#room-ideas

@native raptor, can I dm you about my room idea?

Uh... I guess?

Okay now not many people know about this but discord actually saves deleted photos to your harddrive, I'm not sure where the folder is (Search it up) but maybe you could do some sort of OSINT/ Room on discord to do with that

It's quite concerning actually as somebody could post some rude images and if you happen to be afk on the channel, even if they deleted it, it would still be on your hard drive

Oh and what about a stegonagraphy box? (Hiding text in text, hiding images in images, hiding text in images etc

If you go to hacktivities and filter by steganography you'll find a bunch of rooms

If you go to hacktivities and filter by steganography you'll find a bunch of rooms
@somber fractal There are no steno rooms in there

Theres some steno but not many.

It has more crypto than steno

If you search it you'll find it 🤷‍♀️

We have so much stego it's banned from rooms

I mean, there's a very heavy stego box coming soon, I'm supposed to test it 👀

Reject it if it doesn't come up to the guidelines @lament star

(Seriously, aside)

I think it would be nice to update blue room removing the part of converting shell to meterpreter , a lot of times I see people confused in help chats wondering why it doesn't work since now the exploit creates a meterpreter shell already

^^

Trust me, between myself and James, we must have added it to Dark's To-Do list about six times

It's Cry's room

I know

😆

Reject it if it doesn't come up to the guidelines @lament star
@native raptor no, no don’t do that, muiri it’s my box that’s stego heavy don’t reject that’s bad

no

Do we have any room that teach how to create a better security configuration on Window and Linux operation system?

there are 2 rooms coming out soon

^ both are for linux

nice

is there a room for pfsense? or wil there be a room for pfsense

and also security onion?

Security Onion would be nice as a Network.

There's a pfsense endpoint in Throwback.

But I don't think anywhere else on the platform.

is there a room for pfsense? or wil there be a room for pfsense
@feral fable due to the aws restrictions we can’t easily run these machines, it’s something we can discuss though what would you like to see from a pfsense room? There’s not a crazy amount of vectors for it

I did one on CSL, and I'm like almost completely certain it required admin privileges even to run it. So getting command execution from a pfsense vulnerability lands you on the admin/root account anyways. Not a ton of work or learning to do there (if you're thinking offensively).

I did get pfSense up in AWS just before Heaven started that I was developing on

creating suricata rules, general management of it) but I put it on hold to see what his plans were.

I'll touch base with them and ask re. it

But yesss please let us know what you'd like to see from it

From what I know as Im officially working on the blue path we dont have any plans for it currently, but I also have yet to see the entire plans

due to the aws restrictions we can’t easily run these machines
this is very, very, very truee

we can it just means the room will def be subscriber because we have to specifically request from skidy and ashu to pull down a pfsense box from the marketplace

Mhm okies, I got the previous nod before that started. I'll bring it up for discussion

yea defo

I can't remember if it was Azure or AWS that I maanged to do some tom foolery to get the community edition running

Hey guys I am not sure if there is a room already being created for this topic but I will just in case. Could we have a room that dives into teach ICS security and hacking? I know that ICS is a growing area for cybersecurity and it would be really great for people to get some hands on training and knowledge.

@quaint brook there is actually a room already in the queue for it, rooms for ICS and SCADA can de difficult due to the systems needed and they can be hard to virtualize

Do we have any room for programmable logical controller

@feral fable due to the aws restrictions we can’t easily run these machines, it’s something we can discuss though what would you like to see from a pfsense room? There’s not a crazy amount of vectors for it
@karmic raven sorry for the late reply
i was actually thinking of creatin a room for it but if its going to create some restrictions i guess ill think of something else

security onion would take a lot of time to create too

I have an idea for a room. Maybe a room for the new nobodys /home privesc?

Funny thing, @spiral gull

I may have spent the morning looking into exactly that

@native raptor you legend

It'll be interesting getting it to work on AWS, but possibly possible

Looked like a real interesting privesc to do

Yeah, I saw the PoC video

Looked like a fun one 😁

Anyone finished startup rom

room

need help

#room-hints or #room-help

When approved but unreleased, is there a release agenda?

Yes there is, it’s scheduled to release December 12th currently

python,js Room

@waxen spruce If you're suggesting, then we already have them

hahah ok i didnt saw them

@merry ice Thank you for your feedback! It really means a lot.

I was wondering if you guys at THM have a limitation on CPU size for submissions? I have a really cool scenario to finish making that requires 1.7GHz assigned to each instance and dual core processing.

Typically it’s a small aws instance but it can be boosted if need be. I can’t even think of the top of my head which instances we use. @remote socket would have more insight

Thank you kindly ping me with a response when you have more details 🙂

@foggy quest by default the boxes deploy with t2.micro for your needs you would need a t2.medium instance which Im not sure whether they would deploy or not again its really a skidy and ashu thing

Those are also oddly specific requirements

1.7GHz is quite low

yeah Im fairly curious what needs that specific of an instance

would you like to discuss in pm?

if you want 🤷‍♂️

Room Intro to x86-64 task4 The following questions involve analysing the if2 binary.

it would be nicer to bold the text if2

lost half an hour to analysis on if1

#room-bugs ?

Secure Coding / White box penetration testing - Show the various vulnerabilities found within web applications and their corresponding insecure code (OWASP TOP 10) and how to secure it. Show security libraries like helmet to help with secure coding

https://owasp.org/www-project-proactive-controls/v3/en/c2-leverage-security-frameworks-libraries

@karmic raven I am working on this 👀

@merry ice right now there's a reason that isn't in place, as it would have an unintended side effect.
That said. The room creator, an admin, Bee, CMNatic, or myself, can reset you.

A room about mainframes, how to hack them and how to prevent them from being hacked (a series maybe? 🤔 )

Mainframe being... what specifically?
Bearing in mind it's basically a big server

We have hundreds of those 😆

Nmap has a good amount of mainframe scripts. Most written by the same guy.

Mainframe being... what specifically?
Bearing in mind it's basically a big server
@native raptor They're more specialised OS wise

I'd have thought it would depend on the application?

no I mean actual mainframe like IBM System z14

Ah

Fair

Good luck virtualising that

with different OSes

z/OS as example

Good luck virtualising that
@native raptor I know lol

I just wanted to propose this room idea as it's a thing that I've been digging in the last month but it's a huge topic to cover alone

Maybe THM community can be of help and benefit from this

A room about mainframes, how to hack them and how to prevent them from being hacked (a series maybe? 🤔 )
@tacit anvil we have no mainframe specialists really on the team, an internship that I’ve been offered will be focusing on mainframe hacking but there’s a lot that has to happen before that internship. If I do get I will be sure to bring over any knowledge I gather

@karmic raven Internship about mainframe hacking? Can I ask more about that? 😂 Anyway, nice! I hope you can share as much as possible when you can.

no i cannot disclose anymore

It will be a majority of global compliance on a large scale

I see. And what did you studied in university (if you did) to receive such an offer?

I’m in high school

I know people

a room that covers basic digital privacy? this could reach more ppl then just ppl who study infosec.

id love to make one when i have free time.

pls change the flags in every machine ( koth)

yt videos have flags without blur which makes it easy to copy paste

no use of playing

so pls change the flags everytime

@steady hornet @storm canyon

I asked skidy about this long ago, acc to him, the site cannot handle random flags atm. It's really easy to add in boxes, but site is a different level.
No idea how long it will take.

yt videos have flags without blur which makes it easy to copy paste
@hybrid forge IMO, going for king is the way to win, even if other players have all flags, if you are king, then they stand no chance in defeating you.

^^

Autogenning flags is easy. I've had a script for that for months

Just waiting on an update to the site, which will hopefully be more likely when there is a new dev on board to take some of the work

Yes I’m v eager for the new dev

Is there a possibility of making rooms to teach some “basics” on RE & Pwn challenges please? I mean from Zer0 experience the way there are for Web, Crypto, Osint & the rest. That’ll be nice

RE there already is

Pwn is uhhh

Someones working on that

Chev & Robin, I think?

Tbh I’m not sure what the basic RE room is like for somebody with Zero knowledge to begin with, get familiarize with tools & scenarios & stuff. If there is please share a link with me thanks.

@shy coral let me tag u in #infosec-general

Ok thanks

Can’t wait for the Pwn kek

hello

Hi there!
This channel is for sharing ideas for TryHackMe rooms.
If you'd like somewhere to chat generally, there's #general

Chev & Robin, I think?
@light lynx I have the code from Robin for a small challenge he wanted to build, i got the VM ready, just need to upload the binaries

but that is Pwn as far as i am aware

and RE is a wide topic which i pretty much suck overall, i would rather leave that in the capable hands of @lunar plank to talk about RE in the aspects of deobfuscation, apk RE and any other things that come into place

Woohoo 🙂

Erm... /your-material shows "Problem converting VM." And if I click on Ckeck prerequisites I'm stuck in "You are already uploading"-loop. Reset Upload doesn't change anything 😦

Oh no.... Can someone pls kill hit me? I made a Ubuntu 20.04.1 vm...

Pls hit @tacit anvil

Rip

You fix yet? Good luck 👍

No, I'm still in phase 2 "This shouldn't ever happen"

Kek Relax you’d figure it out I’m certain

Yeah, I have to do a new VM... with Ubuntu 18.04...

Yeah AWS doesn’t support 20.04

Uploading again 🙂

I really have to say, that I LOVE scp now! It really helped me a lot getting files from 20.04 to 18.04!

more rooms on malware analysis

@fervent sparrow

Yes only a few of those room Acully exist

Yeah, that's the eventual roadmap - the malware stuff takes a lot of time to develop, and since starting at THM those rooms are rooms that I work outside of THM on the odd occasion

Once my workload decreases I can put more time into devving them outside of work (:

Ah sorry for pushing you

I just get really excited about the topic

I'm struck while solving year of the owl room, any hints for this I've analysed smb but no clues. If anyone solved this pls do give me some hints

This channel is for suggestions for new tryhackme rooms

a room geared towards soc analysts? since they’re required to sift through logs all the time, maybe have different tasks dedicated to analysing different logs ie. common windows event logs, palo alto logs, cisco logs etc

I might be able to do some Palo Alto stuff in the near future

a room geared towards soc analysts? since they’re required to sift through logs all the time, maybe have different tasks dedicated to analysing different logs ie. common windows event logs, palo alto logs, cisco logs etc
@sudden garnet me and Sam are working on the blue team path slowly working it out, it will be towards that soon, the investigating windows room has some of it I believe

Cry hmu about palo alto

ngfw stuff james ? 👀

actually licensing will probs be an issue

We can pull logs and artifacts

I know some things about sysmon/evtx logs if needed

ngfw stuff james ? 👀
@sudden garnet I don't know yet, but I get access to some training material.

i can maybe start a room purely focused on log analysis if you wanted to chime in too tux 👀

oh yeah there stuff is really good on their website

their

a room on NxLog would be cool as well. Log format convertion, pulling specific event Codes from the event viewer, etc..

Are room creators remunerated if they create a VIP-only room ?

Usually subscriber only rooms are commissioned by the admins

Marking it as subscriber only of your own accord doesn't mean you get money

Ok so they never was a room creator that got money. It was just to know what the VIP-only option was about.

There are

I've been paid for content that I created

Yeah it’s really just for commissioned creators to set as subscriber rooms no point to set it when it’s a community room

Many others have

But if you enable it of your own accord, why would that make a difference?

Ok I now that some platform like root-me are paying a few bucks for challenge so I wanted to know if there is a way that THM buy me a room to make it VIP-only for example. I understand I can't be a commissioned creator.

You can become one.

There is no official process? Is is about being active on discord? Making several good public rooms?

Making several good public rooms? This one IIRC

@pseudo hedge Its pretty much make a few good rooms or make a very high quality room that impresses the admins and one of them will invite you to the program you can then become a commisioned creator and get paid for rooms they commision from you.

Ok it's clear, challenge accepted 🙂

Don't know where else to post.

You might want to add an info that says "Disable URL encoding, at least for "." "

Took me a while to get familiar with burp and why it was failing.

https://tryhackme.com/room/vulnversity task 4

oo

I think it would be nice to change the welcome room to explain better to click the deploy button and the difference of the attack machine and the machine in the room, lots of times people don't understand that you need to click the deploy button and come here to ask for help, for an example some days ago I asked my gf to do the welcome room in tryhackme and it wasn't obvious for her that she needed to click the deploy button and she didn't understood why she needed to put the url in the attack box instead of the browser in my computer (she is not dumb, she's very smart and understand English perfectly, better than me and also she is used to computers)

@lunar plank As support staff I can confirm that this is one of the larger problems we have. Many people don't know that openvpn is different from ovpn, and that you need the vpn on your kali virtual machine ^^

i think around 95% of all room related questions are related to these problems

btw the openvpn file ends with .ovpn

if you google that you get a private vpn provider

i have had people email me saying they have signed up to this rather expensive VPN and can't access THM

https://www.ovpn.com/en

£11 / month vpn lol

tell u what @somber fractal

i can just email Cmn directly LMAOO

that bish cant ignore company emails

Wow I've never heard of that company but that's a problem

100% their name is to capitalise off of the fact the files end with .ovpn

Okay emailed Cmn

I know so many people who just refer to it as ovpn I had no clue that existed

actually

let me ask to change the welcome room

so it never says "ovpn" on its own (if it does)

I’ve never heard of that company ever wow

Yesss I’ll look into that (:

check ur emails

i sent u a whole bunchhhh

o7

having scran and then aye

I’m not sure if this is the right place for this, but I think the creator of Docker Rodeo used “seldom” when they meant “often” in task 13. On one hand it’s nit picky and you can figure it out from context clues, but on the other it reverses the meaning of the sentence and makes it not make sense.

@lunar plank

Good catch

That’s what I get for using big words

Thanks Laffin (:

@tropic cave is the creator 🙂

@merry ice you're welcome!

Very well written @tropic cave 👍

https://c.tenor.com/LWn6NkN9P6kAAAAM/cheers-jack-sparrow.gif

https://c.tenor.com/sjWe7ih3D64AAAAM/ok-jack-sparrow.gif

One about hacking im new to this 😀

Its not a laughing matter smh

https://tryhackme.com/jr/hello

Its just an idea

!docs free-path

Why is a moderator getting involvef

Dont backhand me 😭

I have made a severe and continous lapse in my judgement and i do not expect to be forgiven

He linked you some resources to get started with hacking

check out the links he sent

I did thanks😃

Do you have any thoughts on my room idea @somber fractal

well, i think at least 90% percent of the rooms in the site are about hacking soo 🤷‍♀️

Ohhh cool i didnt know

And jabba called me a wasteman in general is that what youre moderators are up to smh

-mute @tardy frigate 20m being a troll

🔇 Muted ahash10#0367 for 20 minutes

Yeesh, taking no prisoners Jabba

😆

Jabba is abusing his perms smh

Claaarted yute man

@native raptor

No, he responded appropriately to trollish behaviour. If you have a complaint about one of my moderators you can take it up with me. Likewise if you feel you've been treated unfairly.

If, however, you feel like the reason for the response was appropriate, then I would suggest dropping it

Given James seems to have muted you again, I've given you temporary access to #talk-with-us-no-threading, should you wish to make such a complaint

Just reading through the CySA+ and came across a subject of your interest. Containers Forensics. Not sure if this is on your roadmap already @lunar plank

I have a room idea, whom can i reach to?

it'll definitely be interesting for all them to try it out.

whom can i reach to? 🤔 😄

i want to pitch the idea to the room reviewer and get his/her feedback to make it more special for THM community ❤️ please!

@last mirage Go for it

hello @native raptor thank you for your response. Can I dm you?

Mhm

thank you 🙂

Dm'ed you @native raptor 🙂

Hey all! I am working on a new room about Social Engineering. It will mostly be an introductory Walkthrough. If you want to see something particular, feel free to share your ideas!

@civic surge THM doesn’t have a good history with social engineering due to its background do you have anything specific you’re going to focus on? just want to make sure you don’t waste your time and can get the room accepted

@karmic raven I was thinking of mentioning the SE Pyramid, ways to detect SE attempts and red flags, and maybe a short introduction of the SEToolkit

@karmic raven plus some information about phishing, vishing etc

everything sounds super cool. Be careful of SEToolkit as a room on that has already been rejected but it was also a fairly bad room in general. I would reach out to @lunar plank and run everything by him to make sure it will get past the testing queue

@karmic raven sure thing! It will take quite some time because I want to create a good room and because my hands are full right now (thanks Uni and Advent of Cyber 2 for that 😋 ).

hi

Can i find new rooms by their levels like beginner ?

suggest to me some rooms xD

You can filter by difficulty on the hacktivites page

got it Thanks you

Any plans/stances on implementing hardware rooms (arduino/pis/embedded devices)? I understand this could be tricky to implement but I would love to see what creators could come up with.

So Pi wise, there's AWS arm instances

Couple of us have been in conversation with the admins to see if we could do some cool stuff with them

ooo interesting, looking forward to that. Microcenter near me had an awesome sale and I have so much arduino/pi stuff im sitting on

Idk who to @ for this so @everyone

@placid flicker just finished your regex room, i know you have been having lots of complications because of it, but i wanted to say I really liked the room and i learned a lot with it, thanks for the room

I too enjoyed the regex room, took me a while to get the last few questions in the right format but all the info needed to finish was in the room.

cPanel 2FA bypass room 👀

https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html

Room Idea: Alert bells every time we complete a room and submit a correct flag! like a soothing tech sound played out when you submit a correct flag!

That's not an idea for a new room. Try the feedback form on the site

Ohhhhhhhhh okay

my bad yo

I’ve recently joined THM and love the learn-and-do approach.

My one suggestion would be for THM to hire a editor — the room content is excellent but there are many grammatical or other issues that could easily be resolved if they were professionally proof read.

A lot of the content is user generated.

Rooms are checked for spelling and grammar issues by the room testing team.

If you see an error, please report it

Yes I understand — I just sent feedback suggesting they hire an editor to maintain a single tone across all their rooms, and to maintain a consistent written style.

It's not all their content

I know, but I’m guessing there’s a room approval process. And that could be part of it.

As a minimum, they could do this for their learning pathways.

We all have our own styles and since 95% of the content is community created and owned by the community that won’t happen

Yes, but that’s the issue I think. I think it would be helpful to have a consistent tone across all rooms and learning pathways.

All Rooms?

Created by hundreds of different users?

@rugged zinc I understand the concern about errors but why do you feel the need for a "single tone and consistent written style"?

I think for promoted pathways, those could be the ones to start with. Other rooms could be left as is.

It seems more professional that’s all. Some content is almost written as it were spoken. I appreciate English isn’t the primarily language for all content creators.

I personally think that also makes thm unique as you get multiple perspectives and styles

And some people appreciate that casual, straightforward style.

Indeed. But it would be nice for whatever approach there is to be consistent.

Trying to explain Kerberos protocols or other advanced techniques in a monotone professional tone is worse

Anyway, it’s just a suggestion.

Re-writing content that the admins commissioned to make it less approachable just sounds dry and pointless

@rugged zinc there’s a #feedback-and-ideas channel if you want to submit it but the admins will probably have the same outlook

It doesn’t need to become SANS quality, but I think the friendly tone can be retained.

This channel is for ideas on topics for rooms, or exploits etc

Ideas for rooms for creators to make

Thanks, just spotted that room 🙈

Thanks @rugged zinc! Appreciate the feedback/suggestion. A majority of the pathways are currently being re-worked, so we'll take this on board for the design & review process of them. Otherwise, yes - please free to report issues with community rooms in #room-bugs (:

pi 4 piz

i do it on window at now

@exotic falcon Can you clarify what you mean?

try installing on my pi4 it did not work

so doing on windows

This channel is for suggesting new tryhackme rooms. I'm still not sure what you're talking about, but it doesn't sound like that

Doing the first path easy but some times confusing

Want work on kali

#general please

What do all of you think of having an "Information Awareness Training"? Working many years in the military we and the whole DoD community still do the same annual IA training. THM could have a theme like "Stop the Stalker" or "Protecting those in Witness Protection". It could guide users in making a smaller digital footprint and best practices to maintain digital privacy and what to do in the event you're breached. This idea is most similar to the "ohSINT Room".

I’ve been thinking about an opsec room it’s just a weird room to make

with all the rick rolls on THM, it might be good

They did such a great job with with the "Advent Of Cyber" that I think it would be a lot of fun and evolve as technology and trends changes

Could create a fake Twitter account with a scattering of personal information — “it’s my 30th birthday today”, “here’s my run route” etc etc

I developed something similar for an internal training programme

Maybe combine that with tools such as tweets_analyzer, and set up a fake login page to password spray with terms from the users Twitter timeline

opsec is so much more than that and I don’t really have time for it with everything else I’m doing

What about a room more based on Social engineering and stuff. Thm Lacks SE Rooms

That sounds difficult ... like email/payload generation?

new pcap challenges would be awsome

We're very restrictive on SE rooms, whilst they have legitimate uses in infosec, the same tools/techniques can be very easily misused (more so then other topics in infosec)

That isn't a blanket ban although, if someone's interested, get in toouch and I'll work with you to see how it can be kept above board for our room dev guidelines (:

I'm currently doing the OWASP room which is very nice so far. I might have a suggestion for some of the multiple choice questions, wouldn't it be better to create a radio button to select the answer and then submit it, instead of having to type the answer which is given away by the message format already? Maybe there's a good reason behind it, but it feels kinda odd

@forest robin yes.
Trust me, we have asked for more granular answer control. It's been promised. We will get it eventually.

Yeah But thinking and answering would be better ig . Insted of just randomly selecting an option . Uhh idk.. 🗝️

Ofcourse. With a radiobutton you're not able to already see the answer. Without even wanting it, i already know what the answer will be, because the question is right above the message format, you cant avoid it so the thinking part already down the drain

@native raptor Do you know how the current match system works? Or what language the pattern match is coded in?

I have some pretty good ideas on how to do a matching system that would allow for no answer mask

but still allow "close enough"

Not a clue, tbh. We just assume it's regex given that's what the admins call it 🤷‍♂️
It will be coded in JS though. The whole site is MEAN

so 2 + 2 == 4 also 2 + 2 == 4

hmm

Without angular, iirc

MEN 😋

a room where you will need to exploit misconfigurations in an amazon bucket

That's covered in Advent of Cyber 1 @queen finch

oh didnt know

I have a lot of plans and a long list of planned rooms. An AWS / Azure room is on it

good to know

@karmic raven pls let me help i have azure / aws certs in 15 days 🥺

bee I gotta get past this crap storm of a load I already have going on

-warn @karmic raven swearing

⚠ Warned Cryillic#6015

muiri

you’re going to warn me for c storm

fr

Yes

Because it's funny

just adds to my highscore

Hey How's idea of making a Walkthrough room teaching Morse Code (.-.-..)

Iknow How to write morse

Might be an interesting way to approach intro-to-crypto.

I mean there's the whole room

Not really enough for a room on it

Yeah okay

I also dont really see it used enough to invest time into making a room about it?

maybe a section in a crypto or encryption etc etc room

Morse Code is most prevalent in Aviation and Aeronautical fields since radio navigational aids such as VOR's and NDB's still identify in Morse Code. The US Navy and Coast Guard still use signal lamps to communicate via Morse Code.

pretty much just enthusiasts now

Copy/pasting isn't really making your case tho

Ik okay agreed 👊🏻😂

how would you rather me make my case james would you like me to past 10 academic articles of why its outdated?

Oh I wasn't commenting on you

Just link the source if you're gonna copy it word for word

Source:https://owlcation.com/humanities/morse_code#:~:text=Morse Code is most prevalent,to communicate via Morse Code.

that source says the same thing I am. its widely recognized but not used. but still this brings us to the same point of its not enough to make a room on but could be considered for a section of a room

theres not much to learn about morse is there, its quite simple, i'm sure at least one of the CTF rooms has it in anyway

tbh i wish we had KaTeX or MathJax on site

NO EDITOR CHANGES @light lynx

NOT AFTER LAST TIME

muiri

I want to go back

please

please

its so bad

they had good intentions

@native raptor I have like tons of work to do in this damn new editor pleeeeeease help me

Same

You know the best thing?

It's getting rolled back

Meaning we need to go unfix everything we fixed 😆

Markdown editor ftw

But

Im just trying not to touch anything I dont have to

^^

the second you even open a task it just breaks

@native raptor you have any clue how to change image size in this editor?

Yeah, it's an absolute 🤬

See the pin in #creators-lounge

I figured that out the day before AoC started, when my Day 1 borked

tryhackme dark mode please

its so difficult to read on white screen

You can get extensions to make it dark mode

https://addons.mozilla.org/en-US/firefox/addon/darkreader

Native dark mode would be cool

Just a little switch somewhere with a moon icon to get a dark version

Hey guys, i need some help on my beginner room OWASP juice room task 5. If anyone could help me to understand and get flag, it would be a great help

questio 2

question 2

k

fyi, this room is a good idea, but a terrible implementation. I just finished it, and particularly the second task is really silly on what answers are acceptable and what answers are not googledorking

A room where you have to analyze source code to find a vulnerability.

do you have any ideas for the room creator to improve the room?

do you guys have a way to do multiple choice or something more clear about what words you're looking for?

because e.g. index is no more valid than scrape given the wording of the question 1 on task 2

multiple choice isn't an option atm, but you could suggest it here https://tryhackme.com/feedback

the best a creator can do with that, is to place options in the "hint" option

k, I'll put this there

Hi, I would like to see an additional room or resource where fellow TryHackMe user could leave exports for other as a training or challenges. For example for Wireshark, Anyone could upload somewhere pcap's plus some goal to achieve like [AoC2 Day 7] with some hints or not which would determine how challenging it is. Every done case should improve understand of a tool itself and make it more comfortable to use. In addition maybe those pcap's could have a like system to determine how many times it was done and how hard it was to based on that create the some sort of hierarchy for how hard it is ?
Not sure if there are other tools that could be used similar way but would love to have possibility to train more on tools.
Merry X-mess 🦈

You can create private rooms and give links to people, which I believe is what you're suggesting?

this would limit visibility and possibility of uploading by other users ?

Well not limiting visibility is just a regular room, no?

How other users could upload files to that room or can rooms be extended by them or by author any time ?

So you mean you just want an aggregate room of resources where everyone could upload whatever they want?

Honestly the file sharing that you're describing there sounds dangerous

yes and no, may not everything but only pcaps for Wireshark for example

james stole my thunder

Really those are best off in their own room teaching specific things?

I am newbie I probably can't think much of an examples for pcaps I would like to have another 50+ examples to work with to learn the tool and search techniques in a chaos of all packets 🙂

wireshark have lots of stuff on their website

with different things happening in different files

they don’t teach you what’s happening, but good to just browse through and learn by exploring

@past heart I would say go do Symfonos6, but Zay just pulled it

I might do one soon

ye i had so many walkthrough ones planned, wireshark being one but i'm just too busy :(

Custom exploitation is currently my strong point for dev. Wouldn't be hard to implement it as part of the challenge, given I already build the apps from scratch

Oh, actually, I know exactly how to do that 😁

Another Hard level one incoming

Yes...yes you do Muirl 😄

is it that one

Nope. Another one 😁

Once AoC dies down I've got some good forensics side projects outside of picking up that involve pcaps, tshark, netflow AND that Network fundamentals series is high up on my todo after AoC too (:

i think for a networking on, it'd be good to have a high level on how a frame/packet reaches a web server, then go into detail on every protocol along the way

like how it gets to the switch, how the switch decides to go to router or not, how the router figures out how to get to the next one etc

Yesssss (: I've manage to virtualise OSPF, RIP, BGP, DHCP, DNS and general web servers etc on THM

But time

yee that's good, i played around a bit with quagga recently to virtualise some bgp stuff

even though I am doing like stupid hours for thm stuff atm

I still ain't got enough to pursue that in

Quagga yessss ((:

if somebody could make some sort of challenge based on covid vaccine distribution, i think that'd be pretty cool. i think the primary focus could be storing all the different locations/transports in an sql database and you'd have to navigate around said database

That’s a negative we’ve been specifically told to stay away from any mention of it

ah

What about a room on common ways to bypass anti-viruses?

That's come up a few times here

It’s annoying to do a room on it because they change all the time and it’s a somewhat advanced topic I might end up making a room about it at some point

lol

Please don’t joke about that especially something so serious

Okay, my bad

Sorry.

It would be awesome to have a room covering wfuzz more extensively, as it is a great tool that can be used for a variety of different purposes.

Spoilers there is one in the works (:

Not solely on wfuzz but there's a chunk dedicated to it

That’s awesome I’m looking forward to that, thank you!

Not a room idea itself, but rather an addition to every room which is: additional tab with contact form to a room creator/room mods where could send typos/ bugs etc. ?!

@dreamy iron #room-bugs

But that existed, and it was abused

Because people don't know the difference between user error and a room being broken

uhh ohh oh gotcha , that was probably before I joined. thanks

Yeah, as someone with a bunch of challenge rooms up, I'm 100% rejecting that one I'm afraid @dreamy iron. You would not believe what people put as "errors". Some of it is genuine confusion, some of it is sheer stupidity.
That said, there are people who also abuse the writeup feature the same way 🤷‍♂️

Just means they get a nice "Submission rejected" email

Totally understand that @native raptor , as suggested by @somber crow I am leaving comments on #room-bugs , cheers

Hehe, thanks -- that helps us a tonne being able to fix them

I'm absolutely new to the room creation/idea. I was curious if anyone folks more in the know think there would be any interest in a room/walk through to use DoD level tools to secure your system? Nothing too complex, just outline the tools, where to get them from, how to use them...and then deploy a vanilla system and apply a couple "fixes" as flags.

Most people tend to focus on offensive/red team, not sure if there would be enough interest to create a room like that...thoughts?

There's the Hardening basics set of rooms

Oh I wasn't aware, maybe it's already covered. Is it using a STIG to harden a server?

eh, subscriber only room...probably why I wasn't aware.

This room would be specific to using STIGs, and the STIG tools to harden a server:
https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide

I'm assuming that's a no, no interest James?

Huh?

I don't decide

You can make content if you want, I'm just letting you know what already exists

I realize that, I was trying to gauge interest. I don't have access to the two rooms I found on hardening, not sure what tools/methodology is used to "harden" them.

I appreciate the information on the two rooms

The creator of the room mentions that he picked interesting topics from this book: https://learning.oreilly.com/library/view/mastering-linux-security/9781788620307/

Thank you for the reference. I don't see any mention of STIG or STIG tools in that book. I may work on one for the sake of learning how to do it. I've done local talks on how to secure your systems like the DoD and they seem to go well, just wasn't sure if that would translate to a room walkthrough well or not.

Go ahead and do it!~~ a room from a fed would be cool, teach us all your secret techniques!~~

Well that's the interesting part, they are all out there to reference and use 👍 It's just not the easiest thing to piece together and understand without any background. I don't know why the private sector companies don't adopt the framework and use it, it's free and publicly available 🤔

I have a very important question though! Do aliens exist?!

🥺

The Fifth Amendment is a wonderful group of words included for a reason I imagine.

I think having a room about hacking into AWS or talking more about cloud would be cool

#room-ideas message

Awesome!

It’s in my list of rooms you have to understand that setting up an environment for that is very hard so it may very well be a you have to setup and hack your own environment

Could you also do a room about setting up rooms? Or does that exist already

Please

Like a step by step on how to set up your own environment, a hacking room for others to hack

There's a couple talks on it

From Dark. Some slides from cmn somewhere

Then the docs on help.tryhackme.com

I have a room idea I kind of just typed up some brief notes and I was wondering if it would be worth trying to implement it myself for some experience as I am studying for certs and looking for work. I feel a blog post or creation of a room may help me on my journey. I have not done too many rooms yet but the ones I have completed I really enjoyed. I was hoping to make a beginners style room essentially about reading threat intel, analyzing a malware sample to find IoCs, or like a purple team exercise; But I don't want to re-invent a wheel that may already exist.... Any suggestions or someone I could pitch my idea too who has a little more experience on the platform?

I know there is a blue team path in the works

I kind of wanted to try and put something together quick based on current events if possible

Were already working hard to get you all the blue team content out as fast as possible speaking of I have to talk to Sam, if you want to make a room no ones stopping you

I am not rushing the team, Just hoping to possibly contribute to community

I uploaded my idea into THM... Can anyone explain the process of a room being approved for public?

!docs room-review

Really great thanks for the reference! I hope that mine passes but I could always use a bit of suggestions for editing so that it can be better.... Fingers crossed!

@earnest oak If you want immediate feedback you can send me the link to the room. I’ve made a considerable amount of rooms so I know what gets rejected and accepted

how do u create rooms?... Just asking

!docs room-notes

@sonic pendant

Thanks my dear beloved Lead MOD..

Hello !
I have a small suggestion for the room Boiler CTF (/boilerctf2)
In Task 2, one of the questions ask you for the flag inside "user.txt" but this is actually not the file's name! Since inside the (correct) file we have kind of a "well done" message (and it's not the first message of the kind in the room), I thought this wasn't the correct flag and kept searching for user.txt. Actually, I only found this file didn't exist after I had rooted it and was able to search every dir
Anyway, my suggestion is to either change the name of the file in the question or in the machine 🙂

Just a thought, it’ll be nice to be able to have Immunity Debugger on the Windows Base room’s machine by default, just saves installing it. Not really a big deal though just a thought.

Last I checked @lunar plank was already working on making a new Windows Base machine

Oh that’s awesome, thank you for letting me know!

room to exploiting apple servers, yes, stonks

Yes, a new Windows base box is coming after AoC and Immunity Debugger is included on my build of it @spiral gull thanks @karmic raven (:

It's been discussed, AWS have only just added macos and it's prohibitively expensive

Create a Zodiac sign room!

@tacit anvil wat

not sure.....like something zodiac related idk

The Zodiac Killer?

But as a room?

I think they’re talking more about astrological signs

Which I think the Year of series falls into that category

so that would be like the throwback room? with extra upprice maybe?

No idea

That would be up to the admins

kk got u

me and spooks have discussed approaching the admins about it but it’s really expensive so dunno. We might discuss it none the less it’s a cool idea

iirc the Mac OS EC2 instances are heavily restricted in what you're allowed to do. The way the Mac OS instances on other platforms work means you can only use them to test / run software, I doubt Apple would be happy with you pentesting them 😛 Butttt this is other platforms, I'm not 100% sure on EC2

They dont have to know

I know this could have been mentioned but will blue team rooms be available in the near future?

Well blue team learning path?

Yes

THM hired someone specifically for blue team content

Would you happen to know when it will be available?

No

more OSINT please

slowly and carefully, the content is being rolled out as we make it. Its only two of us working on it with heavenraiza being the main senior dev

Okay, thanks. Can't wait to see the finished project. Tired of theory and labs from other websites with do not hit the mark. Ready for something realistic and help with skills needed for blue team type jobs. Ready to graduate from the help desk!

ooohhh, good stuff 😄

Hey I feel the Brainpan room should be modified to actually require a flag, its a good box since it involves something a lot of people may not know or tried before and should actually require a flag or the content of a file on the back rather than empty questions that you can just hit "complete" on

I feel like the only person you're conning there is yourself

Brainpan is derived from an old vulnhub box i believe

and it's also a fantastic challenge, as ninja said, if you are cheat it it's just at your own expense to spoil that one.

Than why isnt that the same for every challenge, just configure it under the "honor system"?

on it 👀

As crunch said it’s an old vulnhub box thm is simply hosting it

Does that mean we can upload vulnhub machine to thm?

Generally, no. @slate plank

If you're the creator then sure

If you have explicit permission of the creator then eh, perhaps

Even if it's for private room? Like for personal use

I wouldn't risk it.

Tbf, for private rooms I'm pretty sure we don't care, as long as it isn't stolen

i'll just readd, if you haven't done brainpan, you should and you shouldn't cheat yourself

it really is a fantastic box

Oh okay, Whether I can only upload a machine from local storage or is it possible for cloud to just download it from vulnhub website?

No, it needs to be uploaded as an OVA

And it needs to fit in with the AWS conversion requirements

@clear loom I have done brainpan im just so surprised that there is no actual questions for it

Again, only person you're cheating is yourself

You don't get points for it

If you just mark it as done, you end up without the knowledge.

👍

Hi, can we have a room (or a series) that talks about the fundamentals of cloud computing, then we could have vendor-specific rooms for AWS, Azure, etc. And then we could have another room that mainly talks about cloud security?

Fundamentals of Cloud Computing --> Vendor-specific rooms --> cloud security (also maybe for vendor-specific as well)

Hey, folks, for those who have completed/attempted/looked at the "Authenticate" room could you please fill out this brief survey please? Trying to gather feedback for it! Thanks ❤️ https://forms.gle/r4phiSRk8pq92sq46

❤️

Any room idea for practice burpsuite

There are already rooms on tryhackme that teach burpsuite

that would be correct

This is a wicked idea -- we have something in the works regarding this FYI that should be out relatively quickly #641573666353709085 message

@quasi thorn #infosec-general

Thanks to those who have filled it out already (forever taking responses!) this is very helpful for me.

owasp mutillidae rooom will be nice

Nice idea (: just as a playground / having it hosted on THM? If the licensing checks out okay, that will easily be doable

waiting for it 😊

hey guys i have an idea for a room

a room made as an introduction for shodan

as not many people know how to use it or even some people dont know about the website an introduction or a breif room discussing about it would be nice

there was a shodan room a while ago but iirc it got pulled because of the changing nature of some of the questions. Not sure if bee will be remaking it
@light lynx any insight on that? 👀

will the room be going up again anytime soon ? cause im really interested on learning how to use shodan properly and i was searching for a room but couldn’t seem to find any

It's coming back yes @golden mountain

welp here's your answer 😄

yes its being iimproved 🙂

but probably in january

as you know

holidays 😛

room code is shodan dont complain about the answers being wrong 😄

oh yeah i found it i just joined it

once you have finished improving can you post in the announcements about it? so people can join it

yes it's going back in the queue

if i make it in january, probably look at end of feb release unless Dark does a quiet release 😄

If it's not called likee, Shodan Regenerated or some movie reference I'll be disappointed

Shodan: Legacy

Can I PM please?

yeah sure

tyty

Dr Shelldon Cooper presents: Fun with Flags.

Whoever wants to grab that theme idea go for it :)

For Bufferoverflow Prep:
Add Tib3rus' video from youtube on Task 1: https://www.youtube.com/watch?v=1X2JGF_9JGM

thats tibs decision

I mean he made the room if he wanted to he could add it

@cyan scroll (Apologies for the ping) -- if you want, we could ask Skidy to add that in at the top of the room as the official video? e.g. https://tryhackme.com/room/introtoresearch

Stuck on PrivEsc 😦

Don't spoil me

Could I DM a Room Tester about a room I am working on?

@arctic pollen I can see if I can help, I'm a room tester and room developer

Thanks!

@lunar plank I am working on a Rubber Ducky room. Conceptually, is that something that is within the scope of THM, or do you guys prefer to stay on the software-only side of things? The room wouldn't require any hardware on the user's end.

We have a room on physical pen testing I don’t see why a ducky room wouldn’t pass

Sounds good! I'll keep working then and just stop if I get a "Nope" 🙂

This sounds wicked to me!

Can’t wait to see it

is There any room testers that i can dm about a room i am working on?

Aye, go for it @dense briar

My dm is open @dense briar

Is there any way to become an offical room tester?

You need to have a reputation for creating rooms iirc

@lunar plank Would you be able to supply the requirements for becoming a room tester?

I want to create a series of rooms around Mitre ATT&CK.

Never created a room before, so it’ll be a challenge for me 🙂

I don’t wanna burst your bubble but someone has already created a room https://tryhackme.com/room/mitre

good room

I agree. Heavenraiza has done a great job

that room is amazing and I dont see how you could make multiple rooms surronding ATT&CK considering its really just a knowledge base that should really just be used a search index for TTPs

Yess please remind me in the morning @icy trellis if I forget @past wren ❤️

I got a bit carried away with .NET app making and realised it's 3AM so

I'll write it up l8r sk8r

Any date set for holo release ?

Soon™

Like really soon

Unless it breaks and kills us all

Which might happen but who knows

Like stay up for it soon. Don’t sleep because 24 hours is possible soon ?

Nah not that soon

lol

But soon™

https://tenor.com/view/milk-and-mocha-cry-sad-tears-upset-gif-11667710

Don't cry cry, if you fix it none will be hurt

Actually, if you don't include Ina you will be hurt.

https://tenor.com/view/inanis-ninomae-cucumber-gif-18554839

Holo !!

Is there any plan for a malware development room?

Ive thought about it and talked about it but Im hestitant to make it for obvious reasons

I am part of a pentest team that at times need to perform red teaming and when we need to craft/simulate a malware we have tough times

why not just use one thats already built

like phirautee

Dont know if thats something that should be encouraged.. if you know basic security and basic programming you can make basic malware

if you know advanced.. you get the point

malware has its place outside of nefarious uses

Well yes that is also true, just don't know if adds much adding guides how to essentially automate everything that is teached on the platform? 🙂

Seems like a bad idea to me, analyzing existing malware is a different topic though

hi all

it wouldnt really be automating anything though if I were to teach malware development it would be about anti virus evasion and how to create a basic dropper that doesnt automate or change anything that is already taught

Didn't think about that apsect of it, that's quite interesting actually.

https://tenor.com/view/michael-scott-wink-yes-आँख-मारना-gif-5795910

Lesson 1: Just make the malware 200mb, most avs wont bother 😄

most is signature based

I can make an exe one line and have it be detected

last time I checked gentilkiwi was a signature

dont have anything that is close to a signature and you have yourself a malware that bypasses AV

but you can also go far far deeper than that

yea most seem to be, many avs seem to have issues with large files, recently learned that in some podcast where they talked about the sunburst malware, interesting topic i'd like to learn more in for sure, if there only were 24 more hours in a day 🙂

Is there one around sql exploits already?

i uploaded my room and its been converting for like easily 3 hours now

shall i cancel it and try again?

No, it takes a decent while

Let it error out if it's going to

ok its just the previous one i uploaded did it alot quicker so was just wondering

does refreshing the page do anything to the progress of the converting?

cos ive done that a few times

It does nothing

bruh its been going for 6 hours

@remote socket please could you maybe take a look on the backend?

if he needs the box name that it belongs to i can give him all the information if its just my machine lol

Bruh

The admins are busy people, you gotta be patient.

OK il delete it and try again something probs went wrong

yeah it seems to be converting properly now

any room testers online who i can dm about an issue with the box itself

-arole @dense briar creators-lounge

➕ Gave the role Creators-Lounge to fieldraccoon#8013

@dense briar #creators-lounge

Whats the name of the OVA you uploaded? (Also @ me as I might not see when you reply)

@remote socket They reuploaded and it worked

Ah okay, thanks for lmk

which box?

My own

@dense briar can i run it ?

@dense briar ive had a dozen so for some reason i can type better than usual

Any dates set for holo?

No.

I saw a projected date somewhere ( before 25th ). That obviously didn’t happen so I assume it’s coming any day now

When it's ready and tested

Lol, It has been more than a week I guess, still they have not tested my machine yet.
Previous two machines did not take that much time.

The room testing team are volunteers. You need to be patient.

In December, 25 days of Advent of Cyber takes priority when it comes to releases.

@mental lotus Which room?

@native raptor samsara

Hi

Room idea : Room about HTTP Headers...

https://tryhackme.com/room/webfundamentals here's enough info

Hi Guys I hope you are doing well, please would it be possible to have add feature that will help us to pin some of the rooms that we want to go over later on. lets say i want to do the linuxctf but I don't have time now and I don't want to forget so pinning the room would be a great feature

Put that over in the site feedback form @tranquil oar 🙂

@tranquil oar - What I do in that situation is Join the room. Then you can go to 'My rooms' and click 'filter completed' - That will hide all the ones you've done, and you have a nice list of one to do 🙂

Thanks @glad minnow & @native raptor much appreciated! I will do

does any one knows that the flag is encrypt in which format
for example: i solve the smag grotto machine
and i got both the flag
i wonder that in which format this flag encrypted in or it just a random value ?

Flags are usually hashes of random data

I am currently making a Maltego room and Maltego: CaseFile room

Just submitted my first room 🚪 for review !

Woopwooop

I’d love a todo list feature too. As a quick win, would love it if “Filter Completed” returned all incomplete rooms first.

It should?

Not for me — incomplete rooms are present across various pages, rather than all being on the first page.

its buggy, if you select 'filter completed' then click through to a room and back again it shows all room again even though 'filter completed' is ticked. you have to cycle the tick box to just show the uncompleted, minor problem but annoying

hiya, i submitted a room about a month ago and got some feedback, then adjusted and resubmitted but haven't heard anything back since, would it be possible to get an update? 🙂

@west sleet how long ago did you resubmit

about 3 weeks ago, i believe

dec 12th

I'm not seeing any rooms attached to your THM account in the queue @west sleet

What's the room name?

ah sorry yeah it's under the "uswcss" account 🙂

Ah, found it

@lunar plank you're on that one. Status?

Ah yes ty @native raptor Found your email @west sleet and will reply from there when I get a chance today (: sorry for the delay. Been working through the absolute backlog of things since/over AoC2 (:

no worries at all! thanks for the update :)

Keen to work with bringing you guys (collectively) into the community here hence why I thought best to be done via email rather than the feedback/comment system

Thanks again Muirl.

yeah definitely, appreciate the consideration!

hi

Sometimes the first question of room is to deploy the machine and then ask a bunch of question that often don't need deploying the machine to know like in nmap it asks about the switches and to read the man page. I think it's better to ask to deploy machine when next step involves use of machine because I feel like I am wasting server resources by doing this (I have seen this in the beginner rooms not sure about others)

Some services take a while to start and we can’t gage your level of experience. If you deploy the room at the start, everything will have started up by the time that you get to the question.

Are there any rooms with IKE vpn included? Couldnt find any

Yooooo I am going to build another room soon. You want it insanely hard or prefer a medium one? @golden mountain seems to be looking for a challenge 🤓

😄

I am also open for ideas 💡 just let me know 👍

if u do other more hard than enterprize @dire sluice

It would be great to have a reverse engineering room for analysing an executable using Radare2 which is made using Golang since the assembly code is a lot different than executables compiled using C lang.

Hey i haven't found any rooms on hashcat, should I try harder?

Or maybe, just maybe, an idea for a room :)

https://tryhackme.com/room/crackthehash

https://tryhackme.com/room/hashingcrypto101

Yea but those are CTFs

They're not.

Ohh

Thanks :)

Also I think there's been some attempts to make one

Well I actually meant a room focused on hashcat like for eg. Nmap room, or wires hark room etc.

But I guess crypto 101 will do.

Yeah there's been a few attempts to make one

Many fell short because they were just copy/paste from the help menu or website.

Still, it would be nice to have it on THM

@west sleet can I shoot you a DM when you get the chance please -- if that's okay? (:

yeah that’s fine 🙂

Are there any rooms to help with making a room?🤓

There are some blogs and talks

check this out https://bobloblaw321.wixsite.com/website/post/the-making-of-a-vulnerable-machine-blob-blog

Thanks!

can that be pinned ^^ ? lots of people don't know where to start and i think that's as really good blog to look at 🥺

Not really the place for it -- would be better over in creator's lounge

i didnt know where to start aswell tbf

i was like how dio i submit it with everything work it, then i found out you just set everything up have it running and then export

there's lots of people not in creators lounge that wanna make boxes doe

who the heck uses wix for their blog hosting site amiright?

🤢

https://tryhackme.com/room/ccpentesting

Again, I was looking for something more hashcat focused. Like you have rooms dedicated to: nmap, burpsuite, wireshark etc.

The Daily Bugle I used hashcat instead of John the Ripper

But yeah, not focused on hashing

There's a hash cracking challenge room that's decent. First half you can find on the normal sites but the last you actually have to crack

MITM attack room (email suggestion, don't roast me)

I'm thinking about doing one like that some day

not sure how to get it working though

Multiple docker containers pinging eachother info / flags? (I'm no expert)

@cedar echo heres a open-source docker framework designed by the navy for teaching infosec, the arp-spoof lab worked really well

https://github.com/mfthomps/Labtainers/tree/master/labs

Yeah it'll be Docker but it's the mitm bit that'll be tricky

Any rooms on privilege escalation?

For windows:
https://tryhackme.com/room/windows10privesc
For linux:
https://tryhackme.com/room/linuxprivesc

i read about a cache leak? leaking the answers for one of the rooms in room-bugs channel, i would be interested in learning how this happens and whether or not you can trigger one as an attacker or at least how to detect one if it is only caused by a misconfiguration

Ty

uhm

a webpage was cached

thats what is meant by it

and you can trigger one

by saving a webpage

using https://archive.org

can anybody help me with uploading my own room? keep getting problem converting VM and i meet at the prerequisites i think

@rustic zephyr whats your room about? Just curious

What OS?

im on ubuntu 18.04.5 does it have to be exacty 18.04?

this could of been a big mistake haha

Desktop or server?

its just a beginner boot2root with LFI for foothold

desktop

Desktop will not convert

Use server

damn got to make it again now

cheers man

rip

WOUNDED

server will be much smaller as a bonus

i thought they was the same but bundled with different packages? hoping i can just enable CLI only and install server tools and it work

server is generally cli-only

it won't bundle all the gui stuff

yeah as in i built my room on desktop version so i am hoping i can install the server tools and enable CLI only

hoping anyway haha

@rustic zephyr It's related to kernel versions

Don't waste your time. Start from a fresh install. Purge snapd and lxd if you're not using them.

yeah im gunna start a fresh! thanks for the help guys

is there any race condition rooms ? otherwise it would be very nice to have one explaining what it is and how to exploit this vulnerability !

there are some that use dirtycow

Check out Race Track Bank

Hey guys, hope it's fine to place that here.

On your series https://tryhackme.com/hacktivities?tab=series Pentesting Tools you have listed for Nessus this room: https://tryhackme.com/room/rpnessus but there is also https://tryhackme.com/room/rpnessusredux witch is alost the same and I believe newer. Just letting you know.

How about a room on Report Writing

Please sir,can you create Evilginx 2 courses to your website.

How to use DevTools for Cybersecurity. I have seen people using DevTools as DevTools by itself is a great tool, but did not find a suitable resource for it online.

Can you make a room to show how to make a room?

check this article out by blob: https://bobloblaw321.wixsite.com/website/post/the-making-of-a-vulnerable-machine-blob-blog

https://blog.tryhackme.com/making-the-mountain/ That's Dark's overview of it

There's a matching talk he gave to SecArmy somewhere as well

Thank you Valued Creator and Muiri for the great resources i will read both!

like to thank tryhackme staff and content creators for the content. i have got over some sticky patches for me through your content. many thanks

What about a room on ethics?

Anyone have any thoughts on that, or is anyone working on one?

That could be part of a room on Planning and Scoping Penetration Testing Engagements, particularly, related to contracts (Statement of Objectives, Statement of Work, Scope and Limitations, NDAs and CAs, etc..) between the client and the pentester.

Perhaps, yes. I imagine it'll be very business-oriented, which is probably the easiest way to turn philosophy into something productive.

The CompTIA™️ PenTest+ exam has a whole domain on it.

I'm having trouble imagining what other format ethics applied to security it would be compatible with, except for a summary of some sort (of different stances).

Aha!

I'll take a look at their syllabus

Who's working on that Planning and Scoping Penetration Testing Engagements room?

Non existing, just a placeholder idea of something that could cover ethics/legal context.

It might be interesting to include some thoughts of prominent security people, Bruce Schneier for example has talked about the intersection of security & ethics a great deal. Some FOSS arguments might also be relevant.

Roger roger

How might one make a 'lecture' room engaging, interactive and fun?

Scenarios, maybe a VM to poke at?

Honestly a room on compliance would be more oriented towards that but no one wants to do a room on compliance lmao

Maybe a room on note taking?

A pathway about OSCP?

If you are looking for OSCP prep rooms:(By Mayor)

we have the offensive security path

we cant have an OSCP path because off-sec would come after our heads

More rooms with tamper scripts

including the Header parameter, cookie parameter,

do these before the exam?

or before the course?

before the course @tacit anvil

sort of gives you a sense on if you’re ready or not, and allows you to use the lab time during the course period

i see, and what about before the exam? @sudden garnet

just do their labs

and not disregard them like me

oof did you fail the first time?

teehee

yes

im buying 60 days labs

more time to practice

dont wanna fail

@tacit anvil i'll get the 90 day lab instead

i dont think you'll need 90 days of lab

kinda overkill

most people get 30

90 days is a long time lol

Thanks

ghost pinged

Muri coming to save the day

Don't underestimate how long you'll need -- especially when you haven't already done it for yourself.

Or not

I know Tib3rius would recommend 90 days, for example 🤷‍♂️

What am I meant to be saving you from, Ms Damsel-in-distress?

i think if i can do all those boxes with relative ease, i wouldn't need an extra month on labs

-undelete -a

a month sounds like a lot to be honest

i feel like 90 days is huge overkill

i can purchase more labs if needed right?

Remember there's an 850 page PDF to work through as well.
Those boxes are also additional practice -- not an indicator of how good you are

Yes, for 300 quid

no really

1 extra month is 300 pounds?

Correct

wait so

the PDF

wait how does the course work

you're confusing me

For reference, I took 60 days and didn't manage to finish all of the lab boxes (had 6 missing, although four of those were an AD network). 90 days would give you a lot more time to digest what you're learning.

what is pen200?

yeah it looks cheaper in the plan

maybe better to not take the risk

how many lab boxes are there?

oh and sorry for peppering you with questions haha

The "course" such as it is, is them giving you access to the PWK learning material. A huge long PDF, with videos following along. You work through that at your own pace, at the same time as, or before, working on the labs

If you're doing the exercises then those will also take extra time

70 lab boxes now, from memory. 66 when I did it

ahhh

so the pdf is the course

and there's also videos

i was thinking that the 850 page pdf was only the beginning

I spent the first 35-40 days working on the coursework, before shifting over to the labs

if you do 20 pages a day, 3 hours a day, that's almost 10 minutes per page

it'll take a while lol

It's hard going. Some of it is easy stuff. Some of it not so much

so the pdf is the material, the pdf is pwk?

and videos exist for those who need them

Again, there are also exercises and practicals every few pages. Each exercise has a few questions attached

The practicals obviously take time

i see

The exercises take a lot of time, if you do them

Five extra points if you do

cant i get the pdf online, study it, and then pay for labs and the exam?

And no, the PDF and videos are equivalent -- just depends on how you want to learn

I mean, not if you want the cert. Offsec are very strict about people obtaining illegal copies of their material

Rightly so

what do you recommend? having the pdf as your main material and then switching over to videos when you're having a hard time with a subject?

They'll take away the qualification, then sue you into a deep dark pit if they find out you were using an illegally shared copy of the PWK

not worth it

I didn't use the videos at all -- I learn better by reading then putting into practice

me too

https://cdn.discordapp.com/attachments/641405008864083968/801159397211897866/unknown.png

is pen 200 the old name for pwk?

New name

gotcha

what does the course cover, generally speaking?

There's a syllabus on that page

i hear pwk is focused a lot on BOF

No

There's one section on BoFs

One section out of, 20 odd, from memory

how is the exam proctored?

One section out of 25

You've got a webcam on the entire time, and they watch your screens the entire time

Everything should be visible at all times

that's cancer

Don't do it then 🤷‍♂️

the webcam part

not the screen part

nah, it's worth oscp lol

yeah there are 25 sections

there are sub sections

and sub-subsections

And each of those little sections has exercises built into it

thats strange, isn't the exam an entire day?

Yes

They watch you for the entire time you're awake

so, someone is watching you the entire time?

Correct

that's creepy