everyones favourite thread is back for another round!
Dylan Price
what are we all working on this weekend?
Hudson Sanchez
Why learn assembly and c?
Brayden Reed
>Why learn assembly and c? its a link to a book so you can learn assembly and c
Alexander Cooper
So you can reverse engineer malware
Camden Mitchell
Been refreshing my memory of Python lately. It's been awhile since did anything with it. Been going through Black Hat Python and Violent Python and a few other books i dont wanna be a script kiddie
Kevin Wood
>Black Hat Python and Violent Python and a few other books Nice one mate, keep at it
Logan Wilson
Any books like this but in Python 3? The reason I’ve been avoiding it is because it’s written in Python 2
Josiah Carter
>Any books like this but in Python 3? theres a few repos with the code from violent python converted to p3
Sebastian Watson
Links pls
Jeremiah Johnson
Messing around on htb. Working on Node right now. Just finished the easy mode boxes, having a bit of a challenge on node, but I’m making solid progress. My copy of advanced pen testing just came in the mail. Might start reading that in my downtime.
I don't think there's much of a difference between Python 2 and Python 3 I think it's mainly just the input and print functions and that's about it
Jacob Perry
Just finished Bandit. The last two levels were pretty tricky, especially the one where you had to trick More into showing more than a single page with your terminal size.
Also fuck *nix permissions.
Andrew Murphy
>Hacked CSGO skin faucet app with an easy ram editor like a years ago >Withdrawed the most Expensive skin >I still have it
Jaxon Jackson
>last two the ones that really spun me out were the FINAL one with the shell, and the setuid one. I was over thinking it hardcore, and had to look at a walkthrough to realise how fucking simple it was.
Owen Gomez
have you tried selling it yet?
Hudson Rivera
>CSGO skin faucet app what
is this external to csgo?
Andrew Sanders
This. Some networking libs and path handling etc have changed somewhat for the better but if you can into Python 3 you can Python 2 with ease.
Blake Long
Any other interesting certification to have apart from OSCP or CEH?
Alexander Torres
Dragon lore? How many years ago is this?
Jaxson Kelly
జ్ఞాజ్ఞాజ్ఞ Can Apple ever recover?
Parker James
>Can Apple ever recover? the update to fix this dropped before the exploit became public
Mason Mitchell
Which level was that?
Charles Butler
>Which level was that? 19
i kept trying to feed it other shit not necessary to run the tool
Gavin James
It can be still widely used though.
Nolan Bailey
>girl from berlin i feel like saying L O N D O N would be a bit redundant, wouldnt it
Sebastian Cruz
a dude on the other thread said, vuln research / RE is the only real security.
Josiah Rogers
depends on your "interesting" mean. these days, people like to have CISSP, because yeah you know, first you have over 5 years experience. second widely known by HR and easily invited to interview
Lucas Diaz
>CISSP you know its a management cert, right
Robert Lopez
Making a video on Shocker for when it goes retired and then hopefully getting User and Root on it's replacement today.
Andrew Parker
Not exactly management, you can stay in technical but you have a point plus for that, because you understand high level "company security".
Jace Hughes
oscp is still the better techincal choice
Juan Rogers
if you already on technical side, why the heck you have to take an OSCP?
people take an OSCP, they want to go to pentesting side, OSCP 75+% focus on web-apps pentesting.
Or just have fun, to trying to explore their technical knowledge.
There's available another cert for another field, of course its "practical exam".
stop spread frigging OSCP if people don't want to focus on web-app.
You can't explain technical on people who don't understand technical..
Even it's "practical exam" how many people take another script just to pass an exam? I give an example for that, take a look at securityshift he provide script for that.
Lincoln Rodriguez
Not hard to adapt to python 3, in fact it would be a great exercise adapting the methodologies into python3 or even another language entirely
Nathaniel Harris
Some functions have changed. Range is a generator now instead of making a list.
Hudson Perry
>why the heck you have to take an OSCP? Because the lab is worth it’s weight in gold. Clearly you haven’t taken it if you can’t see the attraction
Asher Reyes
read a whole point you faggot.
Evan Cox
I don't need an OSCP because I already on the field.
what an OSCP can do, if they instructed to pentest except web-app?
Liam Mitchell
>read a whole point Fucking what
Benjamin Cooper
How good is microcorruption.com/ for someone that never doing CTF and interested in trying it? Also any good beginner resource?
does india have its own local certs you could take?
Nathan Hernandez
not pajeet. and the answer is no.
Jayden Rivera
kekd
William Garcia
Nice writeup (and wallpape). I just finished this one a few days ago, just in the knick of time, it seems. For some reason, I had a shit ton of trouble getting the intial curl method to work. I must've spent an hour running various forms of it through curl and Burp before I called it quits. When I woke up the next day, I ran the last curl request I tried once and got through. On a side note, is there a schedule to view for machines? I'd like to know which are close to retirement.
Cameron Baker
What are the prerequisites for doing something like OSCP. I have no knowledge in pentesting and the likes. Would it be overkill to start with it?
I also started a very well rated Udemy Course today which goes into this direction.
(It's getting a bit voring with my Front-End Web Dev Job with some Salesforce in it..)
Christian Bailey
WHY IS HE SO FUCKING UGLY!?
John Turner
There is a link in the op that answers this question
You’re gonna decide what to study based on what people on the internet tell you to do?
Justin Sanders
idk who else to ask kev
Logan Jenkins
>idk who else to ask
Colton Ramirez
>black hat python lmao
Colton Campbell
Not the guy you're replying to, but have you actually coded in python? I bet you code in visual basics.
Brandon Perez
>idk who else to ask kev
if you don't know how you study most effectively, then why are you entering a master's program?
Brody Powell
bc it's a prestigious school and they're offering me a load of money
Jack Richardson
So what?
Do you even have any skills or knowledge of the field? How can you expect to pump out a research paper if you don’t know any anything?
It seems like you don’t know anything if the first choice in your poll is attend a course to learn industry skills!
Alexander Perez
>Do you even have any skills or knowledge of the field? some >How can you expect to pump out a research paper if you don’t know any anything? by learning >It seems like you don’t know anything if the first choice in your poll is attend a course to learn industry skills! i didn't write the blurb, it's from their website
David Cooper
because real hacking consists of creating your own 0day exploits and not just downloading dogshit w32 "tools" and scanners and using other peoples exploit kits.
ASM and C are essential in binary exploitation.
Joseph Ward
>by learning masters is not for learning, its for refining.
Logan Morris
if you think you can't learn anything more after an undergrad, you're probably wrong
Liam Campbell
i have no idea where you got that impression. but if you read what ti says it says research. youre expected to have the skills and knowledge to be able to do the post research yourself.
how are you offered a masters without a bachelor anyway? you already got one?
Ayden Bennett
i'm graduating this semester
Christian Jenkins
what in?
Nathaniel Perez
comp sci
Christian Campbell
heres the real steps, i think this would serve you better
>follow the links in the op post to learn more about infosec >do most of your learning on this topic yourself >do the masters to make your resume tighter and to say youve got a masters
if you struggled scraped and starved through a compsci degree, youve got the ability to learn the shit you need on your own
personally i think a masters is more good than two bachelors
Carter Jackson
i should have been clearer, the masters degree can be obtained 3 ways: a thesis track, a development track, and a coursework track. another bachelors isn't on the table
Ian Cruz
>i should have been clearer holy fucking shit yes you should have.
development sounds like it can lead to a job if its doing real shit for actual companies.
Sebastian Wood
i doubt it's developing in tandem with a company, it's probably just developing a toolkit that implements an exploit. but it would be fun to develop a spectre/meltdown kit even though i know nothing about them now. my gambit would be that a degree for CMU would be enough to get a job regardless, though, and i could pick the less risky coursework option, and rely on internships during the summer
Benjamin Phillips
I must be fucking retarded.
Literally copying an pasting solutions for overthewire level 0 (i did figure it out but didntk now why it wasnt working) and still says password is incorrect.
What the fuck?
Charles Miller
>i doubt it's developing in tandem with a company im going off the wording written on your poll mate, if you dont know things about the degree, then go ask your uni
type man ls, read that page type man cat, read that page then you'll know how to get the password
save yourself some time and read a short beginner linux book before doing bandit
Gabriel Sullivan
>coded >visual basics >visual basic(s) Holy shit There truly are pajeets in here. Go back to your Indian pooping forum fag
Michael Butler
youre using port 22
use port 2220
Logan Young
Anybody tried OpenSecurityTrainings?
Currently doing the Intro to x86 series and it seems pretty legit, but also outdated
Should I continue with it?
Adrian Thomas
>Go back to your Indian pooping forum fag Top zoz
Eli Anderson
can't follow them, too tired to listen their voice.. confusing AF. since then I stop watching them.
Mason Powell
I want to be a scriptkiddie. Where do I start, coming from a complete beginner.
>inb4 fuck off newfag
Jose Robinson
the resources in the op
Do you think I added all that shit for fun? Do you think I added the magnet to the oscp videos, or the web app hackers book because it was enjoyable for me to find resources?
Fuck no. It was so you fucking people can stop asking this question! The resources are RIGHT THERE! In order from beginners onwards!
Ian Davis
What he said.
Seriously I put good links in the original OP and people expanded on it to make it even better. Follow and you'll find the path to your answers.
Carson Ross
Python is pretty great for scripts, don't think you know what you're talking about
Liam White
Fuck off brainlet. If you haven't the minimum capacity of READING links in a post how do you think you can be even a scriptkiddie?
Matthew Gomez
not even close to being true.
Owen Wilson
I started recently trying to use HSS on the Overthewire site and got to level 5 in maybe 5 or 6 hours and i got interested on entering hackthebox. Even though i know i'm a beginner and everything, what do i need to know to hack my invite in?
Christopher Lewis
>what do i need to know to hack my invite in? if you cant get your invite yourself, you wont be able to pop any of the boxes.
Luke Morris
Hey there genius, i'm not asking what i need to do. I'm asking which knowledge i need to have so i can hack myself into it
Xavier Jackson
bringing down e-corp
Jayden Cox
>I'm asking which knowledge i need to have so i can hack myself into it all of it
nigger just fucking try
Tyler Brown
because it's relatively easy? good bang for buck ratio
Matthew Stewart
this is your chance to make something that proves yourself to a company like ForAllSecure
don't fuck it up.
Colton Butler
Why is the US so shit at cybersecurity/cyberwarfare compared to Russia and China? Obviously the US excels at global intel collection through the NSA, but why can't US agencies/military keep up in anything else? Stricter hiring practices for TS/SCI clearance in the US while Russia lets Dmitri's hackforums botnet participate in state sponsored cyber operations?
Robert Gonzalez
You joking? Have you read Vault 7/8 by WL? CIA uses Russian shells on their exploits that leave behind the trace of a Kremlin... They employ these tools Internationally for who-knows what purpose?
Isaiah Wilson
I think the format of it is pretty self explanatory in regards to what you need to know...
Jack Jones
This entire post is “I dont know anything but am going to post bullshit anyway”
Dominic Jenkins
>AV companies releasing technical whitepapers These are really great for learners as they're basically tutorials, but what's the purpose since they're obviously directed at amateurs outside the industry?
>Deobfuscating and devirtualizing FinFisher This is simple enough that any reverser would not need a tutorial, but technical enough that any non-computer sawwy person would not know what it even is.
Jaxon Martin
Not to mention that each of these "whitepapers" always explain the basic terms all over again.
>A Computer Worm is ... >now we're going to use a taint engine to...
Jason Scott
Fuck society, amirite?
Brayden Harris
>us is shit in cyberwarfare
???t
Cameron Thompson
>Stricter hiring practices for TS/SCI clearance in the US while Russia lets Dmitri's hackforums botnet participate in state sponsored cyber operations?
Then how did Edward Snowden weasel his way into having access to confidential material? Degreeless numale, literally a Cred Forumstard
Levi Adams
>Then how did Edward Snowden weasel his way into having access to confidential material? You require one level above the system you’re working on in order to administer it.
Given he was working on the top level shit, naturally he was granted above TS clearance.
How did he get the job? By being a fucking weapon at his job. Dell doesn’t take you on to do consulting unless you’re the best.
Elijah Jones
Anyone doing ctf.tamu.edu? Fairly interesting/decent CTF. Especially some interesting config editing ones that involve CI/CD, and some easy-as-fuck web flags.
Aaron White
Never heard of it, thanks for the link bruv
Anthony Sanders
What? No it didn't. The beta versions of iOS and macOS fix this (whether inadvertently or not), but there is no public release fix for this yet. iOS 11.2.5 and macOS 10.13.3 are both vulnerable to it, and those are the current public releases.
Cameron White
>but there is no public release fix for this yet. Then why am I browsing g every day on an iPhone with 11.2.5 and nothing ever crashes for me
Go and copy paste the character in here
Blake Hill
Anyone here attending the Department of Energy competition in April?
Julian Gonzalez
Whilst being a technical wizard and proficient in everything IT are the "soft skills" needed for this hackerman shit, a desire to figure shit out, and persistence are the cornerstones.
Figure shit out! And don't give up!
>tl;dr stop being a fag
Nathaniel Cook
Is cheese this years theme
Brody Barnes
No, it's mold.
Jackson Collins
im stuck on bandit 8->9
im using sort data..txt | uniq -u
but it repeats trailing apostrophes and stuff. do i need to use regex to solve this?
Oliver Baker
oh im on the wrong fucking level.
Jason Reyes
and it worked for the next level
Lincoln Roberts
Hello /hmg/ I'm a unifag looking for a job. Not in this for the money but I'm desperate for a job now. I'm a CS guy specializing in machine learning but Im about to apply to IT jobs cause I can't find anything.
Is getting into Pen-testing/ cybersec easier than software developing or data analytics?
Aaron Hill
it's an entirely different skill set. what's keeping you from getting a software development job? that's closer than cybersec
Matthew Anderson
anyone here have their TS SCI with CI poly? I know it's not like the movies and I'm not an Islamic communist but I'm still nervous for the polygraph
Leo Barnes
what do those words mean?
Alexander Phillips
Top Secret Sensitive Compartmented Information with Counterintelligence polygraph
it's for an Agency that specializes in Security at a National level
Owen Reed
Microcorruption is great for getting your head around dis/assembly. If you're looking into how heap overflows and such work, it's a good place to start.
Elijah Collins
What ever happened to the Cred Forumsentoomen CTF team? Is it still active?
Colton Edwards
Didn't see this until, now I've had my head up my ass working on Valentine.
Machines don't get retired until there is a machine to replace them, you check the Unreleased Machines and it'll tell you when that box goes live and what box is going down.
It's to both make sure you don't have anything leverage-able on you or that someone isn't already using you as an asset.
You will be asked a lot of VERY uncomfortable questions.
Daniel Barnes
S E M E N D E M O N
Luis Bennett
this. And also chained exceptions finally.
Mason Davis
Got a ROM dump from an unknown chip. No clue what processor, it was COB. Advice for RE? Already tried the usual 2/3/4 ngrams, nothing I recognize (0xc3 and 0xc2 a lot though).
Aiden James
Like what, just out of curiosity? Reading online, it looks like they just get into the deepest, darkest secrets of your life
Aiden Hall
I didn't think I had to take a lifestyle/full-scope poly. i'm fine with an FS poly but I did fall for the programming socks meme. i don't think crossdressing would disqualify me since I'm not embarrassed about it. I have zero drug use/criminal record or anything like that but I'm still nervous as hell
anything that can be used to blackmail you. gambling, hookers, sexual deviancy, etc.
Jaxon Gonzalez
Interesting. I'd like to get a job that requires a clearance, but my family has had some run-ins with the law so I'm not sure if that would hurt my chances
Julian Ross
>Is getting into Pen-testing/ cybersec easier Everything on earth is easier than info sec. you’re a fool whose bought into a meme that this is an entry level field
Isaac Thompson
What sort of run-ins? As long as your family hasn't been arrested for Chinese espionage I'm sure you'd be fine. They probably don't care if your brother has a weed charge or something
Charles Bailey
Small shit, dui, drunken disorderly, step dad openly hates cops for family I still have. Biological father is the definition of recidivism and is in for armed robbery, drugs, crashing car into a police cruiser and evading. Nothing involving any foreign nation at least lol
Christian Johnson
Ah ok, thanks man. How is Valentine? I'll prolly jump on that one after i finish Node
Blake Evans
The best advice I could give you is just to be open and level with them about everything. Nothing will get you canned faster than if you seem like you're being shifty / hiding shit. There's also a lot of weirdos at these places, so I wouldn't worry about programming socks.
>They probably don't care if your brother has a weed charge or something Yes they do. I’ve had coworkers fail to get their secret because of family members and drug charges, let alone TS.
Luis Hill
Explicitly because of family drug charges? Did they lie about them or was it huge, cartel trafficking amounts?
Robert Green
Its fun, you'll know what to do when you see the page on it's http server. But getting user and root flags is bretty rough.
They only care if that person is either your dependent or you are dependent on them. Then that might be an obvious avenue for leverage (selling secrets to pay for legal bills).
Ian Miller
>what's programming socks? Bright coloured socks literal faggots wear because they think it makes them cute
Brandon Martinez
i doubt they'd like you posting about that stuff online
Jackson Green
TS/SCI + CI is the standard for military/civilian/contractor for three letter agencies, it's easily searchable on google
Jackson Price
>tfw brainlet
Chase Reed
pentesting maybe, but I got a job as a sec analyst with less than a year of experience in IT and no degree
Elijah Sanders
And I bet the work you do is bullshit and not at all related to the topic of this thread. Why are you here?
Jacob Lewis
Fuck :( I wish I was as lucky
Connor Gonzalez
No you don’t. Because he is a ticket mill, and if he comes back and says otherwise, he’s full of shit. Looking at SIEM incidents and reviewing logs to be handed to level 2 isn’t a good job.
Nathan Garcia
lel there is no level 2 where I work. I do everything from tickets as you mentioned to forensics to social engineering/phishing campaigns, about to start taking over other pentesting responsibilities as well. also work from home. I do work with third parties that do what you describe, though. I was definitely lucky, I'm the first to admit that. Don't be so mad, friendo
Aaron Watson
what fucking downtime? what else do you have to do?
Landon Adams
Honestly I'm not very smart. Have a 3.3 GPA and made a 23 on my ACT (only took it once).
It get out there and learn how stuff works.
Fuck you its great experience for anyone. Lots of faggots here don't want to put in the work.