Thread 107003351

>>106993418
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
--Edward Snowden

>Cyberpunk
The FAQ: https://sizeof.cat/post/cyberpunk-faq/
What is /cyb/erpunk?: https://pastebin.com/pmn9vzWZ
How do I into /cyb/erpunk?: https://pastebin.com/5tpNFQds
Huge list of cyberpunk media: https://sizeof.cat/post/cyberpunk/
The cyberdeck: https://pastebin.com/7fE4BVBg
Cyberlife: https://jinteki.industries/files/cyberlife.7z
Bibliothek: https://www.mediafire.com/folder/4m5hd2065hde8/Bibliothek

>Privacy
Tools: https://www.privacyguides.org/en/tools/
Hitchhiker's Guide: https://anonymousplanet.org/guide/
Hardware: https://ryf.fsf.org/products
Frontends: https://igwiki.lyci.de/wiki/Privacy_friendly_frontends
OSINT Guide: https://inteltechniques.com/index.html
Firmware: https://libreboot.org/
RMS on Facebook: https://stallman.org/facebook.html
Have I Been Pwned: https://haveibeenpwned.com/

>Security
"Shit just got real": https://pastebin.com/rqrLK6X0
Cybersecurity basics: https://igwiki.lyci.de/wiki/Cybersecurity_-_/sec/_guide
Basics and armory: https://igwiki.lyci.de/wiki/Cybersecurity_-_basics_and_armory
Learning/News/CTFs: https://igwiki.lyci.de/wiki/Cybersecurity_-_Learning/News/CTFs
/sec/ PDFs: https://mega.nz/#F!zGJT1QQQ!O-8yiH845GN26ajAvkoLkA
EFF Surveillance Self-Defense: https://ssd.eff.org/
Other library: https://mega.nz/file/UCgEGAjb#rwNcnMAQCUUbSp8supsFvn9QEHCWUW86eLcZa16ZG4Y

>>107003351 (OP)
>security and privacy
Just install OpenSnitch or PortMaster and block all unexpected/unknown outgoing requests and only allow firefox to use the following ports: 53 (encrypted dns), 80 (http), 443 (https), and 8080 (http, older servers). Websites usually use other ports for data harvesting and mallware

>>107003617
Bonus tip: block all israeli and palestinian IPs, both v4 and v6. This mitigates a sizable chunk of cyberattacks
>inb4 "muh VPNs and proxies"
Yeah, IK; this is meant a quick filter against script kiddies and bots, not the end-all-be-all.

From last thread:
>>107000063
Already answered in >>106994658

What happened to the thread?!?
Also what are the coolest modern hackers?

>>107005912
>coolest modern hackers
the ones that we don't know because they're anonymous

>>107005912
the most successful "hackers" are just sociopaths who manipulate people, mostly the elderly, into giving them access to whatever they want. governments use violent retards to track down and brutally assault "hackers" until they intimidate enough of them into getting "real jobs."

I just setup Betterfox. Is that sufficient or should I be more paranoid?

>unrelated by kind of cyberpunk
https://www.youtube.com/watch?v=TVe7Th_EfrM

>>107006331
The government doesnt do shit though

>>107006359
have you even been following the thread?
>>107003996

Try to name a more cyberpunk tool.

>>107006490
Brute force script

>>107006331
A shame, long gone are the legends

What are you hacking today, anon?

>>107008291
I was watching a video about screen printing pcbs.
https://www.youtube.com/watch?v=8-WGaAmpfOU
i don't know what i would even do with this but it seems really cool.

What functional language should I learn /cyb/?
>Haskell
>Ocaml
>Scheme

>>107005912
Me desu

Reposting the updated Data Broker Removal Links:
https://pastebin.com/9tc94g2T
https://pastebin.com/raw/9tc94g2T

quick question

can you get malware from clicking random urls at all?

or as long as you don't download and run an .exe you're safe?

>>107009911
Thanks a lot anon. We truly need to store as much as possible

>>107005912
What makes him so popular?

>>107006331

group 78, does anyone know who runs it? doubt it's the fbi.

>>107009923
if you're up to date on everything its quite unlikely but not impossible
the thing about zero days is that you don't know what you don't know

any way to get private email with domain forwarding in 2k25?
The closest thing I'm aware of is disroot but they're socialists from Europe so in theory can nuke your account for no reason at all

>>107003351 (OP)
Why are the generals combined? A question from a returning user

Are you guys getting your free botnet infecting windows 7 computers?

>>107012045
Not enough activity to keep both alive individually.

>>107011527
Those who know will not tell. It is unlikely to be FBI since Group 78 has upset foreign law and police groups. That leaves NSA and possibly other defence groups who see this aas a good way to train their crew, unhindered by legal concerns.

failed at opsec when i was a kid
>fail 1
opening a facebook account
>fail 2
getting compromised, account hijack
>fail 3
not reporting it at the time

10 years later and there's still images of my up on facebook
going through their report system does nothing

do i need to engineer some sort of botnet to spam report the page and have content system take it down automatically?

>>107012256

they're working with the fbi tho. i assume that means nsa.

>>107012240
wtf happened? Wasn't psg fast?

>>107012310
No anon. You have to keep pestering Facebook and not give up. Email them, use free legitimate services like https://yourdigitalrights.org/. That’s the free option. The other option would be to hire a legitimate takedown service provider but it’s costly, requires some legal and power of attorney shit. And, if you don’t do enough research, you can ultimately end up working with a scammer and kiss your money and identity goodbye.

Let me know how things go and stay safe.

>>107009040
Man, Karl Koch. Drug fuel-German secret Soviet spy hacker who swapped money and drugs for US gov data. Died so young and there’s not enough material on him.

Anyone recommend some in depth material to read or watch related to him besides The Cuckoo’s Egg?

friends, it's pwn college still a good alternative? or I should go for the corporate vendors such as htb or thm?
thank you.

>>107013611
What do you mean with "alternative"? It's the main resource for learning how to audit code. It has everything you would need to start.

>>107012402
/psg/ has been coming on and off for the past few months. doesn't help that the 4chan hack literally wiped almost half of the userbase here.

>>107010310
He is THE original hacker. All others come from those huge steel BALLS

What do you think about projects like Cobalt.tools? Is it a good element or should people focus on replacing youtube altogether?

>>107015480
No one will use anything but YouTube

>>107008888
Checked and based. I want to get into making my own pcbs. I was thinking using a laser to ablate a plated substrate would be best.

>>107015929
Isn't it possible to inject dependencies into a pcb with nanotech?

>>107013581
I watched 23 (1998) and thought it was pretty good.

>>107013581
Was he really that good? More than Kevin THE WIZARD Mitnick?

which bbs is actually good?
alt.bbs.ads advertises mystic realms, the vault, darkrealms, vertrauen, tcob1, etc.

>>107008291
I'm intending to hack my fridge for some beer, if it helps, anon

>>107017290
Doing it literally
https://youtu.be/9oVUJrwV3E4

>>107016946
20 for beers, Absinthe, The Bottomless Abyss. 2o is the most active
>>107016767
Mitnick was great

>>107017795
>Mitnick was great
He truly was on another level

>>107003351 (OP)
Who else posting from qubes-whonix rn? Fuck the government

>>107018204
Same, its the best OS

>>107018204
Isn't there something superior to Qubes nowadays?

>>107006354
Is it weird if I kind of would like living in a brutalist Soviet era block?

>>107019316
Size of a shoe box. No hot water. You could hear your neighbour fart.

>>107019334
I know, I would probably hate it irl but just the look of the place. Like with cyberpunk, you know for real it will probably suck but...there's a certain appeal.

>>107019419
Why, when you have Solarpunk?

>>107006490
>Try to name a more cyberpunk tool.
The jack/uplink/thing you use to connect to cyberspace is essential because there's no cyberpunk without cyberspace

Updated Firefox Zero user.js
https://pastebin.com/z2fsL15G
https://pastebin.com/raw/z2fsL15G

>>107018170

he did some pretty impressive hacks and was on the run from the fbi for a while presumably because he was in their systems and knew where they would be

Bare with me please cause I know I'll asl the typical annoying questions.
I'm a programer, and always wanted to get into cybsec. Is having this kind of background a help to getting into cybsec?
Also what's the recommended roadmap to get into this? Is there a well built one somewhere out there?

>>107016446
Will check it out. Thanks anon

>>107021568
Thanks, this is much better than LibreWolf.

Hi anons, My browser has a unique fingerprint because I use a lot of extensions. However, there are userscripts that can replace these extensions. Would using them decrease the uniqueness?

=== /re/ News:
>Beginner’s guide to malware analysis and reverse engineering
https://archive.ph/U2ZWQ
>This blog series on “Breaking down malware” introduces a flexible, practical approach to malware analysis. Our goal is to guide you through determining the level of analysis required based on the context and initial findings. We will explore various techniques and tools that can help you efficiently assess a suspicious file, quickly determining whether a deeper dive is warranted or if initial triage provides sufficient insight.

>>107023092
>I'm a programer, and always wanted to get into cybsec. Is having this kind of background a help to getting into cybsec?
Yes
>Also what's the recommended roadmap to get into this? Is there a well built one somewhere out there?
Just jump in. Start hacking boxes.

>>107006331
>the most successful "hackers"
No, the most successful hackers spam a massive target list with a low-effort .zip -> .lnk -> rundll32 dropper. If they land on a civilian PC they use it as a proxy, if they land on a company's PC, they use coerced auth to take over the domain and use DA creds to lock everything up with ransomware. If they get sigged they just generate a new payload because defender is dogshit and most EDR isn't much better. It's a stupidly simple workflow and it's worked for many years.

>>107025348
Nicole Fishbein

Nicole is a malware analyst and reverse engineer. Prior to Intezer she was an embedded researcher in the Israel Defense Forces (IDF) Intelligence Corps.

>>107025969
Sounds like an expert to me.

>>107026325
There's nothing wrong with her article but she probably didn't do REM for the IDF. She probably compiled news articles and social media reports.

Comfy Solarpunk thread ran its full length over on /sci/: >>>/sci/16778662

>>107026904
>solarpunk
west coast zoomer shit
not cyber
not punk
go back

>>107026915
All of that is wrong.

>>107025853

actshually, the malware ecosystem is complex and there are lots of different providers who specialize in things like initial access or malware dev or lateral movement. crypto has made their jobs much easier as the money laundering was always the hardest part.

>>107029434
source?
Where can I learn more about the ecosystem?

at the risk of blog posting (literally)
How do hackers find shit like this?
https://blog.nullvoid.me/posts/mercku-exploits/

Is it true instagram doesnt accept bugs if they require social engineering?

>>107030009
burp suite, probably some fuzzing, just read the blog

these arent super crazy exploits, if you want to get cracked at web do portswigger web hacking academy (free) or hackthebox academy web pentester pathway ( $8 a month for student sub but pretty good )

>>107025853
only anon here whos a knower

>>107029984

https://arxiv.org/abs/2405.04109

google, animigger

>>107030076

who cares, i will. can you post on peoples' feeds without having account access?

>>107029434
>the malware ecosystem is complex and there are lots of different providers
We're talking about the most successful hackers here. In terms of investment to reward, low-effort ransomware is king. It's easy to forget this because most of the reporting is on the interesting stuff. But in terms of who makes money it's ransomware > jeets that scam the elderly by asking them for their password > cryptominers, clippers, etc.

>>107029984
If you wanna learn about malware, I'd suggest you check out vx-underground. They have loads of malware samples and research papers available for anyone to grab and learn from.

>>107026838
We cannot know but in the case of IDF I wouldn't dismiss th epossiblility of her doing REM. IDF sends men to the front but no longer send women to the front after some mishaps. So these days, services behind the front use women. Also women have national service so they have a lot of women available for intelligence and REM work.

>>107035032
How much REM is the IDF going to do realistically? Maybe they have some guys in their SOC that do it. But I can't imagine Iran is ass deep in their ops network. Maybe if you're Mossad or whatever their NSA is you'd be looking through some occasional Iranian malware targeting critical infrastructure. Israel just seems like 95% offense to me, just based on what I know about Iranian threat groups.

why don't we have a transparent loonix DE like in all of the futuristic or cyberpuink movies??/

>>107035254
We do. It's called Kali and it's extremely ugly and ruins the OS.

>>107005912
hacking culture is so dead :/
>>107020226
mobile phone

>>107035202
>How much REM is the IDF going to do realistically?
Probably a lot. The net of overflowing with malware and it rarely comes with a declaration about who made it.
Israel pulled off a remarkable string of supply chain attacks, so it is likely that Iran will try to return the favour. That means people will check if the goods are what is stated on the label. Aircraft parts have for a long time had a dubious history of fakes and flaky components with forged papers. That seems like a ripe situation to move in on.
Jia Tan has "retired" but will return under new names. That too means a lot of software can have clever backdoors and traps built in, perhaps already.
So yes, all in all it is likely that the REM people have their hands full with work.

=== /re/ News:
>Making A Virtual Machine Look Like Real Hardware To Malware
https://hackaday.com/2025/10/27/making-a-virtual-machine-look-like-real-hardware-to-malware/
>Running suspicious software in a virtual machine seems like a basic precaution to figure out whether said software contains naughty code. Unfortunately it’s generally rather easy to detect whether or not one’s software runs inside a VM, with [bRootForce] going through a list of ways that a VirtualBox VM can be detected from inside the guest OS. While there are a range of obvious naming issues, such as the occurrence of the word ‘VirtualBox’ everywhere, there many more subtle ways too.

Where can i buy exploits? Im not going to pretend im going to make this shit. How do i not get scammed?

>>107036982
What do you need I can set you up

>>107018724
Base systems with KVM. Qubes us the most overrated thing ever.

>>107026915
Nothing more punk than being independent powered. Cyberpunk is for aesthetics, but their worlds suck.

just replicate this beauty from snipped code using AI. love it.

>>107034481

where do they get the lists of elderly to scam? there are always providers and an ecosystem.

>>107037415

yo, you got any of those chrome 0 days?

>>107037415
A phone stealer would be cool.for every crypto thing and or bank. Bonus point if it can also crack pins. How much would such a thing cost?

>>107036982
>buying exploits
Zero days are overkill when there are billion-dollar websites still vulnerable to LFI and arbitrary code execution.

>>107040809
That is probably hard to pull off and you have to go inside like a mouse. I just want to feel like i have a little drainer on a rubber ducky in my pocket that i can just plug and take.

>>107040592
How much you got?

>>107042569
Well surprisingly theres a lot of malware on github. But i think id still need an exploit for it to root and install right away. Let me look. But yeah like $300 ik ik

>>107042833
>300
lmao

>>107043303
$300 for iPhone RCE is fair saar.

>>107003351 (OP)
to the users of the general:
you did notice that Iphones constantly make infrared scans of their users face?
(allegedly you can deactivate the function.)

=== /sec/ News:
>Tor Browser 15.0 Anonymous Web Browser Is Out Based on Firefox 140 ESR Series
https://9to5linux.com/tor-browser-15-0-anonymous-web-browser-is-out-based-on-firefox-140-esr-series
>Based on the Mozilla Firefox 140 ESR (Extended Support Release) series, Tor Browser 15.0 introduces many upstream features that have been implemented in the past year, including support for vertical tabs, support for tab groups, and the new unified search button that lets users easily switch between search engines, search bookmarks or tabs, and access quick actions.

>>107039165
>Base systems with KVM. Qubes us the most overrated thing ever.
Doesn't have nearly the same level of security, efficiency or convenience
>Linux kernel running at highest level of privilege rather than the hypervisor (larger attack surface)
>no shared templates/files between VMs (inefficient)
>no integration with the GUI manager to run apps normally in their own windows (with KVM you just get one big-ass display containing all the apps in the VM. There's no system-wide integration like there is in qubes)
>all your USB devices go straight to your host OS (less security)
>no more soft airgap protecting your network stack from the rest of the system
>no easy copy/paste and file transfer between VMs
>no easy way to configure proxyVMs for VPNs etc.
People who think Qubes is the same as KVM running on standard linux are retarded. That's a completely different architecture.

How do we feel about the dead Internet theory?
https://www.youtube.com/watch?v=aoTQPoz9_As

>>107048509
It's totally real, but more than bots, it's normies and pajeets.

>>107045497
Apple told me that iPhone means privacy.

>>107042833

you just need to social engineer your way in so they install it for you

bumo

>>107048509

50+% of traffic is bots