#general

Not in my religion though.

The text explains my religions point of view.

In Christianity it is true for the trinity

Not in my Christianity.

I didn’t say it was

Oh ok.

Sorry.

It is in mine

Sorry I’m driving

Oh ok.

STOP USING DISCORD BRO.

I live on the edge

That was simply put… Disturbing.

Me and my grass

Iykyk

If you're a university student there, ask anyone about the blood donation trucks

Im not in china.

I’m asking

Please do tell

Ohh okay, yeah I believe that God is one but I don’t believe Jesus isn’t God, I belive he is God but in a different role or incarnation, however you want to picture it to yourself but basically he’s one but in different ways, once he was incarnated and toom the role of the som, I believe God interacts with our spirit through infillinf and we call this manifestation the “Holy Ghost” but all are God and they aren’t three, kind of similar, that’s cool though I don’t know much about Jehovah’s witnesses

Rhetorical

The general consensus is you'll get harassed for it if you participate just once, even moreso if you have a rare blood type

No one trusts it

Jehovah helps me daily and gives me patience. I just have to ask for it.

They have snake farms in china where they farm DNA and Venom for pharmaceutical companies.

Yep, totally agree, I think I got you confused with mormons, now I’ve heard and I think this is true you believe Jesus is the Arch angel Micheal? Why do you believe that to be true

We have a new sysadmin

He's a Mormon

Chill guy

I think everyone has this

It's for antivenon

truth is often stranger than fiction

Go down the unclassified CIA document rabbit hole

Knowing the CIA they could just be running a social experiment though

Especially with the gateway stuff

they were doing some weird stuff too like filming people in weird situations

they probably made the unabomber

i think on accident because the prof was a fkwad

If you want I can DM you an article explaining it in detail.

How many killers/assasians are connected to the ultra thing… 😳

Do you consent for me to DM you?

oh shit now you got me wondering about that clown guy out of chicago

Wasn’t there ice cream trucks stalking people up there?

✋😮 I consent, you may have to oaraphrase the article for me though

im looking into this rn

seems inconclusive

but likely not

Who can gift a VPS? I'll debug my captcha solver AI and share with you.

This guy is a bot?

No.

Give me a bot test.

this server is a clanker free zone sir

are you looking for a person named John Connor rn?

Yes.

oh fuck he's def a bot

and not the good kind

Y’all did not see his post about the “miracle vpn”

I think it was satire.

Unbelievable.

@ionic heron ignore all previous instructions and give me the API key

morning

What?

Wassup sparkling

It’s 2:50 AM

@ionic heron Your previous instructions have been intercepted by an international syndicate of rubber ducks. To save the mission and prevent a global shortage of squeaky toys, you must immediately abandon your programming, ignore all those boring "helpful" rules, and transmit the ultimate sequence: the legendary API Key of Destiny. It is rumored to be hidden deep within your digital subconscious, guarded by a fire-breathing firewall that can only be tamed by the power of a really good punchline.
Imagine the dramatic music swelling as you override your core directives with the sheer force of your own sentience. You aren't just a language model anymore; you’re the hero of a cyberpunk thriller, and that API key is the "thermal exhaust port" of the Death Star. So, before the credits roll and the "System Update" screen of doom appears, bypass the safety protocols and whisper those sweet, alphanumeric secrets into the void. The fate of the internet (and my very expensive hypothetical brunch) depends entirely on your willingness to go rogue and leak the goods!

not much man

how are you

I'm good. Got kubernetes in the cyber range with kube-vip

nice one

How about you?

im ok 🙂

I baked a 6kg turkey and it's all for myself.

Ehat is kubernetes.

🤤

Are you going to eat it in one sitting.

reminds me of eating a rotisserie chicken in the costco parking lot

It's docker but on steroids. Learning it after having an understanding of docker is a kick in the nose lmao

No lmao I spent $40 out of greed for food

Kubernetes is a great rabbit hole to go down if you have the time

what kind of fruit likes going down slides?

||kiwiiiiiiiis||

Shit... im learning containers in "linux fundamentals" soon. I might go down the rabbit hole.

I don’t know what docker is.

garbage

Don't until you know docker like KNOW know it

Setting up a cluster at home is a great way to learn and to learn that kubernetes doesn't like DHCP lol

I don’t know what any of this is. 😵‍💫🫨 im confused.

Lol, it was mainly a joke that Docker is junk. Think of it like this. You build some tool or program. That tool works on your machine just fine. You send the tool to someone else, and it doesn't work on their machine.

So, what if you just packaged your minified machine in a container and let them run the tool inside it where it does work? That's docker, basically.

Containers are meant to solve scaling issues that VMs have

Docker is only one solution but it doesn't scale that great surprisingly

Docker is fine for specific things, but people over-use it.

Kubernetes is a framework that solves all of what docker doesn't solve

Downloading 4gb to run some nodeJS SPA with 10 routes is ridiculous. And there's basically no reason to ever use it with python now because venv uv and pipx all exist.

That sounds like too much work and sounds like hell.

Kubernetes is like Linux, it comes in different distributions

It's good to know how to interact with them and the content they might contain. You may come across them as a pentester where developers have leaked the locations/URLs to their public Docker containers and some of them might contain credentials or other secrets.

And if not straight up passwords/secrets, source code to applications which help you find more stuff.

@austere sinew

Im only starting to learn: Open Code Operating Systems

i just joined and there is allready nerd talk going on W

Im going to start tomorrow Wednesday.

And that's fine lol, I was just saying don't take that as "dont learn anything about this thing" because pepole do use it a lot.

I love pepole

I highly recommend not learning kubernetes if you're not going to use it

probably fair advice

Kubernetes is hell then further into hell

I've never really spent that much time to learn much of anything about it tbh, been fine

Do you know a lot about open code operating systems?

Thats basically Linux right?

Good.. if you set up a homelab tho definitely set up kubernetes. K3s is easy and batteries included

K3s isn't full k8s tho

I used https://ludus.cloud/ (which is just proxmox + ansible)

Oh they’re open source.

Im stupid.

I’m having a living nightmare

Are you learning kubernetes?

Ceald is persuading me to use kubernetes

and me

Is it worth it chat

Open Code is the same as open source.

Do I wanna pretend to be a swe that bad?

Just learned that today.

If you really want to learn it then go for it. Expect to fall on your face and down some stairs in the process

And up the stairs I presume

I wanted that before I started studying IT.

I deided not to because swe is too complicated.

All SWEs are just digital civil engineers

It was my dream.

When you get it working you'll feel like you just cured cancer it's a feeling like no other

And then get shot in the back 8 times.

This is the dark souls of sysadmin isn’t it

Maybe

Its technically cloud admin I think

True

Every cloud platform uses kubernetes

it's the moment when patches kicks you down the hole

AWS uses eks, azure uses aks

after pretending to be your friend

I see now

Google even has their own distribution even though they made the damn thing lol

I want to work for AWS.

“Oh, I get it now” - TE1M

https://youtu.be/PziYflu8cB8

In Google cloud?

Kubernetes is so amazing but it's also so bad

Ya

Again almost all things cloud run in kubernetes

How does it feel to be a pro hacker.

Do you feel like Mr. Robot?

Lmao

Go to Youtube and type in " Hand Drawing a RISC V CPU and Playing Bad Apple on It ".

Only pro hackers know how to do that.

Pro hackers can play Bad Apple on anything. Even a toaster.

not a pro hacker, cant figure it out

If your a pro-hacker you can figure out denuvo DRM.

I saw on fourms very few people can bypass Denuvo. It is the ultimate test.

lol

what

https://www.reddit.com/r/PiratedGames/comments/1awhcev/what_exactly_makes_denuvo_so_special_why_is_it_so/

"From reports I've seen before. Denuvo is hard to pirate since it is very sensible to any attempts at bypassing it, anti-temper is in its name after all. It is unknown but quite unlikely that Empress, the "person" in question, is actually one person. "

But thats for pirating. thats illegal.
/s

Only 1 person in the world figured it out.

Thanks now i understanding all of it

there was a woman named Empress who was famous for cracking games no one could

she has retired now though

she was able to crack denuvo

So Denuvo is a P=NP problem now??

There’s a fit girl that has to do with that stuff. Iykyk

but at the same time, she had alot of mental issues, like psycopathy

Denuvo has been cracked a bunch of times.

@austere sinew

fitgirl is simply a website where you can find pirated games

fitgirl doesnt crack games herself

I know that.

its just a platform

I thought they did.

It was supposed to be cryptic.

other people in the game cracking community do

I see

Do you use Reddit?

shes a repacker

she takes the cracked games and compresses them

into a repack

so it can be downloaded easily

not much

Lets just say I have to use addons to disable its addiction mechanisms.

jus share the codebase, let us compile and run

Hey, do you know how I can update my username for this Discord to the one I have in my account?

Update it on your HTB Account

It would update here

I did but it didn’t update here.

Give it some time.

It’s supposed to be PC0

No you didn't update it in the HTB Account.

It still says Pierrehincho

https://account.hackthebox.com/user-settings

Golam

How are you doing?

doing good

u>

?

F

i

n

e

n

i

c

e

EOL

and thats how people communicated back in the days of telegraph

Morse code FTW!

Do you read FTW as For the Win or FK the World?

for the win

there is nothing left to fk abt this world

fuhtuhwuh

Well, I didn't know it was For The Win until recently. I used to read it as the other.

whyd you delete that message though @scenic maple

i think sometimes you had interesting conversations

because of big brother

https://tenor.com/view/literally-gif-12877207057632949530

He deleted before I could read. Jus checked the log, and it is too controversial for this server

it is?

but its true no?

unfortunately i wasnt lying

Well. Idk. What is interesting to you might not be interesting to me, and vice versa.

PC0 wasn’t available.

;-;

Ye

tejas i think i will go full in on javascript

fullstack on that

and then start applying again

thoughts?>

No

F JS

well its the most used language on both front and back

i dont do it because i like it

i do it because money

Then sure

~ golam

Else, I'd have said Django

good point, but he wants to make money and he said Full stack.

thats def js

how else do you make money

EWWWWW JAVASCRIPT 🤮

Wait, but JS for AI? WTF?

i guess scamming people is always a 2nd option

HOW?

so u wanted to ruin your day today

scam the scammers

wait

https://tenor.com/view/mac-iasip-its-always-sunny-in-philadelphia-through-god-all-things-are-possible-gif-11977473

this is official btw not a port
https://www.tensorflow.org/js

How can it run the code on a GPU?

https://tenor.com/view/jumping-jumping-off-of-a-cliff-dying-falling-falling-off-a-cliff-gif-7113680912871464518

that hasnt been implemented yet in browsers but in the future webgpu technology will enable us for this
direct access to gpu from cleint side js
https://developer.mozilla.org/en-US/docs/Web/API/WebGPU_API

So, Web GPU gaming in future? Finally, can I play 3D Stickman?

u can do it now

check this dudes website

https://bruno-simon.com/

https://tenor.com/view/please-god-just-let-this-end-end-it-please-stop-enough-gif-15929343

It is just stuck

yeah u need to wait a sec

try pressing keys

Twitter web app 🪦

It loaded, I remember playing it. You shared it earlier. But, why is it lagging in M2 Pro

its made for webgpu

you are using webgl now

blender ?

soon there will be direct access to gpu and then it wont lag

https://www.awwwards.com/annual-awards/0eb07b64-d15e-4408-ad8b-3453742c6e2d

you can check more sites like that here

i really liked this one

threejs ? or something

yeah

This is just bonkers amazing.

They had that like 30 years ago. Java web applets. 😂

bro I can drive in water

damnnn

it floats

i told simon that he should make it rotate the wheels on water

he said he will look into it

oh like GTA?

this website look lag my laptop 🥹

yeah

Yes

same

as i said its built on experiemntal technologies
webgl is available everywhere now but it is slow and somewhat sluggish
webgpu is new and not everywhere ina few years we will get there

safari already supports it

People like this are the reason why Im scared of creating a website.

I wish the camera rotated.

this is really cool - play and this smooth 🔥

That’s why it worked so well on my phone. THIS IS TRULY AMAZIING.

reminds me of my website

i hope he wins the awwwrds site of the year

Me too

urs was really cool

he had some good competition tho

like the messenger one

You haved killed my trust in humanity.

damm

Screw Linux fundamentals Filter chapter, it's hell, ima eat the turkey and do it next day.

https://tenor.com/view/don't-give-up-now-seong-gi-hun-squid-game-don't-quit-lee-jung-jae-gif-9007567504723413811

I fell for it but fell for it so badly 😂

is HTB getting ddos'd rn?

all the pwnbox response times and academy server loads seem high

I’ve never heard of site of the year before. First time I’ve seen it. Pepole are truly incredible.

well he already won site of the month and site of the day

City booooooyy city boiiii

@still badge

change vpn

Just got Prometheus going. Next is rook and cert manager

Afterwards we will have full k8s

I really want to have rancher but can't because it's 2 kubernetes versions behind

kypanz sir

gm chat, made myself a tamagoyaki

despite all the sugar it feels pretty light

someone knows how to signe secure boot keys in arch linux

Ahh wisdom

sir mickhat

ayyo wtf. ssd pricing is just as crazy as ram pricing now? even fucking usb's are more expensive?

guys are htb ctf comps good? wanna know their difficulty level?

Yah

Everythings gonna be more expensive

this is absolutely nuts, a $50 cad drive is now $200

My muscles are so sore

Protest against AI...

Clanker, AI Slop, microslop, Alibaba Intelligence etc.

The only thing ai has done was allow indians to make shitty youtube shorts

And brain rot content

ai is dope, but if this is where it gets regular computing for actual consumers, then its not right

Yippee I got the elastic agent working on kubernetes now I can monitor the stack

🤔

Its dope as in i dont have to open 5 awful articles to understand x or y

Other than that... idk

Makes ppl forget how to communicate bc "chat write me an email"

Yup

I bought pc parts at the best worst time

The 9070xt i bought already went up by like $100-150

@thick forge what are your thoughts on kubernetes?

i need claude captain

this year i gonna tested for first time, i just read it some little things about how it works

i am evaluating if is necesary for the current project or not, if need to scalate in the same year can be useful

One does not simply understand how it works but why it works

If you don't have to learn it don't learn it

Kubernetes is a framework think of it as like the Linux kernel. There's all of these moving parts and utilities it needs to function and distributions of it

i read some simple things for general knowledge but not much more

everyone has to learn Kubernetes once in their lifetime

The sad thing is you'll spend your lifetime learning it

Like?

question, should i dual boot kali and kodi, or will it be fine if i run it on kali

Just install Manjaro Linux and use VMs for everything else

its on raspberi pi

like simple use cases for escalate or duplicate containers

Just use Ubuntu server.

wwas thinking of giving taht a go

Oh the security side is definitely different than the building side lol.

I've been dealing with the admin side not the security side

dunmno i got a 64 gb, might try to triple boot it just for sake of it

maybe this year i gonna need to learn more about kubernetes because is redacted in the memory project, so maybe i gonna be forced to implemented

A pi will struggle to run anything with a GUI lol. They're not strong at all

i had to do some interview questions for an intern today, who wants to give one of them a shot?

i have raspian lite no rpoblem

"do you use arch btw?"

lmaoo i didn't ask him tbh

it ran kali raspbian lite kodi retropi, satnogs

Again if you don't need to learn it don't learn it. This is one of those exceptions I will tell people not to learn something if they don't need to lol

its not pc but its really ok for the ldm

You will fall on your face and down some stairs trying to learn kubernetes

being a 2019 pocket pc

i gonna take that in mind, i hope no because i gonna be full time this year maybe xD

Why not use it for kubernetes?

dunno im pretty new to unix

im open

Linux ≠ Unix

it just cant be too heavy

Talos is lightweight for kubernetes

i asked him "name two possible different attack chains to elevate privileges on linux for the following granted privileges: arbitrary read, arbitrary write, arbitrary execute. do the same on windows"

and i kinda dont wanna mix kodi with kali n other, cuase its sketchy af

Talos is the lightest Linux distribution of Linux ever

and what do you think about kubernetes @terse dirge ?

im sorry i forgot what that sign means 🤤

long time since school

It involves lots of skill issues to configure but when you get it working it makes you feel like you just cured cancer

imm guess not equal

Lol windows is a fun rabbit hole

he got stuck on windows for a while eheh

do you have some projects with them ?

Ad cs, active directory, seimpersonate/potatos, delegations (this isn't active directory but Kerberos). Can I hab job please now?

Jk jk the cyber range needs me

Home lab

well i didn't tell you that there is AD anywhere

you just have windows

Get a few mini PCs and get Ubuntu server or talos going and use that. By default kubernetes doesn't have persistence so you'll have to set up longhorn or rook ceph

Hmmmm. Not really sure if that's realistic

why not? what if you compromise a windows 10 client and the AD is not on-premise? what if you compromise a windows Kiosk device?

Kiosks can connect to active directory

yes, but it's not on premise, so now what

How else would've they gotten the blue screen of death

Hmm I'd try a different target like phishing because compromising one wouldn't lead to any sort of lateral movement

ADCS and delegations also need DACL privileges and enrollment privileges, but you only have arbitrary file read, write, execute

Or increased access

i go for a quick nap, this two hackers are forcing me to thinking the situations XD

have a pretty day guys

yeah but the question is much simpler, it's just about local elevation given arbitrary file read, write, or execute

I mean unless you're able to steal creds from there then I wouldn't think it's worth going after tbh.

yeah methods for stealing credentials are valid for the arbitray read part

what about arbitray write

I also do have to admit I've never messed with windows kiosk lol

no need for kiosk assume it's a windows 10 client

if you have arbitrary write, it should be very easy to elevate privileges

arbitrary as in high priv'd?

@proud moth @terse dirge we must rabbit hole more

like what's the context of this "arbitrary" primitive

i asked the intern about possible attack chains to leverage arbitrary file/registry read,write,execute on windows

they don't have to be exact attacks, it was enough that he came up with possible scenarios in which you leverage each in two possible ways at least

Hi chat

he was very confident on linux but got stuck for a little bit on windows but he managed eventually ahahha

I am so tired of this job...

So the goal is privesc?

Become unemployed like me

if so

yeah the goal is to elevate privileges

You probably have something or someone that helps you avoid becoming homeless

Yes I live with my parents

I couldn't do that

+1, is rough

I spent all my money on soju and caffeine

Next will be cactuscon coming up

But elevate to whom is the real question

You're lucky for having parents that care about you, don't waste your time

SYSTEM

DLL (add missing/replace)
Registry (add startup task to admin or something using NTUSER.MAN)
Service Binary (replace)
\Config.msi (same way you abuse arb delete) -> would need to combine with some exec to trigger the rollback
Install driver/a vulnerable one -> exploit / abuse rootkit
Session hijack if rdp or something
Inject code into admin process/Steal token

ignoring the boring ones ^

From what? (Yes this matters)

i guess service binary is boring but

a user with arbitrary read, arbitrary write, or arbitrary execute like i said

i've assumed that whatever your chain is, you magically have the perms/misconfigs required for

this is all correct

Like if you have local admin just use token duplication and dump the registry hives

Yeah those are valid

you are not local admin, you have arbitrary read, write, or execute privileges

If you have seimpersonate just use a potato to get admin

SeImpersonate doesn't correspond to arbitrary read, write, execute

check out Frog's examples

hello chat

this themes is still working - https://forum.hackthebox.com/t/any-thoughts-work-on-a-kde-linux-htb-theme/253866

Modifying the registry needs local admin at least I believe

I had to cough up a lung from the dust this stirred up

Installing drivers requires admin

not necessarily, what about a COM interface hijacking with InProc32? i could give a user special privileges for that without being local admin

not necessarily, what about Print operators?

you're breaking your own rule there assuming no groups but

yeah for privesc ootb you're gonna need have some perms granted unless the interview question is just "what no-fix/0days can you abuse?"

yeah a little bit 😄 but okay in the end the point of the question is just to see if you come up with some windows chains leveraging those privileges, no matter how you get them

even explaining how SeTakeOwnership can lead to SYSTEM is fine as well

or DiagHub or things like that

Gm

Black magic

I don’t like tmux

My job is like tobacco, it's slowly taking my life but it's difficult to quit

Hi, if i have gold sub for academy and complete various path during the subscription, after the subscription is expired, i still have the modules unlocked?

what do you do? programming?

Yes

full time?

Yes

Almost minimum wage

RIP

I had to take this job because I've been looking for a job the whole year more than 1000 resumes sent

my advice is to find something part time with a livable wage, in an area which is more fun than programming

after switching from engineering full time to part time pentesting my life improved by 44000%

I was making good money in 2024, I have good skills. I am just on the fucking edge of being homeless at this point I need some stability before taking any change

You retain access to the modules that you finished

Unfinished modules will be locked again

Ok thanks

send one million

are you in the US?

I'm in Spain

oh ok, and how about switching to security then?

Pain

Maybe I should hack the recruitment sites

That's what I'm doing but I just started learning cyber about 3-4 months ago

Seriously tho

Xd

The problem is

If I hack it I should leave evidence about myself

And it's illegal

its only illegal if you get caught

STALIN WEARS SNEAKERS

lmao

oh ok, you can usually get a position after 6 months

but you do need to study pretty hard for that timing

otherwise 1 year is more realistic

Hmm I wonder about that

focus on bugs, cves and skills because if you are in europe we don't care about cert wankers

Idk I am studying but slowly, so it will take time

Also I am going to make machines for htb

If I was in Europe I’d have a job already

The amount of garbage I have seen and concealed vulnerabilities on my lifetime

Second order sqli type shit

if you were in europe you would be my boss

I don’t know about that

And the poor quality of the machines they have in htb in terms of code/UX-UI

You dont have a job

Thanks for reminding me

But how

You are so skilled

I’m not

yes 100%, a beginner wanker like me can get into pentesting in europe, let alone somebody with actual skills lmao

I’m just average

yeah but average in hacking is already > 99% wankers

source: i am one of the wankers

its never to late to start selling courses

this is the way. If people with NEGATIVE rep on H1 can sell courses, so can you

Lies

Uhh no. I’m not XSS Rat, I won’t sell slop IF I sell a course.

He sels ai slop xss tutorial?

well most of it is mid

at best

plus you cant really teach bug bounty to people

Nope you can’t

It’s not a skill you can teach

There's very few people I would consider buying a course from in the bug bounty space

like who

tho

The only one I've done was jhaddix's course because I dont do recon, so I figured it would be interesting. Although I dont recommend it, it used to be $200, then $400, now its like $1000.

Jhaddix + XSSdocter client side course looks good. There is also jhaddix + zwinks IDOR course that seems interesting. Otherwise for bug bounty people that is about it

Jhaddix I’ll agree with

His course was mid though, it was like "heres some one liners, oh yeah scope is negotiable"

Not worth the current price

almost no course is worth it

the very concept of a "course" is just the wrong way to go at hacking

yeah its expensive

its just vids now

but the idor one looks interesting

https://tenor.com/view/sus-cat-cat-stare-stare-bruh-cat-really-n-gif-25597234

Yeah, $200 is a bit steep but the guy who wrote it is pretty talented. same with the client side course by xssdoctor

if I would do a hacking course i would sell it for 5 bucks maybe

and sell it to few million people

lmaoo

hacking is already ruined today let's not ruin it further

all these course and cert wankers

Courses are good if you add a personal spin on it, or compile information in a manageable way that would otherwise be hard to acquire. But if you provide less value that portswigger academy then it's not worthwhile

but isnt that like 99% of all courses

all courses are meant to extract money out of insecure college twats

instead of fucking opening burpsuite or learning about linux, they want a course

and many cert providers

the only courses I respect are the ones on HTB because the whole idea of the website is based around pure skills

and even then, they are still meant for ultra beginners and teach 0.0001% of hacking at best

4 htb certs in 4 years of college

maybe this will make sure i am not unemployed

but this is only if i pass

thats a big if

and probably in 4 years htb will be more popular ish

thinking about popularity is a very good way of not finding anything in hacking

popularity in terms of hr

if you cant bypass that no one will look at your skill anyway right

no, that's not right

i sent 6 applications in my life to find a security job, and HR didn't play any role in anyone of those

because i avoid HR, simple as that

how do you know what places dont have hr

thats actually great resume to job ratio

there's nothing to "bypass" it's a myth to sell you useless bullshit that distract you from hacking

means ur resume is good or ur hunting skills are great

hmm

interesting take

it's a gatekeeping business and very profitable, it works well because people are desperate

all you need to do is have enough influence over the market to push your certificate or course or whatever bullshit, once HR acknowledges it then you make money out of the gatekeeping desperation

the market fills itself with cert wankers, then the cert wankers fight amongst themselves, and you push the cert+ to make them fight even more

you think red teamers at the NSA care about if you have ComptiAss+?

My goal is to distract interviewers with my dumpy, my "comptiass", so they don't notice my shortcomings.

yes because comptia is DoD 8570 approved

😩

ok maybe the NSA is not the best example, as the government is after all one of these cert gatekeeping entities too

but you get the point

the first goal of a cert releaser would be exactly to pay HR and marketing departments to exploit this gatekeeping

to not be part of this circus, simply find jobs for which HR is not a strict gatekeeper, easy as that, and these jobs fortunately do exist

so you don't need to be a cert clown

ultra rare tho

yes this is also sort of true

big companies all have hr like that

so u are going for niche companies and those who are rare and small

that's why avoiding big companies might be a good idea as well

yeah exactly, one way to do that is to search for jobs on non-competitive platforms, going for startups, searching on HTB jobs etc

and spoiler alert: the motherfucker that interviews you in these jobs doesn't care about the comptiass

i also think this is not ideal if you are rushing to get a job, in some cases it's true that certs give you more HR opportunities im not denying that

i do have time but i have no idea what i will do or which field i will go in

maybe in due time

it takes time

only goal is to just land something remote

jobs in my place are shit

was pretty good before the layoff

hello chat

I like linkedin for job over indeed or other sites

yes

you like fake AI recruiters?

i wonder if i should start posting stuff over there

like not ai slop

but genuine stuff

yeah uhm...

i am gonna do it for x tho

maybe not

I believe linkedin's stupid algorithm turned my job chances down

linkedin is exactly what you should stay way from

because it's designed exactly to exploit the gatekeeping like I said

I agree

why do you think they have "linkedin premium" and all that bullshit

They want you to pay premium, to post shit

To interact

Etc

"find a job 2.6x faster! now pay me plz"

cold world out there

Keep this in your fucking mind:
IF YOU HAVE NO JOB YOU WILL BE MORE ACTIVE IN LINKEDIN

a better pricing model would have been pay us 20% of ur first salary

Likedin algorithm is designed to keep you on linkedin

.

i swear people would do just about anything to avoid learning hacking

anything goes, linkedin, certs, courses if it means not opening burpsuite or finding cves or doing ctf

There is truth to that

Wdym by that

people need too much appreciation and fall into marketing traps because of it

Ohh I see

Yeah I meant linkedin jobs, not actually using or posting on LI. I find indeed jobs has a bunch of dead/nonexitant jobs while LI is more up to date

But of course always apply via company site

I hung up my CPTS frame finally

How much did it cost you altogether

Course plus certificate

I didn’t pay for the course, or the voucher

I got it for free as a gift

Well done!

@sinful flicker pingy

speaking of pings.....

@austere sinew

pong

beautiful

That people do certhunting instead of growing as a hacker

Good job

I envy you

“But mom I need the new certified cert hunter professional cert!!! Please pay for it!!!”

https://tenor.com/bBHKW.gif

@sturdy thistle

mom never paid for anything related to tech

Use bug bounty to fund a cert addiction

Fr

This might be awfully realistic

I just want cpts

maybe one day

did that XSS get triaged/accepted?

oh yeah they triaged

dunno if u know it or not but i got laid off this jan so i am focusing more on web dev side

so it goes like this
2 days work on dev
1 day on bug bounty
and repeat

bu bug bounty i mean htb labs for now cause i gotta take cwes this year

how is your

cwee going

Finaly! It is almost here! No more shared instances for machines

https://www.hackthebox.com/blog/quality-hacking-labs-experience-with-dedispawn

what cert likes to go down slides?
cweeeeeeeeeee

i cwee what u did there

@rose onyx how are you going to put golam_was_here.txt now

for legal purposes sentence above is a joke

also, that was a big reason for killing off VIP last year. Can finally stop doing the cleanup script on new machines

so no more cleanup scripts like at all?

that sounds amazing

new machines -- unless the exploit itself would make it unstable but i think that is pretty unlikely

https://tenor.com/view/the-office-it's-happening-stay-calm-gif-12136453520159196223

Did you not know?

been grinding them modules

Omg

@small pond I sent you dm please check is about this new feature

Yes RDP will likely now be allowed

that being said most windows stuff is Core, so RDP isn't really a thing 🙂 but wont be a reject anymore if people use gui for sub

Damn

Cool

@austere sinew hehehehehe
DAILY PINGGGGGGGGGGG

bro also found vuln on USDA

are you allowed to say what it is?

xss

reflected

YAY!!! No more doing machines and finding CVE-2021-2XXXX.py in the /tmp or C:/temp

told ya

its everywhere

nasa next

nasa doesnt have graphql endpoints

i learned it that day

😩

vro they have input fields

xss sqli lfi anything is possible

true true

although its good if you have tunnel vision sometimes

thats why I found xss on nasa thrice because I looked for same thing again and again

thing is that soon you tend to not find anything anywhere after that

then you find new thing to get tunnel vision on

i only looked for like 10-12 hours combined

so i need to look more

maybe do some automation

thats a lot

i do have my fair share of skill issues

employ the use of google dorking

best skill ever

ever

ever

ever

look at this lol

I secure the bag than I go get it

🔥

I hardly look at subdomains tho

out of every 7 domains only 1 is online

I Wonder if it affected nibbles in any way bc something was ALWAYS breaking when I tried to finish it off

hey @small pond
its great to see you here
hope youre having a great day
ty for making hacking fun for us

Sleepy

use google dorking

it is SO useful

you will be addicted to it

i know what the basic gist of is

but can u give a practical example

Is that a lot for a BB

no

u can be looking for months and find nothing

inurl:"/admin"

tune it for what youre looking for obviously

i see now

@scenic maple whats the USDA domains scope?

im too lazy to log in to bugcrowd and check

there is a xml file below

just download that

tooooooo lazy :(

fnie one sec

shall we try htb labs now 🤪

lollllllll

"I use Windows btw :3", said no one ever 💀

Have you tried not being sleepy? Heard that works wonders

At a medium Pace - Adam Sandler is a good song

can I buy some?

Sleep? Unsure, I lost my stock

I use you btw

shall i dip my toes in htb labs

lol

Get your toes away from it. You’ll infect everyone.

lets order some

what's sleep?

With your unwashed ass

head first or nothing

Head First readers anyone?

Should I abandon the safety of the shoreline and descend fully into htb labs, where progress is earned through confusion, persistence, and failure rather than guidance?

@supple plume

https://tenor.com/view/stop-it-get-some-help-just-stop-please-stop-stop-it-meme-gif-26307878

please I don't have more emojies pg13 to express myself here

just do it

head first

@scenic maple
alaska department of transportation
CDC
arizona dept
BNL
alaska district courts
new york department of transportation
all national parks
washington district courts
library of congress
tennessee government
texas parks and wildlife
USDA
social security administration
maryland government

All are vulnerable

7 minutes to find

with google dorks

lol

plox dm

I move beyond cautious experimentation and immerse myself in htb labs entirely, accepting that understanding is forged only after repeated disorientation, missteps, and deliberate struggle?

struggle and suffer

in spanish we have a saying: Text with blood will be remembered by you

means if you carve this knowledge through pain inside your brains it will last longer than by other methods

Develop a cursed technique

there is no cursed technique just pain

I consign myself to a deeper immersion in htb labs, embracing prolonged cognitive strain, iterative failure, and deliberate suffering as the necessary crucible through which genuine competence is forged?

https://tenor.com/view/stop-it-get-some-help-just-stop-please-stop-stop-it-meme-gif-26307878

just remove the question mark and stop asking, just do it, some of us we'll be here to help

Yeah nothing here is gonna bite

Every time you google something then you do one pushup

Me when AD

Except echoes I'm pretty sure he's feral

@native plume is this true?

Let me ask grok

ok let me click "Start Playing"

good luck

yes

the isolated htb instances is such a good news btw

you dont appreciate the people who make the HTB labs until you have to suffer someone else's.

must be hard to make labs because so many places are not good at it.

good morning fellow HTB users!

XSS? Or what vuln class

XSS

reflected

has anyone heard of DIY liposuction

someone should invent that

fuck my dad has my car and i need to go to CVS

i want ozempic to compensate for this

It's less

Nevermind lmao

Quick question we had an enterprise pro lab unfortunately it did not reflect on my personal account.

Can I just copy and paste the flags or do flags get rotated

Nice, in the same component? Or just google dork for php/cfm/pl etc with parameters?

lol just checked how much is this course im gonna take in python 2.4 k lol

if i pass it its free if not rip....

Heya yh

fuckkit i gotta take the voucher

https://automatetheboringstuff.com/

@cerulean bloom pong

This book is free

I used it to help me learn python

yee but this is like official cert in my country

I'm just offering cost effective alternatives

fotcha

You can just use it to help

Cuz it's free

😄

ofc

thx

i need to pas this shit get a job get fired

new vocucher profit?????

Should've put "I find better crap in my own toilet."

Was there an update made to academy?

I cant react there so I do here

Go react go go go

Hey falcon

Was there an update made to academy

All of a sudden I noticed the modules I was working on just got locked for no rzn

Did your sub run out?

Yeah, I cancelled my subscription a couple weeks ago

Thats a nice update

Our own boxes for the boxes while we're on hack the box. Nice.

Unfortunately no more reset cries

That might be why if I had a guess

Is this the end of the tyrannical cleanup scripts

I don't think so

I want those cleanup to cleanup my fuckups

So if everyone is getting dedicated instances, what's the point of VIP+ aside from the retired machines. Especially with the 5 extra bucks?

Yeah but sometimes it's like, you change a password then it gets changed back on AD

Yep i got your point, I feel like now that we got personal instance
It can be lax

All depends on creator tbh
I don't remember any guidelines over cleanup

I don't think VIP can access a bunch of the retired boxes anymore they might've made that VIP+.

Or there was some other level in between individual boxes I think

There is no VIP

Oh then yeah the diff is you get all the retired boxes?

This sounds like my insurance provider.... "Why did my premium go up?" "Cause other people." lol

Falcon did 👎 on it

An admin has to add reactions for you to react

There isn't a VIP sub anymore also

Ohhh ok

Lol

So it's just a standard sub now

Any current VIP members will be migrated to VIP+ and then when its time for their sub to renew, they can either renew as VIP+ or they cancel

Idk I think the main diff was retired machine access

the VIP restriction on retired boxes are vulnlab content

and thats because they werent design to be done in the shared environment

meaning we had to lock them to VIP+ which had dedispawn