Can we have a cybersecurity general thread?
Can we have a cybersecurity general thread?
Other urls found in this thread:
catb.org
cybrary.it
n0where.net
offensive-security.com
resources.infosecinstitute.com
windowsecurity.com
sans.org
corelan.be
opensecuritytraining.info
blackhat.com
securitytube.net
threatpost.com
deepdotweb.com
packetstormsecurity.com
cvedetails.com
routerpwn.com
exploit-db.com
rapid7.com
0day.today
overthewire.org
pentesterlab.com
itsecgames.com
exploit-exercises.com
enigmagroup.org
smashthestack.org
3564020356.org
hackthissite.org
hackertest.net
0x0539.net
vulnhub.com
ringzer0team.com
root-me.org
microcorruption.com
starfighter.io
arstechnica.com
lcamtuf.coredump.cx
klee.github.io
en.wikipedia.org
twitter.com
Nobody on Cred Forums knows a damn thing about cybersecurity.
>Nobody on Cred Forums knows a damn thing about technology
This is what you meant
is that coming out for playstation or xbox?
There's only 4 people and 3 idiot tripfags on Cred Forums anyway
Literally convinced of this
It's easier to break something than to protect it. So be a hacker instead.
Speak for yourself
>be hacker
>get paid $$$$$$ by CSOs to use the same 5 attacks over and over in "pentests"
here you go
/netsec/ is dedicated to everything about computer security, networks, exploits, reverse engineering, social engineering, hacking, tricks, etc.
Daily Programming Thread: (Cross-thread)
Web Dev General: (Cross-thread)
How To Become a Hacker: catb.org
Learning
cybrary.it
n0where.net
offensive-security.com
resources.infosecinstitute.com
windowsecurity.com
sans.org
corelan.be
opensecuritytraining.info
blackhat.com
securitytube.net
News/CVE releases
threatpost.com
deepdotweb.com
packetstormsecurity.com
cvedetails.com
routerpwn.com
exploit-db.com
rapid7.com
0day.today
Wargames
overthewire.org
pentesterlab.com
itsecgames.com
exploit-exercises.com
enigmagroup.org
smashthestack.org
3564020356.org
hackthissite.org
hackertest.net
0x0539.net
vulnhub.com
ringzer0team.com
root-me.org
microcorruption.com
starfighter.io
anybody playing with ponce yet?
Thank you helpful user
nice memes you got there
Drop a knowledge bomb on us then
I do
Ask me questions if you have any
I'll probably be able to answer like 4/5ths of them
Then how are there 14 unique posters in this thread?
Without looking up any information, explain the encryption scheme Signal uses.
opinion on TPMs?
SAGE goes in all the fields
>Microsoft's internal whitebox fuzzing tool, called SAGE, which is the basis for the new service. In its earliest form, SAGE was used in testing of Windows 7 prior to its release and accounted for a third of the bugs discovered by fuzzing tools overall, despite being used after all other testing was complete. SAGE is now the basis of Project Springfield, which Godefroid leads.
arstechnica.com
Use Tor. Use Signal.
Maybe if you knew how to make a thread instead of being such a lazy, low quality posting fucker.
The DNC can't.
sounds like easy fun except reports and iso check boxes
based microsoft
Nothing new, comparable alternatives include:
lcamtuf.coredump.cx
klee.github.io
en.wikipedia.org
the last one doesn't even support windows(too complicated most likely)
Maybe.
It can be a bit depressing sometimes.
Axolotl double ratchet (now simply called Signal), a hybrid ratchet which uses both (Curve25519) PK ratcheting (for good forward secrecy) and chains of Hash-based ratcheting (for pools of session keys to provide partially asynchronous communication). It's heavy, but if you need async, it's got everything you need.
Trevor's later protocol framework, Noise, which this user helped to review, is better for synchronous communications, not as heavyweight, easier to prove. Working on PQ at the moment for it but that's not really an easy fit, and we don't really have any PQ public key algos at the moment I'd describe as actually good.
It's basically an on-motherboard smartcard/token.
The Infineon TPM 1.2 is the best of the designs I've analysed. It is not perfect. It seems to be very hard to source a TPM 2.0 standalone, to the point where two major tech companies I talked to couldn't get any.
Modern Intel chipsets provide TPM services from the ARC-based ME. They don't provide as secure a platform root-of-trust as they claim to. They do however provide (via EEPROM circuitry) secure zeroisation of secret keys, which is otherwise hard to impossible to do on modern PC hardware full of Flash, hard drives, weakly scrambled RAM and renamed registers.
It's too rare to rely on and is not my preferred solution. agl experimented with using them in Pond.
What do you think of PatchGuard and Windows security in general?
What do you think of Linux security in general?