I've experience in cyber security

A place to discuss online security
Post Reply
User avatar
grumpygrower
Posts: 189
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 102 times
Been thanked: 135 times
Status: Offline

I've experience in cyber security

Post by grumpygrower » Mon Sep 09, 2019 11:01 pm

Hi,

I've got some experience into cyber security. If you have any questions, fire away :ak: Like the previous posts say, it's all about operational security. Keeping data leakage to a minimum. The next part of this post is for the tin hat guys like myself :D

You can use TOR as well as a VPN to further obfuscate your identity. There's quite a lot of press out there saying TOR isn't secure but if you read between the lines and understand the technology, you'd see it's a lot more secure than people are lead to believe. The one thing you should really concern yourself about is your choice of browser. If I was going to attack a target, I'd attack the browser because if setup incorrectly, with a little shake, it will leak information about you. The old saying is why spend all your time banging down the walls when the from door is made of hay. If you're not technically minded, you can download the TOR bundle from the internet. I'm not sure about the links policy here so I won't post links to sites unless someone gives me the green light.

I'd suggest you use the TOR browser or FireFox as Chrome isn't as secure. On top of Firefox/TOR, there are some plugins you can use to further obfuscation. I'll list some of my favorites below.

[*] CanvadBlocker
[*] Cookie AutoDelete
[*] HTTPS Everywhere
[*] NoScript
[*] Spoof timezone
[*] User Agent Platform Spoofer

Going deeper down that rabbit hole, you can also use a privacy based Linux distribution like Tails or QubesOS. Both will run from a USB flash drive and provides additional privacy features. QubesOS runs all applications sandboxed within a virtual machine. This allows the OS to completely isolate the application from other things running and protects your system. If someone manages to exploit and gain access via a security hole in something, it then has to get out of jail :D

Tails is a privacy distro. It doesn't segregate applications like Qubes but routes everything through tor and has all the bells and whistles to keep your identity secure. It also leaves no trace after you take the flash media out of the computer.

Going even deeper ....

Linux has some more cool security features to help you stay anonymous. By using cgroups and seccomp, you can isolate applications like your browser without a fully blown hypervisor present. For this type of isolation, check out the FireJail project!

I'll leave it there for now, if this sort of thing interests you, shout and I'll do some more in depth tutorials for you guys.

Stay safe!
Last edited by grumpygrower on Mon Sep 09, 2019 11:08 pm, edited 1 time in total.
These users thanked the author grumpygrower for the post (total 3):
Keeno (Mon Sep 09, 2019 11:25 pm) • Marcus (Wed Sep 11, 2019 6:15 pm) • Bulls (Thu Sep 12, 2019 11:17 am)
Judge of a man by his questions rather than by his answers. (Voltaire)

ad
User avatar
Nanook of the north

GR420 Grafter
Super Moderator
Posts: 6372
Joined: Thu Jan 01, 1970 2:33 am
Medals: 1
Location: My nest
Has thanked: 3615 times
Been thanked: 4282 times
Status: Online

Re: I've experience in cyber security

Post by Nanook of the north » Mon Sep 09, 2019 11:05 pm

Awesome post :)
I know a little but not that much :)
These users thanked the author Nanook of the north for the post:
grumpygrower (Mon Sep 09, 2019 11:06 pm)
The quieter you become, the more you are able to hear.

User avatar
Keeno

100 Post 500 Posts 1000 Posts 100 Thanks 500 Thanks
1000 Thanks 5000 Thanks Super Moderators Respected Users Completed Student Award!
Completed Diary Social Media Admin Xmas Party GR420 Grafter
Site Admin
Posts: 5538
Joined: Sat Oct 07, 2017 10:11 pm
Medals: 14
Has thanked: 2117 times
Been thanked: 6427 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Keeno » Mon Sep 09, 2019 11:26 pm

Thank you Grumpy Grower. Very informative post, im sure this will help many.

User avatar
grumpygrower
Posts: 189
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 102 times
Been thanked: 135 times
Status: Offline

Re: I've experience in cyber security

Post by grumpygrower » Wed Sep 11, 2019 7:33 pm

Thanks peops! I'll do a few posts here for shits and giggles. Starting with password security. Post here any requests and I'll write something up. Knowledge is power :rock:
Judge of a man by his questions rather than by his answers. (Voltaire)

User avatar
Nanook of the north

GR420 Grafter
Super Moderator
Posts: 6372
Joined: Thu Jan 01, 1970 2:33 am
Medals: 1
Location: My nest
Has thanked: 3615 times
Been thanked: 4282 times
Status: Online

Re: I've experience in cyber security

Post by Nanook of the north » Wed Sep 11, 2019 8:23 pm

Isn't my password God1 any use? 😂🙈
These users thanked the author Nanook of the north for the post:
grumpygrower (Wed Sep 11, 2019 10:16 pm)
The quieter you become, the more you are able to hear.

User avatar
grumpygrower
Posts: 189
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 102 times
Been thanked: 135 times
Status: Offline

Re: I've experience in cyber security

Post by grumpygrower » Wed Sep 11, 2019 10:21 pm

Nanook of the north wrote:
Wed Sep 11, 2019 8:23 pm
Isn't my password God1 any use? 😂🙈
LOL you'd be surprised how many people use rubbish passwords. The worst ones are things like birthdays, pet names, siblings names and anything like that. There are little Python scripts out there that will scrape social media sites for all words on your pages etc, then generate a comprehensive password list based on that data. It will do all sorts like l33t things, flip uppercase and lower case, add numbers common special characters, concatenate words and loop the previous instructions on the union of words. All in a few hours too with a decent computer.
These users thanked the author grumpygrower for the post:
Bulls (Thu Sep 12, 2019 11:20 am)
Judge of a man by his questions rather than by his answers. (Voltaire)

User avatar
Bulls

GR420 Grafter
Coco Grower
Posts: 6336
Joined: Tue Oct 10, 2017 5:39 am
Medals: 1
Location: Gagliari
Has thanked: 3156 times
Been thanked: 5781 times
Status: Online

Re: I've experience in cyber security

Post by Bulls » Thu Sep 12, 2019 11:26 am

Some very good knowledge there grumpygrower mate. Such information is always helpful to any of us. I was told before that the agencies got access to tor network and actually using the tor browser rings a bell into their system that u might be up to something no good and they watch you? Of course it might not be true I am just quoting what I Was told :) Thankfully i got no social media for them to harvest info from haha
These users thanked the author Bulls for the post:
grumpygrower (Thu Sep 12, 2019 10:20 pm)
Chiesel Grow Diary
Glueberry OG by Dutch Passion

Eyes are useless when the mind is blind

User avatar
Nanook of the north

GR420 Grafter
Super Moderator
Posts: 6372
Joined: Thu Jan 01, 1970 2:33 am
Medals: 1
Location: My nest
Has thanked: 3615 times
Been thanked: 4282 times
Status: Online

Re: I've experience in cyber security

Post by Nanook of the north » Thu Sep 12, 2019 1:53 pm

yes ive seen the scripts you speak of :)
And yes, I used to have massive wordlists myself but those days are well and truely past now. I think with age comes lazieness.
These users thanked the author Nanook of the north for the post:
grumpygrower (Thu Sep 12, 2019 10:20 pm)
The quieter you become, the more you are able to hear.

User avatar
Nanook of the north

GR420 Grafter
Super Moderator
Posts: 6372
Joined: Thu Jan 01, 1970 2:33 am
Medals: 1
Location: My nest
Has thanked: 3615 times
Been thanked: 4282 times
Status: Online

Re: I've experience in cyber security

Post by Nanook of the north » Thu Sep 12, 2019 1:54 pm

Bulls, they got access to some nodes I believe, but I very much doubt the legality of how they did it. They had to do something to bring down certain marketplaces on the onion web.
These users thanked the author Nanook of the north for the post:
grumpygrower (Thu Sep 12, 2019 10:20 pm)
The quieter you become, the more you are able to hear.

User avatar
grumpygrower
Posts: 189
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 102 times
Been thanked: 135 times
Status: Offline

Re: I've experience in cyber security

Post by grumpygrower » Thu Sep 12, 2019 10:09 pm

Bulls wrote:
Thu Sep 12, 2019 11:26 am
Some very good knowledge there grumpygrower mate. Such information is always helpful to any of us. I was told before that the agencies got access to tor network and actually using the tor browser rings a bell into their system that u might be up to something no good and they watch you? Of course it might not be true I am just quoting what I Was told :) Thankfully i got no social media for them to harvest info from haha
Thanks! As I said, knowledge is power :D The TOR network has its shortcomings. The attack I think you're referring to is a theoretical attack where the government could spin up enough TOR nodes to own a good percentage of the network. Then they can strip back the layers of encryption and perform timing based attacks to unmask users. That's an old attack, the size of the network is quite large nowadays so it would be an expensive attack and a bit like using a sledge hammer to crack a walnut. There are other attacks, here's a link to a few speculative attacks that could happen.. Your biggest threat to your online privacy when using TOR is yourself. The weakest link is normally human error like incorrect configuration on a server you're running if offering services on the dark web or insecure browsers leaking your information. If you check out some of the public cases where users have been caught like the silk road case, it's normally human error that catches people out. Same way hackers manage to breach systems. Things have become too complex in the IT world. Systems require deep knowledge in all sorts of fields to be secure. People mess up all the time. If you're really interested in getting deep, check out this paper from 2016. They do a much better job of explaining things than me. I'm more of a jack of all trades :D I've done quite a bit of ethical hacking but that was some years ago. Some of my stuff has been quite public so I can't go too much into detail or I'll be exposing myself.
These users thanked the author grumpygrower for the post:
Nanook of the north (Thu Sep 12, 2019 10:13 pm)
Judge of a man by his questions rather than by his answers. (Voltaire)

User avatar
Nanook of the north

GR420 Grafter
Super Moderator
Posts: 6372
Joined: Thu Jan 01, 1970 2:33 am
Medals: 1
Location: My nest
Has thanked: 3615 times
Been thanked: 4282 times
Status: Online

Re: I've experience in cyber security

Post by Nanook of the north » Thu Sep 12, 2019 10:13 pm

See, I said it better 😂👍
These users thanked the author Nanook of the north for the post:
grumpygrower (Thu Sep 12, 2019 10:19 pm)
The quieter you become, the more you are able to hear.

Post Reply

Return to “Online Security”