#general

by.. cleaning and purifying the wastewater of the duplicants

heya pwning

❤️

<3

I don't remember the first games storyline tbh

so

SPOILERS MUCH

🤣

i am talking about Oxygen not included ❤️

I blasted through the first so quick after release, kinda regret going so fast

Took my time with the second

Ohhhh

I'm still struggling to understand.. gas pressures

Am I thinking of another game then... I was thinking of a game on a sub?

on a sub..?

Barotrauma.

Like, underwater

bad colors because HDR but this

Yrsh yhsy'd yhr onr

Uhhh... fingers, move one to the left

Yeah that's the one

I was gonna say, fuckin, c'thulu pthagn alright

HE LIES IN ETERNAL SLEEP SIR

honestly me too

Ok yeah I've not played Barotrauma, so I must just be getting confused

💯 I was thinking of Oxygen Not Included as the one I played

do you enjoy the large Pit of Waste I have

I try not to judge

we call that "Future Drinking Water"

Everything has a use if you try hard enough

or something like that

my plan is

the water is polluted water

polluted water can be turned into normal water with a sieve

this solves only one problem though

its potable now sure, but it still has food poisoning germs

the solution? You boil it 🙂

So I have to transfer the filtered water into a vat, boil it, bring it back to temp, return to water resevoir.

Massive drip

far from a perfect loop

Damn it now I can't remember the name of another game from that time... something like "try not to do", or "please don't die"

Isometric cartoony graphics survivalish game

Robot n shit

I'll remember it at 6 am, don't worry

hmm

Don't Starve

Damn it, yes that's it

❤️

my infinite reaction time cursed technique is why im a good blue teamer lol

but yeh they're both made by Klei

Ahhhh, well that makes a lot of sense

I feel like

streaming some final fantasy

Have fun 🙂 I need to go to bed. First time I've kept myself up doing random crap past 11PM in ages

and I need to keep being a good boy

Nice to see you back dude

Gotta catch up properly some time 🙂

likewise sir, we'll catch up 😄

Yo cloud, do you have any tips on finding IOCs?

Or good threat Intel feeds?

I mean

Personally I haven't really utilized an intel feed

as most of my investigations are lead driven

@molten bobcat DM?

👀

sure!

Do you ever investigate malware campaigns for your job or just investigate compromised machines?

I do both pretty constantly

Nice

hi h4ck3rs

does someone wanna explain to me how i misplaced a greatsword..

Do you have any tips on finding IOCs or anything? I've just been using shodan a bunch lol for this current investigation I've been doing.

IOCs of what?

Malware. 👀

windows event logs, you're welcome

thats a bit of a vague thing id be happy to explain over vc

Lol

process explorer + autoruns

how R u guysz

I mean like IPs hosting malware or C2 servers.

IP addresses change like tears in rain dude

focus on .ru sites lol

May I dm?

it's kinda hard to explain without showing my current findings

I have an .ru domain 🙂

sure

I bought it with fake russian address

Illegal
Banned.

In soviet russia...

Gm chat

lol

.cn site

.nk site

hello

your blog is unresponsive, btw

Yeah i turn it down for some reason

gm

Hey why did xreous leave?

He's still in the server

Oh i thought he left he never talks

he did leave for a bit but came back a while ago

i just got a new business idea

hmm

any recommendations for github alternatives? thinking of moving to gitea atm, trying to move away from anything with telemetry/data collection

run your own git server

was thinking about it, which was why was looking into a local gitea simply for that extra comfort for lack of words, havnt done a git only server before tho, do you just use the daemon with a vm?

personally i have a raspberry pi that runs 24/7 and i maintain my main git repo on there (with multiple backup drives). choose a distro, setup the server, and remote into that, push changes to that remote, nothing too crazy

https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols

on my pi i just use ubuntu server LTS, then install the server, and its on my local network at all times

thanks i don't really have a setup where i can use a 24/7 server atm but thinking i might setup a git server and possible have it backup to proton drive or something

AWS free tier

been slowly reducing amount of data given out moving things over to more privacy focus'd stuff, but ideally i'm not liking how githubs going since microsoft ownership, same thing with things like vscode to much enforced telemetry

you can use a VPS too i guess, like a $5 / month Linode/Akamai node is more than enough

yeah or AWS free, i guess GCP too

that could work to actually

just make sure you keep a backup of it, somewhere, often, because if your VPS goes down you are rekt out of everything

Free tier has plenty of resource to run a personal git server

you can use a second server somewhere else thats free and setup a script to auto-send a copy over scp once every day or so

yeah ill setup an aws free tier for a git server, alternative was to use proton drive and backup local version control that way

Encrypt daily and push to a free GitHub LFS storage

Down the power

🤣

since i pay for proton, same reasoning really haha

oh torn i am on what to do

githubs owned by microsoft now, so trying to move away from them, keep hearing things about data collection everywhere

yeah i pay for google so might as well, or icloud

Yeah I get it, but your backups would be encrypted

Just throwing silly ideas, so don't take me too seriously

I generally stay away from stuff starting with "i" 🤣

run the server on US east 1, and run your backups on US east 1 as well 🙂

nah i misiread it thats kinda hillarious actually

You get 2gb LFS for free on Github

Depending on retention and history, as you obviously couldn't do diff updates as it's encrypted, it could suit you fine for some time

Anyway, end of stupid ideas, for now

yeah haha ill either go with aws or just backup the files with proton drive and setit up to a git diirectory

Regex search is my favourite feature on Github. Last week I rediscovered 3 old CVEs from 2015 lol

I was like oh look, new vuln, but then found out all of them are already registered a decade ago

tbh i wouldnt be surprised if they lead into other stuff where people hadnt updated things

people can be lazy when it comes to dependencies

damn i really want a new vape rn but it’s mad late ahhh ill just suffer with the dying vape and hurt my lungs for 1 night

That too. You can search for known vulnerable versions of something

Although what I usually do is search for vulnerable code patterns

Like unserialize($COOKIE[session_data]) or whatever

https://tenor.com/view/skeptical-futurama-fry-hmmm-i-got-my-eyes-on-you-gif-17101711

@eternal mango

How can bro read code? Half the time it looks like spaghetti to me

experience i guess

Hallo Falcon

Heyo

Early vulns I found with fun WP "research" was by hand, but then I automated it with common unsafe methods and variables, and then later with AST for variable taint analysis to watch for plugin / template updates, and flag potential sources for manual review

It worked very well

@static pasture

Hi

Hey

All good? 😄

Yea im good. Are you good?

I'm ok thanks. Been doing better with sleep, but today I've ended up down a rabbit hole of a stupid personal project

so couldn't sleep for thinking of what to do next, and now I'm doing it next

wups

I noticed 😂

Hopefully you figure it out!

Oh I have

and it's so dumb

but so fun

I was trying to find a configurable ticker that supports currencies and tokens across a number of common trackers for Windows, that I could just have in the taskbar to keep an eye on

None of the ones out there were m aintained, and th ose that were maintained sucked

So I made my own... and then for SOME reason the memory of those old desktop pet apps from the 90s came to mind, Dogz, Catz, Oddballz... I thought it'd be fun to show some sort of interaction on transactions, but I wasn't about to go do some pixel art

so instead it now shows the ticker in the taskbar, and shoots off desktop fireworks styled and sized based upon the buy / sell transaction values

So stupid.. but it's been fun

Should have some Tomagotchi like functionality

So....

You feed it, you buy?

You slap it, you sell?

That works lol

Ok this is going off the rails, again.

All I wanted was a freakin market cap ticker in the task bar 🤣

when the market is bullish it should have $ for eyes and when it's bearish it looks depressed

https://tenor.com/view/dollareyes-mrcrab-gif-5710567490593341100

https://tenor.com/view/wait-no-more-money-gif-2693189799346735339

I don't even trade 🤣

I just saw the news on an old coin I got a drop on over a decade ago and got interested again

Neither do I, I recently just got into dollar cost average investing... but looking at the market these days is depressing

Good Morning

Good morning

I just reached Bangalore and i really wanna go back home xD

lol

Linkin sipost
https://cdn.discordapp.com/attachments/585739600971169809/1436205003416145950/image0.png?ex=690ec1a4&is=690d7024&hm=cd44cd70a9409265852ca8dc7938a99889e189dc19971d7eca8c5e57550eb117&

turn it into a pwa, slap a subscription on that bad boi, market it to egirls on X, boom, you are minting $

Am in blore too xD

What you doing here

Relative's house

Same 💀

I'm gonna sneak out and smoke

i love this guy

Gae

Banglore is honestly pretty boring

Nothing to see there or do there

Grils

I could meet a few of my friends
But i haven't talked to them in years 💀

uhh i read AV as in AV not that AV

If they're worth talking to, then sure

I have good friends
I'm just lazy

Lmao

😁

Share

I have to go to college for project submission

Open sauce

Rapido

@devout sail today was that cultural society trip I told you about.
I missed it.

Yes

Hehe what do u do instead

College is 1.5 hours away

Work.

Why do u live in jungle

What work

Machines. Interview for a company.

Academy modules

Woah

Delhi is big

Breh you travel for 30m

And changed states 2 time

I have to use metro

Cause too much traffic

I'm talking about metro

But traveling in Delhi's metro is always fun

You always get to see drama

Gets boring and inconvenient after a while

I would prefer to drive

In that traffic 💀

Traffic is the reason why I take metro sometimes

Go to some other city

After btech

Preferably foreign country

Russia 👍🏻

Why not 💀

Some good country in europe

Too cold

Then goto the desert region

estonia is best in cyber

(idk the places names)

evening gents

Evening michele

close lol

Michale

Someday

some day lol

Too hot

Moderate climate preferable

Yeah just stay at home

https://voidread.pages.dev/ very cool btw

been working on my own lately as well

only get a couple hours a night lol. ruff life

mine takes you back to 2000 aol days haha

https://dg4e.net/

That's coool af

thanks 🙂

you should put an epilepsy warning

Nah

but damn that's nice

much appreciated! been working on it for a few months

But thecloud is back

wym?

@molten bobcat

-# idk the real reference xD

nah thecloud is a reference to obviously the cloud but transmuted to a memorial

?

oh look at that, you got your own directory on my site lol

https://tenor.com/view/esquie-mon-ami-huh-calculating-gif-15072777769569231196

gots to go but i shall leave you with a tune.

https://www.youtube.com/watch?v=TeRcsIR6CFY

https://tenor.com/view/jake-gyllenhaal-bye-bye-gif-7990496184851258495

@bingbong9

Interesting, did you download plugins and bulk to review it or was there some API involved?

https://tenor.com/b1Pvg.gif

https://tenor.com/bTU5e.gif

It ran off of the Wordpress SVN repo

So polled for updates and analysed the changes as they came in

That's efficient

and fast in terms of finding new stuff

Yup, got a load of CVEs from it, not many with high impact / high usage, but some

Gave me good experience in responsible disclosure and the CVE issuance / verification process

I've been meaning to try out this method where you scrape a lot of plugins and use AI to recurse through each of them and search for vulns. You'd need an MCP server, typically I'd setup Gemini since it's free, or I'd go for Claude Code if I'm willing to invest.

Claude using their Agent Skills feature would be best for that right now imho

It's very powerful

How can I use cURL to download a file please I need guide

So I've heard

https://curl.se/docs/manpage.html

Like, what have you tried, did it work, if not what happened?

👀 any 9-10 ones?

Plenty of no auth rce, file inclusion, sqli etc yes

I've gotten just one CVE so far, but it took so long that I'm kind of lethargic to get into the whole process of finding another 🤣

They're all documented on the blog 😉

Submitted it to MITRE and they got back in 4 months

Poor old ancient no love blog

4 months?! 😮 Damn

Was quite some time ago I last had to submit one, didn't usually take more than a few days for a placeholder

Things no doubt have changed, busy times and not enough hands

No reply from the vendor either

🙁 that's sad

I only had a few times where the vendor / author didn't reply along my responsible disclosure policy

But I count my WP research as pretty soft

No way indicative of general research or disclosure process imho

Other work I've done that isn't documented has gone much, much worse.. stretching to over a year in one case

That was so painful, but as it was a bank, and the bank I actually used, I had to stick at it 🤣

Ended up getting lucky and someone had a contact that knew the person to speak to

...follow 6 more months of back and forth lol

I mean, reaching out to the vendor was also challenging in my case. They had almost zero info on contact etc. I found their email through the patch notes of a really old repo and sent a disclosure request to that email... no reply till date.

I've heard WP is better at response times etc

Yup, feel that one

WP were pretty decent in my experience yes

Still gutted to this day the null byte injection thing I found in cURL wasn't considered CVE worthy

Not salty at all

😠

It was very edge case though

Why not? 🤔

Honestly I can't remember

Please no disrespect

I don't understand this question:

To get the flag, start the about exercise, then use cURL to download the file return by '/download.php' in the server shown above

Post in #modules please, that is the correct channel. The module section will include instructions as to how to use the command.

https://g0blin.co.uk/php-and-curl-and-null-bytes-oh-my/

I feel bad for the curl team though, for all the AI slop reports they get

...

Hah yeah.. use AI to help discover issues, fine. But VALIDATE and DEMONSTRATE

Blip blap blop the slop helps nobody

Or just copy paste straight out of ChatGPT 🤣

is this a finding on a pen test, that PMF is possible to be enabled but its not enabled?

Would this not have worked if you had just done curl file:///etc/passwd?

(Trying to understand what the security risk is, I'm new to null byte injections)

IIRC it was more regarding an edge case where a plugin was performing filtering based upon schema

It wouldn't have accepted just file:///etc/passwd, but it would accept a string with http in

The issue was that you could terminate the file path in the file: schema early when passed to cURL using a null byte

so file:///etc/passwd was the same as file:///etc/passwd%00http, and they both were evaluated as file:///etc/passwd and hence /etc/passwd when passed from PHP to cURL

I see, interesting

So yeah.. very edge case to bypass a very basic input filter on a plugin in order to use the file: schema to access a local file, while bypassing the filter looking for the string http in the path

https://bugs.php.net/bug.php?id=68089

I think this is very similar to some other kind of vuln

CRLF injection?

Something like that

Not quite, it's more the string was being decoded and parsed as is, and the null byte when processed in PHP before being passed to cURL meant the string was being terminated prior to http

Ahh, got it

Technically it could've probably have been taken further to some memory corruption or sorts, but I wasn't very skilled in that area at that point, so didn't try

It was an issue with libcurl IIRC, so not really PHPs fault

Anyway, that bug report above links off to the suggested and eventual patch in the cURL interface, along with a preventative change in PHP

iirc curl can do other things as well right? such as transferring data

Yup

you could leverage the null byte injection to read files, and transfer them to an attacker server

It suppots many methods and protocols

you could essentially clone the victim's filesystem... maybe 🤔

Honestly I don't think there was any real danger past the edge case above

of course, it takes time and is bound to be noisy, but in theory you could

Memory corruption wasn't really an option as cURL parsed the information correctly, it was that they were not ensuring the provided path was not equal to the end path

The logic before was to parse over the whole input string and decode it until it hit a null byte

The updated code changed it to parse over the full path string, breaking out if it ran in to a null byte with an error

Yeah so, if you could read the file by inserting the null byte, could you transfer it in a similar manner? Make an http request to read file:///etc/passwd to a webhook with the null byte niserted

Uhhhhm, I don't know, I don't think so tbh

My line of thought is that if its able to successfully retrieve the file contents, it might be able to also save those file contents somewhere (say, in a variable or something) and transfer it to a webhook

but if I were to find that issue today I would've definitely dug further

Ok ok, so

It's not about fetching the file contents

That was part of the app with the weak checking

1. Does the input have http or https in? Then it's a valid URL
2. Pass it to cURL to fetch the content
3. cURL terminated the string at the encoded nullbyte
4. cURL correctly fetched the file:// path

The TLDR is that the plugin was using a filter of http existing in the input path as proof of a valid URL, but through this bug we could remove the http string from the path through the premature null byte injection, meaning we could cause cURL to fetch a valid file path and have it returned to the app

I know, it's weird

Ohh okay. Then redirecting that output would have to be part of the app's functionalities for any real danger, I'd imagine

Yes exactly, the app only made the request, or rather passed the URL to cURL to make the request and then processed the results

I suppose in theory you could have done some funky shit with a samba share URL

but that's a massive assumption

@lilac cipher summarise this in Fortnite terms

especially as the issue was only present in the file processor lib in cURL

This brings up an interesting vector I hadn't tested with another bug I found

I didn't think to check the other protocol libs to see if the issue existed there at the time

the file part

Spill the beans 😄

Damn, I wanna run cURL lib through this workflow now to see if it finds any weirdness

https://www.bbc.co.uk/news/articles/cpd2y053nleo

🤣

Remember the XSS through the PPTSld frame in a Powerpoint presentation?

Ew

That was happening because of the fragment and the javascript handler after it

like example.com/something.htm#javascript:alert(1)

job security tbh

Haahah wow

Vibe coders should grow some balls and do real coding

lol

Use the tools available to you, but never trust them if you can't understand what they do

but technically, after the # in something.htm, you could insert an arbitrary protocol like http followed by a url, and it would load it into the presentation frame itself

you could deliver malware that way

I've coded for decades, but have found integrating AI in to some workflows very beneficial

imagine, a victim clicks on a presentation link and is prompted for a place to save the file (the file being malware)

If vibe coders keep increasing, we will have more apps like Tea

Well yes

if they don't use the tools right

as in just trust what is given

You still have to understand what you have, how it works, audit and test

Shipping something vibe coded without those steps, ew

and really vulnerable code

That is what I meant

https://tenor.com/view/cs2-cs2time-cstime-csgotime-csgo-gif-3752132632744748688

Not always.. but yes, possible

I thought tariffs would be the word of the year for sure

Vibe coding is not a good concept

That's why you need to integrate it in to your workflow

Not let it REPLACE your workflow

"oh yea let me just play some songs and tell this fucking AI clanker to do everything for me so I can be a lazy fuck"

lol

There's a difference between just saying "hey do this", and actually putting together a decent statement of work, paying attention to what the result is, testing it, auditing

There is nothing wrong with vibe coding, if using AI to aid in coding is done correctly

The former being the one what most people do

Most

some days i think ai can replace developers but today is not one of those days ~ average engineer using ai (everyday since 2022)

That's exactly it

MOST

Saying people who use AI in coding are lazy and wrong is just a blanket statement that is incorrect

Sure, someone could just make an app in 10 minutes and ship it

Lmao

When I'm hunting bugs and using AI to help, I also typically redact sensitive stuff like URLs. Because as far as I've seen, one of the biggest AI/LLM risks of the year is to feed it sensitive data by mistake and have either the provider or someone else prompt inject it.

Personally, I like rawdogging my code

but someone who actually cares about what they are working on, and using AI to help them achieve will spend time understanding and correcting provided

Rawdogging

Bruh

altho we cant disagree that people who learned to code without ai are a different breed than people who had ai

That's also probably why corporates ban chatgpt from employee systems lol

i litterally 20 minutes ago got claude to critique my code

I meant not using any assistance

I know

let me guess 6/10

Rawdog seemed like a suitable word

i think it is more because employees upload pii to it

But seriously, you should take some time to learn how you can effectively and safely integrate these tools in to your workflow

didn't ask for a rating, but prob kinda low

I should

Claude gives you the least shit imho
"You're absolutely right!" ❌
"Your code sucks, fix it!" ✅

I'm not saying ship to production 10 minutes after you commit to git from GPT or Claude or whatever

he says 6 usually not to hurt feelings 😔

But it's POWERFUL, and not just for coding

AI is an assistant
Not a master

that too

Agent Skills, the feature Anthropic shipped a while ago is freakin massive

Exactly

"idk what im doing but pls do it for me"

master senpai AI daddy UwU~

Used correctly to accelerate, and enable rapid development under correct supervision and critique is massive

And Agent Skill, that feature

I've said it three times now, but if you haven't read up on it, do so

4.5/10 💔

To be honest, I'd love to see more AI being used in other sectors, prominently on non-tech sectors

It's SO much fun to work with

and so powerful

Honestly I feel LLMs have taken away people's critical thinking skills
I think there was a study from Harvard or some big Ivy league uni which said that people who regularly used GPT had much lower critical thinking skills than those who did not

well ig he is honest now

`Why Not Higher?

❌ Data leakage makes all results unreliable (biggest issue)
❌ Misapplies scaling to tree models
❌ No way to actually compare which model is best
❌ Would perform worse in production than in testing
❌ Inefficient pandas operations`

If they have, that's their problem

Use what you have to help you work faster and think better, not to replace your freakin brain

blame python

Challenge what you see

Never accept truth without testing it as truth

Recently someone came up with an AI system to detect students carrying guns. Which is a very good way to use it. It did have a lot of FPs (like picking up a bag of Doritos as a gun), but honestly training it the right way and using it the right way can solve a lot of problems like this one.

no way to compare which model is the best is a future i was already planning on implementing

otherwise we may as well just throw shit and git commit

Earlier, if you had some question, you had to search for it on Google, learn about the concepts to better understand the problem, which gave you a wider view of knowledge
Now, just plug the exact problem in AI, solution given, no challenge

I preferred the time when you had to search for the solution, learnt better that way

lol

What about before search engines

when you had to go and read books

Oh

What about before books

Any hackers going to see tron ares 👀

You just wouldn't have knowledge

Technology and what we have available to persue knowledge and skills will always change

I'll sail the seven seas

bullshit, of course you would have knowledge

its prob more dependant on the user, like i really like learning more about the problem and actually understanding it even if i am using AI

How do you think we got where we are now

Nah, it's just that I'm lazy enough not to go out and ask people about my problem

vibe code marked

Lmao

lol

nah thats actually a git convention https://gitmoji.dev/

usually used by js developers

Stack overflow is dead, long live chatgpt

Collaboration and sharing of experience, and as such laying the groundwork of collective knowledge is the whole premise of human evolution and growth

GTA 6 is delayed
November 2026
Another whole year

Use what you can, because others will

I feel I would have a girlfriend and kids by the time GTA 6 comes out

issue with gpt is that it wont be able to answer new questions without SO

haahahah

yea i would rather use ai than dig through 20 stackoverflow pages

You're wrong, it CAN answer them! Just that it'll be a hallucinated BS answer. 🤣

Well ok a fourth time, Agent Skills, tuning and enabling models through known datasets and programmatic interfaces to said data. When it was first released, Anthropic's Sonnet model didn't know how to work with the Agent Skill APIs

So I developed an Agent Skill dataset that taught it how to work with the Agent Skill APIs

i think in mu lifetime i have only got to the 2nd page of google a few times

Then used that Agent Skill workflow to work with the Agent Skill APIs to improve a workflow utilising Agent Skills

🤣

Try hunting on NASA VDP

Good morning guys

you'll be scrolling through 20 google pages

for same result

♻️

hehhehe, Google

but more links == better seo

I used something else

Google is the best hacker tool

And NASA is an awesome target for practice

But yes, Google is great

btw I got my third NASA letter yesterday

XSS again

Noice, I got a couple and one from some other gov org, can't remember which

yall hacking governments

that has to be illegal

The other gov org was an RCE

I got one on SSA but I think it was either fixed, or I forgot to report it and too lazy

Nah

Many US gov orgs are under a wide VDP program

thats what cinzinga said

There's a whole section on Bugcrowd which says "Hack the US Government"

i am just repeating

the now-shutdown US government

Wait

It's still shut down?

which is why I'm not expecting fast responses atm

yes

Wow

36 days and counting, its the longest one

iirc frosto had issues cause of it

yup, crazy

usually in my place when govt websites go down they neevr come back

It's just a staring contest atp. Either dems will blink first or Trump will

Did you ever land on the gitlab repos across those gov VDPs 0xcnJo?

crazy? I was crazy once

they locked me in a room

a rubber room

room full of rats?

a rubber room with rats

hi

and the rats made me crazy

https://tenor.com/view/crazy-crazy-i-was-crazy-i-was-crazy-once-i-was-crazy-crazy-i-was-crazy-once-gif-4471500993328921192

I recently actually found a password exposed on a Bitbucket repo in NASA. Turns out it was a duplicate :(

And yeah, I've seen those Gitlab repos

The repos was where I found the RCE 🤣

Gitlab and Bitbucket are the most common ones they use

NFI how it was still there after so long

why dont they use github

I've got some custom tooling for osint on domains which helped too, helped to connect the dots

Lol I don't doubt. I've found inactive API keys and stuff there

Oh man, some of their APIs.. WEIRD right

But yeah, very good practice

..and legal

I found credentials for a service account actually

It was crazy

Haaahah oh man wiat

I hope I noted this down

There were some docs I found, with a guy leaving hints for himself for his password

One was something like... "that funny russian word nobody knows"

Thing is that file wasn't really there! But it was there at some point of time, and while it was there, Google indexed it. So the search result returned the base64-encoded password in the blurb. 🤣

could be just about any word

😄

https://tenor.com/view/selena-gomez-snapchat-shakes-her-head-slightly-to-push-away-her-bangs-red-lipstick-gif-4837857923958019637

https://tenor.com/view/sam-sulek-sam-hi-there-sulek-zyzz-gif-11692285525298771980

https://tenor.com/view/dennis-nedry-jurassic-park-wayne-knight-gif-24822846

Guys,why I don’t get cubes from my referrals

dang didnt have the full meme

sadge

did you read the full conditions of getting cubes for referrals?

Yeah

They have done "Intro to academy"

well if all that is done please wait some time and if you still havent gotten them contact support

Okay,thanks

They must also complete the onboarding questionnaire

Where?

When they have registered?

It's like, the first thing they see

https://help.hackthebox.com/en/articles/7992318-friend-referral

They have done this

Then be patient I suppose, or reach out to support

requires at least 2 friends to recieve rewards

Okay

two friends?

Had job interview today but they are gonna invite me to another one which will be the last interview phase

rewards are at 2;5;15 and whenever a friend you refer completes a tier 2 or higher module

I’m Linux user,I don’t have friends

the t2 one though doesn't apply if they're using the student sub

Yup, don't worry though

They know that already, they read about it

I’m hopefully gonna have an entry level job in e commerce soon, which can lead into other jobs like IT ones

Probably full time we’ll see

oooo cool, good luck!

i will be one

but who is the 2nd one

anyone?

you have mod coobs

@eternal mango wanted to ask
What's your role in HTB rn

He's the janitor

mmm

https://tenor.com/view/futurama-scruffy-janitor-the-janitor-break-gif-22791578

special projects.. involving mops

My role was CTO, but I'm moving away from that role while still being involved with the departments I managed to focus on other tasks that contribute to HTB, and allowing for some mental health recovery.

Co-founder, also

and yes, janitor

egasp, moving away from cto?!

In tital, but I'm still involved mostly in what I did before

Just changing reporting lines and focusing on what I can best provide as benefit to the company, and as I said, allowing for some mental health recovery after a personally difficult few years (not due to HTB)

Wait COFOUNDER OF HTB??!!??

yes

g0bs is a legend

him and d4rk combined beards and made htb

Crazy, did not know that

combined beards

@eternal mango you are Nikos Fountas?

Or am I confusing you with someone else

Doxxed

I just googled founders of HTB

lol no

I'm James

I'm hungry

I'm that too

James Hooker?

"gee i wonder where HTB started"
googles names
"It's all greek to me"

Yes

Honour to meet you

🙂 Pleasure is mine

Sorry I did not know before that you were one of the cofounders

We would have said less grotesque stuff

It's fine, like I said earlier, here I'm just me

Don't care about titles, I'm here to hang

g0b is a chill guy

Lmao yea

Oh, I've said worse

🙈

can confirm

mod chat leak when

I was using terms like "rawdogging my code" 😭😭

Dang that reminded me of taking my pills somehow

Thanks

Well I wanted to apply to HTB in the future some time, there goes my chance

https://tenor.com/view/im-not-gonna-ask-my-question-chuck-nice-star-talk-ill-not-ask-ill-not-address-my-question-gif-20163286

Take care

it doesn't ruin your chances

¯_(ツ)_/¯

Hopefully

go on take those blue pills

you've seen how some staff members chat in here sometimes... it doesn't hurt you

Imagine if they check your discord chats when you apply

They are red actually

I hear ry4n was a top yapper, he got hired, so should be fine raw dogging every now and then

😂

heyyy marcie i got parrot 6.4 installed WITHOUT any LUKS issues 6.4 is working amazingly well!

Good, you're ready to install arch

@exotic pendant friday

i run now

Why do you love Arch so much

LUKS is when you set up with encryption so...

You'll know when you use it

what have you been up to?

Arch users are like the swifties of Linux community

but idk why you @ me about it

yep, i remember on 6.1 i believe there were some LUKS issues that you told me i probably didnt need to use LUKS unless i was paranoid xD, but it just feels kewler typing in two passwords

until you forget and brick your system and need to reinstall

work work

and then reinstall ALL the tools again

i will never forget my super sekrit password which is the first license plate i ever had + the make of my dream car

Off topic the Internet been around since arcade era ... That weird info is helpful with online security oddly

Idk either something about tokens

bankai tenkai oppai

My first password was "telephonepole" cause my old house has a telephone pole in front of it

Ive seen a password recently

get hacked buddy

Interesting

Savage I did that before for a few passwords

What's in front of me that's unbelievable

Bag that says unicorns on it yup password that

******

that is the password

bigtittiedgothgirl123

reminds me of using entropy to pick an old seed phrase sat in my room for 12 hours trying to wrap my head around it

seriously

that symbol

Must include syntax and capital lettering upon 8 characters.

even if you see it in plain text you wouldn't think it's a password

not everywhere gets validated like that

I 've also seen this

I can't stand prompts like tht

****OrD123

or

my favourite thing to use in my passwords is @_@ after everything

That's dedication

Ehh ig it's easier to do than I thought @_@

dead

Lol

Did I say something weird chat got quiet fast

sup Yannick

I mean I guess I did because really what this even means

so appartenly hex can bypass is_numeric in php

oh?

the problem is that the url get parameters are always type string

Sup Sparkling

I found some shit in this trash project I work on

I am now cheating on my girlfriend with a girl who is cheating on her boyfriend

and raised many hecker questions

what the helliante

If I <= string ?

no

this

What

I am ao fuckrd

both break up

the problem is this

Why are you cheating though?

Relationship problems

Break up?

I havent seen my girlfriend in almost 30 days

Brother.

this is WILD

Vro you need to install Arch asap

Istg.

I am on the latest kernel of arch

Yeah you can declare this twice with if is_numeric<= sing
Then sing = parts in idfk fix this gpt

I think right

goodness

she is not your girlfriend anymore LMAO

i mean if they're having a rough patch and taking time apart i wouldn't say that tbh

Were not taking time apart

also not seeing != not communicating

Thats correct we still communicate

Daily actually

like you way overread what Hall said

I can't code that good but I try

but cheating

my gf would end me if i didnt see her after days

cheap discord therapists are not going to uncheat his relationship

Due to albeit almost unbelievable reasons... i cant see her. like my whole mess is fucked it's honestly hard to talk about

you're way overreading things

but eh

Cheating is never right to do

Unless you're playing wiezen, right @hoary nebula

and you should just break up with your girlfriend @frail turtle instead of cheating on her

I am not endorsing it at all. But i need intimacy like Im in here in my apartment alone every god damn night

ok and? that's no excuse to cheat

yeah I agree with Marcie

never right, but the irony that the girl they're cheating with is also cheating with on her own boyfriend break up with his girlfriend and get with the other girl

secs

bro just say sex

Me too man i spent two years without getting laid

like... your needs don't override the feelings of your girlfriend

intimacy isn't just sex btw

you can't say some words bc automod

get a few kids, then wait and see how much intimacy you get

No by intimacy i mean an actual fucking connection

then that sounds like there's a breakdown of communication between you and your girlfirend

women ☕

We barely talk but the loyalty is there for some reason

When we talk nowadays its usally avbout the kids

She wont let me go i wont let go

like your first role becomes mom/dad

just because you speak every day, doesn't mean you're actually communicating

not boyfriend/girlfriend

vro is keeping her as a backup

Sigh

but yeah

try to have a chat with her hallicon 🙂

if the ship is sinking anyways, better to know and get out in time

omster 😔

have you actually communicated any of your needs to her, or are you just assuming that she knows what you want

I did twice already i told her exactly how hurt i felt and all

And she tells me i have to understand her situation, and I do but im the one putting any effort

then break up

point blank

break up

point blank

it's gonna suck

🔫

but like

I was reading this and about to recommend breaking up

@worthy narwhal that passed the line

what did he say

I missed it

I am breaking up with you

Man.

now marry me

u know, ive been the cheater before, but at least i admitted i was a douche 💁

Lmao

very sad to inform you guys sparkling and qeuemark are no longer dating

but seriously Hall, if neither of you are able to move forward positively in the relationship -- then it's time to break up and move on instead of cheating on her. because ultimately that will make it 100000000000x worse in the long run

I have been cheated on, and tbh it hits you like a bunch of bricks

is she the same girl you were talking about a while ago when she went clubbing with her friends?

gud it crossed the line, so, no repeat

Yes and it wasnt her friends

I step away for like 30 minutes to find cooking videos to post. Wtf happened??

It was her family

@terse dirge yamete

Kudasai

what do you expect its the internet

rule 5

get him boys

🧍‍♂️

oof

okay

fix

how do people eat em everyday and not die

i want to be like that

Ey it turned out that was indeed correct call tho

eggzy typing

dead

I just went through an ordeal with trying to reinstall my OS. I installed it to a diff partition on the same disk and it overwrote my /boot/efi entries, so my old OS was not showing up anymore. Holy hell. Plus, X11 is going away and I'm not changing my WM from Xmonad to anything else.

I had to reinstall grub from a live usb image. Just hell.

F

just get a mac

no issues

if you are dropped into grub shell you know it went horribly wrong

I'm back on 22.04 Ubuntu

I was in a grub shell.

uwubuntu

grub's hell*

https://tenor.com/view/dodgson-jurassic-park-nobody-cares-gif-26375486

I was thinking, I'll install new ubuntu to a separate partition, but it overwrote /boot/efi which I thought would be commonly used among the two. but no, both use /efi/EFI/ubuntu namespace, that's why.

man i just cant find the actual gif

which one

did you write any php there?

great show

I got my system back. I'm not fscking with it anymore. I'm fine on 22.04 until 32.04. That's how long ubuntu provides extended security support

via ubuntu pro free for 5 devices personally

Vro

I don't even need to say it

I'll have to migrate my ZFS volumes

I'm also on BTRFS

/ is on btrfs and /home is ZFS

so basically you tried to clone one partition with ubuntu to another partition on the same drive, but did not remove the boot entry of the original partition?

why did you not just upgrade your original ubuntu instance? o_O

Because it can't be upgraded, too many custom/package depends problems. I've tried like hell.

bro is not fscking around anymore

ohhhhhhh okay

hey about btrfs, I always use ext4, is there a real benefit on btrfs?

It's okay. Eventually I'll get around to reinstalling everything. np

faster compression

that's all?

Its a COW system copy on write, meaning instant snapshots

ah

thats what sold it for me

That's how I was always able to get back to my original system using snapshots

good

echo you use arch right?

I try an upgrade, it fails, broken package, so I restore from snapshot

vro

it's instant too

if you use the aur let me show u a trick

literally takes seconds, because you just switch to antoher btrfs subvolume

ok

https://old.reddit.com/r/archlinux/comments/1d6zij6/small_tip_to_speed_up_aur_installs/

this will make compressing huge packages lot faster

hence package installs a lot faster

also you could run pacman in parallel so it would download 5 packages at once or so

When you install chromium and find out the download size:

interesting

@worthy cargo did you remove the french language pack?

I have 2 computers one with arch linux and the other one with arch linux

i have no french lang pack

what are you on about

rm rf

https://tenor.com/view/arch-arch-linux-btw-i-use-arch-btw-zyzz-gif-25959390

stop posting gifs of me

this is useful

shave your mustache

never

You should install void Linux

https://tenor.com/rGGVBNNcqMY.gif

https://wiki.archlinux.org/title/Pacman

i need aur

oh nauurrr

also some dev stuff breaks in void

Just compile form source vro

playwright latest breaks on arch