Can we have a cybersecurity general thread?

Can we have a cybersecurity general thread?

Other urls found in this thread:

catb.org/~esr/faqs/hacker-howto.html
cybrary.it/
n0where.net/
offensive-security.com/metasploit-unleashed
resources.infosecinstitute.com/
windowsecurity.com/articles-tutorials/
sans.org/reading-room/
corelan.be/index.php/articles/
opensecuritytraining.info/Training.html
blackhat.com/html/archives.html
securitytube.net/
threatpost.com/
deepdotweb.com/
packetstormsecurity.com/
cvedetails.com/
routerpwn.com/
exploit-db.com/
rapid7.com/db/
0day.today/
overthewire.org/wargames/
pentesterlab.com/
itsecgames.com/
exploit-exercises.com/
enigmagroup.org/
smashthestack.org/
3564020356.org/
hackthissite.org/
hackertest.net/
0x0539.net/
vulnhub.com
ringzer0team.com/
root-me.org/
microcorruption.com/
starfighter.io/
arstechnica.com/information-technology/2016/09/microsoft-launches-fuzzing-as-a-service-to-help-developers-find-security-bugs/
lcamtuf.coredump.cx/afl/
klee.github.io/
en.wikipedia.org/wiki/Valgrind
twitter.com/SFWRedditVideos

Nobody on Cred Forums knows a damn thing about cybersecurity.

>Nobody on Cred Forums knows a damn thing about technology
This is what you meant

is that coming out for playstation or xbox?

There's only 4 people and 3 idiot tripfags on Cred Forums anyway

Literally convinced of this

It's easier to break something than to protect it. So be a hacker instead.

Speak for yourself

>be hacker
>get paid $$$$$$ by CSOs to use the same 5 attacks over and over in "pentests"

here you go

/netsec/ is dedicated to everything about computer security, networks, exploits, reverse engineering, social engineering, hacking, tricks, etc.

Daily Programming Thread: (Cross-thread)
Web Dev General: (Cross-thread)

How To Become a Hacker: catb.org/~esr/faqs/hacker-howto.html

Learning
cybrary.it/
n0where.net/
offensive-security.com/metasploit-unleashed
resources.infosecinstitute.com/
windowsecurity.com/articles-tutorials/
sans.org/reading-room/
corelan.be/index.php/articles/
opensecuritytraining.info/Training.html
blackhat.com/html/archives.html
securitytube.net/

News/CVE releases
threatpost.com/
deepdotweb.com/
packetstormsecurity.com/
cvedetails.com/
routerpwn.com/
exploit-db.com/
rapid7.com/db/
0day.today/

Wargames
overthewire.org/wargames/
pentesterlab.com/
itsecgames.com/
exploit-exercises.com/
enigmagroup.org/
smashthestack.org/
3564020356.org/
hackthissite.org/
hackertest.net/
0x0539.net/
vulnhub.com
ringzer0team.com/
root-me.org/
microcorruption.com/
starfighter.io/

anybody playing with ponce yet?

Thank you helpful user

nice memes you got there

Drop a knowledge bomb on us then

I do
Ask me questions if you have any
I'll probably be able to answer like 4/5ths of them

Then how are there 14 unique posters in this thread?

Without looking up any information, explain the encryption scheme Signal uses.

opinion on TPMs?

SAGE goes in all the fields

>Microsoft's internal whitebox fuzzing tool, called SAGE, which is the basis for the new service. In its earliest form, SAGE was used in testing of Windows 7 prior to its release and accounted for a third of the bugs discovered by fuzzing tools overall, despite being used after all other testing was complete. SAGE is now the basis of Project Springfield, which Godefroid leads.
arstechnica.com/information-technology/2016/09/microsoft-launches-fuzzing-as-a-service-to-help-developers-find-security-bugs/

Use Tor. Use Signal.

Maybe if you knew how to make a thread instead of being such a lazy, low quality posting fucker.

The DNC can't.

sounds like easy fun except reports and iso check boxes

based microsoft

Nothing new, comparable alternatives include:
lcamtuf.coredump.cx/afl/
klee.github.io/
en.wikipedia.org/wiki/Valgrind
the last one doesn't even support windows(too complicated most likely)

Maybe.

It can be a bit depressing sometimes.

Axolotl double ratchet (now simply called Signal), a hybrid ratchet which uses both (Curve25519) PK ratcheting (for good forward secrecy) and chains of Hash-based ratcheting (for pools of session keys to provide partially asynchronous communication). It's heavy, but if you need async, it's got everything you need.

Trevor's later protocol framework, Noise, which this user helped to review, is better for synchronous communications, not as heavyweight, easier to prove. Working on PQ at the moment for it but that's not really an easy fit, and we don't really have any PQ public key algos at the moment I'd describe as actually good.

It's basically an on-motherboard smartcard/token.

The Infineon TPM 1.2 is the best of the designs I've analysed. It is not perfect. It seems to be very hard to source a TPM 2.0 standalone, to the point where two major tech companies I talked to couldn't get any.

Modern Intel chipsets provide TPM services from the ARC-based ME. They don't provide as secure a platform root-of-trust as they claim to. They do however provide (via EEPROM circuitry) secure zeroisation of secret keys, which is otherwise hard to impossible to do on modern PC hardware full of Flash, hard drives, weakly scrambled RAM and renamed registers.

It's too rare to rely on and is not my preferred solution. agl experimented with using them in Pond.

What do you think of PatchGuard and Windows security in general?

What do you think of Linux security in general?