I'm losing brain cells reading this

umt13:
PLS WHICH PROGRAMMING LANGUAGE SHOULD I LEARN TO BECONE CYBER SECURITY EXPERT?

I've once made a post to answer this question. Check it out. https://www.nairaland.com/6053872/programming-languages-hackers-should-learn

A government's ability to control the Internet depends on its control of ISPs, the private sector companies that grant Internet access to customers. ISPs like MTN, Glo, etc have direct control of the Internet, so the ability of the government doing anything funny depends on the control they have over those ISPs.
Let's be realistic. There may be ways of disrupting ISP services but at terrible costs. ***Laughs in market crashes***- tamper with connectivity that interrupts ecommerce and business communications. Our internet is interconnected with our phone, and other utilities carried on same poles and so complicated that I don’t think the government could do widespread shut downs without causing power outages, loss of water services and more.

P.S. Just added a satellite broadband to my cart in case we want to try rough play

charlesazeh:
Can you help me with iPhone spoofing? Want to change my iPhone location

Uh! Just use a VPN?? Or go the long route and jailbreak your iPhone to use locationfaker or go another longer route and grab an hardware spoofer like Gfaker

Bahat:
Neat and simple, but not effective to some serious reversers. Nice post more of this. As I could remember anti debugging technique was brought to life by virus coders who hates to see their work being stopped like this trickbot disturbing the peace of the internet.

That's true, some reversers will have no problem finding a workaround. But of cause you can harden it too xD
TrickBot is pretty insane, my tracker saw it targeting the States recently (both via malspam and Emotet drops). Seems TrickBot is a multinational crime enterprise not some skid screaming copy and paste code at things.

Bahat:
Well done job bro. I see your code consist of those functions advised not to be used in coding anymore they are vulnerable. When dealing with C remember to read security blogs for latest news about their vulnerable functions.

You're right. It's hard reading code or debugging with screenshots, but it seems I can see a local variable in a function’s stack frame. The return address on the stack can be overwritten... All hail an overflow xD

emillysmigael:
I can teach you the first 2 provided you prove beyond doubts your motives for learning hacking.

#WhiteHacking
#Python & #Angula

State how much you are willing to pay

JOAT

My last topic was how to get started writing your own malwar3, now let's talk about how Malwar3 authors have always looked for new techniques to stay invisible. This includes, of course, being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis. make the post-detection analysis more difficult, threat actors use various anti-analysis techniques, one of the more common ones is Anti-Debugging. Threat actors have proven to be more innovative not only in the malwar3 they are creating, but also the techniques they are employing in order to evade detection and analysis by malwar3 analysts and products. Anti-debugging, therefore, poses a hindrance for malwar3 analysts as it can prolong the process of being able to reverse engineer the code and thus make it more difficult to decipher how it works. Once the malwar3 realizes that it is running under a debugger, it can adjust its usual code execution path or modify the code to provoke a crash, which then hinders the analysts’ attempts to decipher it, all the while adding time and additional overhead to their efforts.
There are many methods to prevent Debugging. In this post I will show some neat and simple method.

Basic Logic of this process; If there is a Tracing operation with Ptrace, it is to detect it using ptrace.

Considering that there is a control like this:

//EvilSec
#include <stdio.h>
#include <sys/ptrace.h>

int main()
{
if (ptrace(PTRACE_TRACEME, 0, 1, 0) < 0) {
printf("Debugging noticed, Screw You!\n" ) ;
return 1;
}
printf("Normal Execution\n" ) ;
return 0;
}

Here we see that the ptrace system call checks if the argument named PTRACE_TRACEME is a child process for Debugging.

If the Process is traced;
printf("Debugging noticed, Screw You!\n" ) ;

If not We get the message:
printf("Normal Execution\n" ) ;

How Can We bypass The Control Made In This Situation?
The solution I found for this is using LD_PRELOAD; Hijacking the ptrace () Function. First of all ptrace (); We’re creating a fake library to replace it as follows:
> long ptrace(int request, int pid, int addr, int data)
> {
> return 0;
> }

After compilation, we assign the resulting library location to the LD_PRELOAD environment variable. and then when we run it with gdb
printf (“Normal Execution\n” ) ;

We get This message. So we successfully bypassed Control.

Being a mole for rogues that shot a friend in the past would make me dumb. I don't know why people think an app that's made to protect lives is illegal.

P.S. The app has a butt ton of other great features too, and it addresses other threats, like "rape, sexual violence, robbery, domestic violence, etc"

Realoaac:


Yes it was built the app. Sure, we can have a discussion about you contributing, exchange ideas and sorts. A lot of things can be added

Neat. I've dropped a mail.

Bonatheripper:
Yet ordinary Calculator u cannot hack

How about I start by doxxing you xD?

Realoaac:
Sety (https://sety.io) now lets you report a SARS location and this notifies people around.
It's no news that the SARS are a menace in our society, targeting young people.
We built this feature into our existing product and we hope it's a step in the right direction.
The government won't end SARS for whatever reason, so we as the youths have to create a solution to this problem.
Thanks and Enjoy

Pretty neat. Was the app developed by you? If yes, I would like to contribute to it's development, I've got some ideas that would make it better.

Bahat:
Hi EvilSec, is there any know python library to validate email input with respective domain

To validate emails for any type of domain, use https://isitarealemail.com email API validation, it does in depth email address inspection on the email server. You need to use the python requests library.

This post has been extremely eye-opening, in a good way. There’s a lot perspectives I did not take into account. I greatly appreciate the advise.

NL's programming section needs good and active mods to filter out ads like this. Seun, do something about this.

Shoot me an email.

Najdorf:
Take a break, maybe for like a month or how long it takes you to regain yourself. If after taking a long break you're still the same then your burnout is hinting at a bigger issue that only you can find and fix.

I guess a long break could work too. I’ve been waiting thinking that things would get better without actually making attempts at fixing my terrible work habit.
If my life is still shit after the break, then I guess I'd have to start thinking of my tech retirement plans.

Bahat:


My advise is you reduce your work time and probably have breaks during those hours. You are already an experienced dork you know what to do and what works for you boss.

Thanks for this brother. Seems my main focus this weekend will be to relax, decompress and take a step back.

Anyone has advice on avoiding Burnout? I generally work 11-15 hours a day, then try to spend my limited free time towards Research & Development but since the beginning of the year I have started to Burnout pretty bad. It’s not that I lost my drive, motivation or passion. I just can’t do it. At this point, I burnout daily and I am having a hard time staying constant with studying for certifications or R & D in general. Any advice?

What you're looking for is not an intern, it's a damn full stack android dev and you're going to make them do your projects for you without paying them a dime. Shits like this are unethical and vile. Labour deserves compensation no matter how small. Imagine saying “unpaid full time internship” in the middle of a pandemic.. Have you lost your mind?

unpaid internships are unethical and exploitative, experience doesn’t pay the bills. This shit is modern day slavery.

Najdorf:
Following

Not sure if there will be a follow up post. I've been getting banned a lot on NL these days and a ton of my posts have been removed. Maybe it's time I stopped using nairaland.

codeigniter:


I would like to know more

9jathingsonpoint:

please what's the info

Checkout https://www.bitsler.com or https://www.gigabet.com

OGWILLS123:

Good day sir.

please i want to go into serious ethical hacking and people are telling me that I need to know many language as possible since I can not use JavaScript to hack something build with php, neither can i use python to hack java. so because of that I need to learn as many language as possible if I want to hack anything.
How true is that sir
thanks

I made a post in the past that should answer your question.
https://www.nairaland.com/6053872/programming-languages-hackers-should-learn

Weeks ago, I got asked this question by JayJayGee.

JayJayGee:

Okay, I have a question now.
In my cybersecurity course I recently learnt how to identify and analyse malwares also how to install and remove malwares. Also I saw myself picking serious interest in malwares. So I'm asking how do I go about creating or learning to create my own malwares, exploit scripts and all of that so I can be an effective red teamer for my cyber security unit?

The answer I gave wasn't really in depth so I thought I'd make a post to properly explain how you can make your malwar3, the programming languages you should use and what the logic will be.

Writing malwar3 all depends on what you are targeting and how you want it to work. If you want a classic file or boot sector infecting malwar3, go with Assembly. This is a very difficult but rewarding language because you are writing so close to the bare metal of the machine, it makes writing code that can alter binary files and hardware a simple matter.

Worms, macros, script virus3s, and most other malwar3 can be easier since higher-level languages easily support networking and graphics and you don’t have to do any tricks that infect binaries or deal with hardware. From there it’s all about what you want to infect and how. C and C++ are good for most purposes, but once you have written your malwar3, it will only work on that OS (if you wrote it for Windows but want it to work on a Mac or Linux, you can still use those languages but you will have to recompile and even rewrite some things). Java is the king of application languages, but it presupposes the user has a Java virtual machine. Android uses Java, so it can be useful for Android malwar3. In the Mac world, both for their computers and phones, it’s largely Objective-C and Swift. For web-based malwar3, you can use JavaScript or Ruby, but PHP could also be quite valuable (it’s what Facebook and Wordpress use). Python can do just about anything, and luckily, it has a lot of malwar3 to its name too.

As for the logic, that’s a big question, and something for you to work out for yourself. It’s a lot of work and if I’m going to even just work out the logic, I’m either writing a virus to satisfy my own curiosity or I’m going to be paid handsomely. Also, as the logic goes, as any other software you should have a list of requirements and you write your code to satisfy those, as example if your malwar3 is a worm; it has to have some method of spreading like coping itself from one hard drive to another to a flash drive to whatever is connected and you see as a way of spreading your worm. if it is a spyware then it should get access to the victims resources like the microphone, webcam, keyboard and probably have screen capture abilities. All of this requirements are usually achievable through most programming languages and you can actually find example code for them on open source software.

I won’t warn you against writing them, but I will warn you to be careful and not let them out. If you must run them, do it in simulators or virtual machines that are not attached to the wider Internet. I have no sympathy on anyone who deliberately releases destructive code on innocent people and ends up banged up with a crushing fine or even a long jail sentence, but I do like and even hope to encourage the curious person looking for an interesting technical and intellectual exercise.

If you guys think I should make another post showing you how to get started with writing basic malwar3s in C or Python, let me know.
P.S. This is strictly for educational purpose.

motionarena:
Please I need someone to teach making money with digital cryptocurrency (bitcoin).

I see most of my colleagues making it big but most hesitant to put me through.

Ready to pay your asking price for the tutorials

Can show you how to play casino games with your crypto and make back x10 or lose everything if you're greedy.
It made me a lot of money in the past cause I wrote my own custom strategy script.

Enceladus:




Elders abeg where can I get the realtek ar8812au or atheros ar9271 cards for a reasonable price here in Naija bcoz it was North of 15k on Jumia. I currently reside in Ogun.

Use aliexpress, their standard shipping down to Nigeria takes roughly 25 days, "if you've got enough money to shell then use DHL". Jumia's pricing is an overkill.
I bought two of my adapters there, the Alfa AWUS036NH and AWUS036NEH. They inject packets like a beast.

dibara:

please lets talk pls 09067220114

About?

I think your youtube videos just inspired me to quit hacking and just cook great foods everyday instead. Glad I found this thread cause I'll try some of these for myself.
P.s. Don't stop rolling out great contents xD

JayJayGee:

Okay, I have a question now.
In my cybersecurity course I recently learnt how to identify and analyse malwares also how to install and remove malwares. Also I saw myself picking serious interest in malwares. So I'm asking how do I go about creating or learning to create my own malwares, exploit scripts and all of that so I can be an effective red teamer for my cyber security unit?

Checkout these courses:
- https://academyhacker.com/p/complete-ethical-hacking-series-malware-development
- https://www.udemy.com/course/complete-ethical-hacking-series-malware-development
Bonus - Grab these books to learn more about malware analysis:
- https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901
- https://www.amazon.com/gp/product/0470613033

Those two are regarded as a common entry point /decent start to dive into that realm.