#resources

htb getting bored really fast its not a challenge anymore for me

Seems like a flex but why would you come to a learning platform if you’re bored of a Competitive platform

To beat szy

Pfft impossible

Leave him b

https://www.coursera.org/learn/computer-networking/

I have taken this one, it's decent for complete beginners . It's avaiable on youtube as well if you don't want to give your credit card to coursera, but you don't get a certificate (ofc) that way

https://deals.thehackernews.com/sales/the-complete-2020-comptia-certification-training-bundle?utm_source=thehackernews.com&utm_medium=referral&utm_campaign=story

Should I get this???

It's just a class. The classes should be from iCollege. Which it isn't awful. The course I was doing was entertaining at the least and kinda felt like a typical college lecture that I know of, but I think they fluff the entertainment a bit too much. I haven't delved too far into it. I think it's worth it if you're supplementing your info because it's relatively cheap.

Like for college, being able to do S+ videos on that site and supplement with whatever my professor is saying is cool. Multiple perspectives on the same thing.

We've also been given a 30% discount code on
@nostarch
books! Head over to their website and use the code "BSHTX30" during checkout!
(until 17th of September)

Ciphey - Automatically crack, decode, and decrypt ciphertext without knowing the key or method of encryption used.

Supports 34 methods including XOR-crypt, caesar cipher, most base decodings and more.

Since the last time I have posted, we have added:

+ XOR
+ Repeating-key XOR
+ Base62
+ Base91
+ Base69 (nice)
+ Base58
+ Base58 (ripple)
+ AtBash
+ Standard Galatic (Minecraft enchanting table)
+ Binary Substiutuion cipher
``` and we're adding even more 😄 (full list here <https://github.com/Ciphey/Ciphey/wiki/Supported-Ciphers>)

PS: We're **very** easy to contribute to. Just DM me if you want to contribute something ✨  

https://github.com/Ciphey/Ciphey

https://powersploit.readthedocs.io/en/latest/Privesc/Invoke-ServiceAbuse/

https://www.kite.com/

https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web/How_the_Web_works

https://www.udemy.com/course/ethical-hacker/

old but it's good

^^ Resource is free before anyone tells me to check it oue 👀

Hello I am Blob! I published my blog post about how to go about making a Vulnerable (linux) machine, for those of you who are interested in that type of thing. Feel free to check it out here:
https://bobloblaw321.wixsite.com/website/post/the-making-of-a-vulnerable-machine-blob-blog

(I'd love feedback for if there are more services you'd like to see how to set up if you guys enjoy that post!)

I watched the first half before I fell asleep last night. I think it's very informational, at least the portion about why certain programming languages have become as popular as they have.

https://www.youtube.com/watch?v=QyJZzq0v7Z4

https://youtu.be/2Yp65h-pvns

https://twitter.com/nullenc0de/status/1188654674100011008

https://github.com/Kayzaks/HackingNeuralNetworks

https://github.com/0xroman1/Scuffed-Low-Level-Stash/blob/master/README.md

Nice one @shut ferry

thanki

https://github.com/Kayzaks/HackingNeuralNetworks

I didn't think that it was possible to hack neural networks

I didn't think that it was possible to hack neural networks

Thanks for this, something nice to read during lunch for the week 🙂

is it possible to use a neural net for the defense?

Indeed (:

It's a cough thing that's being cough tried for a box

Resource Request: One of my classes is basically part of CompTIA's Security+. We are given access to the book CompTIA Security+ SY0-501 Cert Guide, Academic Ed (2e). The book seems okay, so far, but it seems like we're not getting too many lectures and are being expected to just kinda read the material and figure it out. The book is from 2017 and given the nature of InfoSec, I suspect some things might end up not being correct for 2020 standards, possibly 2021 when I take my exam. THM, as a general resource, has helped me prep a lot for the first few chapters, but considering this monster of a book has 18 chapters, I do have some concerns. Eventually, I'd like to turn this class into getting my own Sys+ certif and eventually OSCP.

For anyone who has done Sec+, do you all have any recommended resources that can help me succeed? Are there any pitfalls that caught you? I'd love to hear some input.

@daring hull I just took my security plus three weeks ago. It was not bad at all the first 4 questions are all practical and I recommend you skip them and move on to the 75 multiple choice. Some of the questions are multiple answers and they do give partial credit. The only study tool that I used was a book that I bought online which is : Security+ Get Certified Get Ahead. That book I read it and studied the definitions really well and did well on the exam. If you have some prior experience in Cyber Security then some of the concepts is just repetitive other things will be new

That makes me feel better, especially having a jumpstart in InfoSec with a good community. I just started on my path officially this year, so while I still have a lot to learn, I definitely know that I know more than I did. I usually see a lot of people parrot that Sec+ was really difficult and a lot of people flunk the first time. I'll check out the guide you mentioned.

https://github.com/justinsteven/dostackbufferoverflowgood just popped a shell on this 😎 , good practice

The other day I talked about Dark Reader. I think some folks are unaware you can blacklist certain websites from Dark Reader so that you can use the dark mode that the website provides.

Dark Reader can be found here and is available on pretty much all of the major browsers: https://darkreader.org/

If you want to blacklist websites, head over to the tab labeled site list and click on not invert listed, then add the domains you don't want Dark Reader to... darkinize. If you're a uni student and are having to use e-books, Dark Reader is really awesome because it gives you a dark black background with light grey text and it makes reading a lot easier.

+10 this it's saved my life since

-5 the above sentence needs some inglish inprovements @sturdy shell

(that is done on purpose btw)

https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0

https://guyinatuxedo.github.io/

https://github.com/SafeBreach-Labs/SirepRAT

#thm-community-media ?

That's not even accepted on the writeups on rootme

And please only post it of it's approved

@lone crane please don't post writeups unless they're approved by the room creator. Writeups that are approved go in #thm-community-media.

ok

It's free for today if you wanna enroll

https://www.udemy.com/course/ethical-hacking-kali-linux/?couponCode=A65CBC1942094CB7481F&ranMID=39197&ranEAID=tHnUyAHsRvI&ranSiteID=tHnUyAHsRvI-U9oWSxhjECIiCKtVnMjVIw&LSNPUBID=tHnUyAHsRvI&utm_source=aff-campaign&utm_medium=udemyads

Great catch, Quantum

Please don't share referall links @digital crag

sorry

You can share that the course/offer exists, but yeah, no refereals pls :3

thanks for the warning

Updated my list, slightly less scuffed now. Hope it helps someone out there whos learning RE/bin exp
https://github.com/0xroman1/Scuffed_Low_Level_Stash

Windows resources looks good, defo gonna give some of them a read (: thanks!

Sure thing 😄

Out of curiosity how deep into windows exploitation are you trying to get @sturdy shell?
I could DM you some notes ive been taking in school depending on what you're studying

Ah, not so much windows exp specifically. I specialised in malware analysis in my degree so anything Windows RE I eat up (:

Not trying to get any 0days or write dll injections hehe 😅

ooohhhhh then you'd love this @sturdy shell
https://github.com/Perfectdotexe/Perfect-Malware-Samples

Have you used flarevm at all? Ive heard some pretty good things about it

that's a pretty cool repo aye, I'm on VirusShare + a few other closed circles for that sorta stufff

FlareVM is great!

I really want to get more into the RE side of things, ive really only been focusing on pure binary exploitation stuff (RE is a part of it I know) but would you have any recommendations on things I could use to work on?

I will need to write a thesis paper at some point in time

and id like to do it on malware RE

Really good if you want a quick lab environment, making your own is a lot more riskier and tedious but is a lot better in the long run

For Windows Malware RE? I can dig some out for sure

yeah I just picked up an old thinkpad x220 from a craiglist guy that im planning on using for an isolated lab

I have a couple of beginner friendly Malware RE rooms on THM already

Granted you're analysing software that I had to make that pretends to be malware

but the next one is doing all the forensics of Ceber and Wannacry but it's chunky

I'll dig out some good stuff bare with me 👍

oh word? ill have to check that out. Right now im just trying to develop more skills, so it dosent have to be real malware. As long as im able to develop that process then all good

thanks!

Accepted your FR (:

❤️

Yeah it goes through all the practical techniques (: my dissertation was on malware detection via ML so I'm keen to hear about yours ^^

Well its going to be a paper im going to be submitting for this scholarship/program. Its not "graded" but its supposed to be a technical paper displaying knowledge as to why id be suitable for the program. I can do anything I want for it, no set topic

Ah I gotcha, pretty neat to have that freedom

I'll shoot over some stuff when I get the chance later today (:

thankie :))

RE/PWN for life.

https://www.youtube.com/watch?v=BN_H6BYBJnE

premiers in 2 hours

😦

Super super soon

https://github.com/RUB-NDS/PRET

awesome

Hey , have a quick question

I’m pretty new to reverse engineering, I have a very basic knowledge of x86 and wonder if there is any methodology / course to improve skills ? ( other than x86 courses )

@azure drift #general . Also read channel description

lol james just told him to ask here

I really liked Shellcoder's handbook

@fringe spire A request for resources kinda fits here, don't you think?

lol james just told him to ask here
@cloud brook uhmm..... Hides

The Shellcoder’s Handbook it's not really an x86 book but I've found it super interesting with bof etc

https://pwncat.readthedocs.io/en/latest/ -- For pwncat written by John Hammond and his friend Caleb

His friend's name is Caleb, very talented coder 🙂

Yea had to go back in the video to find his name haha, Thanks

@azure drift Check the pinned messages, there are some resources.

https://github.com/iagox86/dnscat2

👀

Microsoft are doing $15 certs for those unemployed during COVID https://docs.microsoft.com/en-us/learn/certifications/skillingoffer

That's really cool of Microsoft to do

Dropping this in resources too:
https://pauljerimy.com/security-certification-roadmap/ for people that want to build their own certification path. It's an interactive map that also takes you to the payment screen and provides some short details about the cert itself (pricing too)

@honest dock mind pinning this for other people to see it too?

ty

np

Dark also references that chart in his new video

Not sure if this is the section. But, can anyone recommend an app for droid to get infosec news etc. I tried setting up alerts via google but 1) nothing comes thru 2) i dont want my email to be filled with notifications. Looking for like an alert feed type of an app, if it even exists.

Sounds like an RSS reader to me

I use Feedly

Thank you for the suggestion. I also set google to notify via rss but nothing ever comes thru.

https://samsclass.info/121/proj/152p5-Vol.htm

https://youtu.be/DWd_jWvnKIQ

#request Resuources on sql injection pls 😕 (not cheatsheets or rooms), not anything too beginner friendly 🙂 I can't find anything that isn't too beginner friendly or too easy, I have done that kind of injection, some advance onces are just too small to learn anything

Did you look at port swigger?

https://portswigger.net/web-security

Check the “resources” Task in my sql injection room

it has plenty of challenges/blogs/guides/lists

https://www.redsiege.com/blog/2018/11/sqli-data-exfiltration-via-dns/

Check the “resources” Task in my sql injection room
@honest dock Isn't that sub only ? I don't have a sub currently

Easy fix for that

PortSwigger is really good tho

Not so easy for me. I literally have to beg a friend of mine to get me a voucher since my bank declines any transaction with THM automatically

I almost forgot about web academy

I'd also personally recommend learning some webdev so you can add some context to your sqli and sql knowledge

I am learning php and js

What do you want to learn? Database security?

Getting a holistic picture with all your context has been super helpful for me

I just want to get good at owasp top 10

I thought I will start with injetions, sql in particular

I would start with learning how a database works, how queries work using SQL, how a database interacts with web services, etc..

Foundational level of understanding what is being attacked.

Yes I watched a vid on mysql

https://www.youtube.com/watch?v=7S_tz1z_5bA

Set up a mysql database and populate it with tables, etc..

That's what I thought, to better understand sqli, I need to learn sql first. so that step is clear 😁

You are probably running into the issue that most videos / tutorials online are introductory in nature. They only scratch the surface of topics discussed.

Which gets frustrating. 😄

Hey! My friend made an interactive editor for binary exploitation 🙂 🥳 Friend: @analog shoal. @white pivot you might like this 😛 https://smashing.c3murk.dev

Nice one @analog shoal

You are probably running into the issue that most videos / tutorials online are introductory in nature. They only scratch the surface of topics discussed.
@craggy onyx Exactly

https://images-ext-2.discordapp.net/external/rk_hEdB3UTywtIXPCWpj4DERokAniO8nIOYoNUCsN3U/https/miro.medium.com/max/1200/1*WIxe9rvePZWX-VQgZDgMpQ.jpeg?width=1147&height=632

https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/

Does anyone have a version of incognito2 already compiled in exe

They already have an exe on github

https://github.com/fireeye/SharPersist

Nothing much, just my notes from Web Security Academy's SQL Injection section https://www.notion.so/SQLi-c3dc193fef9b49818ced8bf622096c5d

Nothing much, just my notes from Web Security Academy's SQL Injection section https://www.notion.so/SQLi-c3dc193fef9b49818ced8bf622096c5d
@queen wyvern Thanks man!

@queen wyvern not anymore. i finded a another link https://github.com/milkdevil/incognito2

Practical Ethical Hacking, Windows and Linux PrivEsc on sale, again

https://twitter.com/thecybermentor/status/1305933865597497344

https://youtu.be/A7PUyzsXE3c

https://twitter.com/thecybermentor/status/1305933865597497344
@daring hull Are this cources goes for free any time?

Nope

But they're very very frequently on sale (:

And they're real good sales too

@daring hull Are this cources goes for free any time?
@glad hazel You would have to watch his Twitter. He sometimes drops free codes (as seen in the original tweet) but the courses go on sale often and I'd say it's worth giving the guy money for making good courses

I have updated my ezpzBOF v2.0 🙂 Can try use this on any bufferoverflow room in TryHackMe hehe

https://github.com/H0j3n/EazyPeazy/blob/master/My Tools/Ezpz BOF/ezpzBOF-v2.0.py

https://twitter.com/thecybermentor/status/1305933865597497344
@daring hull Um, isn't there a free resources rule ? I get this one is good and TCM is a contributor to something , but this link gets posted here a lot, like every few weaks when this is on sale

What

The only rules are against self promotion and piracy really

Self promotion.

Please remember rule 15.

self promotion of paid content, so unless you get someone else to promote the paid content, it's fine ?

It's a well regarded, widely accepted high quality course. Sundae does not profit from it. Sundae is sharing a discount code.
Sundae is fine.
Please leave the enforcement of rules to the moderators.

I'm not encfocring any rules, nor picking on sundae. Just trying the understand the rules better

Your message seemed very much like a complaint.
Do not self promote here. If it's something you made (and will make money from) or something you make money from (eg referals or made by a friend who is sharing profits), don't use this channel to advertise or promote it.

Hey guys, buy throwback

It was a question, sorry if it felt like something else. I have never and won't promote anything mine, or someone else's of course. Have a nice day 🙂

https://youtu.be/_BlqBx_iSzQ

Dark is on write-ups spree.

https://securitytrails.com/blog/blue-team-tools

Wanna Learn The Basics of metasploit this is the right video for you guys ! https://youtu.be/fQipR_I_QXM

https://github.com/sindresorhus/awesome there may be a goldmine of stuff here

There is

I have been learning from awesome repos for months now

Hey everyone i made this resource for hacking kind of to act like a cheat sheet and stuff and now i transferred it over to a subdomain any kind of suggestions or comments would be very much appreciated as i am trying to improve it and then later on make it public and open source notes in a way

https://enotes.nickapic.com/

TryHackMe has a subreddit! We are slowly ramping up the subreddit (see the subreddit mod roles on some of us 😉 ).

Come check us out if you're into Reddit 🥳 https://www.reddit.com/r/tryhackme

oh hi forum staff Ma1ware

As part of the forum staff, I have to advertise the forums as well, there will be lots of changes soon, check us out here:
https://tryhackme.com/forum/

😉

Fix Forum

🤫 It's not broken!

Everytime you change Sorting it shows different results

🤫 Let me advertise lure people into the forums!

LMAOOO

Stumbled upon this website/blog about a week ago after completing James' Crypto 101 room. The blog has very nice essays on HTTPS and Public Key Infrastructure as well as refreshing & fun to read posts on games, encryption, web security etc.
https://robertheaton.com/

Poggerz https://twitter.com/NotionHQ/status/1306677709263630336

its been like that for a couple weeks im p sure

weird they are just tweeting about it

when they going to add wide pages as a default option?

I haven't watched this but thought this might be of interest to some https://www.freecodecamp.org/news/free-computer-networking-course/

nice, i plan on taking N+ next month

You're on cert spree or something? @gritty barn

I'm on vouchers are about to expire spree @white pivot

Wish I could be that lucky

@sharp belfry https://www.coengoedegebure.com/buffer-overflow-attacks-explained/

https://youtu.be/TGsIxfvEDaQ

https://spyse.com/

great passive OSINT search engine

https://github.com/nccgroup/GTFOBLookup https://github.com/denisidoro/navi https://github.com/mthbernardes/rsg

good tools

Navi's nice, I've used it before

Thanks! I use this as well

https://github.com/t0thkr1s/revshellgen

Here's a 15 hour one also: https://youtu.be/3Kq1MIfTWCE?list=WL

Does anyone know any book / website to practice network diagrams?

Draw.io is a nice diagram making website
You can make network diagrams with it too

@shrewd ginkgo where can i get scenario questions based on which i have to draw a diagram?

Now that I don't know

@fossil gorge I mean it depends on what you’re talking about if you just want a static picture then pretty much any flow chart creator will do. If you want something with more functionality then something like packet tracer which is a network diagram simulator or GNS3 which is a network diagram emulator, can help you

I personally really like GNS3 because it has so many options for packages however it can also be harder to setup

@azure widget I was hoping to find something that will describe a network and then require me to draw its diagram

1. Two networks A1) B1)
2. Each network requires a border router
3. Each network needs a firewall blocking inbound traffic
4. A1 has four network subnets A) R&D B)Customer Support C) IT D) Data Center
5. B1 has three subnets A) HR & Legal B) Users C) Business Apps
6. Both sites are connected via a VPN
   .....

Something like this that I could put up using drawio

https://youtu.be/BQ4xeeNAbaw

Hi, I am looking for a good OS course

If anyone has some online courses on the bookmarks, I would appreciate if you shared them

❤️

I have this in mind:
https://learn.saylor.org/course/view.php?id=94

https://www.youtube.com/watch?v=f0lDZEBa3_I

Are you allowed by admins to post that here?

https://link.medium.com/hLNBnJzNX9

Umm, that actually is not allowed

Looks to me like it is?

This is a writeup of some sort that makes answer to RedTiger's Hackit Public, when the owner of the challenge has mentioned that they shoudn't be made public

Hey guys, what would be a good resource to learn reverse engineering?

I already know a good amount of c++/assembly and have already done some easy crack mes, so I am not a complete beginner.

This site is pretty nice and has been linked here a couple of times https://guyinatuxedo.github.io/
For reverse engineering @nova pond

Thanks. Will take a look at it when I am home.
If anyone else has other suggestions just tag me 🙂

Hi guys. I'm new here.. Can I get any resources for learning bash scripting please?

Have you tried Google?

yeah.. but there are many and i'm confused

https://www.shellscript.sh/

@elder vault

okay bro. I'll try that.. Thank you

I just published How to install Ubuntu with GUI on Digital Ocean for free ? https://link.medium.com/KGsjA5KkZ9

Can you guys recommend me a book or any resource on how to make your own CTF ?

Can you guys recommend me a book or any resource on how to make your own CTF ?
@jaunty raven https://discordapp.com/channels/521382216299839518/554713196804440101/752284794993246238

@jaunty raven I have slides from a presentation I did on it on my blog (https://muir.land/content). Dark also has a blog post on it on the TryHackMe Blog: Making the Mountain

Also lowkey going to plug this from TryHackCIT

granted 99% of the content to go with it is missing, the URL's at the end are useful if you're looking to create some stuff for THM specifically (but the stipulations are pretty sensible for any CTF)

ugly url / risky click of the day inc
http://resources.cmnatic.co.uk/Presentations/THM Room Dev 101.pdf

help

A) #announcements
B) How the heck is this a resource? 😆

ok

I just published How to install Ubuntu with GUI on Digital Ocean for free ? https://link.medium.com/KGsjA5KkZ9
@solemn bough Is there any way I can get the same t results with AWS?

Yes

Use an AWS Account

Yes mate @glad hazel you could Just follow the same process I used digital ocean as they provide credits instead of free tier you could use free tier too but the speed is comparitively slow

You mean the response will be too slow to work with

?

I mean kali is not going to hold on free tier specs. I guess

@glad hazel if you want a proper hosted solution for Kali. Check out the TryHackMe subscription. It's $10 a month and you get a AWS hosted Kali or THM AttackBox. The only thing you won't have with it, is Persistence. Once it terminates its reset back to factory. But it's a good solution if you haven't got good hardware to run a VM.

Plus you get the other features of a subscription. https://tryhackme.com/why-subscribe

can i get some resources for creating rooms based on owsap top 10

amazing content
https://github.com/carlospolop/legion

https://youtu.be/8fs_7bm88GY

want to know how to do automation script writing

https://www.trustedsec.com/blog/azure-account-hijacking-using-mimikatzs-lsadumpsetntlm/

Hey guys im trying to learn Python code so does anyone know a course or a place that teaches me
I only know Print("")
lol

Sololearn

is that the website or something?

Have you googled it?

Because you should

The best place to learn is solo learn in my opinion but just typing in “Python Basics” or “How to code python” into google has many YouTube tutorials and websites dedicated to teaching you Python :)

My face resource is "automate the boring stuff"

https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass

@steady crater https://www.youtube.com/watch?v=HBxCHonP6Ro

oh man i haven't seen that channel for months

he has some really nice vids

Shame he doesn’t do it anymore

thenewboston

holy moly

Yeah he has some great tutorials on his channel

Hacktoberfest is now open https://hacktoberfest.digitalocean.com

Yay

Need a new shirt tbf

https://thispersondoesnotexist.com/

Very cool

Found this really interesting. https://www.quora.com/Would-it-be-possible-for-a-virus-to-escape-a-VM

VM escapes pay big money

Huge bounties

I'm really glad I found out about it

Because it's typically significant if you can escape the VM

I'm going to google it a bit more, hopefully find a poc

I'm going to start separating my network...

If you can escape from a sandboxed VM be it Hyper-V/VMware you're showering in money and job prospects

who's familliar with this channel?
https://www.youtube.com/c/webpwnized/playlists

Hypervisors can be exploited, but unsure if you can break out of the VM via the guest OS

Thats better, now I have a name ha

what's the difference between a cloud base vm and vps?

P->Private - host resources not shared with other vms

A VPS can be a cloud (IaaS) service...its justs dedicated

I Explained These Thanks to tryhackme for providing the room https://www.youtube.com/watch?v=Dd4Rh4_Rtng

Hypervisors can be exploited, but unsure if you can break out of the VM via the guest OS
@inner pewter Yes. You can. It's a severe vuln

https://youtu.be/wdi3p_S7jtQ

This is what nightmares are made of

oh god 1.5h of darkstar

also not sure if it's just me but the timestamps aren't showing D:

Instead of ocean waves to go to bed now you can listen to dark star

😄

Timestamps are down below

I'm not sure why YouTube isn't showing them on the video, they were working yesterday when I tested it

1.5 hour to understand shiba1

dark, i still cant SSH into shiba1

halp

oof

forget that, how to deploy machine

https://m.youtube.com/watch?v=Jaa2LmZaNeU

some of the best guys in the industry if you don’t already follow their work I highly suggest you do

https://pwning.tech/2020/09/09/v8-pwn-downunderctf/

@spiral zodiac 👀 ^

Ooh, very nice! Good job on that writeup @white pivot

dark, i still cant SSH into shiba1
@cloud brook are you using correct password?

🤦

Ooh, very nice! Good job on that writeup @white pivot
@spiral zodiac Assuming JB's tag, you guys were looking for something like that :p

are you using correct password?
not psswd problem man

@cloud brook are you using correct password?
@thorn rock I think so... it doesn’t work 😦

lmao

inb4 Bob is trying ssh shiba1@localhost with his own password 😁

(Yes. That has happened, and yes, the person posted their own password in community-help)

Wait so the password isn’t iamblob6969?

(Yes. That has happened, and yes, the person posted their own password in community-help)
Damn

Blame Pars, bad instructions

Oh, I frequently do 😁

hahaha

https://dfirmadness.com/the-stolen-szechuan-sauce/
^ dfir challenge

Oooh that looks good

Good courses on: Networking (Especially for cybersecurity), Server Administration (Windows AD DC, ...), LPI?
I aim to study the basics before moving on to specific fields like PT and Red Teaming...

https://securityboulevard.com/2020/09/cybersecurity-maturity-model-certification-cmmc-in-depth/

Can someone recommend a book of some sort on pentesting/kali. Something that possibly teaches tools and shows methods

Its confusing, as there is a lot to choose from. Looking for something that mirrors OSCP study material

@magic idol beginner level?

@keen field yes, preferrably.

@magic idol ETHICAL HACKING
AND PENETRATION
TESTING GUIDE
RAFAY BALOCH

Thank you. I will look that up on amazon :)

very beginner friendly

Classic matrix wallpaper haha

Before I decide to purchase Ill wait for a few more suggestions/opinions

Thank you tho. It is now added to my list of possibilities@keen field

although her new book is coming out 'soon', this is a classic https://nostarch.com/pentesting (Penetration testing by Georgia Weidman)

Cool. Thank you.

https://youtu.be/21v1snB7NMw

how can i hack on a Macbook Pro

You can use a VM, or you can install tools on macos

(I'd really only do that if you have a spare macbook or such... but that is just me)

I'm also not sure about the legality

Yeah that sounds pretty sketchy to me seeing as it violates the license terms @rough trellis

I'm deleting it

how can i hack on a Macbook Pro
@dire linden i use virtualbox and kali you can dowload virtualbox here -> https://www.virtualbox.org/ and a kali .iso file here -> https://www.kali.org/downloads/

thanks mate

that was helpful

kali comes with hydra and nmap

cool

Guys i can't deploy the room. Is there a page to view all the deployed rooms at once?

Check tech support. Termy tagged you @willow crag

@cloud brook

That’s what you get when running szys snippet?

Yeah Giving errors but one of my VM i think got expired. So it's good for now.
Maybe THM should create a separate page for checking and monitoring VM's..

or just turn off the VMs as you leave the room

😄 Yeah

the script worked, this is the output it sends, i just tested here

https://github.com/0x0ff3ns1v3/extension-wordlists

Made some wordlists for some common extensions for languages such as php

Beautiful

Perhaps add asp to the aspx list?

I am working on writeups for different rooms I have been working on, but I want to know the best way to post them - i.e. blog, github, etc. Any ideas would be helpful

blog preferabl

you can host a free blog on github pages using jekyll

or you can use 11ty or hugo or gatsby + netflify

LGBee thanks, I will take a look at them

https://go.rangeforce.com/community-edition-registration
Free training for Splunk, Suricata, Docker, Kurbenetes and more

https://github.com/Battelle/movfuscator

hi, does any one have a good resource about buffer overlfow?

Tib has a bof room on thm

other than that, dostackbufferoverflowgood is p-good

thanks, i give it a look. yes the THM rooms i have found. i need only some thing to read about this first. 🙂

https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.pdf

This is fairly technical but it's a great resource

https://github.com/Battelle/movfuscator
@spiral zodiac Might put a binex challenge through that for the lols

TCM made this and it's my personal favorite for beginning BoF: https://veteransec.com/2018/09/10/32-bit-windows-buffer-overflows-made-easy/

A proper guide to crack the exam 💯

@night holly There's a tool to deobfuscate it too:
https://github.com/kirschju/demovfuscator

Hey everyone! 👋
It's hacktoberfest time! If you submit 4 pull requests this month (after signing up to Hacktoberfest via https://hacktoberfest.digitalocean.com/) you'll receive free merch (a shirt, stickers and maybe some other things).

Ciphey is now open for Hacktoberfest with a whole range of GitHub issues (and we add more everyday) ✨

https://github.com/Ciphey/Ciphey/issues?q=is%3Aissue+is%3Aopen+label%3Ahacktoberfest

@small night ?

@odd quest It's a referral linnk

an MLM

One link is okay because it's an event, but any more and it's deletion

tell u what

Hacker Halted 2020 is a FREE and VIRTUAL event this year!

5 days of amazing speakers all online and all for free!

sign up now you get an annual subscription to their premium magazine for free.

https://www.hackerhalted.com/register-for-hacker-halted-2020/

that's better

Any good ios exploitation book

There is the iOS Hacker's Handbook, but it is quite old from 2012. A more recent publication is iOS Penetration Testing: A Definitive Guide to iOS Security, by Kunal Relan. @rapid vortex

@grizzled notch please don't post referal links

That resource has already been posted

@craggy onyx thanks

https://youtu.be/lu7sY1LOWiI

hit me with your fav wireshark learning resource

@crimson thunder Well, I think wireshark is fairly intuitive, the documentation for it is amazing. You can find samples to practice with https://wiki.wireshark.org/SampleCaptures I would just practice, it really depends on what you want to do with wireshark and why. I’ll be coming out with a room soon on it so all resources will be in one place.

@azure widget good to know that about the documentation. I'll give it a look. Nothing particular, just need to dive in while preparing for the ejpt

I have no clue what wireshark has relevance in eJPT but 🤷‍♂️

it has no relevance for eJPT @crimson thunder don't worry about it

it's covered in the course

yeah, not on the exam

oh I don't expect a wireshark exam or anything like that, but just reading the material feels wrong 😛

anyways, I never really properly learnt to use it and generally I try to have more than one resource for everything

thanks for the answers

Learning Wireshark in general is an asset to have, as to having visibility how normal/suspicious traffic looks like on a network. How network packets in general look like.

https://twitter.com/theXSSrat/status/1311365861509345285?s=20

👀

I’ve looked at the content it’s nothing crazy but free is free

Hey if you're looking for hacktoberfest issues to work on (not related to my projects) this search query will give you every GitHub issue labelled with it 🙂 https://github.com/search?q=label%3Ahacktoberfest&type=Issues&ref=advsearch&l=&l=

https://www.youtube.com/watch?v=QQmFyybzon0

**8 Hours Web Application Penetretation Testing **

https://www.udemy.com/course/complete-webapplication-penetration-testing-practical-cwapt/?couponCode=SESSION2

@queen wyvern 1. the shortened link does not work
2. why did you shorten it? are you hiding a reflink??

1. It works 👀
2. It's udemy, there's no referral
3. I shortened it, cause the link was ugly @tribal gull

uhh i think you can remove most of the query params

Edited

noice

https://indify.co/

Yes

Yess !! Thanks

For people wondering how to embed, copy the link and select embed , or create a new embed and paste the link

I’ve never seen so many DFIR resources in one place https://dfirdiva.com/free-training

https://github.com/bb00/zer0dump

https://medium.com/bugbountywriteup/exploiting-fine-grained-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-5a2f3de4be08?source=rss----7b722bfd1b8d---4

https://www.youtube.com/watch?v=8VLNPIIgKbQ

https://youtu.be/7kcLbblwU9Y

Note - I was banging my head trying to fix this, thought I'd pass this along to help others.

Issue - The newest version of VirtualBox-6.1.14-140239 for MacOS Catalina has a bug that aborts Linux VMs when it attempts to check audio permissions with CoreAudio, ICH AC97 enabled. I haven't fully tested with SoundBlaster 16 or Intel HD Audio, enabling them doesn't crash the Linux VMs. Windows VMs don't seem to be effected.

Resolution - Disable the audio in the Linux VMs settings. Try using the SoundBlaster 16 or Intel HD Audio if you need audio.

@shut ferry Spamming same question in multiple wrong chats

Yes my bad

u ok?

I suggested that they put it here. @queen wyvern u OK hun?

@queen wyvern 1 - My bad, apologies - it wasn't intentional. 2 - Other mods keep telling me to post in other chats. Simply trying to help out.

@shut ferry None of them were mods, and this is the correct chat. 🙂

@spiral zodiac 🤘

I'm not a mod but I knew it would get lost in General and this is a nice safe place for your fix

I already apologized, but in my defense I just saw this whole bunch of a text in 3 chats in under a minute

I'm still learning the lay of the land. I appreciate the help.

need a few sources for concepts regarding embedding something to a file (commonly used within images particularly)

i dont know the name of its process

Steganography

Do you mean Steganography ...

@scenic summit https://0xrick.github.io/lists/stego/

@scenic summit https://tryhackme.com/room/ccstego

@prisma bison Wrote this about GoBuster vs Dirbuster vs Wfuzz vs ffuf , check it out 😄 https://www.reddit.com/r/tryhackme/comments/iwy7uu/favourite_dirbusting_tool/g7ft7eo/?utm_source=share&utm_medium=web2x&context=3

👀

https://leovoel.github.io/embed-visualizer/
I'm working on my THM Competition bot, and szy sent me this. It's pretty cool.

@azure widget @queen wyvern tnx much both of you

https://github.com/NinjaJc01/thm-compete-bot
So I decided to make a discord bot to encourage my housemates to compete for a leaderboard position.
As it's Hacktoberfest, I opensourced it and converted it over to embeds.
It's designed for smaller communities, and gives a daily leaderboard of the users from the config file.

Update: It now adds profile pictures to individual user statistics.
PRs are open for adding features, long as you can justify it

https://github.com/alirezamika/autoscraper

Anyone know some good sources to learn powershell more in depth. Just completed the thm room and enjoyed it so wanna go into powershell in depth now thnks

over the wire

Do u know the specific section its under, if u dont mind me asking?

Ah shit I meant under the wire not over

https://underthewire.tech/wargames.htm

Ahh perfect, thnks both for the help 🤟🏻

https://powershellexplained.com/

@dapper hound

xD

Please avoid self-promotion of paid content here.

@cerulean viper

aight man I was helping 🥺
no issues

A 4 days old website selling a 225$ course sure isn't sus at all

https://github.com/builtbybel/privatezilla

https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/
Great links if you want to work on web exploits

Thanks to all who contributed to Ciphey this hacktoberfest! We just released support for BrainFuck, our first EsoLang 😄 https://github.com/Ciphey/Ciphey/releases/tag/5.8.0

can anyone recommend a good reference for sed?

test cloudflare's waf: https://waf.cumulusfire.net/xss

Hi are there any resources one would recommend for digital forensics? I completed the iOS forensics lab which was amazing, i would like some more to do. Pls guide

Hello all! I am looking for some documentation for Cobalt Strike artifact kit (official or Unofficial)

Hi are there any resources one would recommend for digital forensics? I completed the iOS forensics lab which was amazing, i would like some more to do. Pls guide
@nocturne heart Click on Forensics to see all rooms https://tryhackme.com/hacktivities

GHunt is an OSINT tool to extract information from any Google Account using an email. https://github.com/mxrch/GHunt

Can I have your email pls @cold drift

Wait, you are not @cloud brook

Wait, you are not @cloud brook :KannaWhat:
@queen wyvern nop

oh no

Can I have your email pls @cold drift
@queen wyvern send me your email first pls @queen wyvern

blob 2

@cloud brook you have an imposter now

sus

Yeah, I saw him vent

OI

WHAT IS THIS NONSENSE

!ban @cold drift

its ok guys hes banned now

🔨

@odd quest can you ban plz

👀

OI
@cloud brook why?

Cuz you’re imposter

There’s only 1 baam allowed in this discord

Cuz you’re imposter
@cloud brook imposter??? oh okay, it's my favorite manga character (TOG)

so, i'm sorry

No sorry. Just ban

Also it’s not a manga

no sorry just baam

@cloud brook this is why you slightly edit your photo

so if someone does have it, you know they stole it from you

https://twitter.com/svpino/status/1313202874487312387

then copyright claim

Also it’s not a manga
@cloud brook webtoon ah ah

@cloud brook this is why you slightly edit your photo
@tepid patio it’s just a google image tho haha

so if someone does have it, you know they stole it from you
@tepid patio I do not even know its id, in addition I have this photo for a long time (from google image) in all the platforms where I am registered (hackthebox, discord, ...)

Not good enough

I have it there too

I vote we do a hack off

Gib public ip

https://www.reddit.com/r/hacking/comments/j68o9y/im_lenny_zeltser_cybersecurity_practitioner/

Hey I took a class from Lenny many years ago

Lenny maintains the docker image for Ciphey

v/ nice person

also like super very helpful over DM

Like TryHackMe mod level helpful, literally sends me like 20+ messages to explain a problem / help me fix it

Very very nice person

love that folk

Yup, very nice, was a good and patient instructor

https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf

It might seem quite basic to some people, but for CTFs (and koth ;) ), this is all you need to know for file upload bypasses

It's only 9 pages, so not a bad read

and it shows you the PHP going on in the background to give you a deeper understanding

https://i-intelligence.eu/uploads/public-documents/OSINT_Handbook_2020.pdf

I collaborated with Superhero1 and have put out this video on Binary Exploitation, its the first part of a much larger series. New videos will be coming out as time develops.
https://www.youtube.com/watch?v=fuV0p8mop5w

Hello all! I am looking for some documentation for Cobalt Strike artifact kit (official or Unofficial)
@low goblet Anyone?

https://nationalcareers.service.gov.uk/find-a-course/the-skills-toolkit

for people that want free certifications

Did somebody say free certs 👀

I bought the book and I wanted to share it with the community. Enjoy

uhh

1 second 👒

wait bee

let me grab it for mal analy

17mb

im on 200kbps

can you open it for me and tell me if its legal

I got it

One sec

let me open in linux

ok cool im on 20% download rn

I mean he said bought

soo

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,

rip

kek

The Ebook is Free if you buy the book

ok 2 the secret chat i go 🦇

Not for distribution

It can not be free if it's bought 😫

@random elk go to #talk-with-us-no-threading please, let's discuss this there 😄

Don't have access to talk-with-us

check again

They don't have the role Bee

they do now

Not on my end

smh

discord cache

They had it earlier

feck it i'll just leave em in there hopefully they'll get the message

kek

ok its solved

that chat is just 99.9% discord caching issues

https://blog.tryhackme.com/free_path

Still not have access but it's not a big deal, I won't send anything "illegal" anymore 😂👍🏻

The fact that you've put it in quotes makes me thing you don't understand the fact piracy is illegal

Not at all I put it in quotes because it's illegal for you but not for me because I bought it 😉

Sorry for this mistake

The distribution is illegal. So it's illegal for you. @random elk

OK ok Einstein

I aplologized

Aplogized

Alright, I banned him for that commentary

I was waiting for someone to ban him

Someone just spammed another discord wtih a free cybersecurity course (good 2020/10/07 only)
Free Udemy Course for today: https://www.udemy.com/course/offensive-security-engineering/?couponCode=SP00KY-FR33-H4X

thanks ! @faint prism

The price is right..

I want to say TCM also made part of one of the courses free

link?

looking on their website..

?

https://www.reddit.com/r/netsecstudents/comments/j6awqc

@faint prism

Ahah. the devils in the details (comments below) ty

Other than CERT/the osint github, can you guys think of any other halfway decent free threat intelligence lists to pull from

oh god

i told you

dont use that link

here

i'll repost it for you 🙂 Please in the future use links that do not have some encoded 4000 character parameter 😛

https://startdevchange.com/

hey guys, for a course in my cs degree, I have to attend an it related webinar and write a report on it. Since ive been so interested in cybersecurity I would love to follow a cybersec related webinar. Unfortunately im not exactly finding anything interesting... Anybody that has good sources for security related webinars? (it has to be in the future and live, im not allowed to watch a video of a seminar/webinar from the past)

Search for a local BSides online event in your area @thick zodiac

oh thanks! will do!

Search for a local BSides online event in your area @thick zodiac
@craggy onyx
what if area doesn't have local events 🤔 ... it's soo rare here

When they're online, it is possible to attend them by signing up beforehand. Find the nearest one you deem useful. 👍

In case someone didnt know, mostly beginners like me, PayloadsAllTheThings by swissky is fantastic

There is the ZTH obscure vulns room which has that included

Your one allowed EcCouncil non-MLM non-spam link for the day https://www.eccu.edu/cyber-challenge/

accepting writeups for my newest room, motunui :)
here is my official one: https://www.jake-ruston.com/posts/tryhackme-motunui.php

accepting writeups for my newest room, motunui :)
here is my official one: https://www.jake-ruston.com/posts/tryhackme-motunui.php
@night ether this seems like a very cool room. Different. I like the concepts. Thanks for the write up

good resources to learn RE?

Hey @sturdy apex

Check the pins 🙂

@queen wyvern Thx ^^

guys
any reverse engineering resources (very basic)
cuz i'm really noob @ rev eng
tnx

https://guyinatuxedo.github.io/01-intro_assembly/assembly/index.html
anybody read this?

I started it

it's not proof read so it was physically hard for me to read

@tepid patio https://www.youtube.com/watch?v=fuV0p8mop5w
i just find this

A list of good resources to make a level up? Interesting writeups, some books, links

Introducing HAT - The Hashcat Automation Tool has received 100 stars on Github! Wh00t!!!
If you're a pentester who wants to automate the laborious task configuring hashcat for every wordlist and add a bit of flaw check out HAT. Links to large working wordlists too! https://t.co/10xQH2caeT

https://digital-forensics.sans.org/summit-archives/cti_summit2014/The_Diamond_Model_for_Intrusion_Analysis_A_Primer_Andy_Pendergast.pdf

guys
any reverse engineering resources (very basic)
cuz i'm really noob @ rev eng
tnx
@keen field

# Resources

These are the resources I have found while learning about the binary exploitation.

### Blogs:-

* <https://syedfarazabrar.com/>
* <https://kileak.github.io>
* <https://d4mianwayne.github.io/>
* <https://ctf101.org/binary-exploitation/buffer-overflow/>
* <https://blog.skullsecurity.org/category/ctfs>

### Youtube:-

* <https://www.youtube.com/channel/UCi-IXmtQLrJjg5Ji78DqvAg/videos>
* <https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN>

### Wargames:-

* <http://pwnable.kr/>
* <http://pwnable.tw/>
* <http://pwn.eonew.cn>
* <https://www.root-me.org/?lang=en>
* <http://smashthestack.org/>
* <https://exploit.education/>


### Pwn Related Stuffs:-

* PwnTips - <https://github.com/Naetw/CTF-pwn-tips>
* Quick guide -<https://trailofbits.github.io/ctf/exploits/binary1.html>
* Pwn Challenge List - <https://pastebin.com/uyifxgPu>

### Stuff Robin gave me:-

* Course materials for Modern Binary Exploitation by RPISEC - <https://github.com/RPISEC/MBE>

* Learn ROP - <https://ropemporium.com/>

* For Linux binary Exploitation - <https://github.com/scwuaptx/HITCON-Training>

* Intro to binary exploitation / reverse engineering course - <https://guyinatuxedo.github.io/>

* A collection of pwn/CTF related utilities for Ghidra - <https://github.com/0xb0bb/pwndra>

* Some pwn challenges selected for training and education. - <https://github.com/BrieflyX/ctf-pwns>

* A set of Linux binary exploitation tasks for beginners on various architectures - <https://github.com/xairy/easy-linux-pwn>

* ASM Basics - <https://asmtutor.com/#lesson1>```

That's more pwn based than re based, but one is a subset of other.

beautiful

https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/

where can i find Ryan's CTF style ctf

https://www.youtube.com/watch?v=4zahvcJ9glg

could someone help me in linuxprivesc machine ... i am unable to send the shell.elf file from my attackers machine to target machine ......task no 10 (wildcards)

#room-help or #room-hints @lean widget

https://www.youtube.com/watch?v=vtWKlgEi9js&list=PLPedo-T7QiNsIji329HyTzbKBuCAHwNFC

i also recommend 7th ed. of the book above
it's a 0 to hero guide

third time's a charm

https://github.com/scipag/vulscan

found this by chance, has anyone used it?

I have, there's also an "nmap vulners"

@spiral zodiac is that sudo nmap -sV -A -Pn -v --script=vulscan/vulscan.nse or else?

That command is very much redundant, you're using -sV with -A -A does both -sC and -sV as well as -O and traceroute.

yeah i know - but sometimes this works better in this way
that's a complete monster command
i like it

NMAP cheat sheet v7

that's a nice cheat sheet ❤️

https://class.malware.re/2020/04/18/android-intro-and-tools.html
https://resources.infosecinstitute.com/android-penetration-tools-walkthrough-series-dex2jar-jd-gui-baksmali/

will be hard then, when we wanna find all these sources here

https://github.com/sysdream/ligolo

https://pwn.college
https://ctf.pwn.college

This site seems to have a decent amount of information and challenges on pwn stuffs

I've seen the first one before

I think the ctf part was released recently, but there seems to be a lot of challenges on it.

It's from ASU, the creators of this platform are current DefconCTF organizers, and of course from Shellphish team.

A site to practice writing secure code https://securecodewarrior.com/become-a-secure-code-warrior

https://www.youtube.com/watch?v=j6nj3uMp-dg

Really great summarisation of a deep dive into the rampant "Trickbot" ransomware https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/

Are there any good resources for setting up a android pen-test environment? I have an extra android phone so I don't need an emulator unless working with an emulator is easier. Would like to start testing mobile apps and platforms but not sure where to start.

Use john (and anything else in /usr/sbin) without sudo as root: while logged in as root, append this line in ~/.bashrc
export PATH=/usr/sbin:$PATH

Very useful OSINT cheat sheet;
https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA/edit#heading=h.po9n93ahppok

List of APT Threat Actors and Attacks. https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#

Steal my spreadsheet like that

https://haveibeenpwned.com/

Guys, I'm having hard time with BOF.
Please share some good resource for learning BOF for OSCP.

Share link to it Link

https://discordapp.com/channels/521382216299839518/554713196804440101/760489549918109706

meow..

Resgister please ^^
love u all

@cerulean viper if that's a referral link, please replace it with a generic link to the resource 🙂

okaie

https://www.hackerhalted.com/

hey guys! greetings

so I just received an email from cybrary.com , they're offering me like 70% off to their annual subscription, $630 off discount after applying the coupon

Its $900 annualy but with coupon its only $270 🥺 I wish I had money atm..

anyways, If anyone of you is interested in that then lemme know, since it can be used only once and

its ending in 14 hours from now ,

time lmao

🤷‍♂️

yes I got that same mail! not sure if coupon works individually 😅

but it is

https://libc.blukat.me/

https://malpedia.caad.fkie.fraunhofer.de/

How much fun it is to click through random links

if you’re uncomfortable with links use virustotal. NEVER click on a link if you’re uncomfortable or not sure about it until you confirm it is fine

Put the link in virustotal and it tells you if it’s valid?

it will tell you if it is identified by anti virus and malicious checkers, it can identify malware, spam, and phishing campaigns

https://github.com/epi052/feroxbuster <--- Best content discovery tool I've ever used, faster than Gobuster and recursive with proxy support.

https://libc.blukat.me/
@spiral zodiac what is this?

its for binexp

so if you leak a libc address

and you want to know which version of libc it is

you plug the addr into the site

and it tells you

https://mobile.twitter.com/Oddvarmoe/status/1316813991344320514

https://github.com/projectdiscovery/

lots of awesome tools are made by them

https://twitter.com/cvebase/status/1316795857685995520

https://github.com/gpakosz/.tmux

hey guys just in case you missed, refer to this message segment -

https://discordapp.com/channels/521382216299839518/554713196804440101/766272437825961984

extended time line - till 18th oct 2020... 2 more days I guess

so so , here's the coupon for 70% off

ZLU4Zo14

https://github.com/gpakosz/.tmux
@ebon valve I'm following the same steps but I can't get the new tmux
I'm only getting regular tmux

Oh make sure you have the custom tmux bit

Lemme grab my screenshot for my tmux

Also, make sure it's for the profile you're actually using

If you launch tmux as root, it has to be in the config spot for root

This is for the custom spin on it that I have

https://github.com/gpakosz/.tmux
@ebon valve The best tmux profile!

Facts!^

Basically goto as it's easy and just works

I'm Following this
$ cd
$ git clone https://github.com/gpakosz/.tmux.git
$ ln -s -f .tmux/.tmux.conf
$ cp .tmux/.tmux.conf.local .

But not working

did you restart the tmux server?

I still get the normal tmux

and/or source-file?

did you restart the tmux server?
@pliant moat How can I do that?

oh ok you havent yet

C-b, colon

source-file ~/.tmux.conf

after starting tmux?

wait

did you exit out of the tmux session?

w/e

Yes that just default one not the github one

tmux kill-server

then spawn tmux again

let's do this in ib

Thanks for the help

Now I got it
But It's odd