Right Wing Hacker Squad

In terms of VPN is's probably better to buy one, less of a chance they will fuck you that way.

if you'd read those links it's more infosec than 'ebin hax'

bump

adding info to the thread would be better than just endlessly bumping

er…DNC Leaks? Hillary's emails? DC Leaks?

bumping is better then pretending to know shit I don't know.

←- sam hyde literally tells you he needs help wink wink nudge nudge

tru dat, but its a nudge for you to get into it

Whatever gets fucking done with this information? You're not the cyber-security branch of a military division. You have NOBODY to act upon these leaks. Where is the real-world relevance? What are you going to do? Embarrass them a bit, maybe discredit them to a few people, possibly get them fired from a job, send them some pizzas?

…and what about them? Do you not realize that the majority people supporting Hillary are actively hostile to our interests? If they can be bothered to even look at the leaks or read the condensed headlines about those leaks, it doesn't matter, it's just like how we have studies out that confirm the very obvious things about niggers that anyone can plainly observe.

There is a big problem with hacking; there's nobody really doing everything they can with the information.

Oh and btw, Holla Forums people aren't going to become great hackers/leakers of information. Why? They aren't embedded in the enemy's circles. Do you know what spying is? We need spies. Those leaks are the works of spies, people who are on the inside, who infiltrated the enemy, and leaked what they could.

Hacking is a hobby. Don't let it replace real-world action.

This. We're not going to win the information war by "l33t h4xing" but we need to become more professional in how we communicate, share and network.

Towards this purpose, knowing vulnerabilities and deploying adequate countermeasures ahead of time can save you.

For instance, just knowing enough to use cloud flare and encrypt your passwords is a good start.

Go ahead and learn about computers and programming like I did but you're going to have to learn mentalism, how to infiltrate, how to be liked, how to echo people, etc. to get people to slip up and divulge critical information to you.

If someone really wants to help, they could program new communications networks, and by that I mean a viable alternative to Skype. the various variants of Tox are still a clusterfuck to figure out how to install them and get them working and it doesn't have voice and video chat and many features just like Skype. We need a Skype minus the Prism Network.

There are probably active efforts to sabotage through a variety of means including cutting off financing, introducing code to open-source projects that fucks it up, etc. preventing it coming out too.

I haven't done this but if it works it seems doable for the average Holla Forumsack, especially if you're hijacking wifi.

I agree 100%. tox is just OK, but there's no persistent server install and the group chat functions are clunky. I tried making it persistent on a VPS, but it kept crashing.

As it stands there is no good alternative to skype in the open source community and how can you trust them not to push a backdoor into an update when nobody's looking?

There is a lot of talent on goytech and within the WN sphere. I'm getting back into programming as well.

We need a skype alternative made and maintained by WNs. It could be better than skype too, if we added a persistent server install similar to tinychat or google hangouts.

It took me forever to get Tox working before in the past, and then when I finally had it working, it was still a dysfunctional cluster fuck.

Then I upgraded Mint to 18 again, preferring to wipe clean everything and just start again from scratch, and I haven't got Tox working again since because it's not worth the effort and I never ended up using it anyways.

Please remember also that no matter how good you think your program is, no matter that you want to insult the intelligence of the users who "can't figure out how to follow x steps to blah blah", if you don't make it as simple as possible to get your app and get it running and begin immediately using it most people will not adopt it too.

upgraded again* Mint to 18

The law will absolutely fucking railroad you if they think you're snooping around with things you shouldn't.

A very close friend worked for an alphabet agency and just happened to copy some information he shouldn't have.

He was vanned, his house was raided.

Unrelated to the sensitive material, he was also put away for other shit they found on his machine.

He's out now, but passport cancelled (probably forever) and permanent record.

Then there's the Clinton body count to consider. If you are leaking shit that's sensitive enough, and you are found, you might not live to see tomorrow.

I'm being alarmist, sure. Do what you think you must, just be absolutely sure you know what you're doing.

Some people will have to die, some other will lose their freedoms, it's part of the game.

If you are not ready to die for something, you arent living, you are surviving

I need to write this down on my wall of quotes in my room.

I know a few fascist hacking squads out there who do good work

How would the alphabets not be a third party to you If they were actively reading your traffic?>>7191848
lizardquads

...

Intradasting. Learning to program is obvious.

cyber fascism is the new cool kiddos
hop aboard

This user is right, what we need most is spies.

Speaking as a programmer, it's not easy to hack into a server where they store sensitive shit. It would probably be more practical to infiltrate the place and leak information in that manner.

Of course, it wouldn't hurt to assemble a team to perform some penetration tests on targets that would perhaps have something of use. This isn't the sort of planning that's done anonymously or over the internet though since it involves real risk, a team like this would most likely know each other IRL.

...

How were some recent hacks like the DNC and NSA carried out?

Months of learning about their target and carefully crafted exploits.

@ 23 seconds of that video, Charles gets a kippa.
Sam looks at least half jew.
Are they rusing us, are they crypto-kikes?

MIT open courses are nice

RWHs

I'm looking for practical details?

Ever heard of man-in-the-middle attacks? VPNs do jack shit against such threat, heck even TOR alone can't fully protect against that.

WE NEED TO SUMMON THE ANTI-CARTEL user

he's dead user

Any proof he died?
Last time i say his thread he had some new photos and said he wanted to snithc on el chapo's son trough their instagram GPS

shit really, I had heard that he had died…

have some rares

Even if he dies…some-one else will just take up the mantle.
you can kill men, but never an idea.

What he does isn't hacking it is more like intelligence analysis.

I'm fully committed to this, and would like to learn. However, I cant spend the next years learning. Shit has to be done now.

Where do I start exactly, where do I go from there?

RWHS potential member

RE, intel-asm, malware analysis, traffic, I can write stack and SEH overflows for windows.

I know a bit about crypto, tor, security, and the likes.

Anyone who says Tor is compromised is uber paranoid. You'd have to compromise both entry and exit node, provided the target doesn't use a bridge or anything else. On top of that, you must make use of that information in a timely fashion.

The only decent attack is a correlation/timing attack and maybe throwing fox-acid in there if you're not serving up client side exploits.

Basically, keep noscript running, don't run java or unnecessary code while using Tor. Use crypto on the underlying level of this. Don't use Tor for just sketchy shit, that's how the Harvard guy got caught.

Assume you're being monitored, assume everything you DL through Tor is bound with malware. So use TAILs and airgap it when you don't want traffic going out.

In terms of VPN and Tor

VPNs only hide the traffic you're sending. The ISP knows you're talking to the VPN, the VPN knows where to send that traffic, its a one stop shop for a subpoena. 20 dollars a month doesn't buy loyalty and a lawyer.

Tor, only anonimizes you. All the Tor users are made to look alike. There is only crypto inside the circut. The second it leaves, anything un-encrypted is now plaintext for every MITM to see.

Go Tor -> VPN

If the VPN gets subpoena'd all they know is the IP that logged in through it connected through Tor, now assuming the adversarial agency (feds you pissed off) isn't the NSA, you should be okay. They not only have to get the packets sent during that time, but must correlate it to you being logged in. At that ponit they'd have to Hammond your ass.

What if one guy seeks active recruitment from the feds?
Shoud he use only Tor, as a way of "Inviting" NSA to contact him? I think many people seek to have such jobs.

So to recap

Tor to VPN

Tor gives anonymity, nothing is encrypted by default unless you have SSL going.
VPN gives privacy. Everything is encrypted but the ISP plainly sees where its going and knows the endpoint will be with that company… most likely. (Since most you guys don't chain VPNs and drop the connect after 10 minutes)

You biggest threats aren't attacks on the protocol itself, its most likely going to come through the browser or through a timing attack like FOXACID, and that shit only happens when you're a direct target of NSA or comparable IC groups. So no java, not flash, no stupid shit. Don't download pdfs and run them unless disconnected from the internet.

Use common sense, use operation gear for operations, use Tor for standard browsing and even connecting to the 8ch onion address. You have to build your credit up before you can buy a car. You have to build your image of a constant Tor user before you can stand in court and say "I wasn't hacking DHC at that time, I was looking at Salafists on Twitter."

Like courting the feds for a job or for recruitment as an intelligence source?

yes.
Logically an agency will appreciate someone bold enough to do that and avoid the red tape normal prodecures, but that also shows real skill.
In medieval days mercenaries were recruited from rough areas rather then well-known official groups,for example

Nah, not really. From my understanding of CIA, they approach you through "P-sources" or professor sources.

NSA is generally recruited from college computer classes, military cyber/electronic warfare/electronic intel.

Its more beuracratic, they're such a large agency and shit.

As for recruitment as a source, by this I mean, you're a spy/mole for an intelligence group, be this DIA, NSA, State Department, etc

Basically, you're a snitch.

In the words of Chercashkin or whatever that fucks name is "You're looking to hire people who want to be hired" Most people who spy don't need to be convinced, they're generally mentally set, they just need someone to pull the trigger for them.

Spies are not regarded in good taste to the IC, generally they're seen as weak little fucks who wanted more spice to life and couldn't cut the mustard financially or whatever their justification is… its mostly ego.

You don't want to be in the position of a spy like that. The only respected "spies" are moles/"deep cover assets", also called "penetrations" in the IC's parlance. They're your FBI agents to get into 1488 groups and shit. They're your ATF members who join militias.

If you want to do that, you're going to have to look at a bachelors at least in criminal justice and be a psychological profile "fit" for the job. That takes a life time essentially at the bureau, and for agency, you'd probably have to be foreign born or dual nationality.

...

Or you can look at the protocol Tor uses, how it does its hand shakes for crypto hand hand off of traffic, you know, reading, something that most memefags don't do.

Or if you're into videos
youtube.com/watch?v=eQ2OZKitRwc
youtube.com/watch?v=TQ2bk9kMneI
youtube.com/watch?v=J1q4Ir2J8P8

If you want some reading material to go along with this
deepdotweb.com/jolly-rogers-security-guide-for-beginners/
grugq.github.io/
grugq.tumblr.com/
grugq.github.io/security-rules/

Kindly, fuck yourself, because I know what the hell I'm talking about.

be safe nimble navigators

collaborating with people you randomly meet in here is probably the quickest way to get v&

way to miss the point

believe in the majicks

I'm just giving information, collaborating would tak e a lot of vetting. In the wise words of Oleg Kalugin "Knowledge does not imply misdeed."

So, you guys wanna be extra memey oper8rs of the super secret "dark" parts of the internet.

Install an addon called Desu Desu Talk.

This is a stenography app that embeds messages in images. It acts as a secure channel. This would allow feel team six members to communicate in a covert channel.

...

...

safety should be #1 priority

...

Alright you whiny faggots it's time to have a chat.

Realistically it should take you fucks years to get to any useful level of hacking, BUT thanks to the shear volume of wares that exist nowadays, just about anyone can get to a script kiddie level in minutes.

People who are above-average intelligence will advance faster of course, and the more time you spend studying and testing different security defenses, the better you will become.

Hacking is more a process and an artform than just a mere mashing of keys, simply using hacking tools doesn't make you a hacker. You have to know what, when, and how to use them effectively and that only comes with experience.

Give me a few and I'll write more on this, I'll show you guys the ropes and then it's up to you to keep up with it.

...

bb my only problem is my debugger is killing my exploits for some reason. I'm firing up the analysis machine so I can so some RE/computer faggotry with you.

do you like venetian shell code?

Was reading gruq blog he was saying how the NSA are script kiddies, they hire a few geniuses to create weapons and train masses of people to run scripts.

We can be script kiddies too, and do a lot of damage.

grugq.tumblr.com/

1. Hack every website you can reach, look for admin access / upload shell scripts
2. Bulk mail truthbombs to site's userbase

Hacking can be thought of in five phases:

In this stage you will gather intel about the people/organizations you are trying to hack. There are a variety of ways to do this, this is what you autists have gotten down to a science, so I don't really need to explain this shit.

Phase 2—Scanning
This is one of the most important stages, this is where you use nmap, nexpose, and any other scanner/vulnerability program you can find. You will want to be careful when scanning to not trip up any IDS/IPS systems because this could seriously fuck you up. You should scan everything associated with an organization you can find to figure out where the most vulnerable part is.

If you are bold enough to actually do physical intrusion, this would be where you start probing the organizations security to get a read on response times, etc.

Phase 3—Gaining Access
After you've done your due dilligence and discovered as much as you can about their systems, you'll have a list of hosts and their known vulnerabilities, from here you just need to exploit them. If you're hacking into businesses you'll likely be doing a LOT of attacks on the RDP (windows remote desktop protocol), for the most part you can google whatever vulnerabilities you've found and get a tutorial.

Phase 4—Maintaining Access
After you gain access you are going to need to use privilege escalation techniques (google OS version + priv esc). Once you have root on a system you'll need to install a rootkit of some sort. There are many malware vendors to choose from, some of them will actually gain root themselves.

Phase 5—Covering Tracks
Now is where it gets tricky. Hopefully you've been using a variety of VPNs and proxies to hack into whatever system because the scans you did and the exploits you launched will have left a long line of error logs. Find them and delete anything that could come back on you.

That's the gist.

Nefarious I like it your style.

Uh yeah, dude, its all pretty automated and FnF.

Take a look at the tools that came from the equation group leak. It was a simple bot that accepted hex and ran the opcodes.

My first C virus was just that. All it did was had the shellcode xor'd against a string of trash. Trash was 3k bytes long. Push the 3k to stack, clear with nops, then pop it, push new opcodes to the stack, wait for shell to show up.

Wow, that's great……….. except just about everyone here probably has a hack forums account. And this is the most dumbed down version of the sans CEH exploitation life cycle.

5/10 for translating it to normie tho'. Good try lad. Maybe put little brackets around things like IDS (intrusion detection system) IPS (intrustion prevention system)

That wording is pretty misleading, let me expand.
When connecting through tor to a webserver the connection looks something like this:

[C] = = [*] = = [T1] = = [ T2] = = [T3] - - [*] - - [S]

where C is the RWDS operative's computer and S the target server

* are any number of regular routers - these are the same kind of boxes your packets would go through if you connected the regular way

T1-T3 are Tor nodes

= = denote the connection is encrypted
- - denotes it might not be

the potentially unencrypted part from the tor exit nodes does not matter too much. while the contents of the packets can be read on those, tor makes it very hard to find out which tor user they belong to.

when using a VPN it looks like this

[C] = = [*] = = [V] - - [*] - - [S]

so that doesn't really help much

the reason people connect to tor via VPN is that tor nodes are publicly known

while your isp can't read the contents of the packets towards [T1] they do know you are connecting to the tor network - and they are required to keep logs for law enforcement in most countries

also some website owners block all tor exit nodes

get a shitbox of old laptop, install tails, and never use that thing for regular browsing
for extra paranoia, remove any hd's and boot from a live CD this makes you immune against all but the nastiest shit with a simple reboot

Kek'd.

I bet you don't even remember the days of typing

c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c\n

Into telnet consoles.

Seriously though, you aren't providing shit that could help these faggots. You're sitting here bragging on an anonymous forum about how 1337 you are.

Here have a free video showing how to hack android phones.
s000.tinyupload.com/index.php?file_id=03185399556612420704

Most websites aren't capable of installing anything to their hosts. You'll have to target the webhost instead.

quads have spoken apparently.

The problem with the crypto is that it only works in the Tor circuit so I consider it non-existant since its not protecting anything you send to clear net. Now if you connect to an onion, you keep the crypto with ephemeral RSA keys until you refresh IDs.

I've done double Tor before, but that was slow as balls and probably looked sketchy.

IIRC you can't install tails on the disk itself but you can use USBs. I prefer those tiny ass ones that are 16 gigs or using the adapter ones for microSD or SD cards if your lappy supports it.

I prefer microSD cards since I can break it/burn it. Or at worst swallow it. You can put it in a phone as well and cross the air port no problems.

I'm sorry, am I supposed to be mystified by smurf attacks and SATAN tool kit? Are you gunna threaten me with back orrifice? Oh noes. Pls no siber buly.

And I am actually providing people with information they need. Reread the shit I typed on Tor, VPNs, and not getting caught and how the whole IC/Judicial recruitment thing works.

If you want I'll go over stack, SEH, and ROP gadgets for you.

Yeah, but if you have any ability to modify a page or owner chmod 777'd a file it makes it easy to put a "custom administrative shell" on the server. Then you just use the shell do DL a rootkit or start a meterpreter script.

Nigger what? The .mp4 shouldn't be doing that.

Oh I'll probe your back orrifice m8 kek.

Now you're speaking my language!

Actually you're not because for the last 6 years or so I've been a purist fag and wouldn't touch metasplot or any tool other than nmap tbh.

My warez knowledge is lacking, but I still get in.

Uplink is a video game released in 2001 by the British software company Introversion Software.

en.wikipedia.org/wiki/Uplink_(video_game)

And it does… what?

That's an interesting summary. Do ISPs not keep logs of anyone at all just tor users? Wouldn't ISPs also keep logs of clients who use VPNs as well?

ISPs can see all traffic. So can anyone with a well placed wireshark. Questions is how much do you think they give an arse about someone's furry porn traffic ?

Please explain them

If you're British, they got porn laws and shit, but if you're in the US of A then not really.

ISPs are concerned with torrenting of CP and torrenting of intellectual property.

They can keep logs but its really expensive so they only do it for subpoenas.

Back orifice was an old ass virus used in the 90's and change of the millennium.

Smurf was making your packets big as fuck and sending it to people using windows. Apparently it made them BSOD.

Meterpreter is meh imo. I used to be a sperg over trying to write my own shellcode but its just easier to use meterpreter since I can declare bad chars and generally throw it into any type of encoder.

So haxxorz, lets try to make exploit dev simple.

So, you got a shed in your back yard.
There are tables in the shed.
Each table can do one project or can hold one thing. There is only you inside the room. So one thing at a time.

This is the basic explanation for memory and operations in memory.

Memory is your ram. Shit goes in, shit is analyzed, shit is done. Little guy in the shed is your cpu. Welp, little guy in the shed follows the instructions like every normal person follows ikea instructions. (Generally the correct way until timmy shits himself and then the fun happens)

What if you could over-write the instructions he takes? Say, write A 2,000 times. Welp the sheet of paper is STACK (esp). Alright, so CPU rights 2000 A's, but where does he get this instruction and where does he go back to once he's done?

Well, CPU needs to know what he's working on. This is EIP, 4 bytes out of the millions of spots in memory… 4 bytes control the flow of direction. Where does CPU go back to once he's done with the operation? He's got a sticky note next his current operation, and that tells him where to go back to. Thats EBP.

So, what if we got control of what happened next? That means we control the program at the same privileges it was started at… on top of that, we can do anything we want inside of it… within reason.

We send 2000 A's and the program executes fine. CPU interpters those A's and then passes it off. Nothing happens. Well, what if we don't send enough data? This is when we need a reciprocal pattern. Of unique digits. !mona or metasploit can do this for us and will tell us in the dump how many chars we need.

Since I'm a lazy ass, lets just say we find the offset for EIP is 3054 bytes. This means the EBP is around 3050 bytes in the stack and there is 3049 bytes of space and one terminating signal of space in there. Since we know where EIP is, we can put the breaks on the program by sending 3054 bytes of A's and 4 B's and then 500 C's.

The C's tell us where the rest of the data will go. So we're looking at the debugger, the debugger shows "43434343" in the ESP table. This means the program offloads part of the workload to a different table. So we have to find a way to make the program jump from calling quits to the table where the C's are.

We will need a JMP ESP command. We can do this by looking for this in memory in DLLs or in the program itself. DLLs are generally DEP and ASLR finicky so its best to search there. Look for dedicated system DLLs or DLLs for the program.

We've found a JMP ESP command at \x78\x56\x34\x12. It has ASLR disabled and DEP disabled.

The exploit data we should send now should look like

A*3054 \x78\x56\x34\x12 C*500

A's get us to the control point (EIP, what happens next)
\x78\x56\x34\x12 tells us to jump to ESP (So EIP says hey, we're jumping to ESP)
So the cpu walks over to the workbench of ESP.
ESP has C's in there…… this won't do we need something like start a command prompt, open goatse, or soemthing
This is where we break out C, metasploit, or google for some dank shell code.

Congrats you now know how to send a basic exploit remotely.

archive.is/fcwB6
Updated archive of thread.

What I understand is they have a legal incentive to NOT pay attention and log anyone's traffic, because if they give an inch and start to monitor you then they're liable for monitoring EVERYONE, and on top of it they're suddenly liable for all illegal content that passes through their wires and have to be responsible for any CP.

That's a huge pain in the ass and waste of money, so you can understand why the ISP's have all generally been pretty good about telling the jews "No" when they get taken to court. I'm not saying this means you're not getting spied on right now, because you are. It just means that the NSA most likely had to tap their wires without their knowledge and intercept some router shipments to plant bugs rather than get in through the front door.

Basically use crypto on your torrent traffic. Use peer guard.

Also slippery slopes don't real goy, cmon just sniff a little bit of this packet.

...

What is this thing of which you speak?

Monitoring CP sites is far more efficient. In ToR's case all they have to do is monitor/host an exit node.

TWC and Verizon do monitor torrenting and crap.

But provided you don't pull a t-bone in one month I doubt they could care.

This, but also monitoring the peers seeding and leeching CP/questionable torrents is what gets people monitored.

Bump

This thread cannot be allowed to die. OPsec is important you fucking diehard traditionalist faggots.
LEARN

Le Reddit Upvote

Any thoughts on how you would create a network resistant to spying and subversion? My impression is it just can't be done with computers short of owning your own chip fabs. So what about low tech solutions, anyone have any thoughts?

create your own infrastructure.

...

ayy lmoa fam
seriously tho, people need to arm up and start riling up APIs from social media to spam that shit into oblivion with redpills

le reddit upboat back at cha

All redpilled people should learn atleast one programming language.

As a matter of fact, everyone should know atleast one programming language. It's basically as important as knowing how to write at all. Programming is the new "Latin".

I recommend everyone to start with python, its very simple and easy. And usually people learn more computer science from there.

kek
You're a cheeki cunt , I'll give ya that.

it is worth learning openbsd
learn command line korn shell
read the books in the openbsd.org recommended books section