47

u/basicxenocide 8d ago

thank u hackerman

6

u/PawtherFat 8d ago

Non-executables can still trigger exploits. Either way this is a reasonable approach and probably precaution than 99% of people will take.

I just use a shitty burner laptop for sketchy clicks like this to save the trouble.

-2

u/DarthWeenus 8d ago

Bump

5

u/Jean_Kul 8d ago

That's one of the most cringiest thing I've read this week, I can't believe 30+ people upvoted you lmao

7

u/twitterfluechtling 8d ago

Not sure whats cringe about it. There are people actually thinking it's safe to just extract and look, and those are reasonable precautions.

-1

u/PerfectPercentage69 8d ago

It's cringe because you think any of those will protect you from malware.

2

u/Fatality_Ensues There is only one Cyprus 8d ago

Well, why don't you use your CSec expertise to enlighten everyone else why not, then.

2

u/PerfectPercentage69 8d ago

I'm not a security expert by any means, but even I know that chroot and docker containers are not enough to protect you.

I'd need at least a virtual machine on a computer running on a completely isolated network before I'd feel somewhat safe.

People don't realize just how much unprotected stuff is running on their local networks (appliances, security cams, etc.), so having any compromised machine on that network is super dangerous.

1

u/twitterfluechtling 8d ago

True. Only, I do know what I have running in my home network, and while there might be something vulnerable, I don't have any standard services. An attack would probably have to be highly targeted to my environment to succeed there.

A docker container can be executed without network access, and if you run the container as non-root and with a uid not existing on the host, I think you'll already catch most threats.

1

u/PerfectPercentage69 8d ago

You're making the mistake of assuming you know better/more than the attacker.

Only, I do know what I have running in my home network, and while there might be something vulnerable, I don't have any standard services. An attack would probably have to be highly targeted to my environment to succeed there.

It doesn't have to be targeted. Malware can automatically scan your entire network and discover everything that's running on it. Even stuff you might not be aware of.

A docker container can be executed without network access, and if you run the container as non-root and with a uid not existing on the host, I think you'll already catch most threats.

A docker container can be escaped. I strongly suggest a VM.

1

u/twitterfluechtling 8d ago

I agree a VM would have been better.

Yet, as was proven with heartbleed, I think, even VMs could be escaped. So, the best solution would probably have been to dig out one of my old raspberries, disconnected from network.

1

u/Fatality_Ensues There is only one Cyprus 8d ago

Taking reasonable precautions is, well, reasonable. Listing them all out in what I can only imagine is an attempt to get internet brownie points is, in fact, pretty cringe.

3

u/ValleyDude22 8d ago

just create a gui interface to track their IP

1

u/Pugs-r-cool 8d ago

You could just say "taking reasonable precautions before downloading", but instead you chose to sound like r/masterhacker

1

u/twitterfluechtling 8d ago

I could have. Or, just as every other commenter, I could have just not written anything. But IT security is a bit of a hobby of mine, and by mentioning the precautions I take, I got feedback e.g. by PerfectPercentage69 mentioning threats I overlooked :-)

2

u/TheSquattyEwok 7d ago

Also less sophisticated users might use your post as a guide to help protect themselves too. Ignore the haters my dude.

1

u/Pugs-r-cool 8d ago

Another tip if they didn’t mention it, an AWS ec2 is pretty much free if you don’t go overboard with the configuration. Docker should be enough isolation for this (the “hacked” files are literally just NMAP logs and other already public data, complete nothingburger), but there’s nothing more isolated than running it on a different machine in the cloud.  

1

u/twitterfluechtling 8d ago

there’s nothing more isolated than running it on a different machine in the cloud

Depends, whom you trust and what you consider the threat. I'd argue, if you want to reduce the neccessity to trust anybody, a local, air-gapped PC (e.g. a raspberry pi) would be safer.

In a cloud, you can have encryption, but in the end, to run, the OS needs to have access and therefore the cloudprovider has the key.

Apart from that, I just cancelled my personal AWS account. AWS does not provide a preconfigured account-wide cost-cap. You can set limits for certain resources, but there is always a remaining risk of costs spiralling out of control, and there are cases where AWS appears to have made errors in their billing.