#general

Ik

So is very interesting, it can be use with C2s so the port is "close" (application layer) and then the interface wait for a specific sequence to open the port

so you hide the server

I'm tired

like knocking a door in a specific way and then it open

Yelling read the Bible and then linking the mitre framework is funny to me lol

it seems like my connection to the box is rlly unstable. it keeps flashing from "connected" to "connect"

it can be also use to hide port 22 for example

I would love to clarify something for you

so when you do the initial nmap scan port 22 is not there

You don't connect to machines directly

You're connected to the network the machine is on

Was reading it, might study in details later

Your network connection is what is unstable, not the target

do the box Nineveh if you can

No vip

oh

so the wifi im on is trash?

Hmm my seasonal rewards are rotting
But I'm lazy to use it cuz I know I won't be using it much

I mean that's what it seems like

Have you done any network tests lately?

No cloud, currently many people are having such issues

Awee

Check #1469754264372117698

Nevermind then

Especially EU

i run the vpn and it keeps saying
2026-02-11 14:22:25 Restart pause, 2 second(s

It seems that HTB servers are having issues

So don't worry about it, nothing you've done 👍🏻

thast why?

Ya ya

wowwww

ok

How fun

Download new VPN file for different server (TCP) and connect, if it connects
Spawn the machine on that network

this whole time i thought i was doing something

I mean

It could be a coincidence

i probably still am 😭

give it ot me

Exactly lol

i pay you cookies

i alr got a new file

it js keeps disconnecting

Can't transfer or there will be HTB black market

Which server?

Go for US or SG

https://tenor.com/view/wink-eye-wink-gif-3023120962008687924

us machines 7

Ok don't download any which says 0 beside name

Idk if that's latency or user count
But those doesn't work

yea i just think the severs are lagging

im just gonna try every server

Hehe i can't evenr recommend vpn now

All i remember is I used vpn 267

The ID not name

At this point just

Give it some time

They'll resolve it

people this is cool as fuck
https://worldmonitor.app/

whats the command to disconnect from openvpn vpn

You Ctrl C the terminal running the command

I dont need to study more cyber sec i will just open that panel and look at it

sudo pkill openvpn just to be sure

Ctrl C is "stop" when something is running in the command line btw

ik but i did this im still connected

ima js reset vm

I hate it when people at work type "clear" instead of Ctrl+L
I keep telling them and they don't want to use it

Sudo pkill openvpn does this

All that does is kill all processes with the name openvpn

im trying us machines 4

well is not the same Ctrl+L does not really clear

you can scroll up still

sometimes is annoy

Doesn't really matter lmao
They just wanna clear screen

xD

It's cls

Tyvm

export TERM=xterm

clear

now im running the vpn file and now it says my certi not valid

wonderful

wonderful world wonderful people

why did pterodactyl get 2.7 stars 💀

maybe b/c some of the path kept failing unless you reset the machine and/or changed release arenas?

im gonna do a different machine all the other ones have like 4+ stars

Do Hercules

im doin

browsed

its medium

i can only do medium or easy

Are you doing academy?

Super Easy challenges are fun also

hello chat

Yoo wassup

Not much. You?

Normal vibes

Nice

Yep

Any hacking today

No, hacked too much already

Gotta leave some for other people

😂okay. I see I'm talking to a legend 🫡

Hahaha

Respect 😌

Bro I got your ip

127.0.0.1

😆

Omg I'm super scared 😳

😭

Hahaha

I got a question

Sure

I'm trying to pass a username and password through burp repeater. I'm still finding it difficult to pass the values

What do you mean? It’s just entering the values?

What is the way to contact hack the box store. I tried sending mail to their email. But no one responded.

Might just be best contacting support

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

If I use the form on the site, it logs in as a standard user but I can change the cookie to that of an admin.
So I intercepted the request and want to login via burp as the user and change the cookie

It's a portswigger lab btw

Trying to hack Carlos eh

Naa I have to delete him. I know don't what problem portswigger has with him 😂

Poor Carlos. Being cyberbullied

Justice for Carlos 😂🫡

Carlos knows what he did

Can two people have the same username on the HTB labs platform?

No

So if someone posted a screenshot claiming they pwned a specific machine, but my friend couldn't find that username, and created his account under that username, that means that someone was capping? lol

Yep

C'mon I've seen 2 users always. Wiener and Carlos.
Why does it always have to be Carlos who gets deleted 😭

Dam, that's crazy

Every account is searchable complete with a history of boxes solved

BRO ISTG, I was thinking the same today

I've just completed SSRF, and poor Carlos

Congrats 🥳
I'm still on the basics

And I'm finding it difficult to login through burp. I've intercepted the request, I have the creds but I can't pass them through repeater to gain access

screenshot of what your repeater screen looks like

I did CRTP, and penetration Tester path, but forgot to do Portswigger first, so im back to basics :')
(I was suffering from getting initial access to machines)

U cool if I dm u

sure

Thanks

where is tfucking export url profile htb labs

I havnt done the lab itself but might be able to spot if theres a syntax issue

I've no clue

https://app.hackthebox.com/profile/1487959

ts loads for u and displays my profile?

@molten bobcat

I'm on mobile and am workin atm

I can't check I am sorry 😔

i swear on hood if htb changes ts while im writing a cv

im deleting my acc

and destroying the whole htb infra from g0blins account

I just retested a flaw I reported that was supposedly fixed

Yes, I can’t send th parameter anymore that I paid the full amount. But I can still send negative qty 😆

partial fixes are fun

Yeah

@signal mica if you sre curious

Yes, it does show your profile

But obviously I’m a good guy and I reported it responsibly, again

And there is a graph showing boxes solved

As wellnas activity

I report the same htb issue like once every year

thanks man

Np

https://tenor.com/view/geto-suguru-jujutsu-kaisen-jujutsu-kaisen-season-2-suguru-geto-gif-16299446290527617472

Im back

No

whats with all the redirects and shit man who tf is writing this backend

ChatGPT-1

not me

this is what happens when htb doesn't offer me a job

fr

Didn't know azomax was actually a hacker

At least they saved themselves from a DROP DATABASE

I thought he just meows here and there

😾

why all the beef

Love you

https://tenor.com/view/dance-moves-gif-9472470858311093882

That 97.95% is annoying
Make it 100

How many challenges for 100

400

all

xd

Like all active content should be completed?

ya

for omni

Machines and challenges only i assume

@austere sinew wake up

ea despierta

@austere sinew

ME GUSTA LO MEJOR

WOLO

VAMONOS

I gotta steal laptop

And get all challenges

Get me a coffee wolo

And some Cadbury

it all in my head

https://tenor.com/view/love-and-light-gif-15591110

So stealing a skull

https://tenor.com/view/in-your-head-dolores-oriordan-gif-12462567

would work as an ashtray after i become omni

id probably hit some chinese mountain and master wushu

bodhi after that

Hit some 😏

shie forgor to dm shawty today

https://tenor.com/view/nub-cat-nub-silly-cat-depressed-smoke-gif-3629985485049762088

Issok

I'll take care

@native plume he forgot to dm you, so fuck you
Don't bother him anymore

U dont want to do the pro Labs?

I just want my exam results

100% passed

It was nice to have a fresh challenge that required

Thought

They are probably busy in this love week

Even if I'm still exhausted from it lmao

What’s your next endeavour cloud?

Cover the sun

I'll decide after I get my results lmao

For now I'm BIG CHILLIN

The struggle is real

I have documented a lot today huge documentation task

Maybe I'll just emulate frost and go to the gym and start studying web lol

You can't eat that much pizza 🥀

Unless you replace the cheese tho

Lmk if you have CWES struggles, I know a thing or two

I'm a "one thing at a time" kinda guy

But ty ty

the nypd are a bunch of scumbags, I left my final email to them as Evil people deserve evil people around them.

@frail turtle

because they couldn't get in touch with my place of work from 2021 they wouldn't hire me after a long beaurocratic process.

@supple plume I'm starting to get into the basics of HTTP

Good

I was like how tf is that my fault

That is fundamentals to understand web

Just learned the vulnerabilities of Front End area

You know a thing or two?

HMMMMM

Maybe three

All of them?

whatver most nypd get sent to the depths of hell, they deserve it, all those neighborhoods full of gangs

thats too much, brain explode

https://tenor.com/view/sunlight-photosynthesis-eat-sunlight-taste-gif-16873599

Start climbing

Its epic

Almost finished, moving to components of back end after that

WHAT

Hard to believe tho

There is a lot in the frontend

What is this?

discord had their users IDs leaked via the third party they outsourced their verification to

it happened I think in 2024

and now they are doing it again

i suggest clicking the button

Classic discord

Holy hell

No way

I'm not clikcing that

Heck no

Also discord is going to block all accounts by default unless they verify age via 3d face scan or ID

its a rickroll

lol

lol

Oh I didn't fall for it

That's a simple phishing thing
Just harmless

lol

I scanned it

I was about to start sending dubious pics

nahh emma is trustworthy

Nothing but every single anti-virus says its safe

but discord is not

i'd never post anything that'd actually get censored here 😂

what rickroll requires age verification?

Throw bricks at discord

lol

some weird ideas are coming out of my mind rn

dont do it

I wonder how many blackhat hackers gonna hack discord after this update comes out

and dont worry guys i will invent the new websocket based web chatting site we will all migrate to

Every single person's personal data

Gone to dust

the better question is: how many groups will "claim" they compromised their db?

Dust

i think discord uses websockets

-.o

Do they really get it or fake it?

I haven't slept in over 20 hours again

some groups just try to threaten and others actually have solid proof that they have hacked the company

Skill issue

happens a lot

I wanna play chess

Let's do it

Well I trust the people who actually hacked it so they can show how Discord cant protect their pathetic platform

But I also don't want to

yeah discord uses websockets

what's your record big boy? 👀

Wantn't

Wdym

Mine is 30+

dude it's just the phone number verification is enough

discord is just being hostile

Lmao

To their customers

why would they need more

Including us

what's your record in terms of hours awake without sleep?

Ok so which chatting platform we have than this one

yo

Tell me

We have telegram

.........there's so many out there

Let's start a telegram channel

I guess 2 nights but that's just brain damaging, skill issue is not sleeping good regularly

@supple plume Coming to Back End

How about TeamSpeak

yea I also lasted two full days without sleep for a hackathon

Almost same as Discord

do not ......DO NOT lose sleep

and that night when I slept I had a cramp

;c

Good, let me know the progress

It's not good

Nah sleep is optional

Sleeping bad is terrible

Sure, living is optional too

So dying is

Yeah tbh

I mean

Why

Living is optional tell me

not getting enough sleep promotes aging, and a bunch of absolutely terrible things

use a blue light filter

I'm a night owl

on your desktop environment

if you spend a lot of hours on pc

we are the sultans of swing

Because there is a checkbox that says optional

convertible roof open

smoking a marlboro gold 100s

Turbo

It's so hard to sleep when you have ADHD bc your brain won't shut up

I really want to smoke tho

leverage this

Skill issue again

tell your adhd to be quiet

When you don't sleep for so long you start tasting blood in your mouth 💀

I'm working a threat hunt

i solve boxes sometime

Rogue network device

The brain will stfu if you exercise hard

no

it wont

haha

Exercise harder

Should throw bricks at myself

did you find it?

The only way is to take a daily intake oh glutathione it make me go to sleep VERY fast

c1oud slept with a lot lizard

180kg leg bench

Melatonine pills

But glutathione only come in beauty pills so like

thats physical exhaustion friend

doesnt work on the mind

i tried

Now we're talking

i can smoke za and my mind will shut up but then i stop dreaming and thats the terry davis road

i dont know that sounds like alife of suffering if you gotta tire yourself out physically to get sleep

Yeah

People are just so lucky that they can lie down and then just fall asleep

im...about to do that right now

I had to work on the fields for free today just so I can sleep

https://tenor.com/view/cats-cat-cute-cat-hugs-cat-hug-gif-16465471762657874612

i envy them. you should try concentrating on sleep OR meditate before bed with a singular thought. works for me sometimes

it best advice i can give to a fellow adhd

Best is

Play a video about someone narrating a story

you know what I envy? I envy not having that orange colored name because reasons

Background and auto turn off

And not frying eyes with blue light before sleep

You'll get to dream it while awake

And the. Fall asleep

Maybe read a book instead or smth

i mean the blue light filter works pretty well for me

how tf u have cpts but skid rank. why not solve like 8 boxes and you are like hacker rank

because I dont wanna be a hacker yet

i need ajob ;c

https://cdn.discordapp.com/attachments/1287641159547486218/1468198848672301212/image0.gif

Ok hand over cpts then

Rn

I get too anxious of falling asleep with the phone on

So after you get a job you will come back and get hacker badge

I need a job working more on hacking isnt gonna het me a job

you have a job you said you failed that jump over fence on physical test months ago?

i passed it i almost died doing that obstacle course

love how shit like this IS PERMAENGRAVED IN MY BRAIN

That is why it should be set to turn everything off automatically after the video ends

SAVE ME

I WANT TO BE ONE OF CHIEF KEEFS STUPID COUSING DRINKING LEAN ALL DAY LOOKING STUPID

https://tenor.com/view/chief-keef-nah-rowdy-dance-happy-gif-14753397

they had me do 20 push ups at the end with a weighted vest and two weights at the end of the obstacle course

only me

nobody else

I like it, I can remember the image of his worn shoes too

Where

On the military training?

That would be my dream

and just two days ago they denied my application because they couldnt get in touch with some company i worked with 4 years ago

I love when a drill instructors shouts on my face

police

I told them that evil people only deserve to be around evil people

ATTENTIOOO

i keep seeing these ads

about people building apps with AI

like you just describe it and suddenly an app is made

that's how htb labs are made

don't say that

The front end is definitely vibecoded on most of them

you're looking to get shot by people who worked their asses off to make some of them

I'm behind 1337 proxies

I mean that the websites the labs run usually have AI images

https://tenor.com/view/ishowspeed-ishowspeed-phone-speed-legendary-stream-speed-phone-gif-4108923420328591811

Note to self

Do not forget about your septum piercing

no way a vaultie like urself would have a piercing

I do indeed have a septum piercing and 3 tattoos

c1oud is gay, the piercing and tats were mandatory and scheduled as soon as he left the closet

parrot 7.1 has a watchdogs reference on boot

neat

I think the best way to describe me is "former vaultie"

came out of the vault

Lul

https://tenor.com/view/fallout76-76-gear-preparing-gif-13125918

fallout gifs check out

❌

I fell asleep after eating my tacos and didn't properly store my leftovers

Rip

Doesn't matter

Air fryer does the job

I'd like to thank Cobson

incomprehensible

https://tenor.com/view/pigeon-lebron-james-meme-funny-gif-3425517799009042574

67

congrats on the cpts

I had it before you

lmao what a crazy message to reply to for that

oh

jk idk when you got yours, but I got cpts like 2+ years ago lol

i got mine last year

I keep thinking if cpts will make a difference

Or not

https://tenor.com/view/cheeto-hair-eyeofrah-eue-eye-gif-17114686131008060906

its a fun cert, learned a lot, but the label doesnt help with interviews much

so depends on what kind of difference youre looking for

Interviews

then its unlikely to make much of a difference, work on public projects you can showcase more

tooling, writeups, bug bounties, cves, etc

Hmmm

Ok

but if you still need skills to go from newbie->high beginner/Icanseeintermediatearoundthecorner then cpts is good for learning

I'm more interested on CWES

I wouldn't like to be pentesting AD stuff

Tbh

But I guess cpts and cwes is similar regards the job market

they share lots of modules

would you guys say HTB is to cybersecurity what the Odin project is to web developers?

bad comparison? lol

you end up finishing sorcery root?

I will say that unfortunately cpts is missing a couple of areas with AD pentesting that employers are super keen on.

They really want you to know about delegation attacks, relay attacks, and adcs. Which only gets mentions in cpts

Not today

ohh okay

I went through most of it tho

Should I take notes about the Insomnia Attack? Is that still relevant nowdays?

(jokes about sleeping coming)

What's that

I'm not googlin atm

is a race condition on phpinfo() that allow you to get RCI from LFI

but very legacy

https://insomniasec.com/downloads/publications/LFI With PHPInfo Assistance.pdf

I've seen wild legacy apps running in production as a dev

Actually the last I worked on was a 15year old php monster

Made of the ugliest code ever

Every line of code was a vulnerability

but spain is different

idk I think wete entering an era where old code is far more reliable than new code 😂

same with my last job they were doing the send email feature in the client...

It was more of a poem about misery than software

Reliable my ass every 2 weeks some feature disappears and nobody knows how or why

ahaha

Even without modifying the code

Lucky I quit that job already I hated every moment

yeah okay that happens to the PoS system we use at work too lul

plus idors, client side captcha checks, client side auth in general, shared user storage, private source code on public directory, sqli, and rce

gpt write me a code make sure it dosent break later

Wrong chat buddy

Ah sry

I once made hilarous mistake in whatsapp where i took screenshots of chat 1 and instead of sending it to chat 2 to make fun of him i sent it to chat 1 by mistake

Anybody unable to spawn pwnbox instances atm ?

How im gonna sleep now

Maybe u can make a /suggestion iirc, unless this is explored more in different AD paths

academy covers those but theyre tier 4 modules

I am

Oof...

My guess is, adding them to cpts would be too expensive

Are we allowed to publish writeups on mini prolabs, the ones with an official writeup available to download?

@supple plume yo

Wsp

What's cooking?

👂

Check dms

What echo I'm one of your hoes now ignoring me like that?

/j

he got sorcery user flag

official writeups for mini pro labs? Are you sure about that?

hes now a different man..

So.. fellas
I tried the Meow challenge, wanted to test smth
It wanted me to download VPN, every single time I tried downloading it, the terminal says it cant find the file

I do see few of these

you're probably in the wrong directory

because you didnt cd to the correct directory

for Hades xen rpg and others

the old ones

oh

🗣️ 📢 🔥
rm -rf @lofty marsh && echo 'DEEZ NUTS' > @lofty marsh.JPG

I mean.. cant I do it on my own VM?

he DEFINITELY didnt 🥀

I didnt knew it

np

I'm trying something new bro

Bro u already deleted me how tf u gonn shove deez nuts at the jpg

that command creates the file

Fr

>will create new file

AND HOW CAN YOU SHOVE A TEXT ON A JPG

That is part of the plan

Wdym by that btw

cd to Downloads

Stego

jpgs can also hold arb text

and do sudo openvpn startingpointsomething.ovpn

I mean..
Like lemme do this tmmrw

bro forfeited for the day

Oh fr?

Cuz its night time

Had to use the last minutes for this

Hacker bed time

Turns out its just a waste

my clock corrupts my os if i touch it so i can't tell

You guys sleep?

I have developed a set of tools that do that but with elegance

What should I do before that?

I mean

download it

das it

you can shove php into a jpg and if you manage to get a php application to include it the PHP code will run despite all the jpg file structure stuff

Ok uh

sudo openvpn startingpoint.ovpn```

Lemme try it

try that aswell

for vpn connection

(dont)

NO PERVERSER ROOT

delete it ur gonn get muted 💀

Speaking from past experience

hes not typing anymore

did he do it

im scared to know

Yeah theres enough absolute newbs that come in that dont get the joke and will run it

Yehh

Imagine he did it

but you didnt put sudo so ur good

just add a tiny dot in front of the /

I remenber a guy who actually did the rm command in a spanish hacking server....

so its good

Kneel

poor dude

its crazy how effective this is

I hate clickfix a lot

Cloudflare turnstile bullshit

@warm ravine u good bro

its kinda genius tbh

Someone asked me for someth8ng stupid like how to steal a bank account and I gave them the no perverser root and told them to add the website address after the # parameter, they vanished

He may be fighting against the VPN it got harder nowadays

I mean ya gave the brother the command to run

Base 64 encoded btw

hes still online i have faith

R28gZnVjayB5b3Vyc2VsZiBsbWFv

@lofty marsh Can I DM

Not surprised.

I remember the days before --no-preserve-root was even required lul

HES HERE

THANK GOD

@lofty marsh get pinged

lotttta wiped drives back then

Yee ofc

Is that your company?

Cloudflare?

No

Lmao

@@west venture @west venture @west venture sleep already

Oh

That's a clickfix phishing page

-#

I would've fallen for that tbh

ofc, thats why its genius

it doesnt have to outsmart people, it just has to level the right balance of tedious to trick regular people

everyone has seen annoying captchas and completely random cloudflare checks that if you dont know anything about computers it looks like just yet another new stupid captcha system

Time sleep hopefully

o/

Zero dumb means that the zero is dumb or you are zero units of dumb? Maybe ZeroDumb is Dumb number 0 or some Zero named character that is dumb so the name is an insult against someone called Zero. Or is it that you're Zeroing the dumbness

lol

I am one with 0, and anti dumb.

do zero dumb things = ZeroDumb

or, maybe it's all just a meme from AI

Or maybe

M****D is involved

what is more likely is that I had a grand idea one day to start a blog, and t-shirt, super secret club for antihackery and it landed on ZeroDumb, and after that, I already had the domain and email so it stuck

so im kinda curious why lets defend was brought when academy has so much blue team stuff

has it got something academy doesnt? havnt touched the lets defend platform yet

Hi guys, i just joint today and completed my first box Meow

congrats on the first box

now just 999 more to go

you live in a capitalistic market and can't identify the technique called "buying your competition"?

All good marketing is funnel-shaped

seems like a waste when htb has so much more momentum then they did tho

There is no such thing as momentum anymore, the players are set, there will be no new platforms, so platforms cannabalize each other

Time to become a relatively successful competitor and get cannibalized

A red team platform buying up a blue team platform makes perfect sense. For example boot.dev which has tons of back-end only courses bought some large front-end platform.

What VulnLabs did only happened because HTB ignored pro labs and XCT was highly respected

We call that market cornering, at this point in the game, OffSec is all that HTB has to kill

and we all know offsec content is dogshit, so just by the nature of education, CPTS will surpass OSCP

HTB just needs to get one giant enterprise account that wants to standardize their testers education on it

HR will follow

HTB will never kill offsec if they dont develop projects imo

doesnt make sense when they have so much blue team content tho

What matters here is how do I begin making loads of cash legally, give me fastest path for an idiot like me

😄

Metasploit is the only good product by OffSec, why would you use kali linux after you graduate their kindergarten oscp cert?

kali is shit im agree but metasploit is big

and exploitdb also

Exploitdb is really just metasploit

I wish I could go back in time and give myself an air fryer and the ninja creami when I was doing bodybuilding

It's not shit but its disposable..

wouldve been a game changer

Do they ? There is one blu cert and everything else is red. At least what it looks like to a newbie like me.

ninja creami?

Ice cream maker

Would be nice to see HTB release a community big project

and it's super easy to make healthy ice cream

sherlocks,challenges, that 1 blue team cert has alot in it, also a load of other blue team modules

https://tenor.com/view/red-red-red-red-akansha-ranjan-pinkvilla-it's-a-red-flag-this-is-problematic-gif-4226323299505994016

bruh i need this

it's great

I got it on black friday

does it come with recipes for healthy icecream? or hows it turn out to be healthy

I usually do

1 scoop protein, milk under the fill line or almond milk for lower cal, dash of xanthan gum, and monk fruit

shit frost had that ready

or you can just dump fruit + fruit juice in a container, freeze and then you have a sherbert

i think i need to try this haha

i also use the creami and frosts recipe

might looko into one

it is a game changer

guru speak, we listen. healthy ice cream is where it's at

You will never buy ice cream again

The protein I used atm tastes like hot chocolate

I stored strategically pizza crust in the fridge to toast it and eat it with fried eggs. Now these thoughts are haunting me while being hungry and trying to sleep.

you should try the rule1 vanilla ice cream one

actually taste like melted ice cream

would go hard in that

Ninja pizza oven would be nice

I like to eat chocolate frozen

Ye that vanilla is good

that looks amazing

9/10 ninja creami tho, would get again

oh wow thats cheaper than ooni

I want a pizza oven. idk why, I have an oven. but a pizza oven seems nice

I'll prob still go ooni

btw these challenges are slow for guru feels like im just rapid firing them going through easy ones to tick em off

Gooning?

I have this soft serve one but i dont make soft serve that much

the kid loves it

why do you want guru?

i just feel like there are better uses of time

Everytime I did a box, a new box kept coming out

just for sake of doing it

I only wanted orange name to match my pfp

makes sense

fair

I can't eat ice cream from a cone like that and enjoy it bc you have to be quick before It melts and starts to make a mess

Yeah i just eat it out of the container

my pint of ice cream today was only 180 calories

I like making fruity pebble ice cream

220 a pint

I was tempted to mix some in since I can eat rice cereal on my diet in the morning

yeah that was my issue before, but i wanna focus ono just weekly releases without other stuff sitting thhere

Time to indulge midnight pizza crusts

Fellasssss

so trying to smash out as many as i can

Wsp

Instead of meal 6, i just made ice cream

I actually let it sit in the milk then i strain out the wet cereal so i can get the essence, and sometimes l mix in the crunchy versions

ah yeah I've seen that. Make cereal milk

You guys make ice cream? I just buy it

its healthy tho one he makes

Cereal Milk Ice cream

maybe i'll try this

Should I keep going with pentesting labs and keep practicing while preparing for devsecops, or should I take a break from it and dedicate to devsecops and THEN dedicate to pentest?

the fuck

What do you guys recommend

thats so cursed

Bro again !?!?

aahaha

Get a creami

and you wont ever again

those roles are completely unrelated, one is dev one is puzzles

nah focus 1 area fr

Pentesting nowdays dedicate a lot in cloud and it is a good launchpad

plus coding with pentesting?

Pentesting cloud lol

lethal

Cloud is mostly patched, the only exposure is keys

@molten bobcat

got 3 more companies that i'm waiting on money for

I heard companies use cloud a lot and it's crucial in modern cybersec

thats what I heard 💀

everytime i see you makes me wanna start doing bounties

There is actually a huge push to go back on prem

I dont even care about the money

but it's doing me good atm

Cloud is silly expensive

yeah thats why im doing so many labs now its just fun, i might try them out once i climb a bit more

How much to you make on it?

I dont think they will regardless..

Nice try IRS

kidding I pay my taxes

Is it easy or do you have to do hard work?

Then why do they force all the employees back to their office buildings?

I mean it's hit or miss a lot of the times

knowing where and how to look

I never knew they did that..

Anyway enough for today I'm peacing out

Cya dudes

I boought a new car, paid off debt and got money for a nice downpayment on a home

after taxes

probably this friday again

The reason I don't like doing it is writing reports. Like here the PoC take it or leave it I'm not going to babysit you ,😭

Damnnm

Imagine someone pays you to do a pentest and then they ask:
Did you find something?
Yes
What did you find?
Who tf knows I'm not babysitting here I used python

Are the things you test mostly secure or do they have pretty easy vulnerabilities on average

What did you find?
2 criticals
Cool. Take those out of the report.

average real world pentest

"We do not accept them"

Rubberstamping is tough work

I try to hit stuff that's popular

like Hyper-V, RDP, PHP, etc

straight on sale on the dark web

I also got a few RCEs on steam

and riot

Hyper V hypervisor?

That's probably hardened aaf

Ye a hyper-v escape

Domain was a honeypot, domain seized, jailed for 40 years, 0-day stolen, used to bomb middle eastern kids, life ruined, blood on hands, gg no re

What am I even reading

Real life

And I thought toxic positivity was bad

I secretly judge yall who make cyber weapons

You are just fucking yourself

I just make sucker bash aliases I am safe

Unless you have nested brokers, you are a loose end when a 0day is sold

I don't even know what a nested broker is 🥀

@sharp shuttle what do you think about people like Chris Rock (the mercenary)

It means many middle men

Sounds nasty

I have no idea what you are talking about

I got a RCE in the boot rom of the MediaTek MT6739 chipset, after working on it for days, just so I can unlock it's carrier lock but since it cannot be patched it's not considered as a CVE

You found a 0day?

Idk

oh he is big on radio now, maybe you know his research, let me link

ths is the last talk he did in defcon:
https://www.youtube.com/watch?v=ICjSXak50uo&feature=youtu.be

full day of

Idk if it's 0day bc mediatek CPUs are notorious for having hardware exploits

i just smoked

another one?

He got famous when he did the one about creating and killing people

https://tenor.com/view/charlie-sheen-smoking-japanese-advert-parliament-gif-14727306373457088566

I did it

Didnt know of him but will watch his talk

Nobody knows what you did

You can say it now

oh wow, you remind me to him when i read you talk

I finished my first challenge

Congrats, now do 600 more and you're good

Damn right

whoami is just an echo

echo $USER

whoami exists for easy skid identification

if you alias whoami/who you can catch skids in seconds

https://tenor.com/view/who-are-you-who-am-i-where-are-we-confusion-what-gif-14454260

Whoami exists for scripting

🔥

skridpting

What do you use instead?

He yells to the computer directly

"Who the fuck you think you are"

stat -c "%U" $(tty)

thats how real g's do it

You can also echo $USER

thats still obvious

That's not very handy for scripting tho

Hey everyone don’t get on much to chat I really should

So Iv been on htb for a little bit now just on a year or so and Iv been plucking away in the academy it’s great and all that but I feel like I’m not learning because I’m not putting anything in to actual practice I’m not doing boxes just the training
I’m currently doing a level 2 in intro to cyber security in college (not at all practical all the legal stuff)

But I’m going to start an boxes and was wondering if there’s anyone out there a few days a week just working on them so we could practically learn? Instead of just checking boxes and never using it the knowledge

Sorry for the long ass message

Just watch ippsec videos broski

you can go through them with him

are they walkthroughs?

yes

I feel like if youre already concerned about them detecting your terminal activities youre already doing it wrong and shouldnt be using a terminal for that op

but i feel like watching walkthroughs won't help me learn, or is that the wrong mentality

#1318239802931286066

No its moreso when a user gets on, they run who/whoami, its an easy alias to kill the session and lock the computer

or just log it