computerboss

joined 1 year ago

Ok so to be clear when I said team I mean a bunch of college students preparing for different ctfs, but these are some of the more helpful resources we have found:

Tryhackme: personal favorite especially for beginners Hackthebox: great for learning/practicing attacks Overthewire: another good ctf site

We try to build many of our own ctf like machines, then each person switches their machine with another person and the other person tries to secure the vulnerabilities without knowing anything about the machine. Once everyone has secured their machines we try to attack them using the notes made while setting them up. This is our step by step for that process.

  1. download an old version of a distro. (Ubuntu 14, deb 9, ect)
  2. install and setup the VM without any updates or changes to the default configuration
  3. google the distro version (Ubuntu 14.04) + vulnerabilities or exploits
  4. read through the different sites to find applications that had huge security issues on that version and begin installing some of the programs that have known exploits

So for example with Ubuntu 14.04 we know there are some Linux kernel exploits.

A quick Google search returned this exploit: https://www.exploit-db.com/exploits/43418

Using Ubuntu's website I looked up other critical vulnerabilities and found these: https://ubuntu.com/security/cves?q=&package=&priority=critical&version=trusty&status=

From here I could add some of the packages mentioned as having exploits and then attempt to exploit them. I could also check newer versions of Ubuntu like 16 to find vulnerabilities that would also apply to older versions.

There is also Mitre's list(s) of the most dangerous software vulnerabilities. They have one for 2023, but also a catalog of lists from previous years.

https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

Hopefully this helps!

[–] computerboss@sh.itjust.works 30 points 1 year ago (2 children)

I can give you an answer from someone who regularly downloads really old EOL versions of Ubuntu and Debian. I personally use them as part of attack and defense competitions. They are normally very close to unusable and are nearly impossible to update to a more recent or secure version. This forces my team to find creative ways to keep them working while also taking measures to isolate them as much as possible. I also use them to teach old exploits that have been patched in more recent versions, walking people through how it worked and why it existed.

It happens a lot more with Windows machines, but there might be some manufacturing systems out there that require software that won't run on modern versions of the OS. These systems often require new manufacturing tools in order to upgrade, or they need massive overhauls that smaller companies can't always afford.

[–] computerboss@sh.itjust.works 9 points 1 year ago* (last edited 1 year ago) (1 children)

No one seems to have thought about the fact that most schools have been out for those three months. Not sure exactly how much of the traffic is high schoolers and college students cheating, but that could account for at least some of the loss in traffic.

Edit: missed a word

If you download a wireguard/openVPN conf file from Proton it will let you enable nat-pmp which is basically automatic port forwarding. It seems to work fine on a Linux machine running qbittorrent, but your case might be different.

I have had this problem as well especially when I first join a tracker. Overall my ratio is around 6, but for private trackers where I have been seeding for over 2 years I barely hit 1.5.

If the tracker has a bonus point system understand how it works and try to build up a bunch of upload credit with it. If the site has freeleach only download freeleach torrents for a while until you build up enough upload. The last method is personally my least favorite, but you can findout what torrents are normally the most popular and setup a program to always download them as soon as they are uploaded. Even if you won't do anything with the torrent content it can help build a ratio.

I highly recommend either making, or buying a seed box for private trackers, and most of them will give you bonuses for seeding for a long time, or seeding very big torrents. If all else fails you might want to consider paying for VIP if they have it. Normally paid accounts get extra upload credit or freeleach on everything, or something like that.

I raised this concern as well. I haven't seen a lot of mods commit to moving from Reddit to Lemmy, and I think the lack of tools and established apps is a big reason. Reddit will have this problem at the end of the month, but it doesn't help that Lemmy has this problem now.

Saying "then make your own app" is also not helpful. Not everyone is a developer, or has the extra time to work on one, especially for a free platform.

I am hopeful that enough techy people will join Lemmy and want to invest time into making it better, but even if 1000 users suddenly started working on apps and tools it will still take a while before they are on par with the reddit apps. The best hope is that an API translator for reddit->Lemmy gets working soon and 3rd party reddit apps become Lemmy apps.

[–] computerboss@sh.itjust.works 0 points 1 year ago (1 children)

You might have some luck with a private trackers like Sportscult. They have open signups right now.

[–] computerboss@sh.itjust.works 3 points 1 year ago (1 children)

I'm kinda the opposite of you. I love Bethesda games, but the fantasy element doesn't do it for me. I never liked Skyrim or the elder scrolls series but loved the fallout series, as well as games like outer worlds. I am not going to preorder the game but I am very excited to see their take on a space rpg, because I love fallout and I love space exploration so if combined well it should become an instant favorite of mine.

[–] computerboss@sh.itjust.works 7 points 1 year ago (1 children)

I don't think there is an app specifically for that, but you could use something like focusreader to get an RSS feed from torrent sites you want to keep a watch on.

[–] computerboss@sh.itjust.works 6 points 1 year ago (1 children)

I don't think there is a way to sort comments yet. It doesn't seem to matter what I do comments are always random for me.

[–] computerboss@sh.itjust.works 3 points 1 year ago (3 children)

I agree. I found it easier to transition because I follow mostly smaller tech subreddits that already had a presence here, or quickly started one. I only posted 70 comments total and almost nothing recently. I am more concerned about the power users, mods, and people who need things like screen readers not being able to make the jump. In my opinion Lemmy needs those users more than lurkers.

[–] computerboss@sh.itjust.works 8 points 1 year ago (5 children)

Honestly I think the AMA showed that they are not backing down. Spez answered like 14 total questions on an AMA with 30k comments the last I checked. They don't seem to care, and I don't see there being a significant number of people actually leaving reddit either, the alternatives just don't fix the problems people are having with reddit. If you use a 3rd party app because it has more features, are you going to leave the platform for another platform that only has one 3rd party app?

view more: next ›