|
It's probably done in a glove box manufactured in the early 50s that failed in the 80s.
|
# ? May 20, 2020 17:30 |
|
|
# ? Apr 26, 2024 19:47 |
|
Shame Boy posted:eh etching serial numbers into lumps of plutonium seems pretty common judging by pictures i've seen, it's probably part of manufacturing or something. i assume it's done in a glove box and the dust is all collected but who knows Part of the citation from this picture was poor handling of the rods even prior to the pictures being taken, so I wouldn't be surprised if there was just a guy etching rods with a mask on. Shame Boy posted:that's assuming nothing nearby (like your squishy water-filled human body) is reflecting or moderating or anything Would need to be arranged a little worse to really cause that, but either way it was badly thought out by whoever did it.
|
# ? May 20, 2020 18:46 |
|
this is for sure a very juvenile question but i'm going to participate in a small ctf next week and was curious if anyone had any good suggestions for introductory background reading and/or tools i should start researching to get a handle on how to solve/investigate practical problems. i have the vague peripheral awareness of the kinds of security issues that plague software and systems, but uh, it's not my day job and i've never had to do very much with it. but dangit i want to learn. installed burp toolkit and feeling about as elite as installing programs for aol that turn your text into leetspeak once did
|
# ? May 20, 2020 18:56 |
|
psiox posted:this is for sure a very juvenile question but on the practical side, last i checked https://www.hackthebox.eu/ was still the best free pentest lab, but someone else might have a better suggestion
|
# ? May 20, 2020 19:07 |
|
psiox posted:this is for sure a very juvenile question but Best way to prepare for a CTF is to do CTF challenges. I recommend picoCTF for beginners. Pick a challenge that looks fun to do. Try to solve it yourself without spoilers at first but don't be ashamed to read write-ups of challenges for hints if you get stuck. The important thing is to have fun and to learn something every time.
|
# ? May 20, 2020 21:46 |
|
psiox posted:this is for sure a very juvenile question but I also recommend hackthebox.eu I use it pretty frequently, and recommend it. You don't get access to the retired machines with the free version, but the paid version is ~15$/month and totally worth it. If you go this route find Ippsec on youtube for some good tutorials as a starting point. EDIT: https://trailofbits.github.io/ctf/ for a guide to CTFs with links to picoCTF and a few others. Dr. Kayak Paddle fucked around with this message at 22:00 on May 20, 2020 |
# ? May 20, 2020 21:56 |
|
this is good stuff, I should have plenty to chew on thanks folks!
|
# ? May 20, 2020 22:24 |
|
psiox posted:this is for sure a very juvenile question but I was gonna mention the trailofbits link and Carnegie Mellon's picoCTF. hackthebox.eu is great and we (my college club's team) do those constantly, but keep in mind that the "vm's" (as opposed to the challenges you'll find in the pwn and Reverse Engineering sections) feature exploitation like what you'll do in a CTF, but are more pentesting from start to finish. Whereas challenges in a CTF are distilled down exploitation, and decoupled from things like sys admin skills and networking. So in a standard hackthebox vm, you'll get a scenario like "hack into this machine using an exploit based on a buffer overflow," whereas in a pwn (category of CTF challenge, aka Binary Exploitation) challenge, its more like "find and exploit the buffer overflow itself." Couple of programs to look into: 1) binwalk for data forensics, finding and extracting files within files 2) wireshark for capturing and analyzing network traffic 3) burpsuite, as you mentioned 4) netcat 5) your web browser's developer console If you have a moderate familiarity with C, C++ or even assembler, check out 6) gdb, especially with pwndbg or gef extensions 7) cutter, ghidra or IDA Pro If not, might wannna be wary of the Reverse Engineering and PWN (BinEx) category of challenges. My team is doing https://www.hackasat.com/ this weekend. quote:The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.
|
# ? May 20, 2020 22:37 |
|
are these uncover folks legit? https://twitter.com/unc0verteam/status/1263260302713524225?s=21
|
# ? May 21, 2020 01:47 |
|
https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt qualsys rediscovered some integer overflows from 15 years ago in qmail that were never fixed because they couldn't be exploited on a normal config oops, now they can be exploited on the default config the response is "whatever, don't configure it that way"
|
# ? May 21, 2020 03:28 |
|
What's the deal with iOS "jailbreak enthusiasts". They're not all doing it to assist their security research. Do they all just want to change their clocks to comic sans or cheat at flappy bird or something. It's a bit odd
|
# ? May 21, 2020 03:40 |
|
when in doubt it's always to cheat at video games
|
# ? May 21, 2020 03:48 |
|
flakeloaf posted:when in doubt it's always to pirate
|
# ? May 21, 2020 03:53 |
|
its piracy, OP
|
# ? May 21, 2020 03:56 |
|
mostly piracy, but also there's that one particular brand of nerd that thinks that weedlordbonerhitler420's exploit / custom OS / whatever is more secure and trustworthy because reasons
|
# ? May 21, 2020 05:17 |
|
Dylan16807 posted:https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt haha, gently caress you djb for your rear end in a top hat response to those exact same overflows 15 years ago. one of the few old security vulnerabilities i remember precisely because the response was so overbearing.
|
# ? May 21, 2020 09:04 |
|
Dylan16807 posted:https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt Classic djb
|
# ? May 21, 2020 09:08 |
|
this one's pretty fun too https://twitter.com/FiloSottile/status/1262854396934791168 https://twitter.com/hashbreaker/status/1108637226089496577 https://twitter.com/saleemrash1d/status/1262855371665870849
|
# ? May 21, 2020 11:59 |
|
qmail cannot fail, only we can fail qmail
|
# ? May 21, 2020 12:13 |
|
spankmeister posted:It's from Indiana lol Ah ha I am an OSINT master
|
# ? May 21, 2020 18:26 |
|
Sniep posted:its piracy, OP back around idk ios 2 and 3, maybe still at 4 but I don’t remember, I did jailbreaking to get some cool features that weren't in the os yet, like hitting volume down then volume up would turn on the flashlight, or hitting a volume button in camera would take a picture. but then they made all those things either direclty features or close enough. haven't looked into jailbreaking for years and years now though and also to pirate games
|
# ? May 21, 2020 18:58 |
|
I jailbreaked a phone once for ~~security research~~ purposes.
|
# ? May 21, 2020 19:40 |
|
from the recent dns paper yossposs
|
# ? May 21, 2020 22:05 |
|
Progressive JPEG posted:from the recent dns paper pos my neg cache: a discussion of recursive dns inefficiencies and vulnerabilities
|
# ? May 22, 2020 00:52 |
|
ugh, started poking at a cool service i actually want to use, then for idk why decided to look at their basic web security, and lol no csrf tokens anywhere, not a single http header, so like no x-frame-options so wide open to clickjacking, let alone csp, cookies have no security settings on them, session cookies don’t get cleared server side so session fixation. i stopped looking there, but I imagine there is tons more.
|
# ? May 22, 2020 08:06 |
|
how do you even manage that these days? pretty much any modern framework will do this poo poo for you
|
# ? May 22, 2020 10:18 |
|
Pardot posted:back around idk ios 2 and 3, maybe still at 4 but I don’t remember, I did jailbreaking to get some cool features that weren't in the os yet, like hitting volume down then volume up would turn on the flashlight, or hitting a volume button in camera would take a picture. but then they made all those things either direclty features or close enough. haven't looked into jailbreaking for years and years now though I did a jailbreak on I think iOS 3 so I could install an app (still the only one I've ever paid for) to do tethering
|
# ? May 22, 2020 12:26 |
|
Granite Octopus posted:how do you even manage that these days? pretty much any modern framework will do this poo poo for you print "<b>$var</b>";
|
# ? May 22, 2020 13:02 |
|
Granite Octopus posted:how do you even manage that these days? pretty much any modern framework will do this poo poo for you don't use a modern framework obvs i know jetty didn't have that poo poo by default until fairly recently for example
|
# ? May 22, 2020 16:01 |
|
from the gray forums, as defense for not patchingZero VGS posted:Nah, I use security groups in AWS so that only our whitelisted office IPs can communicate with the PBX.
|
# ? May 22, 2020 16:18 |
|
Granite Octopus posted:how do you even manage that these days? pretty much any modern framework will do this poo poo for you my guess is they’re go purists and so they’re just using the straight stdlib http server.
|
# ? May 22, 2020 16:54 |
|
The Fool posted:from the gray forums, as defense for not patching oh dear.
|
# ? May 22, 2020 17:31 |
|
The Fool posted:from the gray forums, as defense for not patching On the one hand, WTF On the other, it's Zero VGS, noted moron and cheapskate.
|
# ? May 22, 2020 19:46 |
|
Zero VGS posted:I do remember one years back where you could actually hijack the IVR to make a call at the company's expense, so there was that one. Anyway no one is going to make it back into the office to use these phones for at least a year. Internet Explorer posted:Seems like a great time to patch...? Zero VGS posted:That's what I was thinking but I kinda don't wanna give you nerds the satisfaction. lmao I can't wait for this moron to get popped running out of date software despite having a year long open maintenance window to own the something awful dot com forums
|
# ? May 23, 2020 01:00 |
|
oof, the best part about ctfs is how the scoreboards make you feel stupider than your peers not sure i can deal with the competitive aspect of this
|
# ? May 27, 2020 01:32 |
|
https://bugs.mojang.com/browse/MCL-14107
|
# ? May 27, 2020 01:36 |
|
work that iTunes guy got a new job!
|
# ? May 27, 2020 01:47 |
|
how
|
# ? May 27, 2020 02:27 |
|
quote:We didn't consider that the custom location chosen by players could also have files belonging to other programs in it. And unfortunately, we didn't catch that in tests. So the bug would only impact players who had selected a custom install location for Dungeons where other program files also exist, then tried to uninstall the Dungeons Launcher.
|
# ? May 27, 2020 02:35 |
|
|
# ? Apr 26, 2024 19:47 |
|
the only good thing about the old way of keeping data and executables in the same directory was that uninstaller programmers had to be slightly more careful so they didn't nuke some user's data files also doesn't installshield and nsis and poo poo register every file that they install so you can just go "wipe this list of files, kthx"?
|
# ? May 27, 2020 03:27 |