• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle
  • Ok so to be clear when I said team I mean a bunch of college students preparing for different ctfs, but these are some of the more helpful resources we have found:

    Tryhackme: personal favorite especially for beginners Hackthebox: great for learning/practicing attacks Overthewire: another good ctf site

    We try to build many of our own ctf like machines, then each person switches their machine with another person and the other person tries to secure the vulnerabilities without knowing anything about the machine. Once everyone has secured their machines we try to attack them using the notes made while setting them up. This is our step by step for that process.

    1. download an old version of a distro. (Ubuntu 14, deb 9, ect)
    2. install and setup the VM without any updates or changes to the default configuration
    3. google the distro version (Ubuntu 14.04) + vulnerabilities or exploits
    4. read through the different sites to find applications that had huge security issues on that version and begin installing some of the programs that have known exploits

    So for example with Ubuntu 14.04 we know there are some Linux kernel exploits.

    A quick Google search returned this exploit: https://www.exploit-db.com/exploits/43418

    Using Ubuntu’s website I looked up other critical vulnerabilities and found these: https://ubuntu.com/security/cves?q=&package=&priority=critical&version=trusty&status=

    From here I could add some of the packages mentioned as having exploits and then attempt to exploit them. I could also check newer versions of Ubuntu like 16 to find vulnerabilities that would also apply to older versions.

    There is also Mitre’s list(s) of the most dangerous software vulnerabilities. They have one for 2023, but also a catalog of lists from previous years.

    https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

    Hopefully this helps!


  • I can give you an answer from someone who regularly downloads really old EOL versions of Ubuntu and Debian. I personally use them as part of attack and defense competitions. They are normally very close to unusable and are nearly impossible to update to a more recent or secure version. This forces my team to find creative ways to keep them working while also taking measures to isolate them as much as possible. I also use them to teach old exploits that have been patched in more recent versions, walking people through how it worked and why it existed.

    It happens a lot more with Windows machines, but there might be some manufacturing systems out there that require software that won’t run on modern versions of the OS. These systems often require new manufacturing tools in order to upgrade, or they need massive overhauls that smaller companies can’t always afford.




  • I’m kinda the opposite of you. I love Bethesda games, but the fantasy element doesn’t do it for me. I never liked Skyrim or the elder scrolls series but loved the fallout series, as well as games like outer worlds. I am not going to preorder the game but I am very excited to see their take on a space rpg, because I love fallout and I love space exploration so if combined well it should become an instant favorite of mine.



  • My wording was poor. I ment that currently there is no way to contribute to reducing stress on an instance. Making your own instance might help prevent the problem from getting worse, but it is not the same as adding more cpu power or ram to an instance. If a instance is maxing out on it’s CPU power, currently there is no way to allow other people to help disperse the current load.

    On a slightly tangential point, I am not sure how sustainable it is to increase the number of possible users by increasing the number of instances. It is already a frustrating process finding the right instance to join. So imagine when there is 1 instance for every 100 users. With 100k users that is 1000 different instances to sort through. I think there needs to be better ways to scale Lemmy, especially the amount processing power it requires. Lemmy.ml will only be able to scale so big on a single vps instance, or even physical server.


  • I have been thinking about this a bit. Right now there is not really a way to spread the load out like you mentioned. Anyone can make another instance, but it doesn’t really alleviate any of the stress from another instance. I think it might even add to it, although not as much as adding a bunch of new users would. It would be beneficial to be able to contribute compute power to an instance, but I don’t think that is a realistic goal with the way Lemmy is setup.




  • If the selfhosted community decides to create an instance, I think it would be cool to host a bunch of selfhosted communities. For example you would have the instance at example.selfhosted, then a selfhosted community, and also other communities that use selfhosted software. So example.selfhosted would have communities: selfhosted, plex, jellyfin, vaultwarden, ect.

    As for leaving lemmy.ml I vote to wait a bit. I don’t think there is a easy/good way to move instances at the moment. So in effect you would be abandoning this community and starting over on a different instance. Although I might be wrong about that.


  • It honestly could be either. But the most likely thing to happen is a big company (Disney, HBO, Netflix, ect) sends lemmy.ml a take down request that the mods decide is not worth fighting and they nuke the community. The nice thing is someone could always spin up an instance focused on piracy and ignore take down requests.

    I actually think it would be really cool to have a Lemmy instance in Switzerland or somewhere that hosts communities like piracy, open signups, cracked games, ect.



  • Thank you for making this community. I enjoy keeping up with interesting attacks on r/cybersecurity so I was glad to see a similar one pop up on lemmy.

    I am a 3rd year CS student and I am running my schools cyber security club. I am studying for the OSCP over the summer and working on setting up a server stack for the club. I haven’t made many posts in the past but I am trying to engage more with the community.

    I am excited to see what this community brings in the future!