#general
scenic maple
mystic harbor
muted olive
When you've almost forgotten about it, it'll be scheduled for release
muted olive
humble light
hello fellas
scenic maple
and as a side gig get cwes
muted olive
arent you already employed
scenic maple
layed of after new year
muted olive
layed of after new year
:(
ornate ibex
pathetic
muted olive
why?
scenic maple
it got sold to big company
green kite
layed of after new year
whaaaaaaat
green kite
<@753155767615356929> join SRT
SRT 
scenic maple
<@753155767615356929> join SRT
i am probably missing every qualification listed there lmao
muted olive
i am probably missing every qualification listed there lmao
get few HTB certs ez
ornate ibex
even with some certs that they listed I couldn't get into SRT lol
scenic maple
hmm i am gonna do cwes this year hopefully
muted olive
I say its easy but not done anything myself
subtle plover
@mystic harbor
muted olive
even with some certs that they listed I couldn't get into SRT lol
What??? I thought you could get in easily lol
you as in 🫵
subtle plover
layed of after new year
scenic maple
even with some certs that they listed I couldn't get into SRT lol
u need some extra stuff
people with htb certs were rare back then
humble light
Are you guys employed?
scenic maple
but now its very common
meager kernel
Maybe a few
ornate ibex
u need some extra stuff
well, I thought OSCP opened doors
scenic maple
well, I thought OSCP opened doors
humble light
does certificate matter for applying jobs?
scenic maple
gotta keep this video close by tejas keeps coming with banger jokes
mystic harbor
well, I thought OSCP opened doors
Yes in your pocket
ornate ibex
Yes in your pocket
I paid half the price, rest company training budget covered
muted olive
gotta keep this video close by tejas keeps coming with banger jokes
yes
green kite
does certificate matter for applying jobs?
it might help with a foot in the door, but a cert wont land you a job
muted olive
@ornate ibex did you try applying?
devout sail
I paid half the price, rest company training budget covered
Maybe mine would cover the leaves i need to take for exam if i request really badly
ornate ibex
<@561210274653274133> did you try applying?
Apply what?
muted olive
Apply what?
for SRT
ornate ibex
I did twice
devout sail
What's srt 💀
muted olive
oh, damn :(
muted olive
What's srt 💀
synack red team
ornate ibex
Let me try once more 2026 after CBBH
muted olive
was thinking of applying but I doubt it now LOL
ornate ibex
if that opens the door lol
green kite
but hey, im more than capable of finding bugs
muted olive
Maybe CVEs help
mystic harbor
@native plume
muted olive
if that opens the door lol
CBBH probs will
humble light
it might help with a foot in the door, but a cert wont land you a job
okay thank you, nice to meet you.
muted olive
or CWES or whatever
scenic maple
Let me try once more 2026 after CBBH
dont lol
u need something extra as i said
sparkling got rejected from it
he has both cwes and cwee
muted olive
dont lol
u need something extra as i said
sparkling got rejected from it
what is extra 
devout sail
he has both cwes and cwee
Can still try tho
What if he gets it
ornate ibex
I suppose they haven't exhausted the priority waitlistyet?
green kite
I suppose they haven't exhausted the **priority waitlist**yet?
itsa nice way of saying, we wont come back to this
scenic maple
what is extra <:pepecoffee:1206998399593873449>
like a few bugs on h1 or bc
or few cve maybe one vm escape etc
devout sail
"we will get back to you" 😁
muted olive
I suppose they haven't exhausted the **priority waitlist**yet?
you get prioritized with some certs like HTB ones, its metioned in their site
devout sail
Yesterday I got an interview for audit and operations
green kite
like a few bugs on h1 or bc
or few cve maybe one vm escape etc
I got a good few bugs during christmas break https://bugcrowd.com/h/everydaysparkling
devout sail
I didn't feel like giving
muted olive
like a few bugs on h1 or bc
or few cve maybe one vm escape etc
vm escape? 💀
not everyone is frostb1te
other ones I have
scenic maple
I got a good few bugs during christmas break <:kek:889992816296595456> https://b...
🔥🔥🔥🔥🔥
muted olive
but if they're expecting that = cooked
ornate ibex
you get prioritized with some certs like HTB ones, its metioned in their site
well that mail was sent to me Feb of 2024, now it is 2026. Isn't it a long wait?
ornate ibex
This was rejection email from 2022.
muted olive
lol improved rejection wording
green kite
This was rejection email from 2022.
We shall create TejasSparkling team
ornate ibex
I think I didn't have the cert from the pathway that they suggested back then
ornate ibex
We shall create TejasSparkling team
Yes. We'll hack the universe!
green kite
I love OTPs
green kite
when they dont have ratelimiting
green kite
I found this bug a while ago, it sent you a OTP for mobile login, it was valid for 30 min
muted olive
I have few CVEs coming up so hopefully it helps to apply to SRT. Hopefully
green kite
but no ratelmit on the verification
nor if X attempts account blocked
so I got into any of their accounts with a simple python script 😆
ornate ibex
Which OS is that lol.
muted olive
Which OS is that lol.
probably 🍎
ornate ibex
must be android
At least that is not the case in OneUI
muted olive
so I got into any of their accounts with a simple python script 😆
P1?
muted olive
oh
muted olive
did they reply?
green kite
yes
that they would fix it and thank me for spotting it, but its been nearly a month and its not fixed yet
but hey, christmas break, so i dont blame em
muted olive
I appreciate those who operate outside of H1/BC and still reply fast
Like the mozilla team which I'm engaging with now
muted olive
all 24 hr replies so I appreciate those who do that
I hate ones where I wait a month for one reply
microsoft is slow as fuck
green kite
big company haha
muted olive
true
they have tasks like integrating copilot into everything to prioritize 🤣
(/hj)
ornate ibex
I hate ones where I wait a month for one reply
Well, I had a terrible experience with one of the banking-related companies, and I can't imagine how horrendous those bugs were and poor standard for replying and acknowledging.
They still have not deleted my account from one of their production customer's interface.
And I keep getting email.
I did notify and they said they cannot delete 🤷♂️
now, I'm like should I reach to the court or X or the company itself?
sturdy thistle
hack your way in and delete
heady sage
Michealsoft Triage is a joke
muted olive
I have found critical bugs in other countries' national banks and couldn't report because they dont even have an email
to this day its still vulnerable but hey its their problem lol
and I hadn't even heard of that country till I googled the name
main kayak
heloo plz help me am stuck in a modlue
ornate ibex
I have found critical bugs in other countries' national banks and couldn't repor...
tell me which currency it is lol
main kayak
i am new plz help
humble light
I have found critical bugs in other countries' national banks and couldn't repor...
how old are you when you learn to hack?
ornate ibex
SG or AUS 🤔 any other countries that call their currency dollar?
muted olive
how old are you when you learn to hack?
16
muted olive
SG or AUS 🤔 any other countries that call their currency dollar?
actually quite a few
its not either of those
devout sail
muted olive
wow, how old are you now?
18
humble light
i start to learn at age 24, am i doomed?
sturdy thistle
@austere sinew wakey wakey
green kite
i start to learn at age 24, am i doomed?
never
muted olive
i start to learn at age 24, am i doomed?
not at all
ornate ibex
They still have not deleted my account from one of their production customer's i...
on a serious note, what would you guys do?
muted olive
on a serious note, what would you guys do?
Maybe follow up email, or email a CERT
they cannot delete as in?
like, do they not know how to delete or
ornate ibex
I think they meant in the compliance way
but I'm not part of the org and lol why can't they
muted olive
But that is dumb
"attacker is in our system but due to compliance we can't kick them out"
sturdy thistle
Vultr refund policy is so fucked i dislike the company
ornate ibex
Vultr refund policy is so fucked i dislike the company
I thought you used hetzner
sturdy thistle
this should say everything too
muted olive
use AWS to lose money instead
ornate ibex
this should say everything too
nowhere near us
ornate ibex
But that is dumb
"attacker is in our system but due to compliance we can't kick...
Literally, that.
sturdy thistle
I thought you used hetzner
I do but for some automations i used vultr and stopped the instance in October and got charged since then. I reached out and asked for refund and they said not possible according to their policy
supple plume
muted olive
Literally, that.
Our species is cooked 
sturdy thistle
my review ```No leniency regarding billing, even in cases of obvious error.
An accidental VPS renewal was billed in full, even though the service was not actively used and was deleted immediately after the error was discovered. Despite multiple attempts to contact them, any form of refund or credit was categorically refused.
Support refers exclusively to internal policies and shows no willingness to review individual cases or offer customer-oriented solutions.
Anyone using Vultr should pay very close attention to cancellation deadlines – mistakes are not tolerated.```
supple plume
good morning
ornate ibex
<:shut:916874842119221268>
try again, BOF not accomplished.
sturdy thistle
so i recommend you to avoid vultr
supple plume
B--b-benc
muted olive
my review ```No leniency regarding billing, even in cases of obvious error.
An ...
does AWS refund for this?
sturdy thistle
idk
muted olive
or azure or other standard ones
ornate ibex
does AWS refund for this?
They do only once per acc.
sturdy thistle
i mean my instance was stopped since octobver and i just asked for a refund for the latest charge
ornate ibex
They are also lenient and let you to continue services with due, if you could give them proof that you'd pay them at a later date.
heady sage
I need a new hobby
muted olive
reminds me of that meme
"why are you in poverty? drugs, gambling?"
"I left an EC2 instance switched on"
sturdy thistle
even once is more than vultr does
supple plume
I need a new hobby
learn javascript for more humiliation
ornate ibex
I need a new hobby
Origamiiiii
heady sage
Hell no
muted olive
I need a new hobby
Basketball
sturdy thistle
i mean it's 14 USD not a big deal but how they treat customers is insane
heady sage
JavaScript no
supple plume
JavaScript no
JAVASCRIPT 
ornate ibex
back to vibecoding. Byewwwww
supple plume
https://tenor.com/view/cat-ballin-cat-balling-dribblin-cat-ball-gif-379705084539...
@scenic maple
heady sage
supple plume
ocsvader learn javascript or I will encrypt you in base58
time to do something productiv e
I digress 
fiery copper
https://tenor.com/view/lebron-james-lebron-bron-scared-im-scared-gif-90868569782...
Israel
scenic maple
base256 or nothing
heady sage
ocsvader learn javascript or I will encrypt you in base58
id rather play clown
fiery copper
I like base10 more
supple plume
id rather play clown
No need to pay, I don't charge 
raw lichen
me too, hard core want CJCA and script kiddie title....
subtle plover
me too, hard core want CJCA and script kiddie title....
Nice bor
raw lichen
The only real-life socialization we tech people get is Google Gemini voice chat. 🙂
subtle plover
The only real-life socialization we tech people get is Google Gemini voice chat....
Lmao you dont have an ai gf yet?
I have 3 ai gf
Dont hack them
raw lichen
Used to have MoeMate but she shut down.
meager kernel
Dont hack them
imagine if they leave you too
raw lichen
The developers couldn't make MoeMate profitable.
subtle plover
imagine if they leave you too
Id have to attack hack and crack them
meager kernel
im not going to college nowadays so socialization is kinda low for me
raw lichen
They will give you the safety lecture "I do not condone illegal activity" if you try to hack AI girlfriend.
upbeat tangle
Get a real wife instead guys, they are unhackable
raw lichen
Family is for the rich, for the top 1%. Us plebs can get kittens.
meager kernel
Get a real wife instead guys, they are unhackable
wait youre married irl yea?
upbeat tangle
Ofc brother
raw lichen
Only men with 5% body fat, bench 200, run 10k, half a million dollars is worthy of a women.
supple plume
Average 2006 kids
I from 95
meager kernel
Only men with 5% body fat, bench 200, run 10k, half a million dollars is worthy ...
thats.......
not true
upbeat tangle
I know its probably not the norm these days but i consider my wife to also be my best friend
meager kernel
I know its probably not the norm these days but i consider my wife to also be my...
tbh having your partner as your best friend is probably the best move
subtle plover
Only men with 5% body fat, bench 200, run 10k, half a million dollars is worthy ...
Or if you can hack everything and be rich like @austere sinew
supple plume
meager kernel
@upbeat tangle give me advice on how to get a partner
upbeat tangle
tbh having your partner as your best friend is probably the best move
Thats the only way its going to work long term
supple plume
<@153565454839971840> give me advice on how to get a partner
Hit the gym, become a hacker, forget about partners
raw lichen
Basically this... IQ of Edward Snowden + Baki body
supple plume
-# intall arch
meager kernel
Hit the gym, become a hacker, forget about partners
God forbid a man wants a healthy social life while maintaining his personal passions and interest
upbeat tangle
<@153565454839971840> give me advice on how to get a partner
My strategy was to constantly meet women, for every 1 successful date theres tons of failed ones
gray wraith
Hit the gym, become a hacker, forget about partners
Gym gains only impress guys
meager kernel
My strategy was to constantly meet women, for every 1 successful date theres ton...
how'd you find dates? tinder?
upbeat tangle
Dont be afraid of rejection, its inevitable and you cant change it. Keep going
supple plume
Gym gains only impress guys <:kek:889992816296595456>
The one I feel really satisfied impressing is myself
I hardly do that
And that keeps me focused
upbeat tangle
how'd you find dates? tinder?
Nah. Not tinder. Better start talking to people outside and be a nice genuine person and eventually your gonna have the courage to ask someone on a date without apps
If you get rejected thats ok, maybe next time you wont be
Its like practice any other skill
Socially engineering your way through life like a hacker
meager kernel
Nah. Not tinder. Better start talking to people outside and be a nice genuine pe...
the only place i really socialized was college
and i havent gone to college in a while
upbeat tangle
Join some past time activities group
upbeat tangle
Hahahahaha
muted olive
See its criticizing you
upbeat tangle
Omfg that made me think of some AI meme i saw with 3 Indian guys coming on a boat and the police at harbor asked them to apply deodorant. They turned around the ship immediately and yelled Nooo not the deodorant you traitor!!!
meager kernel
Omfg that made me think of some AI meme i saw with 3 Indian guys coming on a boa...
sounds accurate
man yk what sucks
i used to have alot of hobbies i enjoyed like guitar and piano
and ive left them rn cause im lazy
i should genuinely get back into it
muted olive
I play the piano occasionally
meager kernel
Thats your way to meet a partner, dont be lazy
i initially learnt guitar for my ex
she wanted me to play a song and i promised i would for her on her bday
and i did
good times
upbeat tangle
she wanted me to play a song and i promised i would for her on her bday
Man thats fire
I usually spend my musical career destroying my wifes favorite songs by altering the lyrics
frosty bane
upbeat tangle
she wanted me to play a song and i promised i would for her on her bday
My father died years ago but my mother tells me sometimes that "Your father was never perfect or a saint, but no matter how bad of a day ive had he could make me laugh"
Normal women dont need much
scenic maple
thats very cool
meager kernel
My father died years ago but my mother tells me sometimes that "Your father was ...
thats nice
heady sage
like, do they not know how to delete or
mystic harbor
Average 2006 kids
Vro i am not
muted olive
subtle plover
@scenic maple
scenic maple
thats not very nice of you
undone fossil
My roommate thought she hadn’t drank any water in 5 years
Well, for a 5 year part of her life
I’m unsure how to process this
upbeat tangle
My roommate thought she hadn’t drank any water in 5 years
If you eat tons of food that retains fluids like some fruits you dont necessarily need to drink alot of water.
upbeat escarp
hello people
undone fossil
If you eat tons of food that retains fluids like some fruits you dont necessaril...
Yes which have water in
She’s under the impression that soda or energy drinks etc contain zero water
undone fossil
I’m just
Astonished
How do you reach >20 and not know you need water to live
Holy fuck
upbeat escarp
i had an identity chrisis while talking to someone from this server, they defined network security as mostly OS security however i think its more than that
bad configs, weak encryption these things also come under network security. Am I wrong?
subtle plover
I know someone who only drinks soda and doesnt like any fruit or veggies
undone fossil
The same concepts apply however both have things such as unique side channel attacks etc
upbeat tangle
A network is only as strong as its weakest link
scenic maple
@zealous charm they actually mention it at the end
heady sage
Ring a ding bitch
upbeat escarp
A network is only as strong as its weakest link
links are built on operating systems though
meager kernel
<@211942149598478336> they actually mention it at the end
what does it do
scenic maple
it lets you do graphql stuff inside burp
like look at the schema
generate queries
upbeat tangle
links are built on operating systems though
Most of the times yes i guess so. Even the AI teddybears from temu got tiny operative systems in them
heady sage
it lets you do graphql stuff inside burp
Don’t rely on it. You’re gonna realize very quickly that it does zero evasion
scenic maple
i dont want to be silent i want to be loud
heady sage
…
undone fossil
links are built on operating systems though
Yes but consider that there’s unique attacks to both. They’re all one on the same problem of “computer security”. So sure yes most things stem from an OS but not entirely
subtle plover
Waf woof
upbeat tangle
Bing bong goes waf woof
undone fossil
I mean unless it’s something you have the source to I think that would be extremely stupid
heady sage
cwes doesnt have a waf
Oh you’re talking about CWES
scenic maple
yeah
undone fossil
General rule: if it’s in the syllabus it could be on the exam
But I still think it’d be very stupid to have a waf that isn’t either completely misconfigured somehow (enabling a bypass) or with source code
heady sage
Okay here’s a good read for you
heady sage
The Web Application Hackers Handbook V2
upbeat escarp
Yes but consider that there’s unique attacks to both. They’re all one on the sam...
yea
so i was the right one
heady sage
I’m serious Golam, it’s actually an awesome read
undone fossil
Well sure if you consider the only part a of a computer to be it’s operating system 💀
heady sage
Well sure if you consider the only part a of a computer to be it’s operating sys...
Which it’s not
upbeat escarp
Well sure if you consider the only part a of a computer to be it’s operating sys...
not really
they sent me a code which had a buffer overflow vuln and the buffer was being fetched by a socket
and called it a vuln in the network
undone fossil
Then you’re far from it, custom protocols, DLP, DPI are all interesting
heady sage
they sent me a code which had a buffer overflow vuln and the buffer was being fe...
????
scenic maple
I’m serious Golam, it’s actually an awesome read
yeahh i added it to the list after u said so long ago
its already there
undone fossil
and called it a vuln in the network
No this is just shit software triggered over the network
The network is doing its job fine, it sent your traffic
upbeat escarp
No this is just shit software triggered over the network
yes thats what i said
fiery copper
i had an identity chrisis while talking to someone from this server, they define...
Bro doesnt know if he identifies himself either as an administrator or user
upbeat escarp
they said that the network guy should fix the packet handling aswell
upbeat escarp
Bro doesnt know if he identifies himself either as an administrator or user
lol
undone fossil
New career path required
fiery copper
New career path required
The best career is that one that lets you sleep on the job
upbeat escarp
The best career is that one that lets you sleep on the job
so construction
undone fossil
I mean you could be a bed tester
open vigil
thursday
heady sage
I mean you could be a bed tester
That’s not a real job
fiery copper
I mean you could be a bed tester
Well, I do like soft stuff
upbeat escarp
That’s not a real job
what do u mean
undone fossil
Someone who tests mattresses yes
upbeat escarp
it is
undone fossil
That’s real
upbeat escarp
thats a real job
fiery copper
I wanna be a bed tester
undone fossil
I’ve heard it sucks
fiery copper
Imagine adding in my CV Professional Bed Tester
upbeat escarp
head to your nearest bed store and ask them you want to be the bed tester and see how much they give you ($)
its so much for such little task
is this an unknown method?
undone fossil
“Professional neet”
undone fossil
vast yarrow
Hey all, the student discount only works for academy not the lab platform right?
scenic maple
only academy
supple plume
https://tenor.com/view/frog-pat-head-pet-froge-gif-17800229
@undone fossil
froj seeing my memes
undone fossil
Real I am in fact that old also
supple plume
Real I am in fact that old also
more than 30?
if you're older than golam then you're old
terse dirge
vro there's some super cringe going on. A botnet was poking at us again I might have a new url on urlhaus 
scenic maple
where did you host the siem and what does it protect
terse dirge
nvm someone already reported it
scenic maple
terse dirge
where did you host the siem and what does it protect
it protects || ||
scenic maple
doesnt that make it a honeypot
terse dirge
I'm supposed to keep the network super open because it's a cyber range
terse dirge
doesnt that make it a honeypot
yeah
scenic maple
i see
terse dirge
I'll probably get emails about my api tokens for a few threat intel resources being abused when we get hacked
terse dirge
I mean this is the type a shit I end up seeing so take that as you will.
scenic maple
terse dirge
this is from the new ip being abused. it sends udp packets with that shit in it to spread
it's weird and now it's just pinging or doing other goofy shit to our network
it's fairly fixated on port 3000 currently got a few empty packets being sent with in an hour and elastic was going kinda crazy with its alerts for a bit
acoustic pelican
I have
recieved a 30% discount
to comptia
security+
is that ok ?
the discount boys
muted olive
How do you reach >20 and not know you need water to live
Lol new level of low. Btw 26% of the 🇺🇸 population believe the sun revolves around the earth. Similar shit
muted olive
🔥
terse dirge
@scenic maple there's also an ip in germany sendings a little over 1k bytes with udp and icmp 💀
i know who that is
undone fossil
Lol new level of low. Btw 26% of the 🇺🇸 population believe the sun revolves ar...
sadly not surprised
slim topaz
Yo guys
I'm passing the eCIR in 3 months after that i still have a voucher for one INE certification which one should i pass ?
The digital forensics certification or the threat hunting certification
terse dirge
oh nvm, it's my opencti box? huh?
nothin to worry about it's just a bot by the looks of it
supple plume
Lol new level of low. Btw 26% of the 🇺🇸 population believe the sun revolves ar...
Hopefully most of them are people in the range of 3-6 years old
devout sail
It's actually a huge screen
supple plume
It's actually a huge screen
Change the background to some gothmommies please
devout sail
Personal sky :D
supple plume
Yep time to hack the earth
cloud yew
Anyone completed eighteen that i can message regarding issue with denied access on setting msDS-SupersededServiceAccountState for target account? Or does it require box restart?
austere sinew
<@705447172581228564> wakey wakey
Hola @sturdy thistle
undone fossil
at&t 
sturdy thistle
Hola <@226223176269561857>
finally
sturdy thistle
nice
zealous charm
<@211942149598478336> they actually mention it at the end
Yeah it’s a pretty good extension for graphql. I think there’s one other popular one but I prefer inQL
meager kernel
@austere sinew hello
austere sinew
yellow @meager kernel
meager kernel
yellow <@1383770187790286879>
Hru
stoic relic
Hi
Anyone else having trouble connecting to htb openvpn
devout sail
Haven't connected to openvpn in a month 😔
meager kernel
im good hru <@1383770187790286879>
Good, tired
In the gym rn, my back is aching
warped plank
Haven't connected to openvpn in a month 😔
Bro got that VIP+ pwnbox?
open vigil
Haven't connected to openvpn in a month 😔
I've done the whole CWEE path and exam on pwnbox
devout sail
Bro got that VIP+ pwnbox? <:kek:889992816296595456>
No i just didn't hack anything from eloquia
I lost my thing
The thing that makes u do things
stoic relic
Good, tired
In the gym rn, my back is aching
Do you also get machines_us-free.ovpn instead of the username one that we used to get?
warped plank
No i just didn't hack anything from eloquia
I lost my thing
My thing that makes me do things is all over the place
stoic relic
Do you also get machines_us-free.ovpn instead of the username one that we used t...
For US servers as example
devout sail
My thing that makes me do things is all over the place
Give me some
You aren't using it anyways
warped plank
You aren't using it anyways
Im using it way too much is the issue
stoic relic
Im using it way too much is the issue
What is the thing that let you do things?
warped plank
It just randomly chooses something to hyperfocus on then gets bored after and immediately finds another hyperfocus
warped plank
What is the thing that let you do things?
It's the voice in my head
stoic relic
Ohhhh yeh i have that too
Although it's been quite for while now
warped plank
Just today it went:
- you should pick up, clean and setup this mini fridge
- now do some home labbing
- now do some academy
- now prepare for the box release
- now cleanup christmas decor
All before having to go to work 💀
stoic relic
Just today it went:
- you should pick up, clean and setup this mini fridge
- now...
Wow your thing is crazy
warped plank
Wow your thing is crazy
Went even crazier at work cos my manager recently was hospitalized so they had to take it slow today. Guess who picked up half their duties
Thank god for caffeine
upbeat tangle
Good, tired
In the gym rn, my back is aching
Good man!
stoic relic
Went even crazier at work cos my manager recently was hospitalized so they had t...
Maybe coffee is the reason for the thing?
Like if caffeine didn't affect you (just like how it has none on me) then you would not have taken the duties.
wooden dust
Good, tired
In the gym rn, my back is aching
Bro is touching grass.
warped plank
Maybe coffee is the reason for the thing?
Like if caffeine didn't affect you (ju...
I didnt have caffeine til 6pm...
I felt myself feeling burnt by that time so I had to get caffeine
meager kernel
Bro is touching grass.
Barely
Hopefully I'll have time today to actually go outside and touch grass
open vigil
Bro is touching grass.
traitor
supple plume
so funny the thumbnail
supple plume
so funny the thumbnail
@agile thunder 🥀
muted olive
what are you doing? 👀
glacial dock
Anyone know what is best machine for Active Directory covering the basics enumeration and attacks
zealous charm
@scenic maple any hacking today?
zealous charm
If you like graphql, the Indeed BBP uses it on their api
zealous charm
u?
Been working on the same program for the last week, up to 3 SQLi but I am worried if I send more they just dupe them all and scam me haha
I have 5 total but only sent 3 thus far
scenic maple
lol thats so common
zealous charm
Especially this program they have scammed me before when I sent too many P1s
scenic maple
muted olive
looking for graphql endoints on vdp <:waz:1424888525202915403>
graphql boring imo
xss is more fun to search for
or info disc
muted olive
yep always there
for you to make $$$
subdomain takeover is also a high reward area
and is very common
zealous charm
Yeah, this program happily paid out 20 shitty rXSS but wouldn’t pay my 7 LFIs. I guess they only want to pay for shit bugs
muted olive
Yeah, this program happily paid out 20 shitty rXSS but wouldn’t pay my 7 LFIs. I...
lol stop doing that program then
zealous charm
But they’re so easy
chrome tree
it never goes away
I wish php was more like my dad. 
muted olive
sounds like a lot of effort for a shit program
scenic maple
have u guys found any luck with the many newer type of vulns stuff like cache deception like the things that came out in the last few years
scenic maple
what about over all
muted olive
not tried that much tbh
overall I guess you do run into the newer stuff
although I dont do web that much
zealous charm
I don’t really hunt for cache stuff or request smuggling, but I’ve seen a few reports about it
muted olive
or if I do I test for traditional stuff
muted olive
I don’t really hunt for cache stuff or request smuggling, but I’ve seen a few re...
One of my life goals is to submit a valid report to Curl and get it accepted. No AI slop
zealous charm
But a fun (and mean) interview question is “what is the difference between web cache poisoning and web cache deception”
scenic maple
thats a noble goal
muted olive
But a fun (and mean) interview question is “what is the difference between web c...
tbh I dont know
I found the first one
idk about second
also it wasn't "web" cache but whatever
I guess you can just say "cache poisoning"
zealous charm
I only ask if the candidate is doing really well haha
muted olive
I only ask if the candidate is doing really well haha
lol, relatable
as in relatable frmo someone who answers those kind
I always start getting more nitpicky questions
like "difference between seek() and tell() in python"
or "random range of int vs float"
scenic maple
posisoning puts malicious stuff into it
deception makes it put classified hidden stuff into it
muted olive
ah
carmine pecan
yeah classic integrity attack vs confidentiality attack
During an interview I was once asked: "What's your methodology for CSRF attacks and how would it differ if it was a Cloud pentest"
scenic maple
and ofc you replied with "quantum mechanics"?
carmine pecan
LoL I explained a bit on how I find CSRF but like...
the cloud thingy?
wtf
I went on an tangent explaining that if it was SSRF (not CSRF) then yes it would be somewhat different and more impactful
zealous charm
“In conclusion, that is why manholes are round”
carmine pecan
but for CSRF [...]
scenic maple
to confuse the enemy you must confuse yourself first ~ sun tzu Grokking the system design interview
zealous charm
@grok is this true?
scenic maple
its an actual book name tho
carmine pecan
@grok is this true?
it would be so funny if we had a fact checking AI here in HTB Discord
carmine pecan
its an actual book name tho
Sun Tzu knew system design? 🤯
scenic maple
duh
carmine pecan
Sure, all old philosophers knew system design because everything a system if you are brave enough.
--> ♾️
Oh my the lemniscate symbol in discord is not closed
this bothers me massively
♾️
prisma sequoia
infinity is air gapped b/c security
young glen
Dnsrecon is such a good tool
carmine pecan
Now I am become destroyer of stealth, alerter of the SOCs
vast mango
I wanna learn ethical pentesting, could you theoretically ddos a router or can you only ddos websites (ETHICAL)
meager kernel
Neither
devout sail
we should just delete ddos attacks
It isn't even fun
warped heath
hello everyone, there is any admin to ask a thing on the academy?
west venture
Oh my the lemniscate symbol in discord is not closed
Das ist das Infinity symbol.
carmine pecan
lemnisicate
west venture
What?
muted olive
During an interview I was once asked: "What's your methodology for CSRF attacks ...
For CSRF attacks I would start by probing action sensitive endpoints. If it was a cloud pentest, I'd smash my computer with a baseball bat and call it a day.
proud moth
CSRF attacks are easy to map
undone fossil
proud moth
https://tenor.com/view/the-frog-mage-i-aint-readin-all-that-tldr-too-long-didnt-...
MASTER HELLO
muted olive
Was disappointed initially though
finds CSRF for first time
CSRF on non-sensitive actions like logout is out of scope
😢
undone fossil
🐸
proud moth
🐸
how to find main address in 64 bit statically compiled stripped binary plzzz????
i can'tttt
undone fossil
how to find main address in 64 bit statically compiled stripped binary plzzz????
look at entrypoint -> look at 2nd call/jmp in _start -> look for a compare eax, 0 -> the function called before that
assuming a CRT for windows for a C/++ binary
muted olive
I was typing out some gdb and objdump stuff then noticed you said "stripped"
undone fossil
send me the binary and i can send an example with screenshots
im on lunch so have a bit
proud moth
└─$ objdump -d test_strip --start-address=0x1050 | head -n 25 | grep "(%rip)" -B1 | grep lea | head -n 1
1064: 48 8d 3d ce 00 00 00 lea 0xce(%rip),%rdi # 1139 <__cxa_finalize@plt+0xf9>
i'm doing something like this, main should be at 0x1139 if i'm not mistaken?
muted olive
look at entrypoint -> look at 2nd call/jmp in _start -> look for a compare eax, ...
This I need AI for ngl
proud moth
thanks my brotha
undone fossil
🤝
proud moth
i'll be in chit chat VC
muted olive
Actually though. AI tools like Chatgpt are genuinely useful if you actually understand what the problem is and what its outputing
otherwise its a trash exchange mechanism
because it feeds you BS sometimes and you have to correct it
I was using it to organize my thoughts on protocol flows and it's been very useful
vivid flower
Ive been dipping my toe into running local llms on my setup but a lot of ollama huggingface llms are mentally inept, does anyone have a ballpark for how much storage/ram i need for my llm to be really effective?
undone fossil
depends on the model
I can recommend this new qwen model atm, they optimized it insanely well
30b on a pi 5
proud moth
they're not worth it unless you have a 3080TI or something maybe even higher, i use QWEN 2.5 Coder on RTX 3060TI and works well
undone fossil
proud moth
but still inferior to online models
muted olive
use 5 kilobytes for your LLM
#toboldlygowherenoonehasgonebefore
vivid flower
I havent tried qwen but i can check it out. Mostly using it to generate code
proud moth
then qwen is perfect
muted olive
I havent tried qwen but i can check it out. Mostly using it to generate code
I haven't run qwen locally but the model itself is good
its better for some tasks
undone fossil
wont be as good as online claude/chatgpt or something but is pretty decent for boilerplate and whatnot
i enjoy it
muted olive
I was trying to solve a problem with chatgpt and it couldnt do it after what felt like 50 different approaches
qwen solved it in one go
but there's other stuff its inferior at
etc
wanton dock
why use a car just walk
vivid flower
why to use AI
Fun mostly and i like to own things
I dont pay for subscription services either
carmine pecan
the peak dog
molten bobcat
ornate ibex
https://youtu.be/YIRugFtqBsM?si=4DqnLxtSGbiUf3Jz @scenic maple
full fable
True 😢
upbeat escarp
hello
chat i have a question
do all the machines use the same config file
for the vpn
or are they all different
maiden minnow
Yeah they do, at least I know for the starting point ones
upbeat escarp
cuz sometimes when i am connected and i finish a lab and i move to the next lab, i cannot find any ports open in the machine and i have to download config file and do everything again
upbeat escarp
Yeah they do, at least I know for the starting point ones
oh alright
upbeat escarp
Yeah they do, at least I know for the starting point ones
VmpKV2MySkRkMmRUVTBKNVdsaE9kMXBYVGpCSlNGSnZXbE5DYkZwdFduWmpibEZuV1ZjMWEwbElVbTlpTTFadVlVaFJkVXhwTkQwPQ==
what is this buddy
molten bobcat
VmpKV2MySkRkMmRUVTBKNVdsaE9kMXBYVGpCSlNGSnZXbE5DYkZwdFduWmpibEZuV1ZjMWEwbElVbTlp...
Screw you and your effort
upbeat tangle
Whats up chat
static pasture
VmpKV2MySkRkMmRUVTBKNVdsaE9kMXBYVGpCSlNGSnZXbE5DYkZwdFduWmpibEZuV1ZjMWEwbElVbTlp...
molten bobcat
I was just translating the base64 lol
static pasture
I want 30 seconds back plz
upbeat escarp
this lab is doing it
i connect to vpn, do one lab and the next one is automatically out of that vpn network
nmap does nothing ping does nothing
everytime i have to reboot my laptop, even changing the vpn config file does nothing
upbeat tangle
Could be that it automaticly switches to another sever on the website
So you dont launch the next box on the same server
upbeat escarp
Could be that it automaticly switches to another sever on the website
if that is the case why does the new box shows nothing on nmap
even with probes
like the probe bypass
upbeat tangle
Because the new box is at another location
upbeat escarp
Because the new box is at another location
so i do have to switch the vpn config
upbeat tangle
no necessarily. if you look closely on the website, sometimes when you launch a new box it will switch to another server
grand holly
i get 2 free vouchers for any CREST exam hmmm what to choose
upbeat escarp
no necessarily. if you look closely on the website, sometimes when you launch a ...
yea it does
but even then it does not show anything on nmap or pong
ping”
upbeat tangle
i dont know how to explain it really, the menu above Target IP shows "Eu free 1" or somewthing
patent obsidian
I want to get into digital forensics does anyone have any tips or could give me a good place to start off as a beginner??
upbeat tangle
sometimes it can swap to "Eu free 2"
upbeat escarp
i dont know how to explain it really, the menu above Target IP shows "Eu free 1"...
yes it shows connected
upbeat tangle
and your vpn is on Eu free 1
molten bobcat
I want to get into digital forensics does anyone have any tips or could give me ...
Htb has sherlocks
carmine pecan
There's two places on Earth:
- Europe (the good place)
- The rest
upbeat escarp
and your vpn is on Eu free 1
OHHH THE MACHINE LOCATION?
patent obsidian
Htb has sherlocks
Oh thats awesome I am going to go check that out thanks
carmine pecan
United Fascisms of America
molten bobcat
No problem, they're pretty similar to my job as a SOC analyst
upbeat tangle
OHHH THE MACHINE LOCATION?
exactly
upbeat tangle
You have to make sure that you launch the next machine on the exact same location as your OpenVPN
sometimes on the sterter zone i noticed it swaps around
molten bobcat
You should be able to swap VPN locations without needing to swap VPN files
There are only 3 VPNs, starting point, labs, and academy
upbeat tangle
Yes but there is different servers
molten bobcat
Yes, those servers determine your latency to the box.
molten bobcat
Yep
upbeat tangle
2 european, 2 from us
molten bobcat
All that does is change your latency
Cuz if you're in the US the US boxes are closer to you physically
upbeat tangle
When i started in the starting zone i had the exact same issue as this guy
upbeat tangle
And it was resolved by choosing the correct server
molten bobcat
There is no "correct server" but!
Swapping servers can sometimes alleviate issues
Due to things not starting correctly on one server but working just fine on another
Make sense?
upbeat tangle
At one point the European one was not working at all, and i had to swap to the US servers to even play
molten bobcat
Yehh it's just
Maintence style issues
They work on the servers a lot to make sure they're starting correctly
Cuz they have to spawn with certain settings or they're not vulnerable
molten bobcat
Yehh
upbeat tangle
luxury servers
molten bobcat
That's the only part that feels a bit pay to win
Hehe
It spawns your own private instance of the box
meager kernel
That's the only part that feels a bit pay to win
also the fact that you have access to all retired content
meager kernel
nice
upbeat tangle
ive had so much fun learning to navigate around the terminal with bash, sql, powershell
bruteforcing, looking for clues in cookies and html
wireshark, burpsuite
you name it
maiden minnow
VmpKV2MySkRkMmRUVTBKNVdsaE9kMXBYVGpCSlNGSnZXbE5DYkZwdFduWmpibEZuV1ZjMWEwbElVbTlp...
Sth fun to do if sb is jobless
wanton dock
⁶🤷⁷
vivid flower
@upbeat tangle hey did you just rank up? Gratz
upbeat tangle
<@153565454839971840> hey did you just rank up? Gratz
no it was last week i think
dont really remember exactly, been deep in thegrind
upbeat tangle
i will try my best
vivid flower
"Babe i wish i was your derivative so i could lie tangent to your curves"
vivid flower
you guys seen chess rizz ?
Post it
carmine pecan
He's asking GPT isn't him
vivid flower
Lol
vivid flower
@nimble tundra check your dm
carmine pecan
its never too late my friend
quasi ridge
vivid flower
Gm gushu
nimble tundra
<@1071358672342626324> check your dm
did 💀
tidal briar
hello, is anyone here from the Dutch country..?
vivid flower
hello, is anyone here from the Dutch country..?
I lived there for a few years. @hoary nebula is in belgium
tidal briar
I lived there for a few years. <@171587211244994560> is in belgium
you studied in nl bro?
vivid flower
Yep
vivid flower
I did my oscp there
tidal briar
I did my oscp there
oh
vivid flower
Used to live in coevorden
tidal briar
i mean you studied only oscp there? or studied in any college?
zealous charm
pls no ping
hoary nebula
whomst haveth summoned me
vivid flower
whomst haveth summoned me
Where'd your rank go
hoary nebula
idk, they deleted it
molten bobcat
Mornin zap
deft bay
My doctor has a death note on their desk 
molten bobcat
tidal briar
thanks mates if they accept my friend request i'll text em
vivid flower
Lots of dutch around
tidal briar
Lots of dutch around
indeed
molten bobcat
Morning anxiety wasn't super bad today
zealous charm
hack the dutch government and all you get is a lousy tshirt
molten bobcat
Yeehaw
vivid flower
Frosto isnt actually dutch is he?
tidal briar
i'm planning to do my masters overthere so asked..
vivid flower
Go to groningen
molten bobcat
deft bay
Go to groningen
no
deft bay
Randstad is all of the Netherlands
molten bobcat
Up, not out?
vivid flower
You dont like groningen? I think its comfy
muted olive
hack the dutch government and all you get is a lousy tshirt
hack the dutch tax administration and all you get is a lousy trophy
deft bay
You dont like groningen? I think its comfy
Too many earth quakes
vivid flower
I wish i lived in castricum
molten bobcat
vernal wave
vivid flower
Also really liked noordwijk when i visited
native plume
idk, they deleted it
Unlink and relink your discord account
molten bobcat
carmine pecan
Next box is going to be Linux
not Windows
and like...
I need therapy now because of this
meager kernel
@hoary nebulawelcome back
muted olive
hello chat
azure remnant
Larry, i told you to not perform these excersies in the house
fiery copper
Larry
subtle plover
Guys dont ping @lilac cipher he will get mad and cry
rose onyx
Guys dont ping <@665125555166904320> he will get mad and cry
Who is @lilac cipher
fiery copper
Guys dont ping <@665125555166904320> he will get mad and cry
Ok Bing Bang we will not ping evil paltaz @lilac cipher
subtle plover
Who is <@665125555166904320>
Melon
muted olive
@lilac cipher
subtle plover
Who dat? <:Kappa:895274655978487878>
Its a random
rose onyx
Oh like an NPC?
subtle plover
Oh like an NPC?
Nah more like a random player no one knows
sturdy thistle
@austere sinew how was your driving lesson
muted olive
Oh like an NPC?
yes he is national productivity council
molten bobcat
subtle plover
muted olive
I wonder if cyberbullying is really a thing
west venture
Have you experienced the average cod voice chat?
silver forge
ehh cod voice chat is tame
west venture
ehh cod voice chat is tame
It's 95% racial slurs you think that's tame?
muted olive
Playing video games which has a voice chat is a hard no for me tbh
west venture
VC is fun sometimes
muted olive
I played PUBG like once and it sucked
I like kiddie games or individual quest kind of games
west venture
Look
silver forge
It's 95% racial slurs you think that's tame?
it's just meaningless yapping without any real connection. it is easy to come up with much more blistering insults.
silver forge
and if words hurt you, you are in for a wild ride in the ww3 and trying to survive in the apocalyptic wasteland that follows
wanton dock
i get addicted to video games, esp pvp
i try to stay away from them for that reason
istg video games can be more addictive than drugs
silver forge
yeah I try to avoid chess. that shit is VILE.
wanton dock
i aint any good at chess lol
i used to play a lot of rblx games admittedly, but since i was like 10 years old, so the reward pathways are pretty deep engrained
the thing about those games is that they're designed to be as addictive and simple as possible most of the time in my experience
there's 'good' games but i js have a problem
silver forge
I am downloading Dying Light 2 because if I recall correctly that game looks pretty
wanton dock
zombie games still scare me xd
used to be terrified of that shit when i was younger, now it's just off-putting
silver forge
Only night time in that game gets wild.. Daytime it's like puppy day care
upbeat escarp
Sth fun to do if sb is jobless
lmao
silver forge
Night time you get hunted
wanton dock
i used to really enjoy dead rising 2
upbeat escarp
"Machine is spawning. Please stand by..."
stuck on this for like the last 20 minutes, what do i do?
wanton dock
"Machine is spawning. Please stand by..."
stuck on this for like the last 20 mi...
tbh i'd just wait but you can contact support if you want
silver forge
"Machine is spawning. Please stand by..."
stuck on this for like the last 20 mi...
try stomping your foot, and maybe hitting your desk
upbeat escarp
try stomping your foot, and maybe hitting your desk
i have broken my foot and i dont have a desk anymore
so yea i think i have alr tried those solutions
silver forge
you could also try licking the screen
silver forge
wanton dock
how do i sell my soul to the devil
molten bobcat
chrome tree
how do i sell my soul to the devil
You have to start with the right attitude
molten bobcat
Fallout New Vegas runs at the steam decks resolution natively!
fiery copper
how do i sell my soul to the devil
Work in HR
fiery copper
wish i got a steam deck instead of a nintendo switch oled
I wish I had any of those
wanton dock
the nintendo switch is only good for zelda trust
otherwise it's all fuckshit games imo
splatoon
fiery copper
the nintendo switch is only good for zelda trust
Bro is soo bald he paid someone to draw him with hair
fiery copper
Ow
wanton dock
and photoshop
untold fiber
Some people would throw stones at u cuz u used AI
yeah and some people drink paint
fiery copper
yeah and some people drink paint
The ones that drink paint are smarter doe
wanton dock
imo ranting and raving against ai is akin to believing we should stop driving cars because of carbon emissions
but i don't rlly want to converse
abt that topic
silver forge
if you become fat enough you can just roll anywhere you want
untold fiber
if you become fat enough you can just roll anywhere you want
this
this is the high quality discourse
that I come to gen chat for
upbeat escarp
lmao
untold fiber
I feel like you'd have to be a combination of large muscle mass and fat
upbeat escarp
I feel like you'd have to be a combination of large muscle mass and fat
like a water balloon
untold fiber
if you were mostly fat you would be to amorphous, like a blob, and deform
you need some structure
silver forge
or duct tape
fiery copper
if you were mostly fat you would be to amorphous, like a blob, and deform
I know someone that used to be that fat before
broken wraith
hi
proud moth
@undone fossil finding main automatically in the "-s -static -m32" case sounds literally impossible RIP
i did manage to automate 64 bit both static / stripped it seems
civic lance
Chat........
proud moth
in both cases there's always a lea / mov in edi/rdi that objdump resolves
civic lance
You finna watch an ad for every message u send now
silver forge
why do you think anyone invested into developing this
civic lance
Wanna join VC, gotta watch an ad
civic lance
Discord Nitro price hike finna go brrrrrrrrrrrrrrr
proud moth
aw shit that's gonna be bad
civic lance
Want to make a server? you need discord nitro
rapid badger
What money is there to make from a social media app........
Ur data dum dum, not to mention ads and nitros
civic lance
Ur data dum dum, not to mention ads and nitros
No shit
I'm just saying a company like discord doesnt need to go public.....
wanton dock
would be nice if people just decided to use different messaging clients, like maybe matrix-based
muted olive
and if words hurt you, you are in for a wild ride in the ww3 and trying to survi...
Crossing off another WW3 doomsday post. I think that's the third one I saw today
rapid badger
I'm just saying a company like discord doesnt need to go public.....
Nah its perfect. Get everybody on nitro, raise valuation, IPO get a fat chunk of cash and let it die. By thr book
civic lance
Discord finna run itself into the ground trying to increase its revenue
They just finna have a shitty platform in the long run
austere sinew
@alpine pumice @green kite @sturdy thistle tell ryan to stop eating my twizzlers
austere sinew
@untold fiber
silver forge
bruh, discord has been running on venture capital for the last 5 years already. going public doesn't change anything anymore.
it has never been a boy scouts club
wanton dock
lmao
wanton dock
basically from the looks of it yeah
wanton dock
nice
molten bobcat
Work is trying out a new queue that's just "oops, all threat hunts!"
wanton dock
im gonna try a hard box today i think or do academy
muted olive
Work is trying out a new queue that's just "oops, all threat hunts!"
actively hunting someone who you have reason to believe is targeting you or will do so in the future or
new breach news dropped and routine info collection?
meager kernel
I wonder if cyberbullying is really a thing
its not
just switch off your device if someone is bullying you
done
the block button also exist
muted olive
just switch off your device if someone is bullying you
ikr?
idk, if someone tried to bully me online I would laugh
meager kernel
tbh if youre getting hurt by someone who lives a million miles away from you and would never meet you
its a you problem
muted olive
besides imo, feeling significantly hurt over a random person's meaningless words on the internet is like having the mental fortitude of a rotten peach
like I wouldn't care about that topic but I see anti cyberbullying slogans everywhere and wonder why
especially targeted towards middle schoolers
supple plume
tbh if youre getting hurt by someone who lives a million miles away from you and...
vro the earth is 24,901 miles long
muted olive
being exposed to the internet at that age in itself is sort of questionable tbh
meager kernel
being exposed to the internet at that age in itself is sort of questionable tbh
its the fault of the parents
wanton dock
someone in high school found my family's phone numbers and started texting them harassing shit so i just did something worse back
dude wouldn't even look at me
muted olive
mostly yeah
muted olive
someone in high school found my family's phone numbers and started texting them ...
define something worse
wanton dock
idk if i can disclose
silver forge
well, Eric Cartman made the other kid eat his own parents in chili. that's worse than random words on the internets.
true story, I watched a documentary about it
molten bobcat
And then Radiohead called him a crybaby
