#cybersecurity

also here check this out
https://twitter.com/80vul/status/1052856212574760961

https://twitter.com/RidT/status/1053976353752694789

Damn man

We're all just tryna make life worth living

Why do they have to mess with Tor project staff

¯_(ツ)_/¯

https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-found-in-freertos-popular-os-for-embedded-systems/

https://twitter.com/x0rz/status/1054250944668594176?s=19

@velvet isle You're into security stuff or just trying it for fun?

@thorn obsidian If it's on a lower port, it's much more likely to be scanned than something in the 20,000 to 60,000 range

Masscan makes that somewhat irrelevant, but it keeps out a lot of bots and people who don't know how to properly do bulk scans

wrong channel but you're welcome 😃

How does only root having access to create a service on the port improve security from a remote attack?

That's understandable.

https://twitter.com/OSTIFofficial/status/1054356602579570688

https://seclists.org/oss-sec/2018/q4/82
GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions

@upbeat palm I'm into it

But I don't always have time to do some stuff

https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8

Omg

Wow

Noob programmers clearly

If a Brit installs colorama it's not unlikely he types colorama by accident though

There is some out commented subprocess

Conclusion

The worse written the malware the bigger the scandal

Wew another malicious PyPI package

They really need to implement some automated scanning of dependencies, and make it clear what dependencies a package has

Defcon26 talks are up : https://www.youtube.com/playlist?list=PL9fPq3eQfaaD0cf5c7wkzMoj2kifzGO4U

Any goodies

I did some decrypting on my end today of https traffic

I noticed that almost the whole of whatsapp connections are end to end encrypted

Something like that

For most of the connections I was getting a .enc file

Meanwhile Facebook Messenger messages are not encrypted but just sent over a secure connection 👎

I use Signal, as far as I'm concerned

whats app has been end to end encrypted for years

but afaik they still didnt leak info about the implementation

yeah that's why I prefer Signal

it's fully open source

and the big Facebook isn't behind

If WhatsApp was e2e years now

Why didn't they tell us

Until some update in 2016 I think

Also before I remember WhatsApp had a subscription thing

They removed it

@silent pier

Exploitation via Faxes (Didn't attend but heard it was good): https://youtu.be/qLCE8spVX9Q
Processor exploitation. I attended this one, guy is super sharp, and this continuation of work he did last year on discovery of undocumented instructions (SandSifter): https://youtu.be/XH0F9r0siTI
(SandSifter: https://github.com/Battelle/sandsifter)
Smart city exploitation (just watched, it's interesting): https://youtu.be/5z-rKz5ABgI
PLC hacking: https://youtu.be/-KHel7SyXsU

There was another really interesting one about the big bad ICS malware that happened recently (Triton) but it seems that isn't up on YouTube.

Awesome resource, Thanks.

@thorn obsidian
it depends

there's nothing wrong with storing raw credentials on disl

but they're only as safe as the machine is, the software and hardware you run

Where else would they store them?

Yeah this guy didn't even email them

K pleb just because they stopped responding to some unrelated feedback for reasons you don't know, doesn't mean you should post what you think is a security issue to the twitters for all the internet fame without contacting Signal first.

Can probably look through the project and see if the reason is documented anywhere since it's open source.

Do some due diligence first c'mon

I would argue that it should at least provide an option to have the key encrypted with a password that it prompts for on launch

and should use BitLocker or whatever so the file is at least encrypted with your user account

that's what I would do

if I were designing an app like that

What if they store key after performing "key wrapping"?

@safe bear it's not even a valid complaint, what does the dick want

store the encryption key on the server, nullifying the encryption your service touts as its primary feature?

Physical implants into your hips

I'm still looking for a good physical biological implant

Im hesitant in general for most technological implants

Other that things that help you live, I suppose

why are you hesitant?

Cause it's technology

it's one thing to implant myself, it's another for a government to require it

Technology is never safe

disagree .:P

AndI having it implanted in my own body

Idk, just seems like a big risk with todays security

depends, might be decent two factor

it'be especially cool if it had a button somehow that you can feel

imagine using a magnet to activate your implant. You'd feel your skin pulling towards the magnet.

Two factors seem to just be a pretty face for many

Just like this crypto wallet that didn't even timeout too many incorrect 2fa attampta

what crypto wallet?

I forgot its name, was on reddit a day or 2 ago

Someone brute forced a 2fa to a guy, who claims he lost over a mil $ in crypto

Something like 85k attempts were made

I don't believe in stealing from people, but if they don't take security seriously and put that sort of money at risk, they basically deserve to lose it.

Yee

II would never put that much money in an online wallet

If you have $1m you can afford a physical wallet

It's like The Fappening with 4chan. What, you gonna litigate 100,000 people because a dumb blonde actor/actress used the password "password" to secure their nudes?

If they're going to enjoy technology, power, and fame, they should do a bit of work to educate themselves in how to wield it.

Silly people not realizing the weakness of their security

yeah, I mean I'm of two minds about that sort of thing.

I do wish bigger tv channels and sites promoted security a bit more

I hate scammers, but you can't act like other people are responsible for your best interests.

I mean, if you fall for an online scam as someone in their late teens / twenties and use the internet regularly

You might just deserve it

Compared to if they try to scam a 70yo who only access their desktop to pay bills, or look at mail

That's just harsh

what's more, some cultures treat it like a game
that they earn what they steal, because stealing is a skill

in china, most shops haggle, and if you don't, its your fault you pay 10x

It's just sadistic.

A Wi-Fi router flogged by British mobile network EE has a hidden administration account with a hardcoded username and password – and is accessible via SSH.

This root-level account, present in EE's 4GEE HH70 gateways, can be accessed by anyone on the local network, such as a malicious user or malware on a Wi-Fi-connected PC.```

lol

can people stop this shit please?

"It's important to note that for this vulnerability to be exploited, you need to have local access. So the risk of this being exploited is low." - EE Spokesperson```

@lusty flare Wait,from where you got this?

The Register

They must have thought: Let's downplay a gaping hole in our security; that'll show the world how much we care about the security of our clients!

They have 14m 4G customers

quelle surprise

They should have buried gold in their backyard like the smart people

@errant pilot smartest idea I've ever heard

@valid furnace """it's not even a valid complaint, what does the dick want
store the encryption key on the server, nullifying the encryption your service touts as its primary feature?"""
Encrypting it locally with a password the user has to enter on startup would mitigate the problem. And if you actually go to the thread that's what they're saying too.

Or maybe just don't save history

Prone to memory analysis?

🤷

Does anyone know of a good data destruction program? I am wanting to format my main harddrive so I change to a UNIX os, and would prefer to download a legit ddp

you don't need to wipe your disk just to be able to install a new os

regularly just using the new os installer to delete and create new partitions is enough

if you want to securely wipe your data because it's confidential stuff (though I see no problem unless you're going to give the disk away), you can e.g. use DBAN (Darik's Boot And Nuke, or so)

On a modern HDD, a single pass of overwriting should be totally enough for consumer stuff. I guess you're not storing military secrets on there 😛

Thanks, this is an older computer which hasn't been touched in a while, so I'm not sure what malicious stuff is hanging around. I just want a clean reset.

Just write zeros to it if that's all you want. It'll be unrecoverable

tbh you can just use the secure erase function that most hdd's have

https://www.lifewire.com/hdderase-review-2619137

I have an iso for this

Darik's Boot and Nuke

or, you can just encrypt your hard drives and not worry about it. 😛

yeah, i'm not sure about SSD's either

lol

You just use the ATA Secure Erase command for SSDs

That triggers a full flush

Technically, you could have some data in cells that are marked as failed, which would possibly lead to data leakage.

I haven't read the ATA spec, so I don't know if secure erase is required to wipe failed cells or not. Probably implementation-specific.

@thorn obsidian Why are they scary?

Forensically, getting data out of a SSD is nearly fucking impossible

It varies by manufacturer, but usually when you issue a TRIM command any sections marked as free are zeroed. I believe this is true on SandForce, the most common controller, but it was not the case on certain controllers back in 2014 or so I think.

https://articles.forensicfocus.com/2014/09/23/recovering-evidence-from-ssd-drives-in-2014-understanding-trim-garbage-collection-and-exclusions/

If you get a SSD to do forensics on, you basically: immediately disconnect it from the host (disconnect SATA connector) and preserve power (if possible)

http://www.forensicswiki.org/wiki/Solid_State_Drive_(SSD)_Forensics

^ read the bibliography links on that page

Yes, it's still possible, however it's much more difficult, error-prone, and unreliable than standard magnetic disk data recovery

tl;dr sorry

Forensics is cool

Honestly

long story short, you don't nuke hard drives, you destroy them.

Yes

Standard practice for any bulk storage medium is wipe using the appropriate secure erasure method, then destroy the drive physically

An admin friend of mine would destroy HDDs by drilling through the middle of them, and I think that's pretty standard practice (seen in a few other places too)

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf

NIST is the golden standard in data destruction

"Clear" the data using a single pass zeroing, then using the SECURE ERASE UNIT command

Then purge using a cryptographic method (overwrite with scrambled data), use SANITIZE command, or discard the keys for a drive with built-in block level crypto

Then you destroy the medium physically

Up to and including incineration

There's actually a specific incineration temperature they recommend for magnetic media, but I can't seem to find it at the moment (and in-flight wifi is slow AF)

Also, 3 passes is generally enough for a HDD. If you're paranoid, 7 passes, since that's what the DoD uses.

35 passes is ridiculous and IIRC has been shown to not have any measurable improvement in the randomness of the data over DoD 7-pass

tl;dr

Forensics are kinda interesting.

realistically, no one's reading data off a destroyed drive

physically destroyed

certain temperatures, the magnetic properties of a hard drive break down.
certain fluctuacting fields can wipe platters instantly
SSDs use a digital stored charge, not analog magnetivity

Yes

Incineration ensures the components are completely inert though

Not just practically destroyed

Yes

"the data will rise like a phoenix from the ashes"

realistically, unless the NSA is knocking on your door, nobody will read any data from a single pass overwritten HDD.

i feel like an overwrite of /dev/urandom then /dev/zero is enough

for most cases, of course

but why

cause that makes individual bits of data harder to read, then clears them.

nothing is readable after a single pass of zeroes either

modern disks are so small with such tiny magnetic tracks and space between, that it's really almost impossible to find anything useful from before the last overwrite

Using multiple passes with random data was important on early disks with larger tracks, where you could still position the head in between those and have a good chance of reading something

hmm, fair enough.

https://superuser.com/a/270569/418736

https://www.howtogeek.com/115573/htg-explains-why-you-only-have-to-wipe-a-disk-once-to-erase-it/

https://link.springer.com/chapter/10.1007%2F978-3-540-89862-7_21

http://www.forensicswiki.org/wiki/Recovering_Overwritten_Data

For the average person one or two wipes is fine

https://en.wikipedia.org/wiki/Data_erasure

However, nation-states are likely to have developed drive and vendor-specific recovery techniques

I doubt, but to everyone their own freedom.

DoD continues to mandate 7-pass wipes

But who really knows 🤷

https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/

Details on the cryptocurrency VB script one ("colourama"): https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8

Potential solution: https://theupdateframework.github.io/overview.html

You already have though

colourama, that guy was clever, poor British people

(imagine that was actually tea)

it says coffee

so no

imagine

cant you make a tea emoji real quick

no blob though 😦

No

Look at the emoji byte sent

The yellow thing is called blob

discord should go full blobs for their emoji

since google got rid of them

https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html?m=1

https://fossbytes.com/tor-enabled-sim-card-keep-you-anonymous/

https://btcmanager.com/bitcoin-wallet-samourai-dusting-attack/

so get this

a lot of modern hard drive platters are made of glass.

destroying them fully may be as easy as a tuned sonic blast

or a strong impact

or a drill

yup

DEFCON23, they had a guy who runs a datacenter experimenting with nailguns, directional explosives, and thermite

nailguns look very promising

I'd prefer the explosives

platters in desktop / server drives are usually metal

not ceramics

not to say they can't be, it's just usually

laptop drives are more often ceramics than desktop drives

@errant pilot the problem is the explosives largely didn't work

and, by using explosives you commit tons of felonies in the process

so the law doesn't "need" your computer anymore to convict you

I bet degausing would be most effective

Not as fun

I mean

destroying evidence is illegal anyway

and beyond that, destroying your own property isn't illegal

ceramic, same thing

glass is legit btw

they most certainly can be made of glass

:P

and have been.

and still are.

er, no.

Ceramics and glass have been / still are used

@thorn obsidian Its IP based

You won't be using cell phone credit

Lol

Its internet based

¯_(ツ)_/¯

Hm

Idk

do you have to trust your ISP for Tor to work?

Lol

I didn't know they always had to be a non-magnetic material

yah

they coat it with a magnetic substrate

so that it responds consistently to magnetic fields

didn't they used to be iron? i thought the magnetic fields are too "small" for a magnetic or metallic material to interfere with it

even if you had a solid bit of magnetic metal it'd be hard to control the read/write

yes but you've got to think about storing and holding that magnetic information

it's easier to store data on a thin magnetic tape instead of a thick iron bar

Yea

Stuff is encoded to the sim bro

That'll enable you do do that

And some AP you'll have to configure for traffic to go through ur isp

Maybe orbot ye

Brass Horn

😂

This is for people who care about privacy and security

It should improve in the future

Was tor fast when it first came out ?

Interesting

It blocks all non-Tor traffic from leaving it

Yes, regular calls and texts can be intercepted

If you're not running Tor, then the Sim wont send data.

Once its encrypted yes

That SIM card can also not use calls / texts, it's data only.

^^

It's an interesting concept

Who doesn't care about that

I don't want my isp to monitor me

Tho I do nothing bad

get some of those data stuffers

things that basically browse on random shit in your name

Plus you guys know that facebook messanger texts are not encrypted right ?

yes

Just sent over ssl

Its terrible, I decrypted my traffic once and my token and all that was exposed

Uhuh

Wait

Stallman is still alive

Wooo

We have emotes of him in programming discord server

Yea

😂

Hold on

@thorn obsidian

lol

Hmm

Fantasy can be great

gtg now

https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html?m=1

lol man

this will get interesting

https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/

That thumbnail tho

It looks so sad 😥

@thorn obsidian is that on top of your package?

hi guys

Like Sims are pay-as you go

Right?

If that is the rate for that sim... That's a better deal than anything else

@thorn obsidian did you add a extra zero?

0.025 * 40 < 1?

Oops I'm bad at maths

That's the going rate / MB in the UK

Either that or 1p

https://nakedsecurity.sophos.com/2018/10/30/snakes-in-the-grass-malicious-code-slithers-into-python-pypi-repository/

Be careful what you install folks!

Tl;dr: Malware deployed on pypi as colourama to trick people trying to pip install the legitimate package colorama

ugh what

old news

Clearly I have the wrong news aggregator

Heh. I got it from Naked Security today, I blame them

@thorn obsidian for britain, yes

We have shitty 3G never mind 4G in most places

https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407

https://twitter.com/x0rz/status/1057292218623553538

https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal

"For over five years" Damn

https://gbhackers.com/kali-linux-2018-4-released/amp/

Addition of Wireguard VPN was the big thing for .4

Along with an experimental R-Pi 3 B+ 64-bit image

Yup.

https://cdn.discordapp.com/attachments/453232648584953886/507511530397499392/unknown.png

I was linked this earlier

10/10 would use service

https://www.reddit.com/r/ProgrammerHumor/comments/65l9yq/logins_should_be_unique/dgbmbj6

https://blog.zimperium.com/cve-2018-9411-new-critical-vulnerability-multiple-high-privileged-android-services/

Heyo, I'm wondering if it is possible to send encrypted requests? ( I don't want my program to be listened to by wireshark and have the requests revealed )

if you are talking about http requests

just use https

the request will still be seen in wireshark though

the content is just gonna be nonsens

alright, ill get a quick cert for the subdomain then

And for obfuscating a .py (will end up as a .exe), any recommendations?

you can compile it to a .exe using for example pyinstaller

Yeah I'm aware of pyinstaller but do you know of some good way to obfuscate it?

A good obfuscator

I'll search, cheers ^_^ I was wondering if there was a way to compile and obfuscate at the same time

also when you start thinking about obfuscation you should think if you really have to do this

-> install kernel driver to hide your files

no i mean

install a kernel driver to hide the program files from anything the user does

or can i do that with LUKS

@thorn obsidian it's a problem if you haven't patched

and considering the majority of android phone producers don't sell the products pre-patched with latest versions etc

the android market place can be a security nightmare

also pretty sure @thorn obsidian never said it was a problem, just posting security related news and shit :3

was the full writeup available at that point in time?

Hmmmmmmm?

zimperium were the ones who reported it

^

it's a writeup of a security issue

not everything i post has to be a new critical security problem lol

@upper phoenix If you want to obfuscate Python code, you need to transform it into C-code, then compile the C-code into an executable. Cython is the general go-to tool for this, as well as Nuitka.

Cython: http://docs.cython.org/en/latest/src/quickstart/index.html
Nuitka: http://nuitka.net/doc/user-manual.html#usage

Nuitka can be run on your existing code without any modifications, so I'd give it a try before reaching for Cython. Cython seems simple, but I've heard it tends to be a lot more work than you initially estimate going in.

@safe bear Thank you so much 😃

https://lukas-vrabec.com/index.php/2018/11/02/cve-2018-14665-xorg-x-server-vulnerabilities-vs-selinux/

Se Linux for da win

you could also argue that microsoft has written lots of kernel stuff and because of that you shouldnt use the kernel anymore

NSA everywhere

👀

hey @thorn obsidian have you got the LAIRETAM DEI?

K

==ATPRVSQF0QgUGa0BCdhBydvJncv12b0BSdvlHIlV2U

https://thehackernews.com/2018/11/bluetooth-chip-hacking.html

CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures
https://seclists.org/oss-sec/2018/q4/123

almost everything you say feels like shitposting and i'm not sure why you keep doing it

it's a stack based overflow in bluetooth chip firmware

just because you need to be in bluetooth range doesn't mean it's not valid

not everything has to be a remote RCE 0day in a google product

jesus

also priv esc is an entire class of exploits and you constantly ignore them because "if you can run code that's obviously enough already"

which is just dumb

"kill chains"

Rarely are exploits used in isolation

In other words MS08-067 and friends are unusual

Usually you are combining multiple vulnerabilities and design flaws to achieve an objective

https://blog.erratasec.com/2018/11/why-no-cyber-911-for-15-years.html?m=1

https://mango.pdf.zone/stealing-chrome-cookies-without-a-password

https://www.phoronix.com/scan.php?page=news_item&px=PortSmash-CVE-2018-5407

sounds good

write about which ones are easily crackable and which of them can have DoS problems or whatever

i know for a long time anything written in python2 that was hashing user input was vulnerable to DoS attacks because of the hashing algorithm

https://shkspr.mobi/blog/2018/11/security-issues-on-artchain/

https://shkspr.mobi/blog/2018/11/domain-hacks-with-unusual-unicode-characters/

https://twitter.com/x0rz/status/1059744015665520640

https://twitter.com/x0rz/status/1059727163727994885

Has anyone used ZAP to simulate attacks of applications?

Question moved

There is someone who was a string for example :
String = “BztVsvjNgsnsisMvkdb”

Okay so that string is very encoded with base64 and then with rot13

But... he added letters to the string so basically when you rot13 decode it then base64 decode it it will give random stuff because he basically messed with letters.

He did it on purpose

If you’re wondering how he decrypts it he take the extra letters he put in the string and then decode it from rot13 to base64 and get the correct code

Here’s what I mean

This guy a has astring like I said...
String = “jskeheldiwnfolwroGoVjCkf”
(Not exact string lol just example ^^)

So this guy encoded it with base 64 right?
THEN
He added random letters to that string to corrupt it or whatever

THEN

He used rot 13 to encode that base64 string right?

THEN

He did the same thing he added like random letters random places just to corrupt it

SO

If you try to rot13 decode it and then base64 decode it won’t give you the actual code it will be messed up

How can I know which letters to remove from each encoding

Any help is appreciated

By idk if it’s possible because it’s gonna take ages maybe to know which letters are the extra ones

Is this an assignment or something you found in the wild?

I would check for characters that aren't in base64

@native edge it’s a challenge for $50

Also he can use characters like GLbcKfX or whatever how am I suppose to know ...

What are the clues

None , literally, none.

He gave us the string and that’s all

you could try bruteforcing it if the string isn't too long

It’s a big junk of coded stuff

Like a huge code

Any ideas @native edge

not without any of the info no

@native edge if I give u the string would u try

I could give it a quick look but it's 2:30 so i'm off soon

Ok imma send it tomorrow on this channel because rn on I’m on my phone

And I forgot what the link is because it’s on my pc

@silent pier ZAP is more of a reverse proxy with plugins not an attack tool, and it doesn't simulate attacks it just attacks stuff if you run the plugins

¯_(ツ)_/¯

Uuuh

I still keep having issue with it crashing while im using it

Hello

Have an important question

Anyone who is familliar with python internals here?

!t ask

Ok so

Python processes a string in a certain way say I write

In python 2.7

Print '{}'.format(a)

If i do something that resembles sql injection it just prints the statement as a string

But in sql injection it doesnt it like actually prints The code itself there even though it asks it in like $_GET

I'm wondering why is it

And how does these two different language process strings and how python defends from it

You are confusing an SQL query with a string

I know the data structure is a pystringobject

But why I'm just trying to understand it more in depth to understand why sql doesn't do the same or why it can't

A string is just some characters with no special meaning attached to them.

If you want to execute the code in a string there is eval() and exec() but those are generally adviced against

But the sql query recieves a string isn't it?

and executes it

Sorry just still don't understand why sql actually takes the input and doesn't apply it as a string but as something else

If it wouldn't take the string it would do nothing at all

Cause it compares it to something else isn't it?

The string tells SQL what to do

so it does it

Hmm I understand that just not the logic behind it

Like why would they no santize it all I'll look into it thougj

Thanks 😃

How would SQL know what to sanitize

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = txtUserId;

Let say I have this

I don't understand why if i enter OR it actually parses it as a comamnd

Cause usually in the queries the stuff you need to get is a string int etc.. not a command

So why does it even allows it

Maybe I'm missing something big here

But this is the reason i'm looking into it

That stuff doesn't happen in SQL itself, it happens in php, python, js etc and then gets passed to SQL

You would do the sanitizing in those parts

Ok cool thanks

basically, the programming langauge (python, PHP, etc) will substitute values in the string txtSQL = "SELECT * FROM Users WHERE UserId = txtUserId; for actual values (in this case txtUserId is replaced with the value of a variable) and then passes that to the SQL database, which executes it. SQL has no idea anything has been injected, the manipulation of the values happens in the programming language not the SQL server itself.

the reason python strings are not vulnerable to injection is the same reason SQL isn't vulnerable if you use parameterized queries, basically it just tells the parser that what it's reading is text and shouldn't be interpreted as commands

parameterized queries, is that what they're called?

https://blogs.msdn.microsoft.com/oldnewthing/20181106-00/?p=100145

On the topic of sql, whats the package for detecting sql injections, written in python

Uh- i mean it's a software

Not a package

gah Imma have to dig through knowns logs

sqlmap

Huh

ZAP did things to this notes part of the app im testing

Interesting

So I took this code from online source

from Crypto.Cipher import AES
password ="Yp2s5v8y/B?E(H+MbQeThWmZq4t6w9z$" #generated password
obj = AES.new(password, AES.MODE_CFB, 'This is an IV456')
message = "Answer is this"
ciphertext = obj.encrypt(message)
print ciphertext

obj2 = AES.new(password, AES.MODE_CFB, 'This is an IV456')
dec = obj2.decrypt(ciphertext)
print dec

So

new question

so basically idk why this doesnt work

so basically ive got the encryption thing right?
the

ciphertext = obj.encrypt(message)

so i put it on gist for a test I made a secret and got the link

and i did this...

from Crypto.Cipher import AES
from urllib2 import urlopen
connection = urlopen (link).read()
IV = "93KMsZC8914MXaWQ"
password ="""GZz9ex8WZ#Q$XuPdQJCRVTsDx+j$G!^x""" #generated password

message = connection


obj2 = AES.new(password, AES.MODE_CFB, IV)
dec = obj2.decrypt(message)
print ("Decryption : %s"%(dec))

but it gives me another thing how could i fix it am i doing something wrong

like bunch of random letters

@thorn obsidian not really helpful in this situation?

@thorn obsidian if you are URL opening the URL to the gist what you receive is the html containing the stuff submitted to the gist platform. And as the html does of course not equal the normal text and as CFB makes the blocks depend on each other you just get a bunch of non sense

Also why are you using python 2.7 xample?

Pythons cryptography library support in 3.x is very good too, there is no reason to stay with 2.7 in this situation

lol district health software @silent pier

also here is a thing
https://www.helpnetsecurity.com/2018/11/07/virtualbox-guest-to-host-escape-0day/

Yes it was dhis or some other software that was handed down to us

@orchid notch because I started at code academy and they started python 2.7 with me so I got used to it and everything

I want to switch to python 3.x but idk where to start or whatever lol

Also idk which 3.x version to use

If you are on windows latest aka 3.7

On Linux the one provided by your distro

Where do I really start @orchid notch

Start with what

The thing is I’m mostly scared of my old projects not working on python 3.x too

Port them

It's not that hard

Usually

Where do I start learning 3.x I was hoping like codeacadmey where they ask you to build the code itself

Also what if there modules python 3.x don’t have

The steps from 2.7 to 3.x are really minor

At least syntax wise

You will be able to Google the vast majority of errors you get if you are already familiar with 2.7

Hm well

I’m probably gonna get 3.7 today

https://twitter.com/msftsecresponse/status/1059877873924755456

Bitlocker on windows sometimes used hardware encryption, which is literally none-existant on some SSDs

because of course it was

muh 32 bit null encryption password amiright

Has anyone written a Threat model for some software / a web application before?

yah @thorn obsidian

that's actually a problem for us

We used Bitlocker on a couple of laptops with Corsair SSD's in

had to Veracrypt them

https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/#p3

chinanumberone

Mmmmm yes

BGP routing

@silent pier never had the need to write a threat model but owasp is generally a good resource for all things security related to applications

Yeah, I've read through it

But I'm kind of stuck as I have to provide a Threat model to something I'm not involved in designing nor developing

hmm thats tricky

So i'm supposed to write one based on results from a few analysis and pentests

But it's sort of too late to write one.. as the software is finished i feel

ah, well did they resolve the issues from the pentest ?

There weren't too many to mention

and i feel like the results from the pentests itself would be a great start for the threat model, essentially a summary of what is exploitable and how badly they can be exploited might do it

It's been through quite a bit of mud so far i'd assume

i see

Mostly dynamic table sqls

and mostly not handled potential nullpointexceptions

and you were able to verify em too ?

source code tools are known to provide a lot of false positives

I reviewed the sourcecode

but I can't actually test it

hm, can't run your own local instance of it ?

They just have the potential to be an sql injection

I can

But it's one of those, if something goes wrong, this could have a much bigger impact because they didn't follow prepared statements standards

etc

right

I have no idea how to actually break it in that way

And ZAP didn't provide much more than a few xss and buffer overflows on the api

in that case, i'd stick to theory and go down the path of what sqli is capable of doing

which is dumping databases, OS command exec etc

and explain it in that manner

eh

he doesnt have to know how AES works in order to use it

surely you don't need access to the source to figure out the threat models?

and the wikipedia articles about the depths of AES are confusing to say the least

even the original paper is a better read

Just identifying weaknesses and where you're likely to be attacked, right?

and the potential from that

Yeah I've already dug a few holes for what poorly built sql queries can do

cool, yeah i think that is your best bet. explaining what they can do if they go unfixed

for example @thorn obsidian this is how we multiply when calculating AES stuff

    pub fn multiplication(a: u8, b: u8, m: u16) -> u8 {
        let mut res = 0;
        let mut a:u16 = a as u16;
        let mut b:u16 = b as u16;

        let mask = !(((!0) >> 8) << 8);
        for _ in 0..8 {
            res ^= a * (b & 1);
            let carry = (a >> (8 - 1)) & 1;
            a = (a << 1) & mask;
            a ^= m * carry;

            b >>= 1;
        }
        return res as u8;
    }

Based on how i figured a threat model is to be designed is as a look up for devs to make sure all vulnerable points are covered with the correct controls

and yea @lusty flare you dont need the source, but at least a high level of what the app does, workflows and architecture is needed

I mean for a threat model you could literally just point out where the important shit is and how it's exposed

and the most vulnerable point of attack

yes

so why understand AES

that is exactly my point

¯_(ツ)_/¯

God damn UK Discord is laggy as fuck right now.

yea basically just point out where in the app it is exposed and how bad it can get

but then theres this whole thing The technical steps in threat modelling involve answering questions: - What are we working on - What can go wrong - What will we do with the findings - Did we do a good job?

yes but if you say he doesnt have to understand it in order to use the packages why post the link

what profit would he gain from that

I can't answer those, as I am not building the app.

Other than what can go wrong

actually AES itself doesnt give a fuck about IV

the IV is part of the modes of operation

not AES

that this does not work has nothing to do with the miss understanding of AES but with the miss conception that a web page from github gist contains the html

and not only their encrypted message

That is fine @silent pier , imo i'd just stick to what you found and provide an overall recommendation to the dev team or whomever is reading this threat model

i'd say with that you've done your due diligence and answered the questions as best as you could

Well shit, i should restart discord more often. 14 updates.

and it's still fecking laggy

lol thats why i stick to the web client

Fair

I guess that chapter of my report wont be that big then

it will be if you import those sonarqube results 😉

Oh I have, they were all screenshots of my report

sweet

how would you secure a sqlite db

against what

@silent pier make a threat model

I did

make one for sqlite dbs

No.

@silent pier well users not able to read the data

worst case situations

maybe password protect it

idk how

Do they have access to the db file directly, or indirectly?

Or are you thinking about querying for data

well i just simply want to extract the data inside the database safely

because the user can view the database

or sqlite

whatever u call it

I'm not quite following. You want to extract data from a db without the users seeing it?

well yes
but they can just simply open it and there u go

this is what i mean

https://gyazo.com/ad7894c76cadcb7427e958231f805eb1

like this

i dont want them to able see these things

these things as well

https://gyazo.com/7fbef2d3444954da706357a692bd0d1f

I guess my question stands, Can they access the file then?

yeah

You could encrypt it I suppose. I haven't done any database file security

mostly queries and avoiding sql injections

https://www.zetetic.net/sqlcipher/ for instance

i wish if i can install it

but it wont let me

sqlcipher

ive been trying for ages doesn work

did you clone the repo?

see what i mean

https://gyazo.com/9af5a7df7377d0b2c8f429ac5f8c0036

wdym clone the repo

git clone https://github.com/sqlcipher/sqlcipher.git

i dont have git clone

git is fairly common, you should probably get it if you don't have it.

uh

how do i get it im searching rn

ok imma install and brb

ok i got git

now imma execute that command

well its finished but still says

ImportError: No module named pysqlcipher

@silent pier any other ideas?

You'd run the script directly

afaik

I've never used it

wdym run the script

directly?

https://github.com/sqlcipher/sqlcipher/blob/master/README.md

I know just as much as you at this point

okay well thanks for ur help

😃

lol

xample wasn't aware what was git clone

https://www.elttam.com.au/blog/ruby-deserialization/
Ruby 2.x Universal RCE Deserialization Gadget Chain

https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-malicious-inpage-document-and-outdated-vlc-media-player-to-give-attackers-backdoor-access-to-targets/

https://medium.com/asecuritysite-when-bob-met-alice/doh-what-my-encrypted-drive-can-be-unlocked-by-anyone-a495f6653581

🤔

"" as master password

yah

BitLocker also happens to use the HDD built in encryption option if available

could anyone give me a quick rundown on basic string encryption that can also be decrypted (something like AES I think)? I'm a newbie at encryption and would like to learn how to do the basics 😃

https://www.youtube.com/watch?v=jhXCTbFnK8o

@buoyant maple

https://docs.python-guide.org/scenarios/crypto/

https://www.dlitz.net/software/pycrypto/api/current/Crypto.Cipher.AES-module.html

👍 thanks

also, what is the use in SHA one-way? seeing that you will never get data that you encrypted back, whats the point?

for things like storing user passwords, they're very useful. those hashing algorithms will always give the same hash for the same text (i.e "hello" would always hash to "2bd782f..."), so you may store the hash of a user's password rather than the password itself. that way, their password isn't stored plainly in the database.

>>> import hashlib                                                                                                                                                                                                   
>>> # create a new password hash:
>>> pass_hash = hashlib.sha512(b"password123").hexdigest()                                                                                                                                                           >>> pass_hash                                                                                                                                                                                                        
'bed4efa ... b6ac4bf'  # spooky, it isn't plaintext now. 
>>> # attempt to log in using a different password
>>> attempted_hash = hashlib.sha512(b"password321").hexdigest()
>>> pass_hash == attempted_hash
False
>>> # now log in with the correct password
>>> correct_attempt_hash = hashlib.sha512(b"password123").hexdigest()
>>> pass_hash == correct_attempt_hash
True
>>>```

@buoyant maple

Never store plaintext password

aaah, that makes sense

(was going to ask a question but realized it was bad)

¯_(ツ)_/¯

hashing is not perfect on its own, but i must go. someone else may explain rainbow tables and salting, or you could research it yourself. :)

👍

i have heard of rainbow tables before, something like pre-made hashes?

ah 👌 (didnt see you where going)

Rainbow tables is a start hash, and an end hash with an algorithm to generate the next hash

or start password

I forgot how the start goes

Nontheless you hash the password, and use an algorithm to generate a new plaintext password from that hash then hash that password and reapeat

why dont we just convert all commonly used paswords into hashes

once you reach x amount of hashes you save the end hash and start password

and try them

Later to look up you run the same algorithm on a hash and if you get the end hash you know that password is in that chain of passwords you generated

Thats a dictionary attack

yeah

Benefits of rainbow is it takes more computational power but is considerably smaller in size

while dictionaries of passwords can get insanely large

Its easier to explain rainbow tables with graphics tbh

but you can personalize the dictionary depending on their character

i think thats how it goes atleast

Yeah, but you can do the same for a rainbow

👍

Thats dependant on the algo you use

http://kestas.kuliukas.com/RainbowTables/

I couldnt find any of the resources i used for it

but theres an article about them

one more question: will the SHA algorythm itself (not talking about how many bits it has or quantum computers) ever have a security weakness or is it something special about the way its made? I have seen a wikipedia article on the diffrent hash types and MD5 and SHA use the same "constructuion"

Besides being brute forced with a low about of bits..

Dunno tbh

because them 1 time pads are said to be un-crackable with SHA/AES, that must mean that them algorythms are impenitrable to weaknesses

You can guess the plaintext and convert that to conpare with the hash

But I guess what they mean is that you cant get the plaintext from the hash

👍

not sure what freenode is but assuming its either a discord channel or 3rd party chat thing

IRC

there will always be some people still using it...

https://xkcd.com/1782/

mm

I didn't mean to convey surprise

I know many use it

But I don't need to understand why it is still as popular as it is

anyway, yeah Owez, IRC is basically one of the first internet chat applications

it's been around since - i want to say 1988 (Freenode itself has existed in some form since 1995)

https://github.com/M4cs/BabySploit

Been wrking on this for anybody who is new to pt or python it may be a nice project to check out

Nice ASCII art 😆

@safe bear thanks lmao

had to think of something cute but deadly

👌

@thorn obsidian thats weird 🤔

@thorn obsidian its due to me having that as the hostname in /etc/hosts

Interface addresses should be in /sys/net/

@thorn obsidian @safe bear i fixed it anyways

    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(("8.8.8.8", 80))
    ip = s.getsockname()[0]
    s.close()
    print(banner)
    print("")
    print("          [i] Current Local IP: %s [i]" % ip)```

what if you dont have internet access macs

8.8.8.8 could be blocked too in some networks?

https://www.raspberrypi.org/blog/three-factor-authentication-raspberry-pi/

@chilly elk /sys/class/net/<iface-name>/address. That file will contain the IP address of the named interface (e.g. eth0 or enp0s1). However, I don't know if it will have multiple addresses if an interface has multiple addresses (which, yes, is a thing, and something I've encountered many times).

Also BTW, making a random network request buried in the code of a red teaming code is NOT good practice.

@safe bear fair point

In case anyone missed it

a Wordpress plugin for GDPR is vulnerable to some shit

https://nakedsecurity.sophos.com/2018/11/13/wordpress-gdpr-compliance-plugin-hacked/

The most casual use of the attack is to just rewrite the wp_option site_url to redirect to malicious shit

however combined with woocommerce and some other shit allows PHP shells

vulnerable to some "shit", you're hilarious @lusty flare

i mean if you want a full break down

i'm happy to tell you :P

basically the plugin allows someone to submit an ajax request or some bollocks that then allows them to leverage wordpress internals to create new user accounts with administrator privileges

from that point they can modify the wordpress config etc etc

I'd love to hear them.

in the cases i've had to clean up this week it's thankfully only been people modifying the siteurl option

which is like the "base url"

e.g. http://{{baseurl}}/whatever

so they changed that so it redirected to a load of dick pills and porn

bad look for a school

In that case, LiveOverflow URL video is good for this reference.

Redirected to spam?

yah

they could've done much worse

with WP admin creds they could've installed a PHP shell or some shit

pwn'd the container

That's suspicious.
Reminds me of MITM attack.

I understood it, quite a good discovery.

eh, yeah kind

it gets worse if the Wordpress site had the GDPR plugin and Woocommerce installed

woocommerce being one of the most common store fronts for Wordpress

could've managed to get some shit in wp-cron.php and created some kind of persistence

Patch released?

Yes, patched.

Pretty quickly, actually

Oh.

Didn't see that coming.

Well, there's a difference between there being a patch and the patch being applied

patch came out on 6th Nov, the sites I had to look at were compromised on the 8th Nov

First signs anyone actually did anything to the sites was on the 12th

heh

seems like they did the ajax leverage thing to create a pair of administrator accounts and then disabled the flaw

sneaky sneaky, close the hole after you get in

Didn't see that coming too.
I wonder if it's still vulnerable or not.

well the plugin is patched but loads of people wont have patched it

etc

If I'd knew some exploit development I should've tried it.

Hey guys.

Do you consider putting secrets in your environmental variables/.env a bad practice?

yeah since any sub processes might end up seeing it

also putting them directly in the command line arguments is bad, since you can see it in the process information on some os

and ofc the shell history

It depends on the context

If you're running a service in a container, environment is acceptable practice AFAIK

For a multi-use server/host, though, it's definitely considered bad practice, since any arbitrary process could read them

ah i did not think about containers with just one thing in them

Take that with a heavy dosage of Salt, though, since I'm not very knowledgeable or experienced in web security.

personally i would still not do it just to avoid accedents and leaking it in to reporting software but its an interesting way to make it safer

@upbeat palm long time

What's new in cyber security?

Not really that new, but y'all heard about this last month right?
https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8

@gentle heron I've done it in the past but I'm transitioning to aws ssm

I like the idea of having a declaration of secrets somewhere but not in anything that could get accidently pushed to github etc

I think what I'm going to do is use a env file in VSC for local testing with non sensitive configuration settings, and use aws ssm to get the secrets during runtime.

And add the .env to my .gitignore but if it leaks the worst it will do is leak my region and company name.

This is all new to me though so I just wanted to idiotcheck my methods

@wooden vigil Might know something about best practices

@velvet isle Had dengue so...

@thorn obsidian im finding another way

@upbeat palm Oh that's sad to hear man

@thorn obsidian I'm using serverless

I'm trying to follow 12 factor principles as well

anything?

You probably don't want to see my desktop >_>

Basically a backend app that automates some stuff between two third party SaaS APIs

With a front end API to allow us to call some of these custom functions too

I'm probably over engineering it, but I'm using it as a portfolio piece to try and break into software dev

So I'm trying to learn how to do everything properly with devops/agile principles

CI/CD, Web frameworks, on AWS infrastucture seems to be the in demand skills in my area.

If I go with VPS that's a whole load of things I have to worry about that I don't have to worry about with serverless/lamdba

True

True but I also learn alot about serverless, infrastructure as code, API gateway, secret manager, continuous deployment, automation of testing, qa, deployment ;)

Anyways I don't want to turn this into a #career-advice discussion :p

Ops roles really don't seem to have much demand or salary as dev, devops roles in my area

@velvet isle I'm good now, I guess.
What have you been learning since then?

@thorn obsidian serverless at our scale would be practically free

A couple of dollars a month at most.

https://twitter.com/i_bo0om/status/1062692042793512961?s=20

[04:58] Scott: So how much are you projecting to spend on AWS?

at the beginning of the month about $12bn

@upbeat palm Just reading random articles about how to grab this and how to break that

Anything specific?

Nah. Just tweets from people and inspecting repos

@thorn obsidian Check the pins for this channel

@safe bear Can you link me to good CCNA security course on YouTube just like you did last time for CCNA?

No sorry, I don't know any other than Shrike, which is in the channel pins

https://signal.org/blog/sealed-sender/

Signal is well known for its security.

gdude posted this in OT but I also feel it belongs in here too: https://nginxconfig.io/

OT?

Off topic

Oh.

@upbeat palm You know about i2p?

well

that and the fact that the key to decrypt the local database is stored in cleartext on your local machine

🤔

Why do people care so much about this plaintext thing

Don't you store private keys in key files?

lol

back to making my web scraper

haha

@velvet isle The anonymous network software?

Yeah

I started using it recently

Features are good.

Glad I caught you while you're online

I tried doing some sslstrip on my phone today but apparently some sites have updated to not load without https

Like facebook

I tried burp to intercept the traffic

But ssl pinning on the phone is blocking me

https://www.netguru.co/codestories/3-ways-how-to-implement-certificate-pinning-on-android

Ha

I saw that earlier

There is some app to bypass it

Version of your android OS?

8 (Oreo)

Galaxy s7

That's strange.

https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/

This is happening because of improper implementation?

Um

I don't know the design

I was at a cyber security event and I heard this guy had some people open their facebook app or something

and his face appeared on their screen like video chat

😂

Idk how

Dig deeper.

comments on what that guy did ?

Yup, you went to blackhat event?

No

Some local thing

Oh.

I live in south america

Cool.

What are some great tools you use ?

Depends on what I have to do.

You should check the RFTM/BFTM.

@velvet isle

Oh nice

So you mostly do wifi stuff?

No...no, it has everything from web application pentesting resources to Cryptography.
Like everything you need to become a red teamer.

BTW checkout Empyre repository on GitHub, was referenced in Hacking:AoE.

I'm off, ciao.

Okay later bro

Don't clone Empire tho

Your AV will decimate it

https://antichat.com/threads/463395/#post-4254681

Interesting read, but it is in Russian. Basically exploits a vulnerability in the library PHP uses for IMAP. Specifically, it is a vulnerability with connecting using rsh (he couldn't manage to connect with ssh for some reason). Funnily enough, it actually takes advantage of the -o option with ProxyCommand in ssh. Therefore, it only works on Debian-based distros because, for them, rsh is basically an alias for ssh. He bypasses command parsing with the use of $IFS$() for spaces and base64 for slashes.

He mentions that, for the rsh call, we know we at least have influence over the hostname. The hostname is taken from the imap_open call in PHP. This seems to be how the -o option gets passed to the rsh/ssh call.

@safe bear Not when ur using kali

https://giphy.com/gifs/culture--think-hmm-d3mlE7uhX8KFgEmY

🙄

@thorn obsidian For one thing, with pgp private keys you can/should use a passphrase. For another thing, the target audience of Signal does not, in general, have the information security education to know they should be using FDE.

And lastly and most damningly, the fact that they bothered encrypting the database at all shows that the people behind Signal know full well it should be encrypted, and were relying on security through obscurity.

Damn

Its 12:42am

Wasn't expecting a ping lmao

Frida is something I heard about but didn't read up on

didn't truecrypt shut down a few years ago with a confusing message telling people to use bitlocker instead

anyway, signal is aimed at non technical users so i think they have a duty to be responsible about these things, and that includes having the option to encrypt the database with a password

i don't know if the mobile app does anything like that or not

How else would you suggest to encrypt the desktop?

Anything that encrypts and stores in userland, is vulnerable to something running in userland

the point is

storing the encryption key side by side with the encrypted data without relying on any user input to decrypt

is no better than no encryption at all

this isn't about a sophisticated attack involving something "running in userland" at the same time as it gets decrypted

It prevents your mother from reading your texts I guess

it's about the fact that someone (a thief, law enforcement, etc) can get your data just by taking your computer, even if it's powered off and nothing is running and you never use it after you know they have been to your house

That's why you use disk encryption

Some sort of password-based decrypt would be a excellent feature

security software is worthless if it's not secure unless you use other security software

But Signal's focus is a balance between usability to attract the common person and privacy

a password doesn't make things unusable

people use passwords all the time

maybe warn people in advance that if they forget their password there's no way to recover the data but

More than they have to do for any other messaging client

They enter their password once and forget about it

Just the whole local DB thing seemed overblown

Their focus is on preserving privacy in transit

Not on the endless battle that is client machine privacy

Maybe they add a password, they if the user doesn't have FDE they're safe

But keyloggers still get it

And it can be read from memory

Then you have to add protections against those

KeePass does this fairly well, but it's not also trying to secure end-to-end communications and server-side

Key wrapping?

does anyone have a good video series or anything that explains dnssec on a technical level, i.e. not a high level brief overview

i think im not wrapping my head around different resource records in DNS and makes it hard to understand DNSSEC

Norton Security?

In terms of password protected files, how does the software detect whether it was correct or not. Does it prepend the pre-encrypted file with some kind of expected value/string that basically serves as a canary to immediately (or sooner at least) signal whether the key was correct or not? I apologize if this belongs in help, I just figured I'd ask here since this isn't Python specific.

some programs store a hash of the key inside the file

and others use other stupid and insecure methods to store the key in themselves

and if you just decrypt a file which has been encrypted using some algorithm before you actually cant know wether you were right

you will have to apply algorithms to check wether what you got looks like a valid language or w/e or just random gibberish

https is not a software

it's a protocol

just because almost everyone does something doesn't mean it's perfect either

I'm not arguing that you can't store passwords on a user's device

but there are (at least slightly) better methods than plain text

both sides of the argument are valid

@orchid notch thanks for responding, I'm just reading this. Imagine this... having a text string encrypted with the same key as the file that's an expected value (such as the name of the product), and if the password input decrypts to that expected value, it can then signal a success on the client? Would that be insecure at all? This wasn't mentioned but of course the AES key would come from the string being ran through PBKDF2 or scrypt.

Putting this in Security too because I thought it was cute.

https://www.youtube.com/watch?v=IV2V_fdvZb4

Steps:

1. Tamper with device (rip cover off and potentially remove alarm signal wires)
2. Tamper alarm goes off because you're tampering with it.
3. Take the fuse out of the fuse block next to it
4. Re-insert the fuse back into the fuse block
5. Alarm resets into the untampered and untriggered state.

Now you know how it works?🤔

Hmm?

Nevermind it.

yes. what are we doing in security

👀

Is using a sanbox for executing payloads on my host machine a recommended thing ?

What do you mean with sandbox? And where does the payloads come from?

Are you worried that these "payloads" can cause problems on the host?

I got my question answered nvm lol

Doesn’t seem like much of an answer

@errant pilot I got what I wanted to know tho

Lmao

@sullen hazel I was worried about what the payload can do to the host

I don't wanna set up a vm to test them

Unless there’s more to the conversation then all you got was shit on and no actual information

¯_(ツ)_/¯

All in all

I wanna test the reverse tcp payloads on my win10 machine

But Im afraid to execute them and I don't wanna use a vm

So I thought using a sandbox may be more safe

btw these slides are worth checking out: https://itsecx.fhstp.ac.at/wp-content/uploads/2018/11/02_Rene_Freingruber_Flying_under_the_radar_freingruber_v1.00.pdf

Preview

@safe bear when memes get trending

@chilly elk are you macs from that repo ?

yes @velvet isle

i can edit the topic and everythign haha

in that photo at least

Nice

Well it's good to meet you

Looking forward to more great tools

https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md

@upbeat palm Here's some gud stuff

Believe me, you won't get anything better than Red Team Field Manual, but it's a good list. @velvet isle

👌

@chilly elk Nice dude

NICE

It's such a silly name lol

i know haha

But hey stars are stars

¯_(ツ)_/¯

THN picked it up

thats why it blew up

Of course

I only follow netsec now, THN is too meme-y and vaporous

agreed

https://moretip.com/ is great too

Discovered them lately

@velvet isle appreciate the support btw

@velvet isle i made a base framework template for another member in here that is basically the basics of BabySploit, NaviSat, and DarkSpiritz if you wanna check it out

https://github.com/M4cs/PyWork-Base

@chilly elk no read me yet

yeah literally threw it up like 10 mins ago haha

Welp

I got exams coming up . Can't say much of what I expect to see

Since I won't have time to even think of something great lmao

good luck man i remember school blech

Does it also have 10 nested if statements?

@safe bear was that for the nmap thing?

It was in dark dpiritz

oh the glob lmao

for the show command haha

Yeah maybe?

Was at the end of a py file

yeah

I gave you shit about it

bad code lmao

Because it took years off my life

i use different methods now

YEARS

(terminal tables 👀 )

What are those?