trailing apostrophes and stuff. do i need to use regex to solve this?

>> No.64784186

oh im on the wrong fucking level.

>> No.64784212

and it worked for the next level

>> No.64784360

Hello /hmg/ I'm a unifag looking for a job. Not in this for the money but I'm desperate for a job now. I'm a CS guy specializing in machine learning but Im about to apply to IT jobs cause I can't find anything.

Is getting into Pen-testing/ cybersec easier than software developing or data analytics?

>> No.64784947

it's an entirely different skill set. what's keeping you from getting a software development job? that's closer than cybersec

>> No.64785058
File: 143 KB, 724x1024, 7snfbj9rk0bz.jpg [View same] [iqdb] [saucenao] [google] [report]

anyone here have their TS SCI with CI poly? I know it's not like the movies and I'm not an Islamic communist but I'm still nervous for the polygraph

>> No.64785475

what do those words mean?

>> No.64785659

Top Secret Sensitive Compartmented Information with Counterintelligence polygraph

it's for an Agency that specializes in Security at a National level

>> No.64785961

Microcorruption is great for getting your head around dis/assembly. If you're looking into how heap overflows and such work, it's a good place to start.

>> No.64785992

What ever happened to the /G/entoomen CTF team? Is it still active?

>> No.64786041

Didn't see this until, now I've had my head up my ass working on Valentine.

Machines don't get retired until there is a machine to replace them, you check the Unreleased Machines and it'll tell you when that box goes live and what box is going down.

>> No.64786087

Fished from an old thread:

>> No.64786155

It's to both make sure you don't have anything leverage-able on you or that someone isn't already using you as an asset.

You will be asked a lot of VERY uncomfortable questions.

>> No.64786182


>> No.64786234

this. And also chained exceptions finally.

>> No.64786260

Got a ROM dump from an unknown chip. No clue what processor, it was COB. Advice for RE? Already tried the usual 2/3/4 ngrams, nothing I recognize (0xc3 and 0xc2 a lot though).

>> No.64786320

Like what, just out of curiosity? Reading online, it looks like they just get into the deepest, darkest secrets of your life

>> No.64786388
File: 728 KB, 2228x1715, memorial_wall_full.jpg [View same] [iqdb] [saucenao] [google] [report]

I didn't think I had to take a lifestyle/full-scope poly. i'm fine with an FS poly but I did fall for the programming socks meme. i don't think crossdressing would disqualify me since I'm not embarrassed about it. I have zero drug use/criminal record or anything like that but I'm still nervous as hell


anything that can be used to blackmail you. gambling, hookers, sexual deviancy, etc.

>> No.64786424

Interesting. I'd like to get a job that requires a clearance, but my family has had some run-ins with the law so I'm not sure if that would hurt my chances

>> No.64786449

>Is getting into Pen-testing/ cybersec easier
Everything on earth is easier than info sec. you’re a fool whose bought into a meme that this is an entry level field

>> No.64786505

What sort of run-ins? As long as your family hasn't been arrested for Chinese espionage I'm sure you'd be fine. They probably don't care if your brother has a weed charge or something

>> No.64786553

Small shit, dui, drunken disorderly, step dad openly hates cops for family I still have. Biological father is the definition of recidivism and is in for armed robbery, drugs, crashing car into a police cruiser and evading. Nothing involving any foreign nation at least lol

>> No.64786582

Ah ok, thanks man. How is Valentine? I'll prolly jump on that one after i finish Node

>> No.64786605

The best advice I could give you is just to be open and level with them about everything. Nothing will get you canned faster than if you seem like you're being shifty / hiding shit. There's also a lot of weirdos at these places, so I wouldn't worry about programming socks.

>> No.64786627

Cool, thanks man. Newfag question though, what's programming socks?

>> No.64786666

>They probably don't care if your brother has a weed charge or something
Yes they do. I’ve had coworkers fail to get their secret because of family members and drug charges, let alone TS.

>> No.64786676

Explicitly because of family drug charges? Did they lie about them or was it huge, cartel trafficking amounts?

>> No.64786689

Its fun, you'll know what to do when you see the page on it's http server. But getting user and root flags is bretty rough.

They only care if that person is either your dependent or you are dependent on them. Then that might be an obvious avenue for leverage (selling secrets to pay for legal bills).

>> No.64788046

>what's programming socks?
Bright coloured socks literal faggots wear because they think it makes them cute

>> No.64788053

i doubt they'd like you posting about that stuff online

>> No.64788136

TS/SCI + CI is the standard for military/civilian/contractor for three letter agencies, it's easily searchable on google

>> No.64788548

>tfw brainlet

>> No.64788585

pentesting maybe, but I got a job as a sec analyst with less than a year of experience in IT and no degree

>> No.64788631

And I bet the work you do is bullshit and not at all related to the topic of this thread. Why are you here?

>> No.64789018

Fuck :( I wish I was as lucky

>> No.64789114

No you don’t. Because he is a ticket mill, and if he comes back and says otherwise, he’s full of shit. Looking at SIEM incidents and reviewing logs to be handed to level 2 isn’t a good job.

>> No.64789176

lel there is no level 2 where I work. I do everything from tickets as you mentioned to forensics to social engineering/phishing campaigns, about to start taking over other pentesting responsibilities as well. also work from home. I do work with third parties that do what you describe, though. I was definitely lucky, I'm the first to admit that. Don't be so mad, friendo

>> No.64789492

what fucking downtime? what else do you have to do?

>> No.64790951

Honestly I'm not very smart. Have a 3.3 GPA and made a 23 on my ACT (only took it once).

It get out there and learn how stuff works.

Fuck you its great experience for anyone. Lots of faggots here don't want to put in the work.

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.