#general

well ok, I guess people nowadays are only impressed by a Buddha.

We didn't say it wasn't impressive lol

I get it, lol.

I’m just a professional hater

I only trust the media they would never lie to me

I can't do that

I can only speak like 1.5 languages

ich de spreken jaja? nein?

I am fluent in tapioca

Bro stop with this spanish-german lol

reeeeeeeeeee

think my colleague is about to end it

lol

atleast it isn't Rust

Usually my coworker just sends me "Dude..."

TRUE

need more based colleagues

Department of Dudes DoD

That's how I know I'm about to be in a huddle for 45 minutes lmao

he responded with horse plinko

hes losing it

🐴

A dangerous sign to be sure

sup n can u f'in review this f'y loader and stego some rce into this hen*** photo

https://tenor.com/view/pou-pou-hanging-pou-suicide-hanging-noose-gif-9561747451850049061

https://tenor.com/view/ohhh-gif-10765217

hi

😮

wys fam i gotchu

https://tenor.com/view/surfs-up-young-at-heart-the-simpsons-cowabunga-dudes-gif-14066399

Me

wagwan big man

LMFAO

someones workplace philosopy really rubbed off on me, and i agree that based coworkers is the only way

not many people know that bart is voiced by a woman

@sharp shuttle Global Warming is the perfect condition for human evolution, the normies will want to "socialize" and "hang out with friends" in a 110 fahrenheit summer, and they will all die.

is there someone arab guy here ??

no not a single one

global warming is desirable because it unlocks the northern part of the game for farming

Bro we've known this for years lmao..

Arab yes guy no 😔

heh

That's what she said

yes Babe, let's unlock the northern part of the game

The more shocking voice actor fact is that Goku's Japanese voice actor is a woman

think of it as conditional DLC

how you know ??

Same with One Piece

HOW IS THAT SHOCKING

🤯

for farming Babe, for farming

so is narutos

so is david goggins

Because most kids in the US and elsewhere grew up with the dub, not the subs

PETALS LMFAO

im goin goggins!

i am the goggins of gambling

what?

yeah whats your fanduel balance?

So we only know the manly Goku voice

didn't dbz have like an entire half a season of goku learning how to drive

-500k but a minor blip

What is an arab

shit happens just rolling the dice we'll make it back

youll get it back, just need a loaner

Never heard of em

just need a juicer

how ??

Estào digitando indeed

Froj ever tried Poker?

How what

ITS A GIRL YOU JACKASS

You see

When you’re in the womb

he was a girl!

no wolo dont its too powerful

I love being in the womb

guy

You have a chance of not being a guy

Crazy thought to imagine

its very rare

i thought he was a rab?

kind of like a shiny pokemon

about 50% chances give or take

bro ima use the action replay it's ok

higher chance to be born female as you start as one

Live mole reaction

all males are female

Yes that's why I am married to two women

so you are arab?

in minecraft

Brazil

that makes sense

yes

there is not jackass but you

While that may be true

that's a kiven

i heard that in an arab accent

i love it

You didn't know what a girl was

(im so funny)

Have you seen yourself

He knows the theory

i love watching chat get ragebaited in unison

its glorious

Not the practice

you cannot blame him, watch any video from sharia law land, they have 0 females around at all times

Women are scary tho I hear

good job kiven

I do enjoy striking fear into the hearts of men

I'm just goofing around because I have to

So this not necessarily untrue

True, if I ever see a woman sprinting at my direction I am running man like... think about this.

thats hot wolo too spicy for this chat ffs

Do.. social things

Brooooo thanks for the food later homie damn it not again

i see myself what about you ?

Did you wet the chicken again

In my situation that would just be your survival instincts kicking in

lmao

lmao

I have allegedly delivered two separate males decent threats I would hypothetically never carry out

wait what?

I have a sword you can borrow

egypt is kinda like minecraft, so you can get away with it there

So down for that

I have pepper spray and a nuclear bomb

you can borrow

splits atom

Both ends of the lethality spectrum nice

i watched the gorge last night

Who needs anything in between

was a pretty fun movie

the First Answer and The Last Answer

right? Plan A and Plan B

I have learned pepper spray against american white guys is essentially useless because their spice levels scare me @frosty thistle @torn cedar @untold fiber

i need to be included here

well, plan B then

https://tenor.com/view/rds-37-hydrogen-bomb-soviet-union-ussr-russia-gif-11391562786635486182

All three men here have eaten something that scared the shit out of me

No he doesn't brath has been micro dosing getting pepper sprayed in public to build an immunity

@austere sinew Teargas always works

eaten? pfft, i have been trained on pepper spray

And I know you're STALLING

https://tenor.com/view/patrick-patrick-star-patrick-stare-patrick-eyes-red-eyes-gif-14781443

Zumi had hot sauce on a chilli, cupid.. he’s floridian, ryan ate a ghost pepper for fun

he's floridian?

no way

I know

okay but did any of them put ghost peppers in their eyes balls

Terrifying

WHAT

https://tenor.com/view/princess-bride-zorro-dizzy-intellect-gif-13421770

have any of them been pepper sprayed?

im just saying i have

I could find out

and tazed

By

Practical means

Bruh

Petals is wild

Petals is just horny

https://tenor.com/view/princess-bride-laugh-princess-bride-reactions-gif-4559258

average brazilian

https://tenor.com/view/flower-petals-rubbing-flower-gif-1548298039480674200

Petals

WHAT

NAH

😭 😭 😭 😭 😭

Provocative

It's just a flower chill

don't you guys overthink about a flower

its just a prank bro lol

The prank in question:

https://tenor.com/view/explosion-explode-nuclear-bomb-mushroom-cloud-gif-7885327

🚪 🚶‍♀️

wolo has orange hair confirmed?

Oh brath our grocery store situation came up today

HOW

Hi

what does that mean

NO TO THE FLOWER THING

hoi echoes

welcoem back

Good afternoon

An old lady approached me without provocation in the store today and I successfully did not immediately snap her neck, as you've purported you do when shopping lmao

https://tenor.com/view/lmao-lmao-meme-lmao-gif-lol-lol-cat-gif-4552813418803199403

She was asking me if I liked the flavor of tea I was picking up lmao

Lol

"No ma'am, I pick up tea flavors I hate so I can microdose suffering and build an immunity to it"

Reasonable

if a girl asks me anything in the store i simp for her, i dont care the age

i love helping women

That’s just wine

Brath that

Did not sound

How you intended

For it to sound

No it did

i said what i said though

if a girl asks me anything first I need her to do a backflip, if she fails ...

😭

No no he means it

😭

if i want the world to be a certain way i need to be the change

you feel?

Brath (and me) are strong believers in a Goth Mommycracy

but if a guy asks me anything in the store

he's dead

he's so dead

https://tenor.com/view/neck-snap-line-break-funny-gif-20165616

https://tenor.com/view/with-this-treasure-i-summon-megumi-mahoraga-gif-17411827983770801229

Brath when someone talks to him in the grocery store

yeah basically

what am i summoning?

https://tenor.com/view/goth-girl-goth-girl-green-hair-goth-girl-kiss-its-deitsel-carlo-malis-gif-25978600

oooo

got me at the end

Big raga the opp stompa

Psyops

it's all a psyops

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

https://tenor.com/view/mahoraga-the-opp-stoppa-big-raga-the-opp-stoppa-gif-5754347561636376129

Opp stoppa

yes

https://tenor.com/view/mahoraga-jjk-jjks2-jujutsu-kaisen-sukuna-gif-16426072969937482542

Government has great se tatics you have not passed mwuahaha

ok

Mission failed

just so we are on the same page: this is me

Can you run doom?

on a microwave??

On a pregnancy test

perhaps

i run doom on your moms pacemaker

Ong

good good

can u run doom inside of fl studio

You talk to me in a store?

I run doom too

I’m opening my domain on you

LOL

spread em

I hate that

lol

you don't run doom doom runs you

https://tenor.com/view/wide-jair-bolsonaro-bonoro-president-gif-18291672

who is that

isnt he in jail

https://www.google.com/search?q=how+to+run+doom+on+command+prompt

Yes but his home is the jail

he's like... centi-millionarie so laws don't apply

Hello, I want to hide my profile activity. Is there a way to do that?

No

If you do skid things we will all know

looks up profile activity wowwww

jokes on you

🫵 🤣

🫵 🤣

🫵 🤣

I am glad to help

know my place?

I'm not your friend, you can't talk to me like that.

I answered, chill out Mr Reactivity

What kali distribution yall use? ( which has no problems in clipboard settings?)

im not your friend, you cant talk to me like that, either

I'm just warning you.

Oh we have a fight here dont we?

imagine stating your conviction then immediately contradicting it

Heckers its christmas no fights on christmas.

No, this is not the place for fighting.

Hola bestia

Bruh Perfect timing for me to spectate

The beast

Just courious, what profile activity?

you are some dumb ass kid, dont make threats you cant uphold, and also, imagine being so ragebaited by a simple taunt that you mald hard enough to harm someone you just met

you are deranged

Oo

Damn

FFS chat

Ryan is here 🥲

https://app.hackthebox.com/account-settings Go here and uncheck "Public Profile Page"

Saludos

let the flag dumping commence

Not like it hides it from staff lol

I have a problem in my new parrot OS , I cant copy things to my host but i can copy stuff from my host, any guaranteed fix?i use vmware pro

Braths place is on the throne

make sure the vmware-user process isn't failing to start

I think it's something like /usr/bin/vmware-user-suid-wrapper but I do not remember exactly

Kk imma check

Thx

Why does it also feel laggy ? All tho its not my PC or anything .. all settings are fine..
Kali Linux felt more smooth for some reason it felt like 240hz lol

Also its running and totally working ..

which version of parrot

parrot 7 uses wayland IIRC but if its parrot 6 its just normal x11 and xfce so it's unlikely to be parrot itself causing issues

7.0

idk maybe a wayland thing then

inb4 hyper-v is enabled or something weird

but doubt if kali was fine

vm cores setup in a sane manner? ¯_(ツ)_/¯

dafuq... ok it's over, that's enough for now. Just managed to get the root password for that telescope 🤣

pog?

Vendor responded nicely to the initial report at least

..but want a 180 day disclosure timeline

ewww

see you in june

mm.. agreed, but requested they speed up releasing the new API docs

requested, not demanded

Cant remember how legality goes but isn't 90 days the standard

That's what I usually do yeah

..or did, first bounty worth a CVE or responsible disclosure in some time

tbh if you get a cve and some internet points out of it

i guess the extra 3 months isnt toooooooo bad?

They seemed open to it, and it'll make a fun blog post

still bit of a piss take though but yeah

oh nice :)

Kinda surprised being a Chinese company, but happy enough.

Working on the the firmware for their upcoming new product now 🤣 It's a bit different

..but shares a lot

90 days is just “best practice” not a legal standard

The legal standard is however long the statue of limitations is in your area lol

there's regulations depending on industry and compliance etc. also

They responded nicely, and offered swag

I'd say that's a win

yup

Civil damages always exists too

Can random people from the outside hack into the HTB lab pwnboxes?

Which even if the facts are on your side you can’t beat the ride

Not unless you make your Pwnbox vulnerable in some way

Helloo

Hey Goblin

How are you

I'm fine thanks, how're you?

I'm good too
Have my last exam today

🤞

Object oriented programming in C++

Is it possible to reset in-prog modules ? Cant seem to find anything

Hopefully I'll get decent grades

No

I mea, you can't reset progress

Not at the moment, no

You can reset the instances if that's what you meant though

im doing one of those starting zone labs on the last tier, and im in some SQL database trying to establish a reverse shell, and the wrong IP is connecting back to me

Wdym wrong IP

Be careful where you bind your listener to

If on VIP+, Pwnbox has internet access

Like IP of the machine which is connecting to you, is different than the IP of the box?

Make sure to only bind your listener to your lab IP

💀yea maybe he's binding to someone on the public internet

Start up a VPS anywhere and you'll get connection attempts very soon after

No im not binding to anyone else then the machine lol

No what I mean is your listener

You are listening on a port

Netcat

yes

If you listen on 0.0.0.0, that will listen on your public IP on the Pwnbox too

VIP+ Pwnbox has internet access

That means binding on all interfaces will open that port to the internet

Once I was listening on port 1337 on pwnbox, and instead of receiving a shell I receiving a lot of chinese characters instead

Fun day

im just doing the port in the walkthrough

You got hacked by the Chinese

Orrrrrrr
It was possibly a chinese spy contacting you

it was @scenic maple I know it

Possibly

LoL that's crazy because I've literally just did:
CTRL+C

then CTRL+L

L

there goes all the secrets

Ok, but what I'm saying is true. How are you listening, nc?

I would turn it into a stable shell

And actually say something back

yes netcat

Just to see what happens

Can someone explain Standard Template Library in C++ pls

In easier words than the internet

So nc -l <port> ?

443

i shut down the lab because i piss myself xD

Why you're listening on 443?
That's standard port for HTTPS

Because the walkthrough said this

the official one

Which walkthrough you're doing

Archetype

Find the IP address of your VPN connection to the labs ip addr show dev tun0

Then listen via nc -l <VPN ip> <port>

That will bind to just that IP address, instead of to all available

No more internet traffic to your listener

Is it actually possible though that he binded with some random machine on the internet?

What are the chances of that

Not what binding means here

Binding as in, binding to an interface with a port

Ah

Or listening for an incoming connection on a port from an interface

..or by default, from all interfaces (0.0.0.0)

No i dont think i bound to any random on the internet. It just showed it listened to some random

and it shut down

Just read what I said

What you saw was someone scanning common ports

that looks like my dog...

ah ok

that looks like my house..

becuase it is

that makes sense

Xerox but for functions/algorithms

People still know what Xerox is right?

Yes

@eternal mango the command in the walkthrough is this "sudo nc -lvnp 443" im assuming its my IP missing in this equation here

Horror movie type scene

I mean it'd be nice if the IP was included

The main difference here is that you're on VIP+

So your Pwnbox has internet access, and ports you open are as such available to the internet

ok

(if opened on all interfaces)

at least thats spicy xD

I'll make a note of that.. a good distinction and possible improvement.

..dev team will love me

hehe

hear me out, pwnbox but it's a pentest-ready NixOS instead

easier to replicate, and it comes with a easy to mess around and builtin firewall.

🤷‍♂️

next time i do go in to this lab i will just specify that it listens only from the one IP of the machine i attack

You set it to your openvpn address

not the IP of the target machine

(as in what you see from ip addr show dev tun0)

ah ok

So i accidently gave some chinese or russian the IP to some htb server now i guess

no

People are continuously scanning the internet for various reasons, 24/7, 365

You just saw one of those connecting to your Pwnbox on port 443. As it was through nc, no risk

What I mean is, all they saw an open port on a random IP

In previous boxes it has shown in netcat my pwnbox vpn ip being connected to the machine i attacks IP adress. in this instance it showed 2 completely new IPs

Because you listened on port 443 on a VIP+ Pwnbox that has internet access, so that port was open to the internet

It's not your fault, you did nothing wrong.

https://account.hackthebox.com/security-settings

ok. im learning something new every day here 🙂

Every day's a school day 🙂

thats pretty much the main reason i use the pwnbox tbh, either that or a virtual machine because if i screw something up, i can just close it

Aye that's the way

but i have been having a good time, lost track of time doing these labs

Glad to hear it

A day where you have to track time is a bad day

one of my favorite channels on youtube is Scammer payback and kitboga

those guys are hilarious

https://tenor.com/view/do-not-redeem-don't-redeem-scammer-kitboga-do-not-redeem-the-card-gif-11900855712098613254

Funny stuff

Would redeem again

I really like this guy memecave who makes ai joe rogan and dagoth ur interviews

Theyre way higher quality than they have any right to be

https://youtu.be/RVKyru1Dcn0?si=6kb8ofGkMnUtn830 like damn this is 3 hours of OC

Scammer payback are inside the scammers computers and trolling them

Anyone who says ai isnt art needs to watch memecave https://youtu.be/YryOIOrYs90?si=QI0W0kNc0zcQOvaF

https://www.youtube.com/shorts/4fIDsqbkXco

Paranormal Activity doesn't hold a candle to this. Freaky

anyone had an issue of copying stuff from ParrotOS via vmware to Host? since its not working for me ive tried everything .. i can only copy from Host to ParrotOS , i cant even drag files/folders from Host.

I don't know what's real anymore

you using workstation?

I just submitted a critical vulnerability to atlassian too for secret disclosure

Yes

but I got a reply today that its a duplicate it, someone just barely beat me to it 🙁

tried reinstalling vmware tools?

booo 🙁

Well done anyway

yup

not sure could always setup a shared folder and do it that way tho

yeah but its annoying

yeah thats true, just suggesting it cause usually when that happens for me atleast its vm tools issues

presume you've already checked preferences to ensure its enabled?

yes

yeah not to sure then , i'd probably chuck the question in an llm and see if any other suggestions come up

I'm 60% through the HTB penetration tester module, but I want to reset the progress and start from scratch. Does anyone know if there's a way to reset the module's progress?

Can I get a mod to hit me up? I got a question

https://tenor.com/view/cod-antigacha-sniper-quickscope-gif-25079900

what is the nature of the question

Someone trying to sell writeups of the exam

i got a big new lava lamp and I'm heating it up for the first time and time-lapsing the process

Yeah okay you need an actual mod or maybe @lime trout

4

Visit with family went well

oh good stuff, nice break from the grind

Yeh

I miss the grind tho

im currently being humbled by the vvm challenge

Always happens when I take a break I get the itch to work again lol

yep same i had almost a month off, and spent alot of it doing study/htb

I can only do so much nothing

tbh i'd probably be doing these quicker if i wasnt trying to make a tool for everything

Is HTB down for anyone or just my dog?

well I blame DNS

is quantum computing here?

what do you mean by here

no those are only in movies

is it in the room with us

we have quantum (concepts) challenges

Is this "quantum computer" in the room with us right now?

Quantum computing has been a thing since the 90s

Like mullvad added a quantum resistant tunnel to their VPN

Yeah technically what he refers as quantum computers should be called the: next-wave of quantum computers.

So I’m like is quantum being used?

As modern transistors are quite quantum

quantum resistant doesn't require quantum computing though

Oh it doesn’t

Older transistors could be poperly modeled without QFT

but not modern

So we are already in a quantum-wave of computers its been decades

And calling the next wave the canonical quantum is short sightness

🤓☝️

for me the sad part of the holidays comes after I guess when people are hibernating or recovering or whatever. it feels so lonely to go from the high of togetherness and festivity to this lull between Christmas and New Years. And then after New Year's is the same thing. It's like everyday is a long Monday or something.

Don't be sad eat a cookie

🥠

i just had a disgusting cupcake that was made from a box mix with canned frosting. I took two bites. my stomach has been upset today. I had a few leftovers. I ate a good lunch.

I have candy and snacks from my stocking though

so I can have some of that

but I don't want anything except hugs and someone to cuddle with and watch movies

but I don't have that

Cool. Where is the unsub button ?

https://tenor.com/view/hate-hacker-crap-gif-6136227

I presume I need to cancel my VIP+ sub in order to redeem my voucher correct?

I applied to a bunch of jobs today, one being an MSP near my house. They offer on-the-job training to new candidates. Its a help desk position, but it comes with paid training and a ton of upward mobility into other positions and mentorship from senior engineers.

I don't want to pass up on this opportunity to screw it up.

In January, I will follow up. My only question is what can I do to stand out from other candidates?

How many other people applied?

let me check ziprecruiter

In terms of standing out, lying on your resume is probabilistically the best strategy to match the JD perfectly and only correct information if pressed.

Other than that, you know someone who works there to vouch for you.

ok

I made my resume super long

I put A+, CCNA, and I listed the certificate of completion for the one KASE OSINT scenario I solved

but my CCNA expired but I listed as if it was not expired

I have CCNA1

I answered the one question about troubleshooting well

I put a cover letter in

a good one

I'm doing cyberops instead of CCNA.

I have a long resume

im proud of you queue mark but i want you to understand how bad you are going to feel after you get ghosted

well, then what? I'm fucked? This is for a Junior Help Desk Position

9/10 msps are absolute ass to work for, the will promise the world and give nothing in return. They will make claims they do everything when in reality it's all checkbox. They will do nothing to improve the environments the techs deal with as there is never time.

But hey maybe you found the golden egg msp.

we all are brother, the job market is fraudulent

shit ok

Can you recommend me for a remote position? I'm from Brazil and I'm looking for jobs abroad.

No

Good luck, but yeah dont put all eggs in 1 basket. Seen people apply for 2 places and wait 2 years for response lol

Wow

omg I am now the one struggling to contact support smb

Why?

fuck I gotta figure out wth is up w my browser

well, I have the three certs if you count CCNA. I have my volunteer experience. I have my bachelors. it says its an entry level help desk position and they train you. I talked about helping visually impaired students at the Braille Institute with their IT issues.

I have diverse interested in rock climbing, Hack the Box, OSINT, psychology, IT, boxing, and gaming.

I put like a three page resume including the cover letter

Okay ?

am I really unlikely to get this job?

I have reliable transportation it does not say a driver's license is required

Because I don't know you, you live in a different country from me.

I know I can get there and back

you are in california right?

its literally right near my house

Someone has to, why not you

yes

is the job remote?

no

but its a five minute uber ride from my house

@lime trout I sent you a DM regarding the giveaway voucher, for whenver you get the chance to look at it. Thank you

Fingers crossed @gaunt gale

thanks

if I get it I'll have to cancel my electronics classes but

Good, that helps

I'll get on the job training

bitter sweet

I like IT it will actually be better than electronics

if I can get it

All you can do is hope for the best and keep an eye out for others

if they can pay for me to do electronics even better

ya that's all I can do. it doesn't say how many have applied in zip recruiter

according to the websites i use for the probability your resume even gets looked at, 2-25%

this is why you have to lie on literally everything

I hold the CCNA1 Cyberops and CJCA certifications, and yet I haven't been able to a job yet

but don't employers know if you are lying about certs?

like they verify

but I did say I still have CCNA

because if they ask I can show expired cert

but at least they'll look at the resume

the other two certs listed I know I have

It's a toss up

ok

nobody verifies certs or degrees, and by nobody i mean they really almost never check.

I only have my A+ and I got a job within 2 weeks of getting it

in IT that is

Hell, I knew someone recently, they personally handed it off to the hiring manager and they still didn't look at it.

but I could've gotten the job without it. Nobody else is certified so it just made me look better, but didn't make me more likely to get a job

ok

you have ctpts arigth? Do you already work?

look guys heres the harsh reality:

1. lie to get the interview
2. dont fuck up the technical
3. you are smooth sailing

this is how the world works.

if I get this job they will train me but I'm assuming they want a certain kind of person

My work is unrelated

its called failing to the top

ok

right

I'm a terrible liar

that's the issue

Never lied to get an interview

What do you mean? You no longer have a chance of getting a job with a CPTS?

Demonstrated actual skills

Built up my career

Nor have I, never will

you also didnt have to battle 9000 applicants, HR who use AI, and HR who is also paid to lead you on in the job process then ghost you

its a small to medium sized MSP

but I don't know if I will get it I am really unsure.

Google Translate is killing my English, sorry.

Hey huge tip

ok

don't tell us where you work or live

i wish you the best, but please, do not take it personally

ok thanks

ok

its hard for us all

I'm not in Brazil. What I do for a living and side projects is unrelated. Yes I have passion in this field, I'm just casually applying to places when they meet my fancy.

And yeah the job market is funky brosky

I highly doubt anyone could get a first cybersecurity job without experience.

i second this

its more likely you just need someone who will vouch for you, experience means nothing for juniors

I misspelled it, sorry.

networking baby, networking

king of all

ya this job would get me help desk experience, but may get me training to move up into a sysadmin or network admin role

queuemark i mean this with love, but you may want to simply volunteer for your first job, if you can

I need to research the company and plan a follow up for January. lots of people are probably applying.

you seem young

its the best way to get a real job

I have over 15 years in tech. I'm not actually looking for jobs. Fffffffffff

I'm doing an internship with the Purple Team; I'm an unpaid intern. I've already found several vulnerabilities in the company where I work. Actually, I was hired because I was already doing penetration testing beforehand, but even so, I'm unpaid.

I'm fresh out of college. I volunteered already. I listed the volunteer experience on my resume. I described it in detail

I wrote an entire page on it

shit dude.

two volunteer jobs

I gave a real world example of the troubleshooting experience for the question they asked on the application

it was a good example

I had help refining it with gemini

To be perfectly honest, when I took the CJCA exam, I thought it was kind of difficult, but after thinking about it, I realized it wasn't all that hard and passed on my second try. But that only proves my level of knowledge, and certifications like CJCA are good for getting a job in banking.

I still use GPT quite a bit to build exploits, but I'm learning how to do it without it, lol.

I don't know I am scared this job will pass me up. I mean I would think I am doing everything right with my applications.

I'm not young I mean I kind of am but not that young. I was in college for a while.

you can't do anything about that, best way to proceed is to keep honing your craft

like I was in college for several years.

I think the same.

so seeing this makes me not even want to look at this box

try to show them that you are not to be passed up on

ive been on both sides many times, recenty when i posted for a subcontract i needed to fill for my own business, i had over 2000 applicants, how the fuck am i supposed to filter all of it?

Which one?

all i ask is you consider that

hercules

ya I plan on writing a follow up in January maybe mid January. the job was posted five days ago on ziprecruiter

and thats why i suggest you use ai to get a perfect hit on the JD, because HR is only going to pick whos on the top of the stack.

was going through most recent ones to try to get rank up again, but might come back to this one

ok but I put three certs. I could put network+ because I passed that and that expired too

but I didn't. that's the one thing I did wrong

It's fine
-# I don't remember it off the top of my head

if I put that too it would be four certs

look man literally just let AI make your resume, fix the AI shit and make it sound more like you, submit it. who cares whats on it.

ok cool

but its an MSP

that means nothing

won't they know if I'm bullshitting?

ok

no.

MSP's might be the dumbest people on earth

Brathadair, can I DM you? I want to talk to you sometime about planning a follow up in a couple of weeks

you might be able to help me

yeah you can, but understand my advice is HIGHLY controversial.

ok

well, I will think about the advice

Why network or sysadmin role? Your skill set seems to be more in red teaming or pentesting.

network or sysadmin role or cyber security role. network or sysadmin gets you prerequisite experience to do red teaming or pentesting.

red teaming or pentesting is not for people without experience

I learned that the hard way

I mean you don't have to do that anymore

that's why pentesting certs exist

you still can

it's not bad

but you don't HAVE to

TE1M let me ask you this

do pentesting certs matter if the average pentester just uses chatgpt?

Finally home

Hello friends 🙂

let me ask you a question in return. Does any cert matter if the average cert taker just uses chatgpt?

Yes

My dad's new girlfriend runs a bakery and brought fancy cookies :U

ya but I don't have enough pentesting experience to get a cert even. I took years to try and do CPTS. YEARS. I didn't get through it in time. I was working on CDSA but its going slowly.

make your case, im open to having my perspective changed

I think it's the person not the cert imo, the cert can just help get you infront of someone in some contexts

but not all

and maybe not even many of them

i don't think this is the right channel for that, but i think it is both path traversal and security misconfig.

Please help me here.

hardest part about red teaming/ pen testing is getting passed hr tbh

i just want to say that if i see someone with an OSCP i automatically assume its cheated based on all the frauds ive waste dtime interviewing with that cert

many people see it this way too

ok sure

personally it's why I believe building relationships and pursuing things at a highly technical level will be far more valuable for me than getting any certs

networking is king

I mean simply knowing how to build systems doesn't mean you know how to break them. It's 2 completely different skill sets it's nice to know how to do both but one doesn't inherently make you know the other.

Well that's an awful outlook

I think the same, how serious is the flaw knowing that it's exposing the admin page?

Do you think I cheated then?

could say the same thing about any cert these days tho

ever had 2000 applications sitting in front of you?

No

I'm an L1 LOL

no but its objectively easier to exploit powershell if you actually know powershell

so at the eotd

Wow

its easier to exploit AD if you know AD

no one should listen to me

im just a kid lol

Assuming some of your applicants cheated to get their certs is an insane assumption to make lmao

that's advice I got from 2600 people

Judging a book by it's cover

For sure

It’s a statistical one

I'd probably remove that screenshot tbh

some of them probably did

not all but some

why the fuck are you guys always saying im wrong lolol

Assuming all is cringe but that they could have is valid

its like where do you think i get my opinions

Walmart

I use GPT and I don't see a problem with that; the problem lies in you not knowing how to do things.

I can certainly tell you that you're not going to be running powershell commands to exploit generic all permissions lol

I'm not saying shit

It would be a high severity vulnerability, it's like showing your source code leaving in certain commits from the git repository for attackers to probe around. I think?

Excuse me for asking, but why?

I think if I can get a job as a sysadmin or a network admin, or a network engineer, or whatever, then Hack the Box will be much easier

Because you state where you work

plus, this place also has upward mobility into cyber security

That doesn't take much for someone to put 2 and 2 together

Whats problem?

It's not as simple as "I can use Microsoft helpers in powershell to make object" it's more of "I can use python to create objects in active directory"

I highly doubt anyone could reach this point, especially since I have direct contact with developers; in fact, my entire professional life is documented in my portfolio.

A little more work goes into tooling than just using powershell yk

It's written there where I work. lol

Ok well.. it took a few Googles

I know but once you know how a system works, then you can learn to attack or defend it./

Just giving advice

university and 2600 both gave the same advice

for?

I didn't take it

I should have

cesarbtakeda.xyz my portfolio

Ok no problems

God-PowerShellAnnoys --the "Fuck" | Out-Of "Me"

I don't think you're getting what I'm saying

not to mention your linked in and many other things linked to you

few cross references all you need

Not always. Being able to create a complex soc workflow doesn't make you a soc analyst inherently or make it any easier to become one tbh.

Powershells a goofy lil language

I'm not being unethical, my friend. I simply showed the result and was unsure what the problem would be in this case. Showing the POC instead of the result would be problematic.

You're still missing the important pieces and skills to actually do the work well.

I know. I'm saying others may be unethical

I mean you still have to learn how to hack but for some people it makes it a lot easier.

and it probably would be easier in my case.

Ok rigth

it would get my brain going

and frankly, they have SOC Analyst or other cyber security jobs I might be able to move into.

so I don't know they may have training for those

I mean this MSP does it all

My linkedin this in my portfolio, my insta, and my whatsapp

They probably have

as well as where you work and study

ya exactly. I don't get how this can be a bad idea if I can get hired.

This Discord server is also professional.

Yes

this conversation can be boiled down to two/three strategems:

1. Use AI to 100% match the JD -> Get the interview -> dont fuck the technical up and vibe with the team -> win (nobody is checking shit, if they do explain it away. Do a good job in good faith and it shouldnt matter)
2. Get your buddy who works at company to vouch for you, instantly bypass HR, certs dont even matter now. Referral programs are huge.
3. Engineer serendipity with boomers who work in the c-suite and make them think you are their long lost grandchild and give you a job.

was just expanding on what goblin was saying, when you put something like that in here

What I'm trying to say is if someone can find similar open listings like at your place of work that with two Googles, I'd suggest being a bit more overt when sharing information regarding a vulnerability you are working on.

What's the problem with that? Don't you specify where you work, study, or worked when you send your resume?

I did more lying or stretching the truth on my resume than I'd like to admit tho

I still had to go through a technical interview despite being referred

yah but i dont say heres an exploit for where i worked btw i worked here

because I listed my experience with all these cyber security tools

like SIEM and wireshark

Final exam today guys
Wish me luck

I do'nt know

Good luck!

thanks

yes but you bypass HR

gl bro!

C++ really breaking me apart

What SIEM tools?

ya I would show my resume but it has personal identifying info on it and I'm too lazy to edit stuff out

ya

Just list them here then.

There are no open positions, I'm in the cybersecurity department, alias, anyway, I already deleted it. But I don't see a problem in showing a part of what I do.

https://tenor.com/view/hang-first-time-smiles-gif-14991372

Okiedokie

I'll shut up then

Because loose lips sink ships

I'll also give CompTIA sec+ exam today
Or tomorrow

It's opsec dude

your exposing things which people may have overlooked...usually leads to more stuff

yes

Yeah so don't take screenshots of infrastructure you're pentesting

I wasn't trying to be combative

And then share them in public

Teehee

I was trying to help

What's the discussion

Scroll up

Time to hibernate, nn ❤️

It's important to not needlessly give out information on yourself in public forums because you never know if bad actors are reading

anyway i could "aquire" htb legacy merch

😉 😉

you and literally every applicant ever, the corporations lie to you, you have every right to do it back.

the entire process is transactional unless you are doing groundbreaking work

Yes, but as I said, I didn't play through how I got to that point in the exploration; I only took screenshots, hid the URL, and hid the path to the vulnerability. Showing the path to get there would be a problem.

you didnt hide the path...

this, i have read so many stories where they got in with no adequate skills for the job and had to learn it on the go

this is how ITS SUPPOSED TO BE

No?

So what path did I take to arrive at failure?

it was shown outside the url but correct me if im wrong i only looked over it quickly

yes

I'm gonna put a few sections of my resume on here but not the whole thing:

PROFESSIONAL SUMMARY
    Service-oriented IT professional with a B.S. in Computer Information Technology and a CompTIA A+ certification. Proven track record in providing technical support for Windows, macOS, and network infrastructure. Experienced in troubleshooting hardware, software, and connectivity issues while delivering excellent customer service. Adept at translating complex technical problems into clear solutions, fostering a positive and approachable environment for end-users.

<SNIP>

CERTIFICATIONS & TRAINING
    • Cisco Certified Network Associate (CCNA)
    • CompTIA A+ Certified IT Technician
    • KASE Scenarios Orkla: Dragon Con Detective – Certificate of Completion

<SNIP>

TECHNICAL SKILLS
Security & SOC Fundamentals
    • SIEM fundamentals, log analysis, event triage
    • IDS/IPS concepts, endpoint protection, threat detection workflows
    • Vulnerability management, incident response basics
Operating Systems
    • Windows (Strong)
    • macOS (Strong)
    • Linux (Ubuntu – Intermediate)
    • Kali Linux (Basic familiarity)
Networking
    • TCP/IP, DNS, DHCP, NAT, VPNs, VLANs
    • Network troubleshooting
    • Packet capture & analysis (Wireshark)
Cybersecurity Tools & Platforms
    • Wireshark
    • Nmap
    • Splunk (Beginner)
    • Snort (Beginner)
    • Hack The Box Academy labs and defensive platforms

<SNIP>

IT Volunteer at <REDACTED> Crypto Podcast
    • Supported live podcast production, ensuring stable systems and reliable network conditions.
    • Set up, tested, and troubleshot audio, video, and recording equipment to prevent downtime.
    • Assisted with resolving technical issues in a fast-paced environment requiring quick problem-solving.

IT Volunteer Support Specialist at <REDACTED>

    • Helped students troubleshoot macOS, iPadOS, and iOS devices, focusing on accessibility features for visually impaired users.
    • Guided users through device configuration to improve usability, privacy, and security.
    • Provided clear and patient technical support to users with varying levels of experience.

Cybersecurity Capstone Project <REDACTED>
    • Built and secured a simulated network with firewalls and logging; performed system hardening and vulnerability assessments.
    • Maintained accurate documentation of network configurations and inventory of virtual assets.
Analytical Problem Solving (KASE Scenarios)
    • Completed the Orkla: Dragon Con Detective scenario, utilizing analytical thinking and investigative tools to solve complex technical challenges.
    • Developed skills in data extraction and critical thinking to identify and resolve underlying system or user-reported issues.

<SNIP>

That was just some of it.

I put a few things on there

I just put A PORTION of my resume

I haven't exposed any information that would allow one to identify the flaw.

This isn't true you didn't cover everything

Ah so some guy posted screenshot of a pentesting engagement
Post it again! I wanna see too

This isn't correct

reads like a fresh outta school resume and im not in hr, also gives vibes of ai generated summary

@iron depot post again, I wanna see!!

kinda did tho