I've experience in cyber security
- seymore_budz
- Respected Member
- Posts: 2306
- Joined: Mon Sep 09, 2019 7:18 pm
- Has thanked: 650 times
- Been thanked: 1492 times
- Contact:
- Status: Offline
I've experience in cyber security
Hi,
I've got some experience into cyber security. If you have any questions, fire away Like the previous posts say, it's all about operational security. Keeping data leakage to a minimum. The next part of this post is for the tin hat guys like myself :D
You can use TOR as well as a VPN to further obfuscate your identity. There's quite a lot of press out there saying TOR isn't secure but if you read between the lines and understand the technology, you'd see it's a lot more secure than people are lead to believe. The one thing you should really concern yourself about is your choice of browser. If I was going to attack a target, I'd attack the browser because if setup incorrectly, with a little shake, it will leak information about you. The old saying is why spend all your time banging down the walls when the from door is made of hay. If you're not technically minded, you can download the TOR bundle from the internet. I'm not sure about the links policy here so I won't post links to sites unless someone gives me the green light.
I'd suggest you use the TOR browser or FireFox as Chrome isn't as secure. On top of Firefox/TOR, there are some plugins you can use to further obfuscation. I'll list some of my favorites below.
[*] CanvadBlocker
[*] Cookie AutoDelete
[*] HTTPS Everywhere
[*] NoScript
[*] Spoof timezone
[*] User Agent Platform Spoofer
Going deeper down that rabbit hole, you can also use a privacy based Linux distribution like Tails or QubesOS. Both will run from a USB flash drive and provides additional privacy features. QubesOS runs all applications sandboxed within a virtual machine. This allows the OS to completely isolate the application from other things running and protects your system. If someone manages to exploit and gain access via a security hole in something, it then has to get out of jail :D
Tails is a privacy distro. It doesn't segregate applications like Qubes but routes everything through tor and has all the bells and whistles to keep your identity secure. It also leaves no trace after you take the flash media out of the computer.
Going even deeper ....
Linux has some more cool security features to help you stay anonymous. By using cgroups and seccomp, you can isolate applications like your browser without a fully blown hypervisor present. For this type of isolation, check out the FireJail project!
I'll leave it there for now, if this sort of thing interests you, shout and I'll do some more in depth tutorials for you guys.
Stay safe!
I've got some experience into cyber security. If you have any questions, fire away Like the previous posts say, it's all about operational security. Keeping data leakage to a minimum. The next part of this post is for the tin hat guys like myself :D
You can use TOR as well as a VPN to further obfuscate your identity. There's quite a lot of press out there saying TOR isn't secure but if you read between the lines and understand the technology, you'd see it's a lot more secure than people are lead to believe. The one thing you should really concern yourself about is your choice of browser. If I was going to attack a target, I'd attack the browser because if setup incorrectly, with a little shake, it will leak information about you. The old saying is why spend all your time banging down the walls when the from door is made of hay. If you're not technically minded, you can download the TOR bundle from the internet. I'm not sure about the links policy here so I won't post links to sites unless someone gives me the green light.
I'd suggest you use the TOR browser or FireFox as Chrome isn't as secure. On top of Firefox/TOR, there are some plugins you can use to further obfuscation. I'll list some of my favorites below.
[*] CanvadBlocker
[*] Cookie AutoDelete
[*] HTTPS Everywhere
[*] NoScript
[*] Spoof timezone
[*] User Agent Platform Spoofer
Going deeper down that rabbit hole, you can also use a privacy based Linux distribution like Tails or QubesOS. Both will run from a USB flash drive and provides additional privacy features. QubesOS runs all applications sandboxed within a virtual machine. This allows the OS to completely isolate the application from other things running and protects your system. If someone manages to exploit and gain access via a security hole in something, it then has to get out of jail :D
Tails is a privacy distro. It doesn't segregate applications like Qubes but routes everything through tor and has all the bells and whistles to keep your identity secure. It also leaves no trace after you take the flash media out of the computer.
Going even deeper ....
Linux has some more cool security features to help you stay anonymous. By using cgroups and seccomp, you can isolate applications like your browser without a fully blown hypervisor present. For this type of isolation, check out the FireJail project!
I'll leave it there for now, if this sort of thing interests you, shout and I'll do some more in depth tutorials for you guys.
Stay safe!
Last edited by seymore_budz on Mon Sep 09, 2019 11:08 pm, edited 1 time in total.
Those who can make you believe absurdities can make you commit atrocities.
- Nanook
- Respected Member
- Posts: 9825
- Joined: Thu Jan 01, 1970 2:33 am
- Location: My nest
- Has thanked: 640 times
- Been thanked: 947 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
Awesome post :)
I know a little but not that much :)
I know a little but not that much :)
The quieter you become, the more you are able to hear.
- Keeno
- Site Admin
- Posts: 25590
- Joined: Sat Oct 07, 2017 10:11 pm
- Has thanked: 10582 times
- Been thanked: 17122 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
Thank you Grumpy Grower. Very informative post, im sure this will help many.
- seymore_budz
- Respected Member
- Posts: 2306
- Joined: Mon Sep 09, 2019 7:18 pm
- Has thanked: 650 times
- Been thanked: 1492 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
Thanks peops! I'll do a few posts here for shits and giggles. Starting with password security. Post here any requests and I'll write something up. Knowledge is power
- seymore_budz
- Respected Member
- Posts: 2306
- Joined: Mon Sep 09, 2019 7:18 pm
- Has thanked: 650 times
- Been thanked: 1492 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
LOL you'd be surprised how many people use rubbish passwords. The worst ones are things like birthdays, pet names, siblings names and anything like that. There are little Python scripts out there that will scrape social media sites for all words on your pages etc, then generate a comprehensive password list based on that data. It will do all sorts like l33t things, flip uppercase and lower case, add numbers common special characters, concatenate words and loop the previous instructions on the union of words. All in a few hours too with a decent computer.
- Bulls
- Coco Grower
- Posts: 8623
- Joined: Tue Oct 10, 2017 5:39 am
- Location: Cagliari
- Has thanked: 927 times
- Been thanked: 1804 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
Some very good knowledge there grumpygrower mate. Such information is always helpful to any of us. I was told before that the agencies got access to tor network and actually using the tor browser rings a bell into their system that u might be up to something no good and they watch you? Of course it might not be true I am just quoting what I Was told :) Thankfully i got no social media for them to harvest info from haha
Multi Strain Grow Under Harvest 200 Pro LED lights
Orange Chiesel, Runtz, Sour banana Chiesel, Gorilla Glue, Critical - The Battle of the Strains
Forbidden Dream by Humboldt and Blueberry Cookies by Dinafem under CDM Lights - Completed
White Widow by Seed Stockers under CDM Lights - Completed
Orange Chiesel, Runtz, Sour banana Chiesel, Gorilla Glue, Critical - The Battle of the Strains
Forbidden Dream by Humboldt and Blueberry Cookies by Dinafem under CDM Lights - Completed
White Widow by Seed Stockers under CDM Lights - Completed
There is no passion to be found playing small and settling for a life that's less than the one you're capable of living
- Nanook
- Respected Member
- Posts: 9825
- Joined: Thu Jan 01, 1970 2:33 am
- Location: My nest
- Has thanked: 640 times
- Been thanked: 947 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
yes ive seen the scripts you speak of :)
And yes, I used to have massive wordlists myself but those days are well and truely past now. I think with age comes lazieness.
And yes, I used to have massive wordlists myself but those days are well and truely past now. I think with age comes lazieness.
- Nanook
- Respected Member
- Posts: 9825
- Joined: Thu Jan 01, 1970 2:33 am
- Location: My nest
- Has thanked: 640 times
- Been thanked: 947 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
Bulls, they got access to some nodes I believe, but I very much doubt the legality of how they did it. They had to do something to bring down certain marketplaces on the onion web.
- seymore_budz
- Respected Member
- Posts: 2306
- Joined: Mon Sep 09, 2019 7:18 pm
- Has thanked: 650 times
- Been thanked: 1492 times
- Contact:
- Status: Offline
Re: I've experience in cyber security
Thanks! As I said, knowledge is power :D The TOR network has its shortcomings. The attack I think you're referring to is a theoretical attack where the government could spin up enough TOR nodes to own a good percentage of the network. Then they can strip back the layers of encryption and perform timing based attacks to unmask users. That's an old attack, the size of the network is quite large nowadays so it would be an expensive attack and a bit like using a sledge hammer to crack a walnut. There are other attacks, here's a link to a few speculative attacks that could happen.. Your biggest threat to your online privacy when using TOR is yourself. The weakest link is normally human error like incorrect configuration on a server you're running if offering services on the dark web or insecure browsers leaking your information. If you check out some of the public cases where users have been caught like the silk road case, it's normally human error that catches people out. Same way hackers manage to breach systems. Things have become too complex in the IT world. Systems require deep knowledge in all sorts of fields to be secure. People mess up all the time. If you're really interested in getting deep, check out this paper from 2016. They do a much better job of explaining things than me. I'm more of a jack of all trades :D I've done quite a bit of ethical hacking but that was some years ago. Some of my stuff has been quite public so I can't go too much into detail or I'll be exposing myself.Bulls wrote: ↑Thu Sep 12, 2019 11:26 amSome very good knowledge there grumpygrower mate. Such information is always helpful to any of us. I was told before that the agencies got access to tor network and actually using the tor browser rings a bell into their system that u might be up to something no good and they watch you? Of course it might not be true I am just quoting what I Was told :) Thankfully i got no social media for them to harvest info from haha