#general

ofc bro

Thats cool but its better to have a palantir profile that is transparent

the more "dirt" feds have on you, the easier your life will be

and said dirt is just lies

i search up shit im not interested in at all

duality of identity is the new opsec

you have to give up your "proximal" identity

Making excuses for your furrycon searches?

noooooooo

you just admitted you randomly searched though so now they know

broo why you gatta doxx me like that

allegedly

you're in oregon it's assumed most of oregonians have a duck fetish

i see them wearing it all the time

my fetish is very easy to find here in oregon

(trees)

what kind of wood do you like?

dawg that birch messes with me

an man some treated cedar

fuuuuuu

https://tenor.com/view/omg-leonardo-di-caprio-fist-bite-suit-bored-gif-5065709

birch is good for sure

a nice strong hard wood

vac laughing at the corner

That shit arbors my vida

ngl its crazy looking at my old notes and how bad some where compared to the ones i do now

https://tenor.com/view/jgmm-cat-meme-ragebait-cat-think-cat-ponder-gif-7034802297606826390

interesting conversation

thats you

I had to go through my notes during an exam

I cringed

ngl

bruh i feel that fr

never cringed so hard

like i've been rewriting them similar to hacktricks for references but just process ones on boxes has changed so much

gone from this okay could replicate it roughly to a i could give them to someone and they could follow

But I think that's totally normal because the first time you learn something

you have different eyes for that

notes are meant to be changed

yeah i learned alot of it outside htb without notes or mostly having word for word notes, so was due for improvement for a long time coming

That's the hard part, my multi pivoting explanation involves a building with a vacuum tube

https://media.discordapp.net/attachments/1058232336598171679/1058234225670754305/Me_When.gif

works for me though

same

I did a whole mental map

take is a keyword python?

ayyyy

apparently it is in caveman python

Does any1 ici own a homelab?

Because that requires an IQ above room temperature

relatable

ngl bro, my first attempt on cert exam got me depressed

never felt worse

I felt dumb af

https://tenor.com/view/hump-day-wednesday-camel-office-wednesday-hump-gif-5522475

I'll be doing cpts next month

https://tenor.com/view/meowl-owl-cat-owlcat-spring-excited-gif-9638611985122140704

ty

true story?

Ur tuff

I cant focus when emotions is disturbed

Sitting down laying around feels better

Nahhh that’s tuff

Cuz how da hell you retain information😭

Then u wanna go and take an exam😭😭

I never taken an CPTS exam but I heard it’s multiple days

And then you have to give a report that’s reproducable

What the machine?

😭😭

7 hours is insane

You finna have to research

I heard ppl make directories for their boxes

And work from their

With their research n stuff

Really?

Isn’t that encouraged tho?

Like when I say researching, is googling and figuring it out

So no Google?

So why da hell……

thats lesser than average for an insane machine

it takes entire days for me

Good box ngl, forced me to learn a lot about a certain authentication method as well as learned a lot making a PoC in Rust (my team already had PoCs in python and I just wanted to be different)

Wth is a PoC

Proof of Concept

Wait yall have to write your own programs for some of the boxes?

nahhhh ur not a reel hacker

Reel hacker make their own programs

Like men

Reel hackers say fuck dat toool

Imma make a better tool

i remember i had the choice to buy an engagement ring for my ex, or a laptop which i was going to bare metal kali on

and the rest is history

fuck POCs in rust

you never heard of a group called milw0rm

gotten too acquainted with them now

definitely before your time

Yo

they hacked a power plant

In the U.S?

installing the nvidia drivers for that kali machine was a pain

I cant remember exactly

I want to say maybe Israel or something like that

I agree, but also: hehe type safe and memory safe exploit go brrrr

Yo where tf rust came from

ah Mumbai

thats where they hacked a power plant

Yesterday's finding was duplicate :(
Got another one now though

who?

How do u hack a Power plant?

milw0rm

A power plant has open ports?

gl0wrm

(I’m on HTB starting point)

we like 0ur 0's dont we

yes

PLCs and HMIs be having open ports

Acronyms

Amazing

witchplayer

Kubernetes time!

https://klipy.com/gifs/pulled-pulled-away

Oooo

I heard of that word before

It’s like using other computers to attack

this is what happens to my brain when I think about conspiracies

I learned about it in highschool

Most conspiracies are true right?

A lil

dunno about that, but whatever the truth is it's definitely far stranger than any fiction we can come up with

I would tell everyone the earth was flat

No

Cuz Kyrie Irving said so

Kubernetes is container orchestration not botnet c&c

Oooo

says you!

Does HTB boxes have hornets?

Bot nets*

Too expensive maybe

all hail cobalt strike

How many boxes u did?

idk i'd have to check cuz I dont really remember

Nice, I’m just starting out. How did u get started?

Yo Emma, I got kubevirt and kubevirt manager up in the cyber range

ig when I was in high school a really long time ago, but it's complicated cuz everything was different then

before htb

before even offsec

actually maybe offsec was around then

yeah that kinda checks out cuz that woulda been circa bt3

Damn ur a old head

yeah, ive been studying this stuff over half my life now

fun times

like if you took my time alive so far in half, more time would be spent learning hacking than not

That’s crazy and scary

Damn

Have u landed a job?

yeah

Sysadmin?

I was a network engineer for a long time, then a red teamer, now a pentester

Do your managers push u to use AI?

yeah but for like normal stuff

cuz tbh i dont really have all day to have writer's block

trynna get an exec summary going

when I can just have some chatbot get it going for me and it's company-specific and written really nice

Wait

Most of ur time is just writing reports?

yeah most of the job is doing stuff other than hacking in a funny way

😭

Writing

oh bro

you're in for a really big surprise

you know all those diagrams and stuff in books that nobody reads?

……….

they actually mean stuff

check this out

Bro😭

Ewwwwww

this is basically the entire job in a nutshell

Actually

This is what HTB Boxes reinforces subconsciously

Where is privilege escalation

🥀🥀

Im guessing that would fall under number 4

So it’s like a loop?

Over and over

yeah from test to test, project to project, client to client

etc

Damn, I wonder

They’ll prob try to make an AI do this

I just landed a pentesting internship, like yesterday, any tips and advice you can give?

Enumeration is key

think twice before jumping to responder

good way to blow up everything

Pentesting itself is not what Im scared of
Im scared of corporate environments

You never been in a corporate work setting?

I have been but it was work from home

I think as long as you test what you're doing before you do it live you're generally fine

This new internship will be in office

Ehhh, you’ll be fine tbh. As long as you know what ur doing, ppl will cut u slack

Idk

Ion think there is much to be worried about being in a corporate work setting

yeah best of luck to you kratos

Thanks

Hopefully it goes well

Like u landed an internship😭

Cmon now

good chance they'll have you shadow someone for a couple weeks

Yea

Im already appointed a mentor

i dont think they'll just put you into some strange situation without any heads up

Wait they do THATTT????

I thought it was only for healthcare workers😭

Where they have the newbie follow the vet all over the building

Im supposed to shadow a senior who will be doing pentest on pre-production AD environments

And I'll be given assignments

And projects

To do

Wooooah

Hopefully in a team

What type projects

I cant do shit alone

Do they do

Pentesting stuff bruh

What else

I wanna knowwwwwwe

The detail

Depends on what projects and clients the company recieves

Idk myself, i haven't done onboarding myself

Im just telling what usually happens in companies

Who do pentest

You finna have hella fun

They make stuff for clients, and before the environment is released, you do either white box pentesting or black box pentesting on it

I think im roughly correct

i think maybe one thing to consider is growing as an engineer through pentesting

like for example at some point having 10 criticals on a report kinda stops being fun in a way

@maiden anvil I'm roughly correct, right?

yeah basically

Ive only done pentest on pre-production environments
Cause they aint letting an intern near a production environment lmao

Speaking from experience😭?

well after who knows how many reports you write eventually the magic kinda wears off

so then you start thinking differently about the types of stuff you find

Report writing is the most boring part

Jesus, I don’t wanna write essays

like for example cranking out one policy update as a result of a test is worth over 9000 criticals

because if you find an issue that scales across the business, the business has to rethink how it operates

Just let AI write the report✌️

NOOOO

NEVER

DUDE

so then these type of high value output artifacts from your tests start defining what kind of portfolio you're building for yourself

😂😂

You never EVER leak data to a LLM

It violates the NDA

then instead when you move jobs you're not bragging about "hey look I find 100 criticals"

I just had to sign like 3-4 NDAs for this intern

now you're saying "hey look at these 8 new policies as a result of my testing and high scale remediation"

4 NDAs?

Tf?

Yea

FAANG company?

They go to different branches of the company

Not telling here

Oh okay

then you stop getting offers for junior positions and start looking at senior and higher titles

anyway tldr im kinda rambling

They also give like 3-4 Criminal Disclosure Forms

sorry

If you've ever had criminal record

There's forms regarding not giving insider trading information

Oooooo

It’s a public company that have stocks

Bro is gonna try dox me

STONKSSS

Nah

im trynna work for the lizard people

hit me up

Wait

Those that shit down something that stopped consoles?

Shut*

idk the interdimensional lizard people that control everything

thats who i wanna work for

Ooooo

Rothschild

imagine hacking the mothership

Or black rock

@maiden anvil you cannot tell your current clients too right?

I prefer not to

Im certain I cant disclose clients

Yea

Alot of restrictions, which is fair

anything that goes on a report is NDA

Do u guys own homelabs?

Pentesting in itself is very fun

U do?

I have an old PC which runs as a server 24/7

Thats pretty much it

I was thinking bout starting one, but idk

chillin

Like the use cases don’t really

Seem of use

my lil proxmox cluster

You have a NAS?

oh no this is 3 NUCs clustered together

wtf is that

cute lil beefy PCs

NUCs?

What's up guys , just posted a new project on my github. Would love some feedback
https://github.com/d-velopr/vuln-springboot-app

very interesting, will add this to my lab 👍

NDA go crazy

Do yall stay up doing boxes on a school night?

I did before I started doing this for work

now not so much, once in a while on weekends maybe

U got work tmrw?

Bro finna write 10+ pages of reports

you gotta encourage a culture of sharing documents at work

so even random bullshit ideas get written down and passed around

reading is the real pain

I couldnt tell you what ungodly amount of content I read in a day but it's unreasonable beyond all logic

Damn, you should take those ideas and write a fiction book

Nah that’s stupid😂

Fostering a no judgment zone

if you dont like reading and writing, pentesting might not be it

I actually own a book shelf

red teaming even more so if you wanna be on the cutting edge of maldev

With books on it

I have manga and fictions

don't red teamers hate documenting their methods cos they're afraid it'll be burnt?

I cant imagine it'd be easy to remember several chains of syscall resolution techniques by memory

I think he means sharing

I cant even remember the difference between hell's gate, halos gate, tartarus gate

i'd have to check my notes

Well if they red teaming then they built diff

I learned how to use burpsuite today

Brute forcing is a long procress

Gawd damn

Why is this field so hard

Burp's intruder is rate limited for free users, use ffuf or something else.

Ooooooh

No way burpsuite cost money…..😭

I didn’t know that

499$ per year for professional license

Fuck no😭😭😭

Theres a whole way of burpsuite app validating your license
You input the licence key, the portswigger website grants you another key, you input that particular long key, it gives you an even longer key for the response, you input that response key again in burpsuite, and it grants you the access to professional @civic lance

Oh okay

There's like a whole 3 factor authentication

But I don’t think ppl will even pay for burpsuite

When there’s alternative

Companies do

For their employees

One company shares the licence to all employees

Companies are different

They have cash to burn

Individuals normally dont, unless there's someone who REALLY wants it

bug bounty hunters too, some private programs dont want you leaking stuff to public collaborator servers as an example

Yea but you dont discuss that in public

i see

dont dm me for it then

First rule of fight club
You dont talk about fight club

Same is in the piracy community

Ppl break that rule all the time

and get caught

Yea and thats why piracy website and sources get shut down
People are stupid

Ya you can only get into the piracy community if you know where to look

not hard at all ngl

No way they paying for burpsuite just to get so little in return

Yea its mostly by word of mouth

True true

Ya for sure

Nah there are alot of features in professional burp suite

In terms of profit

its really good

Yea

u pay for it?

"pay"

No

Had it in my old company

$499 for a license

How much do bug bounty pay?

$2?

No fixed amount

Depends on the vulnerability you found

Oh so they can scam

Gaslight u into thinking a severe vulnerability was a minor

And pay u less

Theres a CVSS rating system for each vulnerability

Also, bug bounty hunters and companies are often bound by contracts, so its hard to scam, but it does happen sometimes

not likely to happen, because then they'll get a bad reputation and no one will test them

there are some cases of triagers claiming findings and telling the researchers they had dupes

Ahhhh bet bet

I have a digital forensic class

The labs are pretty annoying

I learned delete files just get sent to unallocated space

They aren't sent anywhere, the OS just removes its records that something was ever there... They're still there until they get overwritten

from reading r/bugbounty the reverse is more likely. Ton of delusional 'researchers' claiming criticals over worthless bugs

Well it's a constant tug of war cos the triagers wanna give as little money as possible so they downgrade reports while researchers wanna get the most money for their efforts...

Pro Tip: XSS with javascript execution in CVSS is actually a scope changed since it goes from attacking the web-app to attacking the client browser.

nah browse r/bugbounty youll see what I mean lmao

yeah I know what you mean, that's why I highlighted researchers and efforts

In the end it's all about saving the most money vs making the most money

people will genuinely report shit like 'if I log into account A and then log into account B but then take account B's cookie and plug it into A's browser, Im logged in as B! broken auth! critical!!!!'

you can then explain to them how cookies work and theyll just argue for hours

I know because I've argued for hours while bored lmao

better than half the LLM bug report slop I see

How can I start learning malware development
What's the best language for that

maldev acadmey, c and asm

good luck maldev is a brutal field

Hear me out: learn Rust so you solve the memory problems of working with C but now you have 2 problems.

at least those would be vulnerabilities if they werent hallucinated and not just a fundemental misunderstanding of a what a vulnerability is

No no, I've seen some that were genuinely stupid like: if sudo is configured and I have credentials I get root access

yeah no thats exactly the kind of stuff Im complaining about lul

yeah LLMs are not so different from humans cos they're trained on humans

Is bro trolling?

nope

r/bugbounty is a treat if youre bored

this is like 90% of posts

the other 10% are people writing manifestos on how they hate triagers and that every platform are just scammers and then when you ask for details it turns out to be the same shit as the other 90% of posts

What did I just read

the reason why Im always skeptical about someones bug bounty complaints without context/knowing the person

Its common for many adult content websites to do this

I once found this typo squatting domains with reddit too

yeah

its a 'no shit sherlock, you really think someones going to pay you a bug bounty for reporting a typosquat???'

Lmao

not even one trying to steal credentials or pretend to be the target even

Its kind of a shitty thing to do tbh
Typo squatting
Like someone mistakenly types a website name wrong, and now they're on an adult Website infested with malware

Alot of adult sites do have malware tho

yes, again its a no shit sherlock moment

my 80 year old customers asking for Facebook assistance understands this

I remember I once fell for a trojan horse website which copied discord
A friend of mine got his account hacked, the attacker sent me a message from my friend's account, and his way of talking genuinely convinced me that he was my friend.
He redirected me to some other discord-type website which required a discord login, I entered my credentials and saw the URL of the website later.
Luckily I noticed it right after entering my credentials and I changed my email and password before anything happened to my account

you couldnt torture that info out of me

Ehh its not an embarrasing info tbh

I fell for a scam, I recognised it right after falling for it and didn't face any damage

It was an old account too, I have created like 3 more discord accounts after that which I deleted

sherlock or poirot?

i have question for bug bounty hunters , do you guys use auto scanners like i see that scopes say no auto scanners allowed but by that do they mean just the result or the auto scanner as whole , like you can use it to detect a bug then you go test it yourself as a PoC and submit it?

didnt Troy Hunt also once fell for a scam as well?

If it's not allowed, it's not allowed, it's illegal to go outside scope for any VDP/BBP

in most videos i see people use burpe scanner and such but i guess will just go manual

Well they're either incriminating themselves or have special permission or are doing a bounty without the auto scanner scope limitation.

either way best course of action is one where you don't end up behind bars or not allowed to touch a computer

not my pc

It's usually not just your own computer but any device connected to the internet for that matter.

https://tenor.com/view/dog-dance-husky-dance-dog-dance-fun-gif-4784425400772020802

Hello hackers

https://klipy.com/gifs/patrick-blush

Any idea when an AI cert will come out?

for HTB? Yeah they tend not to disclose that information as they don't wanna be hard locked by a deadline to the community and don't really wanna tip off their competitors

This is a bad system as well

That response can be forged and you get a cracked version of pro

I see

Well hoping soon

Bro these badges

For academy

They need a way to showcase them

Depends but usually both

And show them off

Usually how burp suite piracy works

Lmao yea

Classic

When you least expect it thats when they strike

So tomorrow

Life be hard

but u are now expecting tomorrow so not tomorrow

Sometimes I feel like im way behind cause I cant do a certain box

At least it's only sometimes and not all the time like me

I think deep down everyone feels that at some point. The real goal is to stop looking at anyone else and just try to be better than yesterday. If you're learning new stuff, making steady progress, you're already on the right path. No point overthinking it.

I need to build a CTF team

Lol

Issue is majority of the time im learning

So im always doing retired boxes

You can find one in #1318239802931286066

Good luck

Bro saying good luck as if he doesn't lead a team that accepts anyone

Well we used to take everyone

Too many people nowadays

So it went up to some machines / challa from no activity

Tbh if you think abt it

China is the most populous

But i have only met like 3 chinese people in htb

Hmm

math isnt mathing

lmao

https://cdn.discordapp.com/attachments/1012079751445352518/1413942071512924160/speechmemified_pasteimage_1.gif

can we scam the owners and getting infinity cubes

Htb staff get Infinite cubes

Just work there

what is the requirment to be staff

i am all ears

Apply for a position

Pass the interviews

Thats it

anyone wanna study while playing game

What kind of studying involves playing games?

all of it

You mean like studying academy and playing games by doing labs right? RIGHT?

ya

its always blue vs red

anyone?

You mean you're looking for someone to play as red team against your blue team? With what labs though? battlegrounds no longer exist and attack vs defense labs aren't really that common.

😅

i dint mean that lets game same team as blue and fight the red

what happened to battlegrounds they got nuked before i try them?

Well noone really plays them so...

can i install steam on liunux

so why did you mention blue vs red?

i guess fair enough , maybe they would be better as weekly or monthly events

i answered that too

also holy OSINT module is 1000 cube

?

Yes you can install steam on linux...

but what did you mean by you're looking for someone to study while playing game

& it's always blue vs red?

yeah

i meant blue as savers and red you know wat it is

yes but in what context? you looking for someone to play games? or to study? looking for someone who's red? or looking for someone who's blue?

i play for blue

So do sherlocks and CDSA... but if you're looking for a red teamer to study with you're out of luck because you'd be studying the complete opposite things and there isn't exactly a lab where you can defend from their attacks in HTB.

can i play finals on it

no, eac doesn't work on linux

eac?

Easy Anti Cheat

how did u study

0xW1LD ate the books about cybersecurity

vac - valve allow cheating 😂

I do labs... boxes mostly, and some web challenges...

bro's jumping around topics and it's getting harder to keep up

u game?

bro jumps from studying to gaming in less than a minute...

What can i say tech is unstable

bro context switches faster than my cpu

i just started interpreter , but anyone to hvh cs2?

did you just get influenced by this dude and go from hacking to games?

-# at least you're still on topic with hvh

😴

i mean,. my cooldown already passed ..

why dont guys game

boxes are our game

but creating a GUI like interface to solve those boxes are way easy

i used to play fortnite tbf, but no longer windows user

I find it as just a distraction

How would you do that

So do insane boxes

They're 100% a distraction.

I mean some people like having a distraction from existential dread and pain. I personally prefer drowning my brain in tv series and movies

I'm the opposite with the latter being games or hanging out on discord. I've yet to finish Dexter or Silicone valley

try to map all the possible commands and use the as possible outcome to build a game like GUI

What if a particular box doesn't fall into that criteria and requires a different command which the GUI isnt aware of

Bro understands this level of English? I thought I was having a stroke for a moment reading that

Lmao

got to the script and code my self

It doesn't remain a GUI anymore since there's involvement of terminal

If a GUI requires a user to go into the terminal then its not a GUI anymore

I feel like this convo is essentially one about metasploitGUI vs manual exploitation...

?

its about playing game

Pretty much

What do games have to do with boxes?!?

I'm so confused now...

I believe he wants to turn the learning element of hacking into a game where instead of just reading walls of text, you play a game and absorb the information that way.

Well isn't that what HTB does? But if he finds it easy then good for him...

No they just gameify what you do. Like have you ever played a math game where you do math and it progresses the game? I'm thinking along the lines of that

Well fair enough but you aint gonna get good at hacking by playing a game cos 90% of hacking is learning and you can't have time to make a game out of everything you have to learn

True, but now we know what he was trying to say, at least I the assume handshake emoji means correct hahaha

@safe jacinth best to do boxes on labs and treat it as a puzzle game I guess.

i don't know what to type now

Probably that puzzles are boring and not filled with dopamine moments like action games...

I remember Greyhack being a thing on steam, but I doubt any of that knowledge can truly carry over to real life.

thank you guys

Chat, I think I found a bug in Rust

the game?

the programming language

-# there's a game called rust?

cool

yeah and it have a bounty program

how do you find a bug in programming language ?

like whats considered a bug?

End me

I just wanted to talk while I learn. It creeps me out to ask my doubts to an AI

well anything

memory safety bugs, logic bugs

programming langs are also coded by another lang

AI will go rogue randomly

i think i should check this

you know it

https://tenor.com/view/xmen-97-rogue-hair-flip-x-men-97-gif-9559882622494787549

@lofty marsh cube talks in spotify now

channel?

?

Go to sleep

I'm just letting them know?

its 6 PM

6:30

You're in the future

yees

what do them talk about

they answer questions from people during the talk

    The user requested packaging>=24.0
    pwncat-cs 0.5.4 depends on packaging<21.0 and >=20.9```
ok , changed requirements to packaging>=20.9,<21.0
pip install
```The conflict is caused by:
    The user requested rich==13.7.1
    pwncat-cs 0.5.4 depends on rich<11.0.0 and >=10.4.0```
AAAAAAAAAAAAAAA

Just unistall and install again

will be more easier than go dependency after dependency

i recommend you to use virtual env with python also

use venv 😭

i am in venv 😭

but installed

Run linux in docker

just needed to setup this rich rich>=10.4.0,<11.0.0

use uv

it will be something else probably after rich

i think we fine now, lemme try run it 👀

Python moment

I use go btw

I used go only once at work. I wrote code with python and asked cursor to convert it to go and it worked well

This looks VERY familiar

0xBrath has entered the chat

its 0xChat now

yeah, u were right lol

what the hell is uv

https://docs.astral.sh/uv/

correct

would've considered using it but...

It is really fast AF, try it out

yeah will do

been meaning to but keep forgetting

https://cdn.discordapp.com/emojis/1308772568865574983.webp?size=128&animated=true

rust keeps helping other programming languages and dev ex

I'm traumatized by rust

will never heal

and will never forgive

meh

had rust programming briefly in uni

my condolences

In secure coding subject iirc

sings of a good uni

and furries 😩 😩

I guess, we had c as well

but also 👀 seems like a good unit then

if they taught you rust

they didn't teach rust, they thought us secure coding

use after free, double free etc etc shit in c

I can't tell now, been ages

@sturdy thistle

do they really teach these in uni? 👀

@sharp shuttle you should learn kubevirt and VM orchestration in kubernetes

because if so

my view of it just changed

slightly

Hi guys

I need help please

i see

I'm stuck in an academy module where I can't answer all the questions because I can't spawn target IP
Is this a general issue or what could be the fix?

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

https://tenor.com/view/see-catherine-ohara-moira-moira-rose-schitts-creek-gif-20254744

print("i am cooked")

FUCKING

FINALLY

GAH DAYUM

IT'S BEEN A DECADE

man we trollin

i prefer not to talk about it

Hello guys! I'm new here... Hope to get along with you all!

understood

i must delete my messages before i got muted by mods

Dude fucking finally I listen to cubetalks 💀

I've been waiting for 1.5 weeks

I got answered all my question 😭

immunefi on top

you do know there's message logs?

why I cannot see the firstblood anymore here?

in activity

yh but I don't see how much time has taken to complete the chall

https://tenor.com/view/dislike-boo-thumbs-down-adam-sandler-gif-17739368

can i enroll in 2 paths at the same time

no, but you can change between them

Rise and grind gents, let’s get this bread

Dude I spent all day making a challenge

Have you been doing a lot of web3 bug hunting?

Yesterday

@zealous charm 👋

any hacking?

@zealous charm @muted olive yall wanna try your luck at it?

challenge making?

i've already made around a dozen or so

Still looking at Google this week

I had made them for a previous CTF

basic stuff though

I think 1 web challenge, 3 pwn challenges, and a lot of other stuff in crypto and forensics and OSINT etc. Basically every category

It was intended to be a beginner CTF so most of it was easy, with the exception of a few

don't punish me

No solving a challenge I made!

Is c++ good for malware development

yes

Anyone got problems spawning targets (shell & payloads if it matters) ? Not working for like 1-2 hours now

@muted olive any update on your bugs?

no i just started but i have this for the moment, i use to do HackerOne web2 mostly

Nice, best of luck!

at least web3 isnt saturated

one report can change ur life with the rewards they have 😭

I’ve only worked on web2 bug bounty but it is always fun to follow the web3 writeups and see the payouts

Damn just ignoring me?

Still on my first coffee, my bad

they are much more serious which i like, i got an answer 10 min after my report at 3 am on the weekend and the whole project got added within 20 min 😭 in hackerone i still have a crypto.com report pending bounty after triage for like a month now they afk 🙄

yes
c++ gives you access to memory,windows registery,files,procceses & network
if you use python for example , you couldn't do it with using libraries such as wrapper

So I should learn c++

yeah , c++ is one of the best languages for malware development
c++ gives you a good access to both of hardware and software

btw c++ is good for bypassing antiviruses

LETS GOOOOOOO

Thanks

crashes, so many crashes to triage

you're welcome

Without AI?

@fiery ice btw, it's better to learn C before C++

except for errors that occurred (normally I can figure out what they are, but sometimes, it just doesn't show exactly what happens nor can I debug in that space), yes

Nice, fingers crossed some turn into legit bugs!

I’m so proud of you

Hi vader!

No bugs yet @zealous charm still upskilling and making my own challenges

Hello

❤️

wassup? everything good?

Yeah everything’s cool, just making Ctf challenges and chilling

cool!! that's nice!

Finally hung my letter from nasa on my wall

daymmm🔥

I keep getting private invites on YesWeHack

that's so cool!!!!

🔥

good stuff gurl!

Preciate it

😁 👍

I’m gonna make a challenge for OSI today

On google, microsoft and meta, no. I found a vuln in Python yesterday which they are investigating. Found a vuln in Rust stdlib today, just sent it in :3
Also found a vuln in some random crypto funds transfer app, got closed as duplicate. Found another in the same app and submitted, expecting to hear back in a couple of hours

🔥

Hades….do my challenge!!!!

I haven't hung mine on the wall yet 🤣

I should though

will do

wat challenge

Nice! Microsoft is on my list after I get bored with google, but I've been having fun with it for the lsat few weeks

I saw you pinged me a few days ago

Are the crypto bugs web3? Or web/mobile?

You'll hate microsoft triage 🤣

rust panics caused by malformed user input

dude it seems like yahoo is the most platform filled with bugs

Yahoo was one of the first big programs, at one point they would pay $3k for every SSRF

Goal is to get a home from bugbounty this year

yeah back then websites like hackerone used to pay bug bounty hunters with bitcoin

the regret that i didnt born earlier to be part of that

make 2 million dollars from bounty and buy a home in malibu or newport

if you want bitcoin, just click on my link

ez

its a good plan, that's how i paid mine off

I think H1 still has crypto as a payment option

They're searching for a new IppSec

not sure but like back then bitcoin worth was less and so they paid really more

Ewe Malibu

lol

so like they pay people to post writeups and such or is it the otherway around?

$2m might get me a 100sq ft closet

In Malibu

First option

Because their employers quit as well 🤣

i cant find it

Yea alot of them have

get a house in beverly hills then

3.43 million

Alrighty, Time to read HackerOne reports or bother hades for challenge inspiration

you are one of the triage team?

Nope just an enthusiast

that’s the same thing lmao

"hey any news on the report"

Trust me I hate h1 triage too

unless they misplaced the decimal point

Frosto will get a 500k house in Texas and a custom made pizza oven

I’ll be set

Plus I’ll have a big back yard with room to grow food for self sustainment

man

500K????????

I mean

you do make thousands and millions from bug bounties lol

but

wow

is reasonable price for US house

in some states that is the price of a starter-home lol

to make pineapple pizza?

Use the rest of the money to invest in other property. Appreciates, sell, more money ez

Frosto needs to do my challenge so I can make improvements to make it harder

ahem california ahem

Straight to jail

I’ll poke when I get time

pizza with icecream topping

No I’ll make more pizza

chocolate ice cream

open up a papa frostb1te pizza chain

Only customer is me

But it’s all business expenses

Frosto is already set to retire at 45

really????

cuz I know how much money my parent's make LOL

and uhhhhh

that was a trick question , you pass

yes... depending on the state
500k will get you a small condo in California but a large ass home in North Carolina

huh

what about new york

a studio ?

idk small apartments maybe

depends on whether its upstate or not

Beef chezzilla

Hi chat

time to hunt bugs with no experience but portswigger labs and a dream

man i want to post a political meme so bad

Yap it kinda cool and comfy

its so relevant to the discussion

Send it to my dm

dm it

us citizens feel free to dm me to get the meme

Dang I have to become a us citizen firstc🥀

damn whyyyy

i mean its for all of us but its very relating to them

tbh that is all you need. 50% study portswigger/read hacktivity, 50% actually bug hunt. Anyone trying to sell you a course to do bug bounty is crazy

dont hurt my business like that vro

dont hurt my business like that vro

Dude I just like source code review

plenty of src code review programs out there. Or pick one with an executable in scope and reverse it

Bug bounty is kind of secondary to that

join my course i will make you richer

or hear me out make AI help you lol

is there linux tools that are AI based so far?

like they relay on you for work ?

you see in linux you dont really use gui tools

you would use cli and pass in and pass out output via piping

i only do cybersec for fun my main area is web dev frontend to be specific but the major ai tools will work everywhere

i feel dumb lol an AI based tool would need a database or a server to go back too which linux tools dont

at the end of the day they just hit a http post anyway

It's definitely good to have exposure to them. In the beginning you wont be replaced by AI, but you will be replaced by the workers embracing AI as a tool

Here’s the thing, I really wanna do blackbox but I suck at it

you have 2 options

• use big cloud providers and just use a service be it free like claude code
• host yourself https://ollama.com/

he.. he understands 👀

when i get a robust pc

Which order should I do the portswigger labs in?

@scenic maple @zealous charm

Idk I’ve only done like 7 of them, but I think they have paths now?

been a long time i should get back and finish some more

I’m yelling one, two,three, four, five I am the most stubborn hacker Al-ive!

Can we expect to have an Android cert from HTB anytime soon?

we will have it but how soon we dont know

hmmm. So, I believe there is still some content to be added.

Taught by professor golam 👀

Golams rate my professor score finna be atrocious

guys look we got golam to give us a free bug hunting course

had to open source it cause no one buying

like application pentesting or android system in general ?

The formula is: find 1 bug, clout chase on social media, cash out and sell udemy course

this is get rich scheme in 2026

Yooo

The icing on top is when you look up the authors on h1/BC and they have negative rep (this is true if several well know course sellers)

Why this chat still talking about bug bounty😭

you forgot to do the "be partner" for extra things

negative rep is peak lmfao

because easy money

it takes true dedication to get there

Because hacking real websites is more fun than intentionally vulnerable labs

The domino effect is real, there was a convo about bug bounty at like 1-2AM

And it trickled down all the way to 7AM

Crazy😭

i can change the subject