/tech/ - Tech

Technology.

catalog
Mode: Reply
Name
E-mail
Subject
Message

Max message length: 8192

Files

Max file size: 80.00 MB

Max files: 5

Password

(used to delete files and postings)

Misc

Remember to follow the rules


(58.33 KB 1200x1200 hacktivism.png)
(307.87 KB rs1.pdf)
red swarm: leftist hacktivism Comrade 07/05/2020 (Sun) 04:29:45 No. 3109
pdf on left wing hacktivism
Does Bunkerchan have a canary set up, btw? also are the passwords for deletion salted and hashed so they can't be used to identify different posts? with, for example, the post timestamp or post humber?
>>3119 Would you consider running a Leftypol course on how to hack? Kind of like a book club, but more focused around hacking? I know how to pirate books, but that's really just using software thats readily available. I want to learn how to get past paywalls, hack into emails etc
>>5053 I could do some blog posting about specific topics, but as for a club prob not, my work schedule is all over the place, almost always if you're interested in a specific topic their is a blog about it for free.
>>5055 Do some blog posting then. As a priority for me it's: 1) Getting past paywalls, specifically things like the Economist, Financial Times, Jacobin, Catalyst, New Left Review and Tribune. 2) How to hack into individual email accounts. 3) How to not get caught and improve my security. Cause I know nothing about that
>>5052 >Does Bunkerchan have a canary set up, btw? no and that would be a good idea
WATCH OUT FOR ANONYMOUS HE DOES NOT FORGIVE
HE DOES NOT FORGET
(730.45 KB 1366x768 Screenshot_3.png)
>>3187 you could alway start with something simple like XSS Hunter
>>5071 >1) Getting past paywalls, specifically things like the Economist, Financial Times, Jacobin, Catalyst, New Left Review and Tribune. https://www.online-tech-tips.com/computer-tips/12-ways-to-get-past-a-paywall/ 2) How to hack into individual email accounts. https://www.phishing.org/phishing-techniques https://getgophish.com/ 3) How to not get caught and improve my security. Cause I know nothing about that https://ssd.eff.org/en/module/your-security-plan
>>5071 >script/cookie blocker some of those Demsucc sites require credential login, so those typical measures for evasion are quite difficult. >don't do illegal, petty acts don't give the feds a stupid excuse. >the >>5222 linked resource is good, even if libby bunch.
>>3119 If anyone is keeping this post for copypasta it would be worth adding: https://theanarchistlibrary.org/library/anonymous-novelty-of-an-overloaded-transformer <-- Hacking The System as The Nihilist Approach to Uncaptured Insurrection
(413.07 KB 1491x1136 htz1.jpg)
>>3358 >90% of corporate systems are windows. Outside of client machines i have not seen this to be true in my personal experience. >>3954 >Has anyone practice in their personal lab yet? It is hard to emulate real world and most vms dont do it well. The only way to really practice is in the wild, anon. >>4742 >I know there's sqlmap just would like to know how to do it rather than just spamming a database. Big tip is to turn on verbose mode in sqlmap to easily see what is sending. this helps with types of attacks you not used to and lets be real most sqli still out there is rare your standard in-band basic-bitch vulns anymore. >>4742 >playing with macro malware and av bypassing. What tools are you using, anon? And do you care to tell us of your successes? I have not used a windows desktop in a long long time and it is my barrier to doing this. >>5046 >What's a good tool for anonymization of document files? exiftool for exif data scrubbing but this entirely depends on your use-case and threat level. >>5053 >Would you consider running a Leftypol course on how to hack? >Kind of like a book club, but more focused around hacking? Not OP but i would potentially be interested in helping do with this. Keyword: Potentially. >>4732 Did whomever made that pdf do it in Hawaii? Big Keks.
>>5277 >What tools are you using, anon? And do you care to tell us of your successes? I have not used a windows desktop in a long long time and it is my barrier to doing this. Luckystrike and Malicious macro msbuild are decent tools to play around with, but get picked up by AV so modifying them, even with some junk code help get past av https://www.blackhatethicalhacking.com/tools/malicious-macro-msbuild https://github.com/curi0usJack/luckystrike If you need a windows env to test on you can try using virtualbox or any other hypervisor updated and legacy verisons of windows https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ developer machine and environment, for compiling malware and other tools. https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/ server 2019 domain, to put this all together https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019 just use the free trials, you can reinstall or use a snapshot before first boot to revert back if you're lazy. Since 90% of business use active directory knowing both how it works and common misconfiguration is important for exploiting networks. p.s. make sure to go into settings and turn windows defenders auto sample submission off.
(543.99 KB 576x776 cybercom.jpg)
The Open Source Degree/Reading List in CyberSecurity This is a reading list of books, based on the syllabuses of two degrees. You can get 80%+ of the value of a degree simply by downloading the syllabus and reading the required textbook. The next 20% is practical/labs work which you can do on your own through practical experience. Both source degrees are “National Centers of Academic Excellence” approved by the NSA, so your knowledge will at least be as much as an average glow in the dark. Gen Ed’s and any courses related to pure math, management, risk compliance etc are skipped since they are irrelevant. Get all PDFs from libgen and other sources. Baby Tier Knowledge - CSEC 101: Intro to Python – Introductory Programming with python. Every hacker should know at least basic coding. BOOK: Guttag, John. Introduction to Computation and Programming Using Python: With Application to Understanding Data Second Edition. MIT Press, 2016. ISBN: 9780262529624. You can substitute any of the dozens of books and or tutorials and or online courses on Python programming (or the basics of any common language). https://www.youtube.com/playlist?list=PLRJdqdXieSHN0U9AdnmwD-9QcR9hmw04d - CSEC 102: Intro to Databases – Basic SQL programming, for use on relational SQL database systems. BOOK: Sams Teach Yourself in SQL in 10 Minutes (Fourth Edition) ISBN: 0672336073. Tons of resources to go with this, such as Stanford’s introductory course on databases. https://www.youtube.com/playlist?list=PLroEs25KGvwzmvIxYHRhoGTz9w8LeXek0 - CSEC 103: Intro to Computer Networks – Basic Computer Networking. BOOK: CompTIA Network+ Study Guide (latest edition). Youtube tutorial: Professor Messer’s Network+ Training Course https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd - CSEC 104: Intro to Operating Systems/Linux – Basic Linux Knowledge. BOOK: LPIC-1 Linux Professional Institute Certification Study Guide: Exam 101-400 and Exam 102-400 by Christine Bresnahan or CompTIA Linux+ Study Guide. Also Helpful: Linux Bible 10th Edition by Christopher Negus, Christine Bresnahan. You should also be familiar with virtual machines at this point, using software like virtual box, and installing/using linux. CSEC 105: Intro to Security. Obviously there should be basic knowledge of security. BOOK: CompTIA Security+ Study Guide. Youtube Tutorial: https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy Dimwit Tier Knowledge - CSEC 200: Secure Programming “Threat Modeling, Designing for Security” by Adam Shostack - CSEC 201: Introduction to Proactive System Security Certified Ethical Hacker (CEH) Cert Guide (latest) GPEN GIAC Certified Penetration Tester All-in-One Exam Guide (latest) - CSEC 202: Digital Forensics Guide to Computer Forensics and Investigations, Processing Digital Evidence by Bill Nelson, Amelia Phillips, and Chris Steuart Paperback: 752 pages, Publisher: Course Technology; 5 edition (January 15, 2015)ISBN-10: 1285060032, ISBN-13: 978-1285060033 - CSEC 203: Information Security Engineering Harris, S. (2012). CISSP All In One Exam Guide (6th ed.). - CSEC 204: Modern Cyber Conflicts Andress, J., & Winterfeld, Steve (2011). Cyber Warfare Technique: Tactics and Tools for Security Practitioners. Healey, Jason (2013). A fierce Domain: Conflict in Cyberspace, 1986 to 2012 Midwit Tier Knowledge - CSEC 300: Intermediate Networks Data Communications and Networking 5th Edition by Behrouz A. Forouzan CCNA Routing and Switching Complete Study Guide, Todd Lammle, Sybex, 2016, ISBN 978- 1119288282 - CSEC 301: Network Security CCNA Security Official Cert Guide (latest) LAN Switch Security – What Hackers Know About Your Switches by Eric Vyncke and Christopher Paggen Router Security Strategies: Securing IP Network Traffic Planes by Gregg Schudel and David J. Smith - CSEC 302: Intermediate Offensive Security Engegretson, P. (2013). The Basics of Hacking and Penetration Testing (Second ed.). Clark, B. (2013). RTFM: Red Team Field Manual (this is more of a cheat sheet/reference) Simpson, M. T., Backman, K., & Corley, J. E. (2011). Hands-on Ethical Hacking and Network Defense (Second ed.) Skoudis, E., & Liston, T. (2006). Counter Hack Reloaded (Second ed.) I skipped some books on cyber-physical systems security (SCADA hacking). Please LMK if I missed anything. Also please try to use the latest available edition of any given book, if it's higher than what is stated there.
>>5347 I only have a meh thinkpad, not currently the resources for running hypervisor. thx tho. :) Anons do you want to make a infosec collective? I am thinking a cross between like old school #leftsec on i2p and 200X hackbloc?
>>5416 >I only have a meh thinkpad Based
>>5408 - CSEC 101: Intro to Python – Introductory Programming with python. Every hacker should know at least basic coding. BOOK: Guttag, John. Introduction to Computation and Programming Using Python: With Application to Understanding Data Second Edition. MIT Press, 2016. ISBN: 9780262529624. You can substitute any of the dozens of books and or tutorials and or online courses on Python programming (or the basics of any common language). https://www.youtube.com/playlist?list=PLRJdqdXieSHN0U9AdnmwD-9QcR9hmw04d - CSEC 102: Intro to Databases – Basic SQL programming, for use on relational SQL database systems. BOOK: Sams Teach Yourself in SQL in 10 Minutes (Fourth Edition) ISBN: 0672336073. Tons of resources to go with this, such as Stanford’s introductory course on databases. https://www.youtube.com/playlist?list=PLroEs25KGvwzmvIxYHRhoGTz9w8LeXek0 - CSEC 103: Intro to Computer Networks – Basic Computer Networking. BOOK: CompTIA Network+ Study Guide (latest edition). Youtube tutorial: Professor Messer’s Network+ Training Course https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd - CSEC 104: Intro to Operating Systems/Linux – Basic Linux Knowledge. BOOK: LPIC-1 Linux Professional Institute Certification Study Guide: Exam 101-400 and Exam 102-400 by Christine Bresnahan or CompTIA Linux+ Study Guide. Also Helpful: Linux Bible 10th Edition by Christopher Negus, Christine Bresnahan. You should also be familiar with virtual machines at this point, using software like virtual box, and installing/using linux. CSEC 105: Intro to Security. Obviously there should be basic knowledge of security. BOOK: CompTIA Security+ Study Guide. Youtube Tutorial: https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy >“Threat Modeling, Designing for Security” by Adam Shostack http://libgen.rs/book/index.php?md5=D45FAEFD50B7072B97628A32B63EBCAB >Guide to Computer Forensics and Investigations, Processing Digital Evidence by Bill Nelson, Amelia Phillips, and Chris Steuart Paperback: 752 pages, Publisher: Course Technology; 5 edition (January 15, 2015)ISBN-10: 1285060032, ISBN-13: 978-1285060033 http://libgen.rs/book/index.php?md5=C3447CB408D570CD68054A7E5E20E7B8 >Harris, S. (2012). CISSP All In One Exam Guide (6th ed.). http://libgen.rs/book/index.php?md5=9586B84A970FC181E3209D765787B9C2 [8th ed] >Andress, J., & Winterfeld, Steve (2011). Cyber Warfare Technique: Tactics and Tools for Security Practitioners. Healey, Jason (2013). A fierce Domain: Conflict in Cyberspace, 1986 to 2012 ??? >Data Communications and Networking 5th Edition by Behrouz A. Forouzan http://libgen.rs/book/index.php?md5=F90841D02431AF5010FB9CEA31665E4E [4th] >CCNA Routing and Switching Complete Study Guide, Todd Lammle, Sybex, 2016, ISBN 978- 1119288282 http://libgen.rs/book/index.php?md5=55C5C9D3F3DED4413FB59B22CBF7EB47 >CCNA Security Official Cert Guide (latest) http://libgen.rs/book/index.php?md5=A5863B64330931EFD2BD21A5A92D764F [2015] >LAN Switch Security – What Hackers Know About Your Switches by Eric Vyncke and Christopher Paggen http://libgen.rs/book/index.php?md5=81C735356FD4267FE269B578F3CB93BB >Router Security Strategies: Securing IP Network Traffic Planes by Gregg Schudel and David J. Smith http://libgen.rs/book/index.php?md5=70B8B62F1E07DAD41D14A4A906B6F60F >Engegretson, P. (2013). The Basics of Hacking and Penetration Testing (Second ed.). ??? >Clark, B. (2013). RTFM: Red Team Field Manual (this is more of a cheat sheet/reference) http://libgen.rs/book/index.php?md5=51E0448CE4F9757F6939D74508BFEE6D >Simpson, M. T., Backman, K., & Corley, J. E. (2011). Hands-on Ethical Hacking and Network Defense (Second ed.) http://libgen.rs/book/index.php?md5=CB0AA1E04C92DA05A1FD36A2CEE816C3 [3rd] >Skoudis, E., & Liston, T. (2006). Counter Hack Reloaded (Second ed.) http://libgen.rs/book/index.php?md5=E86552E60B0708BAB56C0AD6C790152B
>>5418 >Engegretson, P. (2013). The Basics of Hacking and Penetration Testing this is that http://libgen.rs/book/index.php?md5=F9EDC62C559F1C3D610348C55157A969
>>5418 also this: http://libgen.rs/book/index.php?md5=3A1A8BEEB074DF75F7F577D54B5719F0 is >Andress, J., & Winterfeld, Steve (2011). Cyber Warfare Technique: Tactics and Tools for Security Practitioners.
>>5418 >Healey, Jason (2013). A fierce Domain: Conflict in Cyberspace, 1986 to 2012 PDF request for this, book details the history of cyber warfare. Hard to find pdf
also request tutorial, pdf, or youtube tut on how to make a cyber range/pen testing lab
>>5424 local lab https://resources.infosecinstitute.com/how-to-make-your-own-penetration-testing-lab/ remote lab ( other lab ) https://www.hackthebox.eu/ https://tryhackme.com/ https://www.cyberseclabs.co.uk/ There was this big russian lab, like an actual AD network with 11 machines you had to piviot, if I can find it ill post it I also recommend looking at walkthoughs of machines and taking notes if your a beginner and still learning, that's what I've been doing.
Why is this guy so based?! >DEF CON Safe Mode - Christopher Wade - Beyond Root https://youtu.be/aLe-xW-Ws4c?list=PL9fPq3eQfaaBk9DFnyJRpxPi8Lz1n7cFv
>>3109 Are botnets communism ?
>>5437 Skid shit, do CTFS and find/exploit n-days (not just downloading from metasploit) By far the best ctf wargame for linux systems: https://pwnable.tw/ More newbie friendly game: https://www.microcorruption.com Project Zero is an amazing resource as well for finding targets you may be interested in attacking: https://googleprojectzero.blogspot.com/ https://bugs.chromium.org/p/project-zero/issues/list
>>5842 Also word of warning that every public target in the last ten years has become FUCKING HARD to exploit
bump
>>5842 >Skid shit, bs. your little games are as skiddy as ops little games. Learn in the wild or gtfo.
>>3119 >CEH v10 full course https://www.youtube.com/watch?v=4DQtZo3RAO0 been following this course and it's decent
>>5269 >>3119 >>3109 This entire thread is gay and OP is a giant faggot for posting it. I might even go as far as to say he is a fedposter. In fact, this hacktivist shit is retarded fedposting. Look at all the shit Jeremy Hammond put himself through, and also Snowden, Manning and Assange. Anyone worth their salt knew about mass NSA surveillance that they exposed LONG BEFORE official documents were published/leaked. Look up Jam ECHELON Day ffs. You want to feed more young impressionable college students into the criminal-justice meatgrinder? Literal professional spies have been caught, and you think you will do better? What happened to Hammond was him literally asking for it: He has a track record of being a retarded smashie since the early 2000s, and Lulzsec/Antisec were running on publicly accessible IRC servers WITH NO AUTHENTICATION OR ANY VETTING. They also let in fucked-in-the-head megalomaniacs like Laurelai Bailey who posted dox on the entire crew, and consequently Sabu turned snitch, with Hammond getting ten years, and Commander X going innawoods in Canada. Smashie shit has no long-term perspective, and they literally just spent themselves like retarded coomers. Wasted lives all around that chapter. Assange's involvement with Manning was retarded but important enough to expose the plans of the globalist neoliberals with the diplomatic cables. Snowden was just the cherry on top concerning the NSA/Military/Industrial/Contracting complex. Insofar as he redpilled normies on surveillance, most of those fuckers don't really care, and just get on with their lives and consoom more product off Amazon and happily trade their security and lives in for immediate convenience. All their lives, effort and skills wasted. >So what am I supposed to do? Two words: "something constructive" Your job should be learning how choose the right characteristics of computer and how to harden your computer against access by corporate and state actors, and then apply them religiously. The various /g/ boards have info on how to do this, as well as any jinteki.industries mirror and especially this guy: https://digdeeper.neocities.org/ https://digdeeper.neocities.org/ghost/botnet.html and this guy: http://tripcodeq7.xyz/8/8.html and his youtube channel. This means an old-model 2005-2012 thinkpad (not all will work, do pay attention) and learning how Linux works, from basic utils to the kernel. Learn to use it from the shell, and how to access system calls. Then basic webdev/scripting to understand web vulnerabilites and then learn how to flash its bios to eliminate the IME/hardware whitelists. This will enable you to use whatever wifi adapter you want to deal with hardware fingerprinting. IMO don't even begin unless you have at least 3-4 trannybooted xx00-series thinkpads with either gentoo, trisquel, arch or heads, and know how to flash new MAC addresses and know how to use aircrack-ng/airsnort and know basic tradecraft. None of you are Snowden, and are out of your respective depths compared to him, and he had intelligence training. The next thing to do is learning how to use and build/maintain encrypted infrastructure like the original cypherpunks. This means religious use and in-depth knowledge of public-key encryption, PGP encryption of mailing, rolling your own proxy, Tor, i2p, the works, and also making sure that you are changing your browsing habits. This means no "fun" on those laptops, either: packet inspection to browsing habits are easy fingerprints, and I can assure you that any person who has accessed torproject.org, a chan, or a booru EVER is on a list. That means YOU right now. This is your fair warning: never mix business and pleasure, so you don't get doxed or framed. The FBI is the biggest purveyor of cp for a reason. Then the next thing to do is to make sure that your work that you are doing is positive: you should be figuring out how to build computer networks for rural areas and co-ops using AX.25 packet radio for starters, and even using SDR modules to build computer network nodes and links that are beyond corporate control. The point is to build usable people-based alternatives to corporate-owned and administrated technology so that you are no longer beholden to them. Once you can find an ISP that can peer with you, you can create dead zones in the corporate surveillance network. Then you go out and evangelize this to people who also would like this: there are plenty of old curmudgeonly paranoid boomers who would like to join this if given the chance. The point is to have a constructive program towards a usable alternative to capitalism, not merely sabotage it. Hacktivism doesn't do that, and in light of recent events, it is a fool's errand.
>>6602 >and then apply them religiously This is where I fuck up, but doing anything at all to stop exposing myself to the botnet is better than nothing... right?
>>3109 >>6604 >doing anything at all to stop exposing myself to the botnet is better than nothing Either do it all or don't bother. This means a totally libre software stack from bios to apps, connecting to the internet through a VPN that accepts crypto, preferably Monero. Also, you will have to connect from somewhere that isn't connected to a surveilled isp that has your name on it, preferably from some chain restaurant or public library. In a pinch, an ethernet hardline will work from your university if they still haven't removed that yet, but that is pushing it. They mostly omit auth on that, but you don't want to be anywhere near that when they come to call.
>>6605 >connecting to the internet through a VPN that accepts crypto, preferably Monero Is this really necessary? VPNs can't be trusted more or less than ISPs.
>>6605 >>6602 >you either use a modern intel cpu with windows and google chrome or a librebooted old computer with tails and tor browser through a no logs(tm) vpn, absolutely no in betweens come on now
>>6607 >>6606 >Is this really necessary? VPNs can't be trusted more or less than ISPs. That is why you build your own lol. I'll leave how to do so up to your own imagination. The one clue I will give you is this: learn how to set up diy reverse tunnels and use sbcs, and also learn how to use different radio technologies. >>6607 >come on now Either go big or go home
>>6622 >Either go big or go home I agree but not everyone can do this, sadly.
>>6607 VPNs are retarded for hacking. use tor and your own proxies.
>>5843 False. >>6602 Ignore this fed.
>>6623 >I agree but not everyone can do this, sadly. Why? Cam only learn!
>>5842 What kinda programming knowledge/languages do you need to play these games? Do you use python for them or something?
>>6606 >>6790 >Ignore this fed. Lol at this smashie. Enjoy getting tortured at some CIA blacksite to expose shit that we already know you retard.
>>6794 Nah, you're usually just running tools and simple bash commands. >>6865 Except i aint gon to jail yet no matter how many times my doors been kicked in, so do fuck off, armchair.
>>6905 >Except i aint gon to jail yet no matter how many times my doors been kicked in, so do fuck off, armchair. Suicidal motherfucker, ain't you? Go larp as Johnny Silverhand somewhere else.
>>6908 Why isn't PhinPhisher in jail? why aint the thousands of carder kids in jail? why aint the kids rootin boxes for lulz in jail? you are delusional or you glow.
>>6917 Since they are not Bunkerchan users, they can actually use their brains.
>>6917 OK this is absolutely AIDS, literally 9-10 posts gone because some jannie probably got butthurt when I mentioned possible repercussions concerning getting v&. Fuck this.
>>6953 They deleted every board, the posts are missing because the backup that got restored was two weeks old.
>>6954 Fair enough I guess, didn't expect getting a response this quickly. But, yeah, people have to be absolutely careful when dealing with this sort of shit because people get vanned really quick because of carelessness and grandstanding.
(4.33 MB 480x360 don't talk about it.mp4)

Delete
Report

no cookies?
__divBanCaptcha_location__