#cybersecurity

What’s this from?

this is just a puzzle that i have created to test a security theory. that's all.

let me know if you have any questions

so an ASCII message was converted to hexadecimal before being fragmented in a specific way. the challenge is being able to reconstruct the message. the theory that i am challenging is that this fragmentation technique is secure enough to protect the confidentiality of the message.

I’ll try it later

Is this ddosing while True: requests.get(url)?

it is not, no

it's not distributed (the first D in DDoS) and it's not a denial-of-service

But wouldnt that cause a lot of processing for the website which could potentially denial the service?

not as much "processing" you'd create for yourself

So this is nothing?

... no

ah

you need a LOT of bandwidth to be able to send a number of requests which would start slowing down most modern servers

this is why botnets are a thing

so basically the same thing but like way more of it?

it's a bit more nuanced than that

botnets are like groups of computers infected which send those requests, right?

yes

but you won't be DDoSing anything modern with just GET requests, modern web servers know how to handle that fine

most responses come straight from the cache anyways, meaning the web server does 0 processing

damn

is there like a website or smth that would show how much of that bandwidth you're causing?

any such website would be meaningless as it would be different for each receiving server

ah

in any case, you should keep in mind attempting to DDoS anything which does not belong to you is illegal

!rule 5

I was just wondering

@thorn obsidian you could just make your own virtual server in gns3 and test it out there with multiple virtualised instances of linux

thats under the condition that your pc is powerful enough. say around 8gb ram

@worthy moss no luck solving it yet? 😄 no problem

i guess its strong after all.. unless someone wants to prove me wrong

Oh I’ve not tried

🙂 hahahah

If I wanted to create a brute force program the prints out every possible combination of letters numbers and characters how would I do that? What would be a good place to learn that?

@errant burrow i believe itertools.combinations() is what you may be looking for

i've done something quite similiar to be honest

depends specifically what you are looing for though

do you have an example?

Thanks. I looked into it and used itertools.product

I have one made that I found online that does decent

@thorn obsidian How do you define a badusb?

!rule 5

oh, sorry sorry i did not know

i will delete my text, sorry

Still surprised no one has solved my ctf challenge 😂

💪guess it's a strong security 😎

I'll give people about 5 more days

what challenge?

@cold fossil https://discordapp.com/channels/267624335836053506/366674035876167691/693832868056531094

i found it... I have no idea where to start at

@cold fossil hey there I can give you a hint

?
I haven’t dabbled in security much but yes?

Are you familiar hexadecimal?

A bit yes
I know that you took an ASCII text, converted it to hexadecimal, then split it at specific points

Yes ok so

What you need to do us first research what popular fragmentation techniques exist (basic ones). Or you could think of ways in which you could fragment something to make it obscure and reverse the process before applying it on the example I gave

For example...

Let's say we have abcde

You could make it into
Ace and bd which would keep them apart?

Now I could just fragment it in half (sorry meant to ad an extra letter there? But that wouldn't be efficient so I need a better way if fragmenting it

Ok I get it now

Yeah I won't five you anymore clues. But hopefully you get the idea

Remember there is a reward whoever solves it

If someone uploaded a file named exec or eval, with some code in their params, would a web server execute the code? e.g. a server with this flask app example: https://flask.palletsprojects.com/en/1.1.x/patterns/fileuploads/

no

Oh good. Thanks!

Not even in the allowed_file function in the above link?

uploading the files themselves is safe. as soon as you start processing the files in any way, you need to be sure that user input is escaped and not parsed as-is

for example, if I upload a file named $(evil_command).png which gets placed in /uploads, and you have a cron job which deletes all files every night, something like:

for $file in /uploads/*.png; do
  rm $file
done

that would expand to rm /uploads/$(evil_command).png, which would in turn execute evil_command

this example is sh-specific, but it applies in most other scenarios as well

I'm still confused, but thanks very much for the help.

in the example you posted, werkzeug.secure_filename() makes sure that nothing evil in the filename is parsed

for example, path traversals are neutered (so someone can't upload a file named ../../../etc/passwd and have it placed in /etc/passwd)

really? I thought that just removes slashes

Ok. I think I read somewhere you can remove execution rights from a folder or something.

Maybe I just need to do that then. Thanks! XX

File uploads has been a really hard task for me..

execution permission on a folder does not do what you think it does

Oh, I better research it some more.

The execute bit (x) allows the affected user to enter the directory, and access files and directories inside

sort of a misnomer if you don't know about the internals of linux, i agree

Appreciate the tips.

i always viewed it as like

you have to "execute" on a directory to see inside it

idk

I think I got the challenge solved

im taking basic ethical hacking at a community college

im in 9th grade and i know basic system administration and can work in the linux terminal

is this course gonna be hard?

its online btw

hm

network hacking?

hacking in general?

in general

oh

well you're probably set

it had like sql iunjections and ddos attacks

if they need to teach you something new it won't be hard

ok

if you know the smallest bit of SQL and networking you're good

cuz it didnt have a prereq just a advisory for cybersecurity fundementals but that class was full

ok

it's recommendation becaue they assume no prior knowledge

o

idk im just starting with college classes

yeah same

i did a intro python course but i already knew python and it was just recommended so i probs shouldn't have taken it

o

ok

thx

no problem

ddos attacks lmao

ddosing isn't hacking

🤦‍♂️

SQLi also isn't something to worry about if you sanitize inputs + use SQLAlchemy properly

Problems normally arise when people don't realize what attack surfaces there are

Stuff like user ids which are only referenced in URLs are really common surfaces for SQLi

User IDs in URLs? 🤔

If they are taken in by the server, and used for example to get a name out, which is then displayed back the the user an attacker can change the user id to a SQLi, and just like magic, off goes the database

Something like ?id=1 ?

or in user agents

^^

That's not how you write/setup secure systems. So hopefully no one is doing that 😄

You need to be under the impression all user input can be manipulated

Headers, cookies, forms, etc

I completely agree, it just normally isn't seen as user data because a normal user would never change it

Hence leading to insecure systems 🙂

xss in useragents is fun

normal? I've seen plenty of users manipulating a bunch of things they shouldn't 😄

Fair enough

Once pulled off an xss using user agents. They had left the log file open and the only thing it logged was user agents and ips [in a CTF, not just on a random website 🙂 ]

oh nice

I had a similar thing but on a real website! (obviously responsibly disclosed it)

Ahh, wheres the fun in that

realised that logs were sent directly to admins

I mean

lmao

Good job

turns out that badly made game sites have a whole load of vulnerabilities

it's basically a ctf

basically a ctf

lol

I mean it literally had everything

xss in several places, sqli, lfi, possible cookie stealing, possible credential stealing, reverse shell as root, etc

Fair enough

lfi?

local file inclusion

Ah, gotcha

Don't see that one mentioned nearly as often as the others

How to solve lfi -> Delete PHP

not good when there's a file that might as well be called 'credentials.txt'

Any of you play HTB?

file inclusion vulns do happen from time to time

would list them as one of the more common vulns

@rough schooner no, but i once met the dude who made HTB and I have a badge on my profile to show for it :p

Damn 🙂 - Kinda jealous

https://i.imgur.com/Sh7eVcS.png

👀

what is HTB?

hack the box

ah

I gotta say, I love the join in method... makes you have to figure out the invite

yeah it's pretty neat

makes me glad I learned HTML

I MADE IT!!!

@thorn obsidian I'd have to say local file inclusion is not mentioned nearly as much as SQLi or XSS though.

Decent sized chunk

Please note I have no verification this chart is right, its just a top google result

Looks about right though

@rough schooner But still not as much as XSS or SQLi 😄

Yeah

Kinda expected LFI to be a bit smaller

Also, comment spam isn't really an attack

That and 'email extraction'

More of a post explotation thing

Surprised directory traversal is as much as it is in that chart

Which, mind you, might not be an issue if enabled properly

Yeah

@fluid galleon sorry, we don't tolerate things like this on the server.

surely dir traversal falls under lfi

oh it's remote

not lfi

nvm there's one for local as well

rfi isn't directory traversal?

yeah I was saying lfi

Ah, got you

directory traversal has nothing to do with file inclusion :)

Anyone know of a pure python fuzzy hashing library?

ssdeep has weird dependencies and is also unfortunately GPL (legal poison)

ctph preferred

@hollow moth What's wrong with GPL?

GPL is great

corporate hates GPL because they'd have to publish source

whooooo

that graph is off

might be that it's from 2012

XSS and SQLi are like ~65% of reported attacks

this is "attempted" tho

oh one second then

let me get my salt

I see people talk about sha1 collision attacks. Isn't it very rare to have a collision with sha1?
Does it mean the person wrote some malicious code, and the file's hash matches the hash of a non malicious file? That seems very unlikely since it was already very rare to have a collision.. what am I missing?

Nothing, hash collision attacks are commonly called vulnerabilities meaning while yes, theoretically two passwords could have the same hash leading to a security breach, it is so unlikely that in practise it cannot be exploited.

Thanks Quebec.

No worries

@carmine wraith the problem isn't the collision itself - all finite length hashes will eventually inevitably collide. Rather, the problem is that with cases such as MD5 or SHA1, there are certain flaws in the algorithm which make creating colliding hashes (computationally) much easier. As an example with SHA1, generating colliding hashes with the vulnerability demonstrated by "SHAttered" is 100000 times faster than simply trying to brute force two hashes with a birthday-problem collision

as such, as computers become exponentially more powerful, the viable age for these algorithms is shortened drastically

which is why they should be avoided in any new software projects

Ooh. Thanks XX.

this does not impact just things like "file hashes", it also impacts the integrity of cryptography, the core concepts of which rely on cryptographically secure hashes

Ok.

and the whole thing of making your files hash match that of a trust file or w/e could obviously have security implications

stuff like sha256 is still used for hashing things because it's computationally fast, f.ex

so if you're not storing sensitive information

¯_(ツ)_/¯

Thanks. bisk.

@thorn obsidian @thorn obsidian our project is already open source but GPL requires that whatever you include it in also be published under GPL

Hence the term legal poison

Neat https://github.com/signalapp/Argon2

how is python implemented in cybersecurity?

^^

well, as far as hacking is concerned, it's not all that hard to implement a password cracker in python. Python also has functionality built into the standard library for cryptographic purposes so I wouldn't be surprised if something's used there. Although in general when it comes to safety it's probably a better idea to not use an interpreted language.

Python is a quick, easy and accessible as a language and hence it is often used to pull of custom exploits. In addition it has fairly good support on all platforms meaning it can be used in many places. Although in actuality the only time I ever use it in pen testing is:

python -c 'import pty; pty.spawn("/bin/sh")'

i use it to quickly prototype various exploits

for example, most of my exploits for Inteno devices are written in python https://github.com/neonsea/inteno-exploits

Can reverse engineering help if I want to find vulnerablities in a online working android app like a referral program kind of app?

Sure

might hit the holy grail

they could've hard coded keys into it

Devs, I'm havin' trouble with use BurpSuit

Every browser I try to open I get a privacy error

And I can't skip this

go to the address burp/

click on CA cert on top right

import that into the browser you use for pentesting (or system-wide CA store if you want to intercept other applications)

@proper tiger

how secure would you say a ceasar shift using a custom alphabet after putting random letters into the original string is?
I am not going to be using this for anything major but I am just wondering

not very.

easily crackable by looking at letter frequencies

The problem with Ceasar Cipher/Shift is if you can figure out the implementation, there is not much stopping someone from reversing it.

Affectionately known as security through obscurity.

alright
I am literally going to be putting this into a game I am making so...
it is going to be a challenge/reward for anyone that wants to dig in the files

The only time I can see a caesar cipher working is if you have multiple instances of the cipher. Something like my idea around how the Zodiac cipher would have worked: https://gist.github.com/Lvl4Sword/310c63f3c6d00accc1a8678eed65d5dd

But then you'd be getting into one-time pads

But if it's for a game, then it's fine.

I mean
I first used a random alphabet that I made, then put a random number in between each of the characters of the main string, then put it through again

I'd probably just put it through once if it's for a game

If it's too hard and the risk/reward is too low, no one's going to care

Hey @cold fossil!

!paste

of course it doesn't like a .txt file

That's how you'd upload

https://paste.pythondiscord.com/ohoqarehor.py
this is the final product
I am going to put the alphabet somewhere in dialogue that it will look like something glitched or something similar
and the shift will be there too

Really depends on how it's executed. Also, I don't think this is #cybersecurity related

true

if you don't use it for anything secure, a caesar cyper is okay - and rewarding for a player who investigates it.
Not too hard to figure out, especially if you know what to search on google (many free in-web tools to decipher them)
but sb who has no idea what it could be won't find out.

It is not secure at all. If you want something secure, don't use SHA1, don't use MD5 - they are both crackable fast enough. Use SHA2 or better, salted, async keys, stuff like that.
No sec expert, you would need to do research on that yourself.

Double rot13 is uncrackable in under 4 quintillion years

Double rot13 is uncrackable in under 4 quintillion years
( That's a joke for anyone reading )

not true! I encrypted with double rot13 once, and my wife was able to read it just by looking at it. Granted she's a cryptography expert, but still.

Didn't have to use a pencil and paper or anything

wow that's hardcore

In that case I'd recommend quadruple rot13. Even with a quantum computer, it's estimated to take more than the lifetime of the universe to decode.

The extra two layers harden it to every cryptographic technique we have

Guys, can you please stop writing all your messages in double rot13. It's making them really hard for me to understand

Bx, oeb. V fgbccrq. Ab ceboyrz.

hunter2 hunter2

I found a website that might be vulnerable to SQL injection, but I don't have any previous experiences. is there anyone who's experienced and might would like to help me through it?

please ping me if you'd like to join me

@analog light I'm assuming you don't have permission to be testing the website's security

!rule 5

if you believe you have found a vulnerability, it is in your best interests to contact the webmaster or system administrator and responsibly disclose it to them

yeah but I can't report it if im not sure if its vulnerable or not

If you have a reason to think it might be then you can tell them

Does anyone have a basic SYN DoS script?

we tend to not share scripts here which are malicious.

Does someone have an idea how this word is encrypted ?

"Mvgtd"

It means "Bravo"

if it's not just a Caesar cipher, no

probably just a substition cipher or something?

you could probably come up with a lot of ciphers that would do that

I think the technical term here is: you don't have enough ciphertext

Well it was just a part of the text

Here is the entire text : "Mvgtd Em Hrfbocbx Keqprgq Tlb Pvmixc. Tgksep Yt."

@olive lark @thorn obsidian I just knew the meaning of the first word

beats me, I am not a codebreaker

No worry, I was just curious X)

...
Mvgtd Em Hrfbocbx Keqprgq Tlb Pvmixc. Tgksep Yt.
Bravo xx xxxxxxxx xxxxxax xxx xrxxxx. xaxxxx xv.
That's all I got, based on what you've given

It looks like a basic substitution cipher

Though, if the last letter is truly a v, it might consist of multiple substitutions.

Which, if that's the case, someone may have been reading my take on the Zodiac cipher: https://gist.github.com/Lvl4Sword/310c63f3c6d00accc1a8678eed65d5dd 😄

don't think it's a simple substitution

dictionary-based crackers didn't seem to fare well

Which makes me believe it's multiple substitutions

@thorn obsidian How did you got that ?

@candid coral Well, we already knew what converted Bravo, so I went through all that was there

For example, t = v

Which if the last letters are Yt, and that's supposed to equal something, and then a v...

How many words are two letters long, and end in a v?

Unless it's latin ( and even then? ), I can't think of anything.

Which is why it could be multiple substitutions

But again, I could be totally wrong. 😄

I think there is something to do with the vegenere subsitution

or something like that

Thank you all ! @thorn obsidian @thorn obsidian @olive lark

No problem? I'm not sure I was much help 😄

... ?

Which hash algorithm do you prefer?

Depends, what for?

Passwords?

yes

argon2

https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html

what the heck

never heard of that

It's specifically designed to be used for passwords

Rather easy package to use too

how about sha1?

from passlib.hash import argon2

# generate new salt, hash password
h = argon2.hash("password")

print(h)
'$argon2i$v=19$m=512,t=2,p=2$aI2R0hpDyLm3ltLa+1/rvQ$LqPKjd6n8yniKtAithoR7A'

# the same, but with an explicit number of rounds
print(argon2.using(rounds=4).hash("password"))
'$argon2i$v=19$m=512,t=4,p=2$eM+ZMyYkpDRGaI3xXmuNcQ$c5DeJg3eb5dskVt1mDdxfw'

# verify password
print(argon2.verify("password", h))
True

print(argon2.verify("wrong", h))
False

SHA1 is trash and should not be used for passwords

but one is new

https://en.wikipedia.org/wiki/SHA-1#Attacks

maybe there are zero day

You're free to check out https://en.wikipedia.org/wiki/Argon2 if you're concerned about that

Also,

Argon2 is relatively new compared to other password hash algorithms, having started life in 2013, and thus may still harbor some undiscovered issues. That said, it’s one of very few which were designed explicitly with password hashing in mind; and draws strongly on the lessons of the algorithms before it. As of the release of Passlib 1.7, it has no known major security issues.

Emphasis on very is theirs in https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html#security-issues

https://github.com/P-H-C/phc-winner-argon2 is also a thing you can check out as well 😄

Anyway, I'm off to sleep!

sweet dream

The Wikipedia article claims that the cryptanalysts believe it is broken when less than 10 passes are used

@torpid marsh only for Argon2i

other versions don't suffer from this

ah fair

you should be using id anyways

i and d just by themselves are for special use cases

don't see how this is related to security, but

>>> url = 'https://api.github.com/some/endpoint'
>>> headers = {'user-agent': 'my-app/0.0.1'}

>>> r = requests.get(url, headers=headers)

as is explained in the docs

https://requests.readthedocs.io/en/master/user/quickstart/

Hello, does someone know how these codes are encrypted ?

enM4SDBESWx1MGlkYjJnSXk4dG5ENlhRUA==
R3hZWm9hMEdjZ2JMcnFnZUZDRW8=

equal signs at the end are usually padding for base64

however, base64 is simply encoding, not encryption

the resulting strings zs8H0DIlu0idb2gIy8tnD6XQP and GxYZoa0GcgbLrqgeFCEo can be anything

Thank you very much ! @thorn obsidian

👍 not sure i was very helpful but sure

It was REALLY helpful, I hadn’t any clue

Wait so how do you know what base it is? Just the number of '=' signs at the end?

@warped hemlock I honestly don't, but base64 is by far the most popular of these types of encoding due to it fitting in the ASCII range. The equal signs at the end are a peculiarity of how base64 works and are a telltale sign

it also decoded into a valid ASCII string itself, which is also a strong indication that that's the encoding used

can anyone suggest me on how to get started and learn CTFs?

Just go to CTF sites

imo, OverTheWire is pretty good for first timers

@native pier

@warped hemlock thanks!

Glad I could help

@native pier picoctf is also great for newbies

and there are loads of writeups to help you when you get stuck

+1 for both overthewire and picoctf

Lol

you might be interested in hackthebox as well, if you want more CTF-styled challenges

but htb is a bit more advanced if you're not going to get the subscription

but if you do then you can practice the retired machines that are easier

aye, but you can always spin up a retired machine which has writeups for it available which you can consult whenever you get stuck

or, actually, was retired machines a VIP-only thing? I can't remember

Yeah retired is only VIP

ah, shame

'tis

@rak1507#1964 thanks!

How does one detect routers with nmap? Aside from your own

detect routers? As in, IP addresses?

Yes. How to differentiate between regular devices ip's and router ip's. Is this possible?

I'd assume that if you ran traceroute, any IP apart from the first and last is a router

🤷

I thought it wouldnt be that simple but if thats the case then thats great. Thank you @olive lark

caveat: I know very little about networking 🙂

lol

@unkempt thorn are you looking for specifically routers or just devices connected to a network?

Specifically routers @warped hemlock

yeah then idk

With saying Aside from your own, I'm not sure if this is something we should be giving assistance on

"list, tuple and dictionary"? Can you explain what you mean by this

You're supposed to look up the algorithms and implement them with Python

Generally, we don't help with homework assignments

!rule 5

oo shit my bad : )

telemetry disabling tool

https://github.com/10se1ucgo/DisableWinTracking

RSA-250 has been factored! https://phys.org/news/2020-03-cryptographic.html

Better way to disable windows tracking: https://github.com/Disassembler0/Win10-Initial-Setup-Script

does anyone wanna be my friend and teach me a little bit about how to find the operating system of a ip?

@clear summit

Depends what OS you have, Windows >search > type cmd > in the terminal type ipconfig > you'll see ipv4 and that's your ip, while the default gateway is the router ip

If you're using linux > go to terminal > command line > type sudo ifconfig (if you're using a non root user that has sudo privs) > again it's the ipv4 of your connection.

2048 binary bits on the wall, 2048 bits, factor 829 down, pass them around, 1219 bits left on the wall

during a security review Which? magazine commissioned of a Ford car the researchers believe they've found a Ford manufacturing plant WiFi key saved in the uhhh....

dash system?

it's not ICE (in car entertainment) anymore, is it

"In Vehicle Infotainment", IVI.

fuck sake industry. stop trying to sound like jerks.

what if i needed to find the all the ipconfig information with someone elses ip address? @austere fjord

So you want to scan someone else's ip?

Just use nmap

But if you really want to get the exact information of ipconfig on another ip then you need a reverse shell

@clear summit Are you trying to find their ip our their default gateway?

well im trying to find the os of my friends computer to help him and we only have his ip address

@clear summit the ipconfig information doesn't matter because of NAT, network address translation

ohhh

everyone uses the same private IP addresses

ok

wait is it a public or private ip

IPV4 addresses were running out they used NAT to start translating public IP address into private ones and everyone uses the same private LAN ones like 192.168.1.1 etc

ipfconfig

shows private IP

which means nothing

Ik that

oh ok

Im asking if he has his friend's public ip

so how do i find the os using his public ip address

nmap

yeah

do i need kali linux to get nmap? or can i just download it?

kali linux is good

you can download it on anything

oh alirhgt

what are you wanting to do exactly?

It's not necessary to download a whole OS for one program

lol yea

there is a router between you and your friend's computer. you're not going to be able to OS identify through NAT

yeah but if you want to learn more kali linux is the way to go

might as well

alright

@lusty flare yeah router OS

Some would say Parrot but it's pretty much Kali Lite

also i don't recommend Kali and would suggest learning the tools on a case by case basis. any tutorial that works on Kali should be fellowable on another OS

^^

@lusty flare I disagree

if you're gonna use Kali run it in a VM

oh alirght

then we can agree to disagree

:3

@clear summit is this a one time thing or are you actually learning?

Ok I think misty got the point 😆

@lusty flare router OS's are important haha well nvm logins are usually admin anyway

LOL

so all the information i can learn from someones public ip address using nmap is all just information about their router?

yes

in general

ohhhh

ok

@clear summit what is your end goal?

OS of the device

^^

@clear summit I mean are you trying to learn more about it?

yessir

@clear summit I highly recommend starting kali linux

there's other stuff that are related

oh alright

such as packet sniffing on wireshark etc

i recommend starting on stuff like over the wire or some CTF's tbh

oh ok

https://overthewire.org/wargames/

Just go to tryhackme

That's easier and more helpful

ok

OvertheWire is more of a place to practice

@clear summit you should get a virtual machine if you have windows. then isntall kali linux on the virtual machine

oh alright

thats a good idea

I think we're scaring him/her/them

LOL nonono

its all very good information

also

lol

if your'e going to do nmap scans etc

ye?

VPNs, proxies. Stunneling

🙂

alright

hehe

Stuneneling?

also: you probably shouldn't be doing nmap scans on public IP's without the end users permission

your ISP also might not like that behaviour

just a heads up

sir yes sir

@warped hemlock yeah TLS encryped proxy

in some countries it's also potentially illegal

ISP might not bat an eye

thinking it's regular traffic

can your isp see through stunneling?

o

or they could terminate your contract under a malicious use clause

no

you know, swings and roundabouts

thats true

but advising people to "use proxies" to avoid that stuff is probably not great steve

VPN > Stunnel > Tor is the way I'd do it

There's no privacy 😔

lmao alright

true

proxies suck anyway fucking slow af

@clear summit Don't do anything dumb though ahah

which means read read read stuff

@austere fjord yes sir

yes sir

Yes sir

@clear summit you can practice on your own router btw

try cracking it

oh alright

But wireless attacks need an external wireless (forgot the name of the thing)

dongle?

yes

yes

oh yes

alfa wifi

is a good one

One of the best

ohh

I feel like we just telling everything

Do you have any questions?

true

lol

this is probably too much in one sitting haha

kinda +_+

LOL

I'm actually fairly new, started 6 months ago.

trying to get into python now.

what about you guys?

10-15 years

Casually flexes

damn

do you keep learning new things or is it more mastering the same concepts?

I do keep learning -- it keeps changing out from under me! async gaaaah

there's also mastering the same concepts -- I have a colletion of toy programs, suitable for beginners, and I'm always making little tweaks to 'em. Mostly for readability

you're in cybersecurity?

nah

just a backend web service developer

i've been interested in cybersecurity as a hobby for about 12 years or so

and i've worked as a sys / net admin for 3

Look at you all with so much experience

amazing

doing ctf's for fun isn't really that much experience :p

what's ctf?

Capture the flag

doing sec as a hobby has been useful in sys / net admin job though

Cluss Ter Fook

lol

you've got a target device or devices and you've got to figure out how to attack them to obtain flags

usually in the form of a key

interesting

so just challenges

yeah. so you'll download and run a VM that'll be all setup / pre-loaded with the challenge

cool simulated game kind of thing

must get boring though same shit maybe?

what do you think being a pen tester must be like

fun

lol no

because it's a business

Thats the people who click right?

like any other business

repeat and grow

or twist them if they're those funky ones

and I assume they mess about with ink cartridges and nibs for fountains

oh charles

(i'm sorry, I didn't realise I was clicked onto an on-topic channel)

has cybersecurity been in demand?

is it increasing?

i'm pretty confident the majority of pen testing is running the same bunch of scripts against targets to see what comes out and then writing a massive report about it

yes

and what is the reason?

it is a booming market

the reasoning being we're finally making people take security seriously with laws

well, one of them

yeah

the penalties are astounding

20k per PII

something like that

At my university cyber sec degrees are more popular than all the other computing degrees combined. So there are definitely a lot of junior people in the market. I do however get the feeling that whats more in demand is actual experienced, more rounded individuals

^

I see what have they learned?

some security professionals never start as security professionals

as broad a statement as that is

I know, i definitely did not

lol

because quite often having some other skillset is pretty darn important

yes but like what?

say a network or systems admin with experience

There's an ethical hacking unit which basically just teaches them how to use a bunch of common tools - the kind of stuff you get in Kali. There's tonnes of GDPR and legal stuff, some amount of reverse engineeringy bits

or if you're dealing with some other types of security, say reverse engineering stuff, maybe you want a really good c developer or something

and a cyber security course isn't particularly going to give people that level of skill set

c developer, is python going to cut it?

sure.

python is pretty popular in sec

cool

But C is going to better in my imo

i'm doing python cybersecurity and machine learning next.

i'm not sure i'd like to work in pen testing. i'd imagine you end up writing the same shit a lot.

i guess that's what templating is for.

lol

was cybersecurity always popular or this a recent thing?

the importance and depth of security has grown as technology has become more a part of our daily lives.

it wasn't a big deal if your windows 95 computer directly connect to the internet over a modem got bricked by someone

maybe some documents

I see

now everything is there

bank accounts etc

exactly

yeah

would you guys do an internship to get your foot in the door?

how does it work

where I work, an internship is just a temporary job, but if you do well, you're pretty much guaranteed a full-time position at the end of it

am I going to learn anything though

where I work? You'll learn so much you won't have space to hold it all

damn

so internships are useful

more than you ever bargained for, Son!!

well I've only worked with ... maybe 3 guys who started as interns. It was useful for them 🙂

yeah real world knowledge would be cool

are there places like colleges or something where you could just go and watch them?

get involved as a volunteer although taht must be a liability?

I suspect you're not going to learn much real-world stuff in college

you'll learn something, and some of it will be useful

but I'm kinda prejudiced against college

I wouldn't go to college

I'd go to their department and talk to a professor

Why's that?

I did, but consider it to have been a mistake

and just sit in etc

college is a waste of tme

@austere fjord you should definitely try it, since it won't cost you anytyhing.

if you're learning; great. If not, do something else.

But you learn something don't you from college

true would big companies allow a volunteer?

sure you learn some stuff

and some of that is actually useful

@warped hemlock nothing you can't learn on your own for free and faster

but is it worth four years and a lifetime of debt? 🤷

the CCNA cost me $350 bucks lol and 3 months of study

I did it for fun.

I couldn't believe no prereqs

ha I used to work for a company that taught CCNA courses

haha

it was painful though those 3 months omfg

I know zip about networks, but that stuff sounded awfully difficult

yeah it was tedious...subnetting

and vlans...the commands etc

if you're good that that kinda thing, there's jobs-aplenty

yeah still trying to figure it out, I'm more of an entrepreneur.

delving into this for possible expansion.

what else is there to do with the quarantine though haha, how are you guys holding up?

not so terrible honestly

my wife and I "go to work" every day around 8; we sit at our desk and do our thing

we get outside and talk a walk every day

lotta online meetings

sounds nice actually

she loves it 🙂

also the cat like having us around

when talking abt nmap and differnet protocols what does it mean that an application is listenng

?

It just means it's waiting for connection on that port

o ok thx

So if an application is listening on port 80 then it's essentially waiting for another application to make a connection on port 80

y is the app waiting for another one to establish a connection

Well what is a connection? What does it require?

The communication between two nodes

mhm

You cant have a connection with yourself 😆

so its essentially waiting for the server to conect to the port?

It doesnt have to be a server

but yes

ok thx

np

@austere fjord

VPN > Stunnel > Tor is the way I'd do it
Why, though?

@thorn obsidian Nested VPN >Stunnel>
Tor

the 2nd VPN client would be from the virtual machine from the 1st VPN host

That's an incredibly high level of unnecessary

the S tunnel provides TLS encryption so ISPs might overlook it as normal traffic

yeah the TOR part may be unnecessary actually

What's the threat model in all of this?

Throw all that on top of TAILS 😆

well we gotta consider latency

so I'll get rid of TOR

@warped hemlock Except, Tails by default is Tor

Ah yes

nested VPN and S tunnel

and I'm good

@austere fjord Again, what's the threat model here? Why would you have all of this to begin with?

if done properly

Complete privacy

jk

anoninimity and also ISP doesn't know you're using a VPN

Im just messing around

haha

Do you think its possible to obtain true privacy?

Well, if that's the case, you could easily SSH out to a VPS and then VPN from there

No need for all of this other stuff

Ok I consider SSH and VPN with equal points

[message redacted]

Edit: I thought SSH was more secure VPNs. Please correct me if Im wrong

I don't have proof one way or the other on that

Ok then I retract...

There's no need to delete your message.

VPNs could be faulty so I guess you're right

I'm still learning.

I feel that unsubstantiated claims must be redacted to stop the spread of false information

@warped hemlock Having a discussion and breaking down misinformation is a good idea too 😄

@austere fjord So you say VPN. Is this something you paid for or is this something you've made yourself?

Very well

I ask, because with Mullvad being in Sweden, the new law passed requires them to log.
NordVPN also recently had a leak as well. Lemme grab some links, one sec

Mullvad's PR: https://mullvad.net/en/help/swedish-legislation/ ( though I don't buy their spin on it )
NordVPN POST request leak: https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/

yeah VPNs unreliable, that's why nested VPNs. but still SSH definitely more secure.

Why nested VPNs? Then you have multiple points of failure.

distribute insecurities

they don't fail at the same time

you can have multiple VPNs ready

as backups

That sounds like Tor but bulkier and taxing

you can script it

easily

I'll probably make this program haha

Tor is great for onion sites, but it's not something to recommend for daily browsing.

as a project

call it inception

lolll

lol I mean you can try

@thorn obsidian Did you watch all of Mr. Robot?

I did, but that'd be off-topic for #cybersecurity

I think its very appropriate

me too

We can keep it security based I guess. @warped hemlock you saw all of it too?

Of course

hell yeah

who was your favorite character?

How is that security based?

not sure was just curious.

trying to implement that level of "anonymity" will end up making you more traceable and you'll shoot yourself in the foot

not with S tunnel

which gives you TLS encryptino

makes you look like web traffic 🙂

you're right otherwise

I'm not sure you understand how TLS works

yeah I probably don't

your ISP will still notice you're only connecting to one server

which doesn't happen with regular web usage

I'll take a look into it though

wait explain that

With web traffic, you connect to each web server and have a separate TLS session for each one

There's also SNI (https://en.wikipedia.org/wiki/Server_Name_Indication )

the ISP only notices your traffic in transit what are you talking about.

with a tunnel, you're only connecting to one server

Your ISP can still see what servers you're connecting to dog

there's no way around that without tunneling it all through one server

they can see you're using a VPN yeah

but not if you're S tunneling dawg

which defeats your whoel point of "ISP doesn't know I'm using VPN"

@austere fjord How would S tunneling fix that?

That's not what S tunnel does or even aims to provide

hold up hold up

I'm very aware of what Stunnel is and what it does

what kind of traffic uses SSL??

web traffic

right?

you're missing the point

am i right?

or wrong?

it doesn't matter what encryption proto you use

so if the ISP sees SSL encryptin

what does it think it is?

VPN????

@austere fjord Do you know how SNI works?

That's NOT how ISPs identify VPNs bro

You're sending the domain name of the website you're wanting to go to in plaintext.

I'm still new I'm just "wrapping" my head around this lol

wait

Your ISP will see that you are tunneling data through one endpoint. It doesn't give a rats bum what the underlying data or method of encryption is

In fact unless your ISP performs deep packet inspection (which they don't for performance purposes unless you live in a country with internet censorship), they don't even know what encryption schema you're using

Stunnel is not even designed for anonymity

how does ISP identify encrypted vs. non enrypted data then?

Why would it do that?

hypothetically "incentivized" to

Then they would need to perform DPI, like I said

ISPs generally want the switching and routing of packets to be as fast as possible, which means eliminating any sort of overhead

In a perfect world, yes. But let's not forget the following:
https://www.eff.org/nsa-spying

I'm also interested in hearing what your plans for actually using Stunnel are, as it has to be implemented both on the client and the server side

ISPs generally want the switching and routing of packets to be as fast as possible, which means eliminating any sort of overhead
@thorn obsidian So why not pass it off as TLS or SSL encrypted data

?

Not sure what you're saying

I don't get what you're saying

@austere fjord They were referring to Deep Packet Inspection

@thorn obsidian first of all I have not written a thesis on Stunnels...yet

but when I have...i'll get that report over to ya

well, you have to keep in mind

but you have brought up a question for me

with Deep packet inspection what is it that gives the ISP a clue that it's Stunneled

stunnel was designed for applications which don't encrypt their communications by default (think legacy shit). It shims between the connections on both the client and the server side: any communication coming from application A first goes through stunnel shim A, which encrypts it and sends it to stunnel shim B, which in turn decrypts it and forwards it to application B

and vice versa

it does not do what you think it does at all

my question is this

if I wanted to put it past an ISP that I was using "web traffic" data but was actually using VPN, could it in laymen terms "sneak one by them"

if it's a no please explain

1. it would have to be on port 443. Anything else would arise suspicion
2. the IP you're connecting to has to reverse-resolve to an actual domain name. Anything else would arise suspicion
3. to the ISP, it would still seem like you only ever visit one site ever and spend massive amounts of time/data communicating with that web server, which will arise suspicion

1. 443 Https exactly

2. hold on kind of agree
3. not sure about this one

what do you mean visiting one site only...ISPs don't get to see under the encryption

you're talking about destination IP ok

your ISP will always know if you're using a VPN. There's simply no way around this. C&C engineers have been trying to "hide traffic in plain sight" for years and they're still not very good at it

Steve

I've been trying to tell this to you

TLS does not encrypt your entire traffic

You establish a TLS session with each website you visit separately

Your ISP still sees the IPs of the web servers you connect to regardless of whether TLS is present or not

yeah I can see that. still I think it's better than just having a VPN out in the open.

It's really not. Getting a server in a datacentre and country you trust and setting up Wireguard is far, far better

or, well, two.

yeah but we have think about time and resources, latency, experience, all of it together

you can't just go for the most secure route unless it's most efficient, time and resources

how is my solution not the most efficient? Latency will be far better than what you're suggesting, it takes less time to set up, and requires practically 0 experience as opposed to your suggestion

hmm

I'll have to look into this

how long have you been learning?

or in the field

well I got my BSc in ethical hacking & cybersec last year and have been working as a hacker / security expert since then

but i've been doing security as a hobby for nearly a decade now

that's awesome

wish I had been doing it on the side

I've been hitting it pretty hard though. I love it.

that's good to hear

I still think S tunneling is a good idea, even with it's disadvantages

lol

@thorn obsidian @thorn obsidian does the SSH > VPS or VPN method help against traffic correlation attacks?

and is multiplexing ever done properly?

Sorry for ping but how you started doing hacking, where you learned it and how you practiced it? @thorn obsidian

YouTube, Books, Try hack me, over the wire, hack the box (more for practicing)

ohh i heard for hack the box

hello

@thorn obsidian @thorn obsidian does the SSH > VPS or VPN method help against traffic correlation attacks?
@austere fjord unless you control a fuckload of VPSs, no.

sorry for the ping, Scott

Sorry for ping but how you started doing hacking, where you learned it and how you practiced it? @thorn obsidian
@stark mason I started off with console hacking, interestingly enough. Free games was enough of a motivator for me when I was a kid

natural progression from there.

was looking particularly buff after the Wii phase

really hard to hack with motion controllers

Oh free games maybe is enough motivation for me

But are you doing it only in python or in other languages

As well

@thorn obsidian ok thank you

Quick question about port forwarding, for example 127.0.0.1:55555 can you forward to a different numbered port on the remote host i.e. 44444 or does it go through port 55555 on the remote host first and then get to 44444. Probably a dumb question.

Thank you.

not too sure I understand your question @austere fjord, but you can "port forward" from any host/port to any host/port

there's nothing too special about port forwarding - it's just a rule: "any packets I receive on port X, forward to host Y port Z"

and vice versa

ok yes that answered my question

I thought there may be a process where ports have to match up

first

but port X can connect to port Y

@thorn obsidian was there anything you realized or learned that set you apart from other cybersecurity guys along the way?

port x can connect to port y, yes

PAT, port address translation.

loads of traffic on the internet while in transit is not the port you'd think it is

@lusty flare Thanks

@thorn obsidian was there anything you realized or learned that set you apart from other cybersecurity guys along the way?
@austere fjord sorry, somehow missed this message. I don't know if I'd say I'm somehow set apart from others in my field. Guess I just have a natural knack for it & it suits my "method of logic" so to speak

https://itm4n.github.io/windows-server-netman-dll-hijacking/

bahahaha

privesc to SYSTEM on any windows server since 2008R2

on demand, no reboot

wot

oooh, the thing microsoft said wasn't a thing

in a set attack

hwo do u get the victim to get to that webpage for example

that u added to the victim's dns cache

/\ this sounds illegal

unethical, surely

@ xx You're alright 👍

What should I use to generate salts for password hashes? I know that they should be different and long every time the user changes the password. But I'm not sure what to use to generate it. I'm using Bcrypt.generate_password_hash(f'{plaintext_pw}{salt}') This is what I'm thinking I will do once I figure out where the salt will come from.

Ideas?

@thorn obsidian

https://en.wikipedia.org/wiki/Argon2

It looks like bcrypt already incorporates this salting... I just wonder where it gets the salt from. I'll look into that Argon2 as it sounds more modern.

I have a question guys.

I am confused.

so I have a portable router that I use at home to get connection for my laptop

and then I have my desktop computer that's hooked up to my main router

I did this just to compartmentalize my dekstop and laptop.

however I'm still able to SSH using the ip address that's not in the same subnet. I think it has to do with the portable router connecting to the main network.

how am I able to ping and SSH into my desktop kali linux with totally different subnetted IP

traceroute will tell you what it hops through to get to your destination IP

from my laptop

it's just going through the mini router default gateway

also, using different subnets doesn't protect against anything unless you combine it with VLANs or other sort of client isolation

No I like that it's happening

but it was a surprise to me

I know my mini router is hooking into the main router wifi network

well, your local PC goes "idunno how to route this, so I'm just sending this to the default gateway", which in turn goes "i know where this is" and everything works as expected

ok so I shut off SSH

on both sides

I can ping my desktop kali from the laptop, but cannot ping my laptop from desktop.

192.168.1.22 (desktop) > 10.10.10.2 (laptop)

why am I able to ping the desktop with my laptop?

Just don't put your public ip

haha i know

destination port unreachable.

I think I figured it out. Implicit denial on firewall, there aren't any INPUT rules set, even for ICMP.

@thorn obsidian

What should I use to generate salts for password hashes?
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html

That way you aren't handling them yourself

Thanks. What made me think that I was missing steps was https://crackstation.net/hashing-security.htm
But it makes sense that they would incorporate the whole process into easier to use functions. I guess people used to have to do it manually. I remember reading that I should have a place for the salt in my database and I realized I didn't and thought I needed to upgrade my approach. I will at least switch from bcrypt to argon2 then

On July 10, 2011, an attacker with access to DigiNotar's systems issued a wildcard certificate for Google

What does generating a ssl certificate for google mean?
is it for *.google.com?
if so why is it a problem?
(i am talking about https://en.wikipedia.org/wiki/DigiNotar#Issuance_of_fraudulent_certificates)

What does generating a SSL certificate for Google mean?
SSL certificates are used to enable secure HTTP (HTTPS). You have to 'generate' the certificates, and you generate a certificate for a specific domain.

Also, there are different types of certs, but it's possible to generate a wildcard certificate, eg. *.example.com. So this will match against any subdomain of example.com.

But why is it a problem?
Isn't Google the only one who can use [something].google.com

Isn't Google the only one who can use [something].google.com
I would think so, hence why whoever could do it could end up spoofing Google.

https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

so the iranian hackers had a signed cert for *.google.com ,
registered a website with a domain like example.google.com
and got mitm?

I believe something like that.

can anyone confirm?

furthermore: what stops me from using for example google certificate
on my website?

Hmm I think nothing is stopping you but browsers will show it as not valid

They will say it doesn't match the domain

so i can copy google's cert to my site, but it won't match the domain right?

the dns name

Well I'm not sure

This is a bit out of my league 😅

if what i said is true, what is this a problem?

On July 10, 2011, an attacker with access to DigiNotar's systems issued a wildcard certificate for Google

What does generating a ssl certificate for google mean?
is it for *.google.com?
if so why is it a problem?
(i am talking about https://en.wikipedia.org/wiki/DigiNotar#Issuance_of_fraudulent_certificates)

im so confused

Can you even use it without the private key?

im not sure...

You and me both

I'd be interested to know

ill try researching again

Your web browser comes installed with the public keys of all of the major certificate authorities. It uses this public key to verify that the web server's certificate was indeed signed by the trusted certificate authority.
but how??

how does it verify

what does verifying mean really

i get that the browsers have public key of real CA

but what does "signing with a private key" mean,
and how can the public key confirm it?

@tall haven have a look at this amazing conversation
https://i.imgur.com/5T2fJsG.png

lol its 2:30 am so im going to sleep. I recommend you and everyone have a look at it its fantastic

the way asymmetric encryption works i think

is that if you sign something with your private key, the signature can be verified by someone with the public key(pre installed in browser)

so something being signed proves that the person signing it has access to the private keys and you can assume that they are who they say they are

so i think when the certiifcate authority got hacked and then the hackers issued * ssl certificates, the hackers merely used diginotars private key to sign their own certificates for google

so that they could perform a MITM against google and the victim wouldnt know because their browser say that certificate as valid because it the key it was signed with corresponded with the public key of the CA

i think that is what you were asking

Can anyone explain what's going on here?

>>> from random import randint, choice
>>> from string import ascii_letters
>>> from argon2 import PasswordHasher
>>> pw = PasswordHasher()
>>> for i in range(10):
...     hash = pw.hash("".join(choice(ascii_letters) for x in range(randint(4,9))))
...     print(len(hash), " - ", hash)
... 
77  -  $argon2id$v=19$m=102400,t=2,p=8$szQqiKIHAGKew8fMBNfvUA$/MJ3SHaaBv9QeE48pzMQQA
77  -  $argon2id$v=19$m=102400,t=2,p=8$eeFsUYPNmevfbdptMEngKg$oc9RErb2nvFMCiNLjyD6yg
77  -  $argon2id$v=19$m=102400,t=2,p=8$Q5vLi5Ytr1l1tTgPfw4qeA$Sql1qy9hS6IrkqGVCCAohQ
77  -  $argon2id$v=19$m=102400,t=2,p=8$3Gzdep2JWBC9RDGB47w13w$+Jtu8G6xofXjKBA/HR9F8w
77  -  $argon2id$v=19$m=102400,t=2,p=8$9DpoUQ6kqNB04QibPY8Gig$DJ38Ab3x0txBiwgqpR3LTA
77  -  $argon2id$v=19$m=102400,t=2,p=8$u5dtVMeiaf+FIxbr1nDsHA$Q92rwkezcCJCI3RaHfOK8g
77  -  $argon2id$v=19$m=102400,t=2,p=8$WM6yQbF9FOXjcY+cxxZzsA$OEGZ9PiEYrbHPxNKzXrh+g
77  -  $argon2id$v=19$m=102400,t=2,p=8$54bXHudY6/8j52nval6wUg$J1eUHj8hroiJK552UEpL9Q
77  -  $argon2id$v=19$m=102400,t=2,p=8$K1hQHikh6d491PKxHrP37A$qpS5LX6Opek1QzPnhMh8Cw
77  -  $argon2id$v=19$m=102400,t=2,p=8$51TjtMSuNNz0+AgJ+K2JwA$sazyAcv8gBkohl7rX9BQXA

What are all those values that seem to be the same?

https://en.wikipedia.org/wiki/Argon2 looks like the version (v), memory (m), iterations (t), and parallelism (p) for the algorithm

Why would they store that info in the hash?

But why is it a problem?
Isn't Google the only one who can use [something].google.com
@mental mirage It's mostly a MITM concern. Attackers replace Google's cert with their own (for which they have the private keys, meaning they can decrypt or modify data) in transit, and browsers will happily accept it as it is signed by a trusted CA (DigiNotar in this case)

so i can copy google's cert to my site, but it won't match the domain right?
@mental mirage That, and the fact that you lack Google cert's private keys, meaning that you can't decrypt any data sent to you

I don't think you can even initialise a session without the private key since TLS v1.2 iirc

@thorn obsidian
just to clarify,
the attacker has a cert signed for *.google.com,
and the attacker also has a signed cert for himself, say bad.website.com

So when a victim trying to connect to maps.google.com what does the attacker do?

the attacker does not need a cert for himself other than the google wildcard cert

when a victim connects to maps.google.com through a piece of equiment that the attacker controls (your classic MITM scenario), the attacker can then create the TLS session with the victim, so the attacker can decrypt data and pass it on to the real maps.google.com (or vice versa), or serve their own maps.google.com (such as a "Sign into your Google account to use Maps" page)

and the user would have no way of knowing

you could do this with a certificate regardless, but if it's not signed by a trusted CA (such as DigiNotar), the victim's browser would give a red error page and perhaps not even let the user proceed

so the attacker generated a certificate for maps.google.com but signed for their public key and signed by DigiNotar?

i think i got it

so the hacker's problem is that he can use google's cert any time, but it won't have
the public key of the hacker. right?

so when DIgiNotar generated a certificate for the hackers,
They generated it for example for maps.google.com but for the attacker's set of public and private keys

So now a victim tries to access maps.google.com, an attacker creates a ssl
session with the victim, and a seperate session with real maps.google.com,

He gives the victim his certificate and his set of public/private keys,
and forwards messages between the real maps.google.com and the victim,
but decrypts and encrypts them in the way?

pretty much yeah

Is this DNS MITM?

not necessarily

well kinda

the attacker can just sit in between and decrypt the data, and the victim goes to
maps.google.com, but attacker decrypt then encrypts it half-way

it doesn't require DNS MITM

DNS just tells that [domain] resolves to [ip]. Even if the IP legitimately belongs to a Google server, the attacker can reroute the traffic regardless

DNS MITM would be an alternative - if the attacker is not in control of the network flow, it can use a highjacked DNS to point to their own IP, but this is harder to achieve in practice

A lot of the certificate generation issues would have been alleviated if https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning wasn't removed ( https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Criticism_and_decline )

But it was considered complicated, so was scrapped.

not necessarily complicated, but it had issues due to its base design

Hey all, i did a mistake. I send code of discord bot that was my token there. I will have a problem now? What can i do in this case

deactivate the token ASAP

I don't know how but I assume it's easy

ok i will find it

i think with regenerate token is fine

i didn't see something with deactivate

"regenerate" sounds fine

they must have a FAQ on "what do I do if my token is exposed"

Regenerate is the thing you need

It will deactivate the old key and generate a new one

Thanks!

hey, I'm trying to track malware using COVID as a vector, (EG, fake zoom/skype apps, spearphishing "free COVID test", "Work from home during COVID")
Does anyone know any news sources/communities that would help?

has anyone read Black Hat Python?

can anyone give me a review of it?

I haven't read it, but I've heard a lot of good things about it. I do think it's using Python 2, though, and you should be aware of that.

oh thats good, Thank you!

@native pier BHP was good at the time, but rather dated now

apart from python2, some of the techniques used there have been replaced with more modern ones

@thorn obsidian so can you recommend a new book?

I'm not really a book guy, sorry

@thorn obsidian np, thanks!

Any recommendations for hashing strings in Python?

using it for FIM so the easiest implementation is probably secure enough

I'd see if cryptography has the sort of hash algorithm you want

there is no #cryptography channel

so um

the cryptography

@glossy basalt I meant the library -- https://pypi.org/project/cryptography/

oooh I see what you mean