Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - BlackWasp

Pages: [1] 2
1
Networking / Re: Build my LAN
« on: July 03, 2015, 09:52:41 pm »
Quote from: 2460h1 on July 01, 2015, 02:04:07 pm
Mmm You definitely want something decent quality. You'll definitely want something with dual radios. For future-proofing you may want to aim for something that is 802.11ac certified if you can find it. Not sure i would go with something that was Draft-ac as it may end up not being compliant. up to you though.

If you are doing some heavy bandwidth transfers you may even consider getting a second access point.

The main issue is that a wireless device can only speak to another radio one at a time. If you have 14 people all trying to do bandwidth heavy stuff, it will SERIOUSLY degrade the performance. Hence the dual radios/networks

What kind of pen testing? Getting into the Wifi network without creds? In which case on a home router you'll probably be limited to WPA2 with AES - probably the most secure of the available options. Make sure to disable WPS,

After that there is a shitload of other things that can generally make your network more secure. disable DHCP. enable MAC filtering, disable ping responses,change SSID, disable SSID broadcast, disabe remote management, change access user/pass, disable UPnP, change DNS settings to something like OpenDNS, change admin interface port and force HTTPS if possible and it doesn't already... some of it is just security through obscurity but worst case it doesn't stop anyone, best case it does.

If the router supports it, enable client isolation. But that restricts you from having shares. probably don't want that any ways. if you do, you may be able to create VLANs for a similar function as client isolation if the device supports it. not sure how often that appears in SOHO routers though.

but other than that... what sort of pentesting are we talking about? internal devices attacking internal devices? or just people attacking the wireless infrastructure?


Thanks for this really helpful response. As far as pentesting, I'm basially talking about external devices accessing the network and using it.

2
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: July 02, 2015, 04:09:44 pm »
Quote from: Khofo on July 01, 2015, 05:31:02 pm
I never denied that, all that I am saying is that it's an extremely important aspect, that definitely is worth talking about.


I don't disagree. I'm just think this point has been beaten to death and basically goes without saying. Literally almost every single person in this thread has mentioned it. It's important, but that's really the most basic OpSec / NetSec principle out there.


Quote from: white-knight on July 01, 2015, 06:17:12 pm

I think trying to stay anonymous online and the steps to stay anonymous to commit a crime and not get caught would differ alot .. 


I understand that I'm the new guy here and I see there's obviously a consensus forming, but I actually disagree with you and @proxx. At the end of the day, whether you're breaking the law or just trying to shop on amazon anonymously, you're going to be applying the same principles, using the same techniques, and relying on the same knowledge base of hardware, protocols, and computer science. Granted, Proxx is correct in saying that committing a crime "anonymously" ultimately comes down to not being worth the money that one would have to expenditure to catch you, but that's also true of remaining anonymous in general.


My greater point about crime was not to draw a distinction between remaining anonymous when breaking the law and remaining anonymous for privacy's sake. Rather, my point was that the finger wagging and eye-rolling impression I'm getting from certain individuals that "you're inevitably going to just volunteer personal information about yourself online because you're going to be that careless, and you're stupid to think you wouldn't" is absolute bollocks. This is to say that people engage in major crimes all the time and more often than not actually get away with it (3/5 of all major crimes are unsolved), and it's just as easy as keeping your mouth shut.


So maybe my rep will go down and I understand I'm disagreeing with the group, but I think the point still stands regardless.

[/size]
[/size]
[/size][size=78%]quote author=proxx link=topic=20584.msg108605#msg108605 date=1435768670][/size]
ISP's tap because they are required to by the gov, at least here and I know more countries where this is the case.
As soon as there is a trail between you and the endpoint over which you send/receive data  you could be fucked if someone wants to fuck you.





This is mostly true, but I it isn't that simple. The types of records that ISPs hold aren't as thorough as people would like to imagine for several reasons. Mainly, ISPs have no desire to store that much data because it's expensive and requires a lot of equipment. The government and NSA are getting ISPs to hold records and helping them with it, but it isn't like every website and every datagram is unencrypted and printscreened. Also, those records aren't there forever.


The greater point @proxx is making is correct. Basically if you give them reason to watch you, then you can expect that they will do so very closely. However, if you aren't a terrorist, costing some company a ton of money, uploading gigs of illegal content, or hacking government computers, they're not going to waste resources spying on your account and they're really not going to care.


As far as the intelligence community is concerned, Executive Order 12333 is pretty much where all the "We're going to spy on everything you do" mentality comes from.

3
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: July 01, 2015, 05:21:30 pm »
Quote from: Khofo on July 01, 2015, 03:21:43 pm
Humans tend to make mistakes, that' why humans are the weakest link, and whatever your level is you should worry about errors from your side being leet or a toral noob, human error has the same impact. And that's very true for anonymity, most high profile "hackers" were catched because of human error, like soemone said saying how's the weather were u are is compromising, also your writing type, typos, profile picture all of this help to profile u. This isnwhy most of the "big hacks" interpreters were catched due to this and not due to misconfigured VPN, WiFi Hotspot or proxychains.
So human behaviour is key and always always worth mentioning, and 100% that u are subject to it too, saying that  human error is not a variable for u is a huge mistake

You seem to be forgetting the multitudes of people getting away with crimes consistently everyday (not just computer related) that know enough to keep their fucking mouth shut. It's not rocket science. It's as simple as being careful what you put out there.


4
Networking / Build my LAN
« on: July 01, 2015, 01:27:36 pm »
Community,

I'm looking at starting a small LAN at my household, and am interested in making it reasonably secure. I've set up a LAN on my own before, but that was back in the mid 90s. This being said, I have a couple ideas as to what to implement and what to research, but I figured I'd ask the group what you guys would do so that I have a little more direction as to where I'm looking. If you feel like playing along, consider the following:

1. The LAN will be running anywhere from 6 - 14 computers at any given time (I can give more details on these specifics as needed).

2. The LAN will be connected via WIFI.

3. All of the computers will be running some distro of Linux, with the exception of the female's Windows 8.1 (yeah I know..).

4. Assume there's a ton of people around me who will be trying to use advanced tools to break into the wifi.

So what would you do? How would you pentest? What kind of hardware would you be looking to use?

5
Anonymity and Privacy / Re: The best free VPN for you ?
« on: July 01, 2015, 01:07:10 pm »
Quote from: DeepCopy on July 01, 2015, 01:57:30 am
"Best" and "Free VPN" don't belong in the same sentence.

This.


Also, if you think a proxy chain instead of a free VPN is sufficient, you're probably going to get caught with whatever you're doing because that demonstrates a very poor understanding of TCP/IP.

Not trying to come off as a jerk or anything, but you're really not allowed to fuck up once with this kind of stuff.

6
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: July 01, 2015, 01:01:56 pm »
Quote from: sh4d0w_w4tch on June 30, 2015, 07:07:09 pm
If you want to be anonymous from law enforcement then you're going to need to do so much work that it won't be practical.  You can't drive somewhere just to use the internet.  A lot of the advice posted here has stupid holes in it.  A burner hotspot will track your location like a phone, so you need to keep driving away to just have it turned on.  Staying anonymous from the people on the internet is a wise decision because you don't know when and what would make you a target.  I've gone after people who fucked with my friends, and all of them have had stupid flaws that allowed me to find them.  None of my friends thought they were doing anything that would make them a target.

Your dismissive attitude would be justified if you knew what you were talking about, but what you're saying isn't true. If I have a computer and am hitting a wifi hotspot, they can't "track your location like a phone." Phones are tracked through triangulation of several towers at once, whereas a wifi hotspot is a single modem and router. At best they might be able to calculate your distance from the actual modem due to the amount of packets your getting, but even that's variable to so many different things that it couldn't be tracked reliably.

Otherwise, the wisdom of not sharing information about yourself is appreciated, but that's not advice I actually needed from anybody. I've never been afraid of someone "doxing" me, because it's ultimately a pretentious dysphemism for "I don't understand NetSec and revealed enough information for someone with enough time to google me." I don't want to come off as a jerk, because I understand it's something worth mentioning in any conversation about anonymitiy (especially to a new person on the forum), but if you're still at the level of not having the self control to not tell personal stories and reveal other information about yourself, then VPNs and Proxy-Chains mean jack shit.

7
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 01:54:13 pm »
Quote from: sh4d0w_w4tch on June 30, 2015, 08:14:08 am
I don't try to be anonymous from the feds.  It's too much work and they'll get you eventually if you use the same identity.  I don't think they know who I am because they would need to send orders to certain people.  The NSA might if their data collection is as massive as people say it is.  I made up an identity and used it for registering everything.  This way somebody can't get your information just by sending a threatening legal letter to your host or hacking one of your accounts.  I care more about privacy from skids then hackers because teenagers who think they're hacker badasses are more likely to cause you serious short term trouble.  Hackers can cause you much worse long term trouble.  Unless you go after their family or do something really personal, an older man or woman with a real job isn't going to care.  There are bad apples in any age group.

You said that you are interested in anonymity "for it's own sake."  If that's your motive then you won't observe OpSec for very long.  It's a chore to maintain and you won't keep it going.  I like having an alter ego and an identity that only exists online but it's extremely restricting if I want to maintain proper anonymity.  There are certain things that I can't talk about because if one of my friends posted on Facebook that I work with Linux, use X, Y, and Z programming languages, and A, B, and C interests, then my cover is blown.  Web pages have already been written about what I do with computers.  On just this one topic I have to be careful what I talk about.  Anonymity is an all or nothing game.  You only need to fuck up once.

When I say anonymity for it's own sake, I'm not just talking about doing it for shits and giggles. I genuinely feel a certain degree of anxiety throughout the day due to the fact that my entire life is online. Think about it - all it takes is one crooked cop, one person who knows what they're doing, or one script kiddie and so many elements of my life are there for the taking. I'm tired of it and want to do something about it.

Even when you think about how much spying the federal government does, you can easily screw up your life just by accidently clicking on the wrong stuff. Sure, everyone says that they're only going to waste resources going after the bad guys, but what's the standard of what makes you a bad guy? How many controversial datagrams do you need to send before an investigation is justified? Do they have a file on BlackWasp right now just because I'm posting on this website? What if you accidently visited a webpage with illegal content, or worse, downloaded mislabeled illegal content? Are they watching you then? What if you did it more than once? Do they trace your IP and start investigating? I'm not sure if you guys are aware of this, but some of the laws on the books for downloading software and pirating music deal greater consequences than looking at child pornography (you can tell who makes the rules in this country). My point being, if you download music or software - does that make you enough of a bad guy to justify individual attention? What if you have a cotroversial opinion? What if you buy a lot of books on something controversial through amazon?

I'm not saying that I do any of that stuff, but it's worth asking where the line is drawn. When I was growing up, I was part of a community that encouraged everyone to question everything, read whatever you want, learn as much as you can, and the foundational axiom was that knowledge was free. Now I live in a world where I'm always wondering if my reading or surfing habits are enough to justify someone always looking over my shoulder, and that's not something I want.

So I'm taking privacy a little more seriously.

8
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 03:41:39 am »
Quote from: Trogdor on June 30, 2015, 03:07:50 am
Haha you just described my life, but I'm a little younger.

Lol, great minds think alike.

Anyway, the thing is that I'm getting serious mainly about anonymity because I'm tired of having anxiety throughout the day due to the fact that literally my entire life is online for anyone with access to exploit.

9
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 03:05:09 am »
Quote from: Trogdor on June 30, 2015, 03:03:07 am
Awesome. You said your major is computer science?

Yes. I'm in a computer science major and am starting this fall. I'm trying to get studied up on it before I show up so I can learn as much as possible.

I used to be really heavily involved with this kind of stuff when I was younger, but I never kept up with it because I was busy doing other things (chasing girls, smoking weed, etc.). I grew up a bit and decided it was time to come back to it seeing as it's such a lucrative field.

10
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 02:53:33 am »
Not bad for my first post, huh?

This seems like a cool community and I have a lot to learn, so I'm going to just hang around here, read, and ask questions.

You know, if I don't get v& in the meantime.

11
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 02:44:09 am »
Quote from: Trogdor on June 30, 2015, 02:42:04 am
Any number of things. For example disabling noscript to enable functionality of a site will surely leak your true IP.

Interesting.

I guess, when all is said and done, it comes down to whether or not what you're doing is attracting enough attention of people for them to bother spending money on tracking you down.


12
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 02:39:58 am »
Quote from: Trogdor on June 30, 2015, 02:34:58 am
And you're likely to make a tiny unavoidable mistake that completely gives you away. That's not to say that anonymity shouldn't be attempted; it's extremely important in modern times.

What kind of mistakes would you be referring to?

By its very nature, a mistake is avoidable in my mind. 

13
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 02:21:01 am »
Quote from: Trogdor on June 30, 2015, 02:05:24 am
@Deep haha that's true, but lots of people will use VPNs for hiding *insert shady shit here* while thinking that they're safer. Sure it may be better than using your own internet connection, but people put way too much trust in companies.

That's kind of my thought on the VPN. It seems like paying money is way too much of a hassle for the relatively basic "protection" they're providing.

14
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 01:42:54 am »
@DeepCopy

Thanks for your input. Paranoia is my middle name.

15
Anonymity and Privacy / Re: Anonymous Maximus - What would you do?
« on: June 30, 2015, 01:31:58 am »
Quote from: DeepCopy on June 30, 2015, 01:15:43 am
TLDR;

I don't feel like reading all the shit mostly mainly because I simply don't care. But I guess I'll post a normal setup.

Buy a reputable no log VPN, PrivateInternetAccess is a good choice. They support bitcoin payments as well as gift card payments (amazon, Walmart, Starbucks, etc). They also do not keep logs of anything. This is your first line of defence. The only system that should see your computer exposed is your VPN. It is obviously preferable to not use your home internet, rather highly populated areas with minimal Cameras and decent hot spots. Now that that's out of the way buy a bunch of cheap 8gb USBs, load up various nix distros, maybe a few Kali, a few tails... A different os for different purposes. Obviously if you run persistent you're stupid. So at this point we're Disposable OS - Hotspot (I guess a Mac spoofer) - VPN. Using tails I believe the web browser has extensions like noscript, HTTPS everywhere, etc. And that's good to browse the web. If you really want you can add in TOR and browse the deepweb.

In the end nothing is 100% anonymous but you can make it extremely difficult. Hide you USBs around, like a nice spot near your favorite hotspot locations. Don't forget to use your computer for regular browsing and have windows on it, keep it completely segregated. Nothing suspicious, Facebook, porn, personal emails, etc. The Disposable USBs are there for the other shit. Never sign up for anything with your real name with an alias email. For example:
Your real name is Thomas Abernathy. You have 1337.gh0st for a handle. You sign up for online banking with 1337.gh0st@gmail.com you just exposed a stupid mistake. Instead you have alias/alias email and real name/real name email. Never mix the 2 or you're going to have trouble when you piss off the wrong person and they go doxing.

That's kind of shitty that you didn't read a lot of the other posts because you'd realize that most of what you said was already written by other people. Nevertheless, the rest of it was pretty insightful. I have two questions about your input though.

Firstly, I  wonder about the wisdom of using a live boot *nix USB on another computer that you use regularly. Wouldn't that run the risk of exposing other information when you use it for browsing? Furthermore, wouldn't that run the risk of exposing the distro or its content if the computer was ever analyzed?

Secondly, could you elaborate on this part a bit?

Quote
Obviously if you run persistent you're stupid.

What do you mean run presistent? Do you mean using an actual installed version of a distro is stupid as opposed to always using a liveboot? Or do you just mean generally. I apologize, but I'm not fully picking up the context of what you're getting at.

Pages: [1] 2