#cybersecurity

It's old but still it is personal

You should be under the impression it's been compromised

Is there any security professional over here I really want to start learning cybersecurity field given that would be my majors in university

I wondered what is best practice when checking file extension is in whitelist. The last extension or any extension? (consider a filename such as mypic.png.fr)

last extension @carmine wraith, but you shouldn't rely on extensions at all

they're just a naming convention and checking them provides no real security

instead, you should try to check the file's mime type

if you're serving files via a web server, you should also try to identify what that web server thinks the file's mime type is (a lot of static content serving web servers are file extension agnostic)

Thanks xx.

I wonder why owasp suggests a whitelist, if extensions can be faked. Source: https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload I will have to read further I guess.

@carmine wraith an extension whitelist is good to have regardless, but you shouldn't rely solely on it

Oh right, I see what u mean. Thanks.

https://www.theregister.co.uk/2020/05/14/zerodium_ios_flaws/

"We will NOT be acquiring any new Apple iOS LPE [local privilege escalation], Safari RCE [remote code execution], or sandbox escapes for the next two to three months due to a high number of submissions related to these vectors,"

"iOS Security is fucked," said Zerodium's founder Chaouki Bekrar via Twitter. "Only [Pointer Authentication Codes] and non-persistence are holding it from going to zero...but we're seeing many exploits bypassing PAC, and there are a few persistence exploits (0days) working with all iPhones/iPads. Let's hope iOS 14 will be better."

pretty good

but i'm not sure how trustworthy zerodium is in general

i've seen some criticism of the statement in further reading

bit of pot / pan banging type thing

does anyone know what X-PX means, like if an item in a request header was called X-PX-AUTHORIZATION?

headers that begin with X- are unofficial, meaning the "w3 conosortium" hasn't produced a spec that defines them

PX might be an abbreviation for the name of the site you're talking to.

@thorn obsidian

thank you

@thorn obsidian specifically, PX stands for PerimeterX https://www.perimeterx.com/

they use that header in their software

Huh, stumbled upon something interesting but I need more information.
Supposedly the ribbons on typewriters can be used to get a history of everything typed on the device.
All the information I can find about this is going into either conspiracy territory, or is otherwise a one-off blog.
I'm interested if this is true.

https://www.nsa.gov/Portals/70/documents/news-features/declassified-documents/friedman-documents/panel-committee-board/FOLDER_380/41764259080338.pdf Page 8/18, last paragraph has

HOW DESTROYED -- CONFIDENTIAL material and classified waste (notes, drafts, type, typewriter ribbons (when used only once), carbons, plates, stencils, exposed film (developed or undeveloped), and other material used in the preparation of finished documented or material) will be destroyed in a manner authorized for TOP SECRET, except that no record of destruction or witnessing officer is required.
which the typewritter ribbons (when used only once) part is intriguing.

Mind you, this document is also "Current as of 25 January 1955", according to the front page of that PDF.

i suppose it'd depend on the length of the document

but i'm not sure how you'd reverse that information

maybe it's just excessive paranoia

TOP SECRET material will be stored in a safe, steel file cabinet, or other steel container having a built-in three-position dial type~combination lock and of such weight, size, construction, or installation as to minimize possibility of physical theft or damage or tampering.

awwwww

3 position combo lock?

how cute. :D

there's a book by Lawrence Fennelly called "Effective Physical Security" that contains some stuff about it

published 2003.

ahhh, that's the 3rd edition.

took a break but i'm researching typewriters again

thanks @thorn obsidian

:|

Rotation of the axles moves the ribbon or tape after each impact and usually aids in maintaining tension along the roughly straight-line path of the medium between the axles.

so a typewriter ribbon after first use would have some imprint on it

and be easily decipherable, if you could.

each additional use would reduce clarity

there's kind of a parallel to recovering data from magnetic information on a hdd

has anyone ever had to deal with generating akamai cookies?

hi there is someone here?

yes.

yes

I was looking at the BlueBorne PoC today. It's from 2017. It seems like most have patched it. I might try to get my hands on a device that I could test it on, just because Ive never done anything like that before. But the only one I have that I think is outdated enough to play with it on in a Kindle Fire.

There was an individual the other day that came in that had a device that had a security patch level of... May 2017? if I remember correctly

haha, Im sure tons of people are outdated. But yeah, none of my devices are vulnerable. Im basically asking my friends for old Androids so I can try it.

I will have to figure out how to modify the PoC which specifically targets Google Pixel Android smartphone running version 7.1.2 with Security Patch Level July or August 2017

But it says you can modify the PoC for other devices.

Hi, before distribuation a script, just need to convert in exe or encrypt and after confert in .exe ?

why convert it?

Does anyone have a good resource where I can read about how to not fuck up CSRF stuff? I'm currently trying to set up a rest api that will be consumed by a mobile app, and I get the feeling I'm doing something wrong - but I'd really like to just read about CSRF stuff in general to wrap my head around it

what framework you using?

it might have some built-in?

beyond that, you might want to check out the OWASP cheatsheet

https://cheatsheetseries.owasp.org/

I'm just using Flask

That seems to have what I want in it - thanks

So, I am a newb and I don't pretend not to be. I am trying to not be afraid of being a jackass in order to learn, and sometimes that means putting myself out there and requring strong correction.

I wrote an article... I think it makes sense.

I would appreciate if anyone would tell me if it doesnt.

https://virufac.github.io/2020/05/client-side-user-input/

meat, leet, street = attrs = j['attr1'], j['attr2'], j['attr3'] causes an unhandled keyerror if any of those attrs are missing (which they seem to be in the example json)
if not honesty == 1 and not honesty == -1: - i'd use if not (A or B) here, is a bit easier to read than not A and not B
other than that, seems ok to me - if you don't count the fact that you probably want the sum of each stat to be < pool_max or whatever, but that's nitpicking

good job

Yeah you're right about, and I also need to total them and make sure all the points got spent. And yeah, I renamed the values in the actual code and forgot to change them in the markdown write up

@thorn obsidian you should also maybe mention a strong schema validator library, such as cerberus

https://docs.python-cerberus.org/en/stable/

ah cool, thanks. This is kinda what I meant by I need someone to make sure im doing it right. I'll learn it and update it.

yeah, it automates a lot of things you currently do manually

like checking the min/max for values

https://docs.python-cerberus.org/en/stable/validation-rules.html#min-max

etc

nice.

What's the difference between Cerberus and Marshmallow?

@thorn obsidian I'm not too familiar with Marshmallow, we use Cerberus at work so I'm more familiar with that, but it seems like they do about the same thing, but go about it in a different manner

Cerberus schemas seem to be more portable, as they're just json structures, but Marshmallow seems to require it to be.. how to say

"hard-coded"?

which isn't an issue if you're working with just Python

on the other hand, marshmallow also provides serialization/deserialization, while Cerberus strictly deals with validation

which is a relatively mixed bag - depends on your project's needs

hey @thorn obsidian

Hey bisk

did you see my little rant about the typewriter thing?

scrolls up

The there's kind of a parallel to recovering data from magnetic information on a hdd?

Yeah, I had seen that. Wasn't sure what to add

it does seem like you could recover it from a single use

Took you down a rabbit hole it sounds like lol

i want a typewriter now

but all the fucking hipsters have them

I mean, how many people are going to come into your house and be disgusted of your typewriter?

me, and that's enough :(

lol

they're pretty cheap atm

i couldn't find any direct evidence someone had done the recovery thing before and i'm curious to see if it's actually workable

I imagine it's the same as writing on pieces of paper using the same desk over and over again

the ol' pencil shading trick

Or, rather, typewriters would be worse. Because you aren't exactly applying heavy pressure when you write.

old mechanical ones kind of required some force

hmmm....

Well I mean, when you write on a piece of paper

shhhhh, trying to make bad financial decisions here

i think this is actually a torture device

I'm not liking the dust on that screw in the lower left

Maintenance must be hell

it is from the 1920s

can you hook it up as a tty

you'd need some kind of pneumatic actuators or something to press the keys

i wonder what baud rate you'd have to limit it to to prevent key jam

Why check MIME type (request.content_type?) for a file upload if it can’t be sent through POST without enctype=multipart/form-data?

?

not sure i understand the question

Sorry. I'm confused about this. I'll try come up with a better question.

When I asked on Friday about checking file extensions, you mentioned I should check MIME type also. I think MIME type is given by the content_type header. Someone said, files can’t be uploaded without setting enctype=multipart/form-data in the HTML, so MIME type will always be multipart/form-data?
Also on https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
under ‘“Content-Type” Header Validation’, it mentions text/plain.. which has me confused.

the file mime type and the request content types are different things

generally, with form uploads, the request also includes the file mime type

which is generated automatically by the browser which made the request

this can be modified, and shouldn't be trusted

because your web server, when serving that file, will try to sniff the mime type again

and that may differ from what the user supplied with the request

so, say, you upload a php file named flower.png%00.php and specify the mime type as image/png - your server checks the file extension (stops reading after nullbyte, so it sees .png as the extension) and the mime type, which all match - and the file is uploaded successfully

you then access the file again - the webserver sees that it's a php file, and serves it as a php script

Thanks so much for explanation.

Does Ethernet (wired) support packet injection by default?

because when i try to inject like RadioTap
messages on win10

it doesnt work

but then when i go on kali and airmon-ng start wlan0
it works

on wired connections you have the added issue of switches

traffic is only routed out ports if it's for you

im talking about packet injection

not capture

you're still having to go through a switch

<@&267629731250176001>

well that's quite inappropriate

yhe googled translated that, wtf

!tempmute 538734662357614602 3d the message you've sent is very inappropriate and should not be in this server. this server is also an english-speaking community, so please keep discussion in english. make sure to reread our code of conduct and rules before speaking here again.

:incoming_envelope: :ok_hand: applied mute to @wanton oracle until 2020-05-21 19:15 (2 days and 23 hours).

wew. glad i caught that.

<_<

Does Ethernet (wired) support packet injection by default?
@mental mirage What do you mean with injection? You can spoof any package, if you construct it a certain way and there are no security measures in place, such as reverse path filtering and the like

However, if you spoof the sender, you will never get a reply on the device you've sent the data from

is there a module to encode/decode data in formats like binary, hex, etc?

@grave roost perhaps binascii does what you seek

Ok

from Mozilla docs, on tab jacking, what not to do:
target="_blank" without rel="noreferrer" and rel="noopener"

Does this intend that the anchor tag should have two rel attributes or more like rel="noreferrer noopener"

Also, how irresponsible is it to use target="_blank" if you test that these links are rel marked?

@mental mirage What do you mean with injection? You can spoof any package, if you construct it a certain way and there are no security measures in place, such as reverse path filtering and the like
@fossil halo

i mean that for example when i use Scapy to forge any packet and send it, it works.
but when i try the same with a WNIC it does not (for manage frames)

@mental mirage It really depends on how you forge them. They need a valid destination. And you need to try and use standard networking vernacular, because what you say is hard to understand. There is no such thing as a wnic (I guess wireless?) and what "for manage frames" means I have no idea.

WINC is wireless interface controller/card

and management frames

@fossil halo

user = input("enter you name: ")

target = (user +" Uou have been ded")

Hello, can someone help me implementing a "login with discord" with fastapi?

what is an example of relative read in C/C++ code leading to an information leak using pointers or shared_ptr ? (bypassing aslr stack)

Any good books for ethical hacking and security?

Huh

I dont get it

Why does the FBI want to check someones history

I'm pretty sure they arent looking for people who watch a sin

Lmao

And no criminal organisation would put anything on the clear web

right so...

there is a history of the FBI doing this

Hello !
im struggling to find a source that will tell me that i am vulnerable to a port scan, i know what it is its just i dont know when it will be used
id really appreciate the help!

okay, FBI thing on hold for a second...

do you have any port forwarding rules set up?

all a port scan is is someone sending some packets at your router on a bunch of ports to see if they're open or not

everyone is "vulnerable" to a port scan, as it's a process for determining what ports are / aren't open on a device.

port scanning is just a method of information gathering.

alright so everyone is vulnerable to it, appreciate the help bisk

as an example of how it might be used

say you have a target and you want to find out what services they are running.

by running a port scan you see they've got port 21, 22, 80 and 443 open.

this tells us that they're running a public facing FTP server, SSH server and web server.

from there, you could start to formulate a method of "attack"

would it be used on someone who uses a VPN to work from home, this person uses this VPN to connect to his work server

nope.

why not tho ?

since the person on the VPN is connecting out of their network on whatever port the VPN uses

the person doesn't need to open their port.

since they're going out of their network.

only incoming connections really require open ports.

ahh alright that crosses out that possible vulnerability

I need to get a bunch for a scenario

tbh we have never even touched network security before so im learning all i can

you might want to look up NAT

Network Address Translation

and Ingress vs Egress traffic

i have found some usefull source

but ill take a look at those tahnk you very much !

if i find more ill ask em here !

you seem to know your stuff

i'm okay at the networking stuff. :)

MMMM

pressing X to doubt

https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos

so this channel has a lot of indepth videos for a specific router / firewall OS called pfsense

but chunks of the videos can contain some very general knowledge.

they're very boring videos though

some are

but eh what am i going to do , cant just skip this one

you think some would be vulnerable to a war dialler tho ? a person working from home

lol no

okay and that is just more proof that i need to do more research

war dailling is just mass ringing phone numbers

but isnt it used to spot out vulnerable networks ?

like fax machines and modems

you could find maybe fax machines on a phone number, which could be an attack vector

those could be entry points right ?

maybe if someone's living in the 1990's you could find a modem.

but again, it's dialling phone numbers and seeing if it gets a response.

okay so im guessing my source is a bit out dated

so a script that just churns through a list of possible phone numbers in an area code and logs if the phone line is active

wardialling was a problem back in the old days, not so much now.

this sucks they expect us to list all these vulnerabilities with out the knowledge of what they are XD

i suppose the modern equivalent is probably IP / Port scanning the internet.

there's software out there that given a good enough connection can scan the entire IPv4 range of the internet and find out if hosts are up or not.

and what ports they device may have open

http://index-of.es/
you have a place similar to this by any chance its literally just a big collection of stuff

alot of stuff there are abit out of date

not really tbh

i feel like all the info i need is there it just takes for ever to get anything

i think it might be better to find the information the other way around

so perhaps try to google about modern techniques for penetration testing, for example, and then go look up the details of them

get a broad overview of stuff and then dig into the nuts and bolts.

rather than wading through papers while not sure what to look for.

Hi

hello

Which country are you from?

South africa XD

ok

why?

Good

nothing

well your an odd one

not to be mean

Yes, I think so

Do you know how to find a group here to learn English?

well you could always find a group via google

just google discord english group

@thorn obsidian not to be rude but i think this is the wrong place to ask that

yes

Yes, I'm sorry, but I'm also learning python

this is a security related channel. perhaps one of the offtopics would be a better place. :)

Hello.
I'm setting up my vps to act as a server for a very simple chat app I'm developing. The clients would connect to the ip address and we could then send messages. But for that I think I would have to configure the firewall to accept requests? And how will it know the difference between a potential attack to my server or just packets being sent? What security vulnerabilites will I be facing?

@quasi steppe we seem to have the same work put out for us

@quasi steppe First of all, work with tcp

^

UDP allows for some nasty fuckery, such as amplification attacks

and yes, you'll have to open up a port in the firewall to let traffic in.

Yes, I'm sending the messages via tcp

The last line in any firewall should be from any deny any

Which closes your system to anything

then you allow communication on the ports you actually need, for INCOMING traffic

default deny 👌

in terms of attacks, that entirely depends on what is sat on the server

Generally,,you don't need to worry about ddos and such, the datacenter hosting the vps should take care of that

Sounds nice, but would that port then be vulnerable? Let's say the ip of the server gets leaked, what could be the worse to happen.

there's no such thing as "leaking" an IP

ip gets leaked

your IP is known

ips are public by design

they're public IP addresses

yeah

how else would your clients connect to you

yeah right lol

yes, it can be used to send you forged packages and make you forward traffic, but that is why you make sure ip forwarding is off in your OS

and since the IP is known, the host can be scanned so the port is known too.

On Linux, IP forwarding is off by default, but always check

you might want to look up "linux server hardening" or some such

there'll be some kernel config tweaks to turn a lot of nasties off.

but only ports running services can be abused for anything

I see

a VPS provider should do that by default these days, but you never know

at the software level you'll probably want to authenticate and encrypt the traffic too

from your app

How do they usually defend against ddos attacks?

@quasi steppe There are a lot of techniques as there are many techniques of ddos attacks

a very common one, because it's easy to do is SYN flood, but that is easy to defend against

i'd be surprised if a VPS provider didn't protect against a syn flood

anything else you need specialized hardware for and is done by the data center

or at least should

Also make sure block private IP from leaking out of your vps

haha

Right, appreciate the help.

getting grouchy at your customers there scorch? ;)

You'd be surprised how often the answer to abuse tickets regarding private ip is "But those are private IP why do you know about this traffic?"

what are they even trying to do in those situations?

guess they're just fucking shit up

Often it's vpn tunnels going down and the server sending requests to the internal network into the public one

And lack of understanding networking. Like, if they use 10.0.0.0/8, they think they cannot block that on the external interface because it won't work for vpn internal network anymore

stuff like that

i need some help finding more vulnerabilities for the scenario or a source that will teach me the basics that may help me spot them myself

A person who works from home uses a VPN, previosly only a select few could access it. The VPN runs from one of the company's servers this is also the gateway. This server also runs a proxy server and the network firewall

also ill be watching dem vids Bisk uwu

So an end-to-site vpn

yup

so far the things i had previously seemed to be either dead wrong or out dated

like war dialling being a vulnerability

Haven't heard that term since the 90's

i blame the book i learnt from XD

i found it on a sketchy website

Some people still use it, but mean net scanning

like nmap 0.0.0.0/0

masscan is the new tool.

but anyway, whats the question regarding the vpn?

risks, i suppose.

exercise

i need to spot 5 vulnerabilities and 3 threats

The weak spot is always the employees computer

and a counter measure

so encrypt the shit out of it

use think pads with thumb scanning

I already said that one, i know some people wont use proper anti malwarre

another vulnerability could be out of date VPN software on the server.

How so ?

there are still loads of VPN servers out there that are unpatched and vulnerable to attack

Would google dorking be one ?

Also, the vpn server shouldn't be used for anything else

it's probably best to use a dedicated router for that

or a server that only does vpn and routing

nothing else

i mean googling shit isn't a "vulnerability"

But leaks to google are right ?

what leaks?

what can be an issue is ipv6 and dns leaking

if you are super secretive

if your company does not offer a dns service, any visited website will pop up on that persons used dns

with their home ip as the source

ah yeah

good point, DNS should run through the VPN tunnel.

and i'm not sure what you mean by "google leaks" either

tunnel should also offer ipv6 or ipv6 disabled

google just indexes public information

it also logs search terms

uhm i watched a video on google dorking

so a dork employee googling "how to document super secret weapon" could be an issue

this dude was basically googling log files

and found usernames and even passwords

that pertains mostly to github I'd wager

just putting your servers log into google won't make it pop up on another persons search

fair enough

it needs to be hosted somewhere

im no pro at this ive only been at network security for a 2 days now XD

it's all just hot water

i like mellow water ;-;

Another one: Don't use passwords for vpn, use certificates and have each employee use their own that is registered

so 1 vul would be the server being used for multiple things
another would be employees using the VPN for something else

personal computers should be a no-no

yeah i agree there

could a unauthorised access attack be possible ?

due to the ammount of people that work on the proxy server

dictionary attacks on passwords

and lack of administration

It's a bit more tricky with vpn as you need to know the IKE settings

But that's why I suggested certificates

or hardware fido keys that supply the password

ill add certufucates as a countermeasure

btw scorch i really appreciate the help

That little thing is the access token to most of my IT

at home 😉

costs 15 bucks

wow

that the fido thingy right ?

im do all my work from an offline laptop XD

yeah that's a FIDO stick

here is another good one: If your company uses tablets or phones, suggest to containerize important apps

iw as about to ask about andriod devices connecting to the vpn and how could that be a vulnerability?

lots of android devices are wildly out of date / vulnerable.

so it'd be a user device security issue

Phones are locked down pretty tight, so company issed phones with vpn on and app that enforces vpn is a good idea, but the only malware I had on a phone was coming from a hijacked update server from the phone manufacturer

so, use containers

"Bring your own device" type environments are a headache

But thats the thing, i think in my scenario it is exactly that type of environment

yeah, so you can lump "user devices may be vulnerable / insecure" in one pot

make it company policy to forbid saving passwords in browsers

enforce the usage of keepassxc

and the auto-type feature

passwords should only be given out in person face to face and must be changed at once

how would a person find these if they dont follow those rules?

Any manager requesting passwords from emplyees needs to be fired on the spot

oh so phishing

that could be one vul

Some Browsers support server supplied rules on Windows, as in Domain policies

I think Firefox does

just forbid firefox to save passwords

https://support.mozilla.org/en-US/products/firefox-enterprise/policies-customization-enterprise/manage-settings-policy

if you use google suite or whatever the fuck they call it now and make people use chrome you can also control their browser settings when they're logged in with a work account

also a good idea

it's a pretty good way to get browser compliance in a company.

Oh this one often gets overlooked: For company wifi, use a RADIUS server

but that wont work here

cuz everyone is working from home right

we postin keys?

noice

you making me want to cut out my credit card chip so i can post a picture of something aswell XD

i've got a google titan key somewhere

not used it yet

been using a yubikey instead

make it company policy to forbid saving passwords in browsers
@fossil halo
What's so bad about Firefox saving passwords if you have the Master Password enabled? Like what's the difference to an external password manager

if an employee has all your shit on their home computer saved in browser

and they get phished and open something dumb

womp. womp.

Browser password managers are just insecure and master passwords are often not set or really simple

A keepass db can be secured properly

with hardware tokens or even key pairs

It can also easily be synced within company servers

We use Keepass at work and I have my own free nextcloud for work documents

as well as a team cloud

you know with the lockdown and ive been taking a closer look at the clouds i think because of less pollution and if you look closely you can see all the data (100000101010101001) in them

if an employee has all your shit on their home computer saved in browser
Wait why would an employee have my credentials saved

He meant theirs

Oh ok

Well rip Keepass only has official releases for Windows (and Wine)

keepassxc

bitwarden > all

no

You are uploading your passwords to a single point of failure you have no control over

one does not need a lot of brain to see how immensely stupid that is

bitwarden have option to not upload anything and store locally

beside its open source

i dont know about keeppass

but very likely closed

First of all, you are wrong

second, you are really wrong

lol how am i wrong?

Keepass and KeepassXC are open source

i dont know about keeppass

bitwarden still TOPS it easily.

then don't enter a discussion if you are incompetent to make a judgement

lol sure

unlike Bitwarden, neither Keepass and KeepassXC have a financial interest

bitwarden is 100% open source

That is not an argument

it is

aight keepass fanboy keep using it i dont really care, i bet you use chrome too

one has nothing to do with the other

no elitism @carmine wyvern.

I don't care if Google knows which porn sites I visit, fyi mostly xnxx.com. Besides, Google is most transparent company when it comes to data they have about you, everything they record can be downloaded, even things you say to Google Assistent

Not even MS is that transparent

nobody asked what porn site you visit bruh

I am making a point

just because google is "better" than MS doesnt mean its good .. at all

I didn't say that. I am saying that there are different priorities to be set

Another point is, that Bitwarden holds second factor authentication hostage to payment.

I wouldn't trust a company that is doing that

what?

I wouldn't trust a company that is doing that
@fossil halo trust and dont trust whatever you want man

bitwarden > keepass

and thats facts

It's an opinion, not fact

it is a fact;.

And you have yet to present a single argument, all you spew around is subtle insults and "bruh it's open source"

If you look at this, FIDO is held hostage to payment

just another feature free with Keepass & XC

whats FIDO? if you mean 2FA its free

@carmine wyvern I already told you to stop the elitism. "[x] > [y]" with no substantial arguments is elitism

elitism?

Using Google Authenticator or whatever isn't secure, it is a second password. Nothing else. FIDO keys are offline hardware tokens that cannot be intercepted and are therefore more secure than 2fa

"I use [x]. That means [x] trumps everything else"

saying bitwarden > keepass is "elitism" now?

If you've got anything to back that up, then feel free to contribute that and make this a somewhat constructive discussion

if not, then yes, it is elitism

i mean if you can't back it up with objective fact then it's just bullshit filling up my screen.

And you have yet to present a single argument, all you spew around is subtle insults and "bruh it's open source"
@fossil halo my argument is that its not only "bruh open source" but 100%. fyi other "open source" password managers are not 100% open and have some closed source stuff here and there

doesn't even have to be elitism.

beside it has all the features you need

doesn't have the features i need as an MSP.

but neither does keepass

fyi other "open source" password managers [..] have some closed source stuff here and there

That is objectively wrong

👍

some closed source stuff here and there

????

any sources to back this up

links, lines of code, anything?

because otherwise this smells like a whole load of horseshit to me

i dont have any as of right now but i remember i saw it

i remember i saw a pig fly once.

i heard a loud bang before hand

because otherwise this smells like a whole load of horseshit to me
@thorn obsidian you sound like you lowkey browse 4chan think chrome tops everything and goes flow > flow < flow

but i swear it was flying

@lusty flare Spider pig?

xx works in security magician.

lol

alright i wont argue

use keepass its better.. for you

if you're happy with it use it i dont really care at all

since it's subjective

but bitwarden >>> keepass and thats facts 🙂

my entire office (all pentesters and other security experts) uses keepassxc

again, that's your opinion dude. stop saying it's a fact.

99% of people use chrome too it must be the best

again, that's your opinion dude. stop saying it's a fact.
@lusty flare hahaha alright man

no, most use firefox here

jump in a bin

and roll yourself down a hill

thanks.

k

99% of people use chrome too it must be the best
@carmine wyvern Someone can make the conscious decision to not give a shit if google knows how much I am addicted to Reddit or Twitter. That does not mean that person is misinformed or stupid.

besides i use edge.

it's better

no im just saying just because alot of people use something doesnt mean its best

lol

fact.

@lusty flare #madlads

besides i use edge.
@lusty flare nice

the key word was "security experts" in my example (which can be considered anecdotal, I admit, but still a valid example)

more valid than his.

¯_(ツ)_/¯

hey @lusty flare lets be friends

please

hush with the bullshit and that'll be a good start fella.

:)

yes

https://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/

hmmmm

another DNS amplification attack

quelle surprise

Just reject incoming udp without making a request

or even better, set up a dns cache in your company or on your server farm

only one system to worry about

fortunately i don't run any dns servers

bisk is a meanie doesnt wanna friend me, bitwarden user

how is this related to security?

please keep off-topic chat in the off-topic section

https://www.theregister.co.uk/2020/05/20/trend_accused_microsoft_cheating/

hah

Trend Micro cheating WHQL tests

if it detects it's on a test bed it allocates no-exec non-paged memory

if it doesn't, it allocates exec non-paged

for a kern driver that's pretty fucking awful

The awful part is that it seems to work

trend?

never used it, but i remember a customer having problems with it and some online bank they used.

was weird.

And with that headline I expected some deep seeded racism 😛

The Register are very tongue in cheek ;)

how is this related to security?
@thorn obsidian hes security god it is related to security

https://www.theregister.co.uk/2020/05/19/easyjet_hack_9million_2000_credit_cards/

womp womp. glad i use ryan air.

wonder what that fine is going to be.

https://www.wired.co.uk/article/ico-data-protection-coronavirus

that also isn't good.

ICO isn't responding to Freedom of Information requests or, apparently, applying Data Protection laws.

hello,wow its nice to see other people that is interested in security too 😁

do u guys know other than this discord server for example other websites that have this type of convos with people abt security,just trying to widened my knowledge abt this topic 😁

do you guys have any good tips for starting to learn cyber security? It's been really interesting me in the last few days and I think that if I learn it I can actually benefit a lot from it and also help many people so I was wondering how I could start because it all seems really interesting, learning about the internet and how it all works, and finding stuff in codes, exploits, fixing them and using them, it all seems really cool and a fun subject to learn

like I never understand the stuff like DNS, Gateway, TCP and all the stuff

everything related to that subject just seems really fun and interesting

I'm just not really sure where I can learn about it

or do you guys have tips for keywords that I can search to find?

a big chunk of what you mentioned was just "networking"

which is an entire topic in its own right

but there's bound to be some "fundamentals of networking" courses / videos / articles out there

it's a good thing to have a grasp on for learning security

thanks a lot mate!

in general having a decent grasp of networking fundamentals is good for anyone looking to up their IT skills :)

Hello

I am looking for the best way to execute untrusted python code in a sandbox. This is my usecase. The untrusted code should not use os primitive, should not accees to the file system, and should not import module. The untrusted code could only make some transformation on data which be given in the local context and use a predefined set of python modules. What is the best practice to do this ? If possible I would keep this OS agnostic (so no docker, no vm, etc...)

I found this https://restrictedpython.readthedocs.io/en/latest/ but I don't understand yet what "is not a sandbox system" means and implies

I don't know if I am on the proper channel to ask about that. Am not ?

@thorn obsidian have you taken a look at our own solution we use for !eval, called snekbox?

https://github.com/python-discord/snekbox

it uses Docker though, but I'm a bit confused on what you mean by "more OS agnostic"

I'd argue docker is what makes it OS agnostic, as you can run the container anywhere

Thanks @thorn obsidian

I am looking this

feel free to play around with !e in #bot-commands

Yes docker is related to Linux so If I want run my application on BSD I don't have it

ah ok it is the sandbox used here for bot-commands

this is is interesting because it's a standalone app with a REST API so of course I could run it in its own system and call it for an evaluation from my main app

In my first idea I thought run the code directly in the main application. But why not from an external service. There is a cost to do that surely, but I could scale when needed.

thx anyyway

https://arstechnica.com/tech-policy/2020/05/just-turning-your-phone-on-qualifies-as-searching-it-court-rules/

does anyone know any good python hacking tutorial?

ping me if you do 😄

@glossy urchin As in Python itself? Do you know C?

no i dont

@thorn obsidian

I'm confused as to what your question is. Do you want to work on CPython itself, or are you asking a more general question of "How do I hack with Python?"

Because the latter we can't assist with here.

you know like when i search that in youtube i get lots of tutorials and ones using python and kali linux

so i wanted to know if theres any good tutorial on hacking with python

Then yes, you're asking the latter question of "How do I hack with Python?". That's not something we can assist with here.

ethical hacking?

where do i ask then?

is cpython just python with c's syntax?

@thorn obsidian CPython is the regular Python.

@glossy urchin You wouldn't. Considering there are 50,000+ people on the server, we can't assist with anything that could be used in a highly malicious context.

uh?

Even though you may not have that intention, it could be used in a questionable way.

okk

ill just search some yt suff

@thorn obsidian My impression was that we do help with understanding of networking knowledge

Hacking is a weird term that has a negative connotation, is used to signal the bread of a system, but really means programming 😛

But you cannot do security without knowing how to breach your own system

So something I ve been wondering about, if hacking is basically finding bugs and exploit them, doesn't this mean the hackers are better coders than the people that coded the system that is being hacked?

And there's no comment no explanation in the system whatsoever

No, they understand networking better

Someone programming a server software has maybe less knowledge of networking than the one breaching it

What about those PS4 hackers

that are crackers

not hackers

And the hackers that hack denovu

Wait wats the dif

I have a feeling that these terms have lost all meaning

Hacker, cracker, phreaker

those actually mean shit

Just people attacking systems on general probably?

Hacker is actually a positive term, USED BY OTHERS to appreciate SOMEONE ELSE

It means: This guy can program well

not: He stole my credit card

wow

@fossil halo Anything that can be used maliciously ( and is obvious in doing so ), isn't

@thorn obsidian I can use print maliciously

yeah ethical hackers are meant to find loopholes in a network

Can you?

So how could crackers do that

I don't understand

@fossil halo Also, I think you're misunderstanding

They were never part of the dev team

And the dev certainly knows the architecture better

So how could crackers do that
you mean pass crackers?

And with years of designing testing debugging and security measures

@old trail lol

@old trail https://www.youtube.com/watch?v=KopWe2ZpVQI watch this

what if its a wow he stole the credit card i stole and now your trying to steal it back and it creates this loop where a unbreakable bond is formed, that sounds pretty positive

Hacker is actually a positive term, USED BY OTHERS to appreciate SOMEONE ELSE
@fossil halo

It's from the German hackers of the CCC

im sorry if ive asked my question in the wrong place 😅

then come back and say that again with a straight face 😄

@ripe thunder Bad example, considering if someone stole your credit card, you get in contact with your bank, disable the card, and get a new one.

it was a joke

Not sure how they could have been interpreted as a joke.

Often, you don't even need a CC. My bank has a 35 cent fee on transactions. So by sending me about 10.000€ in cents via wire transfer, you could bancrupt me

are there any servers meant for python ethical hacking?

two hackers becoming friends by stealing each others credit cards

because ethical hackers ARE a big deal now

@glossy urchin Again, we can't assist you with this. You're free to ask about this in #community-meta as to why.

because ethical hackers ARE a big deal now
@glossy urchin they have always been a big deal

ik

@ripe thunder

two hackers becoming friends by stealing each others credit cards
That's called fraud

@glossy urchin Just ask the question

@old trail Haha let me just put my opinion in protecting your system is not just about debuging your code... your code can be completely fine in a sense just that things that your system depends on could provide a vulnerability...so you can have a team debugging code but you will see that on larger projects its going to be difficult to try to figure out all possible vulnerabilities that would be present as most are going to be just hidden from you. and the people that find these vulnerabilities do not have zero knowledge...they take time to analyze the script at at times its a oh he was looking at the right place at the right time... the only people that take advantage of these vulnerabilities while having zero-knowledge are "script kiddies" and the only reason they would know of this is because someone with a deeper understanding shared it publicly.... If you take a look at windows they try to protect against vulnerabilities through not making it public knowledge but then you have Ubuntu that has things public so they can catch onto it quicker.

We are not dismissing questions before we know them

@ripe thunder
That's called fraud
@thorn obsidian friendship

No, that's fraud.

but then is there any community that can help me with this legally

does anyone know any good python hacking tutorial?
@fossil halo this was my question

White hats could, as long as theres a legal way

What do you mean by hacking in this case?

pen testing

@glossy urchin people in the general channel gave you sources of legal sites

with my own network

@glossy urchin have you an understanding of networking?

yes

basically my own server

Do you know the layers and all headers?

but you keep on going on about just wanting to hack

not you know practising exploiting in someone elses network

as in, Ethernet frame, TCP headers, etc?

no

OSI Model is a good way to start

whats that

Google it, learn it, then move on to headers. Learn about Layer 2 Traffic, Layer 3, 4 etc

whoa

Because those are the real networking basics

Every idiot can have a server

sorry for being blunt

https://www.comptia.org/blog/the-comptia-cybersecurity-career-pathway-employable-skills-found-here

you know i meant a tutorial like this

https://www.youtube.com/watch?v=5sqye64-1-k

@glossy urchin https://en.wikipedia.org/wiki/OSI_model

You are not going to go from zero to hero with a YT video

but then i wanted to know if there are better options

ik

anyway thankss

ive learnt python so i wanted to do something interesting with what ive learnt

so i got curious when i knew about ethical hacking with python

till now ive built discord bots and learning web dev

It always depends on where you want to take it on, on a networking level or on a software level

you can be a Layer 7 tester, but the real networking happens L2-4

idk those stuff and what theyre

Again, OSI model. Learn it. It's important to understand it.

as i said im just a newbie interested in learning ethical hacking

It is the basic for all computing

and im just 15 lol

In order to have any real competence in "ethical hacking", it's necessary to have a strong fundamental understanding of the underlying concepts. Otherwise, you'll never really get anywhere.

@glossy urchin And I want to encourage you to start at the real starting point without taking shortcuts

We can't provide you specific advice since it's against the ToS (both for our server and Discord in general), but I can at least tell you that.

If you try to take shortcuts and only consider resources with "hacking" in the title, I can practically guarantee it won't be a very productive endeavor.

^

ok well as its against the tos here where else can i ask for more info?

yes ill learn those stuff

You can ask here about networking, how layers work etc

just don't ask how to breach your bank

Dude they gave you the starting point, to me you have no real interest in cybersecurity

hey what could happen if a server that runs the VPN and is the gateway and if this server runs a proxy server and the company's network firewall. Now i know that its bad practice and everywhere i look they always say dont do that, but why not ???

(this is simply something from yesterday i dont quite understand yet ;-;)

What do you mean with "runs a proxy"?

It shouldn't need an additional proxy server

@ripe thunder Are you talking about compartmentalization?

well they jsut say the server that runs the VPN also runs a proxy server

they
They who?

the question in my Network security assignment XD

What firewall are they running on premises then?

If their whole security is remote, I wouldn't want to work there...

"Due to the lockdowns, company ABC has decided to protect their business interest by requiring that every one of their employees work from home. To aid this, they have given everyone access to a VPN that they had running for some time, but which had been restricted to managers and authorised staff. The VPN runs from one of the company’s servers, specifically the one that functions as the company’s gateway. This server also runs a proxy server and the company’s network firewall"

heres the whole scenario

i cant tell u unfortunately

Ugh, these horrible university questions

i do feel like its very unclear

Yes, it is

yeah i know

Any server has a firewall, even if it is just a few iptables

liek they dont mention how they going to access these vpns

well not like we even had a proper lesson on servers

if you access something via VPN you always need a gateway for the traffic from the vpn

even if it is without Internet access

i dont think its a threat then idk its mby a grey area

tbh those things you gave me yesterday may be more than enough

@thin shoal so its luck

A gateway just tells the nic where to send traffic

i have been expanding quite abit on them

Lol

no its not luck...

but its so missleading like they use the word gate way asif they want you to use it for something

like its logical that it has those things

firewall, a gateway

so idk what to add tbhXD

The best way to do this would be to give every employee a router board, like from MikroTik as they are cheap, that initiates the VPN connection automatically. All they need to do is to plug it into an empty RJ45 socket on their home router and the laptop/pc to the mikrotik router

No credentials needed, everyone is safe.

The proxy server I'd scrap, if it is publicly available

if it is only available via VPN, I question the need for it

that sounds like a great countermeasure, but to what vulnerability ?

or threat

credentials leaking

alright

thank you that, FIDO sticks and certificates uwu

the proxy server could be for communication use

like keep in mind our uni is old and our questions just as old

for AI we learnt how to use CLIPS

thats how old....

@fossil halo i don't agree with that you need to know networking to be a good hacker. it helps, sure, but the best hackers in our office don't know jack shit about networking

@thorn obsidian As I said earlier, you can be a pen tester on Layer 7

i think that depends on what you want to hack

there are many fields

and some dont need all the tools

like a malware analysts may need to know more about networking than your average IT security analyst

You can even be a pen tester without knowing much about computing, because there is another threat that gets overlooked: social engineering

Befriending the admins, getting information that way

wipes sweat off forehead

jokes

but i think the more you know the more your capable of

if you know how data gets from point a to point b , you can control information

anyways scorcher, thanks a bunch for all your input

you have helped shape my document with information thats not from the 90's

eh you need to research waht I said, mind you

don't believe strangers on the internet

get sources, back it up

also could wardailing make a comeback via VoIP, well obviously XD

I can get things wrong too 😄

but you have given me direction

and i couldnt ask for more

but the mikrotik thing, we've done it in a job I had

Ill see if it was used anywhere else before

and what system it is exactly, if it is a system at all

https://mum.mikrotik.com/presentations/VN17/presentation_4102_1493726768.pdf

includes using certificates

thank u !

The mikrotik seems pretty cool

However I wouldn't trust a typical non-technical individual employee working from home to be able to set that up

Unless the device comes pre-provisioned with certs

@safe bear It's up to IT to prevision it, which is the point, so the user does not have the vpn credentials

just needs dhcp on the wan port and accept the ip from the home router, distribute dhcp on the other side and some routes to facilitate lan-lan-wan routing

it's also scriptable, so you can set it up to do pretty much anything really

we use mikrotiks at work also

👍

Cisco is pretty secure too

¬_¬

I'm going into cybersecurity anything I should know?

it involves writing lots of reports.

boring reports.

oh damn

im studying cs in september

computer science?

cybersecurity

cs = computer science

not cybersecurity

in common tongue anyway.

i think writing reports is fun

the few times i've had to do it after a breach i've enjoyed myself.

i love writing reports \o/

you could write a report or just

https://whythefuckwasibreached.com/

.>

The fucking industrial spies used that other vulnerability we were going to patch next tuesday to glimpse into our database.
But we have since made everyone promise to be super super careful, so it will never happen again.

i love this website

The fucking script kiddies used 0-day exploits to do something, but we aren't quite sure what it is.
But we have since worked with industry leading specialists, so it will never happen again

"the attack came from a highly sophisticated source who managed to gain access to one of our periphery databases. we're confident that no meaningful data was taken and are working with auditors to determine customer exposure."

XD

i once got one " a Russian cracker did something and we arent quite sure, but we hired a Russian so it will never happen again

they're quite funny

but read some actual breach announcements

they can be pretty funny and depressing

easyJet's statement on a recent breach:

tbh i used these to learn XD

like what do those attacks actually do?

and what would be the goal

"easyJet's IT system has been targeted by a highly sophisticated attacker. As soon as we became aware of the attack, we engaged forensic experts to investigate the issue and notified the National Cyber Security Centre.

I'm sorry to say that the investigation showed that a small number of customer booking details - name, travel destination, email address and credit card details - were accessed."

2000 credit card details

and 9 million customer details

this may sound stupid but how does a fido stick work ?
do you plug it in and you are now connected to your work place?

it's just an authentication method.

so like those bliz key thingys

idk what one of them is but probably.

have a simple diagram

okay so instead of asking for a password it asks you for your stick?

or both.

we use them as a 2FA method on top of passwords.

and are the passwords private or they machine generated ?

or managed by some software ?

i know its a weird one

mby abit too private

we don't use a password manager, no.

i actually have a meeting with a password manager company next week to see about becoming a reseller for their product

i see

so its not a bad idea to have one

or make use of one

it's a good practice, yeah.

we just have long complex passwords for our accounts instead.

alright cool i now have a counter measure for what could be social engineering

altough i guess it always is a threat

how do you mean a counter to social engineering?

well we have to name threats right , vulnerabilities that could be exploited

i see SE as something that can be exploited via

phishing or some other means

yes but if people are too dumb to not give out their passwords

you have much bigger problems with user education

2FA is specifically useful against credential stuffing / breached passwords.

since you can't login without the FIDO key

yeah so having a system where no one actually has control over their passwords and have to give something physical instead could be a countermeasure

it's still better to have two factors of authentication

rather than just one

yeah i suppose

if the FIDO key gets stolen, then someone would still have full access

2FA would mean you need to have the FIDO key and kidnap the person and threaten them with a $5 wrench

we'll tell them to be supper supper carefull so it wont ever happen

haahaahah

i saw this meme where it was what you think hacking is and what its like in reality

xkcd comic, not a meme

oh

lol

its the one with a spanner right?

https://xkcd.com - good source of tech / science lols

haha

i love this

credential stuffing can pretty much be avoided with 2FA

credential stuffing is where you get a massive list of email addresses / passwords from breaches and just try plugging them into stuff until it works.

even just having a google authenticator 2FA system you can stop that shit

ah so its similar to a dictionary attack ?

nah. it's using actual leaked data.

site gets hacked, email / password list gets dumped on the internet, take that list and try it on like... venmo or something

people reuse passwords all the time across multiple sites.

yeah ive been starting to change how i use passwords recently

you can find out if any of your email addresses have ever been in a breach using haveibeenpwned

https://haveibeenpwned.com/

yikes

no pastes tho

i think this may have happend when i was playing guildwars and lost my account

i built a little thing in python using the hibp api to scan the email addresses of all our customers and track new breaches they've been in.

fun little project and actually useful

sounds pretty nice

wow when those breaches happend on those games i played i didnt think much of them

luckily each thing i do has its own email adress

one thing i want to get back to in pyhton are my spider bots

those where fun to work with and probably the biggest thing ive done with python

Does FIDO stand for Fast ID online ?

yup

https://fidoalliance.org/overview/

I remember when I got the report that my info was found on the dark web by creditkarma was like ....

"darkweb scanning" is a big ol' marketing ploy

it's basically just haveibeenpwned with a price tag in a lot of cases

good if it's provided as a free service along side stuff though

hey frnds , what is best way for hack wpa2 without crack or handshake?

without hash cracking?

you'd have to be a bit more specific about what you mean and what your goal is

https://arse.ee/4HBs4nJM.png lol

@rough remnant "hack wpa2"? like the passphrase, or what?

i'm not sure he's talking about stage 3 handshake replays to nonce reset if that's what you're asking

¬_¬

Uh oh

i mean...

that's telemetry.

almost everything on the planet collects that type of data at this point.

plus you can opt out of it if you configure your privacy settings properly.

haha that xkcd comic

perhaps recording every program switched too is a bit of a stretch of "telemetry", sure.

and defaulting to opt-in is shitty.

I am looking at PyCryptodome, to encrypt and decrypt some string with ARC4. But I am not understanding the process documented here https://pycryptodome.readthedocs.io/en/latest/src/cipher/arc4.html
their example:

from Crypto.Cipher import ARC4
from Crypto.Hash import SHA
from Crypto.Random import get_random_bytes

key = b'Very long and confidential key'
nonce = get_random_bytes(16)
tempkey = SHA.new(key+nonce).digest()
cipher = ARC4.new(tempkey)
msg = nonce + cipher.encrypt(b'Open the pod bay doors, HAL')

and msg seems to be the encrypted byte string of the message to HAL

I was thinking then I would be able to use the same cipher object to decrypt the message, however I am getting a byte string I'm not sure what to do with as it does not decode into ascii, utf8, or latin-1.

clear = cipher.decrypt(msg)

Part of my problem may be caused by a weak understanding of encodings. Does anyone see my mistake?

@fast grove with each cipher operation (encrypt, decrypt) there is an internal counter which is incremented

as such, you can't use the same cipher object for encrypting and decrypting the same message

it works as expected if you separate the two

>>> from Crypto.Cipher import ARC4
>>> from Crypto.Hash import SHA
>>> from Crypto.Random import get_random_bytes
>>>
>>> key = b'Very long and confidential key'
>>> nonce = get_random_bytes(16)
>>> tempkey = SHA.new(key+nonce).digest()
>>>
>>> c1 = ARC4.new(tempkey)
>>> c2 = ARC4.new(tempkey)
>>>
>>> msg = nonce + c1.encrypt(b'Open the pod bay doors, HAL')
>>> clear = c2.decrypt(msg[len(nonce):])
>>>
>>> clear
b'Open the pod bay doors, HAL'

this is a characteristic of all stream ciphers - the states have to be synchronous

aaahh I was starting to think I needed to create a new cipher object. I will give that a shot. Thank you @thorn obsidian

also I really appreciate your use of [len(nonce):] I kept seeing [8:] any other magic numbers and was confused about what the number was for

that worked as you described for me, thank you again!

@fast grove aye, but this only really works in this scenario. In a real-world scenario, the nonce size would probably be predetermined, and you'd still see hardcoded magic numbers like that

or, well, it really depends on the key exchange implementation

ok yeah, in this example the nonce is 16 bytes, so the length is 16 right? my sanity check shows yes

my next task will be to decrypt some data that some other program encrypted so yes I will need to see what size nonce they used in addition to the key of course

plus you can opt out of it if you configure your privacy settings properly.
@lusty flare I mean most people are to lazy to change anything and that's how most data is collected

Which is the definition of dangerous defaults!

Hey guys, does anyone here have experience in the cybersecurity industry? I am trying to gain insights into transitioning to the cyber industry and I'm getting quite one sided opinions ,so I thought I should ask here and get this community's insights that will help me make a better decision about my career.

Guys is getting someone ip adress illegal?

getting it? no, shouldn't be

using it for malicious purposes? absolutely

blackmailing them? yes

😄

@mellow chasm I work as a pentester / hacker, what do you want to know?

@thorn obsidian About to go to sleep, can I dm in about 5 hours?

Thanks in advance :)

you only sleep for 5 hours? 🤔😄

I'll probably be asleep then as well

but feel free to DM me then regardless and I'll answer when I can

How do you even learn ro hack if everything is illegal :/

Well not everything. You can always test on your own equipment.

?

@signal kayak Did you have a question?

@thorn obsidian Yeah, so I was looking at cybersecurity and all the advice I can find is basically either do CTFs or do certifications(funny isn't it, a structured path for people who like to work around the structure), what are your thoughts on that?

That's what I've seen as well. Were you thinking of another way of doing it? You can always go off the beaten path and learn by yourself, but it always circles back to certifications and the like

I would really not recommend learning by yourself when it comes to cybersecurity. There are so many small pitfalls that you can miss and those might be really important when implementing a security system.

@candid idol Greatly depends on the person. https://cheatsheetseries.owasp.org/ is a great place to start

Sure having resources like that helps, but I wouldn't hire any self taught security specialist. Too risky since I don't know who guaranteed that he/she knows what he needs to know. He could have read that guide but forgotten about most of it. If the guy got a university diploma from a good university where it says he has taken X amount of credits in computer security it is less risky. If he's got professors that has explained to him in detail exactly how often you should replace your nonce, what libraries to use, and what practices to follow he will in most cases be a better security developer than some self taught fellow.

how often you should replace your nonce, what libraries to use, and what practices to follow he will in most cases be a better security developer than some self taught fellow.
What happens if those libraries become surpassed by something else?
What about if a well-known, well-audited system they use gets hacked? ( Salt stack issue not that long ago? )

It's also why I added it always circles back to certifications and the like. Considering any path you go, it's going to require some kind of certifications.

Doesn't really relate to the topic though

Sure it does, how wouldn't it?

They find exploits and bugs in libraries from time to time yeah, but if you had taken a university course in it recently chances are better that you would know about it.

And you would know which libraries are well audited, and which are not

chances are better that you would know about it.

Know about what exactly?

That it was recently hacked? That it was recently audited? Not sure what the it is here.

That there was an exploit

You don't need to go to university or even be certified to know that there was an exploit.

chances are better

What do you think they do at universities? They search for exploits and when an exploit gets discovered news spread like wildfire. less so to not-so-updated self taught fellas in the wild

What do you think they do at universities? They search for exploits
... Uh? No they don't. I'm not sure which univerisities you have in mind, but that's not the experience I've had.

Must not have been a great comp sci uni then. My uni spent most of their research hunting for bugs in various crypto implementations. It is a great way to get funding.

I can't think of any universities except things like MIT that do that.

Then I think the problem lies in your perception of universities. My uni was relatively unknown in the broad sense. Certainly not fancy like MIT. My university had a computer security research team that was pretty active but in all other aspects it was a common uni.

As I said, bounty hunting is a common way for computer security researchers to get funding. You get prize money from companies and organizations if you can find exploits in their implementations so a lot of researchers are competing for this.

For computer security researchers, sure. For entire universities? Probably less so.

Well if you have taken computer security at university chances are fairly high that there is a researcher giving the lectures.

Thus my opinion that you get much better understanding of how to implement security systems if you have taken courses in it at university level

upper undergrad or grad level

It might help, sure. But to say you get a much better understanding - I'm just not seeing it. There are numerous people I personally know that are a testament to that.

There are also numerous people I went to college with that didn't have the security state of mind that others did.

Anecdotal evidence
I am fairly certain if we have 100 people that are self taught, and 100 people that have passed in computer security courses from a respected university, then the percentage of them that would fuck up security system implementations would be higher in the self taught group.

from a respected university
How would you define that?

A university where computer security researches are giving classes in computer security

which I reckon is commonplace in most universities

I don't know, it seems like a strange argument to me regardless. I've seen many self-taught individuals who were amazing, and I've seen many individuals with degrees who were amazing. I've also seen the opposite in both.

I'm not refuting that. There exists variance in all populations. I am stating that the variance is greater between self taught people. If that was not the case we would not need universities at all.

A university degree would be essentially useless if the subject could be learned by yourself with the same level of quality

That's another argument altogether though. Can you not learn these things by youself, with the advent of the internet?

( BRB about 5-10 minutes )

Well let me phrase is like this then.
Sure you can become awesome at implementing security systems just by learning by yourself. But learning by yourself puts a larger strain on the individual to properly understand and adhere to all the concepts. This means that if we take a group of 100 random people and have them self learn, the percentage of them that does not properly understand everything is greater than if the same 100 people had been given university courses from a proper lecturer in the subject.

Sure you can have outliers, you might have people really passionate that learn really well by themselves, but they do not represent the norm.

So if you know 4 or 5 really good self taught developers. Then for each one of them there might be let us say 20 failed ones.
But for each good developer coming out of a good university, there might only be 10 failed ones.

Sure, that makes sense

Less risky for the employer to hire you if you got a degree, which means easier for you to get a job. That is why I don't recommend learning by yourself (only)

It really depends on the person. If you can see someone's Github/Gitlab/Bitbucket/etc and administer some kind of simple test that they know what they're talking about, I don't see why they should be limited by not having a degree.

Sure some places have stuff like that. However imo the amount of stuff that you would need to test for would quickly grow out of control. There are many many pitfalls when it comes to computer security, and it is also constantly changing.

Having a university degree or a certificate for that matter that is fairly recent is an easier solution imo. And I think many managers opt for this as well, instead of having costly and complicated recruiting processes.

I think that's where our opinions differ. I'd love to continue the conversation, but I have to be getting to sleep here.

Aight, let's pick it up some other time, gnight o/

An end to end platform should exist for cyber I believe

Something that gives both blue team and red team perspective for the same problem

@thorn obsidian

It's not just about practice, it's also about the quality of practice and perspective

@thorn obsidian Yeah, so I was looking at cybersecurity and all the advice I can find is basically either do CTFs or do certifications(funny isn't it, a structured path for people who like to work around the structure), what are your thoughts on that?
@mellow chasm well let me start this off by stating that I don't have any security-related certifications (only networking) and have never done a CTF in my life... at least, not before I started working here. All I have is my bachelor's in ethical hacking. So while it may be solid advice, it's not something I can really comment on. I think CTFs are good for practice purposes, but there's also options like HTB and OTW.

What does help is a portfolio. I keep a blog where I document most vulnerabilities I've found in my free time and written exploits for. I think it's the best way to show competence in the field - it shows you can identify vulnerabilities, abuse them in one manner or another, and write a structured report/write-up on the matter.

Sofrom what sites i can learn without paying?

Learn to hack

I have some older pc

That i can hack

@digital ermine afraid we won't be providing resources on learning how to hack here, even if you are doing it ethically people coming across this conversation may not be.

Oh okay

Hi do digital signatures need a shared key , private key or public key system , or all of em ?