#general

who even uses outlook these days

People who buy sports goods appearantly

show a warning on the website saying we dont support outlook emails

if you use outlook pleasse make a gmail account

fortune 500s

and they regret it everyday

so will there be just one subscription that will provide access to both htb labs and letsdefend?

Htb x letsdefend, what does this mean

WHAT DOES IT MEAN

Even we don't know

htb has letsdefend now

just liek vulnlab

Okay, and

and htb is goat

woo letsdefend

it's free or what?

They bought the competition, there yah go

https://tenor.com/view/the-simpsons-bill-gates-buy-him-out-hostile-takeover-acquired-gif-9327086

Offshore OST

what is letsdefend

Post-Punk is doomer?

since when?

dunno, ask KalashRM on youtube

open your EYES people, the only reason that HTB can afford to buy all these companies
is because they raised the HTB+ subscription price.

Wake up sheeple

at least it wasn't for inflation reasons

Getting more for money is on target

m0.0m

Is there any HTB staff that can answer my question?
Is it permissible to use demonstration pictures from the academy for my write-ups?

Writeups for Academy content are only allowed for Tier 0 modules. As for reproducing the assets from the Academy, I'd say likely not.

Read the terms of service 🙂

https://academy.hackthebox.com/tos

I would not say it is not write up for academy content, but like teaching the attack in my own environment but using some pictures like this for demonstration

looks illegal to me

It is a writeup. Read the tos

It states quite clearly the rules on IP from Academy.

If you are developing your own environment, then develop your own content.

fair enough, thank you for your answer

how is that a writeup lmaoooo

a writeup of what? a kerberos exchange?

that is what I thought.

you can generate the same in 2 seconds on deekseek lmao

how is that a writeup it's just a picture lmao

I advise reading over what I said again @proud moth, if you have trouble grasping it

look, Hacknet writeup guys:

but why are you sharing something actually useful and cool here

yeah that sounds much more better, thank you

"trouble grasping" lmaooo holy hell

Yall feeling spicy this morning huh?

Everybody got get some coffee and a bagel and chill tf out

@terse dirge Im talking to you

Absolute menace

Now who up hacking they box

It's based on HTB content that isn't meant to be put in writeups, it's not allowed,even the color palette is a blatant copy

Ngl it looked like a THM palette

Yeah... look at old THM/white mode

I justed wanted to explain how kerberos authentication works, with some HTB pictures, this module does not even contain lab

The day palettes can be copyrighted, I will copyright black text on white background and sue you all

It’s not about what you want

the color palette lmaoo

Jokes on you I use windows white on blue

No I don’t

I lied

That’s evil

then what

You got your answer already

Let's move on?

Anything but what you want

That’s life baby

Hack the box?
Nah
Defend the box

Up hacking my box rn

Up hacking my defenders box rn

Wait

That might be too far

lick the box

Tbh guys I wanna be hacker rank to post gifs so bad

I gotta lock in

Spent waaaaaaaaaaaayyy too long to root editor for my likings >_>

Don't do it for the gifs

should've linpeased it

You don’t understand the depths of my pettiness

if not for the gifs, what else?

The desire I have to no longer be an embed failure

Goth women

And to get good at what I love

The usual

Time to grind season 9

🫡

Oooohh in 8 boxes I have 100 user pwns.
I should throw a discord party 👀

Ah so that's why the price went up

When are we gonna see letsdefend labs in htb

?

https://tenor.com/view/dance-crazy-party-man-bald-gif-17362387

probably can find here #1318239802931286066

didn't know that

Welp. Soon I shall be going to my interview. Hopefully it goes well

Yesss

Who gave u redbull

Yeah, this is my second one following my internship. Believe it or not, the place I’m interviewing at is actually very close to where I had my internship.

@devout sail heyy

Heyy drog

Wait

Night

White

Hows life

Yeah, I’m currently applying to a hardware computer technician role.

Tiring af, just came home after 1hr drive

I honestly don’t really know a lot, but I did take some time to review things like soldering and basic computer parts.

Too much traffic

@wet thistle isee

Hehe

How' areu

Ready for season 9

Pop another can

Audio is my preferred way

Audio is useless for me
Unless I'm focusing all on it. Like need to immerse or its waste

I use it on my windows host
It was straight forward setup

Just get the data from vm. To host and import
Idk if. I'm missing anything by doing that way

Hey 11

I'm 21A

How does it feel to be 10 versions and 1 patch behind

At least get the version 19
It patches the stupid emotions

@devout sail what are you talking about right now?

Well regardless of whatever happens, I plan on playing borderlands 4 when I get home.

Oh Shadow versions

sorry my english is bad, i am from Asia

And what ma7asn3h said

I too

I just turned down a job offer today, hopefully the right choice

what version is it currently on?

21A

haha yeah, it's okay bro, as long as there is an intention to discuss 😅

V22 failed

Is there a trigger for a vulnerability? bro?

Disagreement on contracted entitlements. Basically I had compromised on the pay a fair amount because I thought the environment was going to be better and have more opportunities, but there was going to be like a 18 day difference in holiday entitlement, longer work hours and a shorter contracted lunch...I would have actually been making less money long run

good on you for paying attention. These employers just suck us dry honestly

We were joking cuz me and @severe stream have similar name

I'm still doing a reset on my work tonight, but I guess that's not really important right now.

Oh my gosh broooo 😂

🤣

Do not the cat

Yeah, it sucks because I was really looking forward to it, but if the pay isn't going to make up for it, then the other entitlements need to at least be a bit closer to each other.

https://http.cat/409

Love remote. I barely leave my house for work now adays, it's awesome

i'm gonna go remote next month but i live in a basement

https://tenor.com/view/nosferatu-cellar-gif-12230325

me leaving the house to go buy exclusively redbull and cigarettes

no food allowed

those are both bad for you mkkay

Stop eating and drinking

And breathing too

Dies

I got a gambling problem

Splonk

I keep buying lottery tickets

poker?

i love poker

99% of gamblers stops right before their big win

You can only lose 100% but gain 2000%

185m would be sick

.8 to me?

it would be indeed sir

Thankfully I can afford this problem

once a week i do 100 bucks poker tournament, i sort of can afford it

Sort of.

but dang even 2m would be life changing

Buy a nice home

dang

2m is life changing

Get a really nice pizza oven

my man got priorities straight

It's loss meme 😢

Did that guy got yeeted after saying that

Hey pissboy

Lurking

10-methoxy-5,6-dipropylundecane-2,3,4,7,8,9-hexaone

You know me

The dream

.:|:;

5 and 6 got lost

woot woot

fake root

Just PayPal em to me man

Better investment

good morning fellow hat wearers of diffrent colours and box the hackers and such 😇

What is endgames in htb

4pm here

thats valid XDDD

Hahah

yes i totally have gif perms and can tell you 😭

were manifesting today

How is it going chat

So y’all be using ChatGPT or what

All I see is a bunch of prompt engineers

*Prompt principal engineer please

Its this one

I'm so stubborn on using Arch that I dockerized kali to have the tools

Pain is my bread and butter

terrorist ass country soundtrack

hi chat

I'm higher rank than you

Gm Emma

Hi emma

Hi spy crow

gm tyc

Hi Falcon

Hi amiwho

https://youtube.com/shorts/juZEosbUl3o?si=3563BLVyjza3D6w0

(Sorry if you see grammatical errors, I'm not a native speaker)

grammatical errors are unforgivable around here, cowboy

we are being invaded by aliens from a parallel shadow dimension

what peak error handling looks like

lmao

Ah yes delete the long message asking for help

A cunning strategy

What other pages do you guys know that perform a similar function to Webhook?

pages?

net_sz=$((2**$((32 - $(echo $1 | awk -F"/" '{print $2}')))))

sorry wrong chat

they tried shooting a missile at a ufo

but the missile didnt explode

and the ufo kept flying

but the weirdest part was 3 lil pieces broke off

and kept following it

Did this turn out to be true? My friend who is low-key a conspiracy theorist told me abt it so I doubted it lol

The hoax around 3I/Atlas is just a comprehensive reading skill issue gone wrong

yes there was a gov hearing about it last week

Damn

That’s a bit concerning

Mods, ban the guy below me

Man, I really love HTB for what it is

sorry nexion

https://tenor.com/view/freza-mata-vegeta-dragon-ball-z-gif-9312306410487027583

My wife and me are probably moving to cypress within the next 6-7 years

Good afternoon from great brittania hack the box chat

who plans literally anything that far though, seriously

I know that I'm moving to the netherlands in 2 years

6-7 is quite far though lol

Yeah we have to gather some money ofc

And my parents have a house so they’re quite old

I know it sounds weird but we have to check several things before moving

What does tyc mean
UD isn't helping 💀

@vivid flower

Ao i thought it was some abbreviation

hello sars

i am indian

@lime trout explain yourself

what got you inspired to move?

#general message

Hi

doesnt that require a plugin?

uhhhh

Hello sir

Hello, both entrypoints for Hades (EU & US servers) seems to be down.
I already request a reset.
Do you have an idea of the delay ?

its alright
ik it does

ive used vencord too

How is you?

contact support

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Good

You?

Never better

Nice. That your ride?

Are you the camel?

Yup

What’s the MPG like on that

Just decoration

does this server really not have a #memes channel

hi

when did linkedin become a spam platform where talent agencies offer you specific employees by cold calling you.. wtf

https://tenor.com/view/andrew-klavan-dw-dailywire-gross-nasty-gif-5438369578862270519

The agent never responds in the chat
Waiting after "Connect to an agent"

people just spam weird ahh post whenever i open linkedin

poked someone

"motivating" post

and its so annoying

Today i saw someone drop their coffee, this is how it helped B2B sales

LMAO

ive seen a guy talk about how his house burning and his wife trapped inside helped him get a sales idea 😭

Weather for example

thats fair its been raining nonstop all year by me basically

and its really fkin annoying

You guys get cold calling? I keep getting DMs about Finance opportunities.
It always starts something along the lines of "You look like a great match for Finance."

WHAT?

HOW TO BYPASS EVERY DEFENSE EVERY AV EVERY DEFENCE MECHANISM ON WINDAS PLZ PLZ?

You say PLEASE SESAME OPEN UP

OK THANK YOU SIR I TRY NOW IT WORKS WITH POWERSHELL ALSO PLZ?

Why are we yelling hehe jk

It's against the TOS 🤡

virtual yelling

https://tenor.com/view/put-the-gun-down-arch-genvieve-archambault-saint-pierre-disarm-yourself-gif-14045215126452637460

So I finished my interview, though it was much quicker than expected.

cat

Lf a mentor

Yes

is there anyone who knows kerberos very well
The Ticket-Granting Service is a component of the Key Distribution Center (KDC) that is responsible for issuing service tickets.

Typically hosted on a domain controller in the Active Directory domain. When a user or computer requests a service ticket, the request is sent to the TGS component of the KDC, which verifies the user's or computer's identity and checks their authorization to access the requested resource before issuing a service ticket that can be used to gain access to the resource.
this is content from HTB academy, and i think this is wrong, Just before this text, i read the the kerberos is only authentication protocol not authorization. and the service will decide whatever the TGS is for the user who can access the service, am i right? can someone clarify this please

@maiden anvil any hacking today?

Aight let's say i request a TGS for CIFS/fileserver.domain.com, kerberos will first authenticate you by verifying the TGT, decrypts it and verifies your session key and identity and allat, the authorization is done on the service part, namely it's fileserver.domain.com job to authorize your request for a certain SPN by doing this:

• Decrypts the TGS using its own long-term secret key (known only to it and the KDC).
• Extracts the user's identity and group memberships from the authorization data inside the ticket.
• The service now makes its own authorization decision: "Based on my access control lists (ACLs), is this user allowed to read this folder?" for example

kerberos gives you the TGS without question once you authenticate with TGT, it's not authorization protocol as you mentioned

no bcuz im a noob hbu?

no bcuz im stuck in calls all day

exactly, so this makes the text from HTB academy wrong

anyone knows if the billing for letsdefend is going to merge with HTB

because it's saying TGS component from KDC will authorizate you

yes it's not the KDC that authorizes access to the resource, it's the service principal hosted on the SPN host

should i report this

no because half of academy content is wrong anyway and will fail in 99% of the realistic cases anyway

so don't worry

lies

(nah joking, if you want you can report it but honestly, it doesn't matter that much and can be interpreted in another way, maybe the wording was misleading)

i would understand that if it is because it's outdated but here it is just wrong

there is a caveat though

what is that

the KDC can be configured in such a way that it doesn't even give you a TGS in the first place

so there is a layer of authorization as well

it's just not only in the KDC

the TGT contains your identity and session key, so one could configure the KDC to avoid giving your identity a TGS for some stuff, like CIFS/dc.corp.local

however, if you fail to get this TGS, it's really an authentication failure in my eyes

anyway, theory confuses me so i don't know, it doesn't really matter that much honestly imo

yeah but this is not even close to what the content is saying, I am try to report this, and will see what happens

how can i do that actually

@heady sage probably could tell us better

/feedback i think or something like that

is there any thing like this in academy itself

or is it problem with technical support

Not quite

https://tenor.com/view/leaked-character-ai-chats-character-ai-chats-character-ai-leak-character-ai-cai-gif-8362996510716869401

yeah i also agree

The TGS is not indicative of an authentication

Oh, @scenic maple You there?

It just says that hey such and such user is given permission to access this service

ah wait, that's true, the academy text is correct, it's only saying that the KDC can deny the issuing of a TGS which is true

Yeah that’s what I said

ok ok, then yea it's fine, the wording can be a bit confusing

think of an amusement park. you get a ring on your wrist. then you go around, but you can't get straight into any of the machines. you have to show your ring to get a new ring that actually lets you into the machines.

and then you slip on a banana peel

i think it is not just a bit

Very good explanation

source: read the specifications, implemented several low level kerberos client & server components

I really can not see the part where it says if configured like that honestly

The TGT allows you to get service tickets.

I know this

yeah and you may get service tickets even the service itself will say access denied later on... there's no harm in having a ticket

except there is, but yeah

but that's just microsoft, not kerberos itself

yep, and the text is saying the opposite saying the component of KDC will check the permissions before you get TGS

consider what happens when you have Account is sensitive and cannot be delegated, then not every TGS will get issued to you, i guess this can be thought of some authorization check?

don't blame kerberos for any goof made by ms

There appears to be a disconnect between your understanding of the material and the material that is presented to you.

Fortunately there is a solution

I think i am understanding everything pretty well in the content

have you done Kerberos attacks module

tbh kerberos a complex thing that takes a long time to start understanding, and then the AD implementation is another beast too

Very true

I understand Kerberos not very good but enough to understand the process you guys are trying to teach me

have any of y'all made Kerberos attacks module

no, Kerberos is one of the best technologies ever developed. it's definitely "good". it's just complex.

yep it is

in my opinion the KDC definitely does a kind of "authorization" check as well, as it can deny the issuing of a TGS depending on who you are

whenever different identities can access different resources, that's authorization

true, it's just somewhat coarse at that stage

it's just different from the service account authorization, for example requesting MSSQL/db.corp.local but you have no privilege to do xp_cmdshell

these fine-grained service authorizations are checked by a service account, not the KDC

but the KDC still does an authorization check on who you are before giving you the TGS

based on couple really broad users groups and settings, yes

or simpler for CIFS/dc.corp.local it would decide which shares you can read/write for example

@proud moth still can't believe i lost my job to an immigrant

yeah you are right, what you are saying is right, but the text does not contain any if statement, it justs sits between AS-REP and TGS-REQ

yeah it's a bit not specified enough

maybe you can propose a feedback to add this little info in there, dunno

i use HTB academy as a jump start to do more research, so i don't trust a single word I read never

RIP, was the immigrant an HTB player?

Hello

I think i am getting there too, i just don't want to know how many people are confused at this when reading the module

I have paid for this

maybe put on some music and jam the module instead of reading it, sing it aloud

it's ok, nobody really understands any of this anyway

as long as you do your own research you're gonna be fine

Is it allowed to stream old boxes on twitch like live? Or is there anything i should be aware of? I was thinking of it

I just don't use discord as much..

Only retired boxes that AREN'T Vulnlab

yes dear

What about fortresses and challanges? Only retired/ old ones?

yeah you are right, thank you for help man

u cant do fortress

https://help.hackthebox.com/en/articles/5188925-streaming-writeups-walkthrough-guidelines

no prob i hope it kinda helped i dunno

Also @crude lynx not to be rude but please try not @ me next time overall pls thank you

i am confused by kerberos too sometimes

Btw hey guys what's up

Thanks i'll read through it 😄

it did

nice 😄

https://tenor.com/view/trade-offer-rickroll-gif-23326359

https://tenor.com/view/british-cop-screaming-screaming-sad-gif-1879411192175791821

MUWHAHAHAHA!

its finally joever

Also, I just hacked my own Kali Linux account because I didn't know my username and password.

Im finally gonna see a psychologist after climbing two mountains and scaling the himalayas, i finally found one that will do a simple evaluation for me!

epic haxor shit

https://www.tiktok.com/t/ZP8SyV2WK/

No saving these containers

not enough chaos

BAHAHAHAHAH

How do I rank up? 🥲

DefendtheBox let's goo

https://tenor.com/view/cat-gif-27161863

by doing active boxes and challenges

On lab? Not academy?

lab

Good grief..

Thank you for the info

the labs are not designated as griefing

Time to dust off my hacking skillz.

((There isn't a lot to begin with.))

im worried

about what info claude knows

and who he is selling it to

You think? 👀

I'm still at Setting Up I may not rank up at all for 2 weeks (until I finish all the fundamentals)

Btw is pika backup important?

.......?

oh

ragebait

never mind

have a nice day 🙂

"Guys please don't hack me, I can't log into my pc... My credits are as follows:

Username: Partyanimalguy1998
Password: PartyDonutsAreTheBestz!!!"

"Update: Guys, a bunch of people just purchased a bunch of stuff from my bank account... Plz help!"

Rewrite english in Go otherwise im not talk here

:?:

What bank today does not force MFA

me fr

Which reminds is why im gonna do the Android hacking path once its out

? 🥲

$ Partyanimalguy1998@donutparty~ sudo su
Password: 
# root@donutparty~ whoami
root```

too late

mwahahahahha

Jokes in #general ?

yay!

Nice! Was it a private bounty?

No but i dont wanna share the name to find more bugs 😛

Haha fair

Good job on finding it, whatever it was

Some companies on H1 really really suck

Alright I'm peacing out to go back to studying

Have a good one guys!

NOOOOOOOO!

it was intigriti

Ohhh. Yeah I've never tried that platform. How is it?

I found Broken Function-Level Authorization

💸

@zealous charm check this meme out

I rise to the top

SKY'S THE LIMIT

when you just crossed a limit it means you still had one but when you have none there is just void cold emptiness

Hey Dan

@proud moth just released the explanation article, you can check it our here, would really appreciate a feedback
https://medium.com/@SeverSerenity/kerberos-authentication-process-b9c7db481c56

AS-REP

AS-REQ

TGS-REQ

TGS-REP

Ive got a golden ticket

but why medium

looks familiar

because i don't know anywhere else

No

do you know elsewhere

@scenic maple

Scam over here

They been posting it in modules too lol

it's everywhere

bro i they post it in every channel

it gets so fricking annoying

most probably bots

ofc lmao

no one would do it by hand

Someone who is on the grind

Locked in

Meanwhile mods

I don't really care about views so, it is mostly because i wanted to improve.

I mainly do my blog as a project to put on my resume

yeah i realised this too after starting doing it

if i oneday start a blog it will be to flex on recruiters

my blog is a PoC

Do everything only using XoRs

or binary operations

When I hack you, there won't be much traces but there will be signs.

i found several IoCs

you're going to cyberjail

NOOOOOO!!!!

RUUUUUUNN!!!!

https://tenor.com/view/dutch-car-gif-20315789

The IoC:

# .bash_history
cat /root/root.txt

((It says: "There went the f***ng car.))

Damn I don't get points by doing the starting point labs?

Nope.

https://tenor.com/lc4ORMoYipl.gif

Sad..

Anything with an official writeup doesn't get points

indicator of pwnage

(technically only active boxes and challenges get you rank btw)

https://tenor.com/view/weird-al-weird-al-yankovic-fat-weird-al-fat-are-you-fat-gif-795084738544474844

good afternoon, and happy rush to my fellow overcaffeinated peeps

Got it

Thank you

Unofficial are not allowed until there are official ones

it is like module 0 if you work on academy more

Well that's what I'm doing now.. 🥲

does this rules also work for chinese guys

I'm trying to finish all the fundamentals in order to go to labs and even pentesting

For everyone... but you can't stop everyone as a company

What u think 0xW1LD?

You approve?

tbf noone can compete with ippsec and 0xdf writeups, they're the most consistent and well made ones

CJCA

nah, just saying what i saw

https://tenor.com/view/ongezellig-coco-computer-gif-18670825

I don't understand.. like go to cybersecurity analyst and do cjca afterwards?

What preparation should I do?

Yes

That's where I am

i am about to break this concept

https://tenor.com/view/im-pretty-sure-its-the-same-jeremy-assisted-living-s3e2-theres-no-difference-gif-25257443

Side note guys, I read an urban legend that says: "If you can't find the right way to hack something... ping @scenic maple and he'll appear in your room at 3 AM to help you hack.)

Okay, I should take my medicine.

cant leave a homie helpless

hey @scenic maple I have a question

My list is for now

Linux Fundamentals

Windows Fundamentals

Introduction to Windows Command Line

Introduction to Bash Scripting

Introduction to Networking

Intro to Network Traffic Analysis

Introduction to Active Directory

Introduction to Web Applications

Web Requests

sure ask away

Hello gorgeous people

My man! ❤️

can we all ping u rn?

But it ain't 3 am yet! >:c

sure

Cool!

get @'d @scenic maple!

@scenic maple

No 😂 I mean on academy to go to the cybersecurity analyst job path and then do the cjca..

a friend in need is a friend indeed

Thank you man I appreciate the help

Man, I need a million dollars, please help me h-

The Junior Cybersecurity Analyst Job Path IS CJCA

I have a question related to htb: can I write scripts that can solve a retired machine and post them in github?

i am broke too 😩

yes

those are called autopwn scripts

We should've replied to that free money guy back in the day...

there are already some out there

but retired only

Thanks fellow cat

Yes only retired

So to be in the same page...

I do the jr cybersecurity analyst on academy and finish it

Then do the cjca exam

Or did I misunderstand? 😅

well, you don't have to do the exam, but I'd still recommend to do it

For me personally if you ask me it's a must..

More shit dumped into your biography u know what I'm saying 😂

how do I build an mcp server? just stuff a tool into docker and point my config at it?

maybe a better question for google

Nah bro that was the best part of the movie

https://huggingface.co/learn/mcp-course/unit0/introduction

Wait 💀.. you weren't talking about the exam the whole time and about the job role path?

Whats that

they're technically the same thing, idk why they name the job role path differently

you can't get the exam without doing the path

because you may not want to take the exam

How much did you pay for it?

-# well actually that's non of your business chrissie

Ahhhh

To be honest I thought the same

But to do the jr cybersecurity analyst first and afterwards go to pentesting

stack?

thanks for this 🙏

the CJCA path is not CJCA, CJCA is the certification

No ping very busy

normie or elitist?

so by CJCA do you mean CJCA or CJCA?

Well yes but that's how 0xW1LD says it so I go along 😂

it is confusing though

i mean certified secure computer user ~ ec council

You guys approve?

but can you be better at hacking than ai in the next 10 years?

Obviously just extrapolate what the person is talking about based off of context and tailor your responses based on each and every person and remember exactly how they like to talk about things... duh
-# satire

you can do CJCA first yes

CJCA path

*meanwhile most of us doing CJCA after doing CPTS*

I didn't understand..

WHAT IS THIS CJCA YOU SPEAK OF

I dont know what it is but I want it.

An exam

Gimme

You finish it after finishing the jr cybersecurity analyst job role

Ahh

Okay

certified junior croc addiction

I havent visted HTB site in like 2 months. But i promised to go back after i learn webdev.

And thats what im gonna do

But is jr cybersec analyst a must before jumping into pentesting?

no

Is it helpful? In terms of.. mixing it with pentesting

unless you mean career wise

Pentesting, hahahaha i would do so many ctf before taking the CPTS before taking the test.

Just do every easy machine as much as you can because the cpts is pretty hard

Requirement, not really
Recommended, HIGHLY
Did I do it? next question

I approve

mate, they said it's just easy and medium machines

Hell naww they have stuff they mention in modules ONCE

i have a cybersec bachelors and 0 work experience, im using this to kinda keep stuff fresh in mind and to practice

Even the very easy matchines at starting point are hard for me..

I'm not a noob I'm a fucking bot

Dog water

something you should know is that CJCA doesn't prep you for any of the easy machines besides old retired ones

but you didnt answer how do i get started in cybersecurity

Yeah thats pretty accurate...ehh medium i wouldnt say medium but definitely easy machines. The cpts is like 14 easy machines, each with unique thought processes you should have

turn around, work in a cafe, much less stress

w1ld u dont even have any certs

where is your CPTS

Bro sped-run the cert

Maybe the last few machines would be medium. I guess. But adaptability is a must for CPTS you have to be in a situation but have an idea of what to do via occams razor

i have like 6 comptia certs and a couple others

In 200 business days

i actually used to think free certs are cool until i realised they are horse shit

and no one cares

thats why i think htb certs are cool

200 business days

I mean if it's not then I shouldn't put my time on it and jump straight into pentesting

But I trust your judgement

Yes

that is correct

i will be dead by then

is the legal preperation + paperwork side of pentesting covered on htb or is it just the activity itself

Depends on how new you are to the field and good you are with picking up fundamentals while learning the processes

not covered but mentioned

pentest+ was like 80% "here's the buttload of paperwork you need to do to make this legal" and the rest was the fun stuff

It's talked about a little... but this is not a law platform

If you dont know any hacking just follow the job role path, once you complete it test your skills with easy machines on HTB. If you can get flags on the season or on your own without the walkthrough you are ready for the CPTS

2 months ago I started with THM and I finished the whole pre-security which was the basic of the basics (networks, web, Linux windows fundamentals, AD etc etc) and that's about it... I haven't touched any tools whatsoever

I put the work for only a month and I took a month break due to severe burnout 💀

some mistakes go long way

Yes but which one?

unresponsive is better.

bring back static sites! web 1.0 fo lyf!

Sounds about right, you shouldn't really touch tools while learning the fundamentals (except networking, go touch networking labs RIGHT NOW)

You're mostly supposed to learn the processes, principles, concepts, and a bunch of theory as a foundation

300 hours to center a div

thats what C developers make

considering i know atleast 4 ways to do it

actually 5

Alright I will 🫡

But then what?

you'll learn the answer to that along the way of answering the first

Then choose what you wanna do, think for yourself, stop asking questions, start answering questions with theoretical knowledge

cpts is 344 hours

There isnt a specific set of boxes. If you want on the CPTS channel theres a link on the pins that ippsec pointed to as recommended for the cpts but you can do any machines easy/medium. Once you can do them on your own you're good.

well, c developers are most usually competent

No I mean for the job role paths..

more like 3000 hours

You're right..

Oh you cant do the cpts without doing the path for cpts lol

html 1 compliant website

Oh now I understand sorry I'm not thinking clearly today 💀

So you're saying finish fundamentals even the most basic and then start pentesting

And I'll learn about the tools in the long run

You will learn about 80-90% of the tools available in pentesting distros

And various techniques

i totally skipped cjca lol

If you do both cpts and cbbh

im doing the 'information security foundations' to begin. it has a lot of useful basics in there

Dopeee...

What's up Wendy

sup

can't really focus today...

You wanted something and you @ me yesterday?

just wondering if you're still keeping up

Ahh I'm keeping up haha don't you worry about it 😂🫡

Imho its better to go throigh courses for stuff as some stuff like windows might be hard to memorize. I mean you can always go back to the modules, but can you like for example leverage icacls and so on.those things take practice to memorize. Net commands and stuff well actually those are covered in the modules but still its nice to know active directory well

But pls without trying to be rude I wanna ask you to try not to @ me as much as possible (except if you're replying to me obviously 💀)😂

https://tenor.com/view/the-weeknd-abel-super-bowl-gif-20285769

k

One of the things i wished is understanding how to use Bloodhound better but in order to do so you need $$$$

Cuz I'm mostly gonna be offline and use DC for the cube talks

Sorry 🥲

Knowledge for bloodhound is probably the most expensive thing ive seen

2000 dollars for a whole training session

Im not made of money

Alright I'm going back to studying guys

Have fun

Its not really that hard

Nice talking to you

Just use a cheatsheet for more complex bloodhound queries

No its more like recognizing valid routes for exploitation.

From the graphs

Because sometimes things are like triangular and you can really tell how to make a vector

Isnt a lot of that automated? Or is it discussing ones that cant be identified by bloodhound itself

I had that problem with one of the HTB boxes

Jk I have something last 💀

Is there digital forensic (dfir) anywhere on HTB?

Sherlocks

I mean to learn not in machine

Academy for example

Cdsa path

No its manual, well at least in the version of BH available in the hacking distros by default(its outdated) idk what the new versions are like

That teaches DFIR?

https://tenor.com/view/cat-gif-27161863

Chonkus maximusthe third of the legatus sonoris household.

Hello

He can barely stand 😭 someone fed that cat too much love

https://tenor.com/view/cat-cat-jumping-jumping-cat-jumping-cat-gym-cat-jumping-gym-gif-3870098694296539016

Nawww he a big floofy

i think he is sick

like a disease

he will be fine

Heart disease

Looks like lol

But just reducing the amount of food will help the kitty

Man I should start doing cardio

its time

My cardio has become very poor

No dont do self torture.

Ok

I'm not able to sleep rn

And I have to wake up early

do u drink coffee?

guys

look

Make friends with a boxer and have them knock you out

is that an obsidian plugin?

mcp bridging a local LLM with my obsidian vault

and I got all of these features now

Whats a taxonomy

Oh and youre not the first to mention MCP today m0rph

you can ask the chatbot to do stuff

Which one?

im using qwen3-14b but you can use any model with stuff like ollama and lm studio

all i can see is morphs pc is a good choice for mining crypto

No I mean which chat bot?

in the first pic is lm studio

Ahh nice

so I can also bridge it to vs code

and have it generate ransomwaare

then write documentation on it

and automate the whole process through a chatbot

gpt is weak

https://tenor.com/view/star-wars-sheev-palpatine-unlimited-power-power-force-gif-5073064

and when i figure out how to make mcp servers

im gonna bridge it to a VM

so then i can have a chatbot launch db_autopwn

and create notes in obsidian in xml

is tls decoding is legal? https

just asking

gm

can confirm it can create notes ✅

it seems there's a lot to learn

?

it depends on who owns the traffic your trying to decode

if your working on your own homelab ya sure

no one will tell you anything

i m working on owasp juice shop

oh int hat case yeah

that case*

i dont think theres a specific law that says 'you cannot decode tls communications' but if you are going to do it you could probably get in trouble if a company decides that doing it on their network constitutes an attack

you can just use wireshark

yeah just basic morality

like not somethingt that sensitive

its fine if ur working on your own enviroment

yeah i knw cyber laws also

only if you make a physical devices that does it, but it's complicated because it only matters if you're selling such a devices overseas with crypto export regulations

with burp

that works too

how thats wht i m asking

oh you can use the intercept in burp

i hve used but its in encrypted form

yeah cuz its TLS

it has to be encrypted

so how can we read this ?

you cant thats the point of encryption, so first u have to decrypt it, which you need session keys

its basically like a long tall wall

find another attack vector

except session keys

if possible

idk but i think its literally

the only way

to decrypt it

again its the same as you owning the traffic

gonna have to plant something on the device creating the communication to intercept it before it gets encrypted

are u working ?

as in?

like a job?

no im a student

is it possible?

oh cool whats ur age ( just asking )

all things are possible; they just may not be probable

18 going to 19

i think with burp is it is not possible coz i didnt send req to server but still its encrypted

cool

how can AI be real if our eyes arent?

https://tenor.com/view/morfeo-matrix-the-matrix-real-the-construct-gif-21089246

it has potential but it has a lot of problems

Nice! Looks neat

I've only done some browser mcp and burp mcp stuff

yeah but the silly robot hallucinated and made up a bunch of stuff for the dates

interesting

Browser MCP then let it loose on some portswiggle labs is pretty fun

I use Claude code too

Started it again yesterday

Open it

No too scary

Where can I do labs?

anyone who has solved juice shop ?

do prolabs and fortresses progress ur rank?

No

wdym?

as in Noob, Script kiddie, hacker etc.

but the guy said no

owasp labs is for script kiddies?

Waa checking this random API that generates quotes
https://generated.inspirobot.me/a/Ra6VjKxz6z.jpg

Good bye y'all 😢

I've seen a few, never bothered to solve

u probably dont have access to them cuz i think it opens from Hacker rank and above but im talkin about these https://app.hackthebox.com/prolabs

and the fortresses

hack hr and rehire yourself

Oh i didn't know about this 💀

im not 100% sure but i remember getting more VPNs when i got hacker rank

so it probably is where u unlock prolabs and forts

do u know csrf poc?

Do you know what you are talking about

If it's for the juice shop
Make one yourself, or google
There are many writeup for it

i know i waslil bit confused