#general

I mean, yeah.. but a cat attacking a human isn't cause to suspect rabies.. Cats are assholes

But I suppose better safe than sorry

This be true

i dont wanna castrate my cat but i read saying when the cat is castrated is less agresive, so maybe works, i just wanna stop my cat hurt my neighbors, and me 🤣

It is very common and safe to castrate and neuter cats homie

but a cat trying to attack everyone and everything isn't normal I think

100% better safe than sorry have you seen how you die from rabies?

Did this literally all come from someone saying "cat attacked my leg"

lol makes sense

My brother got a nice shiba inu dog and had to sign a contract that he will castrate it lmao wtf

I don't have full context I assumed he was assaulted by a stray lol

Personally no, thankfully, but I'm aware of how horrible it is

It's awful

Shiba Inu are aggressive

I agree

nothing to do with that. The breeders just dont want competition o w/e
And his dog is super sweet 🙂

he said his cat is fairly aggressive too

wrong, agian, my other leg 🤣 ❤️

Oh wow

It's cuz his doggie DNA is priceless lmao

How was I wrong? I said "my leg".. that includes both legs

Does it attack when you try to pet it?

Someone I know had a labrador and it attacked them... and it wasn't vaccinated (yet)

VACCINATE YA ANIMALS YA FREAKS

they didn't die but had to take like 20 rabies shots and stuff

ouch

cheeseball is vaccinated

It's better than the alternative trust

Tidus is also vaccinated 😄

bill gates controls his mind on weekends and Fridays because that's what we've arranged with him

Lmaoo

Mine loves cheese

your cat is microsoft founder every friday and weekend

Careful, that's a sign of Active Directory compromise

He has cheese flavored cat treats and now anytime we have cheese on food he gets all fuckin frisky

Good, they can have the DPAPI Backup Key what am I using it for

Let the forest burn goblin

Who needs it

The domain actually

It's my favorite AD fact

That there's a self destruct button built in

https://tenor.com/view/robert-downey-jr-tony-stark-gif-26471287

he runs into windows so I take that as a sign

damn, elastic security might be kinda good. Maybe I misjudged it

It is worth a go, for sure

Their update and product release cycle has grown greatly these past years, and the telemetry their agents ship and dashboards are not bad at all

Hello everyone, I just want to ask a random question. I'm looking for a cybersecurity community, primarily made up of people living in Australia. I wanted to know if you know of any communities on Discord. My interest is in meeting people to talk about cybersecurity and do CTFS, since I used to do that in Argentina, but now I'm interested in integrating my hacking habits into my Australian experience.

And that's before you tweak them

altho it's kinda slow and has you configure crap weirdly

With their fleet feature it makes managing hosts so much easier than before too

the dashboards are nice

ya but if you get ssl issues then you need to manually specify options or manually configure the output to ignore certs

You found that community.. but there are htb meetups hosted around the world

I would imagine there are some in AUS too

Or Argentina even, maybe?

it'd be nice if elastic had an n8n integration or something for webhooks

https://www.meetup.com/pro/hack-the-box/

You mean for incoming, or firing off webhooks?

Each major Australian city absolutely has medium sized communities, use meetup or what g0b said to try and locate them

sending data to webhooks

IIRC you can use Elastic to emit webhook events when alerts are triggered, and have an agent that receives incoming hooks

wazuh had it I liked it but I always had to make manual changes because of ssl certs

Yeah https://www.elastic.co/docs/explore-analyze/alerts-cases/watcher/how-watcher-works

Unsure on the flexibility of it mind, I've used it a couple of times for simple alerts

but nothing too much farther than that, e.g. sending relevant datasets from the triggering event

i start the first episodie of startrek section 31

Hello

Wait what, new Star Trek?

today i open the tv series section and i see these serie

is about the emperor giorgio

Nice, wasn't aware of that one

looks good, i am looking the first episodie right now

Will hit that up at the weekend for sure

we too broke for azure tho

I made a custom rule and it looks like you need at least a gold license to use them

Hello guys im a student looking to get into Cloud security can anyone help me study

Anyone here set up USB forwarding for VirtualBox before?

Looking at the plan table, it's Platinum (so first tier above free) for alerting

But yeah..

It gets expensive fast with Elastic

https://www.elastic.co/subscriptions

We used the hosted setup through Elastic directly

I remember yeaaars ago playing with Graylog as an alternative to Elastic stack at a previous job

I wonder how they line up now

SumoLogic is something I used a lot previous, and they have recently changed their pricing model (ok, not THAT recently, past year or so)

IT used to be based in ingest, but now it's based on query volume

Unsure if they provide such monitoring / reaction features though, been a long time since I used them hands on

Make an aws free tier account. Go crazy.

you just install the expansion pack

Looks like Graylog does support some level of alerting and supports webhook as a target for the event Ceald.. but I can't vouch for how easy to work with it is. Haven't used that in probably over 10 years 🤣

That said, NFI what kind of SIEM capabilities Graylog has compared to the Elastic stack

thank you

i think the startrek is a movie not a serie

bu is good

Lol

Or I can be cool and make my own edr and SIEM solution

amazing ragebait

or that

I was working on that but lost motivation on it and forgot what I was supposed to add to it lol

so you mean to tell me you have no appreciation for anything tolkien inspired?

no dude, now lets talk about scarface, goodfellas, all that

gets BTFO by RICO act

you cant RICO a dragon

go ahead try to raid the dragons hoard

https://tenor.com/view/minion-hello-bello-kiss-gif-12923282

I need you to roll attack 30 times, penetrat0r

oooo sorry the dragon has 88 AC

Actually, I do remember! I was going to work more on the agent management side and user management

I think I was going to add like agent groups and have a way where you can manage and update agents in bulk

Not to bang on, but Elastic's Fleets feature does this very well

Just don't try to update hundreds of agents at the same time.. and saturate the uplink

I totally never did that by mistake

We only have one endpoint being monitored right now

Ya

But elasticsearch isn't FOSS anymore so it's not based anymore

Haha, fair enough

Wazuh does it too but it doesn't notify you when agents have been updated

Not yet, it's been shipped though

I ordered months ago

Like when pre-orders opened

Indeedy

US is first

We get the sloppy seconds

Idk I'm trying to mainly design it to be fast and simple rather than having 69420 features and overly complicated

Elastic with its integrations are nice but it's a bit confusing on which to install what integrations on

AFAIK US pre-orders are being fulfilled first

Then it goes across CA and EU

Unless I'm thinking of something completely different

good to hear

i want it first

but I mean I made my order Aug 18th

they need to get a better manufacturer this is super slow

And with things like elastic defender I had to upgrade everything in elk to get it to work properly

Say that when you've tried making a production run of anything

Another thing with elk stacks is that when you upgrade everything it's not seamless, you either back up and import your data or start fresh which is a serious issue

I think small updates should be seamless and shouldn't require you to nuke your old instance

Yup.. update path sometimes isn't just update the node, swap the volume

Sometimes it's painful af

Even wazuh has the same issue

I still love Elastic

When I was building my own edr and SIEM I was using this https://github.com/manticoresoftware/manticoresearch instead of elastic or opensearch

At scale though, it gets stupid expensive

It's a lot faster and doesn't have the jvm overhead so it can scale better

Interesting

Ya, I feel with both elastic and wazuh is they intentionally make their code shitty so you're encouraged more to just pay for the cloud platform

Ok I gonna have to read up on manticore properly next week

It's really really nice

It runs amazingly in docker

And it allows for SQL queries and json queries

I mean so does Elastic kinda

but that's not the point

jvm overhead has always been an issue

You can pad out memory as much as you like

If you're running multi-node cluster then it's no problem

But damn

This is reading as pretty impressive

Startup times with elastic are also significantly slower than manticore too. It's not like a couple second difference because manticore starts up in seconds

I can see me getting distracted from my current project again.

Good Morning

Oh no

I always know I've been up too late when I see Tejas

Morning @ornate ibex 🙂

Ceald you know about go.work yes?

Please give me a boost with JET

Always nice to see the shift change 😂

Yes, and especially during daylight saving for you guys.

No

Now you do, go read up on it.

Oh it's for workspaces?

Why lmao? Did I break something in my pr?

¯_(ツ)_/¯

I just got home I'm eating and I'll take a look

Had me worried for a bit lol.

It's a way to use local directories that haven't been published yet.

I'll probably check it out, thanks

All the pr really is just adding functions for getting team info and stats

Good morning

i just woke up too

lots of honking already here in india

rise and grind!

you're in india?

I thought you were in US

He is

Idk why he's saying he's in India 😂

bro is vibing

because its funny

Why when I switch my laptop to Linux, my battery life has been better.☠️

Wtf does windows battery life even do

“Conserve battery” 😭

By the way, I was always wondering why the boxes are always released at the same time; this puts those who live on a different time in a nervous position)))

Wasn’t conserving shit

I have brought this up several times

because winblows is spyware

Windows got all the games tho

🥲

what?

download steamos

:/

2025 people dont know about steamos

been out since 2013

Unfortunately it does not run alot of multiplayer games

WAIT WHAT?

like what?

And even in normal single player games, it requires you to do tweaking alot

I can play games that I purchased on Epic games as well?

that has NOT been my experience at all man

Not everything is out of the box

tell me what games dont work

Battlefield

GTA online

What games are u able to run?!

Valorant (that's a trash game anyway)

I wanna know if RDR2 works

if so I'll ditch windows now

Online wont work

idc

nobody is online these days

Ehhhhhh

Only if you've bought a legit copy on steam

I purchased it on Epic games : \

Pirated games also require alot of tweaking

300 INR lol

Ehhh there's a 50/50 chance then

well yeah, because riot wants to install a kernel level root kit on your machine

Epic is not the type of company to actively go out of their way to support linux

Yea but there are other games too as I mentioned before that

GTA Online is one game I play with my friends

Space Marine 2

Minecraft bedrock too doesn't work on linux, and me and my friends play that

That’s sad

Is it that difficult to support Linux?!

why does bedrock even exist

Or companies just lazy

they already have java edition

I have few torrented games that work out-of-the-box on windows but would require alot of emulation on linux

Unfortunately setting up Java multiplayer is hard

no?

It's not hard

Don't you require your own server?

Yes?

Is that the hard part?

Yes

you can just download the server jar file

You could run it on your own mahcine

and run it

in CLI

Mahcine

there are tutorials for this stuff

Not that strong enough PC to run a minecraft server

Skill issue

Okay

minecraft server? 👀

I've never played that game but what's this about it requiring you to run a server on your PC

As for Windows games under Linux.. Wine was a thing.. now it's Proton, and that shiz is damn impressive on what it can run

thats if you want to play multiplayer

Yes there are some things it doesn't play well with

But compared to old days of Wine, it's 10000% times better

you run a server and people can join it

Can I run battlefield on Linux?

No

That sucks

If you're talking about the latest one, no

you run GUI on wine??

The latest one

They have Javellin anti cheat

wtf is that

The GUI what?

Doesn't work on linux

like windows games

Javelin anti cheat

I run Windows games on the Steam Deck

That uses Proton

i run linux on wine

ah

Most games are made with windows in mind
Linux is usually a second thought

Imagine the entire pc market just switched over to Linux

Kinda hard to happen

people dont understand architecture translation layers

man

guys

https://tenor.com/b6iLspcwFGS.gif

goml

Yes, but you can still run Windows games on Linux with these compatibility layers

that would be a glorious day

i run windows games on windows

On twitter, I've seen a game dev ranting about how hard it is to support linux games native

Skill issue

Is it really that hard to support Linux?

i bet they use AI to vibe code their games

no brath i think spontaneously dumping every windows pc ever and switching to linux overnight will have amazing consequences

Then they will make malware for Linux Os

like what

i would cry

like windows ceasing to exist

Has someone ever gotten their Linux computer affected with malware?

sometimes we need to tear down the shitty-built tower and start from scratch

Since every person has their own distro with own customisations, each have their own set of problems

Linux users were less than 10% of the player base, but made up 90% of the tickets

Few 100s in sale but more than 1000s in tickets

That's loss for the developer

no more .NET bullshit

Regardless if games are written with Linux support or not, the compatibility layers that exist today basically eliminate that bondary

You can assume anything in order to justify yourself

^^^

I have developed games on every platform, that guys a moron

For Linux support, or make it difficult?

@civic lance to answer your question, yes sometimes

windows in itself is essentially a broken product getting more and more duct taped with each new version

i can't play FighterZ online on Linux

I did say there were exceptions

😄

ok but why must the exceptions affect me

Obviously they don't like you

It's a shame

Ooh Linux users complain more compared to windows

🙁

Ehh I'll still stick with windows

you have shitty taste in games? 🤔

I'm comfortable with it

WHAT

my taste in games isn't shit

Can I run arch raiders on Linux?!!!!

lol

Shots fired

Unless and until I find something genuinely pushing me away from windows, don't have intentions to switch

Anyway, I'm Windows too 22Kratos

tetris ahh gamer

I'm just saying

Arc raiders? From ik, no

Cyber?

I use VM

i like Space Marine 2

The support for games running on LInux from Windows bins is SO MUCH better than it used to be

prove it by doing the secret windows handshake with us

U seem like a person to full on switch to Linux?

I tried Dark Souls Remastered yesterday

https://tenor.com/view/asleep-steve-ballmer-yes-meme-microsoft-gif-18627126

That game is pure fucking ragebait

developers developers developers

can developers support Linux???

caught in 4k

only for myself

#windowsforlife

Their choice in the end

❤️❤️

Microsoft will continue to shove its agentic AI down ur throats

😂

Yk I genuinely hate Linux elitist
Who always keep pushing linux down your throat

they should be taxed if they don't support Linux

All the hate

Use what is best for you

Why fight

which is good for hackers in general. more stuff to break 😆

especially if AI becomes a part of the OS

More prompt injecting

indeed

sorry you dont like freedom 😛

why do direct kernel syscalls to bypass stuff if you can just ask it nicely instead

got nothing else better to do than to scream at jpegs

Sweet ok

OS WARRRRS

https://tenor.com/view/cartman-race-war-south-park-cartoon-animated-gif-5412137

Microsoft does seem like the type of company to bake its AI into the heart of windows OS

-# hides gallon of gasoline

I use linux for work
Windows for daily driver
Simple

Notepad has AI

You are ai

Soon file explorer will have AI

Nice

"please help me find this file"

There are 2 rs in the word strawberry

cause I'm too lazy to find it myself

Maybe the real AI is the friends we made along the way

Waits 20 minutes for the search index to update

You are absolutely right

Wait until discord implement AI, I’m calling it

Windows is only good for 1 thing

Games

An argument, it seems

nah they'll probably implement ADS into the chat bar. watch this ad to send your next 100 messages.

i like windows

I don’t think they will

but i wish linux was a pleasant experience like windows

@scenic maple GPT how many d in scrumdiddlyumptious?

e.g. streaming on discord

Download arch and put urself thru the ringer

2 ofc

because streaming on discord on linux is terrible

I think there are workarounds

wut? i do it just fine

i think he is gatekeeping linux

mad respect

"i do it just fine"

The single response

I do everything just fine on Windows

People do things just fine on Linux

Lmao

Everyone does things just fine on Mac

Fucking who cares

https://tenor.com/view/kekuwu-kekw-anime-gif-10260786903607553889

when i stream simple counter strike 2 gameplay

ur mom g0blin

on windows it looks fine

Can we have an OS war

You wanna try to convince people to use what you want to use, go start a cult

ur mom first @rose onyx

on linux however it looks like a peanut butter sandwich deep dive

😭

Thanks for watching and be sure to tune in Saturday night at 7 pm for the next episode of OS Wars

odd 🤔 you on canary build?

Don't you ever feel like tearing your hair out when playing CS2?

no

I honestly feel like getting a brain stroke every time I play a competitive match or premier in counter strike

It just fucking sucks at times

back when i was doing this stuff discord also couldn't stream audio with video

and i had to use a third party client to get it to work

every now and then they push a dumb update, but streaming from canary is good.

hm

https://tenor.com/view/made-by-clown-gif-4428586269206149108

Ahhhhhh

Calculus become a mod

Since when

at least a year 😂

That’s crazy

i wonder if switching to linux will remove all the dust in my pc

It'll increase it

bruh

no, but i will say it will

You'll also gain atleast 200 pounds

no way im switching then

And get a neckbeard

WHAT

i want 200 pounds

lies! 😭

thats free money

😂😂

200 pounds in weight

You not really missing out on much switching to Linux

oh

Maybe you’ll get to enjoy storing things locally on your computer, without an invasive one drive

you'll be free of microsoft

I mean if you're using a really old laptop or PC which just cannot run windows anymore, then I guess it's better to switch to linux

demicrosoft

You can debloat windows, and disable one drive too

no more telepathy or whatever it's called

i own my OS

How tf you do that

If you can install Linux, I'm sure you're smart enough to run a simple utility and debloat windows and disable telemetry

I tried turning off onedrive

Search "CTT Utility"

CTT is a big youtuber

I never looked into it

He made a powershell utility

https://tenor.com/view/beautiful-tree-gif-2023-christmas-tree-marry-christmas-gif-182709482597025330

It opens a GUI in your powershell itself

I wish there was WFS
Windows from scratch

Allows you to debloat everything

Completely

Ahhh imma look into it

Sounds nice

Windows Fucking Sucks?

bro is h8r

what do you think LFS is an acronym for

Tried that once and almost "debloated" my antivirus 🤣

Linux Fucking Sucks

What antivirus are you using?

protogent

Linux Freaking Slays

the thing is, you shouldn't take the option to use linux and other open source software for granted.. one day that option might not be there anymore

I use Defender for normal everyday and I have Malware Bytes for special scanning

law of financial studies

praise the machine god (microsoft)

U saying magically one day every distro disappears

Same as you, Defender. Thing is it runs all the time as MsMpEng.exe and almost removed it because I thought it was telemetry lol

then googled

Oh lol

also I tried malwarebytes and uninstalled because it kept showing me ads all the fucking time

to upgrade

one day you might not be able to run your own software on your computer

tfw your antivirus turns into adware

why not tho

Oh don’t give Microsoft ideas

i own a commodore 64?

Interesting fact I learnt today

windows defender

it runs BASIC just fine

g0blin got some work to do

The only “good monopoly”

Valve is peak

Love valve ❤️‍🔥

valve wont do anything about cs gambling though

Why would they

it makes them $$$$$

It prints them money

gambling good

https://tenor.com/view/jesus-loves-you-te-ama-gif-10025501

When I was a little kid, I used to be scared of gambling. Cause I thought I’d magically get addicted to it

Now you're an adult, magically addicted to gambling

I tried one day gambling and was like meh

Yk what I love, that steam has HUGE sales every few months
And almost all games go 90% off
And you can buy expensive AAA games for not that much money

I did sports betting, a couple times.

Best thing about Valve

How do they even pull that off

I'm saving up till new year sale

Then I'll buy games in bulk

just think about phone operating systems for example, you need to jailbreak them to get full access on your device that you own and paid for

Ooh yeah Google tried to restrict what you can and cannot download recently

Then they revert because of ppl complaining

But they’ll slowly go back

Becuz they like control

“Don’t be evil”

This was for android phones

Yk what sucks?
The fact that I can afford games now, but have no time to play them

cuz you're in general all the time

Hahhhh found it, this is about as much cheer as you'll get from me over xmas.. I can't remember who I was trying to find it for, so I'll just dump it here instead. I AM XMAS TREE

haha that's actually a great photo

It took soooo long in a studio for them to set everything up

I volunteered to be the model for it, god knows why

But it's a funny photo 😄

it was a very bright idea

i want one fr

Could you look in #cert-holders

Pls

It took me some time to assemble; it’s a very nice decoration for the desk 😄

Or any mod

On it

Ty

HTB bot got the blood in Xct machines for what? 🥀

usually means it went straight to retired

Ah interesting, then I have a question if you don't mind, why it went straight to retired if accepted?

xct might mean it was from vulnlabs

Ohh okay, thanks

Majestic beard

yooooooooooo

I want one lol

looks super though.

I must have it

Delivery fees are more expensive than the product 🥀

73 pieces for 40 dollars (without shipping costs)
hmmmmmmmmm

people be slaving away with college work, twin I don't do my college work I contribute to my own projects and others instead on github

cheaper to create it from scratch.

true

Actually, HTB is a brand like GUCCI, the price depends on it, not in the product itself.

Hmmm, I am now inspired to have a pic done like this, but just weave the lights in my beard tbh

Wonder if that's including import fees or something

No idea, but ouch

Its a very good inspirational pic lol

To the UK delivery is £20 even.. doesn't seem right

The shipping is busted

the lego set?

I'm not involved in the swag store, so I don't know either way

but I'll mention it internally either way

Comes quick though

https://tenor.com/view/archer-phrasing-gif-25791366

But the better question is, do you get free swag

Not from the store no lol

I'm sure they'd send it, but I have no god mode code

😄

#fortresses

well, the UK is an insignificant remote island

Getting kids ready, be back in a bit

can i get get nudge on

context

#fortresses

https://tenor.com/view/what-wut-pepe-the-frog-shocked-surprised-gif-15389416553763135269

@terse dirge have u done it ceald

its been dead for a while

the channel

Looking fire

What do you drink?

it says you have a bright future ahead of you.
that will be $40.

Cry

you first

Already crying

Friday-1

How can i make coffee

no cry vro

Sure

ty

https://tenor.com/view/of-course-i-am-i-cry-all-the-time-nowadays-gif-5077411642033249829

It says you're a traitor

mac user

man lower back pain sucks

I put my kid in his chair and my back went "DFWDFEWTWERQWDQEQWRQWRQW enjoy this new experience"

Know that feeling, not had it for a long while, but fffff

You cannot compare it to anything

I then had to get back home in the car

that was an adventure

good thing its a 2 min drive

I'm pretty tall, and worked a repetitive job as a kid which didn't help. Once I got out of that things improved, but still needed to work on core strength to avoid those spasms

yeah :/ I need to get back to the gym

my knee's been keeping me from going a bit

morning

heya mick

Denied

ok back to bed

boss told you so

🤣

night

Wait wait, comedy retract, comedy retract

Anyway I'm not his boss

true

more a friend

then you ran out of luck

get out of bed

🫂

already in front of PC

make your friends a coffee 😄

i accidentally grinded the wrong beans yesterday lol

Man I'd love a coffee

Sucks for me

kidney beans are not to be ground

I actually dreamt about buying a coffee machine last night Mickhat

It's your fault

and that's fine

can't go wrong with coffee @eternal mango

I'd LOVE a stream of good coffee

i have 2 differnt coffee beans here and programmed the coffee machines timer

Hold on tight
This program is currently suspended

c;monnnn

dew it xD

I have a draft ready to submit

buy a lelit machine

maybe one day i can do a good video/short

No not like that

oh]hhhh

Wait

to drink

Nvm I'm not gonna say that

Yes

https://tenor.com/view/coffee-gif-14866884794849307214

that would be nice

Glarglblargl readyfortheday

https://tenor.com/view/cat-meme-silly-cats-mango-mango-juice-monster-energy-gif-9451278639858834322

heya ceald

wassup sparkling

nt much

time to preheat the machine

messed up my back this morning

hope the painkillers will help soon haha

as I gotta go swimming with kid in an hour

oof

yo Mick, are you able to access your n8n outside of your local network? I'm trying to set that up for my instance right now lol and was wondering if you've done it before

new macbook arrives today

gonna be fun to set up

yeah i used cloudflared

you should install void linux with niri on it

oh ok nice

I'm using nginx and docker lol. I have it working locally

Theres a stone in my coffe machene and i am not certified to get it out

lol

can relate

dont have back pain but

Ohh nice mac is better then windOS btw

imagine walking on a cold marble floor with the soles of your feet all cut up and bleeding

thats me

I already have a mac studio, but because I gotta go client a fww times a year and my old macbook 's battery died, I gotta order a new one

lol

but yeah mac is awesome

I can go with battery for 3 days

yeah how cool is that

nevermind I found the issue

.

Chat

a bowl is most useful when it's empty

What if I'm hungry?

...and now we go around in circles for 30 minutes

then you put stuff in the bowl

Too much effort

I'm a lazy hungry person

you can buy this one 😂

I was trying to be funny 🙁

Damn it stop tempting us with your coffee

mickhat is never to far away from a coffee party

Thursday

thursday morning

Give me

Thanks

machine should be heated up now

What're you heating it with, a freakin candle?

lol

i now have a dual boiler machine where i can control the temp of the coffee boiler

its nnot like put it on and get coffee

Uhoh, he's gone technical

I stepped over the line

so back to bed

what's up.

Nice banner, Sir g0blin.

how's the drone?

still alive?

Thanks, I don't think I've ever changed it 🤣 Photo of some spider webs on the grass in a graveyard of a church in the marshes in Kent somewhere. Lost the original photo unfortunately.. but I still like it. How're you?

Still alive 😄 Lots of fun flying around local parks and woodlands

Almost crashed it a few times, but somehow managed not to

Your welcome, the photo is very good looking. I hope you find the original one. 😄

I'm good and very busy.

😄

Busy can be good

@austere sinew daily ping! how's your new home?

@austere sinew do you really eat 30grams of cereal as breakfast

https://tenor.com/view/sml-jeffy-honey-nut-cheerios-pouring-cereal-cereal-gif-27085029

no ping pong very busy bong

@austere sinew how did you like the 6 sieverts of radiation for breakfast

there's nothing like a good stream of high energy gamma rays in the mornin'

https://tenor.com/view/cat-eat-mukbang-eating-food-gif-10622760897608986358

Was typing out a bug report and it randomly logged me out

my 3 page report lost

https://tenor.com/nRDzFqELZV2.gif

:(

have to type it all again

That one time when that "are you sure you wish to navigate away?" prompt would be helpful

Had that before, you submit the form.. you see it redirect to the login route... "NooooOOOOO"

(yes those are two totally different scenarios)

https://tenor.com/view/twerk-cat-dae-cat-gif-24200690

L

Any pentesters in the chat

where are all the p1/criticals hiding in web apps these days

and don't say react2shell xD

What kind of question is that

Like, do you think someone knows a secret to gaining criticals left right and center, and they'll just tell you here?

?

sheesh

harsh

Well, it was a silly question tbh

let me rewrite the question

RCE hidden in object deserialization php filter chain memory bucket shell code exploitations

What are some common critical findings in modern web apps these days

but even those are well patched

I'm a new pentester and I've yet to hit a critical

it's been months of grindings for meds/highs

internals/externals/SE easy, but web apps?

nope

There are no silly questions btw, just silly answers 😉

Hey

that's my line

😄

😄

but seriously are criticals even real in web apps these days?

and yet you still managed to find a silly question 😛
-# jk

I'd say they are still real yes

hmm

probably but they very rare

But very difficulty to find, given how many eyes and hands have gone over the programs

BUT, they do still exist

I need trophies 😛

Hell I found an RCE in something over a decade old and public for that long

I just got lucky

But it's not all about luck

So it's a skill issue 🙁

All you gotta do is have no life and pick and prod at the tech like a tech researcher. HTTP 1.1 is still used for a majority of the web despite it being 4 versions behind. It's gotta be vulnerable to something.

You need to be thorough, and stubborn.. persistent..

You laugh at that but I'm right

You are right

If you have a target, don't approach it as a tester

Approach it as a user

Use it as it is supposed to be used

Capture your traffic

Then go back over that session, and look for interesting endpoints, test for idor, injection, xss

there was a recent talk at defcon about http 1.1 desync

It's about building up your attack surface on your target

i think idor and xss is mostly meds these days tbf

where I work a 'high/crit' is like full pwn only

it seems

*RCE

full pwn is technically illegal

depends on scope I guess

I said injection too

yeah injection is different but I've yet to hit something decent in a modern web app with injection

I meant that as covering not just sqli, but command etc

Well you've yet to hit it

but it's there

hmm yah

imagine finding command injection In 2025. That'd be like winning the lottery, now imagine finding one in apple, you literally win more than the lottery

Do you think it's better to think "Okay i'm going to find sqli or idor today"

or just keep going until you find leads and try and chain from there

I literally did

It's definitely better to focus on one type of vuln and testing a lot of targets

so you can get familiar with the vulnerability, target rarely matters cos majority of the internet use the same techstack give or take a couple frameworks

Never assume a mistake has not been made

i insist they always have been made even before I look at the targ :p

frameworks just make sure that the mistake isn't easy to spot though.

I was a dev for years before cyber and I can assure you it's a habbit you can't escape xD

Yeah I'm not saying it's easy

my fave are creds in //comments

But there will always be, and still are vulnerabilities out there

if you find this... I highly doubt that that target has a bbh or vdp...

Most pentesting targets I get do not to be fair

and we charge like 2k per day on engagements so it's surprising vdp isn't more common

Just because someone has gone over a target before, or hudreds have gone over a target before, it doesn't mean they found everything

Definitely agree

most testers call it a day with a high/crit

That RCE 0xW1LD.. it was in a repo, where the source was public, and hosted on a .gov domain, for well over a decade

damn

Sometimes you get lucky

Sometimes you strike out

Sometimes you just try and pad the report xD

I'm no 1337 h4x0r

But persistence and curiosity is key

I'm curious now, you allowed to disclose?

They don't publish unfortunately

Sadge, but it was command injection?

Yes

massive payout?

USDA?

No payout, .gov target

Bro has many questions

was it a bounty or pentesting?

and that target didn't even provide a letter of recognition

It was USGS

only NASA does that 😛

wait this is a thing

admittedly so does harvard but they've paused their VDP

Yeah, I have one pending for resolution with them

Ohhh, ok fair enough

Got a couple others

Yes

yeah, NASA does it

The .gov top level domain is very permissive with testing

Damn imagine a NASA letter of recognition, I'd put that on my wall and frame it :p

Although ngl USGS probably has some sneaky info about underground explosive tests

Hahah

I got tired of them after four or five reports 😆
Triagers don't read with their eyes open the first time and I have to explain everything over the second time

But no shot

@muted olive how many you have of em now?

nasa.gov is a good target to practice on

3

Just read their scope

Stick to it

Wouldn't it be diluted af by now?

there are only so many doors

not at all

you'd think but no... massive target

ok checking now

if there are 7000 reports, surely there's room for one more

is it vdp or bounty

thats the mindset

vdp

Massive surface, and my last ticket against them was a week or so ago

It's the practice that matters

Knowing how to stay in scope

Do we get 'duplicates' with vdp like we do bounties?

Using your tools

yep

I see

@eternal mango I found a P1 in NASA the other day but... duplicate 😬

You'd think with vdp they'd have more resources to fix issues

First duplicate too

Can you disclose for time saving?

You underestimate the size of their surface

Disclosure is allowed yeah

They honestly have done a very good job

There's just so much, they can't have fixed everything

Mate, NASA runs on a tiny percentage of US citizen taxes... it's impressive they can even send tech into space.

..without enough persistence, I reckon there will be plenty more there for some time.

Also what's their internal cyber team like? I thought they were engineer focuses and don't have time for infosec as much as we'd hope

I've no idea to be honest

Cybersecurity is not my profession

Yeah my thoughts exactly, they're 100% effort on putting metal into space

but you have a cool little box