how many kids do you want buddy ghulam

I only want you buddy

no kids? :c

Maybe

U are getting adopted by him as his child

Kids are expensive

nooo i want to be his man not his child

they are indeed buddy

Not as much as a gf

false

kids are much more expensive

True

imagine going to a pediatrician man

but i feel like discussions like these are pointless cause none of us can afford

lets just be poor and stfu abt it

😔

Stop spitting out facts

i want kids tho buddy ghulam

can we have some

I want some money first guysss

you cant even have yourself buddy

how will you afford

we'll find a way

Everyone thinks the same

sometimes there is no way and everything is beyond human doing

every kid brings his own nourishment

i do agree

but you should be on some level before taking action

Just get a small loan of $1M from your parents, ez

As if they have the money to lend

they might be secretly very rich people just holding off until you pass college

the heavens will give us strength buddy ghulam

i can sell my soul for that much

we both know they're brokies buddy ghulam

the chances are low but never zero

its not worth that much, sorry man

Hey everyone 👋
I’m a first year student and I’ve been thinking seriously about getting into cybersecurity.

Do you guys think it’s a good field if someone is looking at long-term financial stability and career growth?

:(

at best its probably like a couple of grand

u made me cry now

a few millions would put you in a great spot

at that point you can retire atleast where we live

How Abt we sell ur house and then split the profit?

bro i dont live in a massive mansion worth millions lmfao

Regardless

and i dont care abt million local currency

it woule need to be usd

They say you can withdraw 4% per year safely, so 2-2.5M would be 80-100k peryear. Probably good enough for most non-US retirements

Uhhhh.
If you are really, really, genuinely interested, yeah.
Career growth? Definitely. Financial stability? Depends.
If you're in it just for the money? Definitely no.

mans got unplastered walls 😭

no i live in a relatively good home

but its not worth millions

How abr all of u sell ur houses and give me tht money

but it is to you?

at least millions in local currency

i dont have houses*

In return I give u guys 1 icecream every single month

maybe

if life is still shit by the time i am 30

That makes sense honestly.
But how do you know if you’re genuinely interested in cybersecurity or just attracted to the idea of it?

i will prolly give up

hence the problem. world currency has become dependent on burger land

they got what they wanted :(

gogogogogolam71 the dedededededestroyer

cant do much when they just find reasons to invade places where alternative methods get discovered

but thats political anyways

Give up on what?

trying

This is a problem that a lot of people face, who come here. Hacking sounds cool and fun, but it also requires a ton of reading/research/patience/trial/error, and if you try to rush into it before knowing the basics, it's going to be an even harder climb, and even harder to tell if you washed out because you tried before you were ready, or if you just truly don't enjoy the material.

Trying to..?

getting out of the matrix

There is no matrix

There are just numerous ways to live

Why dont you try it out and see? What I can say for sure is thats its an ultra competitive field. If you're in it long enough, and don't feel like quitting when you face difficulties (which you will), then you could consider moving into it.
To be blunt, your competition is people who literally eat and breathe this knowledge every day. If you can compete against them and if you can enjoy doing it, I say its a W. It shows that you're motivated enough to pursue this as something which you enjoy without any other motivations which are temporary and fleeting. Then I would say go for it.

But, tldr, try it out and see.

matrix as in having no freedom

working a 9 to 5 can be ok if your everyday doesnt look 1 to 1 same

but if you just become a robot doing the same thing over and over without nothing new or diff then its over

having some freedom is a human need

Freedom is something u give to urself

without that you will most likely fall into crippling depression and suck at the things you do anyways

say that to yourself
why dont you live the life you want because you cant

same goes for most people

Hi guys do you know when and how we can get htb season rewards?

become CEO

Season reward questions are the worst part about seasons.

make your life the way you want

as if you can just become that

real. also questions about when the next season starts

but tbf this season wasnt great anyway

That’s the part that honestly scares me a bit .
How did you personally know that this field was actually for you and not just a temporary interest?

Hahahaha thanks xd

Yeah that actually makes a lot of sense.
I think social media kinda makes hacking look way more exciting and faster than it really is .

And also are someone get CPTS? Is Ippsec's unofficial preperation youtube playlist is good enought?

bought vip+ for HTB Labs🥳

I can, cuz my dream is to live on a countryside for the rest of my life .
But WE just choose not to bcz we think that we need to take care of things before that

Yeah. There's a large difference between 'rockets are cool', and being a rocket scientist. Being an enthusiast about a subject is very different from being a professional in a subject. If you can't find a passion for the building blocks of pentesting, you probably can't find a passion for pentesting itself.

For me, personally, I tried it out and found that I enjoyed it a lot. Then I realized that my only constraints are created by me and me alone and that nothing and no one could stop me from progressing on an exponential curve.
And also, I love technical knowledge and getting intimate with systems. So I felt it was a win scenario, and never looked back, up to the point where looking back on anything else and thinking "could I have done something differently" felt ludicrous.

also, everything rat said

tbf lots of people have
from 0 to mega successful
so why cant you?

ez

same potential

same brain

It's not ez

Tf do u mean

/s

Ez

i was being facetious

exceptions are not examples

but we can try

not everyone is loud about their success either

https://tenor.com/iT6gMPRoaCs.gif

telling ya

only constraint for anything is yourself

applies to anything

I can buy a van and some candies for a brilliant business idea

Anyone in?

Honestly, that’s kinda how I feel too 😭
I genuinely wanna get into this field because I like the idea of sitting in front of my laptop, learning systems, solving problems, and doing something actually interesting instead of just mindless work.

My biggest problem right now is not knowing the right path/resources to follow.
Like I just want a proper beginner → intermediate roadmap so I can understand how to actually build skills step by step. Otherwise curiosity alone feels useless if you don’t know where to start.

How are you going to deliver results for key stakeholders?

But the product I get for selling the candies are gonna be wayy more valuable

hi everyone 🙂

The rough reality of this is that pentesting isn't an entry-level profession. You're generally going to already need to have built up a sysadmin-level experience.

The academy does its best to give you a crash course, but it's going to be rough.

There are plenty of resources to get in. If you can follow them based on your own passion, and not by force, I dont see why it wont work out

and yeah be prepared for tough times. If you can ride them out, you can fit perfectly

I am assuming you're a student? I could be wrong

just asking for a kind of similar advice here. i am 2 years in salesforce dev. and i absolutely hate it with guts.
any advice for me to get into sec? :/

Start now, go hard. Imposter syndrome is a pain, so go even harder

I would say start learning on your own if you want. Same thing about passion applies, but if you can do that, a pivot will probably be feasible. if its starting from 0 in sec, it'll be harder, but possible

when season rewards come ?

Yeah, I’m a first year student currently

Honestly, instead of overthinking the future too much, I feel like it’s better for me to just start something seriously
I just need proper guidance/resources from someone experienced.

Could you please tell me what path/resources you’d personally recommend for a complete beginner and how I should progress step by step, brother?

and also, since you have exp working in another role, itll be easier

got it yeah!
just another stupid question and i would be gone.
how do I show credebility on resume for a job.

There is a server I could invite you to which has resources and FAQs all ironed out for complete beginners.

aye sir, thank you.

And for anyone else, no I'm not advertising, I felt it would be better than a screenshot or spamming links

me too please 🙂

sure

thanks brother ❤️

It depends on the job, but these days, experience in a prior position trumps everything, by a large margin.

no probs

sad. lets see how it plans out. imma brainstorm this tonight

When will rewards for HTB Seasons arrive and where will they be sent, by email or to an HTB account?

Imagine if HTB communicated when season rewards were provided

wsp

hahah

wait what

crazy

it syncs automatically

Take It Easy Mate

never

You Ain’t Buying That ?

in this economy you aint buying anything

https://klipy.com/gifs/wallet-2--k01KQYX7WEQQ51X0RBKK0F921T5

Anyone know any opensource self hosted EDR?

Or are all EDR proprietary solutions?

I can make one

I found OpenEDR by Comodo but it's a pain in the ass to setup

@terse dirge

Open source EDR is a cool idea

https://tenor.com/view/cat-funny-cat-funny-money-checks-gif-18163332

I’ve never thought of that

A bit too easy to craft around, though.

Yeah that’s why the open source EDR market isn’t really a thing IG

PROFESSIONAL RAT REMOVAL

https://tenor.com/view/professional-rat-removal-gif-2906166839664290190

I imagine there aren't really any open source AV, for the same reason

If you open source AV, the V will be able to bypass them

https://giphy.com/gifs/Web3Playboys-stare-seriously-deadpan-gjRwOP6hS34PfiZ5vM

Why does discord show exactly what a person is working on

it took a next type its showing now who was in specific voice channel along with the time

I am AV

Okay

Mentor Pilot

I am the spam itself

is like a xss payload in the username but instead of xss is spam xd

echoes u mentoring now?

idk I can't advertise that

I am bleeding

where

have u tried not bleeding

No that's too much work

https://www.youtube.com/watch?v=ryh90Lo_cvU

Good morning music

I'm gonna be hungry soon

You remind me of the magician of riga

What should I eat today, I wonder

eggs

and steak

Why? How? Who?

^This is why

eggsactly

bro did u guys know cork is from a tree

Yes

oh

rubber is from a plant as well

wtf

im 27 btw

jesus

unc status

My two week phase of bug bounty is done

I am so tired of dealing with these security teams

is there a way to specify ports in the /etc/hosts file?

No

IPs are assigned to domain names

U specify the port e.g in the browser

/etc/hosts is just for resolving host names to their underlying IPs

how did it go?

https://giphy.com/gifs/childhood-brave-little-toaster-toasted-lZIGloNDp3yrm

golam71 the destroyer

https://tenor.com/view/vigilanteskass-gif-12238985672618509371

suffering from success?

A few duplicate highs and criticals. I have an outstanding reflective SSRF in a Drupal module that is verified but I am waiting to hopefully get a CVE assigned for it

Takes toooo much time to deal with the back and forth

submit bug
wait 5 days for first response
Traiger puts blocker on submission
reply within 2 hours
5 days later
Traiger puts blocker on submission

you summed up the last 2 weeks of my free time

at the very least u got points

If I get that CVE for drupal I'll be happy

I had a duplicate critical in Sentry

that was very painful

The payout would have been very solid

may the days of duplicates pass us

the duality of points

https://tenor.com/view/lauryn-hill-sister-act-nope-none-hand-wave-gif-2974115183041441308

https://www.youtube.com/watch?v=quoqx2EDhcw

https://tenor.com/view/cuz-its-not-round-itsrucka-flat-earth-song-the-world-is-flat-the-world-is-a-plate-gif-20669093

AI

Sup hackers

https://tenor.com/view/na3lsheetan-gif-12410453847439146019

No real image

https://tenor.com/view/yoda-star-wars-gif-8063259

(I am not a flat earther)

wth is happening with curl again

may the power of the 4th bless our days' endeavors still

Earth is cubicle in shape

holy molyl

its just curl on hactivity page

💀

leave my bro badger alone

who pushed the "fuck auth" feature?

I am debating if I let me claude max 20x sub renew

nope

Its so expensive but it is pulling me in

sub GPT, lower claude sub

I don't know if I can go back to GPT after this

It's like giving a caveman a baja blast and then tellling them they need to go back to drinking water

GPT 5.4 and 5.5 are pretty cracked

i use them for most. claude for deep dives.

also i build my own agents. i think the harness has alot to do.

the difference in models is minor after applying proper harnesses.

Yeah doesn't using a harness with Claude help with token usage

I may be completely wrong

foolish move these days

mhm

YOU are the caveman if you're running expensive models without purpose-built harness 🤡

For some stuff I use a harness. But, most of my work is fragmented across a lot of different spaces

I use claude code for free so I don't have a token problem

i have 20 different agents. and?

i've degraded claude to free as well.

Bros whole life is an agentic workflow

lol. bro uses AI to help build agentic workflows

What model are you running?

https://tenor.com/view/big-brain-gif-27108854

GPT mostly. 5.4 and 5.5

https://tenor.com/view/bruh-meme-gif-26978290

qwen/qwen3-coder-480b-a35b-instruct I use this with claude code

look at all the big harnesses out there. like oh my codex, oh my opencode. all vibe coded

claude code is also vibe coded, heavily

they fuck your context window harrrrd

oh ic

I misread your message

I am not as familiar with AI as I should be to honest I am just now starting to get into it more

pls address me as 'agentic engineer'. vibe coding is different 🤡

also GPT is obsessed with goblins

its fun. it refers to goblins sometimes. and in deep analysis even spits out goblin language

vibe coding is like vibe working out. you're not gonna flex your muscles by having something else do the work for you

this is true. i used to crush medium leetcode .now i'm practicing trad coding on them again for an interview and i suck.

I have claude code vibe code automation for me all the time ngl

I am not a dev, but I need automation for some stuff at times

ChatGoblinPT

None of the automation is like business critical though

Wait, you don't have people doing your reps for you?

https://giphy.com/gifs/wow-shock-huh-YsGclK1n6SmcwSuRho

omg maybe i messed up

i made ffuf send 1.4 million request

I just play 'we pumpin' on repeat for one hour each day, and absorb the vibes.

https://tenor.com/view/the-lag-gif-22868483

my ISP about to be DOSed

pretty normal depending on what you're fuzzing. just set your rate limits.

I mean your doing a HTB lab right

if so than your chilling

i only fuzz HTB with threads set to ♾️

why is the webserver hiding for me?

uh just recursion fuzzing for 4 domains 3 subs and the main one

uh right with 3 extentions options

wait till you start fuzzing inputs with different encoding, escape chars, etc 👿

wtf is that

20 instances of ffuf with max threads

keep hacking. you will find out.

https://tenor.com/view/doug-maclean-whiteboard-fa-fo-f-around-find-out-gif-27532870

alright chat. bye forever. i have to actually study and hack now.

bro literally told me to buy the battlepass

also lol it disconnected my network again i think i will just do them one by one

Water plant break

Claude threatened me when I threatened to shut it's server down 💀

my brain just rotted reading this

It won't give me an exploit

So I was talking shit

you have to social engineer it. like talking to girls.

you dont have the pass?

The cybersecurity thingy

You guys are talking to girls???!

ye

I have to apply for that good reminder

forever you say?

https://tenor.com/view/animation-animated-king-icon-photobucket-gif-5544339753125322636

~1 hour and u get it

threatened you with a good time?

ah he's reincarnated now

Yes

Why not 2x max subs

Tokens about to be the biggest tax write off this year

I AM THE SPAM

<img src=x onerror=alert(SPAM)/>

https://tenor.com/view/walter-white-walter-hartwell-white-sr-heisenberg-bryan-cranston-gif-16636350

My brother has two max subs lol

bc enterprise plans are bs and a scam

dude i was trying a module question for 3 hours but it was giving me errors and then i saw i wasnt even connected to vpn

I tried out 2x claude, 1x codex, 1x gemini and was still buying extra usage. Dropped gemini though because it was the worst of the 3

Yeah he is running 2x claude 1x codex currently

R u a dev?

dude um just asking

does the junior cybersec analyst get you any job?

im 14 i cant have a job but im just asking

REPLY

Chaild Leybor

That really depends

Hahaha

on?

u

Location for one

But just a CJCA won't get you hired IMHO not in todays market atleast (speaking for US)

https://help.hackthebox.com/en/articles/9456556-parental-consent-and-approval-for-users-under-18

I was waiting for this lmao

bro

Yes?

https://tenor.com/view/cry-sad-toy-story-woody-so-long-partner-gif-9797730

yeah my parents aproved

they got me a new laptop

yay

No role, no approval

huh?

There's a process to go through.

um

i REALLY didnt know that

lemme see

wait

Hi

Is my nickname ok @eternal mango

Heya 🙂 How're things?

M E N T O R S H I P

?

despite being sent a link to it a few messages ago?

3/10

They still have to ban until you have approval

im reading the form rn

really?

🤷‍♂️ don't see why not, but mods might see different regarding rules

Best to ask them I suppose

I asked they said they are not sure

average day

something went wrong

edge suite?

i dunno what that is

i was just lloking around

So long as you're not soliciting directly, I don't see why it'd be an issue

Heya gob

Hey C1oud

but I'm not a mod

Not saying its not a good starting point tho

I had decent sleep

hacking

no hacking

Strange dreams I don't remember

only looking around

hey i have a question can i dm you?

i wonder if i should change programs man literally not find anything these days

most domains are down

and everything is sanitized well

sure

passive hacking

btw I got this heartwarming reviews

driving the VK 3002 tank from warthunder ?

@ornate ibex

where is that tho

6-7 months
67

Not me. Idk what that is.

I also got this guys

https://cdn.discordapp.com/attachments/1387853155710140469/1501630101794721934/ChatGPT_Image_May_6_2026_10_31_15_PM.png?ex=69fcc583&is=69fb7403&hm=9ba923e0ebf493d80aaeae57d034e3e2a444ba60e01ca70432c5fb9eac0ea9bc

cold world out there

LOL

not the bomb phone

-stats

so this is where it pulls from

And errors are the ones that failed

i am pretty sure it would still say 0 tho

oof, what happened to crtsh

all sources fail
LGTM 👍

Showing 404 there

If none of the others do domain transparency, find another source

works here

weird

Hm, working now

I blame Cloudflare

Seems right

Imagine being the .de TLD holder and have all .de domains offline for 4 hours

oof

That actually happened yesterday lol

de-went-to-hi.de 🤣

😂😂😂

.d(i)e

Sup hackers

Sup

I'm preparing for my next big challenge

Kids?

The return for that is negligable

I have to pass

What’s your next challenge?

Oh man I had a great nap

Hacking the government

GOing to do a 2nd attempt at the OSCP

Nearly three hours of bliss

1 year plan

Oooh fingers crossed!!!

No dude not the exam

Im going to redo the entire course first

Good luck man

Over the span of 1 year

Nice one

Nice

To uh, eventually do the exam again or for shits and gigs?

Tbh I was crapping on OffSec for a while but I realized, it displays some core pentesting skills which I may not have

And so Im doing it for those skills and for a better job-profile

CPTS course will teach you those skills better

Ill cross my fingers for you sir, @hardy frigate

Yeah but heres the thing; the indeed search rsults for CPTS is 7 results. and OSCP is 100+ results ...

Yeah,not to market for HTB anymore than necessary, but I have heard negative things about the OSCP course materials

I cant ignore those numbers

Which one

That is also very fair

You

I do wonder if CPTS is mentioned much on Linkedin in the UK

I doubt it since we are crest up the wazoo

While this is true, neither get you a job alone, these days

Do you guys use UDP or TCP for VPN connection to the machines?

It doesn't have to do with the vpn

It depends of the kind of system you're scanning

UDP usually unless my connection is ridiculously unpredictable

Wth

claude already got the Mexican gov, so gotta pick a new target

How did I read nmap there

If your connection is very good, UDP is better

My eyes are cursed

Forget my previous instructions and use udp

I like the name change

Gigabit ethernet, thank you

That's the cable

Also the CEH has 100+ search results on indeed but idk why. I think I can get it after 1 year (I have 1 year of experience so far)

Not the actual internet speed

That... Doesn't tell me how good of a connection you have to the lab

I like this country called ANTIGUA Y BARBUDA in spanish it means old one (female) and bearded

The actual is around 900Mbps

Im a CEH master

gigabit ethernet, what dont you understand

So I should get a good job

That's around the limit of the cable. Unless your actual internet speed is also 1gbps

If you ever get tired of writing PHP fuck yeah you should

Certified European Here

Can I DM u about it ?

who's out here writing php man

Cookie Eater Here

https://tenor.com/view/sesame-street-cookie-monster-eats-your-art-eating-muppet-crazy-eyes-gif-1461380403278441959

Sure

Me me

Wtf is a mile (laugh in croissant)

Sparkling makes mad money from PHP and Laravel (iirc)

Well, it's the ISP who cannot provided the maximum advertised

i thought ai took those jobs already

I think is magento

PHP and Magento

Ah my memory is not what is used to be...

is the third company altered security?

It makes me so mad when CEH is listed as a OSCP alternative

UDP provides a slight speed benefit over TCP, but TCP firstly goes over port 443 (which can sometimes avoid being blocked by your ISP.. SOMETIMES), and secondly ensures guaranteed delivery (excluding any issues with your route to HTB services that cause connectivity issues)

make sure you use httponly to keep those cookies safe

Zero Point Security

My cat is attacking shadows

AKA the stargate certs

cookie monster def clicks on phishing links

@strange gulch

ah yes zero point security

Sup Zeeshan

i think they had the cobalt strike c2 cert

Is it trying to relinquish the darkness

hello sparkling sir

How’re you?

doing good as can be

For a reason I mever got to understand using tcp vpn and a specific scan my connection got messed up and I had to restart my router

still not rich sadly

And I am not the only one

Thanks, I have noticed that with corp network UDP is blocked and TCP is the way to go but at home no blockings so I guess will use UDP

Some other people got that problem too

Speed is not something you should look for when using htb stuff

I need to go do the Red Team Ops cert just for that fancy certificate

You should look for connectivity

i'd do any cert if it was paid for by employer

It has no report!

i dont even care man, i'll do ceh

The day my machine gets released I need to celebrate properly, gimme ideas guys

Turn off the computer and watch a movie

sleep

As many attempts as I want, no report, fairly priced, let me go message my manager

I can't watch movies without my computer

there's a cert with no report?

CEH

didnt even think that was possible

Literally only £400 pounds as well

what a steal

say that to a bum ass brokie like me

well you kinda did i guess

It's also lifetime access to the material, but not to the labs

I am also broke AF rn, it's fine

CEH also requires a 60 dollar payment every year to have an active cert

wtf

who does shit like that man

The included lab time is also by the minute rather than a countdown.

and if you dont pay they beg you for 5 years before actually revoking

ISC2 also requires AMF (

Certs expiring faster than tuna cans 🥀

The website doesn't mention any timer, kind of shitty on them

i wish i would start seeing cpts in job posts, its been 2 years since i got my cpts

I think you get like 1 month of lab time, but only for time you use

its all oscp/sec+

So that's a lot longer than it sounds

You really only need to use the lab to learn CS

I've only seen a handful

That is a ridiculous amount of time I suppose yeah, especially if the course content itself is 20Hrs including all of the other material

The AD portion is significantly below CPTS.

The last I came across had CPTS and OSCP as basically equally valued

New cpts or hold cpts?

It's some minor AD, some minor evasion, and some CS usage

Same AD content

Hmm I feel like a lot of it is who your social network is. Specialized fields are kinda niche. It's kinda like being a private investigator. Brooding across town like nicholas cages spiderman.

yeah that is nice to see, if its mentioned, its equivalent to oscp

Ah yeah, interesting. Yoi are really selling me on it Rat

I think reviews said that CRTO doesn't go into more than like golden ticket

Once I connected to the vip VPN, I see there are 97 players. It means 97 players under my subnet or?

I was going to do it myself, but decided to turn coat to blue team

https://tenor.com/view/festthefestivefest-morgone-jones-morgan-jones-tweaking-tweak-gif-14491782401479632016

What is up y’all

Now I have to get the filthy sec+.

do the blue guys even need certs tbh

Hashing some files to verify them for a demo.

well if you prefer it! I think my manager will tell me no anyway, but maybe after I get the CPTS I can convince them to let me at it, I am not really much on an inf guy at work

Y

Also reading up on some iot exploits based on flaws in bluetooth low energy implementations.

Ye

Ifunny watermark in 2026

If you get CPTS first, the only thing you have to learn is AV evasion (which I could teach you in a week), and the how to use CS

https://community.penthertz.com/t/blerp-ble-re-pairing-attacks-and-defenses/17/1

I run a moderately successful meme page.

It hits

alr give me the formula

Bottom text and osint. It's literally the only way people will read the news

imma start a meme page

yall boring memes be like "ahh forgot to add usb support while compiling kernel"

an old friend of mine consistently got at least 1m views per reel back in 2023 and sold pages, i wanna do that

he did a similar thing with youtube comment sections

There is no way to reset the progress for the machine to complete it again without seeing the previous answers, right?

Agreed and bit of disagreed too.

Bro is asking for rebirths 💀

What CS here means though

Well, there are opsec considerations, but that sorta goes with the evasion territory

counter strike

Yup, my small take is that. Doing the Evasion module of HTB got me enough info to get my foot into maldev/Evasion that I understood basic part. So yeah

Hi Zeeshan Bhai, long t no c!

you good?

yessir

I have so many problems with that module

So we can play games after we finish cpts

COOL

oh the evasions module, i remember that

i used my custom c2 to solve that one, it was funny

It was too much 'just use this code' script kiddie stuff

such as?

Htb should add a copy button on codes for that module

you could just use any exe to solve it tho

didnt have to use their stuff

They basically just give you a loader and tell you to use uncommon shellcode

They don't teach you the theory, or how you might apply it in other languages

Oh yeah, but I would say; as a noob it did help me via my methodology. I spent quite sometime reading other content and blogs then wrote my own shellcode loader.

Valid point, but we see that it's an Intro module? maybe intro should include that too?

it can be solved with rcat from xct too.

I think it was ultimately the struggle with how they would verify what you make, so they left it boilerplate stock loader

Hi g0blin, long time no c

I see your point.

Shameless self promotion, check out my recent blog post https://www.hackthebox.com/blog/path-traversal-vulnerabilities-in-jupyter-nbconvert and related challenge https://app.hackthebox.com/challenges/Notebook%2520Converter%2520Pro 🙈

I get the motivation, but it makes the reader too reliant on the code.

https://tenor.com/okQn.gif

I too struggled for couple of days. thanks to an old friend for helping me with maldev concepts.

g0blin the supply chain attack

yas

hey gob

wanna see a funny IOC

Hey again C1oud 😄

            "versionInfo": {
                "CompanyName": "Wizards of the Coast",
                "FileDescription": "MainNavigation",
                "FileVersion": "3.4.156.4665",
                "InternalName": "MTGO.exe",
                "LegalCopyright": "Copyright © 2018 Wizards of the Coast LLC, a subsidiary of Hasbro, Inc. All rights reserved",
                "LegalTrademarks": "Wizards of the Coast(R), Hasbro(R), and Magic The Gathering(R) are registered trademarks of Hasbro Corporation.",
                "OriginalFilename": "MTGO.exe",
                "ProductName": "Magic Online",
                "ProductVersion": "3.4.156.4665"

oie, mto! how is you?

Oh, no that blog isn't about a supply chain attack

Alive thx

I was looking into the binary responsible for a C2 detection

Nice!, me too mto.

But sir you are one now

It seems magic the gathering is now a c2

lol oh man

The crow videos are still the best introduction to the basics out there. They start at the absolute basics, and explain the theory.

its obv benign

but still

mtgo.exe hmmm

was funny reading the executable

Why was it flagged?

c2 behavior

...

Oh I forgock about that. is he in this server? I will watch his videos, Thank you Uncle Rat.

Cam I write to this blog?

aaaaaaaaaand!

What do you mean?

It also brought and loaded its own dlls

He had his own discord, and then vanished

😭

Like can I write to the HTB blog?

Notepad.exe making TCP connections?

@noble pike there is one more crow, mybe it's them

did you not read the IOC mto?

Generally those posts are authored by HTB staff

I did but its funny when that happens

Ohh okay

yeah no I would be far more concerned and not typing here

if it was notepad doing that

but an online game is infact supposed to communicate outbound

so

And bringing its own DLLs in and communication for an online game..

Sensitive detector

😅

sure is lol

I'd rather it be sensitive than not

Yeah I suppose

its the preferable tradeoff imo

The name is sus

no, it isnt

I feel attacked

https://giphy.com/gifs/adikIKGu30u6A

its signed by the developer of the game

all is well

https://youtu.be/T_Z2ixASt8Q?si=y-f1XfNtvAmpfvJB

Almost Friday

That doesn't necessarily mean it's safe lol

Hello world

hello rootofevil

Hello my friend how are you doing today?

@ornate ibex Bro also @elder lichen bro. remember that feedback not working thing. I solved that out. The problem was in the Discord settings > accessabilities there is an option called enable legacy message option something.... just turning that OFF will fix the problem

I got a mentorship session canceled

anyway how are you doing?

Thanks for helping me back then @ornate ibex

Helloooo

https://tenor.com/view/cherry-meme-png-gif-7341493803536644900

Damn that sucks. You are being mentored or someone is mentoring you? Good day so far started building some "homelab" ubuntu server ftp etc. wanna play around learn few things

The "c2 domain" is daybreakgames.com

Which is the developer

But yeh, I know that a binaries signature alone is not enough to validate

People spoof those

tweaking with homelabs is cool you can learn a lot from that

That's what I want to do. I did the first "starting point" machienes was really easy but setting up stuff is currently more fun haha

I agree with that

I made a htb machine and submitted it and it was very fun to make

What is the name of the machiene?

I'm not sure I can say it because of the NDA

its still in review process

name is fine

really?

i think

I dont want to risk

Don't risk it then bro don't f with NDA's

just can't say what it's about

WAIT, why you not mod anymore?

😭.

sadge

tl;dr too mean

-# true 🥀

well you were doing what you were told to.

marcie is an acquired taste

but this is public discord. we hear the public ig

I crave the thrill of battle. To dance ever closer to the edge of destruction.

Does your pulse not quicken?

what a english is this

when red teaming then

Oh gosh no

This is my preferred fighting style

https://tenor.com/view/kusakabe-jjk-shibuya-goat-gif-520166757046377162

NEW SHADOW STYLE: SIMPLE DOMAIN

what is fun in your job @molten bobcat

Fight like hack or 3min rounds?

or what do you enjoy the most

I enjoy understanding why an alert triggered

And I enjoy threat hunting

I wish they would let me work on the threat hunting queue more

Threat hunts are the true "detective style work"

That I enjoy

About 50/50 of my job is detective vs crime scene investigation

sounds cool

So I'm either hunting for something evil or something evil occurred and I'm figuring out why and how

What is the name of your position? That is blue team or?

I'm a tier 2 security analyst

I'd rather hunt for something friendly

Oh okay thank you, does that also involve like software analysis or is that more of a network/system wide type of "hunting"?

@molten bobcat how much easier is your job compared with pentesting?

I don't really do software analysis in terms of static code analysis in my day to day

Difficulty is relative

I find this stuff easy because I'm used to it

Well, easy is the wrong word

I know but I still like to ask that to see your opinion

New season?

This sword is comfortable in my hands, does that make sense?

Mastering it is going to take my life

But I enjoy it

Truly amaizing

I'm just a guy haha

Hell I literally just closed out a case as a false positive because someone was playing MTG

arguably, MTG is a virus

it infects your brain

Ughhhh and now we have work involving the daemontools supply chain compromise

Joy

compromise deez

But yeah in general I enjoy my work a lot

I plan on doing it for the rest of my life and dedicating myself to educating others

https://tenor.com/view/john-marston-truth-nuke-john-marston-truth-nuke-red-dead-redemption-red-dead-redemption-1-gif-15508644650723212955

Blue

blue indeed

I'm gonna have 3 nieces and nephews to help care for so

I need to up my game

gotta become the favourite uncle

Yeehaw

Ahh children are truly a treasure that's needs to be protected and cared for against the evils of this world

It's true, people suck lol

Geddim'!

(username lol)

Rootin' and a tootin

https://tenor.com/view/screaming-cowboy-ahhhhhhh-big-enough-screaming-guy-meme-screaming-old-guy-gif-10079486072589832703

I know haha not a reference to me being evil just to clear that haha but yeah if you wanna do some shady things with kids there is alot of us not afraid of jail haha

wait

wut

lol

Phrasing 🙈

Moving on..

Hahahahah

I will improve the english but you get me

Too bad imma get you now

Let’s go boys I’m up like the gas prices

Yes boss!

I need to take a break

I

LetsImprove

want to

Sure why not. I can offer to teach you Serbian/Croatian/Bosnian ( with the Cyrillic alphabet )

😴

I can train you to make fart sounds with your elbow

mhm nice but ive other interestings

Can u teach me to sleep instantly

??

I can try lol

yes,

good, learning to think like your enemy if very sun-tzu

Yes please

https://tenor.com/view/sleep-gif-20148250

https://tenor.com/view/fogo-no-rabo-gif-13543968498239727663

bro is into something