#general

live action roleplay?

let me finish this 80 tons of networking theory first ig

hiii

red teaming for example is mostly Active Directory, which needs extensive Kerberos knowledge etc windows internals

you dont need that much networking

i agree, the bouncer needs to kick out the chef for cooking steak well done

But you won’t be writing 0days often, that’s a vuln researchers job mostly

i see.. btw u suggested David Bombal.. what video or playlist of his?

and local tactics

even on non domain joined machines

which is mostly what I do

how much exactly then? can you specify?

I need to setup an AD lab tbh

the lion hardcodes privesc 0days into his payload that load vulnerable drivers

hi, im new. rn we arre 2 doing offlinea challenge htb
can u someone help us how to start? we do 3 very easy challenge before and this is hard for us

So you need to learn how packets travel through a network, how they're segmented, how a network is structured, how data travels across two networks, OSI model etc. You don't need to learn OSPF, BGP and things like that

they’re labelled “very easy” from a penetrate perspective, they’re not easy if you’re new

and that’s okay

some people find the easy boxes harder than medium or hard tho cos of the topic used but whatever

and the things in this junior path.. i need to hardcode them in my brain?

Strong fundamentals make everything easy

Strong understanding of how networks and computer work makes it very easy to see when something is vulnerable

ive been studying theory for last 3 days and it feels like im not doing anything worthy idk why but it feels like this

“oh wait they’re not validating user input and this thing directly queries the database?”

sqli in a nutshell

for example

Fundamental theory is braindead but essential

aim towards a goal that you like and google how this fundamental knowledge is relevant and essential and you’ll be motivated

i thought of completing network foundations section and making a complete map of it on a paper how everything works and all protocols etc evbery single thing involved in whats happening rn like how im accesing the internet.. whats happening under the hood etc

what do u say about this?

making a mental map of this structure once and for all

😭

map it to the OSI model

yup ill do that and one more thing.. i do like what i read in the networking theory but my brain feels overwhelmed by tons of it

you wouldn’t try calculus without knowing fundamental math

aghh i see

u also had to do all this?

when u were a beginner?\

yup

daamnnn

@stable tiger How do I make notes ionside of ntoes on Joplin?

can’t write malware without knowing how windows works

can’t know how windows works if I don’t know how computers work

Google it I forgor

what challenge do u recommend for new users?

alll this info just to be a beginner sounds brutal bro

did you assume hacking would be easy

There’s a reason it pays well

tbh cybersec feels like toughest field of Computer Science

bcos it is

my friends busy in web/mobile app dev and its super easy compared to this.. whereas im stuck nhere in theory feeling useless

write a HTTP server in C

you’ll understand C and a protocol

should i really do this? am i on that level rn?

If you struggle with theory try project based learning

project based learning

which is what htb is built around really

i see

practical labs to learn new techniques

is linux from scratch good?

btw one last question before i go back to my theory learning

depends

do you have motivation issues

Not really, I love learning

you’ll really understand Linux if you do

will AI kill this field? is this field saturated? i often see very very less views on yt videos related to cyber sec

Especially with stuff I'm interested in

No, yes

This field is saturated at the low level

This field is not saturated at the high level

is it saturated yes

will AI kill it no

I think AI will help people in the field, not kill it

kind of at the high level too

its saturated everywhere

Explain in htb certs terms.. What is low level? what is high level ?

but, the trick is just: being better than everyone else

lol

low level is, its saturated in terms of beginners who are getting into the field

high level as in, medium-senior roles are less saturated

so

cjca = saturated skill level?
cpts = less saturated?

you can say that

one thing though is that specializations are not saturated

thats if you choose to commit and go deep enough

well..
do u recommend me to take cjca exam after learning all modules or go directly to pentest path and get cpts cert only?

cpts is very hard, so no. recommend starting with cjca

ibraheem, I'm not in the field but I wouldn't try learn everthing even though you said no compromise. Specialise and prosper

bruh i understand but its my bloody ego which makes me like this

internships etc depends on your country

what they look for and such

well im glad i didnt directly jump into pen tester path

you can transition

thats not a problem

i have searched the whole web and i found out that rn cjca path is the best one out there.. nothing is better than this

for a beginner

exploit dev is not saturated

I mean

how do i discover a zero day in the windows hypervisor?

its fairly new so

Don’t read above but if you’re wanting a job certs are only 10-20% of the battle

exploit dev is not new

kind of kind of not

real

ez just be @exotic pendant

like that's really insane

game cheat spotted

can someone get job without any cert? purely due to proof of work on github?

I can feel my motivation coming back so I might hit back at hyper v

HYPERCALLS
HYPERCALLS
HYPERCALLS
HYPERCALLS
HYPERCALLS

yes but you dont have the project

i dont really play games anymore

I know plenty of people without certs but a 10-20% does help

im just looking at MSRC's website

@exotic pendant have you used this before? https://github.com/doyensec/electronegativity
its kind of just a vuln scanner but its good at mapping out the attack surface

find me a vuln in the LSAIO enclave xx

If you have 80% of what they’re looking for like experience

i see

Then certs Arnt as needed

what kind of vulnerabilities did you discover? i'm genuinely interested

I got a lot of my professional experience from being a sysadmin and bug bounty

did they pay you the 6-figure bounty?

Hyper v escape -> UAF on host

damn that's like 250k

Plus it works as a rdp escape

Rdp host -> connecting host

have you popped a SYSTEM shell on host?

No user

i have

prove it

Doesn’t mean it can’t be chained with another bug

So it’s still sexy

wdym prove it its patched 😭

Time for the gym

usermode rce -> privesc is easy to chain if you have them both

cve id?

i mean you said "i have" so i thought you're still able to

no

ah i see then

popping a system shell itself is easy. how you do it is hard

^

yeah i meant what vulnerability did they leverage

uaf

cloud driver for the privesc

ooh that's cool

drivers yum

@stable tiger do you have any CVEs?

that's the million dollar question

I have one

critical?

Nice, which one?

if so can you reference the CVE?

none that ive found

that werent already currently reported

I thought you had like ten

theyre a cve if you report them to the vendor

so you aren't a zero day hunter then welp that's frustrating but also cool to see some experienced people here

zero day markets pay a lot better

CVE-2024-35203

having cve != not being hunter

Together with @austere sigil

they denigrate your reputation though if you're interested in a career

^

Oh okay

no they dont lol

i meant prominent hunters do usually have CVEs with their name credited

Nice, gg

Thanks

I wish I was a hunter

cool dude keep it up

With a bow?

Sword plz

Put sword in bow

I slept 1 hour

For whatever reason

Shooting dagger from bow would be sick

because i started with malware development lmao

yes getting you arrow and bow now

what I meant is that bug hunters dont need a cve as a prerequisite

has anybody here achieved OSEE?

osee isnt that difficult

that's like top tier shit

Probably some

sans sec760 is top tier

isn't that a kind of more niche

no?

no

sec760 is 0day hunting

sans is THE top

osee is entry kernel exploitation

it is?!?!?!??!

offsec just glazes it

how much does the course cost?

oh wow never heard of it

sans or offsec

Much much

offsec u can only take irl

sans

oh

sans is like 9k usd

its fucked

stephens a great guy tho

Yeah pricey

:P

so youd learn a lot from him

thats my yearly college fees

lol

Damn

Choice between

Bachelors degree

or 4 SANS certs

the OSEE has so few holders because it's only done irl

ahh i thought you could take it remotely

nope

no

thanks for clarifying

even remote exams have intense proctoring

sans sec 660 and 760 is the best way to exp dev

I wanna :(

but no $

if you want to learn free id say start from what people used to do in the 90s, reading shit like shellcodes handbook, art of exp, smashing the stack for fun and profit etc and then moving into more modern shit like mitigations, bypasses, heap spraying for eg etc

i wanna too

they cover v8 exploitation

meesa wanna learn chrome sandbox escapes

sandbox escape is easy

jk.

xsalsa giving fed

WHO HERE CAN FIND 0DAYS.

it is interesting tho

electron apps are juicy

for sandbox escapes

yeah but thats electron

also: windows

no linux for exploit dev

Girl at the gym said I look bigger

didnt they patch like 114 security vulnerabilities in the last patch tuesday

Hopefully she didn’t mean fatter

the lsass rce fix isnt even a fix

w rizz

Not the girl who I wanted it to say but still w

they removed two things in the caller functions and they didnt fix the root issue of the UAF lmao

then if you can bypass it, report it again

holy shit that's what they get from incorporating ai into their windows source

yup

winbloat

what if, today

you meet anatoly

i promise you everyone and their mother has found it

you can find it with one patchdiff

but no one might have reported!

and*, I havent found it

I havent even searched for it

is it a win11 thing?

the moment an lsass rce drops everyone is bindiffing it

if so, no way

ye

what is a bindiff

honestly when i first switched to linux i never thought i'd not see low ram usage

checking what changed between old version and patched

ah

usually done to find the original vuln and write an n day

but in this case its just not a good patch

how do you reverse a patch though?

they just drop an updated dll (or whatever the affected component was) right?

most windows applications have debugging symbols

believe me microsoft and good patches are very distant friends

you just pull the fresh binary and provide it to windbg to generate psuedo-assembly code, also grab the kernel symbols

they had to patch a web vuln I found THRICE

because I broke it the first two times

https://winbindex.m417z.com/

and you use the website referenced to notice the previous patch

or just use ida or ghidra or binja and have the pdb files downlaoded from microsoft

and just use winbindex to get the two diff file versions

yeah that's a reliable way too, but doesn't IDA Pro cost like a thousand bucks?

ghidra

you also mentioned ida

i did say or

i wouldn't bother asking then

I want to get another CVE tbh

it's very time consuming though

lazy and tired so far and NOT willing to talk to mitre ever again

my last one (also my first one) took 3.5 months

can you provide the cve here

i kinda want to see it

also is it included on CISA KEV?

uhh never checked tbh

CVE-2025-50567

its CVSS 10

:3

real

you seem quite interested in 0days

is there a reason

https://tenor.com/dp8Ipa87LlS.gif

/j

yo that's a solid SQLi here dude

ty

oh its on CISA-ADP

fuck me i need to reconfigure burpsuite now

i kinda checked msrc's bounty program and i saw the astronomic bounty they pay for critical hyper-v vulnerabilities that potentially affect the azure infrastructure

whats ur previous experience

@exotic pendant shoulda reported to mark not satya

honestly so far i might have stumbled into a heap corruption in a core hyper-v component

shoulda reported to sundar

shoulda reported to whoever zerodium got replaced by

sounds interesting

what you got so far?

me and the gang leaving vulnerable rdp on a box just to use frosts rce

honeypotting!!

did you confirm statically?

im saying this because I made this mistake multiple times

for now actually? yes

oh thats cool then

is it deterministic?

you really nailed it, yes.

??

if you can manage to trigger it, report

i'm actually talking seriously lol

i'll see, thanks

there are no documentations for it or any CVE record at all

that is mostly expected

alright ive got kali setup guys

no need to gloat but i had too

Hello everyone! New member Suraj here, passionate about HTB labs and cybersecurity. Excited to learn from you all!

arkham goon

install gentoo on ur mums laptop to become 1337

🔥

without her noticing that it isn't windows

OH MY GOSH KALI UNDERCOVER !13813481818

Frosto ready for the weekend

Soon

it's the start of the week

😭

oh yeah

am i 1337 now

yes

Lmao, I tried Gentoo once, but mum slapped me 😂 Sticking to kali now - any Starting Point tips?

do not use Kali baremetal

use it in VM

i honestly dont remember wahts in stp

Why not

https://github.com/grassmunk/Chicago95

Yes, I used it in a VM

im already on that

Frosto just uses windows but for the few times I need linux I have a windows 95 theme on it

i was using windows till yesterday

till i ragequit

Linux has me rage quitting ngl

arent there some tools which are on linux but not on windows?

arch is fine

I mean all linux tools mostly have windows equivalents

Plz install dependency on dependency on dependency

Like what

arch is probably the distro which makes the most people ragequit

debian issue

idk, there might be

*cachy or manjaro

If you find one let me know

or endeavour

I’ll tell you what I can do in windows for it

@exotic pendant lee-nux or lie-nux?

lee nux

Lin ux

the linux kernel

dont say WSL2

Wsl

wsl 1 doesnt count thats pico processes

im probably the only one here who says lie-nux

wsl 2 is just a vm

so that doesnt count

What would I need the kernel for

If I’m fuzzing I’ll use qemu

Damn this auto correct

qemu works in windows?

Yes

i thought it was linux only

ofc

lmao

no

people dont use windows 11 because windows 11 is shit

10 was great

i use 11, im used to it

12 wont work till natya sadella steps down

my linux crashed and i just stopped using it for now

try 10 in a vm and you'll cry like a man viewing his final sunset

ik how good 10 is

unfortunately it is deprecated

it is nice to not have to hunt down drivers

I still use 10

I use 11 but make it look like 10

I do use 10 in vm

for testing

thats like getting a BBL instead of going to the gym

Only because I was forced to use 11

oh real

Forced bbl

i use 10

in a vm

frost can i have your linked btw? 🥺

*linkedin

htb users repfarming

You’ll have to find me but I don’t like associating my personal with online

fair enough

I’m not hard to find

I got my certs listed

wait can you send your twitter again

he's from Pizzatown

you're trained in osint

go use it

dude

shut up

google his username dawg 😭

he has a slighty different username bruh

pls shut up, no offence

https://x.com/frostb1ten

spot the twitter

yea i forgot you had a 1 instead of i

Most in rust

Best lang

@undone fossil

I already found you and sent you a connection request

when you gonna accept

can some spotify enjoyer visit https://developer.spotify.com/dashboard and tell me if creating an app is disabled for them. its been like 4 weeks now since they disabled this and idk if its because i have free or whatsup

I have no pending

uh

i'll resend sec

ur being used as an example of why rust is bad but you love rust

so funny

That was because I made the poc public

reply to him and say you love rust

Low level also gave me a shoutout

Funny how the same vulnerability would've been found if it wasn't Rust

crazy

It’s in almost every language because how win api handles input

yup

RUST IS OVERHYPED and its a winapi issue

Rust was the only one who said it’s not a feature

@exotic pendant can you write up a list of exploit dev 0-hero resourcs so i dont need to keep explaining it to people who join

thanks xx

2016 was 10 years ago

no shit

thats why 2026 has a 2 in it

(i am joking)

@exotic pendant

dont murk me

I think mine is still there somewhere

apparently I sent it 3 months ago lol

Dm your acc

Dang it was one of the pending ones

isn't it just: look at what the APTs are doing?

no

we cant tell them that

Wtf lol

they need a beginners guide or they shit themselves

Bro was jealous they didnt find it smh

also tbf apts are usually just writing bootkits

well... that is what they need for their use case

yeah but thats very easy to find resoruces on

https://github.com/TheMalwareGuardian/Awesome-Bootkits-Rootkits-Development

for example

https://www.youtube.com/watch?v=oa2i7JsGOHo

https://www.youtube.com/watch?v=8Uw6Tq4rw2s

stephen my king

Can't lie a lot of the same concepts apply anyway so it would be a good thing to learn

we love secureboot vulns!

@crimson elbow

seems up your ally

Frost lifting so heavy my whoop though I was powerlifting

i powerlift

365 bench today

frost what you squat

i need to train actually

Lately just 495

my sleep schedules so fucked im noncturnal and hitting rpe 9 squats with no spot

😭

guys im so 1337 i sleep during the day so the #feds and the #glowies think im in #china wow 1337

https://www.youtube.com/watch?v=zpDrIvF1NiI

this is me rn

how does it track?

The one fed reading your messages:

https://tenor.com/view/write-that-down-taking-notes-school-universities-university-gif-17937210

I can find you

I can find.... anyone

-# because im with the NSA

-# /j

the feds when they see my qubes os box that is unused and simply there if i need #opsec

So can you find my future wife?

https://tenor.com/view/checkmate-check-mate-got-em-gif-6408903245572515122

im working towards a job at the aussie nsa equivalent

their pay is crazy

jim im a doctor, not a magician

also being a government apt sounds fun

writing exploits and bootkits all day

now I know you're from australia

gg

#doxed

i think ive vaguely said my city before

Stress, heart rate and motion

people finding my identity isnt an issue i care if they see my open powerlifting

and sleep

IF you sleep during the day in australia technically you're awake during US daytime

thats the main reason i used a whoop pre apple awatch

oh you're wearing a watch or

It’s faceless

But I have an Apple Watch on also

oh interesting

most of my messages are at 5 am when im working on my projects

Whoop is just a band, no face

wait till they take over australia, then you'll be in US daytime anyway

kinda sucks they made whoop a subscription

I should be asleep right now ngl, I have work in the morning, and then again at another place at night

I have one of those band without face things

nah frost gets a pass

but I forgot the brand

fitbit?

ive got really fucked insomnia

maybe

he can actually write the language and uses it for reasonable things

takes being a 0day hunter to write rust

live love laugh

if you've got insomnia, just sleep

/j

(this is a joke from an insta reel )

my psych had me on valium for sleep bro 💀

Gork plz write me hello world in Rust

is that supposed to be a controlled substance?

Prob why the psych gave it to him

And not him buying it at the store

I mean one which is trafficked

those are the controlled controlled substances

australia

adderall is illegal in aus

oh 👀

you can get straight actual meth perscribed for ADHD here but not adderall

wtf

isnt that uh

kind of mixed up

am i 1337 now #edrbypass with that #signeddllonly

#rustdev #0day #blackhat #clumsylulz

yes

you can be walter white but not medicated

Beautiful lang

yes but frost

you know your shit

rust devs dont

*insane

rust devs when claude code pops out the unsafe keyword and they dont know what it is

should be the other way around ngl, it should be safe cos the programmer gotta guarantee that the code is safe

ur spitting

'claude write me a python to rust compiler please'

python or rust? best one for cyber sec issS???

assembly

wait no youre new

learn python first

please don't learn rust first

Hyy

😭

actually I change my mind: Do... dive head first into: smart pointers for async, and the wonderful world of generics and traits

im a cs student and i have studied assembly

though not deep but i do have some assembly knowledge

youre a computer science student but you just asked if rust or python is better as a first lang?

If you're a CS student you don't go into Rust or Python, you dive into C and winapi bugs for cybersec

custom winapi functions !

live love laugh

ur getting it wrong.. i heard that rust gives better control i am a cs student but not much familiar w rust.. i can code in both python and C rn

python gives enough control

depends on usecase

as with

all things

ever

Learn Go

ur gonna summon froj bro

hmmm

btw

the entry level of which field is more saturated? what do u think? web dev or cyber?

at this point cyber is as saturated as web dev ngl

literally every other guy around me is dwelling into web

at entry level

only me and 2 others in my class are into cyber stuff

its lesser saturated at medium and high

I think its like a pyramid

exactly, you know how many skeeds are watching a this one xss payload video and then proceed to complain on hackerone

cringe

if you’re in the US

Its better

right?

Shits unsaturated here

Life’s good

and also i heard many people quit cyber

I mean maybe

people don’t tend to like difficult things

to become farmers that is true

I got three offers from US companies so idk

for internships*

two of those and one for a part time job

It's one of the most burnout heavy roles especially in SOC

okay thats also mostly because of connections so

I guess I dont count

either ill become good at it or ill die trying thats all i can say now after so much junk fed into my brain by people

who say cs majors are cooked

yeah I’d fucking kill myself being a soc analyst

might be cooked in finding love but definitely not cooked in jobs

what about Incident Responders?

cs majors are cooked because 99% of cs majors are incompetent

where do you think incident responders start?

well i have found love already

job is the thing thats left

my philosophy is

everyone is your competition. so your job is to be better than everyone else in one way or another

maybe slowly but surely

Its especially difficult when u r a newbie

just start writing iOS malware

turn around and have a happy life, cyber consumes all that you are and you love.

go join the NSO group

i did realise that cs degree alone is just useless piece of junk ngl

if the amount of time one spends in doing a cs degree is utilized in a specific domain then it would be 100000x more fruitful... ill graduate next year and i feel useless

so thats why i decided to pick cybersec and drill into it

3rd year of college?

a cs degree could be learnt in six months to a year

nearing the end

of it

You have any security related placements?

Because those can be invaluable

i dont think so

Any CS related placements?

even coding or whatever

people dont give a shit about security here unless they are hit like a truck by a hacker

lol

which country?

probably

most of the world is like that

Pakistan

unless it's a compliance thing they don't care about security

like w1ld said

still, if you can get a placement, go for it

now.. the cyber scene is top notch in the capital city and some other major cities

because you need experience

but in my city no one gives a shit about it

and guess what?

i live in the city

where

Bin LAden was captured

lol

you mean when he got headshot and that wasn’t in a city

No wonder Bin Laden was captured, they don't have high standard of security

cant stand up to 🇺🇸

as venezuela learnt the hard way

world war 3 incoming

We love orange man!!!

well as per CIA he was captured in my city in a town named Bilal Town which is like 4 kms away from where i live LOL

@novel oriole are you planning to do a masters?

@novel oriole you’re cooked

who knows what reality was.. nobody saw his body and multiple different agents have their own story in interviews of how they were the ones who caught him

they literally shot him

yeah

why would they not shoot him

yes, but abroad hopefully

yeah, it has to be abroad

maybe UK

ill do master only after CPTS completion

I promise you a masters degree looks better than the cpts

otherwise ill be useless .. or atleast ill be useless in my own eyes

well if you have determination its fine

well my parents even agree w UK but UK is kinda boring as my cousion is doing CS from there and he says market is messed up

just be sure to really nail in the academic stuff in order

either UK or Germany

i really wanted it to be the US but US guys are onto something, the ICE are kicking their own native citizens lol.. what would a foreigner do

I think the student visas for UK got tighter too but its doable

that is off the table 🤣

ofc its doable im not denying it but the country is messedup rn as per my cousion

what UK?

yaa job market there

Yeah I mean that is sort of true but

never mind

i prefer Germany ig or maybe finland

just dont do masters in your current country

language is a barrier which im willing to learn

oh for sure

germany is cool in that regard

you know, you learn the language and you dont need to pay

german language is ugly

or you get scholarships

its kind of similar to english ngl

rn i have holaidays like till late march and i wanna get CJCA or atleast finish the junior path modules if not the cert before i start uni again

except it seems more rude

Ngl with your knowledge half that shi gonna be boring af

Germans are organized as fuck though tbf

and some words are spelled like a kid spammed a keyboard

Very very very punctual

im already dying cuz of this heavy theory

but do i have any other choice? am i going to give up? am i not worthy? i dont think so

well yes i can transition to web dev.. i have a very very strong foundation in JAVA but i dont want to do that im fascinated w cyber stuff

Java isn't used in webdev...

backend dude

It really isn't

oh but it is

it is...

What abomonation is this?

It is, but not in recent times

its mostly used in legacy stuff

which cant be replaced with anything else

alot of legacy systems are on java

ALOT

Any hacking today?

one of my previous jobs was handling whole auth part of hpe support portal. WHOLE backend regarding to that was in spring java

yas

JAVA is still going strong.. still among top 10 languages

discord hacking

what the actual fuck

just learn java and get marry bro

its impossible to migrate out of it wild

java is like crack cocaine

what about that kid in me that wanted to become a hacker? should i disappoint him?

💀

just learn as you go

just learn go and asm and buy a camper bro

bars

website running on a virtual machine with a garbage collector is crazy

one thing
if you get a job in another IT field like web dev or dev for a couple of years or so, you can transition into security more easily

this is what I've heard more experienced people say

honestly.. its kinda of an egoistic problem w me.. i can be weird.. i see 99% of the people around me going into the dev stuff.. i dont want to be among them.. call me stupid or whatever but this one is a psychological issue

https://tenor.com/view/alpha-wolf-sigma-male-gif-26562640

this you twin

I'd say that's a good thing if dev is your passion. Don't just chase something because it's unique, chase something because it's what makes you happy. If you go into cyber then you're gonna meet a lot of people in cyber and then 99% of the people you know would be in cyber

Most people I know are in cyber

If you strive to be different, you don't have to pick a different job. Every job has millions or thousands of people doing it

as i told u before im also fascinated by cyber as well so theres that

Being surrounded by like minded people is a gift, not a burden

I wish I was

lol

this is why we yap in discord

hmmmm

but yeah

here I am

if you strive to be different you should be unemployed

so thats good

i wish i got that gift too

and try Arch

irl, no one gets cyber lol

That's why I joined

I know one guy who is great at programming and is great at AI stuff

thats about it

It's the whole reason I became a mod... totally by accident btw

"and try arch"

ik VERY FEW people irl who do cyber

btw

well thats better than me

I know 0

yap enough on discord and it can land you a job too

funnily enough I know a lot of blue team and engineering peeps

i know a few and theyre all smelly

i know 2 but tmk they are just running nessus

security engineering that is

I mean my family know a bit of cyber now because I yap a lot

lol

Meanwhile my fam when I yap about cyber:

my wife can explain XSS because I find it so much in bug bounty 😆

https://tenor.com/view/glee-emma-pillsbury-nod-nodding-yes-gif-3737306875204656768

im actually happy cyber is not as common as dev, less competition for me

same, basically everyone in my family can explain SQL injection

less but more

It's still a huge competition because of Indians

😂

and cybersec youtubers hyping it up

I dont think cyber is heavily competed in India

dev? yes unimaginably

@usama0 @brathadair @nlte @devout sail

its not

dev work is insanely high

tbf I'm happy that dev is competed in India

Its a good thing

Yeyyyu

what is not competed in India?

good thing unless you're a dev*

good point

dev in the big 26 🥀

Me

well typically

you need to build applications

lack of a degree for one thing

as im finding out now

I have no degree

I'm a dev
*professional chatGPT prompter*

two degrees, a vibe coded website, certification

pretty sure you can get a cybersec job right after school
if its remote job from another country, then college degree maybe also not required

lie that you know all languages and frameworks

skill issue

lie and say you invented all languages and frameworks

you mean anyone in general?

you in specific

I invented the windows api

and you also have to commit to the linux kernel regularly

ah I want a degree lol

I invented silicon

is it possible to never find a bug when ur participating in a bug bounty event?

bars

of course its possible

lowkey if you understand how transistor works, inherently you understand everything

it has three prongs

do I understand everything now

I invented a scalable, industry-agnostic frameworking templating engine for JavaScript with microprofiling of multiprocess-archiecture

mfw lack of voltage = 0 and voltage = 1

the job is yours jo

like.. there are godtier bughunters.. they might find it before eveyone else 90% of the time

hired

bro has the chance of skipping all main quest cause of his high level and still chooses to not speedrun

who needs to write assembly i memorise opcodes

everyone from my great-great grandfather and below has a dual degree

so

they dont have a CVE though

you do

That's why you need to be fast and skilled. Low-hanging fruits are picked very fast as far as I'm concerned

welp

its annoying

no one replies

skill issue + level up + cve + ezpzp $$$$

when are you going to get one?

idk, im not as good

wife material

nah, its a matter of when not if lol

might as well start trying

just one more week and they'll reply

lol i struggle in HTB machines

💔

https://tenor.com/bsYm1.gif

microsoft and mozilla havent replied

neither has the other 3 on bugcrowd

neither has openai

we all do

I guess

no one replies anymore

post the PoC publically

for all of them

if they dont reply its on them

nah its been a week since the last reply lol

just need code review skills

same, i'm sitting on 11 pending bugs