#research

https://tryhackme.notion.site/Research-Guidelines-12aabddf65c7801fae0cf41b74994b34

🙌

so would that veratasium video about ss7 and hacking the phone network count???

As long as it's a proper discussion, I will allow it 😁

well it is discussion and documentary format

https://www.youtube.com/watch?v=wVyu7NB7W6Y

wouldn't discord threads be a better format for this? each research paper can have it's own thread and discussion would be limited to that thread making it easier to distingush user comments and also would be much easier to discover articles

Good idea!

Starting a discussion

If you are looking to start a discussion, please ask a moderator or community mentor to create a thread for you.

https://youtu.be/-wu_pO5Z7Pk?si=odAhGOuR5K8UVnQS use this resource

https://youtu.be/JLebDfCHGVA?si=3jlb2EYmvGdjOGbH

The discussion ends when you realize its just like finding a node on the network, so you need to get access to the network first

before you can track someone

yeah fair

think the veritasium video is more none tech person understandable but more in depth is good

After all my research i've uncovered a universal truth installing Linux won’t make you a hacker

Can confirm. I even tried arch, btw

https://blog.fndsec.net/2024/10/04/uncovering-exclusion-paths-in-microsoft-defender-a-security-research-insight/

Does any-one get any voucher after compelting Cybersecurity 101 path?

Wrong channel to ask that

Created a note on subnetting based on what I learnt from the pre security. I don't know how much I pulled off the important information. Expecting honest comments and advices to improve my note more. Thank You.

Hi

hi guys i have problem while buying thm premium it keep decliening my payment

im from india

i have tried with five different debit cards

Hi,

Please contact support@tryhackme.com

ok thanks

Gave +1 Rep to @atomic turret (current: #44 - 194)

whats the tools working on Cloud Shell

anyone have any research or guidance on file level encryption vs drive level encryption?

looking for things like why you’d choose drive level over file level for backups in particular

is general guidance “it doesn’t matter, as long as it’s encrypted”?

quick thing off the top of my head is: drive-level encryption protects your files from physical access and file-level encryption protects your files from electronic access

If I may. This feels like a extra friction a bot function to create a thread might be better.

I think I confused myself with threads and Discord forums (sorry about that). Forums seem to be the most ideal solution. To reduce on spam maybe letting only certain roles create post might work better.

We decided against forum channels for this channel type:)

Yeah, disk-level encryption these days can take advantage of the TPM in your machine's motherboard, such as Bitlocker on Windows, or the LUKS disk encryption mechanism in Linux. File level encryption might allow you to store the keys elsewhere, such as on a USB stick to store the key, like with AES on a ZIP file; or using PGP to send/receive files through email (PKE, asychronous)

Just adding a couple things I thought of as well related to this

An attack may be possible in some situations where the attacker has extended unrestricted access to your hardware. The attack could enable them to retrieve your key from the TPM. Because of this, some people prefer to use disk level encryption in the other configurations mentioned, where the key had to be either inserted, manually entered, or even delivered by a Tang server or bitlocker network unlock. These configurations can open a different attack surface, but they also prevent decryption by the more commonly known methods for retrieving keys from the TPM.

An excellent point. Encryption and key security/management require the use of other tools/techniques to safeguard your systems. You could do something like hosting the user's work desktop on a cloud server (pub/priv) and require a vpn key on an external device or dot1x system in the office to allow a dumb/limited laptop to connect to the network

You can also require encrypted usb keys and control/manage the keys centrally for file transport. So if you had to physically transport a sensitive file to a restricted/air-gapped location, for instance, key management for the usb key and file can be maintained securely and access can be very tightly controlled

Hey, would you be able to make a post rather than linking to your Twitter? This channel is strict on advertisements, it is very clear in the guidelines -> #research message

@strange quartz Sorry, for the protection of our members, I'll have to ask you to ask our server to do this

Hopefully this is the right channel for this but recently the FBI and tons of other partners dismantled the RedLine and META info stealer. https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers. I found the report very cool. At the end of the report they show the redacted warrant they sent to the domain hosting provider. It’s very cool the amount of work our federal employees from around the world worked to shut down these 2 prolific info stealers.

that's perfectly fineee. Where should I ask the server?

What were you trying to do, post a job?

nono it's a Google form to carry out an online survey for research project 😔

I'm assuming the word Admin, so Server Admin, is missing from Scrubz message

oooooooo

It is

Yo everyone, recently did a deep dive on a recent 0 click CVE with a 9.8 CVSS score. Also developed a PoC for it and published a video on YouTube showcasing how it works.

My full article with a deep dive into how the kernel level exploit works:
https://dragkob.notion.site/ipv6-the-0-click-gateway-to-hacking-windows

Wow! Very in depth analysis of how a simple function, if exploited via manipulating the IPv6 extension headers can lead to an integer overflow and cause a dos attack.

reverse engineering the patch itself was very smart.

Also your website looks fabulous

https://tenor.com/view/keyaan-john-wick-keanu-reeves-gif-2384046765437701795

My friend just posted their first ever blog post about a research project they did, I am really proud of them!
The project was reverse engineering a phone that they had gotten, really cool what they have found 😄
https://zestfulzodiac.substack.com/p/from-secure-to-exposed-a-forensic

Because it's a growing problem in certain parts of the world, it's definitely on some peoples' radars, from TCM, an introduction to replay attacks in car theft:

https://www.linkedin.com/comm/pulse/intro-car-hacking-replay-attacks-tcm-security-inc-qpb0c

Thanks for sharing 😄

Gave +1 Rep to @cunning kelp (current: #21 - 436)

Over the past few months, has anyone seen any particularly interesting vulnerabilities or threats?

Further reading would be great 😊

ubuntu linux targeting uefi malware called bootkitty

interesting and scary for shadow

not that shadow runs ubuntu

I've just come across these "telegram trading bots" for solana coin or something. I know they're not safe and I want to prove it. Has anyone got any more information on these bots? I can just tell there's a team waiting to wipe everyone's crypto wallets on the other side, I was wondering if there was a way to prove it.

The one someone has said was called "trojan solana bot" or something similar.

This is really an advanced topic

guess I gotta get my level up to 0xD then !!

Anyone analyzed ACS_stream Programm? I tried but couldn’t find anything. It collects routing table and network infos on startup. Tried to find if it forwards those information

https://dragkob.notion.site/ipv6-the-0-click-gateway-to-hacking-windows

Tracking an NK campaign right now, someone in here reached out with a file malwarebytes detected as a stealer, turned out to be invisibleferret - worked with victim to find the initial IOC and started tracking a multitude of LI profiles spreading beavertail + invisibleferret combo through contagious interviews, almost all of them are crypto related and ask the interviewee/victim to run a node project, usually some boilerplate web app with an exec snuck in that executes obfuscated node (beavertail) within a PNG

will likely soon have a research article and TTP/IOC report on our blog but Unit42 also covered this very well: https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/

seeing a big uptick as we've identified a few new C2 rotations and new campaign IDs as recent as a few days ago

Anyone familiar with sensity-ai/dot or any new improved versions ?

Hey y’all, I wanted to share my analysis of the Akira ransomware. Feel free to give me feedback on it. It would be truly appreciated. https://medium.com/@Not_AceS/static-analysis-of-the-infamous-akira-ransomware-808ff3fd047f

writer from my lil research / ctf team finished summarizing our analysis of beavertail/invisibleferret :)
https://team-bytesized.github.io/articles/malware/beavertail_invisbleferret.html

I'm working on a honeypot project. This mainly focus on finding if there any flaws present in the present honeypots.
Can anyone suggest how should I start n find out some resources as I'm not so familiar with it

You’re more than welcome to publish your findings here, but this channel is more for sharing and discussing papers:)

your best bet would be to #advanced-general or #exploit-and-mal-studies

Okay

Former NSA cyberspy's not-so-secret hobby: Hacking Christmas lights
https://www.theregister.com/2024/12/25/joyce_christmas_lights/

https://revdiaries.com/post/solara-malware-analysis

Awesome analysis! I'd definitely like to come back to this post as a later point and see if this Malware creator is behind any other of the popular malware scripts.

It's actually incredibly common for Roblox DLL injectors and scripts to actually be malicious.
Something about Solara is that it actually was a real 'legitimate' cheat but, if I remember correctly, someone created their own fake Discord and started distributing a fake version.

Yeah this is the fake one i assume.

They have updated their github account, you can find them at the very bottom of the page @hazy crypt

And i have found 2 different samples associated with the same developer.

cool writeup. what did you use to pin down the c2 servers and their companies? or, where does a sc like this come from?

https://www.404media.co/violent-hackers-are-using-u-haul-to-dox-targets/

kind of frightening

https://ipinfo.io/AS44559

This can only have positive outcomes...
https://www.theguardian.com/uk-news/2025/jan/19/ministry-of-defence-enlists-sci-fi-writers-to-prepare-for-dystopian-futures

https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw

I found the link above after being inspired by https://tryhackme.com/r/room/oauthvulnerabilities

Hello everyone, this would be my 2nd analysis blog and this time it is on the notorious malware “Industroyer”. Any feedback is welcome https://medium.com/@Not_AceS/industroyer-analysis-187bd1f5ffc7

Anyone heard about these telegram channels cropping up in the Uk?

What's happening is people are clicking links to join them, and then the link redirects them somewhere, asks for camera permission, takes a photo with front and back camera and then sends that to someones private telegram channel

I'd give it a good look through but it seems like a lot of trouble

Sounds like a great way to get a photo of my feet and the WC floor

Nice read, thanks for sharing

Gave +1 Rep to @wet crystal (current: #59 - 147)

Very interesting, thanks for sharing!

Gave +1 Rep to @wet crystal (current: #59 - 150)

An old story from back in 2017 popped up while scrolling. Though you might find it of interest

Here's the article:
https://www.wired.com/story/malware-dna-hack/

And here's one from the IEEE:
https://spectrum.ieee.org/researchers-embed-malicious-code-into-dna-to-hack-dna-sequencing-software

can a attacker get shell of Victim through bind shell ?
is it possible ?

This is out of scope for this channel :) try #general #infosec-general

Awesome analysis - can you suggest any resources that get me started with understanding decompiled code, rev engg and low level code and static analysis in general.

https://github.com/mschwartz/assembly-tutorial
https://pwn.college/
https://crackmy.app/ or https://crackmes.one
Youtube: OALabs, Low Level Learning, MalwareTech

IMO, Best practice for reverse engineering is writing your own C/C++ code and disassembling the binary. You will spot the similarities and understand how certain code works in low-level environment.

oh cool, thanks for the summary, wasnt for me, but still appreciated 😄

Gave +1 Rep to @rotund latch (current: #27 - 362)

gotcha, i did some basic cpp development for a small app and used winapi but thanks for these resources.

Gave +1 Rep to @rotund latch (current: #27 - 363)

I would loved to share my latest research about recent Sandworm APT activites https://x.com/WhichbufferArda/status/1889333208438767708

Interesting, did you create the attack graph?

nice post! 💪

https://medium.com/@Not_AceS/fake-fortnite-exploit-malware-analysis-21d908696642 For this malware analysis blog i analyzed a fake Fortnite exploit that is actually malware. Feedback is welcome!

This was a nice blog. Short and straight to the point. Good job.

Feel free to share more if you do work on more. I'm personally very interested in forensics, but don't really want to go into the technicalities of it.

So I enjoy reading articles like yours.

It feels like a sherlock investigation lol.

https://tenor.com/view/sherlockholmes-gif-22362331

Aye thank you very much, and yes I have another coming. Forensics is very fun

Gave +1 Rep to @stone mica (current: #153 - 54)

https://tenor.com/view/handshake-arthur-read-francine-alice-frensky-agree-shake-on-it-gif-19405532

Late to the party, but this was a good read. Straightforward and palatable. Thanks for posting!

Gave +1 Rep to @unkempt jolt (current: #61 - 143)

Thank you friend

Gave +1 Rep to @obsidian kettle (current: #1858 - 2)

Glad you like it

this is a place for research, not advertising, please read the guidelines in the channel description

i like this ty!!!

Gave +1 Rep to @wet crystal (current: #53 - 172)

Hello y’all, I made another blog about the malware called Formbook and it’s a stealer. Instead of your normal executable, it’s a java script file. Feedback is welcome 🙏

https://medium.com/@Not_AceS/formbook-javascript-malware-analysis-098c37137189

Can we download it

hey guys ik this is super random but ive just started my journey into cybersecurity and ive missed a class where they where using the amazon aws

ive created a http server ( public) and database(private) i ssh'd into http server already using my key which i transfered using scp -i EC2_ubuntu.pem EC2_ubuntu.pem and now when i im in the ubuntu machine and i try to ssh into the databases private ip it doesnt show anything no words and 2 minutes later it says ssh: connect to host 10.0.0.223 port 22: Connection timed out

if someone could help me i would greatly apreciate it and i will be in ur dept 🙏

first of all: wrong channel. next, you do NOT provide enough information here, with that it’s impossible to help you. besides what you ask is a rather noob question, are you sure u wanna start your journey into cyber now? instead i suggest you learn more basics in network + operating systems. to fix your problem make sure you know at least enough about ssh (PW + PKI) and how to add ip address, change routes, learn what subnetting is .. the list seems long so i stop now but should be a start that keeps you busy. good luck 🙂

Hi

How to capture login traffic without Wireshark ?

Wdym ? Why you want to do that ?

guys i found something interesting, is there a way for a phone on your network to declare itself as a router and appear as one in ipv6 neighbor discovery?, i ran the network through wire shark and it seems there is a device spoofing requests trying to look like my router with smaller differences to the mac address

also i blocked upnp request on my router a few days ago because it seemed like i am getting DDoSed from all of my IoT devices, so now i get a ton of port 5353 request instead by the same volume

also there was a suspicious address trying to access SMB today which i have never seen before

all of these got blocked of course, but the only devices that were acting weird is that phone that appears as a router, and another computer that can traceroute other devices, but you can't ping that computer or traceroute it, sounds like a man in the middle attack with a rouge router, i might be looking too much into things but i did get an arp poisoning alert from that same phone when the issues started, plus there a hefty amount of arp requests in the wireshark sniffing i did before

what do you think?

Can I dm?

would rather keep it in this forum if you have anything to add

Okay

do you have IPv6 RA Guard enabled?

im less worried about their foothold, more about how they are doing it

easy, MitM

yeah

arp poisoning, mitm, lateral movement, IoT device acting like botnets, rough routers using ipv6

was wondering who else acts in that fashion

Who doesn't ?

It's really common

mirai spiked on days where i had the most intense attacks

so i had my suspicion

but i dont see any malware drops

Yet

If I'd be you, I would disable IPv6

yeah i thought about that

but my curiosity has the better of me haha

Fair Enough

disabling DHCP is also one thing I'd do

i actually wanted to check my DHCP tables but cant because of the hardware im using

i think they know this hardware because of the way they are attacking

its very simillar to the recent ASUS routers attack

Then you are going to have a long night

Unplug internet. Problem solved

Also I'm not sure why would someone chain such a complex attack unless you are a very high profile such as a government or a high value target.

Exactly what I thought at first, but it's probably some sort of botnet that specifics in that hardware

Didn't find it's command and control though so can't attest to that

Dammnnn 😂😂. This is like me reading a life sentence

Does anyone have any favorite research papers about China's AI ecosystem or cyber policy? I want to further my knowledge here.

Just a fun jaunt into a little bit of recent history

https://www.youtube.com/watch?v=fxqcwK5OMag&pp=0gcJCcEJAYcqIYzv

Hi everyone,
Does anyone know how to get SoP for SOC operations and if any real world datasets for research purposes?

Is there a legal way to get some good datasets?

New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage

https://www.infosecurity-magazine.com/news/major-overlaps-cybercrime-espionage/

My team came across a malware sample that one of the members here was kind enough to send, so we got to do a nice little analysis report of it:

https://detraced.org/posts/just-another-minecraft-rat/

https://github.com/sneakers-the-rat/gpu-free-ai/blob/main/LICENSE

what on earth does "100% efficiency" mean? Does it just slam the compute on all available cores?

I think 100% efficiency means no compute is used

oh. I just looked at the code. I get it now

A very important topic we've touched on at various points...

https://en.wikipedia.org/wiki/IP_over_Avian_Carriers

How the NSA Hacked Huawei: Operation Shotgiant

https://www.youtube.com/watch?v=aQNgelm7JeE

what is this? gpu free ai?

This is what it is:
https://github.com/sneakers-the-rat/gpu-free-ai/

this channel is for research, please use #resources 🙂

https://quickskope.com/

https://github.com/tjnull/QuickSkope

Your body can be fingerprinted and tracked using Wi-Fi signals

A new system developed by researchers in Rome can identify specific people and their locations with 95% accuracy.

https://www.pcworld.com/article/2856683/your-body-can-be-fingerprinted-and-tracked-using-wi-fi-signals.html

The image gives off Watch Dogs (the game) vibes

/so_much_for_subtlety hay whare ara find a tools

Anyone here prepping for Python basics / Security+ / THM modules / AZ-900 and wants to form a beginner study group?

Please do not spam it everywhere.

Ok then
Who can help me!

Yes google is.

what do you mean study group?

Studying together

Happy to share my latest finding on how to bypass CVE-2025-24054 security patch and get a NTLM challenge from explorer.exe in 0 click

https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/

Nice blog

Great blog mate

Ethical basic book links can somebody provide to learn

#bookclub

blog on mobile security https://blog.azzahid.com/

Technique to exfiltrate git credentials from Argocd: https://futuresight.club/posts/0x00_exfiltrate_git_credentials_argocd.html

Access Denied Subdomain Bypass
https://infosecwriteups.com/access-denied-subdomain-bypass-178c2717fad9

.

https://ghostman01.medium.com/unauthorized-unsubscription-employee-bf36d81e3e8d

anyone ever wrote and submitted CVEs?

i've got a couple i found but not sure about the process

Maybe somebody from #bug-bounty

cheers

https://pastebin.com/tKSVFHtz

Tested on:

• Windows 10 Enterprise x64

  • Specs: Intel i5-8500, 8 GB RAM, 256 GB SSD, SentinelOne EDR installed

• Ubuntu Server 22.04 LTS

  • Specs: AMD Ryzen 5 3400G, 8 GB RAM, 128 GB SATA SSD, default ufw firewall

• Debian 11 (minimal install)

  • Specs: Intel Pentium G4560, 4 GB RAM, 40 GB HDD

• MacOS Ventura (Intel)

  • Specs: Intel i7-8850H, 16 GB RAM, 512 GB NVMe SSD

• AWS EC2 t3.medium (cloud target)

  • Specs: 2 vCPU, 4 GB RAM, EBS storage, Linux AMI

• VirtualBox/VMWare VM

  • Specs: 2 vCPU, 2 GB RAM, 25 GB virtual disk

— — — —

Worked on minimal:

• Debian 11 VPS / VM

  • Specs: 1 vCPU, 2 GB RAM, 20 GB disk

• Raspberry Pi 4 Model B

  • Specs: Quad-core ARM Cortex-A72, 2 GB RAM, 32 GB microSD

i am currently writing a full blog on how i came up with the idea for project synthesis and more — stay tuned, may take a minute, trying to garner some outside help with it😄

please take this seriously

deeper look into a log https://pastebin.com/2PG8Hh1M

Read my new article on 503 Page leads to critical bug https://ghostman01.medium.com/503-page-to-critical-bug-00e284eaeebe

😫

Hey guys idk

If I'm on the right channel

But could anyone recommend mu WordPress and drupal ctfs that I can use to get practice in?

Ping me if you're willing to help, thanks

@full elbow have u tried Drupalgeddom?

This one
https://tryhackme.com/room/blog

hi guys
anyone know about how to do penetration testing for web application

Please read the channel guidelines from the notion document in the channel description:)

I have not

I've played this

https://tryhackme.com/path/outline/jrpenetrationtester

Thanks @earnest frost

Gave +1 Rep to @earnest frost (current: #1 - 5968)

@earnest frost I will enter university, but I love cyber security. Should I enter computer science as a university major instead of the cyber security college? Because my teacher said that cyber security is a major, not a field. I also believe that cyber security depends on side certificates, a creative major.

I don't feel competent to answer such a question , I would suggest you to ask somebody from #cyber-and-careers channel 🙂

Bro I literally just now saw a short abt it want me to send it u?

Can you make sure that all articles published here are freely accessible to read (i.e. not limited to members only or are paid).

Yeah my articles are Free to read, there's a Free Link on top of every article of mine.

When I attempted to read the article it said the Author has limited it to members only - please post the free link instead of the other one 🙂

Post the free link please not the members one.

Hey I posted free link

I opened it, it was still not the free one 😅

Sorry my bad

https://ghostman01.medium.com/cbcf2b73946e?sk=264a7e1160f0a7180093202206cfaf78

Kindly open this

@hazy crypt hope this link is working.

Seems to be okay, thank you

https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html Found this a while ago, that might become interesting in the future. 😄 Already thinking about how to prevent that from happening.

Boys, what do you think about this method of encryption?
https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/Encryption Methods/ecc_shellcode_exec

@stone mica
Hey, sorry about reaching out to you, I just had a quick question for you.
Do you by any chance keep track of server statistics, specifically monthly message counts? I'm looking into a decline in social media usage, I was curious to see if this server affected in the same way

Hello.
Statistics aren't publicly shared for this server.

Oh ok, all good!

Would you like the cert roles?

Gave +1 Rep to @stone mica (current: #26 - 406)

➕ Gave the role OSCP to zumiyumi

Great write up, Zumi. I especially liked the detail you gave in your advice about having a disciplined methodology and its rigorous application.

Discovering your own flow is so important and I’d often overlooked.

I also liked you comment about knowing how far to go and knowing when to stop.

Just so people are aware:
This channel is not for promotion. It is intended for research-based discussion - links will be removed if they do not fit the guidelines of the channel (this can be found in the channel description).

:hammer: buieevdkw5iw#0 has been banned.

Done!

DeTraced Security has finished our second engagement! This time we followed a TA across the internet. This time we've published both a blog post and also IOCs/YARA rules. Feel free to check them out!

BLOG:
https://detraced.org/posts/infostealer-turned-ransomware/

IOCs:
https://github.com/DeTraced-Security/detection-rules/tree/main/groups/betray

That's reserved for advanced channels.

yo i got a problem is there anyone?
i accidentally bought PT1 and now i want to cancel
is it Possible?
because i dont see any Cancel anytime button

https://help.tryhackme.com/en/articles/8282427-refund-policy

😶

Heya guys how's it going?

I just joined a team doing research on post quantum cryptography (PQC) in classical networks and so I lightly dipped my toes in lattice cryptography, NIST's current standard algorithms, Rolfe Schmidt's Triple-Ratchet yada yada

For more context, we want to discuss, since PQC implementation is a classical problem (no quantum hardware needed), what's getting in the way? Why do we not have PQC everywhere already? Is it the problem of key sizes, is it some other bottleneck, etc...

I just wanted to ask over here if you guys have any impressions, heard of anything interesting, etc?

I assume it's mostly just the inertia and difficulty of switching over existing systems? It takes time to upgrade things

Like the US Govt has addressed PQC as something to use but their timescale is to get all their systems changed over by 2035

Balancing the added cost of rushing to upgrade everything sooner with the added risk of upgrading later

Plus since most PQC algorithms are pretty new there's a higher risk of new vulnerabilities being found. Patched now but KyberSlash springs to mind

Replacing cryptographic hardware modules is trickier than replacing software as well . and hard to justify to consumers., so a lot will not be updated until replaced

But to answer why we don't have PQC everywhere already, they only standardised it a year or two ago and it takes longer than that to implement a change of that level for a lot of large systems and organisations

And a lot of smaller less critical systems will feel less pressure to switch

https://www.nccoe.nist.gov/sites/default/files/legacy-files/pqc-migration-project-description-final.pdf

Document from NIST outlining the steps involved in migrating^

https://arxiv.org/abs/1909.07353
Relevant paper, brings up the concept of "cryptographic agility"

@sand pumice

That's so helpful, thanks for the tips, I appreciate you taking time to explain a lot 🙂

Gave +1 Rep to @hallow zinc (current: #3240 - 1)

Stay blessed

Hello everyone, I have a question: would anyone be willing to take a look at a vulnerability report I created earlier this year?

It’s based around an audio exploit I caught in the wild and reversed engineered. I sent the report & exploit to Google’s research team on April 11th and on April 16th, Apple pushed out emergency patches that match the description of the report provided and accredited Google.

I found what I believe is a hardware flaw on the iPhone and would like an opinion of whether I am missing the mark or not..?

Helo any help me

Hi! Happy to share it with you

Microsoft blocks VBS macros on retrieved word document templates, even in a local intranet networks, to prevent phishing

I found a way to bypass it on local networks, using LLMNR poisoning. Can be useful for local phishing assessments!

Microsoft didn’t recognise it and there is no patch

https://github.com/rubenformation/Office-Intranet-MOTW-Bypass

If it's not related to THM we cannot help.

Hello guys, can anyone explain to me why can't i crack my own kali linux password using John the ripper. I just finished doin task 6 of "John the Ripper: The Basics" room and i wanted to try it out on my own system.

I'm using a usb bootable OS of kali linux.

mmmmm am i askin in the wrong room? lol

Wdym by can't crack, what's happening?

Like, i did "sudo unshadow /etc/passwd /etc/shadow > un.txt" then tried using john to crack it but results in:

Using default input encoding: UTF 8
No password hashes loaded (see FAQ)

Likely it did not recognise the format

hmmmmmm

quick qs, how should i write a yescrypt in the "--format" of john?

--format=crypt

oh, thanks @digital mauve

Gave +1 Rep to @digital mauve (current: #31 - 351)

🥲 still couldn't crack it. Thanks anyway guys 👍 👍

ah wait bruh, i mispelled "crypt"

hahahahaahah! finally cracked it

there you go lol

How to crack it

What format

Hi

hey guys

umm....heloo?

I found that fileName parameters in the ms-photos URI handler supports UNC paths.

Combined with a server redirection, it allows to leak NTLM hashes, with a one click condition (open photos popup) from any browser.

This combination could allow wide supply chain attacks, since it moves from a browser redirection to NTLM hashes leak.

Find more details and a POC about it

https://github.com/rubenformation/ms-photos_NTLM_Leak

I hope I'm asking the right room here, but does anyone have any suggestions on THM rooms to help in mastering Wireshark? I've done Network Traffic Basics, Wireshark: The Basics, and Wireshark: Packet Operations. When I got to Wireshark: Traffic Analysis, it immediately felt overwhelming and like I needed more practice with the Wireshark foundations. Any recommendations would be appreciated!

downlaod the .exe

very studious

Try some challenges like Chrome or Horizon rooms 🙂

can do

i am a newer cybersecurity student, but has anyone crafted steps towards remediation?

Yes it was patched finally by Microsoft
For non patched environments disable SMB outbound connections if not needed, especially for public IPs on firewall

Did you stumble upon this exploit or were you kinda digging for it already?

I found it while researching about a new MOTW bypass I found on Intranet

This one

I'm still quite new and networking is not strong suit, what is Mark of the web bypass exactly? And did you use burp suite or custom tooling for LLMNR poisoning?

You should read about it in MSDN and learn about these things in THM rooms 🙂
You will understand it better

Understood, thank you for pointing me in the right direction!

Gave +1 Rep to @glossy thorn (current: #3292 - 1)

You welcome
Here are some additional article to read

https://learn.microsoft.com/en-us/microsoft-365-apps/security/internet-macros-blocked

https://www.twitch.tv/videos/2630031275 virtual high five for anyone that can explain this

ngl sorry i didnt read the rules i just saw research and posted something never before seen before the uhh the impossible happening is what im referring to btw

Hi is there anyway to download G-Drive video, which I have view only access..
Any browser extension or downloader?

maybe try yt-dlp

try

Hi all , I would like to know your opinion on the most important points regarding maritime traffic and its traceability. If you have any ideas, I'm all ears. My husband is working on a research project on this subject. Thank you. My DMs are open if you have any information.

with rules

Hello guys...

Can anyone help a 15 years old kid by making an basic research in deep way about - all common thing, activities and function of malware and virus and more.....
But here is the catcher, it all should need to be common.
Advance thanking you.
For helping.

So you want help with Google, Wikipedia, and such?

Yea...
It because i am planning to build an unbreakable antivirus.....
It can be impossible but until i see what make it impossible....
To learn why it is impossible i need data about the common things of malware... M

Hi everyone,

I’m an ISC2 CC-certified cybersecurity undergrad( final year) with solid theoretical knowledge and intermediate Python skills.

Looking for Final Year Project (FYP) ideas that are feasible, doable, and novel in cybersecurity.
Please share your thoughts 🍀

Built an antivirus

With python experience, security focus, and considering what's modern and popular, you could look into AI guardrails. What seems to be generally under-emphasized is response-based checking (and this is often very complicated to build because responses in chatbots are often streamed to the user)

Is wsl good for hacking ?(I have a old laptop which only has one port so I can't boot into kali Linux)

It's pretty mid - Though you most def can run kali here. Doesn't it have like a CD slot or sm?

Nah no cd slots just a mini displayport and a regular usb 2.0 port

Hello everyone,
I am a cybersecurity student and I am currently working on a CTF. However, I am encountering several difficulties, particularly regarding the management of rights and the exploitation of files.

In the scenario, I play as Alice and I have to send a message to Bob using a mechanism related to the cron.log file located in /tmp. I managed to create a script via nano to retrieve a message belonging to Bob, in which there was a flag.

However, my teacher explained to me that even though I had 'passed through the door of Alice’s burrow,' I hadn’t gone 'to the end of the burrow.' In other words, I started the exploitation, but I did not push the logic to the end.

I think that a complete Cyber Kill Chain should be set up, notably by using a reverse shell to obtain access under Bob’s identity (or at least perform actions on his behalf). The problem is that I can’t use Metasploit, because Alice doesn’t have the necessary rights to run it. It’s at this point that I block.

I am also supposed to find root access, but I did not see any exploitable trace in the files provided.
Would you have any advice or leads to move forward?

This lab is inspired by both Matrix and Alice in Wonderland. I have already followed the white rabbit... and now I have to find out how to explore his entire burrow, until the end

I have screenshots if someone wants more details

Does anyone have an utility tool for managing tiktok

Is this for academic work?

Yes... On THM on private room I need to to an Vertical Privilege ... I haver did horizontal

We can't help with private rooms.

ok I understand thk you

My budget is 500 what laptop should I get for software development and ethical hacking I'm also planning to get a wifi adapter

there is no laptop for 500 which will be sufficient

Buy second hand

How good is the ASUS Vivobook Go 15 (Ryzen 5)

hlo

Hi

Hello is this the room for malware development and analysis?

maldev would more be for #advanced-general, analysis should be fine if its structured as research

Can't enter this room

How to get in?

you need to be 0xD or higher

Okay thank you tao

Gave +1 Rep to @spare monolith (current: #93 - 113)

I'll grind more

no worries, enjoy

I use kali on wsl but I wouldn't say its the best experience, had a decent amount of issues to troubleshoot but if u are going purely for the cli experience then its fine

I'd generally prefer to use a vm in virtualbox/vmware (I avoid Hyper-V unless it's the only option), or the AttackBox if needs be (and not the THM Kali implementation). Kali WSL is pretty buggy, and you're relying on Windows networking

Yea had a decent amount time busy downloading and figuring out dependencies and solutions for issues for kali on wsl, I do use a VM for like rooms and stuff

The one main reason I never use wsl though is because I only ever use Windows when I've connected to a target

Should I use reverse tcp or rce?

I've never been able to use ssh to connect to machines in WSL kali, have you faced the same?

Yea that was pissin off, idk what I did, like a while back, but had to configure the wsl network to sort of make it work but then I just gave up and started using a vm

I have faced something similar

Can you elaborate?

I was planing to test anti virus for windows 11 so I decided to ask should I use rce or reverse tcp

what you're saying makes no sense. It's like saying should I use fruits or apples

I was just testing which one's better reverse or rce

Reverse tcp*

Like I said, it makes no sense. One is a specific technique while the other is a broad category of vulnerabilities.

I was just tryna find out which one is better at being undetectable

Are you talking about metasploit payloads atm or should we start explaining what RCE and reverse shells are?

I already know

Heyy guys today i got the Advent of Cyber rewards and i have got 75$ voucher but i am not able to utilize it cause i already have the premium so if anyone wants it .
Dm me .

Hii guys I want to learn free el ethical hacking h from basic , anyone have idea Abt free alternative. ?? Plz DM and reply me..

Bro i also want it
If you get any information pls share with me

@vapid crystal pinging both of u—tryhackme used to have a free roadmap that was removed. however, some of their blog posts still gove some helpful information that i find really useful ^^

this one has a full ethical hacking/offensive security roadmap linked: https://tryhackme.com/resources/blog/free-offensive-security-training

Actually i have gone in this website in past but I don't know how to use this website, like
Where is the starting point because i don't have knowledge about hacking and I'm here to learn ethical hacking?

From the dashboard, click on learn, it should show you a road map for pen testing which is in red. You’ll have all the rooms there

you just click on a room, then follow the steps to complete it. each room will have text you have to read, and questions to answer based on the text, and sometimes interactive machines. since you said you wanted a free alternative, you can go through the links in the article i gave and comeplete them in order. It should give you a lot of knowledge. If the site is too complicated or hard, there are many walkthroughs on rooms on youtube :)

You said on youtube?

Tell more about on youtube?

Hi everyone!
I’m looking for Discord or Telegram channels/bots that focus on cybersecurity news. Specifically ones that share updates on major data breaches, threat reports, and security incidents. I tried searching for them via reddit forums and google dorks but couldn't find any links. Any help is appreciated

if you just look up “tryhackme room walkthroughs” you can get help on some rooms for the site. Alternativly, you can search for things like “ethical hacking” or “eithical hacking courses” to get informational videos

Ok I will see a soon but what Cource you have done ?

Like :- cybersecurity, Ethical hacking or ?

ethical hacking rn, im following the free roadmap i gave you earlier

this was the closest thing i could find! idk how good it is but it seems to be what you’re looking for: https://top.gg/bot/1024363293189611581

I mean to say , you following this course in veido form?
Or in text form?
Like u read and follow the task , you do something like this?

yes, it is in text form.

This link for what?

the ethical hacking free course https://tryhackme.com/resources/blog/free-offensive-security-training

Bro I felling very turble when go practicing from the taxt form .
Like, how you can understand and apply?

usually i have to take notes and the questions help. i read the text once, then read the questions, and answer any i can,then read again to answer the rest of the questions

but the hands on stuff helps to

Do you really Think this , it is enough for A to Z ethical cource?

So what are some good trends to be researching as of today?

Not the place for recruitments.

Oh you spammed it everywhere.

If someone's into IR - a cool piece to read on recent hack of some power plants
https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf

Should I install debian or kali?

Do you want all the tools, or do you want to research, install and use yourself?

Good read. Really scary to see how many times they mentioned the use of default credentials 😞

I'll go with kali then

Well I was in the same spot and now I run kali as a container in fedora. I use distrobox to run kali in a container and it's very impressive. You can even run GUI apps from the container and also export them to your host machine and they will still run under your container. Not to mention I can access all of my host files from the container. You can give it a try and check out for yourself -> https://github.com/89luca89/distrobox

Good approach

thanks bud

Gave +1 Rep to @copper anchor (current: #790 - 9)

Anyone ever heard of silent Mafia or slient Mafia or mafioso. Just asking

Thx

Gave +1 Rep to @steep oxide (current: #3614 - 1)

A structured, cross-referenced knowledge base for Android security research.

How malware works. How attacks exploit the platform. How protections are broken.

https://zahidaz.github.io/awake/

Anyone ever here of a collect agency called Harris & Harris?

No why?

Hello everyone,
I’m currently learning IBM QRadar SOAR and working with playbooks and Python scripting. If anyone has experience in this area, I would greatly appreciate your guidance.
Could you please share any recommended learning materials, documentation, courses, videos, or practical tips that helped you?
Thank you in advance for your support!

Does tryhackme have certifications?

https://tenor.com/view/google-exists-google-search-it-geekboy-geekboy-cz-gif-25933207

Thx I guess?

#sec0 #sec1 #sal1 #pt1 🙂

Thx

Gave +1 Rep to @earnest frost (current: #1 - 6119)

https://tryhackme.com/room/defensivesecurityintroez?taskNo=1&sharerId=699b6625fd848091891da1e1 help

can someone help me??

Hi are you interested in possible collaborations with my company in vulnerability research on mobile and desktop?

Anyone have a suggestions for github projects on cybersecurity? would love the reccommendations!

active directory labs !!!

Can you run hydra on a Linux emulator

And one more thing which language is the best? Python or C++?

It’s better to know both

If you mean in a VM - yes 🙂

Python for beginning

Thx

Thx

Gave +1 Rep to @gloomy breach (current: #3680 - 1)

is this really how this server works?

i dont think you know what ethical hacking is

Does anyone know how can I apply for mod

#mod-application

Hey THM Fam! Sharing my own research: Human Detection of AI-Generated Phishing (participants welcome)

The study is live and open for participation if you want to contribute to the dataset or see how you perform. It's free and takes about 5 minutes - and as a bonus, it's a video game:

https://research.scottaltiparmak.com/

I'm running a study looking at which phishing techniques produce the lowest human detection rates when all stimuli are AI-generated. The core question is: when writing quality is no longer a distinguishing cue (because everything is LLM-generated), what structural and contextual properties of a phishing attempt are hardest for people to catch?
The study uses a 1,000-card dataset across six phishing technique categories and three legitimate email categories, all generated by LLMs to partially standardize linguistic quality across conditions. Participants classify each email as phishing or legitimate and rate their confidence.

Early data from 95 participants (1,520 classified cards so far):

Overall detection accuracy ranges from ~80% (general users) to ~88% (infosec professionals)

The gap between security professionals and general users is not uniform across techniques.

Authority impersonation shows a clear training effect, but hyper-personalization narrows the gap significantly

17% overall bypass rate (phishing classified as legitimate)

The full study protocol and dataset design are published on Zenodo:
Altiparmak, S. (2026). Human Detection of AI-Generated Phishing: Study Protocol and Dataset Design for the Threat Terminal Experiment. DOI: 10.5281/zenodo.19059296
Happy to discuss the methodology, limitations, or anything about the design. Still in data collection so no firm conclusions yet, but the directional patterns are interesting.

Hey, looked decently good, maybe include a little more variation, such as shorter variants of phishing emails or some more sophisticated ones, where BEC (Business Email Compromise) would also come into play, as an example, sending an email with passing headers from the correct domain, but at an unusual time, which should raise suspicion. UX wise, I'd tell you to please resize the actual email window to more like a square, cause it's quite annoying to read long lines of text going almost straight down vertically.

Hey, thanks so much for checking it out! Appreciate all the feedback, all very valuable, some already in planning and some I will need to add, as I aboslutely agree. Thanks again!

What is flipper zero best for?

Playing around with

Lol

record and replays

Very interesting

Hello! I'm a graduating Computer Science student, currently taking Thesis. Me and my groupmates would like to gather information in creation of our thesis application. We're looking for any Cybersecurity professionals as our participants.

Please click the link below to participate. This would only take 5-10 minutes. Thank you!
https://forms.gle/7pmWb3tNoaPKDfPQ9

What is the cheapest certificate?

The Google Cybersecurity Certificate can be completed in the first week (it's a free trial), in about 15-20 hours if you cover it 100%. I did during one Christmas week, between parties and hangovers just for fun. And it's taken seriously by practically nobody. Its only advantage is you get a voucher for $50 off the Sec+, which is only really useful if you complete it in the first, free week and cancel the subscription. Otherwise you'll be paying $50 a month for a completely substandard intro to cybersecurity. This is just a certificate of completion too, not a certification.

The ISC2 CC is frequently offered as a free course/certification package, but the expectation is that, after a year you will start paying for the ISC2 subscription and continue to acquire (and pay for) their further certs, like SSCP, CCSP, all the way up to CISSP

Thx

Gave +1 Rep to @cunning kelp (current: #17 - 619)

I am a new teen entering the coding world and this channel makes me wonder about what one can research in this topic .Someone please explain with simple small example

.

Guyss need assistance here what online jobs are you doing to survive in this economy?

I'm trying to figure out how to DNS attack my own internet

"This topic" as in? Cybersecurity is a very broad term with many branches, and each has it's own branches too

Created an app to Pentest Bluetooth Classic and BLE. Have a look at it and let us know your thoughts!

https://www.linkedin.com/posts/aseem-pandya_cybersecurity-pentesting-bluetooth-ugcPost-7442960740363300865-sGNo?utm_source=share&utm_medium=member_android&rcm=ACoAACqVu80BAja1KoGjFEtlu_GobiF8KKGqYj0The

The app is called DissPair, and here is Version 1. We would encourage a collaboration with researchers and developers in RF/SDR field https://github.com/threadpoolx/DissPair

Hello! What's your opinion on Cisco's free Ethical Hacker self-paced course? Is it better than Google Cybersecurity Certificate?

Google's Cybersecurity Certificate is a waste of time. I did it in less than 16 hours, between parties and hangovers on Christmas week one year just for fun. Nobody takes it seriously. The Cisco course and ISC CC are good, free options to get started. Having a history of projects and blog posts, machine writeups and certifications would be a great help

Thanks dude

Gave +1 Rep to @cunning kelp (current: #17 - 625)

thanks !!

Has anyone had experiences with the Splunk certifications, especially in regards to SOC management and architecture? Worth it?

i need a real life example log in json to test a tool. anyone got any sources for that?

chatgpt?

https://github.com/elastic/examples

Something like this?

I will look into that, thank you!
Meanwhile I found big logs of CIC-DDoS2019 from the university of Brunswick ( https://www.unb.ca/cic/datasets/ddos-2019.html )
About 22GB of logs

😫

fl0ck have recently popped a number of cameras in my area, and i am looking for ways to capture (ethically) and present vulnerablities to my city council. what are ways I can wardrive and just ingest data outside of wifi pineapple (not that that will work, i think)

**for research purposes

If you need to ask how to do it, it's probably best you don't.

In theory, it sounded like a good idea to raise awareness and collect research against the surveillance campaign thats going on. But in the end, its probably not a good idea to jump head first into a lawsuit.

Hello guys

Please I’m new here

hi

hi

Hi

Hello

Hi

Hi

wsp

So I was invited to a bsides convention by someone who works in cyber security .. any advice how to prepare

Larp

how to find vulnerability

research with various tools like nuclei, nmap, subfinder etc

Thx

Gave +1 Rep to @sly lake (current: #1833 - 3)

Please interact with the community before posting your external posts. @distant steeple

does someone where i can find promotion codes for tryhackme payment?

Can I use promo codes for make premium cheaper

Yes, you absolutely can! Try ChatGPT. I got somewhere from 30%-40% off. Totaling around ~$45 knocked off. I use it every time for all kinds of related things.

U had gpt make promo codes?

No 😂

Just wondering

Hey I'm new here

Hi I am new I want to learn but I don’t know where to start from

#start-here

Thank you

Gave +1 Rep to @sly flume (current: #45 - 263)

Hey everyone, I've been building an open-source PQC readiness scanner for SOC environments. It scans live endpoints, detects TLS cipher suites that are vulnerable to harvest-now-decrypt-later attacks, and scores them against NIST's new PQC standards (ML-KEM, ML-DSA, SLH-DSA).
Output is SIEM-ready JSON, designed to integrate straight into existing SOC workflows.
Still actively developing it (PCAP analysis coming next). Would love feedback or contributions.
GitHub: https://github.com/surendrababu-sec/pqc-soc-readiness

where can i learn manuel scaning vulnarality

ik how to use Nessus OpenVas but need to be sure false-postive

What exactly do you mean?

where can i learn manuel scaning

What do you imagine manual scanning is?

Just to make sure we have the same thing in mind

scaning with nmap

How can I manually identify vulnerabilities that I might find when scanning all ports using Nessus?

Nmap is not manual scanning

When you use Nessus, it looks for the version of the product and then checks for CVEs concerning that product.

Other scanners also test for vulnerabilities such as path traversal, etc., that you can do manually; it's just more time-consuming.

Nessus can sometimes produce false positives, though this is rare; but how can vulnerabilities be identified manually without using Nessus or OpenVAS?

False positives are not rare. For example, let's say you have Tomcat V1. Nessus checks all CVEs for Tomcat V1 and tells you your product is vulnerable to all of them. This is theoretically correct but not necessarily technically correct: some vulnerabilities only apply if your V1 is configured in a certain way. Your version is vulnerable, but exploitation might be impossible if it's not configured in a way that the vulnerability requires. (False positive)

You do what the tool does but manually: check version numbers, correlate them to known CVEs via Exploit-DB or other research. You can also try basic attacks if Nessus does that as well.

what tools for example?

and where can i learn how to do manually

It depends, you're talking from a vulnerabilities management perspective (You already have internal access to the company) or from a pentester POV?

I dont but I solved some CTF's for red teaming

I am just still learning Vulnerability managment role

You can use netcat for banner grabbing, owasp zap, burpsuite...and manually try to check all of these

You can use NMAP but without the -sC or --script=vuln parameters or else it becomes pretty automated

Curl also works

If you will work in a VOC it's mostly automated

voc?

Vulnerability Operation Center

oh ok yeah

do you have any video for this

or tryhackme room

by the way thank you for your time

Hiii

Bro do u need a partner we will grind together

https://tryhackme.com/module/threat-and-vulnerability-management

omgg thank you

Gave +1 Rep to @stone mica (current: #20 - 539)

After the recent MS Edge in-memory cleartext creds, I decided to deep-dive into it: https://github.com/Dragkob/EdgeSnapper
I researched and here's the tool I came up with. Feedback is welcome

Does tryhackme have internships?

#jobs-board -- but https://careers.tryhackme.com/jobs/

thx are there any requirements

Gave +1 Rep to @long saffron (current: #248 - 46)

CIPHER-0x AI Agent detected a potential Zero-Day during advanced Malware Analysis.
In this video, I explain how my AI Agent “CIPHER-0x” autonomously analyzed and inspected malware samples, including a suspicious malware linked to a potential zero-day behavior.
The project combines AI reasoning with malware analysis techniques to automate detection, behavioral inspection, and advanced threat analysis. https://drive.google.com/drive/folders/1GrVo9Y2rMj9MLkTw3kUcgwnWSySb3DIe?usp=drive_link (this is my research )

How good is ghidra

Very good

Thx

Gave +1 Rep to @sly flume (current: #42 - 275)

@placid loom

Ida and binary ninja better

Ok thx for information

guys

How you dey

Yes?