Posts by LiquidIce
2016-03-14 at 2:48 PM UTC in Nig Ops I Nigs@Nite EditionOh shit OP, this is pretty cool. I thought nightops.net died a long time ago - I'll have a blast reading through those old threads again.
I never really did night ops, I did some urbex one time at this abandoned water power plant but I was scared shitless because I saw hobo tents pitched in the main building and I had 0 experience. It didnt help that I was a super awkward teenager as well. Funny, since then I've gotten into the whole body weight fitness thing so night ops would be easier to train into, but I think I'll stick to urban exploring tho. I'll post pics if I do it, spring's around the corner.
OP, how'd it go?
2016-03-14 at 2:42 PM UTC in The website obesity crisis
I did not, my avatar remains a little anime girl. Your shit must be buggy and of course i remember it was a good post fam.
Yup, my shit was buggy, sorry for ever doubting you broski.
2016-03-13 at 2:21 PM UTC in I go to the 3rd interview on Monday
So it looks like I go into my third interview on Monday which sounds like it's the "you're hired, how low can we pay you" interview, but I'm not as happy as I feel like I should be. This job will at least pay more than my current job, will be day shift Monday through Friday, and wont be walking around talking to customers, so that's good. But I feel like I just keep on getting jobs, getting fired, collecting unemployment, find another job, etc.
What should I do to break this cycle? Maybe go to school, or maybe try to start up something on the side?
I've thought about this problem too. I've figured out two things so far, I'm trying one out and just seeing how it works out:
1). Become your own boss (freelancing, consulting, etc.) - instead of having one boss, you get to have many! Why is this good? Well, you're independent of any one entity - if someone fires you then hey, you got 24 other bosses or you go out and look for more work/bosses. It's not ideal, but I think it's a major step forwards from being completely and utterly dependent on one entity that controls how much you make, how much time you work, much you can learn, how much time off you get, etc.
I'm trying this approach out right now and learning a lot of stuff (mainly business), but it's too early for me to say whether this approach mitigates enough of the bad stuff to be worth considering.
2). Create artifact, copy artifact, sell artifact. So, like, create an ebook, sell it. One time, upfront investment of time, possibly long and drawn out pay off period. I've been thinking on doing this with some of my code that I use again and again on different projects, but it's way too early yet.
Both of these approaches use well-tested principles of capitalist thought - when you work for someone else, you have 0 capital, meaning you will be a wage slave forever. However, when you start working for yourself or start creating products, you are gathering capital, which, at some point, when you have enough of it, will allow you to escape the cycle of wage-slavery.
2016-03-13 at 2:06 PM UTC in uKnowKids goofs mongoDB install, exposing PI of 1700 kids.Yeah, I'm always a bit happy when shit like this happens because it shows people that hurr durr, you can't live "outside" the digital system that we've unknowingly built. I hate how they treated the researcher tho, as if any one would believe their crappy hostile PR campaign.
2016-03-13 at 2:02 PM UTC in The website obesity crisisYeah, what about those blogs/sites that need a DB but are actually pretty damn static and could instead just be a bunch of html and styles? Nginx can serve 30-50 people that kinda stuff and your CPU doesn't go above 10%, especially if your host uses ssd drives (I know, not cpu related, but just makes fetching uncached files faster).
Open up dev tools in your browser and go to any news site and I promise you that within a few clicks, you'll get to a page that downloads 10-20 megabytes. Images, scripts, more images, more shit... And the article is like a 100 word regurgitation of something some editor found on some other site. Just read "Trust Me, I'm Lying" and you'll understand why this thing happens and how the whole online media machine works - it's a lot worse than your brick n mortar media.
I don't even fucking web dev, but you should read LiquidIce's post about the subject somewhere here in T&T i found it very insightful.
Woo, someone remembers. Btw, why u stole my avatar, bro dude?
2016-02-27 at 5:13 PM UTC in arnox is closing his site
Arnox was pussy and cried. The only shred of respect I have for him is that he tried. Lanny doesn't bitch and cry and looks out for himself(legally), making him more superior in my eyes.
So much this. It takes dedication and resources to run a site like this. Not everyone has that.
2016-02-26 at 9:23 AM UTC in What are you hacking on?Well, I just caved and got two of these Zsun wifi+card reader bundles from http://www.gearbest.com/zsun-_gear/ . 20$, but gotta wait a month until it gets here. Well, just enough time to make some plan on how to use these. (wifi repeater / solar powered / mobile AP for MITM / piratebox / wifi beacon reader, whatevs)
~400mhz, 16mb flash, 64mb memory, runs openwrt -> https://wiki.hackerspace.pl/projects...fi-card-reader
2016-02-26 at 8:45 AM UTC in An Alternate Internet
Combined with solar power…
That would be fucking amazing. Low-power, mass produced wifi access.
Is it possible to build a router that reaches miles away? I've seen things on Amazon that are shaped like large guns and are pointed at each other from a long ways away to share a WIFI signal, but can I just straight up broadcast my access point throughout a large portion of my city, allow people to connect to it?
Those are, I think, directional antennas. You can DIY one (google "cantenna"). They project the signal in one direction (it's a conical spread if I remember correctly). They are also sensitive in that one direction.
If you wanted to cover a large area with a wifi signal, you'd probably have to use an omni antenna that could catch weaker signals and some electronics to feed more power to the signal. This is way above my knowledge level, but I do know that this would be illegal (who cares tho) because the wifi bands are restricted to a certain signal power to avoid interfering with other signals and I think this would obliterate any other signals on the same channel. Ie. if you'd use this on chan 11, I doubt any other router in your hood would be able to use this channel. Im not even sure that clients with standard wifi radios would be able to talk back to the beefed up access point, but you'd need someone with more radio knowledge than me to verify this.
But them solar powered repeaters could be cool and doable with consumer hardware running OpenWRT (https://forum.openwrt.org/viewtopic.php?id=39077
Also, totally off topic, checkout this sexy beast:
2016-02-26 at 8:33 AM UTC in Can't sign in with Tor
>all ur data belong to agent smith
Thinking from a spec point, cloudflare acts as a kind of proxy, it should at least allow fucking GET requests.
2016-02-26 at 6:27 AM UTC in Low budget privacy.
Baphomet's top VPN recommendation is mullvad, it's paid though, but supposedly very good.
That looks pretty damn good, I might just go ahead and try it as I have some btc lying around. Thanks broslaf.
edit: I actually checked baphomet and also saw that they recommend cryptostorm - it offers a free tier for me to try. I have an unused openwrt router lying around, so I'll set it up as a dedicated VPN access point. It's been fucking years since I was able to torrent stuff (books, manuals).
If I could I would thank you 5x times.
2016-02-25 at 1:24 PM UTC in An Alternate InternetThose of you who frequent hacker news probably already read this but I think this is highly relevant and super fucking cool: http://arstechnica.com/information-technology/2016/02/researchers-create-super-low-power-wi-fi/
2016-02-25 at 7:31 AM UTC in Low budget privacy.Hey Sophie. I tried using the Cyberghost VPN but the free tier doesn't support using VPN protocols and offers no client for Linux. Have you used any other VPNs that you'd recommend?
2016-02-23 at 7:39 PM UTC in I propose we add this feature to T&T.That would be pretty sweet, having it self-hosted and what not (as opposed to using pastebin). I also know there's something like highlight.js that does this clientside - might be easier to tack onto VB.
2016-02-23 at 7:38 PM UTC in Another IP address Question.
If I had a laptop, could I see what IP addresses thsi laptop has been on or using?
For example if the person who owned the laptop and moved around from wifi spot to wifi spot is there a list of IP addresses they would of used that can be found on the laptop?
I can't say much about Windows or OSX, but I know Linux keeps a cache of DHCP leases handy somewhere under /var/lib/dhcp.*. I can only assume other OSs have a similar function to make networking work faster.
2016-02-23 at 6:13 PM UTC in What are you hacking on?
The main reason why i want to be able to analyze malware is to be a better malware dev myself. Plus it's interesting to see what goes on behind the scenes so to speak. Also i follow that blindseeker guy on Twitter he also goes by the handle da_667 and is a pretty big deal in the twitter infosec scene, if you want i can PM you my infosec twitter. Basically what i do is post reports on hacks, programs i'm working on or are done for distribution and sometimes a joke or two. I tend to post once or twice a week depending on what i got cooking at the time.
Ha, shouldve known you were deeper in that scene than me. No offense, but I'd like to keep my online personas as separate as possible. I'd love to checkout malware one day, but now I'm focusing on web/browser stuff, hoping to start my infosec career off of that, then once I get a decent foothold, start exploring stuff like malware.
Just Java's wrapper around OS sockets. I'm probably the furthest thing there is from a "java person" but at work if you want to run something on a server it's a pain in the ass if it's not java. Well it's a pain in the ass if it is, but everything has to go through "architectural review" and most our dumbass architects can't read anything else so that's how it goes.
I've never been a huge fan of Twisted although I admit it's been a number of years since I've used it. Gevent, while not a networking library per se, is one of my favorite pieces of software of all time so when I need to do async IO in Python it's pretty much a no-brainer to go with gevent. Elixir does sound cool, I've been wanting to pick up a language from erlang-land for a while now.
Oh man, I've never had to go through that kinda review process, I've only heard about it from people 10 years my senior. I should hunt down a job like that just to see what it's like.
Funny enough, I've never had a chance to use gevent, but now you made me wanna try it out. I've been exploring Python 3's asyncio module and it's quite a joy - I wonder how those two compare, or even if they can compare (apples, oranges, maybe?).
2016-02-22 at 4:41 PM UTC in What are you hacking on?
I'm working on learning malware analysis with Immunity Debugger and trying to understand malware on a more deeper level, awesome program by the way, also good for developing exploits it would seem. Pic related:
Also to begin with i chose to analyze a piece of malware i made myself to get familiar with the debugger and better understand everything that is going on. The malware i wrote operates as follows: When it gets clicked it asks for admin privilege(Usually it would be bound to an innocent binary so this would not be suspiscious) after that it copies itself to a certain folder and adds a registry entry for persistence, then it starts to listen on port 8899 for incoming connections. Once a connection is made it will spawn an OS shell, to be controlled by metasploit's payload handler.
If you're interested in the piece you can download/clone it as per usual directly from my github.
I also am always up for getting better at python so give me a problem of intermediate difficulty and i will try to solve it programatically or just a fun project or an idea for malware.
Nice! The only debugger's I've ever used were ollydb and radare, but RE never seemed to stick with me. I'll write more later, gotta run now. But, here's something I stumbled upon today that sounds like it might interest you: https://blindseeker.com/blahg/?p=730
2016-02-22 at 12:01 PM UTC in Gratuity Tips
Shit nigger. If you got one of them fancy card readers that connect to your iPhone or some shit im sure you could figure something out.
If I understand how this works correctly then this fancy card reader thing is just something to read a magnetic stripe and transform that into an electric signal ie. take apart an analog tape player, get the reader-head out, solder it to a 3.5mm jack, plug jack into your microphone input and run some audio recording software, scan card and you got the data.
I'd assume this is a lot more complicated with the chip-n-pin cards recently rolled out in the US :/.
2016-02-22 at 11:02 AM UTC in What are you hacking on?
Yeah, but the protocol is pretty simple, no encryption so I just watched a few requests through wireshark. Auth is done through LDAP so that can be handed off to a library. The actual protocol is text/linebased, Basically HTTP but the status line has a different format. I haven't tried it out on large query results so there may be some custom mechanism for row-chunking but I want to get the simple case done first, hopefully I can demonstrate value with that and get my employer to pay me to develop/maintain this thing.
Purty cool. Mind if I ask what are you using for networking? I've had good experiences with Python's Twisted library, but I'm aching to mess around with Elixir for networking purposes.
2016-02-22 at 7:10 AM UTC in Paying back student loans and a rant at the rage towards my dad
I had no idea you had such a bad relationship with your dad. :(
Happens, right? I just wanted to pass it along - I wish someone told me this earlier in my life, couldve saved myself a lot of work.
2016-02-21 at 3:45 PM UTC in Paying back student loans and a rant at the rage towards my dad
Taxes do blow but it's a lot easier today than even in the recent past. I just did my taxes online in like an hour, first year I was in school it was like a 3 day process of googling shit and calling my mom for advice. The upside is almost everyone who's not self employed gets a refund (put it towards your loans, don't blow it on dumb shit) and student loan interest is, I think, a direct deduction.
So much this. I had to do expat taxes, which I thought would require me to hire some CPA for 400$+ because hurr durr foreign tax credit/fbar/fatca/whatevs, but turns out, I was able to do them in like 2 hours using turbotax. If you have a regular w2 and nothing special going on, it should take you an hour tops.
Also, I too had a dad who would borrow money from me and sloooowly pay it back. That is not good parenting, it's actually really awful, and from the perspective of time I know I should have taken a stand against it and never budged, no matter what. If your parent/s are so bad with money that they have to borrow it from kids (and it's not a special situation like a fire, accident, etc.), then it means they just see you as a cheap ticket to be even lazier. Cutting contact completely with that narcissistic asshole was the best decision I've ever made and it has improved my life a lot. If he doesn't know how to be a good father, it's not my problem.