User Controls
Posts by oatking
-
2016-09-12 at 2:21 PM UTC in What kind of threads do you look for in T&T?
How do I learn C in under a month nigga.
Grab a copy of K&R C. I think it's in the public domain now so you can just download it. It's a bit demanding but hell, it teaches you good. If you didn't have anything to do for month, you'd probably be able to finish it in that time. You could also try using something higher level like Python + pygame/kivy to make games. Easier to learn without going deep into computer architecture and should be good enough to make some simple vidya games.T&T Census reboot. I've been trying to post more infosec news. Also, i feel like i should be writing my decrypting module for Cypher, but i'm actually less interested in helping people get unfucked rather than fucking them over. I do want to design/brainstorm/think about more decent C2 infrastructure.
Them news are pretty good and I've been meaning to check out Cypher when I get some free time to do so, so good stuff m8.
Myself, I'd like to see more of pretty much anything here. People looking to solve their problems with their code/machine, people looking to make a website, folks hacking some hardware, folks hacking other folks. There's areas where I could help out and there's areas I'd love to learn more about like hardware hacking or malware analysis/coding.
That said, I should make an archive of some good CS books and a thread, stuff like "if you wanna learn networking, pick up book X, if you wanna learn webdev, try books X and Y". -
2016-09-12 at 2:10 PM UTC in AirBnb attacked by SJW, pledges to increase equality and diversity
Also news is bullshit. Lanny gets this. Thats why we just shoot the shit about current events in whatever subforum you see fit. Fuck the sub's m8. Its all bullshit anyway.
I beg to differ - everything outside of here is bullshit. It's bullshit layered on top of bullshit. Here - here we actually have a chance to talk about reality as it is.Yee blood. If i were AirBnB i'd counter-sue for libel. The leftist narrative is a cancer of the mind and both government and media are complicit in it's perpetuation. At least i am glad to see some of us aren't economically and for that matter, mentally, challenged.
I never really got the leftist narrative until I started seeing these poisonous "codes of conduct" infect many open source projects that I use everyday. Looking at the drama, the arguments put forth by the SJWs broke something inside me and now I see this shit everywhere - especially in the CS industry because hurr durr, there's money to be made here, right? Why aren't SJWs infesting plumbers? Or teacher unions? Or nurse unions? None of those folks make any money, so no point in wasting time infecting those communities, but oh look, programmers, time to initiate operation "infect and destroy".
Also, econ rocks. One of the things that opened my eyes to how the world works around me. It should be required at the high school level (at least microeconomics) but if that ever happened, the people would burn the system to ground in a heartbeat.
-
2016-09-12 at 2:04 PM UTC in How To Integrate a Backdoor Into a Windows OS As a Shell of the OS Itself
Most trojan front ends have remote registry read/write capability, so it's simply a matter of pressing a couple of buttons and the target machine's registry is right there. For example, after port scanning IP ranges for open known trojan ports, finding a few dozen that aren't honey pots, logging into them with the corresponding front ends after cracking the passwords, whatever, upload server with registry access, lock the r00tkit executable file into place using the registry key… most users would probably try and delete the file, then undelete it and restore it when they found out it broke everything. This provides the intruder more time to use the connection for various nefarious purposes, before the key is finally discovered.
This is so 2009, man. Right now it's all about 0day java/extension/applet driveby installs. Sure, there's probably thousands of machines with subseven on them (probably old XP boxes running in hydroelectric dams or factories), but this is really old.
Also, one technique that probably never fails is to email a small group of people an email with "boobs.jpeg.exe" attached. Ok, it'll be a bit more complicated than that due to gmail not even allowing exe to go through, but if you invest like, 30 more minutes into building a phishing site and stuff, you'll get better results.
-
2016-09-12 at 1:58 PM UTC in Cross platform malware targets *nix, OSX and Windows.
[SIZE=28px]Me 5 minutes ago.[/SIZE]
<snip snip>
Most likely one form of social engineering or another i'd say.
Damn it, you're right.
Another idea here is to push something this into an npm module and trick the user into installing it with sudo. Not a single nodejs/php developer knows shit, so they'd be happy to do it. A while ago there was an article about how easy it is to either take over abandoned npm repos or just create new ones with subtle typos to trick users into installing shit. Then, all you gotta do is get the script to collect ssh keys and enjoy access to hundreds of VPSes.
-
2016-09-12 at 1:51 PM UTC in Funny article for programmers.
Oatking suspected for NSA. It makes sense since if you turn OAT around you get TAO which is the NSA's acronym for Tailored Access Operations. TAO has three letters, a triangle has three sides, illuminati confirmed.
Oh shit, you got me! Time to flee!
-
2016-09-12 at 1:40 PM UTC in Telnet - an easy way to attack embedded devices
Im not a compsci fag like most on this site but ive followed the history and news enough to see that this was bound to happen. I mean its embaressing because even I would have know telnet would be a retardedly easy target but its definitly not out of the bounds of reality.
Yeah, but that's just standard practice in this industry:Rich prep kid MBA/Girl with BA in psych. (project manager): I just promised the client that we'll push out this product next week, so chop chop!
Developers: But, but we just announced it a week ago, we've barely got the spec outlined!
Rich prep kid MBA/Girl with BA in psych. (project manager): Spare me your nerdy word soup you peasant, put in your 80 hours per week and get this done no matter what or ELSE!
Developers: Yes betabro/ma'am, please don't hurt us!
I might have turned up the sarcasm here a bit high, but 98% of management has no fucking clue what's happening - they can always wash their hands and blame engineering like VW is doing now.
edit: Oh man, just look at this stuff: https://news.slashdot.org/story/16/09/11/0028238/malware-infects-70-of-seagate-central-nas-drives-earns-86400 EL OH EL -
2016-09-12 at 1:38 PM UTC in HB islandI can't believe this is still a thing.
-
2016-09-09 at 8:09 AM UTC in Telnet - an easy way to attack embedded deviceshttps://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-devices/
Really cool article, goes a long way in explaining how recently people started attacking embedded devices using plain old telnet, then using those devices to attack other devices via telnet. There's no technical know-how in that piece, but lots of graphs exploring when did this happen, what classes of devices are the most popular. I especially liked this point:These devices form an easy target as there is usually a “monoculture†of these devices, all having the same setup and same vulnerabilities.
This reminds of windows in the late 90's/early 00's. One system, one browser - just send them an email with an executable attachment called "boobs.jpg.exe" and you're golden. It also motivated me to do more C since I see that being beneficial in getting talking with these little gizmos, something like this guy does here: http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/ -
2016-09-09 at 7:48 AM UTC in Equation Group Leaks(Re-released).Some funnies from the code:
desc="A packet drops in a router. Does anyone hear it?"
# Add support for python 2.3 and 2.4
Looks like lots of stuff to explore:
--------------------------------------------------------------------------------
Language files blank comment code
--------------------------------------------------------------------------------
XML 704 75 0 156652
Python 198 9591 6417 36416
Perl 31 856 99 3867
Bourne Shell 13 236 131 1210
Assembly 34 391 177 1135
ASP.Net 2 145 0 642
C 1 24 0 165
make 1 23 36 25
DOS Batch 1 8 0 24
Bourne Again Shell 8 2 0 16
--------------------------------------------------------------------------------
SUM: 993 11351 6860 200152
--------------------------------------------------------------------------------
I wonder if they have some tool to create those super cool codeword names? -
2016-09-09 at 7:41 AM UTC in Funny article for programmers.
Unfortunately this is true, but, if most of us contribute a little we will end up with a lot of content at the end of the day and who better to start than ourselves? Also, since we're talking how did you end up on our little corner of the internet? If you don't mind me asking.
True dat, I'll try to bake my share of pie since I'm here. I can't divulge how I ended up here, that'd completely unmask me! It also can't be used as a way to get more members :(.The article offers an interesting insight. For me it stresses the fact that if i were to pursue a career in computer science i would probably be more inclined to research and information security in general than anything else.
Yeah, no wonder. You can end up on a good team and have the time of your life, but you can also end up with some crazy people, managed by assholes that think they can wake you up at 2am because a gif stopped spinning or something. I've heard it said that it's good to get some development or sysadmin experience before going for infosec, but I think it's kinda BS - if you studied CS, did K&R C, make SICP, and aced your networking and OS classes, then you're pretty ready for taking on whatever infosec can throw at you. At least that's what I think. I'm currently catching up on some OS and C concepts and maybe I'll switch to infosec in the following year, I just wanna get away from the BS I outlined above.
-
2016-09-09 at 7:23 AM UTC in I'm slowly turning into obbeOh no, not you Lanny! The last of the last, the rock upon which the oceans of BS crashed, the unbowed, the unbroken. Hear that sound? It's my soul crying out in anguish!
It's good to have an open mind, especially after being subjected to years to attacks (ie. hearing pascal's wager for the like 50th time...). I, too, know that hunger of spirituality, but I honestly can't cross the barrier. There's something sweet in accepting the truth, the minimal truth, and leaving everything in a constant state of painful uncertainty.
-
2016-09-09 at 7:14 AM UTC in Cross platform malware targets *nix, OSX and Windows.How do you get infected? I know on windows you can just get infected by a drive by when visiting some porn site, but how would this work on Linux? Only way I can imagine is by infecting some package repository (like transmission a few days ago?) or by having a user pipe wget into sudo shell or something.
That said, it's pretty fucking cool to have cross-platform malware. I wonder if the extra work required to do that has payed off for its creators. -
2016-09-09 at 7:06 AM UTC in AirBnb attacked by SJW, pledges to increase equality and diversityhttp://www.nytimes.com/2016/09/09/technology/airbnb-anti-discrimination-rules.html?_r=0
Someone got butthurt because their bid for a place to sleep in wasn't accepted by someone else, so they want to sue airbnb.
Apparently there are people who believe that continuously discriminating sellers can exist in a market. Imagine you have two sellers: Alice and Bob. Alice discriminates by race whereas Bob doesn't discriminate by anything. Bob has access to 100% of the potential client pool, whereas Alice has access to only, say, 80%. This means that Bob has a huge advantage over Alice and in the long run will likely push Alice out of the market. It's the same point raised against the "gender wage gap". If women are paid, say, 70% of what men are paid, then Bob, who's company is made up of 100% women and is in the same market as Alice's 100% male company only has to pay his workers 70% of what Alice pays her workers - that 30% is pure profit, which can be invested to push Alice's inefficient company out of the market.
Do you think we've hit peak political correctness? Or can we continue going down this dark hole?
Also, Lanny, why don't we have a subform for news discussion?
-
2016-09-08 at 6:57 AM UTC in Funny article for programmers.
Good to know, do stick around. We could use more quality content by knowledgeable people here, broman.
I'll do my best, seems like a cool place, although a bit on the quiet side.
Also, I found that this article from way back, which is in tune with what you posted, except less metaphor and funnies and more down to earth advice / warning what to look out for when you program for money: http://thedailywtf.com/articles/Programming-Sucks!-Or-At-Least,-It-Ought-To- -
2016-09-08 at 6:54 AM UTC in Almost out of whiskey
In SC you can't sell liquor after 7pm and you can't sell it at all on Sunday. Hell my county just last year lifted the ban on Sunday alcohol sales, and even now you can only sell it in the city limits.
The one next to us still doesn't allow alcohol sales at all on Sunday or up to 8am Monday morning, which fucking sucks if you work night shift on Sunday
Is this because of Jesus? I'd never think that this could be a thing outside of a religious place like Ireland. -
2016-09-08 at 6:54 AM UTC in Hacking StyleHow about using those powers for good? You know what's recently struck me as pure evil? SJW's. I just learned more in depth about what gamergate was about (I ignored it when it was happening, too much stuff going on in life) and it hit me how prevalent this shit is IRL and how it's affecting me even at a huge distance. I'm brainstorming with ideas on how to counteract this threat myself, doing a bit of reading and research first.
-
2016-09-08 at 6:48 AM UTC in Subdomain takeover for phishing and profit!Here's another example of what subdomain takeover can give you: 10.000$ bug bounty or the ability to read logs/emails: http://blog.pentestnepal.tech/post/149985438982/how-i-was-able-to-read-uber-logs-and-internal. I admit that I don't get the email-related part of DNS, but I'm bookmarking this piece and coming back to it after figuring out how MX records work exactly.
-
2016-09-07 at 7:06 AM UTC in Almost out of whiskeyWhere do you live that bans selling whiskey after 9pm, OP?
It's been all craft beer for me for the past few months. Probably because I can't get trashed, too much work to do. -
2016-09-07 at 6:58 AM UTC in Funny article for programmers.
Sweet, i do python and bash myself with a focus on infosec but hardly in a professional capacity :P
Yeah, def not a pro myself, just amateur stuff like ctfs or bug bounties. If I figure out something cool, I'll share it as I see you're doing here, good stuff manbro. -
2016-09-07 at 6:57 AM UTC in Building a secret cabin far out in the woods.Build a cabin out of scrap, OP. Lots of scrap wood and metal to go around. Only thing you'll really need are quality tools and something like 4-6 months of fair weather. You can do it alone, too.
Been planning something like this myself and the only real expense would be solar panels + batteries, which would come up to around a 1000$-2000$ right now. Then I'd just get scrap wood and metal and cobble everything together with whatever is at hand. Building into a hill is great idea because it's safer and at least half of your house has great insulation.
Ive found cold weather to be the biggest problem. It needs the most work to be done (insulation, getting warm water, etc.). Everything else can be taken care of.