#room-ideas

with a really strict firewall

thats a Skidy/Ashu thing afaik

Yeah, thought it might be

Hmm. Still think it might be easier to just get them downloading it, but hey

Same as room banners

Step 1 download the software
Step 2 find some IOS images from perfectly legitmate sources

the only legitimate sources you can get them from are Cisco

You could try deploying it in a container on a locked down ububtu box with no other applications

Cisco is incredibly strict about image distribution

I reckon before you go deploying proprietary software you should get an official go ahead from Cisco since they use PT as core material in courses they sell

https://www.netacad.com/courses/packet-tracer/introduction-packet-tracer

From that perspective it is almost definitely better to get the users to sign up for themselves and download the software that way. It's free to do, and means that it's completely legitimate

Yep, that's their official means for distributing it and you're not risking getting a compromised version from some random site. You would be promoting the official site though. cans of worms and opening of such...

A Real web hacking room with advanced stuff like breaking filters and not a simple <IMG/src='x'onerror=prompt(1)>

How to used the windows command line cmd vs powershell

@mighty hearth who even uses cmd nowadays when you got powershell 5 6 7 and windows terminal?

o/
My desktop doesn't like powershell. Only use it when I absolutely have to.

Agree though. Powershell is much more useful.

he specified windows

do you use windows on your host?

My desktop is windows 😁

oh, alright then, my bad

i'll dm you

Go for it mate 😄

can we get a room for learning xss beef?

framework

I can try to put one together in the future @flint viper, I am working on a box right now. I like that idea though 🙂

gr8 would appreciate it

I'm doing it rn

More Wordpress hacking

A few NodeJS servers, what about vulnerable golang servers?

@old abyss hackernote is Golang

What sort of vulns are you looking for? I could get on that

Nothing in particular as I don't know much about them, more of a general submission. NodeJS can be exploited with improper CMD set up so wondering what can be done with go

@old abysscmd as in?

I'm really interested, always looking for more work

using CMD env in url to execute commands etc... as an example as don't know of any others. I'll do a bit of reading on how Go servers are built and find any interesting vulns that could be made into rooms

Command injection @old abyss

That's applicable to anything that can run commands

Go included

https://www.emojicode.org/docs/guides/compile-and-run.html -- Ultimate torture room

@raw moat I'm not putting that in room submissions 😂😂😂

   🍰 name 🔡
   🍰 age 🚂
  🐈 👶 @name 🔡 🍇
     🍮 name @name
     🍮 age 0
   🍉
🍉```

Java reverse engineering, I can provide help if needed

@wild merlin if you're good with it yourself, why not make the room and submit it for public evaluation 🙂

@native raptor how do you make a room? Sorry, Im new...

@wild merlinfollow the thm room creation guide

That's on the left hand side of the THM website

Hang on, this has already been written up?

Read the guide 😁

I see thanks 🙂

Mgm

https://tryhackme.com/faq

@wild merlin

Huh, didn't know that existed

Must remember that

ok I created something simple at https://tryhackme.com/room/jvmreverseengineering

but apparently you have to make a writeup before you can publicise it

so Ill do that some time later

@wild merlin If it's a walkthrough, it doesn't need an official writeup

its not

I might make a walkthrough another time

What the testers (like me) do is check the room over to make sure it all makes sense and everything works

it should make sense but it gets very complicated at the end

You might want to include a bit of an introduction @wild merlin

For example, I've never done Java reverse engineering specifically. I don't have a clue what you're on about for some of that. I mean, with the experience I have, I would treat it exactly the same as any other kind of reverse engineering challenge.
In short, what makes the fact that it's Java special?

Interesting good idea

where do I put that?

In the description field?

As a task

I'd be tempted to make a new task at the start

ah ok good idea

Possibly also add a bit at the beginning of each of the established tasks as an intro to that task?

A good rule of thumb is that you should be trying to teach something new in each task. Certainly for the first few, a bit of a tutorial would be useful 😄

Also maybe talk a lil bit about javap

I will, thank you for the advice, very helpful!

You're welcome 😄

I added some introduction stuff, with a basic guide to the JVM instruction set, and ASM bytecode manipulation https://tryhackme.com/room/jvmreverseengineering

Ill try and make a writeup

but it will take me a while to solve my own challenge too lol

Were you not taking notes when you made it?..

No I mean of course I know the answer but writing a tool to reverse my obfuscation will be quite hard

@wild merlin nice room

Thanks

Snort room? Or "threat hunting" room where you look into shape copy files, or maybe bash history? Things like that? IDK I have only just started in this site, but I wanted to put in my ¢2

Shape copy files?

Shadow lol

So you mean like blueteam/forensics?

25daysofchristmas covers a lot of the basic threat hunting stuff

I want to make some forensics content ngl

Yeah stuff like that. Sans has a cheat sheet and I thought it would be cool to be able to have a spot to practice with that stuff. Maybe others could appreciate it too?

Post the cheatsheet in #resources

And I'll take a look at making some stuff

On the subject on forensics - What about digital devices rooms? Mobile phones, internet of things etc.

@tacit anvil What about those?

Hacking into devices

A lot of that is limited by what we can run on AWS but yep

ok I uploaded the poster to the resources channel. Hope it helps. Thank you for being open to the idea. 😅

Ok I finally finished the writeup

https://i.binclub.dev/k7s43a3x.pdf

thoughts?

Im writing it on a saturday night so its probably not best quality lol

Re. Forensics I could make some content about it, what sort of stuff are people looking for specifically? File carving? Analysis from mobile devices and things?

https://tryhackme.com/room/jvmreverseengineering ok I made the room public

@wild merlin one of the staff will review it and provide any feedback before making it public

Thanks

This is a quality control step so if feedback is provided for improvements

just whip James a few times

and he may do it

Nah, I won't

I took a look

Lol

Got other rooms to review first

Oh, been meaning to ask, James. You have any idea where SoulBreaker's w3bquiz is in that queue? He was asking earlier

I would imagine a ways down the list, given it's relatively new to be submitted

Yeah it's in review

I took that one, as there's a lot of stuff already in my DM's about it

And obv I was asleep

Ah, fair enough

Did you get a rule 1 break?

No, they asked

James is so passionate about rule 1 😂

anyone: so I dmed <x>
James: ok but did you ask tho

Hey everyone i would really appreciate cloud learning material aws or google

Like AWS hacking? @flint viper

Ya but a introduction to aws environment with it hack would be better and then a series of them with better knowledge... if possible

I can't understand that sentence

I just want cloud material about how it works and it how its exploitation can be performed like if you dont configure the bucket this could happen

You could understand it like introduction to cloud environment because if few people are trying to hack cloud or find vulnerability in cloud they first need to know the basics of cloud

And then they would be able to identify weakness

Cloud machines are just normal machines, but elsewhere

Ya but their configuration is different if i am not wrong and exploitation techniques too?

EC2 instances are normal machines

But the AWS environment is very different

It's a whole different kettle of fish to normal hacking

So yeah, there is a market for that kind of room

But creating the resources for it would be tricky

Hmm aws bucket configuration and exploitation

There's a little of that over in 25daysofchristmas

Again, there's the problem that it's real world and no longer virtual though

Because i saw aws icon on website but then its empty when you click so i was just wondering about exploring that area

Yeah I've reported that quite a few times and it's not been removed

Blockchain material and exploitation would also be amazing

I know the guy in charge of AWS security consultancy. Might be able to reach out after COVID-19 dies down

I doubt he'll be able to do much though. They do run their own AWS CTF competition

Introduction to blockchain environment and exploit the environment

But I doubt they could provide the resources constantly for THM to use

Ya that's the problem people run aws ctf but they dont know how to play them thats what i was thinking to learn

What do you mean?

Like how to solve aws ctf challenge

Aye, so they run their security jam which costs about £2000 each time they do it in terms of resources

That's for about 8 hours

Like a walkthrough but dont completely step by step like other tutorial on THM website

Leaving it up indefinitely would be a problem

Hmm never thought about that

Can we get rooms for secure programming then?

I think it would be interesting?

Like looking at vulns and why they happen, code wise?

Have you done hackernote? I included psuedocode there and that was what I was going for

That's the big problem (even forgetting about the fact that AWS hacking would mean getting permission to use AWS as a pentesting target). It's Ok if you can limit what you're using, but if you're using everything to be able to get an idea of how to hack it, it gets reallyexpensive

Hmm. Are you meaning how to make a program secure?

@flint viper I'm interested by this idea, what do you mean?

https://cwe.mitre.org/data/definitions/699.html

this is a good start, probably

That would be a James room for sure

Do we have an embedded object malware analysis room, specifically Microsoft documents that contain malicious embedded objects. I saw something similar in defcon 27, I had lots of fun, but would love to see more of that. Not sure if it's too niche. Just throwing an idea out there.

OA Labs on youthbe was an assistant in that class and offered great knowledge. Maybe he can have a THM friendly idea that isn't too involved and could be friendly to the THM room format.

I just finished burpuite into room and it reminded me of that class in Defcon. Once again, love the rooms. The material is awesome.

I have content akin to that in the pipeline @dense dawn! At the moment I've got a room waiting to be released that goes through embedded objects in PDF files. However, stuff like word documents is next up :)

Glad you're enjoying the rest of the content though! And welcome!

When I say waiting to be released - it's been reviewed, its just waiting for the next content push

finally! pdf inclusion

@lunar plank you da best

Looking forward to this one @lunar plank 😁

Roger, thank you. Can't wait.

samee ❗

It's an introductory, so not very in-depth. Wanted to see how it would go down with users here before I went into that a lot more. But that's just increased the excuse to find the time to do it ten-fold 😛

There's also static analysis on Windows as well :^

Which turns out to be waiting for the next content push as well 😮 sweet

How many is that you've got in the release queue now?

One that James is evaluating (after yours :^) and then two that are "Ready"

"Published"?

*Ready

Ah, fair enough

Same as me then

So, between the two of us, there are six rooms waiting for release

Plus goodness know how many others

At least we ain't getting bored during quarantine 😁

Hehe yup!

The movie Hackers themed room, where you perform a realworld "hack" similar to the movie, haha, bonus points for movie references.

@dense dawn I tried that, it became hackernote when I couldn't plan the path right

my git repo for it is still thm-hackers

Sorry, behind the game on these haha, let me play around some more before I come back.

I'd love to revisit it, themed rooms are real fun to make @dense dawn

I know I've already put in a request for buffer overflows, but would also tag onto that with seeing rooms that go over using tools like ghidra, r2, gdb (GEF, PEDA, PWNDBG). RE both 32-bit and 64-bit binaries, overflowing to both a specific function (yay flag) as well as overflowing into a shell similar to /room/bof1 but with more of a walkthrough feel of how exactly to do the overflow.

There's a ghidra room

A radare room

Gdb in there somewhere

Sorry for late

@feral egret You can check https://github.com/D4mianWayne/PwnLand for some buffer overflow
Then, it's not updated enough.
There's a repo named nightmare by a guy named tuxedo(?), check it out. It's probably the thing you're looking for.

https://github.com/guyinatuxedo/nightmare

I'll definitely take a look at those @final sun thanks! Yes James, there's a single ghidra room with the basics of finding some variables, I was making a request in the hopes of expanding what THM is providing.

android pentesting content

testing the security of apps

if possible

There's a lil bit but it's really hard to run anything on AWS for that

I think there's 1 room with APK reversing in

https://tryhackme.com/room/androidhacking101

Thatta one ^^

is anyone working on SQLi room at the moment?

Not that I'm aware of

It's been asked for though

i know

i really want one too

Make it

:)

yeah that's what i was thinking

it's been some time from my last rooms

i'll look into it

Please add video quality option to rooms that have video

Can a resources section be added categorized by topic. It may include YouTube Channels, Github Readings, Books, Blogs etc.

Will you please add a room on "recon-ng" (free) ? It will be helpful

I can take a look and add it to my list if you'd like?

Probably wouldn't be hugely long, but can write something up on it

Yeah sure. I just want to practice with real life example @native raptor

👍
I've got stuff to do just now, but I'll add it to my pile

ok. No problem.

Not sure if anyone has suggested this yet but snmp rooms?

sqlmap room ?

@radiant ospreycc Pentesting has a sqlmap section

Room?

https://tryhackme.com/room/ccpentesting

Ohh thanks

When learn windows room xd idk

+1 for learn windows room

we have a few windows rooms

but do you guys have a learn windows room ? xD

what do you mean by that

there is a how to linux room but no how to windows room

Okay how about this, what would you like to learn about Windows specifically?

how to use it of course

rubs head but ... use what part of it exactly? like powershell scripting? it's a GUI just like a desktop on linux - and no one's requested on how to use a desktop on Linux i.e. Gnome / XFCE

yes powershell would be nice

Well in which case there's this room:
https://tryhackme.com/room/powershell @worthy shadow

uhh nice one thanks

I'd argue people are more likely to know Windows for daily use than Linux, but there are some Windows quirks when you're pentesting it and I'd argue that not so many people use the Windows/DOS command line

i'd like to request a netcat walkthrough

A netcat... walkthrough?

wdym @calm warren?

Also there's a bunch of different versions?

yeah

What would you be hoping to see in a nc walkthrough?

its helpful + there are ppl dont even know about it

Yes, those are the reasons to do it

But what kinda thing would you be hoping to see?

Using it to probe ports?

Reverse shells?

Reverse shells ofc

I mean, I can do a reverse shell room?

It's useful as a listener or for interacting with other services as well

Cover netcat, socat, shellupgrades, etc

@native raptor awesome

Go for it

Hehe, just when I finish one 🤦‍♂️
That shouldn't take hugely long though, so I'll cover it next

https://medium.com/@vartaisecurity/lab-building-guide-virtual-active-directory-5f0d0c8eb907

labs for AD hacking

There is an AD hacking room, but issues with it are being fixed currently

Also, networks soon ™️

basically, soon™️

as soon as BoF gets uploaded

@sleek elbow Did you meant it for me? >_<

A room for navigating and possibly creating cloud-based servers

So you want like

An azure/aws/digital ocean tutorial

Yeah

Hi, I wish we could get a room explaining how to use burp suite / web app pen testing in details. I was a bit surprised doing the beginner path to not be so much guided on the juice shop part compared to the rooms I did so far. I'm currently watching / reading stuff on it in order to understand / finish the room .

There's a burp suite room

If you're a subscriber.
I can also reveal that there's a room for an alternative to burp suite that's in review at the moment

I'm a subscriber

Search for burp then @crisp cloak

Checking..

https://tryhackme.com/room/learnburp

yeah i did that one. it's mostly how to setup burp and intruder.

i was like meaning the other module also from burp like spidering ect..

actually, reviewing the room i just notice that i can learn some stuff from DVWA website .... 😄

hello i've seen a blockchain room is missing, any plans to add one?

@limber venture what kind of blockchain room? like general explanation and analysis of the system?

yes but also exploitation/ chainalysis

hmm good idea, thanks! might take into consideration

if you need help/consulting just hmu

just don't put a vulnerable erc smart contract as every blockchain puzzle in ctfs and such is indeed a solidity audit

Requesting a "covering your tracks" room. e.g. deleting bash history, hiding your IP, OpSec, etc.

samba exploit room please

@indigo moss Which?

There's been.... way too many

euh for beginner

intro to samba exploit

Which exploit though? There are tonnes of them

There's also a room that goes over this that's in review rn

something like this https://www.ctf.live/listing?labtype=beginner.network-challenges&subtype=beginner.network-challenges

#recon samba

There's also a room that goes over this that's in review rn
@somber crow interested to join

You can when everyone else can

When it gets approved

ok

more advanced networking topics ie Cisco common tasks ( turning on a port, vlans, basic subnetting & supernetting)

Why does it have to be cisco for subnetting and supernetting?

you know those are common networking concepts that aren't cisco exclusive

cause cisco is 80% of the business i doubt many people run into juniper

Also this isn't really CCNA study material, it's cybersec

cisco is now in the cyber buisness cisco cyber ops and security are growing

Ok but that doesn't change that enabling ports etc is CCNA study material

If you want the content to exist, you can make it

But we can't legally run IOS on anything

honestly

most internal networks I've been in

have ran (mostly) flat networks.

that very interesting

that must of been one huge switch or router to handle a entire buisness

A bunch of switches doesn't mean subnetting

Normally a decent router yes

that's not how networks work

i mean you don't usually have huge switches and in most of the cases you get 2/4/6 switches for redundancy and depends on the actual needs

usually depends on the client's needs on how they need to be set up, you don't need to overcomplicate a network to make it work

A box covering windows privesc - similar to the Linux one - perhaps mapped against the mitre attack map? That would be great 🙂

We have a windows privesc box in the works :))

I almost had a whole paragraph a month ago discussing about creating content for subnetting and visualising subnetting, vlans and trunks

No one seem to of been too keen into it but if that's changed I'm sure fellow creators can come up with a thing or 6

@lunar plank depends what kind of stuff you are willing to create about those topics. i can lend you a hand with them

We have a windows privesc box in the works :))
@formal turtle fantastic thank-you

More rooms about Linux would be awesome. would like to know linux like my ten fingers.

@orchid quest As in, Linux basics?

@orchid quest As in, Linux basics?
@native raptor well it could start with basics, altho i would like to think im past basics.. let say few tasks about basics, and then some advanced stuff, but any content about linux is welcome

Rephrase -- you mean a more advanced version of zthlinux?

Have you done Linux Challenges?

yes

i have done all linux rooms

Rephrase -- you mean a more advanced version of zthlinux?
@native raptor that would be great

Did I hear zthlinux part 2

Honestly at this point you're probably best just doing your own research. Once you understand the basics, you're past the point of really needing to be taught

Find something that you want to know, and go figure it out 😄

😄

I love me some rooms 🙂 I have been a heavy game addict, so doing rooms keep my mind off of it, rooms are like game to me, but here I learn while playing.

That's a good shout 😁

How are you for challenges?

im now doing Xmas room, im at the day 13

i love challenges as well

Hehe, I can highly recommend Cherryblossom, Willow, JOAT, Madness, Hackernote (obligatory for James)

I'm biased, granted

Nonamectf was pretty interesting

I must say i love everything about THM, just sometimes i feel like a know not enough about linux, especialy when it comes to using commands like find

Ooh yeah, Noname was fun

altho the room Find did give me a boost in that regard'

but still, when i google and find a right way to use find, i understand that i had no idea that i was supose to use it that way 🙂

maybe i just need time and practice

Hehe, I can highly recommend Cherryblossom, Willow, JOAT, Madness, Hackernote (obligatory for James)
@native raptor I will def try them out, after im done with Xmas room

😁

Which room should I prefer for metasploit

Rp: metasploit. Or ice

Wrong chat

Blue team content

Zeek is cool for pcap analysis

Cyberchef basics

windows privesc

In the pipeline ^^

Would boot/rootkits be possible in THM?

@lunar plank ^ something for you?

Oooo

It is in my series - albeit the theory (how rootkits actually work and what makes them different). AWS for obvs won't allow that type of stuff to be hosted - but I could include memory forensics etc of post-rootkit/bootkits if that's what you're suggesting? @old abyss (also ty @feral reef )

Honestly the more blue team stuff the better

No worries ^^

Hey Team, maybe its a cool idea to make a room for learning how to maintain access

because i need to definitely get better at that.

might be nice 🙂

I am committing to Blue team content. If any other creator wants to collab on some stuff ?

Any Active Directory related rooms?

Should be coming out soon :)) /cc @sleek elbow

indeed, attacktive directory is ready to go again, it just needs an officisl writeup

i've also looked to some walkthrough to look at the code, but nothing worked

wrong channel, sorry 😆

Idea: a room on nikto

@tacit anvil Maybe to go with zap?

consideration

@lunar plank Please make an AV evasion room, MuirlandOracle told me to post this here

(Uh, translation: CMNatic, would an AV evasion room fit into your remit, and/or would you be interested in making one? 😛 )

😄

Good idea - I've got a good path of the series that I'm taking. However I'll consider it. Could you further expand on what you want to see from it? E.g. The theory on how AV checks for Malware? @lament star

(also ty @native raptor)

Theory would be nice, but a practical example would be better

Bypassing sandboxes that kind of stuff

I think I'm allowed to share it here, but here's a high-level of how the series / pathway is developing:

Mhm okay, definitely food for thought. I'll scribble it down in my notes for it - I like the idea of it!

I'll just have to find the time (aka expect to wait a good month at the very least)

That's fine

I think I'm allowed to share it here, but here's a high-level of how the series / pathway is developing:
@lunar plank Love this, keep this resource as when the pathway gets built, it will fit in perfectly!:)

It seems to be going down a treat on here @remote socket ty for the encouragement 🙂

Why did i never thought about building a road map for my projects? I'll steal the idea.

I actually love that idea

Yeah. Never thought about it

That being said I've just created a Trello board for my stuff

draw.io for me

I just need to pick up a list of projects to actually make this board look like it has stuff in

😂

room on python exploitation exist or not

Python... exploitation?

What do you mean @gloomy trail?

i mean

does the tryhackme also have rooms like the course python exploitation by pentestor acvademy

I have no idea what's in that course. I'm assuming it's teaching you Python scripting?

i mean like solving htb machine by your own script

no the course is on the scripting on the shell attacks by python

Hackernote is good in terms of custom exploitation. My Willow also requires you to code for yourself, albeit as an indirect exploitation

Can you link to it?

Server is fine @gloomy trail 🙂
We try to avoid unrequested DMs where possible -- see the #rules 😄

I mean, can you send a link to the course?

I'll have a look at the content

oh

https://www.pentesteracademy.com/course?id=1

So, uh, yeah, Python scripting essentially...
Yes, we have scripting rooms: https://tryhackme.com/room/scripting

That's the one totally devoted to it, but it also covers bash scripting

In terms of writing your own exploits, as a general rule that's something that comes from practice

The AoC (https://tryhackme.com/room/25daysofchristmas) has a few really nice little scripting challenges

hmmm

There's also this https://www.udemy.com/course/python-for-pentesters/?ranMID=39197&ranEAID=Z*nNMT6UOvY&ranSiteID=Z.nNMT6UOvY-zjMOdnY5BkZzm_F.ntry2g&LSNPUBID=Z*nNMT6UOvY&persist_locale=&locale=en_US&couponCode=FREEEDUCATION

I have no idea if that coupon is still valid

But it's a decent introduction

I've also added more scripting into #641573666353709085 🙂

memes ( funny images that make you happy and reward you after a hard day of studying cyber security) and nsfw room

I'm going to go with no as a creator imho

@steel fiber That's gonna be a deny. This is rooms for the site

memes go in #thm-community-media

nsfw goes in other servers. This server is strictly SFW

@versed veldt official warning. Stop posting discord links.

Jojo

Would be cool to have a room for 'game hacking' (is that the term for it?), something like pwnie island but maybe a little less open. I know that would be a lot of work tho.

A room involving the basic steps in rooting a system. I know HTB has starting-point for that but it'd be nice if THM had something similar to help newer people

priv esc playground is a pretty good place to look to practice priv esc methods

My bad on the wording. Enumeration and foothold steps

It's not too difficult when in the machine, but getting there can be pretty confusing

@tacit anvil search for the educational rooms. They guide you regarding enumeration, exploitation and priv esc

@split viper thank you

its will be great if we have room or something like pentesterlab to practice on every web exploit

@hard kraken there's juiceshop, webgoat and wackopikco somewhere

Are there any free rooms that introduce pwn functions?

it would be cool to have more rooms with Networking related topics

@dull adder hey, can i pm you ? 🙂

Hey @feral reef okay

@tacit anvil pwn functions?

@final sun for example: uploading or creating a shellcode

As in how to create shellcode and how to execute it, I assume?

Yes

The pwntools docs describes the process of making it or importing it with the pwntools library, but a room where we actually make use of it interactively would be really beneficial

Possibility for a basic SQLInj. room? I mean a room that teaches everything from the beginning.

@tacit anvil this was highly requested and might be coming in the nearest future :)

I am Done with my room creation and official writup ! Can anyone help me publishing it??

just submit it @desert cloud

it'll be reviewed

How to submit?

choose 'public' visibility in your room settings

That is already Done

does it say 'submitted' or 'evaluating'?

Submitted

alright, just wait for now

By what time it will be published?

can't tell

(i just don't know :)

after someone reviews it it might be pushed through

Okay! No issue! So if there will be any mistakes
Will they ask me to rectify things or simply it will be rejected??

you'll get some feedback

in case something is wrong

Okay! Fine!

To whom i can talk to for this?

you'll see it on the platform

Okay!

Join Fast

https://tryhackme.com/games/koth/join/9e3685357e55111f58ae7ceb

1 min Left

@clever fiber Wrong channel

@tacit anvil this was highly requested and might be coming in the nearest future :)
@languid ibex Okay. Thank You! 🙂

@tacit anvil the only issue being manual SQLi is kind of a hard topic to teach, as for it to make any sense you have to assume the user understands SQL on a high level

@tacit anvil the only issue being manual SQLi is kind of a hard topic to teach, as for it to make any sense you have to assume the user understands SQL on a high level
@tacit anvil exactly. I have no prior knowledge about sql so I can't really understand sqli.

Then a room on manual SQLI will be worthless to you @tacit anvil

;-;

@tacit anvil Learning SQL is useful anyway 😁

so would an sqlmap room be fine or its simple enough that it's unnecessary?

so would an sqlmap room be fine or its simple enough that it's unnecessary?
@shy vault That would be helpful. atleast for newbies like me.

@tacit anvil Learning SQL is useful anyway 😁
@tacit anvil whatever I learn, i learn through THM, idk why. IF THM makes a SQL room, i'll definitely learn that

THM should not be your only resource

Besides teaching enough SQL in a room to be able to use it competently will be quite difficult

any particular resource for SQL?

Personally I recommend setting up some tools that require SQL databases, and going from there

Syntax documentation can be found online

check w3schools

if i remember they have something for sql

They do

and codeacademy

Try setting up a MySQL server and playing with that @tacit anvil

For me the best way to learn is by experimentation and documentation

yeah that's true i forgot about sqlmap's documentation

thanks for your time and help

For me is having @tacit anvil by my side

<3 @feral reef

@tacit anvil Okay sir. I'd definitely try that. Thanks for the guidance mate.

can we have a reverse enginnering room with applications that have debugger detectors and how do you like pass their traps so you can still run the program in the debugger

@final sun ^ something for you?

Well

I got time till 3 may, it's time to work on the room

what about a room on Nikto?

There are a few that cover it already 🙂

https://tryhackme.com/room/rpwebscanning

Is one

Room focus on Win32 Buffer Overflows 🙂

We have a couple rooms that feature buffer overflows @sick vine

Most 32 bit

The differences between windows and Linux bofs aren't that big iirc

thnx for the reply can you suggest me some for practice? @tacit anvil 🙂

https://tryhackme.com/room/thecodcaper

thnx for help 🙂

it will help me understanding concept 🙂

https://tryhackme.com/room/bof1

Are we have bash room ?

Bash coding or bash commands?

There's the Learn Linux room and you can learn shell scripting from just googling "learn shell scripting"

@tacit anvil you can learn almost anything with some research, doesn't mean there couldn't be a room made

True, my bad man. I agree that shell scripting should be a room, just wasn't sure whether they meant that or commands

Bash scripting is actually a good idea

agreed

id struggle making a bash room tho mainly because variables, loops and pipes are the only real bash things

it's mostly just chaining external binaries together to achieve and end goal

i.e.

for LINE in `cat /root/hosts.txt`; do host $LINE | grep -v "NX"; done

yehh

anytime i need to look up some bash scripting stuff

It'd be nice to go over the basic structures though

i open up this bad boy

https://learnxinyminutes.com/docs/bash/

having a room on it is def a good idea though 🙂

Ya i mean room for bash scripting.

I posted a few weeks ago about a room called "Covering Your Tracks", or what have you. Basically a room teaching people how to go undetected(or at least covered from discovery) when performing some of the other rooms. Is there a thought on this?

I've put it in submissions 🙂

Awesome, thank you @native raptor, I think a lot of people will enjoy it. 🙂

Are there any rooms relating to CORS vulnerabilities? I'd love to see more on this and more webapp vulnerabilities in general e.g SSTI, SSRF etc. That would be incredible. I'm already a subscriber, but I'd extend my subscription indefinitely for that kind of content

https://tryhackme.com/room/thecodcaper
@tacit anvil that's the funniest room description I've ever seen LOL

We have a room with SSTI, XXE, JWT vulns coming out soon :))

That's amazing, thanks @formal turtle

Is it possible to have room about SQLi which goes step-by-step?

Ohh, im not sure if this has already been done but something where we can get some hands on with SCADA controllers would be amazing

live stream a remote control arm or something that we could watch move around once we are in and playing with it, that would be cool

I have and idea about a room using cronjob to randomize ports and services available on the box for E.g will start with HTTP and SSH on default ports with a certain script Vuln and people have to rooted. the twist is every 20m~ish the cronjob run change the configuration and restart the service maybe starting new service like pure-FTPd.

Interesting concept that I've considered trying to create for a king of the hill box. The idea of a self patching or adaptive box would be sick

Would it be possible to have a room for Maltego, or is it too dependent on third-party services?

Seeing as it's free it seems fine?

is there room for attacks on cloud, aws and google cloud etc?

probably just aws actually as most companies move to there now.

If there's not a room on it yet, evil-winrm would be pretty useful to learn

Thoughts on EEPROM hacking or similar hardware hacking? Or a digital forensic room? I could make the content.

For EEPROM hacking I could provide content of multiple types of laptops (Photos included of IC's on the MOBO) with OSINT questions and technical questions.

A room on CSRF?

That room is coming out soonTM @tacit anvil

ah ❤️

I'd love a room exploring wildcards in linux and the different ways they can be used in an exploit.

^that'd be really neat

A room covering defensive methodologies and general defense such as patching vulnerabilities and securing a network

there is only one room for active directory. Can anyone add some more?

Added to submissions 👍

room for GO language

🤔

What about it?

Preetty sure there already is one

There's kind of one

Using go tools and installing go

Rather than writing it

But this isn't a software dev platform

black hat go - have you read this book?

I've got so many AD rooms on the backend xP

just have to wait until my schedule lightens up. School semester is coming to an end relatively soon

@sleek elbow can we discuss what you're working on so we don't do the same thing?

Yep

pm?

I think a room walkthrough of a tool like cherrytree or other prominent reporting tool would be good to have. I realized I never really organized the notes I took and now see the value in it but don't know the best way about it or all the shortcuts etc. Also a room about something like docker would be cool

@white plover CherryTree has a really good manual

The docker documentation is also pretty damn good

I get that but at the same time it's more about exposure I suppose. I had heard of tmux but appreciated the walkthrough room and learned a lot and now can't see myself without it. Similarly there are things like git which could be tied to a ctf style thing where you find things hidden in commits, logs, blame,history,tags etc. git has great documentation but lots of people don't know more than how to clone. I understand though that it should possibly be reserved for tools that aren't widely known but useful or lack good documentation though just sharing my thoughts

Remember, you're welcome to make a room yourself too

What restrictions are there to making a room?

@tacit anvil https://docs.tryhackme.com/docs/room-creation/room-creation-getting-started

Thanks

I was refered here from the general channel. I'm building a MITM attack exercise and I realize I cannot deploy 2 VMs at once. One is the Target User Windows VM and the other would be the Target Web Server. Then of course the attacker would be VPNd using Kali or whatever hacking distro.

I attempted this potential room idea using Blue and DVWA VMs. I dont know if the Blue VM has a default User/Password to RDP in.

@warm hull blue because exploitable or blue because windows?

Because its Windows. I need a VM a user can RDP into to play the 'User' role.

The windows base VM? @warm hull

Yes, I was actually asking about that one. I emailed education@soft hamlet about allowing me to clone it so I can modify it and include the DVWA as the target web site.

You should be able to do all that

Networks would make it much easier but I don't know the ETA on that

What is preventing me from deploying two VMs on the same subnet?

I would think that is simple to do.

They're all on the same network

But THM networks would make it all a lot easier

In essence this is what Im trying to accomplish....

Of course, the WiFi AP and the Layer2/3 device are just for show. I dont really need that as part of this exercise.

So that's 3 machines

DVWA, kali, windows

Well, the attacker is using their Kali to VPN in to THM.

Yes.

So it's two machines

There is a DVWA room already out there that you could use

Yes, Im using that one.

Windows base has RDP also

Yes, that;s the one I hope to clone.

What customisations would you really need on the windows machine?

None. Just be able to access the Web Browser to access the DVWA.

So i don't see why you'd need to clone it?

As the attacker (Kali) is sending arpspoof requests to redirect the MAC of the User/Server back to the Attacker's MAC.

Yep. So why clone?

I dont see the Windows Base in the drop down.

You can just deploy the room

When I go to create a task, for example.

Yeah I get that

But it's a standalone room

https://tryhackme.com/room/windowsbase

Instead of uploading it yourself, you could just deploy that one?

They'll all be on the same network

Ah! I see what you mean. The reason I would clone it is to make it accessible to my students that do not have a subscription to THM.

I havent forced everyone to pay for a subscription so I took the liberty of doing that.

If you talk to skidy I'm sure you can sort something out

Sounds good. Will do. He's been really helpful these last few times I've reached out to @remote socket

I don't know how well a windoes VM will run on non subscriber level resources

Hey, thanks for all your feedback and suggestions. This is really cool. Been having a blast creating content and using what's avaiable to teach the fundamentals.

@somber crow

Check out http fundamentals

And wifi hacking 101

Wifi hacking is definitely free

I think HTTP fundamentals is sub only

Ah Nice!! WiFi Hacking is on my TODO.

I created those two, for reference

Hopefully more beginner content coming soon

For sure. Thanks again.

What about a room to learn how to find and bypass a firewall? could be possible?

Bypassing firewalls is somethings thats relatively difficult

plus, if a ports marked as closed on a firewall, there isn't a ton we can really do about that

plus, if a ports marked as closed on a firewall, there isn't a ton we can really do about that
@sleek elbow what about a WAF?

WAFs are a completely different story

yes, i know. idk why i wrote firewall instead of WAF lol 😅

@rocky gazelle i see you are working on my room, just want to let you know i updated / added the flags + questions now.

😉

haha good!

Also not the right channel..

Try #room-help

😔👍🏽

a (guide) room based on exploiting vulnerable websockets

@orchid fossil That's an insanely broad topic

Do you mean BoFing them?

searched it up, but i dont think its what you mean

@orchid fossil Then explain what you mean.

ill send a link in a bit, i lost it. but the main idea is executing script through it

So you need RCE

So BoF or something

Any rooms on it?

There's a BoF room

That has a socket BoF

does "Bof" stand for buffer overflow?

yes.

ah very nice thank you

A walkthrough room on pivoting? Maybe with and without Metasploit, so we get an idea of other tools

Coming with Networks

Could do something with Docker sooner but that'd be Linux only

Ahh sweet, that’s cool 😃

Hopefully soon™️

🤞

A Rastalabs, offshore type of room which has several boxes would be cool.

@outer jewel that sort of thing os coming woth networks

Awesome 👍

When is that likely to be released?

Soon™

And not a moment sooner

Bof done 🥰

what's next?

@remote socket i have submitted a room last week and requested to make it public. But its still under evaluating. Is there any issue with that?

no

it’s just being evaluated

@thorny pecan which room? I can take a look for you

Its Forensic for CTF

@feral reef that's one of yours -- how's it doing on the list? 🙂

oh, damn, i'm sorry, i might've got busy with other stuff!!

i will review it by the end of the day and get back to you @thorny pecan

Okay

can i pm you @thorny pecan ?

@feral reef sure

Hello guys i hope for more learning / advanced topics on network pentesting also some enterprises pentesting like rooms(with pivoting and such on) thanks

Bit difficult without networks

Fortunately, those are coming soon!

soon™️

seems like a game changer! can't wait

fo' sure

it looks real good

Binex :D

@ornate cairn soon™

Lot of binexp content

Hello @lunar plank Can I dm?

Hey dude, can I ask if it's anything in particular? Or would you rather keep it over DM 🙂 @tacit jungle

I have submitted a vm and it isn't available for public

Ah, you've submitted a room? Do you know the name / your THM username so I can see if it's in the queue?

Or did the VM fail to convert when uploading?

Deamon

Oh yeah! Yeah I approved the room for release a couple of days ago 🙂

Yes

They get pushed out according to the release schedule

I'll find the lil' bit about it one sec

May I know how long does it take?

This is my first vm and I am excited about it

I bet hehe

I can't seem to find it on the website, but a rough guide is that Walkthrough rooms get pushed on a Wednesday IIRC, and a challenge room every friday

The admins pick what to release, but there's only a handful that are ready to push - two of them very recently so...Hopefully 🙂

Okay

Can you reset my progress in the room in the mean whilst please? x)

Thank you so much @lunar plank

No worries!

I have a question about my vm can I pm now?

Yeah sure! 🙂 Thanks for double checking

I was wondering if there are any social engineering rooms where you could spoof an email to gain certain information or even a chat bot. How do you prep for social engineering in the real world and would that work?

That's more phishing than SE I'd say

Would be really difficult to create

It probably would. My other one was thinking of taking information from a phishing post on a social media site. Then again, I guess making a mock social media site takes ages too.

so for example, you found info about a user that had listed an account somewhere and on their social media they had those "ask your husband these 10 questions" that gave clues to broken authentication

i wish to see rooms emulating real-world enterprise network pentest scenarios with updated os / pivoting

Pivoting / networks coming real soon™️ @loud sparrow 🙂

Believe me when they do ... there'll will be content haha

thats cool also a path that follows elearn security certs like PTS,PTP,PTX will be cool i mean as practicing those topics will help alot

Would it be possible to get a room on SAML exploits? I find it really fun and something that's often seen in the "real-world"

I can’t wait for networks so many ideas floating around in my head

+1 on that holy moly

thats cool also a path that follows elearn security certs like PTS,PTP,PTX will be cool i mean as practicing those topics will help alot
@loud sparrow i can create something for the PTS but we need to wait for the networking part to get added

A room that is nearly impossible to exploit, and only lets you telnet or nc a port. If you remain a connection on the port without entering data for 50 minutes it outputs the flag. Made to teach you that not every machine is going to be easy to exploit, and the valuable lesson of knowing when to give up

1. Why not make that yourself?
2. You've just given it away here..
3. How is that hacking?

I mean, it would be trivially easy to make, but that's not exactly hacking, is it? 🙂

Which also makes it a good way to further hurt poor Skidy's wallet unnecessarily

if you buy Skidy a Rasp-Pi to host it on, I'm sure he wont have any issues hosting it

I'll host on mine. 😛

It's a fun shower thought ¯_(ツ)_/¯

I can do that 😂

Definitely worth a first of April room prank

@feral reef But that's soooo far away

There was an xmas gtf last month

Everything is possible

Ooh I won pretty high in that

I'll put your idea after my next 2 boxes

A OSCP exam like room, like a practice exam room?

A Guided room on SSRF?

Kinda surprised I didn't include it in zthweb tbh

Kinda surprised I didn't include it in zthweb tbh
@tacit anvil Me too haha,So I figured I'd post here

ZTHweb2 incoming @tacit anvil

You'll be testing@feral reef

And actually yeah lol

oh, i am not paid for this lol

Ur paid in love and cookies

@tacit anvil more rooms like zthweb would be good. Not finished with it yet, but such a great room

Kinda surprised I didn't include it in zthweb tbh
@tacit anvil
Probably could've replaced JWT

But then you wouldn't have learnt about JWT...

@formal turtle Are you able to fix the typo on the badge?

the badge for the zthobscurewebvulns rooms?

@formal turtle Yup

yess

will be made live in the next push though 😄

Cheers

does anyone know pydictor? Its an social Engineering Dictionary Builder

There’s already a custom word list room I’m pretty sure it’s outdated and could use some updating with automated tools but it gives you the background knowledge to build custom wordlists

whats the name of the room?

oh nvm its Custom Wordlists

...

That's not really what the join codes are for @spiral delta

what are they for?

Sharing with friends, students.

oh sorry

Rooms that you want to make public need to be reviewed

How do I do that?

pressing "Public: True" in manage section of your room

https://docs.tryhackme.com/docs/room-creation/the-review-process

oh ok

I have to do a writeup tho

Do I have to create it myself

If it's a challenge room, yahuh

ok cool

thanks

🙂

🙂

how do I post the writeup

do I have to upload it to youtube

or just upload it to tryhackme

Writeups are usually text

(Speaking as one of the guys who might be reviewing it, please don't use a video for the official writeup)

ok

Doing them as a private Google Doc is common

Ok cool

should I upload photos as well

As much detail would be nice but if it's fairly intuitive and detailed well in place of photos

should be okay 🙂

ok thanks

Screenshots are helpful.
Realistically, it's there to make the process as streamlined as possible. We don't want to spend hours figuring it out, because there are lots of other rooms we need to get through

As long as it's descriptive enough, it's fine though 🙂

ok thank you man

Look forward to seeing it in the queue

^^

🙂 thanks man

@spiral delta Can I DM you?

yeah

hey I have upload

I am trying to upload an ova box

but it says 0.00% percent the whole time and it doesn't upload

does anybody know how to fix this?

is your computer time correct

also #site-support

It would be cool to have a room that provides hands-on practice with scapy. Unless there is one already and I missed it.

As in crafting packets and things? @wintry slate

I don’t think there’s anything but that’s a real neat idea tbh I could get on board with that

@lunar plank Yeah, something to get more confortable with being able to use it practically and on the fly I suppose.

Yeah that sounds neat

I’ll add that on my list at the least it’ll be cool!

Unless anyone else beats me to it

Sweet!

Not sure if you all do testing for rooms prior to releasing them, but if you need someone to test it let me know haha.

Yep, we test them first 😁

That's actually pretty cool

I think rooms aligned to the Mitre Att&ck framework would be cool. How to perform various techniques, initial access, execution, lateral movement etc.

I know there’s the Empire C2 room, maybe adding additional C2 platforms like Covenant, PoshC2 would also be an idea.

I would love an umbraco based room, where you have to hack into Umbraco CMS

there is an exploit for v7.12.4

Why not make one?

Failing that, @feral reef this one's yours 😁

Yeah, umbraco is my thing @radiant imp , I can put something together, on my list of stuff. however bare in mind it is out of support and a lot of people migrated to a newer version which i am not entirely sure how I can create a misconfiguration. But, do bear with me. I might be able to pull something out

my own website is designed and built with Umbraco

awesome! yeah im a webdeveloper and umbraco certified but i have no clue how to start building a good room

we can do this together if you want 😄

If @native raptor will be nice enough to put it in the #641573666353709085 so i won't forget about the request, I will get back to you after i finish the current rooms i am working on

awesome!

Do you mind if i PM you?

nah, dude. feel free do dm me after you send a friend request

Maybe as idea to hack "tryhackme.com" or an instance of it just for funzzz

@radiant imp There's a bug bounty program.

good luck not getting blocked by cloudflare

rip

@tacit anvil Anything specific about SIP?

I can make some VOIP content over the summer

yknjow what would be cool

a box revolving around old software like win2000 or older

To see just how vulnerable it is?

I have no idea if AWS could be convinced to host that 😆
Worth a shot though

Ice?

The oldest I have is xp sp3

I maybe be able to find something on torrents

An sp1 to put the ms06 I think it's called the dcom one

Turning the thing on is a vulnerability at this point.

Isn't that the point lol

I mean we could have something like a wayback room? Bringing artifacts to their glory? 😂

Word 2003 exploits

Excel macro 😮

and unlocking password protected documents by changing extension to zip

supports sql 2000

xD

If it doesn't include AOL Instant Messenger viruses being transferred to unsuspecting people as .jpg's it won't count.

anyone, i think it's a good thing to do as a special request if aws allows

a wayback machine of how easy it was to exploit stuff at those times

is winworld still up

https://winworldpc.com/home

it totally is

has almost every old os/software since before XP

where did you get this link from lol

I've had it since I was 11 >_>

Remember, abandonware can still be considered piracy

Is that only if Microsoft decided to pursue it though?

That's a serious question I honestly don't know how it works

depends on the case but basically if a company still exists or someone else now owns the rights to a work they can go after you for it however that being said you could also try to take it to court and if you can show that they dont defend the copywrite you could win. Its why you see things like Nintendo going hard after fan games because if they dont then it could hurt them in a future court case. Also of course depends where you live and where they own the copywrite which is why copywrite is so fun to deal with

is you a lawyar?

suh

Lol no. I come from a five generation lawyer family you could imagine the joy when I went into CS

i did a semester of business law though it was probably the worst 4 months of my life

most dry thing i ever did

From what I’ve been keeping up with, the only OS Microsoft sent a DMCA to win world for was XP (because of the market share and technically Microsoft still offers it)

A detailed walkthrough of Cutter and RE

We have a walk-through for radare2 and cutter is just a GUI for r2

Malware Development Room, Macros, Executables etc.

@lunar plank ^

it crosses a thin line between blackhat and redteaming though

Yeah... I wouldn’t be too comfortable with that fine line tbh

More so I think it’d get vetoed either way 😅

yeah, i'm just thinking

probably on old version of software that are EOL?

just to showcase it?

I’ll defo have a look and bring it up!

sure, i'm just thinking of not having real life applications

that's my main concern about this

Yeah definitely

Yeah, probably better not teaching anything that's actually dangerous

It’s the learning of the techniques that’s the issue

Doesn’t matter the platform

Kernel level rootkits would be nice, but then again might cross the line into blackhat 🤔

Malware dev is a blackhat topic -- malware and scripting being two very different topics of course

I would say that's the line, between what we do, and what we don't

We teach stuff that could be used maliciously, but not stuff that can only be used maliciously

Yeah I concur with that

It becomes a bit of a different ball game at that point

yeah, that's why i am saying

being aware of all the stuff might actually make it better than avoiding it

either way

Yeah I agree with that

so, doesn't really make a difference

There’s no reason I can’t discuss why they work although?

and it seems like a good addition to the malware series

Just teach us to remove kernel level malware from KoTH

but has to be approved from the Overseers

All we need

Ahahahaha 😂😂

Now that Dan’s got a poc

I agree

If it's a simple rootkit you can just use rmmod to remove it 🤔

myDonuts has a working one that's in use

Gotta find it first

lsmod 😄

you guys talk stuff that's out of my league

But a good rootkit would probably prevent itself from being listed by lsmod

you guys need a life

You're here too.

a good one changes the name constantly

welp

i am WFH

what else can i do

@golden mountain Or impersonate another module 🤔

other than dip in into channels

i mean, i do have 100ish rooms to finish to finish 100% THM

so let's just jump into steel mountain and see where's all the fuss about it

I'm definitely not the guy to probably talk at length about this but couldn't malware be used for white hat purposes? I mean would it ever be in scope on an actual pentest?

👀

yes. in UK for CyberEssentials+

you need to send a payload in an email and if it bypasses the filter you fail the assessment

For it to be a rkit it needs to not have an exit module

If there's no exit module then rmmod will fail

I would absolutely love a room for malware development, however I would also love to learn how to defend against malware and intrusions (for KotH)

#ultratech1
#5 The software using the port 8080 is a REST api, how many of its routes are used by the web application?

i thing the port in question is wrong...

please advice

Perhaps a room to teach how to quietly pwn a system without raising AV or logs or such

That's been suggested (and highly demanded)

I have a feeling it'll end up in one of our dev piles sooner or later...

well the problem is that av evasion / firewall bypassing is constantly changing there is not really a standard to it there is but there isn’t at the same time

Yep. AV companies are constantly scraping public repositories to see what new and fun ways there is to obfuscate data. And there are only so many ways that the underlying system can interpret it.

Maybe have a custom basic AV that detects sigs and such, for the basis of being a stepping stone

I wouldn't say malware development can only be used for malicious activities. Such as a pentester using custom malware in an engagement and then providing guidance on how to detect it or at least log it for threat hunters. The mw developer will have a better way of presenting that surely.

IPv6 hacking room

Windows based breakout room

Like a VM escape?

More like kiosk breakout

Interesting

C2 Matrix Room - https://howto.thec2matrix.com/

How to use Docker room

Programming based rooms in addition to the existing Python room. C++, C#, Go etc

Remember it's a hacking site 🙂

The Python room is there to teach basic scripting (I think some shell scripting might be in the works too)

Things like docker escapes are good to cover though

I don’t think that docker breakout are that extensive to make a whole room on though? There’s already a few challenges with them in there

and IPv6 is an interesting one there’s only a small number of good ipv6 attacks out there everything else if just like ddos but there is like mitm6 I think for something like that it would have to be part of a larger room rather than its own thing

A room covering different ways of breaking out could be cool

A room with Sandbox Escaping techniques.

Would anyone be interested in an iOS reverse engineering room? As an iOS developer I would like/be able to make one. Not sure if people’d be interested

Sounds fun 🤔

That would be great actually! I was considering to study this recently

So make one 🤩

Why does only iOS get the love? Can Android have a spot too?

@tropic cave That exists tho

O

Bad ideas strike again

android hacking 101

Well man I didn't know

I've honestly never gone through all the rooms. I should search tags though lol

android reversing is waay easier than ios reversing lol

cause all android apps are just java and java can be decompiled

@crimson tangle i'd definitely like that haha

Nice! I’ll make one and checkout how I can submit it. I’ve got some cool ideas for a good room

@crimson tangle https://docs.tryhackme.com/docs/room-creation/room-creation-getting-started

Thanks!

I noticed there was some chatter about creating a room for bash scripting. Not sure if someone is already working on that but I'd be willing to help if needed.

@crimson tangle I think that would be an amazing room. I'm new to RE and would love to try something different than the typical RE labs. I'm excited for it!

A more structured scripting basics room, all we have currently is 3 tasks that tell you what you need to code it to do

@open vine bash scripting?

Preferably, I was referring to the room about Python and bash

Gatcha. I'm fairly decent in Python so if the current one isn't up to snuff I could do an updated one

@tropic cave it was released sub 2 months ago lol

https://tryhackme.com/room/introtopython

Oh

Welp

Then what don't you like about it @open vine

I haven't checked it yet

not that one

Let me see if I can find it in my rooms

https://tryhackme.com/room/scripting

@gusty gust Android is opensource.

IOS is not.

i was talking about app reversing, not the system

Would a room based on attacking fake satelites be possible? That would be a cool concept.

Building on from the new post exploitation room, a persistence room would be cool.

@outer jewel That's in #641573666353709085 already

Got a lot of votes

👍

@simple gust that would be hard to replicate as I'm sure very few of us know how a satellite works and that sorta falls in black hat territory

ehh not really there’s already a ctf for hacking satellites - hack a sat I think it could be a cool idea it would just take a lot of research

gotta know how to pentest satellites

specially since they're becoming cheaper to launch