Never now π
You'll be stuck with cpts
#general
devout sail
winged ridge
I mean for people who cannot afford api key then here it is:
Here is gemini api key:
URL: https://deck-munchkin-giddily.ngrok-free.dev/v1
API: AIzaSyNova1234567890AlphaBetaGammaDelta
im helping my community
devout sail
Yoink
worthy cargo
as wel as esc queries:
ESC_QUERIES = {
"ESC1 β Enrollee Supplies Subject + Client Auth": esc1_vulnerable,
"ESC2 β No EKU + Enrollee Supplies Subject": esc2_vulnerable,
"ESC3 β Enrollment Agent + Enrollee Supplies Subject": esc3_vulnerable,
"ESC4 β WritePKI Flags": esc4_vulnerable,
"ESC5 β Overly Permissive CA Access": esc5_vulnerable,
"ESC6 β CA with SAN Editing Enabled": esc6_vulnerable,
"ESC7 β ManageCA / ManageCertificates": esc7_vulnerable,
"ESC9 β No security extension + Auth EKU": esc9_vulnerable,
"ESC10 β Weak Certificate Mapping": esc10_vulnerable,
"ESC11 β CA with Request Extension": esc11_vulnerable,
"ESC13 β OID GroupβLinking Abuse": esc13_vulnerable,
"ESC15 β Application Policy Abuse": esc15_vulnerable,
}
dusky jacinth
I mean I could just not verify my cert
rancid swallow
nice
devout sail
Another yoink
worthy cargo
You can easily search for misconfigurations
rough mirage
I mean for people who cannot afford api key then here it is:
Here is gemini api ...
scam
devout sail
I mean I could just not verify my cert
Fair enough, get it soon
Then you can be back to shitposting from job
stone marsh
Never now π
You'll be stuck with cpts
Certs > other roles
haughty meadow
Is it just me or recent bloodhound update gives a lot of errors in terminal and is very slow?
worthy cargo
Is it just me or recent bloodhound update gives a lot of errors in terminal and ...
Never used BH in console. What's this then?
winged ridge
devout sail
Is it just me or recent bloodhound update gives a lot of errors in terminal and ...
It needs to establish the C2 agent and stuff and yeah takes time
winged ridge
@rough mirage
molten bobcat
Sigh
haughty meadow
app-db-1 | 2026-05-12 16:29:29.857 UTC [2433] ERROR: type "nodecomposite" does not exist
app-db-1 | 2026-05-12 16:29:29.857 UTC [2433] STATEMENT: select $1::text::regtype::oid;
I meant a lot of these
molten bobcat
Hey, don't share fucking API keys in a public chat..
rough mirage
wow thats crazy. did you try it?
nah, im just being annoying 
haughty meadow
Never used BH in console. What's this then?
Its regular BH but I am looking at the console log
rough mirage
but im assuming it is
worthy cargo
Its regular BH but I am looking at the console log
Ohh. I gotcha
rough mirage
no such thing as a free lunch
molten bobcat
Don't interact with urls you don't recognize
dusky jacinth
don't tell me what to do
winged ridge
I run gemma model on my H100 gpus for free and im not paying a penny on it. So I want to share the api that I created
winged ridge
whats wrong with that?
rough mirage
i need to get to the hacker role
winged ridge
yall dont deserve to be nice to
rough mirage
π
tired kettle
one day...
gilded fern
i need to get to the hacker role
Why
dusky jacinth
i need to get to the hacker role
just take like two weeks and do all the easy and then start going through mediums
not too hard
dusky jacinth
Honey pot
winged ridge
rough mirage
just take like two weeks and do all the easy and then start going through medium...
man 2 weeks? that's time wasted not listening to tung tung tung sahur ai brainrot phonk
dusky jacinth
π«΅
dusky jacinth
man 2 weeks? that's time wasted not listening to tung tung tung sahur ai brainro...
fuck you for real
I hate you made me read that
stone marsh
Just ignored
Well yeah, why would he interact with you calling out the scam?
haughty meadow
My bloodhound is eating memory and cpu wtf
winged ridge
yall can test it on website likes https://www.aiapicheck.com/ if you dont trust me
rough mirage
fuck you for real
oh im sorry mb π π
dusky jacinth
Stop saying cyber security buzz words noob(s)
that's the point hehe
tired kettle
just take like two weeks and do all the easy and then start going through medium...
how many easies do you need? because i've been trying to get that back
rancid swallow
@frail turtle so this is how the TUI Graph and Tree format looks like
opens and loads everything instantly , no extrac setup required
these are few days old pics tho , newer ones also include ACEs with details
dusky jacinth
how many easies do you need? because i've been trying to get that back
all of them plus some
winged ridge
you can use the api key online if yall want, no need to connect it to your computer
west venture
you can use the api key online if yall want, no need to connect it to your compu...
What API key?
jagged storm
Bro wants to farm your usage, to train his model.
rancid swallow
Bro wants to farm your usage, to train his model.
lol
winged ridge
@west venture
tired kettle
all of them plus some
my bad, stupid question. let me rephrase that, how many roots do you need nowadays?
west venture
Oh thanks
stone marsh
Bro wants to farm your usage, to train his model.
Or he is just waiting for people to give him blackmail/sensitive material
dusky jacinth
my bad, stupid question. let me rephrase that, how many roots do you need nowada...
all of the easy machines plus I think I got user on like three mediums last season
winged ridge
Bro wants to farm your usage, to train his model.
bro your just being wierd as hell
dusky jacinth
but not while they were the seasonal active machine
dusky jacinth
yes thugnasty
worthy cargo
Zeeshan!
west venture
How much money do you have? Bc I might run an AI agent on that key for hours
lavish sage
brain rot can be fun at times
winged ridge
How much money do you have? Bc I might run an AI agent on that key for hours
go ahead, and you can check it on https://www.aiapicheck.com/ if you think it wont work
stone marsh
Now we just chatting about crimes
worthy cargo
I use gemini cli for free and it eats up tokens. I use claude code for free using a localhost proxy
jagged storm
bro your just being wierd as hell
You literally said you were, in this chat, just a few days back
lavish sage
i'd never commit a crime
tired kettle
all of the easy machines plus I think I got user on like three mediums last seas...
well that leaves me with a weekend's worth of fun
dusky jacinth
Now we just chatting about crimes
you know how it be
worthy cargo
ANTHROPIC_AUTH_TOKEN="freecc" ANTHROPIC_BASE_URL="http://localhost:8082" claude
dusky jacinth
well that leaves me with a weekend's worth of fun
π€·ββοΈ
high cobalt
Bro wants to farm your usage, to train his model.
Probably a stolen API key, too
worthy cargo
qwen/qwen3-coder-480b-a35b-instruct I use this model
tired kettle
thx for the help @dusky jacinth
worthy cargo
It's pretty badass
west venture
go ahead, and you can check it on https://www.aiapicheck.com/ if you think it wo...
Keep it topped up
summer urchin
Don't interact with morons
good advice
winged ridge
Keep it topped up
thank you man β€οΈ
tired kettle
Don't interact with morons
how do i stop interacting with myself?
dusky jacinth
Don't interact with morons
How don't I know when their moron
winged ridge
Probably a stolen API key, too
first you said it's a trojan and then you said it's stolen. Please stop lying on my tounge man
lavish sage
mirror
summer urchin
How don't I know when their moron
u think
frigid mountain
dusky jacinth
He knows I'm rage baiting him like crazy with that one
summer urchin
first you said it's a trojan and then you said it's stolen. Please stop lying on...
what u are saying is a bit sus thi
tho*
dusky jacinth
first you said it's a trojan and then you said it's stolen. Please stop lying on...
No one can lie on your tongue
and frankly I don't want to
I'm not gay
frigid mountain
I'm not gay
lavish sage
you sound weak
winged ridge
Yall dont need to install an .exe file lol you can just connect that api key on the web if yall want
dusky jacinth
https://tenor.com/view/seinfeld-not-that-theres-anything-wrong-with-that-gif-107...
Literally just about to pull that one out π
high cobalt
first you said it's a trojan and then you said it's stolen. Please stop lying on...
If something looks too good to be true (= free), it most probably isn't true or isn't good
frigid mountain
Literally just about to pull that one out π
worthy cargo
There's nothing wrong with being gay
molten bobcat
Fuckin idiots lmao
worthy cargo
There is something wrong with being a name-calling rude person though
molten bobcat
Same people who genuinely believe MacOS malware doesn't occur
lavish sage
dusky jacinth
it doesn't that's a myth
frigid mountain
Fuckin idiots lmao
notavirus.bat
molten bobcat
I'm literally working a case where curl executed maliciously due to the user executing it. Clickfix spread to MacOS a few months ago.
Y'all ain't safe nowhere.
worthy cargo
Open/Free/Net BSDs are awesome
high cobalt
Hey guys, I have 10.000$ for free, which of your bank accounts should I transfer this to? (/j)
lavish sage
mine
dusky jacinth
Hey guys, I have 10.000$ for free, which of your bank accounts should I transfer...
MEMEMEMEME
molten bobcat
Scammers are fun
lavish sage
i was first tien
tardy surge
heelo
worthy cargo
Feed a hungry homeless person with your $10
dusky jacinth
I actually replied
fading cape
convert it to BTC HAHAHAHAAH
worthy cargo
That's a good use
dusky jacinth
convert it to BTC HAHAHAHAAH
bitcoin dropped a dollar today π
worthy cargo
It dropped by 2k in the past day
fading cape
bitcoin dropped a dollar today π
And rise #10 tommorrow
dusky jacinth
most likely yup
high cobalt
MEMEMEMEME
Okay, just give me your bank account and I will launder ... ehm I mean gift you the money
lavish sage
fading cape
Okay, just give me your bank account and I will launder ... ehm I mean gift you ...
send to me in crypto hahahahaa
stone marsh
Scammers are fun
Good scammers a fucking menace, its awesome
Listened to a talk about north korean deep fake scams, was pretty cool
high cobalt
I'm literally working a case where curl executed maliciously due to the user exe...
The curl thing sounds absolutely wild
west venture
Okay, just give me your bank account and I will launder ... ehm I mean gift you ...
If you wanna launder money, start a carwash
worthy cargo
gotta launder my karma
Got a revolution behind my eyes
We got to get up and organize
Come on baby tell me
Yes we aim to please
tardy surge
I have learned about networks: TCP, UDP, IP, MAC, DCHP, DNS, router, NAT, LAN, switch, and layers. Should I delve deeper into networks or move on to Kali Linux commands?
vague terrace
If you wanna launder money, start a carwash
Why a carwash? lol
worthy cargo
I have learned about networks: TCP, UDP, IP, MAC, DCHP, DNS, router, NAT, LAN, s...
Why did you say it twice?
west lynxBOT
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
worthy cargo
Also you can do whatever you want!
tardy surge
I have learned about networks: TCP, UDP, IP, MAC, DCHP, DNS, router, NAT, LAN, switch, and layers. Should I delve deeper into networks or move on to Kali Linux commands?
rapid badger
I think he is stuck in a loop
worthy cargo
Quantum Loop
lavish sage
https://tenor.com/view/what-happened-what-happened-to-you-as-a-child-what-kind-o...
loneliness
i made friends inside computers
wooden thunder
you mean friends online right ?
I do hope you don't have little people inside your pc
patent lily
We don't talk about the motherboard dwarves here
lavish sage
they were inside computers and then inside my head
lavish sage
isnt that a boomer reference
rancid swallow
molten bobcat
Too bad Jared Leto is an industry plant fuck
molten bobcat
The only saving grace of Tron ares is the visuals and the soundtrack by nine inch nails
worthy cargo
jagged storm
The only saving grace of Tron ares is the visuals and the soundtrack by nine inc...
not daft punk ; not listening to it
tardy surge
I've learned about IP, MAC, DNS, DCHP, TCP, UDP, NAT, LAN, and OSI. Should I learn Kali Linux commands or delve deeper into networking?
tardy surge
My friends, why aren't you answering my questions?
molten bobcat
Hey
jagged storm
My friends, why aren't you answering my questions?
molten bobcat
We're real people and we're not a fucking search engine
You can't just pop in questions and get answers immediately
tardy surge
https://tenor.com/view/stop-it-get-some-help-gif-15058124
?
molten bobcat
I've learned about IP, MAC, DNS, DCHP, TCP, UDP, NAT, LAN, and OSI. Should I lea...
This is an incomplete knowledge set
worthy cargo
My friends, why aren't you answering my questions?
We already answered you broski
molten bobcat
You've just learned a couple acronyms. That's not the same as understanding the technologies and how they work
tardy surge
You've just learned a couple acronyms. That's not the same as understanding the ...
β
tulip steeple
https://tenor.com/view/popcorn-guy-relaxing-popcorm-popcorn-gif-26404903
π
high cobalt
If you wanna launder money, start a carwash
But someone has to wash his car with the money then π€
high cobalt
https://tenor.com/view/what-happened-what-happened-to-you-as-a-child-what-kind-o...
DCHP
high cobalt
I've learned about IP, MAC, DNS, DCHP, TCP, UDP, NAT, LAN, and OSI. Should I lea...
You can do whatever you want pal. Play around with Routing Protocols like OSPF or BGP ...
Or learn hacking lol
Doesn't matter
Okay this meme looks too aggressive but I hope you get the spirit
jagged storm
it's a troll or bot lol
high cobalt
How do you know?
molten bobcat
Their server tag
high cobalt
Oh π Well my OSINT skills again 
molten bobcat
I'm a detective for a living lmao
green kite
I'm a detective for a living lmao
You detect what?
jagged storm
I'm a detective for a living lmao
but can you see why kids love cinnamon toast crunch?
molten bobcat
but can you see why kids love cinnamon toast crunch?
molten bobcat
You detect what?
Malicious intent
green kite
but can you see why kids love cinnamon toast crunch?
What is this soutcery
green kite
Malicious intent
Detective Cloudeau
molten bobcat
I just spent an hour writing up a full timeline for a user getting clickfixed
Well, I shouldn't say I spent the whole hour writing
Half of that was me trying to get their damn domain controller to respond lmao
zenith urchin
Hello everyone, I am new to hacking and looking for someone who can help me with that, preferably in Dutch.
molten bobcat
Hallo, this is English focused server unfortunately
But there's lots of folks from around your area too π
trail prism
Hello everyone, I am new to hacking and looking for someone who can help me with that, preferably in spain
west lynxBOT
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
zenith urchin
I know that and I can speak English too, but is there anyone from the Netherlands who can send me a private message so we can talk a bit more?
trail prism
or in inglish
molten bobcat
I know that and I can speak English too, but is there anyone from the Netherland...
You might have better luck in #1318239802931286066 just be sure to follow the guidelines for posts there
zenith urchin
OkΓ© thx
trail prism
hello
terse dirge
Good morning
trail prism
Could you write me privately I need help I'm new
molten bobcat
Why
terse dirge
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-...
@trail prism read this on getting started
trail prism
okey
jagged storm
bro is gonna get pinged
green kite
jagged storm
and there it is
wicked dagger
Can someone explain this to me #red-team message
pallid wasp
and there it is
terse dirge
trail prism
okey
high cobalt
Can someone explain this to me https://discord.com/channels/473760315293696010/7...
I wish I had an answer but I also want to know the answer bc. this is a good question
jagged storm
I wish I had an answer but I also want to know the answer bc. this is a good que...
arp/routing table - ezpz
wicked dagger
I wish I had an answer but I also want to know the answer bc. this is a good que...
Yeah because I guess this is a real world scenario, because their is a lot of vlan configuration in enterprises
jagged storm
Pretty sure the pivoting module covers this.
devout sail
I live like 15 min away from Netherlands
wicked dagger
arp/routing table - ezpz
Yeah but arp is only for same network, and why routing table? If you have a gateway who tells you it is to access other vlans and even if it is the case if you always do a ping sweep on the entire network it take a while no?
wicked dagger
Pretty sure the pivoting module covers this.
Nope ^^ it talk about multi nic interfaces nothing about vlan
jagged storm
Nope ^^ it talk about multi nic interfaces nothing about vlan
VLAN is transparent to you, on the network. You can only infer by what you can reach out to.
terse dirge
Idk anything about network engineering tbh
meager kernel
hi
wicked dagger
VLAN is transparent to you, on the network. You can only infer by what you can r...
What do you mean with that? Take a look at the architecture https://cdn.discordapp.com/attachments/704070821496487956/1503795575408037948/content.png?ex=6a04a644&is=6a0354c4&hm=880c3ddb5151fc62b7fcfa52b7d544d64b6a060d1ec9c06c554a2f6cc4c695eb&
severe falcon
Idk anything about network engineering tbh
The orchestration layer
devout sail
terse dirge
hows it going ceald
Same old same old. Parents yelling at about how I'm not trying hard enough to apply for a job
devout sail
Oh
terse dirge
The orchestration layer
Kubernetes???!!
severe falcon
https://cdn.discordapp.com/attachments/704070821496487956/1503795575408037948/co...
Rich kid
meager kernel
Same old same old. Parents yelling at about how I'm not trying hard enough to ap...
just apply
severe falcon
Kubernetes???!!
It's a meme now.
terse dirge
devout sail
What do you mean with that? Take a look at the architecture https://cdn.discorda...
I guess you can just scan the whole subnet to find live targets
meager kernel
i cant sleep for some reason
i shouldnt have slept in the afternoon
meager kernel
i regret it now
wicked dagger
I guess you can just scan the whole subnet to find live targets
Yeah but it take a whileπ
severe falcon
Kubernetes???!!
silver forge
I deployed my first application cluster to ECS using a proper CI/CD pipeline today 
jagged storm
I guess you can just scan the whole subnet to find live targets
Well, that's a bit aggressive. ARP for the start, pings if need be.
wicked dagger
Yeah but it take a whileπ
The thing is I need an idea to get a hint that their is potential vlan routing
high cobalt
What do you mean with that? Take a look at the architecture https://cdn.discorda...
You just need to know the subnets though. I guess if you don't see active connections you have to "brute force" it with Nmap?
devout sail
Yeah but it take a whileπ
Well i can't really think of any easier way?
And as rat said arp, but I was assuming if for whatever reasons that doesn't work
wicked dagger
You just need to know the subnets though. I guess if you don't see active connec...
Yeah I guess to that it kind of luck by discovering them
terse dirge
https://youtube.com/shorts/CEz1AauzsAo
Omg this reminds me of someone that kept calling bash the cli and it drove me insane cause I had no idea what he was talking about when he kept saying "the cli"
jagged storm
The thing is I need an idea to get a hint that their is potential vlan routing
It's transparent at your level of the model.
severe falcon
I'm just rendering his image
Who's lol
rough mirage
THE ICE CREAM VAN IS HERE
devout sail
Spritzou
wicked dagger
Well i can't really think of any easier way?
And as rat said arp, but I was ass...
But again arp is for the same network
severe falcon
Omg this reminds me of someone that kept calling bash the cli and it drove me in...
"The CLI"
wicked dagger
If you arp on 10.5.30.0/24 you will see potential hosts on this network not on those like 10.5.20.0/24
terse dirge
The dude supposedly worked as a networking engineer, not sure what networks he engineered but very worried
wicked dagger
It's transparent at your level of the model.
I donβt really understand why you mean haha what do you mean with transparent at my model
devout sail
But again arp is for the same network
Yeah i don't really know too much about it
I have made some labs with multiple vlans and shit
So from top view
All i can think of the options we have discussed
Actually I'll look for it tomorrow, I have been mindlessly making huge labs and not thinking about these stuff lmao
high cobalt
But again arp is for the same network
Btw I made a note these days for a nice alternative for Nmap if you just want to discover hosts, fping. It's just ping but also works with whole networks
jagged storm
I donβt really understand why you mean haha what do you mean with transparent at...
VLANs are layer 2. You're at layer 3.
devout sail
If you arp on 10.5.30.0/24 you will see potential hosts on this network not on t...
Maybe try accessing the router and hope it's not locked?
Then try to find switch and hope that's not locked too then show all interfaces π
wicked dagger
VLANs are layer 2. You're at layer 3.
Ah like this, but I need to take a look at the lab then because since their is only 1 host on vlan 30 (kali) he donβt make connections with other vlans manually
terse dirge
Guys, vlans aren't real! Flat networks forever to confuse attackers π₯
wicked dagger
Maybe try accessing the router and hope it's not locked?
Then try to find switc...
I will take a look at my lab in the evening and keep you guys up to date with a witeshark check
wicked dagger
VLANs are layer 2. You're at layer 3.
So I guess intercept traffic and wait
jagged storm
So I guess intercept traffic and wait
Well, you could check the routing table.
It might point you to other networks
high cobalt
Guys, vlans aren't real! Flat networks forever to confuse attackers π₯
Who needs micro segmentation if you can just throw everything into 10.0.0.0/8?
wicked dagger
Well, you could check the routing table.
Routing says:
default via 10.5.30.254
I mean Iβm not in front of my lab but nothing about the other networks
terse dirge
Who needs micro segmentation if you can just throw everything into 10.0.0.0/8?
I unironically manage a network like that at the cyber range
Very big us vs them mentality and "everything is there for a reason" without any good reasoning
jagged storm
I unironically manage a network like that at the cyber range
This is why responder will never stop being useful
undone fossil
may i present to you
high cobalt
It might point you to other networks
Who configures routing tables manually on machines though?
terse dirge
We have servers that are older than me there just for the novelty of having them 
jagged storm
Who configures routing tables manually on machines though?
Depends on the machine, and if there is some specific reason something should normally not be in a specific place.
devout sail
I will take a look at my lab in the evening and keep you guys up to date with a ...
Yeah I asked clanker
And it said the same
You'll have to ping and find in other L2 network
silver forge
exotic pendant
π
devout sail
Who needs micro segmentation if you can just throw everything into 10.0.0.0/8?
Or make it worse and keep each device in its own cozy vlan with just itself
jagged storm
Or make it worse and keep each device in its own cozy vlan with just itself
Stacked VLANs, all the way down
high cobalt
Or make it worse and keep each device in its own cozy vlan with just itself
Micro(managed) segmentation lmao
exotic pendant
Someone said they got ice cream van nearby
Was it you
b1issfu1
wicked dagger
Yeah I asked clanker
And it said the same
You'll have to ping and find in other...
Yeah but like I told to my colleague what if the target has icmp disabled
devout sail
Stacked VLANs, all the way down
We can hop soo many time
We should use all of those ttl
exotic pendant
I got a new Windows CVE published today
jagged storm
Yeah but like I told to my colleague what if the target has icmp disabled
On the same subnet, that doesn't necessarily matter, depending on how they reply.
exotic pendant
Wifi proximity RCE
winged ridge
devout sail
Yeah but like I told to my colleague what if the target has icmp disabled
Yeah the place i work has this
Then you just have to hope that all of those pc has atleast one common port open lmao
wicked dagger
But like I said I will take a look this evening and ping you @jagged storm @devout sail @high cobalt in red team group
high cobalt
Yeah but like I told to my colleague what if the target has icmp disabled
I think there is no way around port scanning then ...
devout sail
Yep, goodluck
jagged storm
devout sail
Wifi proximity RCE
Oh njce
devout sail
Wifi proximity RCE
Why do u not post any x post or blogs yet
exotic pendant
Why do u not post any x post or blogs yet
the cve just published today and I got the blog post ready to post
devout sail
the cve just published today and I got the blog post ready to post
Where
I think i follow u on twiffer
silver forge
there's a reason I don't touch Windows
exotic pendant
Exploitability isnt easy but easy to DoS
I can walk outside your house and knock all the devices off on your street
using windows
if i spend the extra time, pop RCE
π
devout sail
Ehehe do it when u see some kid playing LOL of something
high cobalt
Evil
exotic pendant
I can make it targeted or just spam every wifi in range
devout sail
Where are u gonna post your stuff
I'll keep an eye on it
exotic pendant
Where are u gonna post your stuff
I'll keep an eye on it
we'll see
devout sail
Hmm pls not on OF
exotic pendant
high cobalt
there's a reason I don't touch Windows <:pepecoffee:1206998399593873449>
I mean Linux got a 0-Day LPE every week so ...
bronze lion
thts a bit of an exaggeration dude
exotic pendant
linux getting hit with the AI train atm
bronze lion
every week
silver forge
I mean Linux got a 0-Day LPE every week so ...
LPE != RCE
reasonably talking, every single system has LPE somewhere
zealous charm
linux getting hit with the AI train atm
So many linux/windows LPEs now that 0day brokers are rejecting them
exotic pendant
So many linux/windows LPEs now that 0day brokers are rejecting them
yep lol
high cobalt
What if we got an RCE this friday though?!
exotic pendant
Glad I'm taking my break
high cobalt
Just saying
obsidian tartan
that is sick, congrats!
exotic pendant
ZDI stopped taking pwn2own entries
devout sail
Soon we will have 0day HTB solves like it's as normal as unintended
zealous charm
ZDI stopped taking pwn2own entries
yeah, I also saw some other brokers tweeting about the flood of LPEs
silver forge
next box idea, target Integrity with nothing listening on network 
exotic pendant
i tried to get cluade to find this wifi bug i had and it wasnt finding it
after I had found it
I just wanted to see if it would even
"Nah bro looks clean to me!"
devout sail
next box idea, target Integrity with nothing listening on network <:NootLikeThis...
Imagine if they release one completely updated machine as insane and watch player interaction for 0day
high cobalt
LPE != RCE
I know ... I am exaggerating
muted olive
Nice
zealous charm
Imagine if they release one completely updated machine as insane and watch playe...
kernelCTF is all about finding 0day
muted olive
Oooooh you wanna play Inscryption and Ultrakill :3
I havent played any games :(
high cobalt
Imagine if they release one completely updated machine as insane and watch playe...
If you wanna see CTF players exploiting zero days ...https://youtu.be/yrCXamnX9No?is=RLa2s6-MozgwqtAl
heady sage
I havent played any games :(
Dude, you need to change that
muted olive
kernelCTF is all about finding 0day
love kernelCTF then
muted olive
Dude, you need to change that
need to get a new laptop first with a graphics card that would actually support games lol
sometime next month
exotic pendant
toxic rock
high cobalt
Dude stop teasing us this much!
exotic pendant
Deauth is to help groom
high cobalt
What? Another windows 0day??
gray wraith
What? Another windows 0day??
Grass is green, sky is blue, Frost gets a 0 day or two
rancid totem
bro is preparing his repos before releasing it xd
rancid totem
high cobalt
bro is preparing his repos before releasing it xd
rancid totem
and the TeamPCP released open source code for Mini Shai-Hulud, wtf is going on today
gusty saddle
hey
rancid totem
This one? https://github.com/Nightmare-Eclipse/GreenPlasma
yeah and one more there
soon
molten bobcat
Fuck patch Tuesday ig
patent lily
uh oh
gusty saddle
how do i fix when i wanna download smth and itβs higher than my ios how do i download older versions
thank yβall
high cobalt
Thank god I am not a Windows admin but because I am still an admin and have responsibilities ... OH COME ON MAN
patent lily
and the TeamPCP released open source code for Mini Shai-Hulud, wtf is going on t...
they really leveled up didn't they use to make shitty shell scripts to install xmrig or something or am I confusing them with someone else
rancid totem
how do i fix when i wanna download smth and itβs higher than my ios how do i dow...
dependency issues
gusty saddle
dependency issues
wdym
rancid totem
they really leveled up didn't they use to make shitty shell scripts to install x...
they're using AI, so they're learning how to use it xd
exotic pendant
yeah and one more there
he had the yellow one also
bypass bitlocker
I should just post my pocs to github
patent lily
they're using AI, so they're learning how to use it xd
Ah
exotic pendant
amirite
gusty saddle
how do i fix when i wanna download smth and itβs higher than my ios how do i download older versions
rancid totem
he had the yellow one also
yep
green kite
No need to repeat yourself @gusty saddle
green kite
#1024429874246590575 might be better to ask
rancid totem
the libraries won't write themselves
silver forge
personally I prefer developing stuff that can not be patched 
again not going to spoil
gusty saddle
I meant you can't unless it matches required dependencies
and what are they please
exotic pendant
Get more clout by uploading poc than get paid $1k for a 0 click RCE or LPE
gusty saddle
No need to repeat yourself <@1463153074926256265>
ok
patent lily
Get more clout by uploading poc than get paid $1k for a 0 click RCE or LPE <:kek...
1k?? lmao
are you serious?
patent lily
I actually got 5k for my RCE
Holy shit
gusty saddle
I actually got 5k for my RCE
damn
patent lily
no wonder people are just posting shit on github
high cobalt
Doesn't sound like that much for probably a ton amount of work tbh
exotic pendant
if someone took my poc and walked around a hospital ,they could knock off devices
or if they work on it, get a RCE and pop on all devices in area
patent lily
Doesn't sound like that much for probably a ton amount of work tbh
It's extremely low
patent lily
or if they work on it, get a RCE and pop on all devices in area
jfc
exotic pendant
One reason I actually didnt want to post the PoC until people patch lmao
severe implications
high cobalt
It's extremely low
Yeah
gusty saddle
hey
please can someone help with my problem
how do i fix when i wanna download smth and itβs higher than my ios how do i download older versions
patent lily
how do i fix when i wanna download smth and itβs higher than my ios how do i dow...
Is there an archive of the app you're trying to install?
iron galleon
how do i fix when i wanna download smth and itβs higher than my ios how do i dow...
i dont think u can using apple's ios app store
gusty saddle
Is there an archive of the app you're trying to install?
archive?
frigid mountain
had real tacos for lunch
iron galleon
u'd prolly have to jailbreak
frigid mountain
like "street tacos" or as they call them in Mexico "tacos"
gusty saddle
What do you even mean? What is higher than your iOS?
youtube
gusty saddle
Yeah like an archive of older versions?
i wanna install yt and spotify
iron galleon
i wanna install yt and spotify
why don't you update ios
rancid totem
Is there an archive of the app you're trying to install?
he probably needs to jailbreak but it's so unsecure
gusty saddle
where can i get them archives
frigid mountain
why don't you go to the website?
gusty saddle
why don't you update ios
iphone 7 π
iron galleon
ah rip
rancid totem
iphone 7 π
I use Iphone SE
patent lily
he probably needs to **jailbreak** but it's so unsecure
Oh
gusty saddle
why don't you go to the website?
what website
frigid mountain
my office TV spotify app is being weird
high cobalt
what website
YouTube
frigid mountain
what website
gusty saddle
I use Iphone SE
SE is aiit
rancid totem
iphone 7 π
research jailbreaking, that's the only way because App Store apps are officially signed by the Apple
gusty saddle
youtube.com and spotify.com
i donβt wanna use them on web
frigid mountain
you could also, you know, not use an iphone
gusty saddle
research jailbreaking, that's the only way because App Store apps are officially...
jailbreaking ?
rancid totem
jailbreaking ?
google it
high cobalt
you could also, you know, not use an iphone
Doesn't android also want to lock down side loading though?
gusty saddle
you could also, you know, not use an iphone
π€¦ββοΈπ€¦ββοΈπ
iron galleon
Doesn't android also want to lock down side loading though?
can use grapheneos
frigid mountain
Doesn't android also want to lock down side loading though?
can't stop it.
molten bobcat
can use grapheneos
Be advised that Google is stopping services for people who do this
molten bobcat
Googles recaptcha now uses whether or not your mobile device is running the Google play service
gusty saddle
i use grapheneos
ok
high cobalt
can't stop it.
How so? I think they want to enforce so that APKs need to be signed or simething
high cobalt
Googles recaptcha now uses whether or not your mobile device is running the Goog...
Urgh, another day where greedy companies enforce their policies onto the user and don't make us own our software and hardware ...
frigid mountain
How so? I think they want to enforce so that APKs need to be signed or simething
Technically, Google could completely block sideloading if they wanted to, but they don't because Androidβs identity, market position, and architectural roots are built entirely on allowing it. Sideloading isn't a loophole they forgot to patch; itβs a core design feature.
The reasons Android hasn't flat-out banned sideloading come down to open-source foundations, corporate utility, and legal self-defense.
iron galleon
https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
u can run a sandboxed google play services
i just read the article
thats why it still works for me
high cobalt
Technically, Google could completely block sideloading if they wanted to, but th...
Oh, okay I just read the article ... seems like the headlines were just a bit doomsdaying again
rancid totem
just found an api endpoint on a shitty claude airdrop site, and the tweet has 4k+ likes, oh god..
frail turtle
I mean
I only use my phone to talk to people mostly and watch youtube videos
that's it
dont see the point in degoogleing unless....
I want more battery life
fuck I feel a fever coming
jagged storm
fuck I feel a fever coming
It might be a tumor
raven rain
that'c
jagged storm
Urgh, another day where greedy companies enforce their policies onto the user an...
The torment nexus we built is tormenting users 
raven rain
π»
potent pagoda
Does anyone know How to participate in private CTF events?
scenic maple
you need an invite and you need to be invited
once those 2 are done and you have signed up you will get an email
potent pagoda
Yes, but some descriptions say you just need to contact the event host to get the key
scenic maple
that is the invite
the event host is usually supposed to send the key/invite to the people who are supposed to be in the ctf
in a scenario where that isnt the case the people who are supposed to be sent the key just go and ask the host for the invite
lets say ABC school creates a ctf for its student so the teacher of that school is supposed to giveout the invites one per student
if the teacher does not that the students may be asked to reach out to their teacher and get a key
potent pagoda
But where? For example, in the PepsiCo event section, the host creator is a redirect to their website, and theres no information there about the ctf event. The same thing happens at hunter cyber collector 2026, city of Newcastle.
scenic maple
But where? For example, in the PepsiCo event section, the host creator is a redi...
if it does redirect to a site and you think you should have received an invite you should find contact information / support information on that site and ask for your invite,
zealous charm
or the CTF is to bypass the invite authentication 
scenic maple
man old htb was something else
potent pagoda
Xd
potent pagoda
if it does redirect to a site and you think you should have received an invite y...
Thanks im going to do it
rancid swallow
now da graph looks neat af @worthy cargo
u can mode da nodes around as u like as well , ACEs Included for each nodes with details
u can search nodes with realtime indexing, Find shortest path between two nodes and render node amounts accordingly to save performance as well
worthy cargo
now da graph looks neat af <@945129480010219552>
u can mode da nodes around as...
Very nice and impressive!
floral galleon
sup chat
rancid totem
this is so real
high cobalt
now da graph looks neat af <@945129480010219552>
u can mode da nodes around as...
Are you making a Bloodhound alternative?
rancid swallow
Are you making a Bloodhound alternative?
kinda but its a full toolkit not just bloodhound features , graph is just one of the features
high cobalt
kinda but its a full toolkit not just bloodhound features , graph is just one of...
What does your tool add?
crude island
Hello all
rancid swallow
What does your tool add?
https://github.com/Karmanya03/Overthrone
a lot of things , hard for me to type here xP
crude island
@rancid swallow hiii
high cobalt
https://github.com/Karmanya03/Overthrone
a lot of things , hard for me to type ...
Niiice, sound fun (and like a lot of work haha) developing it.
limber arch
rancid swallow
Niiice, sound fun (and like a lot of work haha) developing it.
ya been 7 months so far , i still have so much to test and debug a lot of things and create a PoC so that i can release it properly
high cobalt
Damn, the longest side project I did was building a simple raycasting engine and then rebuilding it in Rust π
rancid swallow
Damn, the longest side project I did was building a simple raycasting engine and...
analog notch
don't mind if slap a nice little git star on that one
rancid swallow
don't mind if slap a nice little git star on that one
Arigatou
high cobalt
<:wowzas:811537101417873438><:johnwow:1031584263499436042>
It was just a really simple demo built with Raylib π was maybe working on it for a week or so in my vacation time
rancid swallow
Damn, the longest side project I did was building a simple raycasting engine and...
its been exactly around 1 year, my GPU is ded , So after office hrs i just do this , coz me bored , nothing to do
otherwise would either do game dev stuff or just play sum games with friends
jagged storm
is this even possible ?
Err... No.
jagged storm
its been exactly around 1 year, my GPU is ded , So after office hrs i just do th...
Did you try to bake it
high cobalt
its been exactly around 1 year, my GPU is ded , So after office hrs i just do th...
My condolences on the dead gpu π
rancid swallow
Did you try to bake it
no oven sedly lol
neat cipher
is this even possible ?
It looks like something out of one of those old hacking games on steam where you buy computer parts and install them in the data centre to get the leet skills
rancid swallow
Laptop GPU btw
rancid totem
It looks like something out of one of those old hacking games on steam where you...
This is the HTB Academy
rancid swallow
i had the motherboard replacement but the replacement was the only one remaining piece in my region and SOMEHOW i found out it has a Defected GPU hardware with Code43
neat cipher
This is the HTB Academy
Well clearly they weren't supposed to tell newbies about the secret internet that you didn't hear about, and this conversation never happened...
rancid totem
I don't think it's possible, the question was ironic
jagged storm
This is the HTB Academy
It's it a newer module? This seems like the kind of mistake AI would make
rancid totem
It's it a newer module? This seems like the kind of mistake AI would make
Nah, it's pretty old actually
Network Foundations Section 6 / 12
Nobody reported it I guess 
jagged storm
Any comment about it in #1234357888114364508 ?
rose onyx
molten bobcat
I helped fix an issue with the cdsa content when I was doing my exam
One of the questions for one of the modules was completely unrelated to the content it just showed you lmao
molten bobcat
Nah, modules for the cdsa path
rancid totem
Ah
molten bobcat
The exam had no issues
rancid totem
At least HTB has fewer typos than LetsDefend xD
molten bobcat
You know they bought them right lol
rancid totem
I knew it, it looks so unrelated to HTB 
molten bobcat
It was a recent ish acquisition
jagged storm
Oh, they bought it? Gonna absorb like the last one did?
molten bobcat
Slorp
terse dirge
neat cipher
Yeah HTB is buying up all the cool toys. Vulnlab too getting integrated
high cobalt
I wish their modules were just im the normal HTB academy ...
molten bobcat
I can't tell if this is tbone or ribs
jagged storm
HTB needs to buy maldev academy
neat cipher
Very nice! Had similar earlier
stone marsh
HTB needs to buy maldev academy
If only
terse dirge
I can't tell if this is tbone or ribs
Chicken
neat cipher
HTB needs to buy maldev academy
You know what the /feedback thing is for...
terse dirge
Choron chicken I think it is
jagged storm
You know what the /feedback thing is for...
minor flower
misty citrus
crude island
crude island
Always
rancid totem
Any hacking hapening ?
What is that
wooden thunder
"Happening" refers to an occurrence, event, or an artistic performance involving audience participation
past acorn
hello
rancid totem
"Happening" refers to an occurrence, event, or an artistic performance involving...
That's funny, you are funny guy
I like you
high cobalt
Any hacking hapening ?
No, just chatting without purpose and now preparing for sleep
wooden thunder
Thank you, I like you too
rancid totem
boreal pike
Roses are red, I am back, there's a flipper zero right here in my bag. 
past acorn
<:pepecoffee:1206998399593873449>
do you get any benefits for boosting server
other than aura
past acorn
what does that mean
jagged storm
rancid totem
past acorn
can you pay for my cpts
rancid totem
what does that mean
That means you get a lot of features.
past acorn
That means you get a lot of features.
like?
rancid totem
Try to send a GIF
past acorn
exam voucher
past acorn
Try to send a GIF
nuh uh ive been laughed at
past acorn
Try to send a GIF
Ive played these games before
boreal pike
jagged storm
can you pay for my cpts
No. Fuck off.
past acorn
You won't get vouchers for free
yea I couldve guessed
past acorn
No. Fuck off.
grrr
high cobalt
Pfff, just level up for sending Gifs
high cobalt
<:mmmmm:1334216315497480192>
past acorn
Pfff, just level up for sending Gifs
I did on my personal account but this is a new account and I dont wannd do the same labs twice
boreal pike
past acorn
Hey cool website
mine?
wooden thunder
yes
high cobalt
(Just joking)
boreal pike
<:steve_1:821076391613169676><:steve_2:821076391687749643><:steve_3:821076391868...
It looks funky on my phone.
And now it's a billboard ad.
past acorn
It looks funky on my phone.
yea here you just look autistic
high cobalt
Yeah I also wanted to say the mention looks even funnier π
rancid totem
oh
past acorn
yea here you just look autistic
in a good way
rancid totem
you are that youtuber who talks about how to RAT people
boreal pike
yea here you just look autistic
I am autistic, tf you mean just look?
wooden thunder
No, just chatting without purpose and now preparing for sleep <:kek:889992816296...
May ur dreams project in 8k w dolby ur wildest hopes
rancid totem
I've seen your videos
boreal pike
Yeah I also wanted to say the mention looks even funnier π
:p
high cobalt
May ur dreams project in 8k w dolby ur wildest hopes
Haha lmao, thank you π
worthy cargo
AI text gen is too slow. We need thousands of tokens per second speed!
boreal pike
AI text gen is too slow. We need thousands of tokens per second speed!
500 ai generators.
worthy cargo
What?
past acorn
π
boreal pike
:pp
high cobalt
Can't they just scale the models horizontally bruh?
boreal pike
wooden thunder
Moclans only pee once a year
It's not just pee, it's "The great release"
high cobalt
God The Orville was such a nice homage to Star Trek
frosty thistle
cool!!!
neat cipher
God The Orville was such a nice homage to Star Trek
It's time for American Dad to do a sci fi special... or something...
high cobalt
I never watched american dad. Just Family Guy
molten bobcat
Family guy writing falls off hard around season 9/10
American dad is consistently pretty funny
They don't just say shocking gross things or just hate each other or show gore for humor
boreal pike
high cobalt
Okay this is pretty funny
Still, the animated show which has a special place in my heart is the Simpsons
molten bobcat
Same, watched it every night with the family for dinner
worthy cargo
It's not just pee, it's "The great release"
The Jalojha
wooden thunder
high cobalt
Same, watched it every night with the family for dinner
Yeah it's perfect for dinner. Just watching it in the background haha
molten bobcat
I have a couple animated shows I put on in the background while I'm working
high cobalt
Lol, nah at work this would just distract me
turbid goblet
Like dora the explorer?
jagged storm
Like dora the explorer?
turbid goblet
Oh
high cobalt
I have a couple animated shows I put on in the background while I'm working
But what shows are you talking about?
rose onyx
Doing the drywall at the new McDonald's gotta wake my ass up at 6am
zealous charm
Doing the drywall at the new McDonald's gotta wake my ass up at 6am
have you tried not sleeping at McDonalds?
jagged storm
have you tried not sleeping at McDonalds?
In this economy?!
rancid totem
fuck economy
rose onyx
have you tried not sleeping at McDonalds?
It's a quote from office space from rats gif
rancid totem
capitalist emperors are sucking bloods
alpine pumice
dang, nightmare eclipse dropping more bombs. another windows privesc and a bitlocker bypass.
jagged storm
and what's that bullshit with UFO docs
rancid totem
like look at this, a magnet flying on the air
I used to buy these from street markets
rancid totem
no it's from 2023
rancid totem
but it's total distraction xD
wooden thunder
somone needs to make some money on kalshi and plantir
boreal pike
molten bobcat
But what shows are you talking about?
Archer, Bob's Burgers, Brooklyn 99, Reno 911, Solar Opposites
rough mirage
comforting people is really hard when you're so emotionally detached
high cobalt
Archer, Bob's Burgers, Brooklyn 99, Reno 911, Solar Opposites
Oh Solar Opposites is from Rick and Morty creators ... now I wanna watch it, too
brave matrix
Hello
How can I get the CDSA certification label?
high cobalt
comforting people is really hard when you're so emotionally detached
I just feel awkward in these situations, you too?
high cobalt
Good question, sadly I have no answer to this
dusky jacinth
Hello
How can I get the CDSA certification label?
get the certification
if you have it then just /verify-certification
strong canopy
yoh how do yall deal with the slow pings shiih has me on edge nd i want beautiful colours quick
high cobalt
What beautiful colors?
strong canopy
like against a target rn?
1435 ms
dusky jacinth
I mean yeah it's tough, but like I just deal with it
worthy cargo
Now I have two tabs, one for details, and one for explore relationships and impacket commands.
strong canopy
What beautiful colors?
i want every single role on me
strong canopy
I mean yeah it's tough, but like I just deal with it
strong canopy
https://tenor.com/view/epic-embed-fail-ryan-gosling-cereal-embed-failure-laugh-a...
ill surpass you son
gaunt gale
ffuf runs better on Ubuntu than in a Kali VM lmao
I'm using it for web fuzzing and it works much better
I'm serious
dusky jacinth
bruh that's just host vs guest os
gaunt gale
ya I know
so on host OS it works better?
I didn't know that
why not just install the tools on Ubuntu and use that
worthy cargo
What do you mean by 'better'?
dusky jacinth
I mean your guest OS doesn't have as many resources on it
so like it simply cannot perform at the same capacity
worthy cargo
It depends on your hardware too
dusky jacinth
yeah
worthy cargo
First what is better?
dusky jacinth
^^
brave matrix
get the certification
Thx
worthy cargo
What do you mean by better?
dusky jacinth
like just faster?
gaunt gale
What do you mean by better?
the same command runs on ubuntu and not kali, its faster. I mean it runs sometimes on kali but there's not as much troubleshooting as with a VM.
I mean is there anything wrong with me using my host OS for hack the box?
worthy cargo
I have a pretty powerful system, so for me kali vm runs just fine.
gaunt gale
what is the downside to using a host OS for hacking? I have excellent hardware (ubuntu with KDE installed on it) and like I actually think I prefer it
dusky jacinth
I mean is there anything wrong with me using my host OS for hack the box?
Not really no, but you'd just have to set all your tools on your up hardware. It's not always recommended, but you do you
worthy cargo
I mean is there anything wrong with me using my host OS for hack the box?
Nothing wrong with it but if you connect a VPN to your host system, you open yourself up to possibility of attack from another nefarious user maybe?
gaunt gale
Nothing wrong with it but if you connect a VPN to your host system, you open you...
I'm not doing that
I mean will it screw up my OS somehow?
strong canopy
do it. Don't say you will , cause idgaf
i have surpassed you sonion
gaunt gale
I really don't see how it would screw up Ubuntu by having ffuf or hashcat on it
or nmap
dusky jacinth
i have surpassed you sonion
Bro's in the "Wall street Bets" discord
strong canopy
Bro's in the "Wall street Bets" discord
dont diss my fellow regards brev
gaunt gale
I mean is it possible to ruin my device this way? I don't see how that's possible. I mean I see how with malware development how I could screw up my system with that
gaunt gale
but like even if I was doing that I'd get a Windows VM
dusky jacinth
or prove it
worthy cargo
I have rockyou.txt on my host, and hash cat, and I just copy the hash I want to crack from kali to host and voila, GPU acceleration works
strong canopy
or prove it
yoh bs aside you blue or red ?
gaunt gale
ya unless someone can show me how it will screw up my host box to install hacking tools on it or something I may just install the tools on Ubuntu and use that
I mean the tools run perfectly
lone sleet
Td i saw a ubuntu runinng on a bus
dusky jacinth
red
lone sleet
Most impressive thing i say td
dusky jacinth
that's called static analysis
there's a difference between reading code and the program having been executed, or compiled and executed
but like just use a sandbox if you have any worries
strong canopy
that's called static analysis
still knew to the stuff but i can analyze the .text/.rdata strings to an extent then i get stuck 
misty citrus
for the first time ever ai just said no to me
strong canopy
tag me cuh
dusky jacinth
still knew to the stuff but i can analyze the .text/.rdata strings to an extent ...
I'm not a reverse engineer or malware analyst, so I wouldn't be able to help you there
But, get good at reading dissassembly
probably start with some older "easier" stuff. VX-underground has tons of stuff you could poke with a stick
strong canopy
I'm not a reverse engineer or malware analyst, so I wouldn't be able to help you...
also i have these question that has been bugging me for a while saw a post for a while a guy claimed proxxies are far gone in this day and age does it also apply to TOR proxies are their anonymity rating a lie ?
strong canopy
probably start with some older "easier" stuff. VX-underground has tons of stuff ...
yeah i have like 10 malwares from him good guy
dusky jacinth
But they could probably help you obfuscate yourself from a corporation
if a 5-eyes govt wanted to find you? They could do it no problem
strong canopy
TOR and VPNs don't make you invisible
then what other ways do the bad guys use ?
say i was chasing them
dusky jacinth
good try
dusky jacinth
Here's a little secret of the trade. Only people who know how to do that teach people they want to know how to do that. And for the most part? Using the tools you've already mentioned can help you evade your local law enorcement for sometime likely, but not forever.
people have patterns
and patterns can be predicted
all it takes is one autist to see your schedule and pinpoint exactly where you'll be and when
strong canopy
good try
also there is a place called OTX alienvault you can check them out for like exploit news and stuff
dusky jacinth
You don't need to be avoiding the govt. But if your interested in "hunting bad guys" as you've said you could check out Threat Intel/ Threat Hunting
strong canopy
all it takes is one autist to see your schedule and pinpoint exactly where you'l...
GIF
L Theme
slender fern
my vpn is all kinds of jank today
dusky jacinth
There's some courses that go over that stuff
strong canopy
You don't need to be avoiding the govt. But if your interested in "hunting bad g...
thanks
patent lily
ya unless someone can show me how it will screw up my host box to install hackin...
There's a reason why people use kali vms
lots of problems you'll have with dependencies trying to install some tools on ubuntu and such
patent lily
but you can use docker for those
strong canopy
ya unless someone can show me how it will screw up my host box to install hackin...
i have REMnux and it ticks me off unlike kali
spare horizon
gaunt gale
lots of problems you'll have with dependencies trying to install some tools on u...
I haven't found this to be an issue
but we'll see
you have a good point
wicked dagger
hey <@218957491671793664> wanna do a quick lab overview with me in the <#7040708...
@spare horizon to?
patent lily
I haven't found this to be an issue
If all the tools you need work I don't see a problem with it but depends on how paranoid you are too and what is on your machine?
I wouldn't install a bunch of stuff in host os I do banking from or whatever
gaunt gale
ah ok
I see
well, you have a good point
how will web hacking tools get in the way of banking?
I'm curious
I mean banking is something you do via browser no? just log into your bank account
patent lily
how will web hacking tools get in the way of banking?
Same issue as installing any other stuff there may be malware especially now that supply chain attacks on devs are more popular and also some stuff you install may make your system more insecure in general
gaunt gale
Same issue as installing any other stuff there may be malware especially now tha...
ah ok
patent lily
Like as an example if you installed npcap on windows
rose onyx
how will web hacking tools get in the way of banking?
That cool burp plugin, yeah really an info stealer, gg
patent lily
Like as an example if you installed npcap on windows
Now anyone has access to raw packets
Without needing to be admin depending how you installed it
Just an example but that kind of stuff will happen
gaunt gale
Same issue as installing any other stuff there may be malware especially now tha...
what if you know its not malware? I mean ya but if you can tell the difference between malware and not malware it is arguably better no?
I mean I see the point you are trying to make
patent lily
what if you know its not malware? I mean ya but if you can tell the difference b...
Like I said depends how paranoid you are and what important stuff you have on your host os
You can't ever be 100% sure
gaunt gale
Like I said depends how paranoid you are and what important stuff you have on yo...
ah ok
gotcha
don't OffSec have a list of the places they get their tools from?
why not go to that list and cherry pick
there you go no malware
patent lily
No not "no malware" you are trusting their judgement
gaunt gale
ok
patent lily
It all depends on your threat model
gaunt gale
ah ok
what threat model requires a separate VM?
I guess if your doing something illegal?
strong canopy
@dusky jacinth remember hack the robot when elliot caught the p0rn0 guy who he caught he was routing his traffic to Tor thoughts and ideas ?
dusky jacinth
<@535831500369821726> remember hack the robot when elliot caught the p0rn0 guy w...
wdym thoughts and ideas
"Mr.Robot" takes place in 2015
dusky jacinth
a guy who's supposedly a savant getting access to the local TOR nodes that this dude is routing too isn't that wild for 2015 ig
patent lily
I guess if your doing something illegal?
No it has nothing to do with that it's what do you actually have on your host OS do you have credit cards saved on your browser? Do you use web bank on it? If you're just using facebook on it or whatever then I don't see an issue
dusky jacinth
but I wasn't a hacker in 2015
random aurora
Same issue as installing any other stuff there may be malware especially now tha...
How it will be supply chain atttack like for devices hacked in series way right?
dusky jacinth
I was 12
patent lily
You could also use like a separate laptop if you have one
dusky jacinth
and I was in band lmao
gaunt gale
No it has nothing to do with that it's what do you actually have on your host OS...
no I don't tend to save credit cards in my browser I use a free open-source password manager with encryption for storing passwords
patent lily
How it will be supply chain atttack like for devices hacked in series way right?
I don't understand your question can you use google translate to translate from your language?
gaunt gale
sometimes I use Chrome for like netflix but for anything private I use mullvad browser (including for banking normally)
molten bobcat
Lol
gaunt gale
I only use chrome if its necessary
molten bobcat
So those things don't matter at all
The communication is encrypted because it is HTTPS
Regardless of browser choice.
gaunt gale
ok but we're talking about whether installing hacking tools on Ubuntu is a good choice for opsec
patent lily
The communication is encrypted because it is HTTPS
He's asking whether he should use host OS for htb instead of a vm
random aurora
I don't understand your question can you use google translate to translate from ...
Supply chain attack you mean the devices will attacked one by one or mitre attack steps?
molten bobcat
If you're studying cybersecurity what the fuck do you care about opsec for
If you write the word "crime" in a book do the cops come and get you bro?
patent lily
Supply chain attack you mean the devices will attacked one by one or mitre attac...
It means someone who supplies software to you got hacked basically
rose onyx
no I don't tend to save credit cards in my browser I use a free open-source pass...
Which a info stealer can possibly slurp up
dusky jacinth
ATEOTD? Using a separate VM for pentesting instead of having all that junk on your host OS is just nice from a organizational perspective
don't need to have all your eggs in one basket
random aurora
It means someone who supplies software to you got hacked basically
Give me example I didnt get it
dusky jacinth
Give me example I didnt get it
You downloaded a important program
that program came from a trusted developer
random aurora
Okay ?
patent lily
Give me example I didnt get it
Okay you're using discord right now imagine discord got hacked they added malware to the app now you install discord and you also get hacked
dusky jacinth
but a hacker implemented malware into this program you are downloading
strong canopy
wdym thoughts and ideas
say he caught him right i want as to draw a map in our brains just a min
- he got phished
2.he got SEd
3.maybe did a physical typa investigation to map him leading to some typa data collected then ransomed him for something names passwords that typa thing
with this thoughts you could say he got head tapped from differnt angles not just bruteforcing his passwords right ?
random aurora
Okay you're using discord right now imagine discord got hacked they added malwar...
So yeah I got it the program hacked and u have hacked
molten bobcat
Okay you're using discord right now imagine discord got hacked they added malwar...
Supply chain is further up the chain
dusky jacinth
that's the most simple way I can explain that, but it's more intricate than that
random aurora
Yeah got it
molten bobcat
It's moreso like a component discord uses is compromised
Thus discord is also compromised
gaunt gale
Which a info stealer can possibly slurp up
ya but I also have 2FA on like everything and I don't tend to fall for SE attacks (I used to but not anymore its been a long time since I learned to spot those easily)
dusky jacinth
say he caught him right i want as to draw a map in our brains just a min
1. he g...
He says how he did it in the show btw
gaunt gale
even my discord has 2FA
random aurora
If you're studying cybersecurity what the fuck do you care about opsec for
Opsec is how to hiding your data from hackers that do osint stuff I think
rose onyx
ya but I also have 2FA on like everything and I don't tend to fall for SE attack...
2FA doesn't do anything when your token has been leaked
dusky jacinth
He sniffed the network traffic found suspicious activity, investigated and found that site he's takling about. Pretty simple movie level stuff
molten bobcat
Operational security is the practice not talking about what you do at work in public
gaunt gale
2FA doesn't do anything when your token has been leaked
ya but they would only happen if I got socially engineered which is unlikely to happen
patent lily
ya but they would only happen if I got socially engineered which is unlikely to ...
No
We already went over this
strong canopy
He sniffed the network traffic found suspicious activity, investigated and found...
dang memory is hazy lol aight
dusky jacinth
dang memory is hazy lol aight
all good. I'm like an elephant don't fret
it's apretty small part of the show tbf
strong canopy
even my discord has 2FA
saw an exploit for this no ?
patent lily
No not "no malware" you are trusting their judgement
.
rose onyx
ya but they would only happen if I got socially engineered which is unlikely to ...
Wrong, you don't eat where you shit. You don't install potentially dangerous tools where you have sensitive information.
gaunt gale
Wrong, you don't eat where you shit. You don't install potentially dangerous too...
ok gotcha
random aurora
Operational security is the practice not talking about what you do at work in pu...
Okay got it means organzation that know who the attacker and anaylsis the attacks
dusky jacinth
Wrong, you don't eat where you shit. You don't install potentially dangerous too...
this is the best finalizer i've heard this entire time
gaunt gale
but like then why not just get a separate device and put kali on that?
dusky jacinth
been looking for something that simple
molten bobcat
Okay got it means organzation that know who the attacker and anaylsis the attack...
No
random aurora
Its like blue team
dusky jacinth
but like then why not just get a separate device and put kali on that?
cause kali is a rolling release
gaunt gale
cause kali is a rolling release
ok
gaunt gale
why is a rolling release a problem?
patent lily
but like then why not just get a separate device and put kali on that?
You can but then you have kali on your internal network
warm ravine
I've heard some news that AI Data Centers are draining gallons of waters.
patent lily
Better separate it in a vm
random aurora
What is opsec thinking like an adversary to protect, information.
strong canopy
been looking for something that simple
prolllem is he isnt taking a second to preocess the various thing hes been told
random aurora
What is opsec thinking like an adversary to protect, information.
@molten bobcat
dusky jacinth
prolllem is he isnt taking a second to preocess the various thing hes been told ...
it's more thatn that, but we won't get into it
patent lily
whatever
It's up to you bro we're just saying why it's not a good idea but it's your choice of course
gaunt gale
It's up to you bro we're just saying why it's not a good idea but it's your choi...
ok
I'll have to research this then
but whatever
strong canopy
it's more thatn that, but we won't get into it
yeah letting the guy be might be better atp
warm ravine
What is opsec thinking like an adversary to protect, information.
Uh can u fix ur grammar, I didnt understand ur question
molten bobcat
<@169987831278600194>
What is your home language
turbid goblet
i get smarter everyday reading this channel
random aurora
Okay I will make it clear
molten bobcat
It's just tough to translate.
warm ravine
i get smarter everyday reading this channel
This server is filled with degenerate ppl trust
warm ravine
It's just tough to translate.
Nah nah
random aurora
Operations Security (OPSEC) is a systematic, five-step analytical process designed to prevent adversaries from exploiting critical, often unclassified, information about missions or activities. It involves identifying, controlling, and protecting indicators of, or data related to, planning and operations to mitigate risk.
molten bobcat
Yep
strong canopy
What is your home language
i have a dark humour joke wanna hear it (fun and games btw)
molten bobcat
i have a dark humour joke wanna hear it (fun and games btw)
No
dusky jacinth
Okay I will make it clear
arabic to english is a pretty hard translation, so don't beat yourself up to bad on it
random aurora
What was the question again
What is opsec ?
warm ravine
What is opsec ?
Oh right
random aurora
Operations Security (OPSEC) is a systematic, five-step analytical process design...
Thats the answer
warm ravine
Its just "Keep urself or ur team anonymous"
turbid goblet
thank u google
random aurora
Okay if I found the vulnerability in web thats kind of opsec
dusky jacinth
what was that LMAO
warm ravine
Tf did I just saw btw
random aurora
Okay if I found the vulnerability in web thats kind of opsec?
warm ravine
what was that LMAO
What was that
warm ravine
Okay if I found the vulnerability in web thats kind of opsec?
Thats OWASP