#general

😂

UNLIKE YOU TWO

I AM

UNEMPLOYED

THEREFORE

I SHOULD BE THE LAST TO GO

I'M BRUSHING MY TEETH

i can work whenever i want

AHAHAHHAHAHAHAAAAA

OKAY WELL

WHY DIDNT YOU SAY THAT BEFORE THE GOODNIGHT

Bwahhhaha

i cannot think of a logical response to this you have beaten me

i just need to be done on the deadline

DAMMIT MICK

OKAY WELL

welp

let's close the door

cue spiderman gif

https://tenor.com/cP1Wdi8Igw1.gif

NOT THAT ONE

THE POINTING ONE

https://giphy.com/gifs/spider-man-tobey-maguire-SF9Z0shNT07T2

Thats a cat

https://tenor.com/view/suhgenre-jccthangs-gif-24975871

THIS ONE

@scenic maple golam api please activate

https://tenor.com/view/suhgenre-jccthangs-gif-24975871

Hey ,i just landed here

Hi

danke

now i personally feel like staying up to spite mick and goblin

Me too

WHAT

THAT'S NOT EVEN FAIR

https://tenor.com/view/spider-man-wolverine-marvel-desi-anime-lahore-gif-18337665172790096132

https://giphy.com/gifs/reaction-of-almost-QgixZj4y3TwnS

HOW DOES THAT EVEN WORK

YOU HAVE AN INTERVIEW

BE A RESPONSIBLE INDIVIDUAL

YOU WILL NOT DEFEAT AN UNEMPLOYED PERSON IN THEIR TWENTIES

NEITHER OF YOU CAN

https://giphy.com/gifs/Rjsc07KHN1C36

What's going on!?

Ok but seriously for the 23rd time, for reals, good night.

war.

GOOD. NIGHT.

@sturdy thistle GOOD NIGHT TO YOU TOO

WHO PINGED ME

i didnt even PING YOU

I JUST REACTED

Mwuhahah

Cool ! I wanna join

YOU WANT A PING??? HUH???

@eternal mango

LOOOOL

Someone is muted

Did u just ping with -c 4

!?

Hi, I’m currently using Pwnbox and experiencing an issue where the mouse cursor disappears whenever I move it inside the environment.
I have already tried using a different browser, but the problem still persists.
Do you know what might be causing this?

Yes the cursor should appear inside the pwnbox machine

To get out again move the cursor outside of it or press esc

Unfortunately, I’m not able to share a screenshot, but the mouse cursor itself is not visible inside Pwnbox at all.

Do you know what might be causing this issue?

Can u Click around anywya

And see if something pops up

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

Is probably best if yoi contact Support

Morning

Morning

@ornate ibex sorry for the ping - i too got hit with sanction/compliance thing outta nowhere - so confused - can i dm?

i have a very common name n it has multiple matches in the ofac sanction list but cmon

have also mailed customerops with all details n govt id no response for 3 days so here i am.

What the fuck am i reading

DM me bruh

😄

pink pony club! I'm just dancin' at the pink pony club!

https://tenor.com/view/mlp-my-little-pony-retro-radio-music-gif-5020603017146198721

nooo you changed your pfp

from the to kill a mockingbird

Who ping

me

@austere sinew

I was lying, saying you're my chinese friend

@ocean marsh

I think wolo is muted

Tf

Why didnt it happen sooner

idk, they should ban wolo

I agree

Rise and grind; let’s get this bread 🍞

https://tenor.com/view/bread-loaf-musky-gif-17540697

Where’s the face in that meme from?

no idea

i typed "bread monster" in gif

it was funny

its a hilarious meme

I love it

it looks like something out of Crash Bandicoot or whatever

ya

Do you guys think writing a keylogger and then writing a program to detect it is a good beginner project

Defs vibe coded 100%

but honestly, I wouldn't

I can’t find a good project for my internship resume

fucking pointless considering you are just defending what you created

homelab

you can setup a homelab with AD and shit configured and run red canary to automate the attacks

I see thatu have reached out to my colleague already.

or the other one was automicred. but anyway have the logs ingested into a SIEM and wallah

So like a walmart ids?

Hi Rem!

what?

hi

How are ya?

😄

Hi Rem, hi Tejas

mornin fellas

fuckkk.... it's gubarz

alright I suppose. Been fucking lazy doing my CRTO. Trying to catch up on my AD knowledge massively

https://forever-storage.streamladder.com/SCATTER.gif

yo @rose onyx, can ya like cut half ya brain off and give it to me so I can atleast consume a lot of knowledge with AD :D

Morning chat

what you get in return is my heart

morning well arvo for us atm

i did active yesterday which is meh. had to go back to the guided mode cus I completely lost my AD knowledge/skill

I gotta revise AD fr

Less gaming and more AD

I'm going through CPTS. Password attacks module had some windows Credentials authentication stuff

Shrimple, go to academy, lots of modules on ad

I stopped playing tho

good good, good luck

Hmm.. can't afford that's the point :').

No you, Rem. Staff get acad for FREEEEEE.

🙂

not Rem, they charge him extra

so just become staff ez

😄

I've done a little of the AD shit. but again, my brain is sooo fucking small i forget shit

Rem, is that true?

We get everything for free including the CEO role

CEO Rem

https://tenor.com/view/fancy-wine-mustache-elegant-man-gif-14321023

Wannabe HTB staff :').

But g0blin ghosts me

I slept like 4 hours, Lol

https://www.hackthebox.com/join-us

aye

I open the server and this is the first thing i see wonderful💀

I've been off of Discord for weeks, just saw your DM and it just said "Hi"

I'm not ghosting you

I'm just not always here

Shii, you read the message 💀

I understand, g0blin. You're busy in real life. How have you been anyway? Long time no talk

I'm Cyb0rg btw

Aye busy, but also been trying to not let Discord take over all of my free time like it used to, even if it's fun. I've been ok thank you, has been a while indeed! How're you doing?

Right now I can't sleep, so I'm gonna work on a couple of blog posts and watch a film or two I guess

@eternal mango what box did you create?

Holiday

easy machine yea?

Extra insane

I wouldn't say easy, but I guess standard of difficulty has changed quite a bit

Back then it was a hard / insane I think?

https://tenor.com/view/angry-angrypanda-panda-mad-commercial-gif-1686382995209837276

oh yep fuck that

Now with the talented people competing, if it were to be released today it'd probably be a medium

It's not too bad, first one to provide a certain type of vector in a box

hmmm, i'll attempt and see how I go

If you got time now I'll hop on and do it, haven't done it yet.

I see. I'm doing alright. I'm currently preparing for CPTS cert. I want to take the exam by the end of the year

But yea, it was made a long while ago, so compared to quality controls of today it probably looks like shit 🤣 🤣

I feel like a fucking pussy when doing content. I hate struggling and going down rabbit holes

It was adapted from a security workshop I ran at my previous job

That's called learning 😛

Well hit me up in DM if you want a nudge or anything

There's maybe one bit that's a bit questionable

But the rest is pretty realistic, if ugly

Next box is holiday ¿

in my opinion

No, Holiday was a box I released on HTB years ago

https://www.hackthebox.com/machines/holiday

Ahh, I saw this ig

Was like.. just before or after I joined the company as a full employee, and ch4p, azik and I quit our day jobs to do HTB full time

who needs a one month pro labs

IT'S WEB FML

It is, sorry

NOT GOOD ENOUGH

hahaha

womp womp

I WANT CVE

one of my fav boxes is Lock

The machine is very unique...

If it's unique it can't be very unique.

A doubt, how scared/nervous/doubtful were you at that time of the decision?

Fucking terrified

all boxes are unique. some are uniquer than others

🙋‍♂️

Did you / all have a plan B?

inbox

Not really, I mean we'd all been working on HTB as a second job for about a year already

ahh

Food is here, hmu if you're going to do the machine Rem

The fact we got investment meant we could actually run with it full bore

So, you all quit. right after investment?

We were literally all working a day job, and then HTB in our spare time in between sleep for quite a while

Interesting

I wonder how infra was set up back in those days to spawn machines, provision VPN and more

When the investment came in, it was a clause that we went on to HTB as full time employees, instead of our side task

how much was the investment

4 dollars

around 100 cubes

Uhhh can't recall of the top of my head

I can Google though

Seed round was $1.3m

according to pitchbook

damn

So ok Holiday was two years before we landed the investment

I wouldn't trust pitchbook totally though tbh

Interesting

Apparently we got "crowdfunding" in 2018

enough money to buy 2 offsec certs

Which we certainly didn't

nice

We maybe got a few quid in crypto payments and advertising back then hahah

But we quickly dropped ads and crypto

what are the plans for 2026, goblin?

without saying too much

👀

https://giphy.com/gifs/ThisIsMashed-animation-animated-mashed-Xwn918tlUgzrIra6zW

Seed round: ~$1.3 M (2019)
Series A: ~$10.6 M (2021)
Series B: ~$55 M (2023)

That's what Chat GPT says RE investment rounds, which sounds about right

I won't say much then

Lots

We've a load of plans for the platforms, for the content, for the paths and certifications along with obviously our enterprise offerings

It's gonna be a busy year

(it's always a busy year)

nice, can't wait to see

I like the beta design

very clean

@eternal mango you feeling better?

I'm awake because of stuff

wish I wasn't

Pre-existing health thing has come back up which means constant severe pain which is fun. Should be chatting to the GP later today for a referral to get things sorted.

Severe is relative I guess

Like, my arm hasn't fallen off or anything

Just assume I'll grumble every time you ask SuperNuts 🤣

I think all of that is called getting old 😛

Nah not a getting old thing

Just me being an unlucky mf

Knowing my luck the GP will call me tomorrow half way through another call I got tomorrow 😅

How're you doing anyway SuperNuts?

...hope you're good too Gubarz

Pretty good, achieves some goals I've been wanting to get done, so feeling great recently.

Feeling good, recently passed cape and the team hit top 5, I'm pretty proud of them and all the effort they have been putting in.

https://giphy.com/gifs/human-traffic-bruva-HhrfyaskF0w5W

god im so tired of doing shit

but i have to keep doing shit

when will hallicon have rest ;c

at sleep

ah yes why didn't i think of that lol

hi

Helloo

nice to meet you all

Yaaas finally, image compiled and minimax-m2.5 running on the cluster, must've been an old docker build layer causing the problems

No escaping!

yo so i need a opinion on this, is it better to have a team of workers communicate with each other (given they have a shared state of memory, and a lot of other shit each one of them did), or a team of workers who each communicate to a brain (who's job is to not run shit or do shit, its job is to more kinda like analyze every workers perspective, combined with a state it has built using what it knows has been done by the whole team and then decide to intervene and direct a worker or just let it run)

I'm not skilled in the field at all, but my opinion would be that you need to have an orchestrator which judges and provides guidance to workers if they are meant to be working together towards a shared goal. A shared corpus / kv store for a type of basic memory between workers is useful, and can be used to provide external knowledge to reinforce them in their tasks, but having workers all communicating with each other ask part of their workflow instead of being guided by an orchestrator feels like a massive overhead and blocker if you're looking at synchronous tasks being completed across various personas.

Just based on what I've worked on personally, and again, I'm not skilled at all, basically a noob, but that's my feeling and observation.

nah nah this is completely valid

You should check out some of the orchestration libraries out there for defining and working with agentic workflows

Some of them help, but some feel like they tie your hands lol

Still trying to find the one that works best for me.

people sometimes forget that AI stands for artificial intelligence, that thing is basically a artificial represetnation of our intelligence

Honestly some of this stuff is way above me, but it's an interesting field to play and learn about

some.. ALOT..

our ways is what has shaped it to be what it is to this date

humans work just like or pretty much like what you said in a team

just dont stick ur pp in it

and humans have not forgotten what AI means, they just moved the goalpost

im just saying

yea me 2

people just think that AI is just a seperate entity and its operatives and methods are completely unique to it and we cant apply our principles to it

thats where i feel like theyre wrong

like bruh if we never knew what a 0 or 1 was, neither wouldve the computer known lmao

big think

and this has actually helped me think a lot cleaner

you should tell that to MS lawyers,
https://blogs.microsoft.com/blog/2025/10/28/the-next-chapter-of-the-microsoft-openai-partnership/
Sam might hire you on his team to make the argument

The black box aspect still makes me very uncomfortable. Sure, I can read about how models are trained, how they operate, maybe even grasp some of the concepts to a degree, but there's absolutely no way at a concrete level I can know HOW the prompt I provided was transformed in to the information the model spat out. Integrating tooling in to the workflow can enable some level of predictability and inject of truth throughout the workflow, but it still goes back into that black box.

Understanding the theory that's one thing, but what I am talking about is knowing HOW it came to its answer

Not sure if that makes sense

Comprehending how the models actually ingest, deconstruct, comprehend and reconstruct (yeah that's nowhere near reality), like the actual data flow..

essentially the shit it did under the hood which was just completely silent to our eyes

But that's just it

It's not silent to us, it's completely predictable

It's just so large and complex to be far from understandable to be held in mind

It doesn't need to be I suppose

It just nags me

it would be interesting if it's even possible
afaik the model calculates a prediction probability matrix based off of an n-dimension cube to derive the most likely next token which sounds complicated to trace a dataflow imho

Some things we don't need to know to the very core, in absolutes, and some things are simply impossible to comprehend in a way that can be held as an abstract

see thats what i am so confused about, is because in that case we would just never be able to predict it to the point where we actually know whats gonna be next conidering that n is a very big integer

Hi

Oh, no wonder it's not actually responded yet.. it's got a little.. STUCK 🤣

Oh actually I see the issue, actually wait no, actually yes I do, wait let me check again, wait no it's not that, oh yes it is!

lmao

see the thing is that its trying to predict its prediction

so its basically a endless loop in a way

but theres paraemters which then restrict it to an answer

which either ends up jus tbeing bs or the answer

one thing out of its sample space of results

It's a fairly condensed version of a large model there, and the temperature needs adjusting for this task I think

But this is something not only smaller or local models have and do struggle with

Anyway.. fun fun

im still tryna learn myself since i havent been in ofsec itself for long

comapred to someone whose been in this for long enough to try and showcase his ways to the AI to then be replicated to an extent, dont know if i even said that right

If you're trying to get in to offsec, I wouldn't focus on AI and llms as a start tbh

no im not

AI is seperate

Sure they do and will continue to impact all fields out there

thats just something i am passionate about

Ah fair

Nice 🙂

my goal is to make this thing the best tool in my toolkit

but not dependent on it

its simple the better i get, higher the chance is i can try to reshape the way its thinking right now by atleast trying to manipulate points which are in my control

One bit of advice I can give is to not let projects that work with models for guidance grow too big.. small pieces, that do one thing well, which you can then integrate in to workflows that become more that the sum of their parts.

ye ye for sure, cause at thaty point that model is the one making that project not the person tasking the model lmao

@eternal mango do you have me blocked? 🤔 tried to send you a dm and it wouldn't go through

No, I just have DMs enabled only for contacts

ah

What's up?

Sent friend req

Something I wanted to ask you in private. I think I did send a friend req a few months ago

I used to have you added at one point I think

got it thanks

oh also forgot to say thanks @eternal mango @rapid badger

Thanks too, nice chat

@eternal mango college finally sent me the certificate for that bug bounty i did 2 months back

Recieved it this morning

Nice one

maybe you can offer them pentesting services in exchange for a scholarship

Bold of you to assume my college would give one

Can always try asking and see

I have

They don't

nobody's made a mechanical metabolism for machines to accept food as energy 🤷‍♂️

Not now - no nutrient-nibbling nanomachine network.

(you should've seen GPT's first attempt)

Freakin wtf

It's like a mentally ill V

..like, even more so

i am fucked up

snap

https://giphy.com/gifs/filmeditor-high-five-sacha-baron-cohen-l0ErFafpUCQTQFMSk

Nobody’s nailed it. Not yet. Nevertheless, newness naturally nears.

I like that..

Not yet should be not now

Not necessarily

..nnnhowever naybe?

I started playing chess recently, I think I will hit 1000 elo until the end of February

Not yet naturally nullifies narrative needing normalization

Damn, that MiniMax-M2.5 model, even in just 4bit quant is impressive, once you tweak the params a little

What are you using for local?

I've only dabbled with ollama and lmstudio

Couple of DGX Spark nodes

I got tired of crashing my workstation

Asked it to create a 3D rendering engine casting to ASCII..

Once I tweaked the temperature and the reasoning effort, it stopped arguing with itself and did pretty well

Great this will be the next misc challenge by g0blin, 3d sudoku.

Tokens per sec are shit compared to hosted models like Claude etc, but for local testing and dev it's real nice

chat what should i eat

https://giphy.com/gifs/food-the-lord-of-rings-sam-105OwsN7a4UQ2Q

the fries in the refrigerator taste like they were cooked with cheese and they weren't

it's foul

i can't eat those

yo goblin i gotta ask soemthing abotut he conversor box

can i aks here ?

i alrwsayd did it

I don't know anything about the Conversor box

i dont want to make baked beans

Slice them a bunch and throw them on the pan until they get crispy

idk if that would slap tho

no theyll taste like cheese bro and chewy

theyre chewy

Also, it's an active macine @jolly snow

How did you get chewy fries

But yeah, I don't know anything about active content.

my dad bought an ass brand

of french fries

my vm broke, i spent a day trying to fix it, i then give up and go take a break, come back and it works again

truly some magic shit

lol.. that's funny.. I'm not using the Roo Code plugin.. Guess someone forgot to replace a string somewhere in Kilo Code (a fork of Roo Code)

ye ey i know i just wanted to make sur esomething wasnt unintended that i found and went unpatched

Maybe give the author a nudge to confirm, then content could check if it needs a patch?

Wondered why my cluster stopped responding.. checked the cabinet where they live, and it was like the Sahara. Guess I should move them somewhere else with a bit more airflow lol

there are actually lots of unintendeds for windows machines afaik... the build is almost always vulnerable to something or the other lol

The nodes were literally painful to touch they were so hot. Whoops

owing to the fact that between time of creation of said box and time of release, there would've been at least one 0-day targeting that build

interesting to think about

Maybe yeah in some cases

I think I got root on one of the active machines that way, forgot which one

my last NUC's thermal paste hardened and stopped touching the heat sink. temperatures hit 110C which is the automatic shutdown trigger. then I had to conduct a brain surgery to it. it's fun to have a PC that's 10cm10cm5cm in size. it's just like full sized PC, but every part is just simply smaller.

oooof

I have a set of jeweler's tools, so the tiny screw drivers came handy

Everywhere selling these things in pairs shows them in marketing images being sat one on top of the other

congrats

Small form factor... they have metal cases, essentially meaning they ARE their heat sink

yeah and guess what. almost all of the gaming laptops are thermal designed to be used the lid fully open. I tried to use one lid closed, and it almost melted the plastic from the case, and heat throttled.

Why would you market sitting one machine on top of another that WILL Get hot 🤣

just chill.. it will take days to weeks for you to run out. then you know what to do

Hi guys what’s going on?

Just did another section

I'd say a nuc tower wouldn't overheat if you had enough space behind it for heat dissipation and added some extra airflow to between the cases.. enclosure fans or whatever

they try really hard to push the heat straight to behind

I did not

They were sat in an enclosure in the comms cabinet, without adequate airflow

They now live in the garage, and have adequate airflow.

They definitely overheated though, they're dgx spark notes, and I was running them hard

They have minimal active cooling as it is

I think there's an actual official data server rack mountable version of the NUC... iirc it's an extra shelf where you can stack many of them

Being shut in a small cupboard didn't help

All they needed was some air

oh I want a dgx sparx. my llm usage is way beyond something like a gaming GPU can handle anymore 🙁 and I have a real project for them, but spark costs 4.5k 🙁

Exactly why I got them, got tired of crashing my workstation

Yeah they ain't cheap :\ If I were to do it again, I would've saved a while and splashed on something larger though

A pair of dgx nodes will do you well, but you quickly hit limits unless you're happy working with 8bit/4bit quants of the larger models, mind if you just need to do tuning and work with smaller models, they're awesome.

Saying that mind, they do pretty well with fairly competent models

https://spark-arena.com/leaderboard

Sure I could've got a Mac with 5128gb, or an AMD with 1tb.. but 1. I don't like Macs, even if they do the job well, and 2. I don't want to spend 20k

WHY ARE YOU AWAKE SO EARLY @eternal mango

Because I'm in pain and can't sleep

so I'm working instead

Ouch

I’m sorry 😭

Literally

lol

@sturdy thistle ping

rohrow

Hehhehehehe

Damn

@austere sinew

@meager kernel

@austere sinew

my college gave me a cert

for the bug bounty

i did on them

What did you find

authentication bypass vuln in their outdated CMS

Well my friend asked me to one on his college

And we got alot of info

Those people have dedicated cyber sec team and yet 🥀

lmao

I didn't try rce just incase they flag me 😭

my college introduced a cybersec branch

but

their syllabus is outdated as hell

they just teach cryptography

and maths

no networking, no OS fundamentals

nothing

Goes for all college i guess

the teacher who i reported the vuln to, is the only teacher in college who knows cybersec

he actually knew name of tools

and how hacking works

he praised me for going outside the normal fields and going into an un-common field like cybersec

cause usually everyone in college chases SWE or AI ML

"AI"

AI ML will become saturated in a few years

Just replaced my old pixel with a OnePlus phone, and sorry to say.. this is so much better

All the people that were with me in my high school are all into AI jobs

oneplus is generally higher quality

Was a massive pixel fanboy, but this is so much smoother

OnePlus is my fave

Had their first phone, OnePlus I mean, loved it

unfortunately oneplus is kinda merged with Oppo

😩

root it

OnePlus has gone downhill a little bit but literally everyone else has gone downhill more

The tensor chip in the pixel is nice, but stock android and how they've got the gesture recognition set up on the pixel 8 was just pissing me off

No reason to

This feels sooo much better

With the Snapdragon could in theory even play some pc games from steam on it haha

Tensor was really jank with wine

Desktop mode with this and those ar glasses I got ages ago, roguelikes in bed without having to bother with the pc

Oh nice!!

@mystic harbor

⁨@eternal mango⁩

⁨@austere sinew⁩

You call this a ping war?

I'm making a cube spin in ASCII while waiting for a build to finish, that takes priority

...but @static pasture

@bronze lion

@austere sinew

https://tenor.com/cMpoi2PtjKo.gif

geez

Love you too @tough oyster

@austere sinew

Hello everyone, is there any discount for yearly gold subscription as of now?

not at this time @proven willow

only around new year

or when a new cert launches or so

Sad, I'm late. Is there any sales rep/team whom I can enquire about this?

you can ask support, via the website

but I dont think they will give a discount

There isn't a discount at the moment though

If they can still offer some discount?! I'm from a third world country and it's quite expensive for me.

Thanks guys, I'll try to contact to the support staff.

Support won't give you a discount, but if you are in education such as university, you can potentially obtain the Student subscription rate.

Support won't be able to provide you some sort of special discount, sorry @proven willow

If you're in education, check out https://help.hackthebox.com/en/articles/5720974-academy-subscriptions#h_085d0e6e94

Just trying to prevent you wasting your time reaching out to them when they can't provide and kind of discount past the Student subscription.

I've just completed my college and waiting for the final's result. In that case I'll be eligible or not?

It's a student discount..

If you're no longer a student, I'm afraid not, sorry.

@eternal mango Thanks for your info. I guess I'll have to buy it with the original price.

Hi

@austere sinew

Bye

@subtle plover how's the carnaval

Good

do you celebrate it?

My outfit was peaky blinder

And you?

https://tenor.com/view/peaky-blinders-gif-26516008

I don't celebrate it

had to work haha

and my kid finds it too noisy

@austere sinew

Ahh even better

Goofy ah pfp

@terse dirge

I like ur new pfp 🔥

thanks 😄

Gtg

@subtle plover kubernetes time!

Btw i will leave discord

I feel spied on

have a good day

https://tenor.com/view/how-do-i-know-youre-not-a-spy-can-i-trust-you-be-honest-cautious-the-man-in-the-high-castle-gif-15556650

Ye pls give me a pic of ur face to verify ur age

Yeah btw

@everyone

Damn

https://cdn.discordapp.com/emojis/852896269277462588.webp?size=32&animated=true

oof

mentally? we know

Bing just so u know the old acc which I was using got banned for 5yrs bcz i joked Abt me being 14 yrs

Laters bing

Let's hope that doesn't happen to u

Not like I'm gonna report 👁️

Did you send them ur id

dont worry, already did

😆

jk jk

I need to get a j*b chat. 🥀

No

yes you do @terse dirge

I need somewhere I can kubernetes professionally

@west lynx im 2 years old

And brick the infrastructure because I removed cert manager instead of deleting a different pod

Do it locally

With microk8s

I already set up full k8s and k3s in the cyber range

K3S is for CTFs and k8s is for infrastructure

1.3 terabytes of ram and 108 cores btw

(they're bare metal k8s)

The set up even for k3s is overkill but it's the only thing that's fast and reliable in there

That cube wonky A F https://asciinema.org/a/wgfVFyn8zpfCQtZh

Even unemployed people need money

3 control plane and 6 workers

Real

I don't remember the amount of ram but it's also overkill probably at least 64 gigs in total

@terse dirge I may or may not have one for you...DM me

Letsgooo

@terse dirge

Value of networking

I have got all my job offers from this discord

This channel to be specific

I think 4 in total

☝🏻☝🏻

One place i did work

Another is pending

I got from here

4 of

Quesion answers 🥀

https://ascii.live/rick

i riced debian too

lets go

https://tenor.com/view/you-are-unemployed-you-are-a-toy-toy-story-discord-unemployed-gif-27691856

No way I'm clicking Rick 🤣

It wont work even if you do click on it

has to be curl'ed in a terminal

haha

Damn tht was good

Creative way to rick roll

guess who is back

Back street?

Is it back?

Alright?

no me

X?

IDK why but anytime someone mentions Back Street I always think of Deadpool dancing to Bye Bye Bye... Yes I know it's NSYNC

https://youtu.be/VHAK-gU9gi0?si=yfpTI5DoDgLaZW5T

Nostalgic

No j word

... The movie is 2 years old wdym nostalgic?

I haven't seen any movie for a loong time

yes

It feels nostalgic to remember those times

I went out with my friends to watch tht movie

https://tenor.com/view/deadpool-dressed-slapped-butt-deadpool-butt-gif-606023786121084144

😭

damn

Bro really feeling it

💀

Tht Deadpool was fake

Was it u inside ? 👁️ | 👁️

Maybe

Daym

my unauth file upload is out of scope

since i can't host php files only .mp3 😂

But if you place linux commands inside the .mp3, you can host malware for free

You can at least report to the plugin author and cve though I guess

But yeah

*out of scope cos no php code execution*

it is still unauthed file upload

CVE Not Applicable according to wordfence

Bullshit

Email mitre and get a cve issued, state a responsible disclosure window

That scope makes 0 sense, if something's only in scope if it's vulnerable in a certain way that ain't a scope, that's just a: test for x bug

They'll patch it all the same

huh???????? that doesn't make sense

Hang on that's a vuln in wordfence?

in a plugin

i reported it via wordfence

Contact the plugin author directly

Request a cve yourself

Provide a disclosure window

Wordfence aren't the authority to determine if something is a vulnerability or not

I mean I suppose unless the plugin INTENTIONALLY allows for unauthed file uploads

Then it's just stupid

chat do i get plastered this weekend and code the shit out of an academy interaction tool for spawning targets and such; lots of requests to sift through for as user friendly as possible; I got some base stuff already but... fuck if I wanna figure out the easiest way to grab the sections... probably just code a call to the first page then click next to generate the list on the go. But that's getting ahead of myself

https://giphy.com/gifs/pTQUOfSmjo2hG

did i heard coffee?

tool for academy? wouldnt the user be on Web reading stuff, so theycan just spawn the thing there easily no? (never really used academy btw)

y'all remember that dumb meme of "DO NOT GO TO SCAMLINK.SITE I WENT THERE THINKING I WAS GONNA FIND LEGIT THINGS BUT INSTEAD IT KEEPS YOUR CAPS LOCK ON"

i mean, essentially a TUI for academy, with some bells and whistles; the MAIN purpose is for AEN, to be able to spawn it blind without risking spoiling yourself

Sure, if I can have yours

Oh my god I'm raging.. on request of the GP I sent an econsult requesting a review of my meds, along with another thing I need to discuss urgently. They replied just now saying "Sorry you already had your prescription renewed on x, so you cannot request more meds at this time"

IT'S A REVIEW OF THE MEDS AND AN URGENT REQUEST FOR ASSISTANCE WITH A NEW MEDICAL ISSUE

MFs didn't even read everything I wrote in the request

Just swiped left

Queue position is.. 1.. they cut the phone lines off at 9. I swear if they keep me holding and don't answer

Thank you for waiting..

https://giphy.com/gifs/uuQhtq9t4QjuM

you can exec code through mp3? how?

Oh GREAT they can fit me in for Monday afternoon

Guess I'll just made do with this severe pain over the weekend

Thanks NHS you pile of aafhfhahhrfg

Hey mods, how can we publish an idea for htb I forgot the channel/command ^^

/feedback ?

Take care man

Thanks.. receptionist had me fill in another econsult after getting confused because they look at the wrong econsult from a week ago.. then said I had to fill in ANOTHER for the separate issue.. now thankfully being seen this afternoon.

Losing my rag

doggy

Hello

@eternal mango

@heady sage

Oauth bugs are fun

Lol

Ah crap now I've forgotten what time they said my appointment was

hlo

4 something

can anyone tell me about darkosint like what is it

Discord autoblocking.. ok

pls show the chat and read that

That doesn't count as me blocking someone. I'm sticking to the no blocking this year lol

https://tenor.com/view/mordecai-scam-the-regular-show-cartoon-network-cn-gif-17924451

White name ✅
THM ✅
Ask about “Dark Osint” like it’s some type of voodoo magic ✅
Blocked for likely spammer ✅

https://tenor.com/view/i-think-they-know-marques-brownlee-pretty-sure-they-know-they-could-tell-they-already-know-gif-17692039586742409529

Bro swapped over to the HTB tag

Damn LLM, didn't take into account the up-hill walk in the time

Just put the car in your pocket and stop being lazy and killing the environment

https://tenor.com/view/sid-seixeiro-sid-seixeiro-tim-and-sid-sportsnet-gif-9834261989259684968

yo guys i have a question: if a user with the permission manage settings on a cms can execute os commands is it considered a vuln and will it get a cve or not?

im new to this so idk

which cms?

https://tenor.com/view/hot-wheels-molorant-wibugus-gif-25785083

camaleon

If you can execute “OS commands” then you already have RCE

so if i report it i get assigned a cve possibly?

Now if it’s intentionally or not is another story

DM me the details

binary

Sooooo

A season 10 machine?

Depends is it via a plugin that they had installed and is intentional?

Yo?

since when bro has cwes

For a while bro

nice nice

He's had it before he got cpts

Had before the cpts was one of the first peeps to pass v2, took it same day it came out

I just submitted an exam attempt, so scary

It’s nerve wracking for sure

Oh really? I remember when he was doing CPTS

I’m sure you’ll be fine man

I hope so, it's my second attempt

no going back

Did you listen to the feedback on the first attempt?

Yes!

Got all the 10 flags

https://tenor.com/view/i-aint-never-going-back-b-young-want2-not-coming-back-i-wont-return-gif-17064640

Nice then you should be good bro don’t stress

and hopefully did a good report

Need to give my CPTS too

I need to try cpts too bro

I did cape

As long as you followed their template and hopefully used sysreptor to ensure that you did. You’ll be fine. They aren’t expecting you to be some cracked leet hacker/pen tester

It’s an entry cert you’ll be ok

I love sysreptor

it makes everything so easy

no plugins nothing u just have to have the "manage settings perms on"

Indeed

Doing CPTS exam next month 🫡

Right but check it, if you flipping that on gives you the ability to out the box execute is commands. Then it’s intended.

If you flipping it and you have to do some fuckery and it’s very much not intentional

Then it’s not intended

Is 10 days more than enough for CPTS or just enough

Depends on the person

Depends on the skill tht guy possesses I would say

Posssessssesss

I no joke took my sweet time with it, played games, watched anime, etc

Exactly.. a user with edit perms on templates etc in Wordpress can get RCE

While not the INTENDED use, it's in scope of risk of that permission

Only really power focused for like 3 days

Idk why but tbh really nervous to enter the exam

Don't

Also don't got 10 continuous days

Ez

😃

I was so nervous to start my exam that I waited the whole 1 year expiring date for the voucher

Dude I get it, it’s… not easy I would be a liar if I said it was

dont do the same

lol

It was challenging

But it was super fun at the same time

So there is that

I am actually thinking the same

exactly

Never did something cooler tbh

boxes dont even get close to exams

ofc

Honestly the best exam I have taken when it comes to practical hands on lab based exams

Like I really enjoyed it

What scares me about CPTS is the web part, I'm only good in AD

i hate AD

lmao

I love AD more than anything

That is true

I can’t give exam details but I’ll say, I found it easier to get past the web part than I would have thought given that I did the cwes first

hmmmmm

It’s a great starting point for what you’ll experience and it has good overlap

interesting

I’ll also say web isn’t the focus of the exam

So you might encounter it, but it’s no big deal imo

I see

Just make sure you prepare for chaining things and understand how and why these chains happen and you’ll be fine

i assume the time limit is 24h

Def don’t sleep on web though, and def don’t sleep on enum, networking or AD modules / boxes

for submission ?

You will likely encounter damn near everything you studied for

CPTS difficulty compared to seasonal machine

Doesn’t compare

AD is the least of my problems 😂

It would compare more to a complex pro lab

Pro labs?

Wdym

ayoooooo 😭 💀 Im watching Hackers as I fall asleep

Which one

The duration is 10 days.

and this fool just said

None of them imo

"RISC architecture is gonna change everything" 💀 💀 💀 💀 💀

It’s its own thing

oh i thought it was similar to oscp time frame

Lot of people say Dante so i found it pretty easy but more lengthy so

Like each box you do or pro lab you do may or may not have similar attack paths

But each is unique

I would say Dante is not a good gauge

Overall the path will always be enough 💯

But that’s my personal opinion

focus on the path

and you should be fine

That with critical thinking snd the ability to research and assess

Hey guys is there any option to reset progress for a specific module?

I tried zephyr before taking CAPE, but its not even close

Just redo it, you can always redo it

rereading the path did way more for me

Name a prolab then

kk

I’m saying to my knowledge, and I’ll admit I haven’t competed all pro labs

That one

And only have second hand gossip from others

That none of the pro labs are going to 1:1 prepare you for the cpts

name 10 books

Name 10 bitches

thats even harder

damn

1. Chronos

Oh so you’re a hacker?! Name 10 pro hackers.

LMAO

vader brought the real challenge here

Name 10 Psychedelics

Hades is pretty good

Is hades a psychedelic?

yeah hades is a chill guy indeed

My head hurts

The advantage of the prolabs aside them being fun and being great practice is they will get you used to kind of how the exam is structured and what the expectations are

https://giphy.com/gifs/Rjsc07KHN1C36

Couple that with practicing report writing when you do them

Sleep

@mystic harbor learn ligolo

that's for sure

Do it manually

ligolo is a life saver

I know

Already

Because you never know

wdym

I just don't like ligolo

Never used it or saw it

I just dislike it

Proxychains and all that

Using chisel and proxychain

I see

its also good

but ligolo is easier imo

Hye guys quick quistion about payload hiding + AV evasion #modules message

Just use multiple ssh login for each port forwarding like a crazy person

That’s unfortunate it’s pretty goated

I know, idk where I got that bias lmao

Just take the exam in the data center so you’re already on the internal network.

VIP++++ feature leaked

Yesterday I had a crazy good idea

Lemme forward it

or take CWL's exam and be able to access the internal network from the openvpn connection

I made sure to keep my pfp in screenshot just incase I need credits

Biggest take away to be quite honest with you all, is don’t overthink the exam. I know that’s shit advice but you will know it when it happens, at that point take a step back, go chill, and relax then come back fresh.

Or don't bother doing the exam at all, easier that way

hehehe

Cybrary did that first I think?

true

They're totally different company now mind

Yea man it’ll only cost a few bucks ez

They however had users be the infra

just that money off ryan's paycheck

Ayy that's great

(IIRC)

If i chill and relax the exam will be over

we'll be fine

Dude I went hard the fist two days of the exam, then chilled for like 3-4 days

what if people start attempting CPTS with claude code

Then revisited it, then chilled again then panicked on the last day and stayed up for like 18h straight

That guy is biased

And turned in my report with no joke like 1 min to spare

I overthought my first exam attempt and got only 4 flags

Why all have the same story is it that massive 😭

Hmm ok maybe it was't cybrary

I went and googled crybaby and couldn't find it

But yeah ages ago there was some "online arena" style kinda gamified service re infosec

There was this dope ass MUD back in the day that was about hacking and nodes and controlling territory and you had to craft your own hacking tools etc and I’ve dreamt my entire life of having a company make that a reality

Maybe if the exam was free i wouldn't think anything

so how feasible that is?

Could've sworn it was Cybrary, but guess the name was pretty close

Back in 'day 😄

For sure

I miss MUDs :/