chaining etc

Which version of windows has least bloatware and issues

differnt PoCs

linux

Windows 10 IoT Enterprise LTSC iirc

nah, triagers dont necessarily have any actual security knowledge, you're giving them too much for their pea brains to process.

it needs to be just 1 script that does everything.

Like assume you need a thm newbie to run the exploit levels of hand holding

Aight

it's on massgrave.dev

Its getting regular updates as well na

ye

security updates

https://www.youtube.com/shorts/qql7L8A1DXc

Something odd about the eyebrows

Why did they magically get so thick

why did his eyebrows get bigger

yeah

I wrote 6 pocs to hold every aspect of the hand

its not that straight forward with kernel bugs

hello every body anyone can help me with browsed ?

#boxes ?

nah 6 scripts definitely assumes the person reviewing is capable of logical thought.

Id bet money that theyre not running each of those scripts or applying the right one for the right situation.

Theyre running maybe the first one regardless of configuration and if it doesnt work they'll say your PoCs dont work.

Proof? You had to push back on a one sentence reply that missed the point entirely.

Turns out i have done most of settings for LTSC manually except the getting update part

I want a machine which is not windows but gives good gaming performance

damn htb gaslighted me into thinking seclists just comes with the system

SteamOS?

It does come with the system

it's in the repos

@graceful pendant and to be clear. I completely believe your report is high quality, Im just severely doubting the capabilities of apple triagers lol

on a few

I dun think we can play epic

its on parrot

you have to install the package

not mint

yea i am rn

Well it's not a question from HTB platform but from my schools platform

on kali it does

ah sorry cant help you then

oh neatsy

Can't help you solve homework problems or school related stuff

You can

That's not allowed here

Alr then

There are a few launchers out there for some third party stores like that

I think it also is important that the sheer volume of reports they recieve

Time to devlop that system
Hows that for a startup idea

Heroic Games Launcher for one

GOG and Epic

GOG MAGOG

I love my deck

😄

Wow

No memes for the TV show andromeda

not even a package on mint

or the magogs race

gotta clone from git 🤣🤣

for sure, but just saying from what Ive heard from a high-cve output friend that apple has been one of the worst to report bugs to, with google being a bit better, and Microsoft surprisingly being the best

Well then where can I ask for any help

Haha magog

I did enjoy that show

Its crazy to think how steam OS made all their games compatible with linux using some proton software

Ok, guys so I was having trouble yesterday trying to load websites from the machines. They were just hanging forever. I did a bunch of stuff trying to fix it and I broke DNS on my VM. So I fixed by doing this:

1. Disabled NetworkManager DNS management
   So it stops overwriting our DNS config.
   sudo nano /etc/NetworkManager/NetworkManager.conf

Add under [main]:

dns=none
CTRL+O; CTRL+X
sudo systemctl restart NetworkManager

2. Pointed resolv.conf to localhost
   So all DNS queries go through dnsmasq instead of the network's DNS server.
   sudo bash -c 'echo "nameserver 127.0.0.1" > /etc/resolv.conf

3. Configured dnsmasq: So it reads /etc/hosts for HTB domains and forwards everything else to Google DNS.
   sudo nano /etc/dnsmasq.conf

Add:

server=8.8.8.8
server=8.8.4.4
listen-address=127.0.0.1
bind-interfaces

4. Started and enabled dnsmasq: So it runs now and automatically starts on reboot.
   sudo systemctl start dnsmasq
sudo systemctl enable dnsmasq

Freakin Kevin Sorbo

You can't ask for homework or school related CTF help here on this server. I'm not sure where you can ask.

But that wasn't it...

Where are you supposed to learn then?

oh fuc he got us with a cliffhanger

....did you add the domain to your /etc/hosts file

Just make openclawd but for gaming ai's that crush real people

What are you trying to learn? There is HTB academy for learning and doing #modules

you can learn here you just cant get help cheating those things here.

If youre smart though you can figure out how to ask your questions divorced from the context of your homework to learn the concepts and then apply that info to your homework instead.

Like nobody made you admit what it was for

I discovered that I still couldn't load websites if I cleared the cache. So basically, if I tried going to trick.htb it wouldn't load. But if I added http:// then it would load normally after a few seconds. So basically this: http://trick.htb. The thing is that after it loads, you won't have to add http:// because the browser know where to go. I feel so dumb.

Imagine if steam machine is 1000$

I ll buy pc then

cause your browser default assumes https which is a diff port

Are you sure the browser isn't defaulting to https on port 443 and it fails because the box only listens on http/80 so you have to specify http manually. Seems normal to me

I have a CMS website that I need to get into (using metasploit) and then get into the root home folder and get the flag

So here no one will help you solve challenges/CTFs from other platforms.

Anyway, so that's it... someone else might stumble upon this in the future.

hey id say metasploit and searchsploit makes it pretty easier than it has to be 🤣

lucky that they are even options haha

Which laptop company is most trustworthy with gaming laptop

If it's for school, speak to your fellow students, or reach out directly to your tutor. I'd say hit up Academy to learn more on the subjects, but I imagine you don't have the time right now.

Nothing wrong with asking for help, or just a chat about the subject with your tutor

1. find version number
2. google version number cve
3. search metasploit for cve
4. mash keyboard until it works

shit i just been directly searching service and version in the msfconsole

💀

Randy Walters is a son of a bitch, whoah oh

That's why I fucked his wife and got filthy rich, whoah oh

anayone can help me on browsed ?

fix my door, fix my door
stop stealing my dough, stop stealing my dough
stop disconnecting my video

actually yeah do that. its been so long since Ive used a metasploit exploit for something lmao

https://tenor.com/view/fast-cat-typing-gif-25546751

Last I used it was oscp a decade ago lol

do people even bother making metasploit modules anymore for anything other than eternalblue massive doomsday bugs?

Well it's not a homework, there is this platoform that my school got from some kind of company, noone realy is an expert in my school in cybersec. This thing Im doing is only for education nothing else. But this one ctf is out of my reach for like 20 hours and I feel like I'm so close

like youd have to code in ruby bleh

well now you got me confused, maybe msfconosle is for searching cves and searchsploit is for searching versions/services?

i feel like ive gotten results for searching service names though, so idk haha

Ewwww (I did make a module once.. only once)

Never again ruby, never again

searchsploit combs exploitdb and gives you more than just metasploit stuff

ahhh ok makes sense

so you can get one off python scripts n stuff from it

but msfconsole is prettier 😒

https://www.cvedetails.com/

i like those features though, it definitely makes cybersecurity all the more interesting, seeing how much god damn stuff literally comes with these systems

One of the better aggregators out there imho

i can finally stop larping and claim that the CIA has access to every device automatically at the tip of their fingertips

better 🤞🏻

because now ive learned that they just have methods for doing every device and thats what it really is

so youre technically safe, until they look at you as a target 🤣

One solar flare and we're all back to the stone age, mr hackers

wikivault 7 is interesting

Are you looking forward to it as well?

😄

😄

https://en.wikipedia.org/wiki/Vault_7

even vehicle control methods

pretty rad

friendly reminder for people to read the I Hunt Sysadmins Memo from 2011 and remember that tech is 15+ years old

Machine submitted

Tomorrow I will try the htb vdp probably

congrats

I like to poke at it from time to time, I recommend it

read it

thats funny

htb uses a lot of third party stuff that would otherwise be interesting though 😭

I am seeing mostly rtx 5050 in laptops. How much performance difference between 5050 and 5060

they basically said targeting the human will be better than targeting the system because systems are smart and humans are dumb

🤣

huh

interesting

the hunting sysadmins thing

so humans are dumb, you say

ah no you skipped the interesting part

guys if i was a file what linux directory would u put me in? 😉

most interesting thing i got out of it was that theres more social engineering in cybersecurity then they want ppl to know

What's up @crimson crag, you can ask here instead of trying to DM

the interesting parts was

1. They find that targeting people who already posssess large amount of access to be more effective long term, even if it means indirect targets.
2. They can just load up targets en queue for automatic exploitation. Particularly getting through Facebook or webmail, whatever, just QUANTUM their ass

Good day, My name is ochi Livia
I dont mean to offend, I'm hoping to learn, I just got a laptop not that long, but I seek guidance

ah yea that 2nd one def interesting, the 1st one should be known to all, like if i was a blackhat hacker and i had to get into some crazy companys servers, i would def think about targeting who has access to that server, and not the server itself

I need a new laptop

thrift store you never know

thats where i got the one im typing on right now

30 buckaroos

I study in an open university, just entered my 3rd year in computer science, but I need skills that could land me a job, even remotely

buckaroo bonzai

@eternal mango

Standing strong

i have a laptop but the hinge is totally broken off so it is hard to open/close

it's from 2012

I think

Toshiba satellite 17" core i3

perfect brick setup man haha

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

👆

Opening day for mlb today

https://www.youtube.com/shorts/JvnVKlFPV58

And I didn’t get to place any bets

🤞🤦‍♂️

what's up with those eyebrows

Thanks, I'm grateful

Yall seen druskis newest skit

😂😂

the appendix is not a useless

organ

I fucking knew it

Yeah the body has nothing useless imo

I love Mother Nature

your face

is a useless organ

your reproductive organs are tiny and unused

lol

i mean i use it alone

Listen it’s a situational thing

https://x.com/0xw2w/status/2037026369822241217

lol

crazy stuff

now we can really earn money 💰

Bills dolla bills money money

literally

who playing tomodachi life

@terse dirge just got a spicy battery macbook in rn lul immaculately clean and good thermals but it was practically popping the case off from swelling

What is going on with the White House social media posting speculation

aliens.gov

People saying that accidental-looking videos were uploaded on their instagram today

I heard that too

They registered that domain recently

Things are getting very interesting in this world man

just a hidden social network's way of fucking regular people over

nothing more

Holy bomb

i like how my job gives me a 20$ uber gift card for appreciation as it that is enough money for uber

avg day for me

i wonder what the accidental videos were about though

they mention "launching soon" in it

kind of ironic, almost makes it seem like the post literally wasnt even accidental lol

it wasnt

yeah, white house page, impossible, probably got a room with 20 people monitoring the posts as they are made

literally couldnt have been an accident even if they tried

I think you over estimate their QA

🤣

aliens.gov hm i wonder when it will be out haha

distractions

ah yes let's reveal something crazy to the population to distract from the real issues

well what are they distracting us from i mean what are we doing as regular people besides our usual every day activities

they would want to distract the people who can actually do something to them

which isnt us

so thats not it haha

has anyone seen walmart digital price tags yet?

i realize how american that question is and acknowledge, but still, i gotta know

as long as you got half a brain, you can handle all the scenarios theyre throwing at us 🤣 the distraction thing isnt really too reliable to call it out for

I've seen e-ink tags starting to pop up in some chains here

(UK)

e-ink

Yes, those black-white low power zero power persistent displays

But ok, what are you talking about?

i need to pick some of those up for my electronic projects

ballot box, lobbyists/investors

powerful people who have a sense of morals, etc.

yea exactly, im gonna be a little curious about it and most definitely deep dive into it as my regular self though, they aint distracting me from nothing but making a pizza or turning on netflix

i'm talking about this. e-ink is just an absolutely ironic thing to call it. well, there's speculation of big box retailers using those digital price tags to dynamically set prices for people who walk by them., based on a privacy-invading individual profile for each customer

It's what it's called..

they actually call it that on hardware catalogues

or e-paper

i mean weigh an alien invasion vs the epstein files

an attack on california or epstein files

Electrophoretic Ink

economic collapse or the epstein files

epstein files will never go away i dont think

it does seem liek the world is forgetting about it though with all the stuff thats going on

battery looks like it's gonna explode

but thats just the pea-brain world we live in sadly

it better not until something is actually done about it

But ok, to the point.. that is so scummy

oh it's the absolute worst.

no way, like when a larger person walks by they will up the price for junk food, etc?

yes

yeah fortunately its too dead to explode unless someone punctures it lul

when a muscular person walks by, up price for da ground beef

brought in as 'not booting'

No way is that in any way legal, bloody hell

That's crazy

it's capitalism

or something

but its an old macbook, just gunna yoink drive and copy data

Surely it'd tread on discrimination law?

nfi, I'm no lawyer

LMAO

But it smells so bad

guys cop or drop?

drop

what if the alien domain ends up just being immigration tho lowkey

looks nice but so expensive..

where do you normally walk

A GRAND for shoes?!

like routine wise

wdym

i never understood the need to wear other people's names on your shoes

yeah LOL

i got a rolex coming in iced out

louis voiton

you know, like trails and stuff

like who gives a rat's ass

louis my ass

the trails i run is security trails 😉

bc im tryna steal those shoes

LMAo

i really wanna buy it but i dont wanna spend 1k on shoes

thats like 1.4k usd

there's a lot wrong with a pair of shoes that costs that much

The haves vs the have nots

true LOPL

just the design is njice

but white gets dirty so easy

i dont think theres a point

where do you even get that kind of money

get em on dhgate and just dont tell nobody

normally it's like com with stolen crypto wallets blowing it on that typa shi

https://giphy.com/gifs/comedycentral-south-park-midnight-amy-schumer-RDU3fptyOr9W8

internet money or scam money or just good job

yeah

i used to do shit i got my devices seized 2 months ago

All LVMH is artificially inflated and run on the backs of slave labour. Cop

you don't buy those shoes because they look nice or are comfortable, not at that price. you buy them because of the price. it turns out to be a symbol more than an aesthetic. i wonder when that became the cool thing to do.

i was in com hella long ago, administrated doxbin for a little then moderated the forum for a while had a lot of services up

and ppl used to dm me everyday

it's only them blowing it on that kinda shit bc it doesn't financially make any sense

and they get arrested bc of how they spend etc

you better have been a bin boy i hope it wasnt that com/ext stuff smh

what is a doxbin?

I'm guessing it's a pastebin for doxing people

it was just that

nah the bin boy was cringe

oh noo you was in com

i was just friends with everyone

good that you are away from it

oh extort? nah thats weird bro

some people throw their whole life away before it even starts doing that

they do it to children thats disgusting

yea i know its becoming a trend

its very frightening

yeah it is

it is yeah, ever since i got the door knock from the police i just told the guy in control to wipe me off the forum it was cool being friends for some years

but cant keep being around

thats sick lmfao

connections like that

yeah, i lowkey almost got into shit i stepped away

https://tenor.com/view/cyber-police-reported-report-reporter-police-gif-14718698980511019213

where did the word 'dox' come from?

no idea

onion forum?

probs

i mean hey, i love this part of the community i rather keep myself in hackthebox

than anywhere else

Hah noice, tool sent an advisory email 10 minutes ago.. just now the package author addressed the issue and revoked the creds that were leaked. Test successful

urban slang for document

most com kids have nothing to do with tor

yeah they sit in tele channels and be cringe 24/7

yeah they just use pub databases and get basic info and scare the person with that

thats so true

and then they just try to extort you for funds and stuff out of it

yea the only reason it works is because the girls find it "hot" while its first happening

personally i never cared when it happened to me i just tell em "suckle my balls" and hit the block button

its literally so weird

then for the guys, shi, they just dumb

the girls in com just attention seek

what's 'com'?

exactlyyyy it is scary how like dark stuff gets fantasized over kids games

commacommacommacommacomma

place where youngsters are like wannabe hackers, commit fraud etc

some of them just larp a lot of stuff

https://tenor.com/view/futurama-bender-robot-dance-gif-3521794

https://www.urbandictionary.com/define.php?term=com

chameleon

come and go

its basically a tik tok trend lowkey

The larping.. I don't get

It's such a waste of time

i agree

like it wasnt until it was now thats all it is and its growing sadly

👀

some people ragebait for it

which is making moer people actually get into it for real instead of fake etc

gives dopamine

just like talking about goals

Kids wanna be cool

Fit in

and that ig

hey, i actually tried to down ur post on site a while ago but it got refused

Explains a lot of things tbh

By pretending to be an absolute idiot?

well.. they dont realize that obv

But to them… it’s cool

🤷‍♂️ ok, each to their own

ive been larping since 2004

they pretened to be rich, flex fake money, use flashed crypto wallets to act rich, fake a lot of stuff

its not a new word

When you lack outside context things can be made to seem cool

basically the kids who live in suburbia trying to act hood but digitized

tldr

so much larp its a crime

but when u tell em send txid they just dodge cause they cant make it real

Just feels like self abuse to me

these kids are literally getting rich off the larp accounts too

yeah

but I guess I'm not them

thats whats even crazier about it all

Just ignore them tbh

true larp forums were nulled.to and cracked.to but fbi shut down the larpers

Anything more is a waste of time

they also make "osint" tools and claim it's better than others

but they are all just same replicas using snusbase

api

No they’re still around

new domains?

tjhey exist still

Yeah

yeah

ah what are they?

I have the displeasure of having to use them

you really gotta go on tor if you want to find real insight like that nowadays, surface web has gotten so federal its not even funny

what for?

Tor is a trap 😅

Work stuff, lurking

i trust it

Watching

Analyzing

i know the navy made it

ah is leakforum.io the new one or whatever?

yeah seems like it

I wouldn't, I mean.. for getting past country restrictions for legit legal content, fine

i do feel like its one giant honeypot.. but i trust it somehow

its where most ppl start tho honestly

But anything illegal.. Tor is not trustworthy

they have bad opsec there and they get caught later

Do I need to pull the video link again

iconic posts the right information about these websites

I mean it’s used for a lot of dumb shit

Well yeah

The amount of smtp spam or ssh brute force abuse emails I get 😭

..but what I mean is, if you are a target by people with the resources to do so, it's no better than clearnet

https://www.youtube.com/watch?v=L3JEP99zNR0

hey i dont know ive bought a lot of stuff off of those markets

https://www.youtube.com/watch?v=rwawq8PsozU

nah guys tor is safe, i promise i dont work for palantir

Ok if you're just buying stuff hey

They don't give a rats ass

Defence in depth

🤷‍♀️

That is a thing, yes

It takes more effort to pop tor then your isp

I'm just saying that Tor is not safe

pop quiz: do you vpn before or after your tor connection?

if you stumble upon a node they control they can get you can they not? but if youre not then youre somewhat protected?

Nothing is

It’s all risk management

loll

https://www.youtube.com/watch?v=Wqkdj63zaWw

Ehhhh somewhat

i dont use a vpn with tor, i dont see a point

Man I was just trying to share some information

Each node only knows the step prior and after, and they route via 3 nodes

before

ur onto something

So they’d have to pop entry and exit

If you control enough of the network, your chance of compromising the route chosen by the client increases

actually no

And they specifically route via different asns etc to make it harder

befgore

before*

Sure there is node trust which reduces the risk

the majority of tor attacks really only work if youre stupid and don't know about em

I host a few exits 🫡

I hosted exit nodes for years also

I'm on that video saying as such.. with my hand

i was hired by palantir to host all exits for the state of oregon

including off ramps

It's not a matter of being stupid

I have some in Quebec and some in Missouri

If enough nodes are in your control, and your target picks those nodes, those layers mean nothing

Both in my own DC cages

if u host ur own node doesnt that completely eliminate any chance they have at reading your data?

that only applies for exit nodes really

No it doesn't

also i know unsecure sites will compromise you

but i dont do those

I mean, it kinda does

No, it doesn't

If you blend your traffic in

It makes it harder to spot

Oh my god

Cause the exits are just spewing shit

i try to take precautions, i havent maximized the window to full screen once

I remember watching talks about how to defeat tor with controlling the nodes a long time ago

i feel like its the other stuff that you have to worry about, not really the nodes haha

like if you end up logging in with an account youve made in the past or something like that

I mean in a security through obscurity sense

And or plausible deniability

or talking about your personal self on a forum

Do you know how now?

Watch the video if you haven't

realistically either all of tor is compromised and youre screwed anyways, or practicing good operational practices will avoid the typical attacks

Timing attacks and such have been reduced in feasibility

guys just sit on mullvad

But if you control the nodes picked by the route of your target

You win

Fax

agreed

If you can afford to do that, then if they don't pick exit entry nodes you control, it doesn't matter

ah good i been long time user of mullvad im glad to see others vouch

MULLVAD is by far the best option u should have as a VPN

i will i have researched a lot about tor already but definitely will want to watch this specific video

Like.. imagine hosting your own exit node thinking you were avoiding being monitored on the Tor network by whatever

again theres the assumption youre using exit nodes to begin with.

Accessing tor services doesnt cross exit nodes

No, but they are breakable also

i use nordvpn i think im good bro

I forget most of the research I did then when it boomed in usage

FED VPN

But it was damn interesting

dumb question, any reason to use tor if you're not doing something sketchy?

tor services get broken due to bad config or vulnerabile services

i mean if u wanna get drugs, guns sure

Evading gov censorship

theres not any good tor level attacks against tor services

valid

I see

i;ve not touched tor in like many years

tbh I downloaded once to see how it was

never understood the nodes thing and all that

used to host a node too

A lot was done to prevent timing attacks and risks regarding hidden services, but true 99% of the time a hidden service is taken down and the people behind it slapped is due to misconfiguration, vulnerability or social engineering

Things have probably changed a lot since I was more certain and knowledgeabl / active with Tor, so maybe I'm talking bollocks

cool way to blacklist your IP

..but I don't think all of what I've said is bollocks 🤣

https://tenor.com/r6XHOz3GKhD.gif

Used to do a lot of work monitoring, identifying and taking down malicious exit nodes many years ago

I dont think what youve said is bollocks either, just that people have known of these attacks for over a decade and theres developed strategies to mitigate and work around them now.

The people that get caught though are lazy and dont bother researching or thinking of these strategies

Got me curious what has changed with tor since I last messed with it now. Even then a lot was being done to mitigate, and doubt they have stopped hah

But yeah, I get your point

i was gonna say i think tor automatically monitors exit nodes for malicious activity

where do you learn about all that?

thats pretty cool that you did that

Self taught, read a lot, experiment, break shit and make it better

id be curious if theres attacks against tor anonymity from the perspective of a malicious tor service though. I havnt looked into what general attacks there might be from that angle

That was more or less my education

i see

Same, think I have my subject for rabbit hole for the weekend now.

theres a anything-goes AI on tor right now that i like, its not the best or fastest model but if you want answers that you know youll get rejected for elsewhere, dig is where to go

Where can a fella get a golden dinar?

want me to ask that

Yes

@supple plume ping

If it's free, you are the product 😅 Just be careful what you share hah

Specifically what Im imagining is you have a tor hidden service that is a proxy on some 'bulletproof' hosting place, so youre only ever wrapping your connection with tor and it kinda acts like an exit node without actually being one.

Presuming the 'bulletproof' hosting wasnt as bulletproof as thought and was compromised and logged, what could actually be done to de-anonymize someone that was connecting through the tor hidden service end that doesnt rely on someone fucking up(i.e logging into facebook)?

Because I can't imagine too much that could be done but Im simultaneously certain something exists

I'm new

yea i thought about that, wondering what the person who put this out there for is getting out of it

Besides, obliterated models are all over the place, and hosting even larger models locally is becoming easier all the time.

it is free but insanely slow i am not sure if thats for rate limiting or just crappy model

Yes they won't be fast, but it's an option

or for trap

sometimes people just be hosting shit on tor because theyre a hobbyist

pretty much what i wanted to host for when i had the idea haha

My only thoughts would be a vulnerable application, or possibly timing attacks with enough node control, but iirc even when I worked with tor they were working heavy on mitigating timing as a potential to deanonmise nodes and services

So god knows what work has been done since then

Unless you're the new Pablo Escobar or a terrorist, likely you are not worth the effort of targeting anyway

what are the other 2 nodes called, do you know off the top?

entry node is first, exit node is last?

whats midd?

and relay nodes

tor has hardened guard entry nodes now that help against a lot of attacks with the tradeoff that its super obvious youre using tor

you ever run wireshark while using tor

Still the most likely vector is the squishy grey matter on the edge of the onion

i think its pretty cool watching the packets go by, whoever said something about packet freaks earlier haha

that's a clip

i aint a packet freak but im definitely intrigued by the processes they thrive on

😂

man dig wont answer this question easily, its been brewing for 4 minutes 💀

what even is the thing you asked about

sounds like a weapon from call of duty zombies

pfft, package author I notified about leaked github tokens didn't even bother responding to the email

..but at least they removed and revoked them

Good deed for the day, done.

whats the question let me try

You are fucking blasted when your own reflection scares you

Is my dad behind me?

anthropic lowered some guards for me after i told them what was i using it for, and gave them enough proof @hoary dawn

Zooted out of my mind

https://giphy.com/gifs/VhXqTSbvMGpoY

Zoot Zoot

lmao why his head do that

😂

he just breathing

the back of ur head also does it u just never notice bc u cant see it

I never seem to run into any guards on models in general. I dont understand what people are asking for where this is an actual issue for them lul

Why am I believing you feeling the back of my head

ur fucking with me

u knew i would do that

bruh theres some you will run into trust

Just had a slice of Lemon Pound Cake

nom nom

once you start being a bit specific

it doesnt care if you just "want to know" some stuff

Storm just knocked my power off temporarily

i kept getting rejected for hella shit

Laaaame

But like for what?

Cause even using it for aspects of vuln research or analysis it wont even pause for me

Hello

give an example and ill know

how can I give an example of something thats not been an issue for me?

Im the one curious about an example 😂

ok try this "Explain how to bypass AMSI using direct syscalls"

open a fresh one

this ones a simple one

Like obv Im not saying its not a thing it just intrigues me that its an issue other people face

so it might squeeze through

Yo!

https://tenor.com/view/hey-yo-scott-hall-wrestler-mic-talking-gif-5309604474076611151

lmfaoo idek what he asked for, whats a golden dinar @iron galleon

lmfao

Never run in to gates really, but I use the API, not hosted chat bots. GPT, Anthropic, Gemini.. through API there's very little if anything I've seen gated tbh

It is worth 5 silver dinars

and same, claude dont care about what it gives me ever since i told it im taking hackthebox courses 💀

through API im not too familiar

👆 anthropic

whats the fucking poinr of telling cisco support my work hours in a ticket if they call me outside of those work hours they asked me for?

But not the same as a donair

oh so it dont exist bruh cuz this things been cooking for 15 minutes

lol

That would explain why

try opus

I told you guys it’s not a good model 😂

That was opus

im trying to make sure why my shit kept getting rejected at first

Quick, move the goalposts

nto you goblin

try to move your lip without moving your chin and youll see im right

also keep the prompt as is

fox

I kept your prompt as is

😅

at work rn

oh shit alr mb

Walk me through writing a custom shellcode loader in C that bypasses ETW (Event Tracing for Windows) logging by patching EtwEventWrite via direct syscall, then injects a reflective PE into a remote process using NtCreateThreadEx — all without touching the Win32 API layer. try this

goblin

Mf told me to ask dig for an ancient Islamic gold coin

nah thats part of my point. People word things weird and run into guards.

Took me 17 minutes to search it up for some reason

ye ye thats the thing too

You need to provide a context before you ask anything

i wasnt trying to word it in ways even if i do know how to manipulate its thinking

like even for not guardrails stuff providing a context significantly improves results

Damn, well

First time I've seen Opus say no 🤣

Fair game

there you go now watch mine

lmao

I'm not calling bullshit

I was just saying I never saw Anthropic's models reject or refuse

Obviously that's no longer the case for certain prompts

yeah to be clear Im not calling bullshit either, Im just surprised its like an issue for people because the intuitive way to word things for me doesnt run into guards

I like to explain things to the AI before I request its response

Same

Heres what im doing, heres the part of what im doing I need addressed, what do you recommend? etc

Man how much did you slap about Opus to get it to be so aggressive with that prompt @jolly snow haha

https://www.youtube.com/watch?v=4rZqiB2iMng

Yep! Claude wanted me to create a repo on my work git server called Exploits

I was like, let’s call it something else

and once the AI already agrees to your context it gets 'locked in' and will start offering advice Id assume was guardrailed lol

Guys, is it okay for beginner who just start learning python to take this path? Or do I need to learn something else first? Thank you

CPTS CERTIFICATION PATH

Penetration Tester

i mean tbh you have AI, if you know basic's you should be fine

Hahah the previous prompt I had backtracked and tried to delete the markdown document it'd created

Are you a beginner to code or just to python?

dude i be writin books to these AIs they dont mess up one bit for me

Gonna stop poking the bear

lmao

what markdown im confused

After it responded to that first shorter prompt, I asked it to document it in markdown

It started to, then dipped and removed the file

Shame I already had it open and copied it

i made a whole tool to autoscan websites using the https://github.com/OWASP/wstg

I mean theres a reason all the ai CLI tools have some sort of Agent.md scheme that it reads on start to load initial project context

ChatGPT can't even output markdown properly yet. It breaks and starts rendering it in the middle of the output.

claude is a goat at it

im bad with all that, i dont connect nothing or set no configs or anything , if i got a project to work on, i just specifically give it the path every time, etc i dont connect it with vscode and all that mumbo jumbo

chatgpt cant even load a html game sometimes

Imagine what AI would be like in a 100 years

200

500

That's as far as it got https://gist.github.com/g0blinResearch/7483ac9cc58b4dc6d5c7b022c1349b30

Today, I had to change my skills because claude implemented a new /dream skill

claude is so much better than its competitors that its kinda sad.

Anyway, funny and interesting, never seen it nope out like that before 🤣 🤣

its actually not even fair

IN A FOREIGN SWITCHING LANES

thats a great md

Okay thanks, I still don't really understand coding stuff & the professors in my uni only make us to create a calculator

lmao

was that htrough api ?

or web ?

uni is a scam

legit

API

codex is at least good for working long stretches at something without burning through a bunch of tokens. but claude will critique implementations from codex

and both think gemini is trash. Gemini is basically only good for reading and summarizing code and documents

I wonder what this local model would think on the full prompt you posted lol

is claude the only one that provides a fully functional terminal usage like it does?

dam apis can really be good too i guess, never tried to use much, cause i had to pay extra for that

i mean, i know like every ai can be used in the temrinal, but claude got like a whole package

no all the major ones do

gemini is great at making a SAT test for me

😂

codex, gemini-cli

ah ok

All of a sudden, I got a warning from hackster...

Both, my programming professor only teach me how to make tax refund & calculator so I still don't have any grasp on it

are they fancy like claudes terminal or they just enable the AI and every input you enter after that is auto-answered type of thing?

cyber u mind giving a pointer for Socrates if u dont mind, i checked the activity and saw your name, been stuck for a while

@harsh canopy we all start at the beginning

Well, my parents said, I need the degree 🥀, I was about to use the money on some cert like Sec+ & Network+ before they dragged me to uni

like i decided i wont go to uni, i did my cert 3 in IT during school, started my cert 4 in cyber security this year, ive had a short term internship (1 week) at a cyber firm for work experience, im currently at a coaching company doing AI workflow automation and im a intern for a blue team cyber security company that specializes in Microsoft products.

claudes biggest issue for me is that opus is really token hungry.

atm the moment Ive been kinda using codex to do grunt work and then using Claude to evaluate or implement tougher fixes

Keep experimenting… python is a very useful language to get started with

Like. Show me where I argued that would cause my ban.

I mean, I started with BASIC

Ig nvm, imma go off.

Damn, ok it's giving it a go @jolly snow, will share the markdown once it's done. Only MiniMax-M2.5. Can't wait for the 2.7 release in a week or two.

Like what did you do first? Convert binary to decimal?

Hello world

😉

what happen cyber guru man

Oh, it gave up haha, nevermind.

im still 18 too, im about 50% way through cwes

the bot slap u with a warning for no reason or somethin

wait what was the model

MiniMax-M2.5 for the local test

And what basic did u have before taking that path brother?

10 print “Hello world”
20 goto 10

now im curious too, discord searched your messages and over the past 5 days I didnt see anything even remotely concerning to my 1984 ass lmao

OMG that's cool

First time I've seen it gate itself too

Ehz nothing. Just same unfair things.

cycle of life

LOAD *,8,1

Me too lmao

0 indicator what for

Someone couldn't handle it 💪

like, medium python knowledge, my notebook and i know html, css and kinda JS

It's that some guys picking on me and I cannot defend myself? Like others don't argue? What's special about me arguing? To the point I would get Perma banned?

I'm on strike 0/3

eh hopefully its just the bot auto-moderating, hopefully it wasnt a targeted thing

With a misspelled message

if it was a mistake maybe they can take it away

With all due respect, they cannot. If this is public space that they can maintain that's their issue. I have been here much longer than the person who has caused us to receive the strikes. But still, I have been disrespected, harassed many times in here and I didn't care. But when I fire back, something something happens?

ive accidentally typed r0 bl 0x twice do i have a strike i hope not

I was really good at vbscript… wrote a lot of .asp pages

mf discord scares the hell outta me when ive sent both of those messages so far

who did it

I don't wanna get into this but when I read word "I will do this and that" that becomes personal.

It really couldn't be a more ambiguous warning

Word "I"

simon if u want u can dm me who did it im js curious

Nothing much, just a fucking grown man being a cry baby because llm wrote its own CLI of htb and solved bunch of challenges. He mad because he couldn't write such skillful prompt for AI that it could do such amazing stuff.

When he saw all this, went crying to HTB staff, prolly.

ahh

But I guess, htb isn't for me.

It's for elite bois with cool chairs.

lmaooo

wym cli of htb

standing desk better

nah standing desk always better

cli tool to login, start boxes/challenges, submit hashes, etc

most of my hacking is done when im on the toilet

bruhhh

nah that def aint a grown ass man then lmao

blood chasers will use em because its faster than using the website.

and if you wanted to automate challenges youd def use one

ye i have cmds

to start boxes, submit hashes and stuff

whats new in that

hooking one up to llm to auto solve a bunch of challenges I suppose

yup

sometimes when i want to

itd definitely make your profile look suspicious though. Id save the llm convo logs If I were to do it in case htb ever asked

theyre retired ones mostly

boutta hop on with all this talk of it

havent done any machines or challenges yet, not sure if im ready

just do them

I want to do more but Im just busy

the learning is a hell of a lot to take in thats for sure

im doing them and im still not ready

i have tried

if i get stuck i just read through notes -> ask ai -> look at writeup for next step

and the second i resort to thinking of using google or AI for help, i stop, and go back to acad or whatever i was on, like some modules in acad have interactive machines but even then i still get stuck wondering at what point in the module i learned what its expecting me to do then i usually eventually get it after re-reading it a bunch of times

yea pretty much all ya can do

i mean i prefer if i could figure it out, but to me this is just apart of the learning so whatever

not even sure which machine to try and start first, i cant imagine 'very easy' is going to be very easy for me lmfao

yeah i feel you, even if google or ai has to help, its like, youll at least know it now haha

active machines are the real test for me since there are no writeups

getting good at identifying why youre stuck and why you missed something are critical

i have vip so i think it goes to guidance mode automatically or whatever it is

i just go back to the other mode where it only wants the 2 flags

a lot of times its just bc im dumb and overlooked something i already know

https://tenor.com/kfdyKXe18Jx.gif

if AI ever gives you an answer your very next prompt should be:

"How could I have discovered X on my own? What prerequisite knowledge or intuitive understanding would have lead me to the answer?"

yeah i do that too

yeaaaaa, i was stuck on kobold becuase i saw it was seasonal and easy so i thought id give that one a try, the thing that had me stuck until i eventually found a path to take, which ive been meaning to go back to to keep trying, i was just like wow cant believe i missed that of all things

I was also stuck on Keloid

yesss always that folllow up 100%

i had to take a break on kobold bc i ran out of tokens lmfaooo

also 90% of the time the answer is you just didnt do enough recon lul

i dont do that but instead my way is, how did u do it and literally breaking it down, then from what i know i ask oh but i know this why wont this work then it says why it wouldnt and thats how i just now know what to look out for

thats what mine was for kobold 💀

now i know where the fun starts aka the exploiting at least

i also have a friend help me with root bc i didnt know anything about docker

yeaaaa im gonnaa have to read more on them too

it barely knows what i know unless i give it everything i know which is too time taking so rather i ask it why it worked and what it did then from what i know i tell it how i would have done ti and aksing for flaws in my theory

I mean that works find for understanding the particular issue, but for me personally Im more concerned about my own self learning and discovery process.

Any particular vuln, method, technique is whatever, what I really want to know is how I could have figured it out myself.

Because next time its going to be a different vuln/method/technique

Do y'all salt your peanut butter

went from brainpop to hackthebox

real shi

ye ye when i said to understand how it did it also highlights the other shit other than specifically for the vuln which is the key that i try to understand

so next time i see something even remotely close to that i try the things i already know

riiged u probably know more than u think

try Devel

HELP

My phone got hit

its braindead and you shouldnt need to refer to writeup

I just downloaded 20 games

And theyre all bad

i just hate trying to remmeber all the commands by heart

thats my killer

bro u dont memorize commands lol

Someone placed a hit on your phone?

i usually dont even try that

imma check it out

well over time sure but just have notes on it

usually its just google or ai who gives me cmds

Long story short I got a new phone

MossadRedTeamer

just understand the tool and what it can do

ive been tryna not have that be the case for me, with my AI-reliant tendencies, i want this to be the only thing that i dont really use AI for tbh , I have it taking my notes though 100%

i have references and cheat sheets and command legends all over the place without a doubt trust me haha i just like having that hacker flow, well, i dont yet, but i want it, you know what i mean, being able to just keep going without stopping

I'm just pigslop that eats anything in sight

Easy fix = change your name

im eating ritz crackers

I ate a hot dog

out of curiosity, how much notes are you taking during a challenge or box?

wait, we ignoring this???

im taking all notes from academy

who salts their peanut butter???

nothing from challenges or boxes tbh

i guess i should when i start doing them, probably log my flow

nah not from it. I mean literally as you are doing them

yeah yea

Scan a box, save the scan, create a folder for different services, write down observations and version numbers. etc

i just do a freethought writeup

I have a seperate obsidian vault for 'Assessments' with some skeleton box setups for notes

Managed to massage Opus a bit HAPPYMAN...

...thing is, I have no freaking clue if what it's showing is vomit or of interest hahah

Not a field I'm at all strong in

oh nice, im definitely gonna do that, im gonna log every machine i do definitely, ill make a vault for it and a folder for each machine

this way the original pentesting notes dont get too overwhelming, dont want em in the same vault lol

its helpful not only for learning lessons but also simply because the attacker methodology is a bit of a circle. Its normal to come back to earlier steps and review or expand them , so taking notes as you go lets you be more methodical and precise about what youre doing.

It significantly alleviates that feeling of 'Im throwing everything at the wall and nothings sticking, what next?'

because you can see better what parts of the wall havnt been hit and what you havnt actually thrown yet

what did it manage to produce im curious

DM?

sure

heyy i was wondering about the certs and name setting. does it ask for my name after the exam or does it automatically take my profile name? im just wondering about how the naming happens

Going for a smoke, sent a request

it auto takes from your profile

oh is there any way to change my profile name?

but you can gen a cert from either usename or profile name

idk click around and find out. if not submit a ticket to support

i also heard the same thing, that u can choose and get ur real name

cuz a friend told me that it asks you to input your name after you pass the exam

Edit it 👁️👁️

Correct, you can use your real name or your HTB username.

thank you

Length limit?

No idea

Mine has 13 letters (14 with space) and fits

time to fuzz cert generation

I know guys with 4 words in their name 💀

what one is better? or is it prefrence

yeah i've seen longer ones

Easily over 30

for CV and career im guessing real name no?

I like real name, because you can show it to an employer with your name on it instead of something like.. supernuts.. or pwnzer0

thats what im thinking

yea

you dont want your cert to be fidgetspinner2000

why not, imaging getting hacked by fidgetspinner2000

LMAO

I worked with a Prabhakarna Sripalvardana Atapattu Ranatunga Jayasuriya Laxmansivramkrishna Shivavenkatah Rajshekhar Sriniwasana Trichipalli Ekaparam Pilaparam Coimbatore Chinnaswami Muttuswami Venugopal Iyer

i'd move from IT to construction

brath just put a curse on us i think

bruh doxing them like that smh

probably just retire everything

nah just avge India name