I've experience in cyber security

A place to discuss online security
Post Reply
User avatar
seymore_budz
Respected Member
Posts: 2306
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 650 times
Been thanked: 1492 times
Contact:
Status: Offline

I've experience in cyber security

Post by seymore_budz »

Hi,

I've got some experience into cyber security. If you have any questions, fire away :ak: Like the previous posts say, it's all about operational security. Keeping data leakage to a minimum. The next part of this post is for the tin hat guys like myself :D

You can use TOR as well as a VPN to further obfuscate your identity. There's quite a lot of press out there saying TOR isn't secure but if you read between the lines and understand the technology, you'd see it's a lot more secure than people are lead to believe. The one thing you should really concern yourself about is your choice of browser. If I was going to attack a target, I'd attack the browser because if setup incorrectly, with a little shake, it will leak information about you. The old saying is why spend all your time banging down the walls when the from door is made of hay. If you're not technically minded, you can download the TOR bundle from the internet. I'm not sure about the links policy here so I won't post links to sites unless someone gives me the green light.

I'd suggest you use the TOR browser or FireFox as Chrome isn't as secure. On top of Firefox/TOR, there are some plugins you can use to further obfuscation. I'll list some of my favorites below.

[*] CanvadBlocker
[*] Cookie AutoDelete
[*] HTTPS Everywhere
[*] NoScript
[*] Spoof timezone
[*] User Agent Platform Spoofer

Going deeper down that rabbit hole, you can also use a privacy based Linux distribution like Tails or QubesOS. Both will run from a USB flash drive and provides additional privacy features. QubesOS runs all applications sandboxed within a virtual machine. This allows the OS to completely isolate the application from other things running and protects your system. If someone manages to exploit and gain access via a security hole in something, it then has to get out of jail :D

Tails is a privacy distro. It doesn't segregate applications like Qubes but routes everything through tor and has all the bells and whistles to keep your identity secure. It also leaves no trace after you take the flash media out of the computer.

Going even deeper ....

Linux has some more cool security features to help you stay anonymous. By using cgroups and seccomp, you can isolate applications like your browser without a fully blown hypervisor present. For this type of isolation, check out the FireJail project!

I'll leave it there for now, if this sort of thing interests you, shout and I'll do some more in depth tutorials for you guys.

Stay safe!
Last edited by seymore_budz on Mon Sep 09, 2019 11:08 pm, edited 1 time in total.
Those who can make you believe absurdities can make you commit atrocities.

Nanook
Respected Member
Posts: 9825
Joined: Thu Jan 01, 1970 2:33 am
Location: My nest
Has thanked: 645 times
Been thanked: 950 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Nanook »

Awesome post :)
I know a little but not that much :)
The quieter you become, the more you are able to hear.

User avatar
Keeno
Site Admin
Posts: 25512
Joined: Sat Oct 07, 2017 10:11 pm
Has thanked: 10550 times
Been thanked: 17044 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Keeno »

Thank you Grumpy Grower. Very informative post, im sure this will help many.

User avatar
seymore_budz
Respected Member
Posts: 2306
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 650 times
Been thanked: 1492 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by seymore_budz »

Thanks peops! I'll do a few posts here for shits and giggles. Starting with password security. Post here any requests and I'll write something up. Knowledge is power :rock:

User avatar
Nanook
Respected Member
Posts: 9825
Joined: Thu Jan 01, 1970 2:33 am
Location: My nest
Has thanked: 645 times
Been thanked: 950 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Nanook »

Isn't my password God1 any use? 😂🙈

User avatar
seymore_budz
Respected Member
Posts: 2306
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 650 times
Been thanked: 1492 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by seymore_budz »

Nanook of the north wrote:
Wed Sep 11, 2019 8:23 pm
Isn't my password God1 any use? 😂🙈
LOL you'd be surprised how many people use rubbish passwords. The worst ones are things like birthdays, pet names, siblings names and anything like that. There are little Python scripts out there that will scrape social media sites for all words on your pages etc, then generate a comprehensive password list based on that data. It will do all sorts like l33t things, flip uppercase and lower case, add numbers common special characters, concatenate words and loop the previous instructions on the union of words. All in a few hours too with a decent computer.

User avatar
Bulls
Coco Grower
Posts: 8623
Joined: Tue Oct 10, 2017 5:39 am
Location: Cagliari
Has thanked: 929 times
Been thanked: 1805 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Bulls »

Some very good knowledge there grumpygrower mate. Such information is always helpful to any of us. I was told before that the agencies got access to tor network and actually using the tor browser rings a bell into their system that u might be up to something no good and they watch you? Of course it might not be true I am just quoting what I Was told :) Thankfully i got no social media for them to harvest info from haha

User avatar
Nanook
Respected Member
Posts: 9825
Joined: Thu Jan 01, 1970 2:33 am
Location: My nest
Has thanked: 645 times
Been thanked: 950 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Nanook »

yes ive seen the scripts you speak of :)
And yes, I used to have massive wordlists myself but those days are well and truely past now. I think with age comes lazieness.

User avatar
Nanook
Respected Member
Posts: 9825
Joined: Thu Jan 01, 1970 2:33 am
Location: My nest
Has thanked: 645 times
Been thanked: 950 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by Nanook »

Bulls, they got access to some nodes I believe, but I very much doubt the legality of how they did it. They had to do something to bring down certain marketplaces on the onion web.

User avatar
seymore_budz
Respected Member
Posts: 2306
Joined: Mon Sep 09, 2019 7:18 pm
Has thanked: 650 times
Been thanked: 1492 times
Contact:
Status: Offline

Re: I've experience in cyber security

Post by seymore_budz »

Bulls wrote:
Thu Sep 12, 2019 11:26 am
Some very good knowledge there grumpygrower mate. Such information is always helpful to any of us. I was told before that the agencies got access to tor network and actually using the tor browser rings a bell into their system that u might be up to something no good and they watch you? Of course it might not be true I am just quoting what I Was told :) Thankfully i got no social media for them to harvest info from haha
Thanks! As I said, knowledge is power :D The TOR network has its shortcomings. The attack I think you're referring to is a theoretical attack where the government could spin up enough TOR nodes to own a good percentage of the network. Then they can strip back the layers of encryption and perform timing based attacks to unmask users. That's an old attack, the size of the network is quite large nowadays so it would be an expensive attack and a bit like using a sledge hammer to crack a walnut. There are other attacks, here's a link to a few speculative attacks that could happen.. Your biggest threat to your online privacy when using TOR is yourself. The weakest link is normally human error like incorrect configuration on a server you're running if offering services on the dark web or insecure browsers leaking your information. If you check out some of the public cases where users have been caught like the silk road case, it's normally human error that catches people out. Same way hackers manage to breach systems. Things have become too complex in the IT world. Systems require deep knowledge in all sorts of fields to be secure. People mess up all the time. If you're really interested in getting deep, check out this paper from 2016. They do a much better job of explaining things than me. I'm more of a jack of all trades :D I've done quite a bit of ethical hacking but that was some years ago. Some of my stuff has been quite public so I can't go too much into detail or I'll be exposing myself.

Post Reply

Return to “Online Security”