15
Advice from Cybersecurity Experts?
(hexbear.net)
Ask Hexbear is the place to ask and answer ~~thought-provoking~~ questions.
Rules:
Posts must ask a question.
If the question asked is serious, answer seriously.
Questions where you want to learn more about socialism are allowed, but questions in bad faith are not.
Try [email protected] if you're having questions about regarding moderation, site policy, the site itself, development, volunteering or the mod team.
I just went back to Crimew's post and started looking at some of those.
Word, I'm not familiar with Crimew but I think I just looked at the post you're referencing and there's some pretty good stuff mentioned. I cut my teeth on phrack back when it was still being passed around on BBSes. (There was an article in 43(?) on stealing a pbx that I got a real kick out of as a kid.) Google dorking is fun for basic exploits.
I would seriously recommend starting with understanding wifi hacking and then how Tor works and how to use it. Learn to anonymize yourself and cover your tracks before you do anything that needs it. Build yourself a pwnagotchi (or an esp32-based alt or a cheap pineapple), learn to use hashcat to crack wpa2 hashes, and then get on Tor from wifi you can't be tracked to. From there you can experiment with ways to bounce from random tor nodes to legit websites that are gonna block those nodes.
Keep in mind a lot of the open source mirrors for major websites, like invidious/xcancel, can serve as alternatives for the major corp websites when you're doing your research. Keep as much of your traffic in Tor as you can by using onion sites. Watch defcon and other conference talks for background in concepts that interest you.
Have fun!
I've got some understanding of Tor. I've built a pwnagotchi in the past and used good ol' aircrack-ng, but always got stuck with a hash I can't crack. From what I've seen wpa2 doesn't go down easily. I have a lot of information, but not much in the way of organizing it usefully, but that's probably a symptom of having too little or too sparse information.
Oh word. You're well on your way already. While there's plenty out there that can't be cracked in a reasonable time, I find that half the battle is knowing what to try based on the SSID format. Have you run across this table?
https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/
For example, if spectrum is prevalent in your area, grab a copy of the spectrum-netgear wordlist.
https://github.com/andrewjlamarche/PSKracker/tree/master/dicts/netgear-spectrum
this will run through a combo of adjnoun and then 3 digits for each combo. takes about an hour on a 1050ti
I also always throw phone number combos of my local area codes at it. tbh, this is usually what does it if they've got a custom SSID.
Honestly, I totally get it, I've got more fluff in my skull than brains. So it's very hard to keep in mind everything I should. I mostly just had some favorite techniques I relied on to do my basic exploration and then once I have a system I can set my sights on that's when I did research and built a plan of attack. I would say definitely check out those syngress books. In case I didn't express that well enough, they're basically hypothetical scenarios wrapped around actual techniques. Great for getting the juices flowing and thinking big picture and how different techniques can tie in to each other. Definitely read the hackback papers.
In minecraft, I would recommend really sitting down and thinking about what it is you're trying to do with these skills and then build up profiles of the types of organizations you would like to work with in the future. Check their job listings for software and hardware they use, try and build org charts to find out the people you would want to get in contact with, etc. From there, the jhaddix methodology is a great start. https://github.com/jhaddix/tbhm