#room-ideas

How does that have anything to do with staying safe? 🤔

staying safe from police

i mean realistically if you're doing a pentest, you'd try to do what a regular hacker might do to try and get away with the cybercrime

"DL/ML in depth" is not one room, if you are good at teaching you could get away with ~200k words 😛

so id love a room that would teach us about that

i had a feeling when i tried dipping into it myself

im playing around with openAI and gpt2

luckily i have a demonic gpu so i can use them without an issue

You could make an ML room but you'd need some mathematics to go with it. For DL you'd need about 80% of the room to be mathematics 😆

still waiting for their new text-to-image model to be public

i have a lot of AI courses on udemy

@light lynx checkout the Microsoft AI threat model lots of practical examples https://docs.microsoft.com/en-us/security/engineering/failure-modes-in-machine-learning
https://docs.microsoft.com/en-us/security/engineering/threat-modeling-aiml

Not necessarily, I think you can explain some models very well or atleast the overview of them without any complex maths that'll scare people away imho

It's the same with networking, if your content breaks down that initial barrier of the whole maths/numbers behind it - you're onto a winner

using models sure, but optimising models / creating them you need to know maths?

getting memorized information from gpt-2
https://bair.berkeley.edu/blog/2020/12/20/lmmem/

They're not in the server anymore

I am thinking about making a AD labs on tryhackme like Throwback

But, I have a issue that the Server 2019 or Server2016 evaluation is 180days

@spare snow
A) Networks are currently restricted to being commissioned by TryHackMe -- the most you can do is upload single AD boxes (e.g. a DC and nothing else)
B) You upload Windows boxes without a license. AWS handles the licensing automatically :)

Actually a discord room idea - can you please create #sh-help and #powershell-help ?

If you want to ask about powershell help that would be #general or #infosec-general

I wouldn't see the point of having a powershell help channel

Or #programming for scripting

I'm making a room on SOCMINT (OSINT for social media intelligence), was wondering what people would prefer:
1️⃣ - Walkthrough room with in-depth explanations on tools and methods.
2️⃣ - CTF-style teaching the basics of tools/methods needed for the room and then giving you storyline-based challenges.

umm since there is already a room on osint i would prefere ctf style more rather than walkthrough 🤔

umm actually it is possible to make a network on one vm atleast i think so i dont know if its possible or not but if make use of docker containers running multiple of them on different ports can simulate a network couldn't it?

You ever tried putting Windows in docker?

Yes -- it's possible to do that. There are several rooms already doing that.

But only Linux

yup

Making Windows containers can only be done using Windows, and Docker for Windows works on top of Hyper-V

Which means nested virtualisation

Which means seriously expensive

i thinks its possible 🤔 but maybe not the gui only powershellish kinda stuff

See above messages

Believe me, we've considered this 😆

lmao

lol

😂

i believe you

@native raptor also i was curious that does the vms ( rooms) scale automatically or is there a specific limit on amount of resources / active development

Non-subs get 512Mb of RAM and 1 core. Subs get 1Gb of RAM and 2 cores.
Those are the defaults. Boxes can also be "bumped" to a higher tier individually. For example a lot of the DCs deploy with 4Gb of RAM and 4 cores (I think that's it for cores) across the board. That's an admin level decision though. Most Windows boxes can be boosted to 2Gb on request (i.e. if you're on good terms with the admins and ask nicely). Anything higher than that needs justification.

ah thanks for the info that seems a perfect balance and utilisation of resources

I am developing an AD room for tryhackme can somebody give me some domain name ideas.
I am thinking of amazon.thm
But, the name is nearly like a FAANG company..

avoid using real company names typically so we don’t get in trouble

we can use pretty much anything .local, .com, .THM, etc

I was thinking about some rain forests name like borneo.thm

That's not allowed

Nope need to avoid anything covid

barbeque.thm is it okay

Yea that should be ok

Hey guys!

Anyone knows how to do some Bluetooth hacking?

It will be great if we had a tryhackme room for it

That is a serious pain in the behind.

how would that work though?

aside from netowrk dumps

does anyone want to work on a room with me?

I've just been working through some advanced privesc on linux, and seen a very cool method

I would be interested

WAPT and WAPTX preparation

Check out https://tryhackme.com/module/web-hacking-1

Thank you I'm done with this one

I'm guessing WAPT and WAPTX preparation rooms
with sufficient methodology practice and more on intentionally vulnerable web applications?

like as a whole machine

Mobile Application Penetration Testing rooms

This doesn't seem like a room idea

Need some help, My exploit seems stuck, anything am doing wrong?

#room-help

Obfuscation/deobfuscation , how it works, how deobfuscation works.

I have some payload obfuscation in Wreath, if that's what you mean

That’s just not how it works

To my knowledge you can’t do any kind of permissions like that

I am uploading a Windows Server 2019 machine but its showing an error converting VM check prerequisites

#site-support

Is it possible to like backup the server2019 configs using server manager and restoring it on a fresh install of server2019 on legacy boot...

I've added you to #creators-lounge where you can ask questions and discuss room creation

Can I also be added please?

Done @honest bluff

More roles? 👉👈

Is there room about steganography?

several, is there something specific you are looking for

Me too, please

What vpc service you run?

Or server

Working on a room re-submission after fixing feedback, could a mod be so kind as to drop me in the Creators Lounge ?

Done

thank you

I’d love to see a few more rooms regarding sub domain enumeration.

Sublister

a room for getting started with king of the hill for begginers

it will be very cool cause then we can get more people playing

not really enough there to make a room IMO

we already have a nice blog post on it

With foodctf you could automate some of it like the king tracking easily

Hey thm staff,
I just have a little query about my recent room submission i.e. Linux Modules. Let me know whom to talk to regarding this issue.
Thanks😇

What issue? And you probably want to talk to Tim.

Nm I just wanted to discuss about what else can I add, some suggestions... So uk.

If you have submitted a room, the room testers will review it.

It's a walkthrough room... I added a few bits useful then I got rejected stating, "it's a great room, just add a little more to xxxxxx task"
I felt like there's not much I can add to that... I just wanna clarify what they meant in the feedback

May I ask who submitted that feedback?

It's just written TryHackMe staff. Not a name... When I saw the room users... I kinda doubted that it must be someone named zmiller2020

Uhh, lemme get Tim to review this. @cunning thunder when you’re available would you be able to offer this user some assistance please? :)

Sure... But I respect to whomsoever gave that feedback... I want to improve if that guy felt so... So lemme knw what else can I add

No offence to the room testers but I do think “add more to x task” is very vague and unfair.

Just want to make your life easier

😅well I think they mean it because they want the room to do get more education to others... I mean whatever it is... On the other side it will benefit the users doing that room

@short latch ^^

I just got off work, let me get settled in and I'll explain what I mean

So these are both my comments, I want to apologize by not signing off on them, I'm really sorry for that. I absolutely love the additions you made to the room. My comment was particularly directed to the xargs section. The way you broke down a command with awk was phenomenal.

@spiral frigate tagging you so you can see.

As far as I see, you seem to have made additional changes to the room since my comments. I really, REALLY love this room and I feel that it being added to THM is a benefit and a net-positive to the site.

I definitely want to apologize if I did not properly convey what I meant.

I see the room has been accepted, that's great news! @spiral frigate @short latch I'll have a look-over on the room today. The room overall looks very informative! 👍

Yeah its seriously a good one.

jabba

Omg it's nothing to apologise sir, infact I feel obliged that you learnt somethings on your own. Thank you again for your suggested improvements😇

Thanks again💗

Curious, is this your first room?

Its well put together.

Yeps

Well dang, if this is your first one I can't wait to see what else you create. You've got this. 🙂

Yeaa I kinda planned it out for a month so uk.

I am gonna create a challenge room, I got some idea on that one... But will prolly wait as I have my college exams on the way.

Makes sense. Good luck on your exams.

Thanks❣️

hi

Hey

Yo

Done

Is there a Bug Hunters Methodology room ?

Would love to have one xD

can i suggest a resource? The XSS rat is great and a good friend of mine 😄

Is he a YouTuber?

@light lynx if you had to choose between Pentesting and Programming which would you choose 🤔

yess

neither, compsci is for me 🙂

pentesting & programming are two subsets of computer science, i believe that it's all the same 🙂

programming is about creation, and writing algorithms. Pentesting is about exploiting those algorithms, it's the same but different 😄

I know that's where I'm stuck! I don't know which one to solely focus on

Do I want to build my own apps and exploits or do I want to do the exploiting lol

Don't solely focus on either

Do both

It's the only way you'll get better at either

They're two sides of the same coin. A hacker who can't develop will never be more than mediocre. A developer who can't hack (or at least think like a hacker) will leave vulnerabilities lying around.

Sounds good thank u!!!

I will continue on my Cyber Security path and pick up programming on the side.

its all the same 🙂

whether you build, or you exploit -- you are learning the same skills

just applied differently 😄

That last part you said just clarified it for me to it's entirety 🙂

Visual Basic room for maldoc analysis

Remnux is a good room for that

anybody looking for an azure sentinel room? I'm starting to work on one. Entry level into how to configure it, with a potential to follow up with a room around kusto

We have some SIEM tool-focused rooms in development rn but I can't see them being Azure Sentinel & Kusto

They'd be super cool additions!

Is there any chance a mod could add hackasaurus#3698 to #creators-lounge please? If you have any queries/concerns about the process or need anything extra from us as staff to get these rooms setup the best place to ask is there (:

Would love to see those rooms imho

@languid ibex by any chance as you're online?

sure

give me a second

thanks!!!!

done

❤️

Well, I would like to see in all rooms and/or in order tool the points which are reward!!! So, I will able to pick the most award rooms first if ranking it's my main objective! Regards, Ilias.

What cloud service rooms use?

aws

Please do not ask the same question across multiple channels like that

Sorry

Thanks

Is this the room that would be used to suggest improvements on current rooms?

Not really

#room-bugs

its not really a bug though the room that im on has a lot of good information but approaches it from the end to beginnigng would that still go there?

Probably?

okay il try and see xD

Sounds like my experience with the RUSTSCAN room

@rugged zinc yea its not really a big issue more that it would make it easy for others to learn in the future

can I get added to creators-lounge, working on a room and want to try to get some ideas for a priv escalation

Done

thanks

Basics of OOP?

Just remember that at it’s core this is a cybersecurity site we need to tie everything into security somehow

and i oop

Oop you did it again.....

maybe role student and room class and one teacher who teach program language..

Can you clarify what you mean please? @tacit anvil

my english not good so i will try

i mean good programer in this server will be "teacher"
like open a room that called class and every week he will learn new things in program language

That doesn't sound feasible for a tryhackme room really.

I want to make a Magicians box. From the TV series The Magicians

Any ideas?

@exotic shell copyright

They have one?

Oh wait

I understand

Whatever material you use, it needs to be usable for commercial use

How do you go about making a box? Just downloading virtual box and making it

Licensed for commercial use

Why are Cyber Defence Rooms so low value in points?

Some take 1hour+ to complete properly and reward like 60 points

Most ctf rooms are like that as well

Because they're walkthrough rooms and the maon like purpose of THM isn't points

Hey is phineas and ferb copyrighted

I was thinking on a box with phineas and ferb theme

Yes, by Disney

Basically any existing TV show etc will be copyrighted

Ahh damn

Means I cant make box with the characters name ??

Copyright is complicated

maybe a dark-mode for tryhackme would be great !?

This channel is for ideas for rooms

Try the feedback form on the site

ah ty

A room on using the developer tools in your browser

I think that's in #641573666353709085

so it is

a room where you are prompted to take a sip/shot and you find them like flags

while fun I see many issues with that but I dunno

It's a child-safe environment, Sooooo, no drinking games in rooms

a room where you have to hack to get the real room , and then in the real room , there will be any general stuff . i mean just like HTB has a login page which is supposed to be hacked to get youself in , just like that why not have a room which is supposed to be hacked to get the real room

Because... why?

That's not really how TryHackMe works. It's not one big challenge, it's lots of little training modules. Some are challenges, yes, some are walkthroughs.
It would take a fundamental change in the ethos of the company (not to mention the actual code in the site), to make that happen

Hello, this is my first time here.
I think a room on VPN technologies and exploitation would be nice .

Is there an intro to .NET room yet? I was thinking of putting together one

There is not @pulsar gorge. I'm sure it would be appreciated though 😁

Hmm or maybe an ETW room

ETW?

Event tracing for windows

It's how a lot of edr does monitoring now a days

👍

What would y'all want to see in a .NET room?

Well, the first task should explain what it is and its uses 😄

.net and maybe .net core as well

theoretically those are the same now 🤣

Maybe a room abouth smbclient or sqlmap?

Should be some of those already

ah, i haven't kept up with the development for quite some time so you might be right. As far as i aware .net was for windows development and .net core was for cross platform development.

The reason why i know about it this way was because of the powershell 5/6/7 where 6 was the core version

experience is more important than points

points vary between walkthrough rooms and challenge rooms

Some rooms which leverages common applications like word, or excel, with macro’s.. or some rooms in which you can practice pivoting

Throwback, HoloLive, Wrath, 3 networks with pivoting at a decent price. There are also some docker based rooms where pivoting is required 🙂

@feral reef thanks for the info, will check it out..

both HoloLive and Wrath are not yet available. HoloLive is going to be free for subscribers and Wrath free for everyone. Is my understanding correct @native raptor ?

Pretty much, although it may have a couple of stipulations attached (e.g. subs might get smaller numbers in the network, or there might be a streak count required to access). That hasn't quite been decided yet 🙂

Not sure if i'm being an idiot or not, but do we have a list of all the boxes that require pivoting?

Not that I know of. Internal, For Business Reasons, Gamezone, Year of the Fox, Wreath, Holo, Throwback, Python Playground

That's off the top of my head

As of the new release in November there is only .NET core. However, I have been told by some people in the know that a lot of the .NET Framework differences will remain simply because it's too hard to rip out.

According to Microsoft though there is officially only a single .NET branch now

When are these great new ‘network boxes’ going live?

We were thinking about making a room testers lookup table for it though @feral reef

there are these ones too:

could we possibly add pivot as a tag to the rooms you said

Both Holo and Wreath are in testing just now. Wreath shouldn't take long. Holo, heck knows 😆

Tempus Fugit too

yeah, i know that a few of you have editor permissions would it be a good suggestion to have it added

Potentially, although I'm hesitant to add tags to challenges that the creators didn't choose -- just in case they did it deliberately

Like, if they want to keep it secret

Theseus, for example

That's another pivoting one though

that makes sense, possibly talk to the user or something?

Yeah, potentially

Cool! Its great like pivoting and exploring network boxes, as its so realistic and you learn so much of it..

Pivoting is one of the three main teaching points of Wreath, so there's a lot of detail in it. 10-11 tasks worth

oh damn, i didn't even know about that. I haven't been working with Microsoft products for the last 2 years and all these things you say are new to me lololol

if you need a hand with that, i am happy to get in touch with the users

Nice, looking forward checking this out!

By all means ask 'em, yep 🙂

mind dropping the list again over DM so we can keep track of the people that have been contacted?

i got some stuff to work on now and will get back to it once i'm done with work in 2 h

Aye, I'll drop the ones I can remember

We’re waiting on one more section to push through some more of the testers

Close then

This is gonna be neck and neck. Which one releases first 😁

👏

It’s fine you can live in our shadow

Easy stuff goes down better 🤷‍♂️

And I've covered a much wider range of stuff

@native raptor are there any ‘bypassing protection’ rooms? Like practice beating defender or ids/ips stuff?

nah

Wreath lmao

I've got some easy AV evasion in Wreath

holo sits in background

But that stuff changes so quickly that it's impossible to do anything in depth

Ah yeah true, thats like daily changes..okay cool, thanks, looking forward to these new networks..

Check out the Cyber Defence learning pathway, it outlines what's coming up for Blue Team oriented rooms (besides Networks). https://tryhackme.com/path-action/blueteam/join

Yeah seen this path, looks promising! Looking forward for these rooms to launch

okay , thankz for a detailed exp 😄

Suggestion to develop in site. You can make compare per members for instance head to head for rooms (for ranking or to follow progression of friend ).

you can already do that if you're in the top 10 or find your friend on the leaderboard?

Invite your friends on the Dashboard https://tryhackme.com/dashboard

really? I'm 4th in my country and I want to see which rooms the 1st complete compared to me (Head to head). Is that possible? (obvious we are not friends )

That's not a room idea though.

yes that's why i say suggestion to site for development purpose 😛

This channel is for room ideas though. 🙂

I didn't find something for site and seems the only related to suggests an idea 😛

https://tryhackme.com/feedback

There is a feedback forum if you have any ideas on how the platform can improve

ok 👍

Hi. Anyone else interested in reversing through gdb?

A room with something like that would be kind of cool

There already the Radare2 room

Haven't checked it out, thanks!

its pretty good

No offense but gdb >>>>>>>>>> r2

i bow to your superior knowledge, i've never really used gdb

Everyone picks their poison (:

Well, possible but once the room making system start supporting the markdown, sure enough.

No idea what you mean but yeah, let's see what happens

Never used R2 here, and tried to use others like ida etc but just got used to gdb, I like it

The manuals are gigantic though

least you get a manual 🙂

r2 has it's own perks

A room running the PacVim game designed to teach people vim, but with a twist! we reprogram it so its now how long you stay in, but how fast you can get out! the higher your tryhackme score, the more control characters are disabled.

You had me until:

the higher your tryhackme score, the more control characters are disabled.
😆

Sorry to bug you all, in a windows VM when upload, is RDP port open a mandatory requirment?

Trying to build something thats is harder to enumerate

For Windows you must have some way to access the machine left open. @lunar plank I assume WinRM would be equally suitable?

No, for now it needs RDP open @torn kettle

Maybe in the future WinRM will be fine

well, the real idea was just a room running PacVim, but i realised it could just run in the attack box anyway.

Oh dear. Alright, I appericate you assistance!

Not at all 🙂

question for you bee, someone was asking me about their streak earlier, i know you can fix i but i didn't know if i should tell them to email support, or contact you personally..... and its not like its a big problem i'm happy just to say 'theres probably nothing that can be done but try .....'

Tell 'em to contact support 🙂

sound good, my policy will be contact support 'if your lucky, maybe they can help'

Why? I’m pretty sure Andrez and them have multiple windows machines without anything open?

Licensing. If RDP isn't open then CMN/Skidy/whoever can't run the licensing script, which means not only do the boxes not work very well, we could also get in trouble from Microsoft.

And yeah, one of the Windcorp boxes doesn't have it open, and trust me that was a pain in the rear end to license 😆

o that makes sense

I will give it a try via winrm and "quietening" the licensing fixes / making it more CLI friendly

i guess we never think of windows having to have a public facing port open for licensing

CMN does kekw

petition to change CMNs title to professional licenser

and a site license for 333000 users must be a killer!

Nah AWS handles all that makes it easy but the Windows boxes have been misbehaving lately

For as long as anyone can remember

They were fine when I first came here

you brought them with youi!

its ike the titanic, it was fine when i boarded

I scared the windows with my superior active directory

light will set you free

@native raptor you think I can completely rebrand myself as light and no one will ever know who I truly am?

i.e. you f'd up so badly that you broke everything

No

I mean it did all start when throwback was in dev so I’d say how f’d up throwback is broke it

I blame you for that

Hey side note -- does anyone have a winrm box uploaded

I think my reemaryland10gobrrv2 box might

Yeah, I've definitely got one or two

Go against YOTO

@native raptor I hope you know this was named after you

What is it...

When we called you maryland instead of muirland

that doesn't even make sense

markl;and make cookies

theres no maryland oracle

also hi @spring seal i see u on twitter a lot :))

you better not be breating throwback before i buy it

I know, i'm sorry for the confusion, I did try to ask for advise on what to tell people about extensions

I built it I can do what I want

hi I've been playing around with this (licensing patches that we (me) gotta do) out of curiosity are you going to be using standard desktop or just the standard w/ no gui, etc

Conclusion: I've got all the stuff that I need to do to work over winrm (so you don't need RDP enabled...just winrm at least pls 🥺 ) @torn kettle

Hello. I don't know if this has been suggested before but maybe could there be a room about noSQLI?

there's a couple challenges involving it but no walkthrough at the moment

It would be nice to have reset account option imo

#feedback-and-ideas the form there

This channel is for suggesting rooms, rather that site feature suggestions

Oke thanks

Arduino and electronics >.>

Sorry for the late feedback. This machine I was working on was a full experience installation although I wanted to try to the GUI less version working for faster transfer from me to other people if I want to maintain the secrecy of the box (ctfs, personalized 1v1, private matches.)
What ever does end up happening, thanks for reaching out like you did. Shows that try hack me cares.

Room idea: Elevator breaks down > you're stuck inside > you have just enough of a gap in the door for your laptop to grab the company wifi > it's not enough to connect to the mail server but you can reach the cached intranet page > you find a vuln that lets you deface the home page for the intranet and there is a service that checks for keywords in a marquee like "HELP. STUCK IN ELEVATOR" > you get rescued (given final flag) > you win the internet.

wt... 🤣

I was feeling a way, when I wrote that

Too much shodan Varg?

Wanna collab?

I thought you’d never ask!

You design website and write the tasks, I'll implement and upload?

Done and done

Could even make it a nice simple webapp hacking tutorial?

Something even I could potentially do, yes :)

Awesome. Lemme know what kind of vulnerability you want and we can get cracking 😁

I know James has an XSS room in the works, so probably not that

I’ll give it some thought today. Frustrating but fun is the aim.

any scope for a web injection walkthrough room?

sql, ldap, nosql, maybe ssti (although that's been covered a lot)

with some more advanced techniques covered such as manual blind sql etc.

I know there's a few rooms which do SQL, so was just wondering if there was space for another slightly broader one?

I haven't seen an SSTI walkthrough room yet.

I know someone's making one.

There is a room that has a small part on it, it also has JWT and... XXE I think?

Yep zth:Obscure vulns

Ah right

Well, I'd be very happy to help create an SSTI walkthrough room if the person creating it right now is?

unless its comissioned

ETA on that room submission is 2 weeks or so. Very close to complete

Also sorry didn’t realise that was hours ago

This channel doesn't move too fast, but @tough pasture ^ it's nearly ready

Ahh right, optional is working on it, I'm sure he's got it under wraps haha

thanks James for pointing that one out

@modest trail if you want anyone to test it let me know :)

Sweet will give you a shout once it's finally polished up a bit and ready to release. Just need to finish the webapps for it and all should be ready 😄 Mind if I DM once it's done and ready?

Yeah of course, it would be great to check it out 😃

It would be nice to have room(s) on advanced web attacks like on oauth, oracle attacks, second order sqli, ...
Sorry if this is not the proper channel to ask that

@mystic badge does bash have the suid bit set to 1?

This isn't a help channel @late parrot

need a room to go to celebrate licking a task

??

You mean like a feedback channel for room creators

we used to have one

it would be cool if there was a room for teaching static analysis of code and semgrep (https://semgrep.dev/)

No semgrep, but I've got some code analysis in the Wreath network, when it comes out

Hey this is an interesting tool

I mean we use SonarQube at work, but this could be interesting offline

binexp stack overflow room

@sharp bough You mean like https://tryhackme.com/room/bufferoverflowprep?..

Or any of the other BoF rooms

I mean a tutorial room for that topic

You mean, like the first task in that room?

Although yes, I agree, a full tutorial on buffer overflows would be good

I believe Robin had something in the works for that. @pine olive maybe you'd like to touch base with him and see what's up there?

O.o

Nice 😄

https://tryhackme.com/room/bof1 is also pretty good in terms of explaining the whole stack architecture, and about hand crafting an exploit. Though I found the windows bofs easier, this sure informed my understanding of bofs before that.

I'll see what robin's up to 😄 defo in my topics of interest

interesting I messed around with Brakeman a while back 👀

a room to submit and evaluate essays

And who, pray tell, is going to read through all the essays to evaluate them?

anyone who wants to

Crowdsource it?

tbh i got the idea wrong. i thought this was for room ideas on the discord

but its room ideas on the website

Correct

Discord "Rooms" are generally called "channels"

It would be nice to have a section on the rooms that links to "similar rooms". For instance, if I complete a stego room and want to do more stego. A separate tab, within that room, that is auto-populated with similar rooms based on their tags would be really helpful for continuing practice.

Use search bar to search for stego?

Put that in the feedback form on the site?

yeah, that works, but this is more of a conveniance request right. maybe i don't remember the tag, or know all the tags that are offered, but i do remember a room that i liked

i can then just go to that room and pull more similar rooms to it

for sure. just sent it through!

Awesome

might be a good idea to add rooms to folders, to allow for quick reference. I find some rooms really useful and would be good to allocate them to something like a "saved rooms" folder.

Again, if you want to put that into the site feedback form, it will get reviewed there @dusty gyro 🙂

I added a similar feedback this morning

I hope it gets implemented

An available option is: Join the ones that you like, and go to your Profile > My Rooms to see them listed in the order that you joined them. 🙂 If you want to keep the list tidy and not cluttered with completed rooms, leave the rooms that you have completed (or use the Filter completed option). That makes a Saved Rooms list. 🙂

I may be missing something but I don't see a "my rooms"

wait I'm dumb

I was not looking in the right place

Thank you for the work around I'll try and do that 👍

@somber crow do you mind if I pm? it's just regarding rooms that have been done before, and you know the rooms better than anyone I know

Heyy! It would be awesome if there would be a room about 'how to write reports' or 'how to document what we do efficiently and correctly' 🙂

There's a task on that in Wreath

O, good to know, thank you 🙂 I guess it will take me a while to get there.

It's not released yet. Still in testing 🙂

I am on defensive path now.

A, ok, hahha, but still, it is good to know that it will be on thm 🙂

Web Fundamentals Extreme for WAPTX preparation

ok

so

You want us to make a course

For a course

https://tenor.com/view/yes-jack-black-nod-nodding-approve-gif-5561693

There are rooms on most of those subjects already

have we got any rooms on LDAP injections, or similar?

I mean like something like a prep for the course
the Web fundamentals helped me alot in WAPT
so I was thinking an advanced version of that one

Would a room about phreaking ever be a possibility? There probably wouldn't be any practical tasks but i think it would be cool, as hacking was born from phreaking.

That most likely wouldn't be accepted

Why not? Phone phreaking has been patched everywhere and it's a super interesting topic

Can even integrate it with VoIP for some fun

Oh I didn't know it's been patched everywhere I didn't exactly know what that was til I googled it and thought it would be borderline gray hat as it says to make free long distance calls

Seems like a pretty cool idea to have a room on

I think it would be a very interesting room. It was the first form of 'hacking' if i am correct

It's a thing that'd be costing telco's money. They're gonna fix that because $$$$

Yea that makes sense

Is there a room with an open JDWP(Java Debug Wire) port?

Hi, is there any room fron practising port forwarding?

dont think so but i think its in a few regular challenge rooms as part of the box

Wreath will. Soooooon.

Try baked pie

nice thx

Guys what do you think about rooms wich teach you how to write hacking tools with python&bash? It would be cool 🤷‍♂️

New room idea 😁

there's a couple rooms on python and bash

the python one is pretty decent

intro: https://tryhackme.com/room/introtopython

https://tryhackme.com/room/scripting

challenge room there

It would be great to have a room based on Active Countermeasures threat hunting course or just a room based on the tool Rita. I just attended the workshop last day. 😅

A log poisoning basics room or sumn

Pretty sure the LFI room covers log poisoning

It does

@native raptor dialup noises?

send please a rooms privates

huh?

if you can send me private rooms, like for example ctf100

You can join them a /jr/ link

yo have anyone?

You cannot use that command here. #bot-commands and verify. You also don't get points from private rooms.

Yes I know, but I would be interested in solving a private room

Why?

every day you learn something new, right?

You can do that with public rooms.

also.

Private rooms aren't tested. There's over 300 public rooms to choose from.

Would a room about home router security befit THM? I know it's often the weakest point of any home network, and I'd think most members would benefit from learning how to secure their stuff. I'm thinking of a defense oriented room giving us tips and tools on how to interact with and configure generic modems and routing devices. Would that be within the scope of the site?

Can you make it interactive?

To be clear, I'm not qualified to make the room, but don't think it has to be interactive to be informative and useful, like some other intro to networking rooms.

Now if it's possible to deploy and connect to a virtual router-type box, enumerate its services, and interact with it I would find that very interesting, but I can't tell if it's possible

For the most part, rooms should be interactive. Rather than just quizzes on info etc.

ahhh

We could do something with PfSense but really it’s going to be hard to make a room about

This is also not a huge topic and can really be addressed in a paragraph or two of a blog post which plenty are already out there

pfsense could be a huge topic though

You can also emulate a home router image but IDK the licensing

It’s fairly straight forward and it’s a GUI. Trying to make a GUI room is a pain

Spooky yeeted firmware for a room I would assume same thing applies?

I'd have a lot of stupid questions to ask but don't want to bother y'all, I just imagined it'd be fun for a room to present itself in reverse from what we usually do. As a walkthrough it deploys unpatched and unsafe, but we'd have to secure it bit by bit, do software updates, modifying the gateway's default address, shutting down unnecessary ports, or out-of-the-box public facing samba shares and whatever other nightmares I can't think of, so that when the room's done we've made it better.

oo, that's a fun idea

so one for like patching a koth machine?

it's very interesting to dive around stuff config files, and quite cool seeing vulnerable services being patched.

If it's a web based interface it shouldn't be too hard

This would be good on a phreaking room

A docker room escaping another docker container built on it

how would that be different from a regular escape?

Oh no I thought it would be confusing... Like "I just escaped the docker container why am I not getting the flag... Is that a rabbit hole?? Arghh I don't wanna solve room any more, let's go to room bugs and report for this as bug." May be their first rxn

Just an idea... For practicing, like if got into this in a real world situation.

@spiral frigate if you mean nested docker containers, you're never going to see that in the real world -- it's absolutely horrible practice.

Docker container inside a VM maybe, but AWS won't let us do nested virtualisation, and VM escapes are very, very rare anyway

Ahh, I see... alright 👍

yeah don't nest docker containers

VM escapes are rare but do you have any statistics about cross-VM-exfil in practice? e.g. exfiltrating an SSH/TLS private key from another VM on the same host via Spectre or shared memory or whatever

Docker in VMs is pretty standard though for self hosted solution (if you don't have the manpower for a Kubernetes/OpenShift cluster, you'll just install an ESXi, out VMs onto it and run Docker inside)

I think escaping the VM sandbox itself is very rare

cross-VM would be the same unless there's a network linking them

to escape Docker, you can abuse OS-level bugs

or misconfigurations of the sandbox

so abusive

@fading oak ?

probably referring to OS level bugs andéor misconfigurations

nothing to see here, move along 🙂

true, hydra was using abuse a lot

what?

nothing!!

...

i realised that stuff doesnt happen here

Huh, dropped just today: discovery of the first exfil of /etc/shadow of another VM via Spectre: https://twitter.com/thegrugq/status/1366567688575668225?s=20

Oh spectre. Surely that's all been patched by now

Cross VM can abuse hardware bugs too

SELinux room

Is it possible to have more python learning rooms (cybersecurity related)? I learned better with THM, rather than watching youtube or reading through endless post tutorials.

Same like having rooms on libraries related on sockets os pwntools and much more....

This sounds like a selfish request, but I think I will not be the only one who will enjoy learning and benefit from those security/hacking related libraries rooms.

Wdym

just putting an idea for more python related rooms

Fine...I'm also putting my idea ....the decision is upto thm...and there is nothing sounds as selfish request as understanding about sockets and os is beneficial ...

Pwntools docs are maginfied to their best as in u can just read the docs 🤷🙇

Same as in for socket there's a lotta resources layin around 🙇

wow thanks for pointing that out. Now i don't know why i am spending hours to learn and practice hacking/security related stuff on THM everyday.

What I am trying say there is that there are introductory room materials, which really helped beginners to get taste of the areas whatever they are studying, but there is no the next level stuff. I could be wrong in this though. I have been on THM for only less than a month.

Add auto terminate as an option in rooms 🙂

It's been discussed before and turned down

reep

I'm very new to thm, so I haven't really deep dived into available boxes; therefore there might already be one or two. but maybe an ICS box? both offense and defense

There is already an ICS

let me quickly get the link

https://tryhackme.com/room/attackingics1

Hi everyone. What do you think about a room that explains port redirection and pivoting?

Wreath will probably have some

Yup, but I mean a dedicated room that explains the various methods and concepts in-depth

Wreath is an upcoming free network

But feel free to make a walkthrough room

Wreath guides you through it

Out soon ™️

Got it 👌

A history room!,,echo

A room featuring weaknesses in ssl and tls (POODLE, CRIME, BEAST), basically all the stuff testssl or sslyze report with an actual exploit to abuse the weaknesses.

A room about different types of VPN's

hi

Hi

I am new here

I can't join voice channels

This channel is for suggesting tryhackme rooms.
In order to join voice you need to verify with the bot

How can I verify?

!docs verify

any boot2root machines that use redis?

Res

Sub only 😦

Do you guys have a room for Man in the middle attack?

closest thing is borderlands, although might not be exactly what you are thinking

more of an intercept traffic thing

postman on hackthebox

This may have been suggested before but a Linux+ Learning path or at least a more robust linux fundamentals room/path would be cool. More basic then lots of the paths but would be really good for beginners. I had to supplement THM for the linux stuff which was fine but would have loved some additional Linux stuff on THM too.

Yup, that's being rebooted by CMN

he was talking about it earlier today

if you catch him in a VC, he could elaborate on it I guess

he said there'd be ~5/6 rooms in it, with more detailed content I believe

This has already been discussed greatly in depth and honestly at this point I have no clue what the conclusion was but here is what I do know, we’re a hacking site, there’s already a bunch of options out there for Linux.

did he mention that today

I don’t even know at this point, we have a lot happening all at once

yup, like an hour ago or something like that

just after his talk

you know what would be cool?
a hacking escape room
you need to use sudo, export and more to get your way out

You mean like a container?

Because there are quite a few of them

I think they just mean a themed room

So we have a room on Docker escapes, but maybe one on lxd and podman?

For April fools make a room that is supposed to be really easy but make it near Inpossible to hack

That just sounds mean

April fools

Not much of an april fool's

Someone please make it anyway 😂

It wouldn't get past the testing team.

Aw

It's a funny themed idea but it'll very quickly expire in the long run

it's a lot of effort for both creator & room tester for it to be purely for a day event right

sounds like year of the owl @native raptor

I have an idea

but I dont know if it is even technically possible

Index with ADS over a browser

I dont know how the web server would respond to ADS

hi

I'm assuming poorly

We definitely need more OSINT rooms!

If you have a good idea for one, why not implement it? 🙂

Always great seeing more community content on the site

I was just looking into how to do that. I didn't know I could make my own.

I just might.

https://tryhackme.com/develop-rooms 🥳

sherlock && phoneinfoga

You'll have your wish soon 😄

What would you like to see in a room like that, format-wise? I could totally see a place for phoneinfoga in my next room 😄

Why?

creepy

Due to a lot of black hat stuff on the darkweb, this will not go through the testing stage

room on onion routing? implementation, pros/cons?

That could be a pretty good idea

We already have a room on tor

i think it would be cool if we had a room about Sherlock, u know the BBC tv show

Copyright

I think even the original source material is still protected in weird ways

Im not knowledgable enough about making a room - I do have an idea about Windows Deployment Service tho

you can read blog on making rooms on thm or watch darkstar talk or john hammond video for room creation

Or maybe Scorpion

From looking at the exploits and attacks for it seems like it would be hard to virtualize. If you wanna DM your idea I can give you a good idea whether or not it’s even possible

learn windows 👀

i.e. that could be its name

copyright is a bit of an issue with themed rooms like that

Didn't they made a room about Tokyo Ghoul?

yeah that seems shifty IP wise

and Mr Robot too

"They" was a member of the community

Mr Robot was a vulnhub box

Ohh alright

thanks anyway!

Maybe an sort of how to use Security Onion? Seems like an nice opensource IDS/Monitoring/Analysing to me ?
Analyzing errors etc, sort of the same as splunk but for smaller companys more realistic to have in the arsenal ?

100% would love something on SO

I think it would be cool to have an sort off networking security path ( blue team focused ).. Mainly going in depth over different types of VPN, WAFs and other next-gen security tools were network/security engineers need to work with on a day to day base ? Pretty sure that there are plenty of company's willing to supply the vm templates ?

( I would love to help with working this idea out more in detail tho 🙂 )

Hi i have an idea for room. If someone can make a room explains how to write a report. And make a good report after any pentest operation. Thanks

Did you have a look at Wreath task 44?

Yeah of course that what im searching thanks 🙏🙏🙏

Configuration of VPN infrastructure and WAFs or the monitoring of those? The latter could be part of: https://tryhackme.com/path-action/blueteam/join

I think both would be nice!

Hey, I wanted to know how does tryhackme operates a ova file submitted. Like I want to create a tmux session to be available inside but according to specification a tmux session gets erased after reboot.

THM takes a VM file, typically OVA and uploads it to AWS to get converted to an AMI that can be deployed as needed by the room

So that means the box would be booted up every time from power off state

Yup

You could always automate stuff to run at boot however

@orchid elm that would be a job for an autogen script running as a service 🙂

Yes, going after it now.

Might already be in place in one of the existing networks, or planned, but having a complex ICS type network would be really interesting. And/or stuff involving activedirectory

And while I'm still the village idiot here, I'd be happy to assist with creation/testing/debugging of stuff. Software engineer by trade, with a tiny bit of cybersecurity background.

Throwback and Holo are both AD -- there are also definitely more of those planned. ICS is difficult to simulate, but there may be something planned along those lines 👀

"may be". Sneaky 🙂

Planning to do wreath this weekend (or at least start it). Throwback and holo sometime after. Definitely interested in more ICS related stuff, since I've kinda done some work there in the past. I see there are a couple rooms related to it (haven't done them yet, still working on the basics).

oh were building something like that at work

an ICS sim?

Reckon we could simulate ICS/SCADA on AWS Spooky?

Would be worth a shot 😁

the gear itself? I've got no clue

Perhaps a basic REST service and a combination of a mocking framework?

I'll tell you the vendors we work with would get super protective if their stuff was being emulated

imo, getting some of the guys from Dragos in here to write some proper ICS content would be the best idea

rather than emulating a specific vendor or protocol or piece of equipment, just having a theoretical knowledge would be helpful. Learning how to reverse engineer a protocol, etc.

of course. I'd love to see more content on protocol RE

I'm hoping some of that is covered in the malware analysis/RE rooms, but haven't gotten that far yet

but after recently reading books about stuxnet and sandworm, I thought it'd make for a good network

100%

you've given Muir some good ideas

\o/

Usually I'm good for being an example of what NOT to do. Happy I can be useful in this context 🙂

Trust me, when Spooky says "good ideas", he means you've given me a great big stick to hit everyone with

Hm. Is that a good thing? 🙂 🤷‍♂️

not if your name starts with J and ends with Ovnn

just out of curiosity Buffer, do you have any protocol RE sites/resources that spring to mind - I've quite literally never heard of it, so would love to take a deeper look at it 😃

I don't, wish I did. I used to work with offensive specialists and picked up bits and pieces in conversation, but don't know enough to be very useful in that regard. Which is why I want to learn more.

I hope to build a couple rooms in the future once I get better, but in the meantime I have ideas about what I hope is in the future.

Car hacking

satellite hacking

PCI

Hopefully I can contribute to the community soon.

Room Idea:
Writing Pentest Reports, tips and tricks!

iirc its covered in wreath

its a very difficult topic to make a room on imo

you need to switch from the CTF mindset to the vulnerability reporting, ranking, severity, etc mindset

Ohh yee, I get it.

Are there any restrictions to creating new rooms?

Legality mainly

!docs

!docs room-notes

!docs room-review

Legality and the stuff in there

+quality

Hei, I want to try to create my first room 😁 and I was wondering what Ubuntu version is recommended for my vm?

1804 server is the newest supported

You don't want to use desktop, it runs super slow on the resources it's given. 1804 desktop will not convert.

Aha okay so should I use server install image?

Yep.

18.04.5 I think?

Ay, thank you :+1: I hope I'll be able to create a room that we all can enjoy and learn from :)

Is network creation something normal users can do as well, or is that an entirely differet process?

Entirely different process, and needs a lot of input from the admins

I believe they've said they'd like to open it up to regular users though

But I'd imagine that's a longer term thing

Yeah. How the heck you would make the cost efficient I don't know. I've spent hours A) making those boxes as streamlined as possible to maximise the number of users, and B) talking to the admins about how many people we can stuff into each network, what the entry requirements should be, how many instances, etc, and we're still not exactly gonna make a profit from it.

I can't see how it would work, opening it up to everyone, although it would be really nice to see

I imagine it'd involve close collaboration with CMN, and maybe gatekept behind a couple good quality room releases

Yeah, I kinda figured that would be the answer, was just curious

Would be awesome to have a more red team vs blue team scenario, but I don't see that being practical

I mean, I'm currently brainstorming for the next one. I did actually consider a more blue team approach, but I am a very offensive minded person when it comes to security.

You're just a very offensive person

Also true

Def long term, the process is rather inefficient now

Something to look forward to I guess

would something on the upload page before the upload process that has steps to reduce size and thus cost be useful? something like

- remove iso
- remove printers, unused disks etc
- remove snap (unless integral to the box)

etc
like just for normal machines, not networks

Oh, it's not the AMI hosting that causes issues

idk how the billing is, and how much of a difference these would make

ami?

It's actually running the things

OVAs are converted into AMIs by EC2

That's the conversion bit of the upload

does the size of the machine not contribute to the cost?

It does, but not a lot

Remember there are also Windows machines around with 60gig hard disks attached to them on THM

ah i see

I'm guessing the cost is in the vpc/subnets/etc that have to be created for each network instance

That and actually running the boxes themselves

EC2 costs a fortune, especially on anything other than t2.micro

Pennies per minute quickly adds up -- especially when you're dealing with lots of boxes

And it has to be 'always on'? You can't do something like ECS or fargate?

That's why the sleep function exists

VMs, not containers, so no ECS

Same thing for Fargate.

yeah, was thinking that some stuff you might be able to containerize

It's not an AWS pentesting lab, at the end of the day

true. But you could still hook a container into your subnet and vpc, on demand

I wish Containers would be lovely

This is probably a bad idea for several reasons, but what about having different levels of subs? Or a "pay for what you use" type sub, that means the person running networks 20hr/day pays more than the person doing a few rooms a week.

THM used to run on credit, and I know the admins are hesitant to tier anything

That was actually considered at one point. The admins didn't want to tier it though

fair enough. Figured it would be a non-starter, just throwing out ideas

For a bit of context, there is 1,820 AMi's right now haha. Not all are uploads from users/boxes that you deploy (but I imagine that's <100 I can't really count it too well)

A "room dev 101" room is in the works for things like that (i.e. tips and tricks) but it's literally like the last item on my never ending list

And that's after a good clean-up too phew

Sounds like you need more code monkeys 🙂

This wil probably break the community to.. Because the people that are always online and helping etc will be the ones that pay a lot

I think it was smart to ask money for the network and also fair towards the users and thm self

a walkthrough room dedicated to hacking wordpress?

wpscan, how to read the output
malicious plugins
malicious themes

• other ways i dont know that exist

Room submissions is gone, but it was in there

ah rip

It's a good idea and something I'd really like to see

Hey @sudden garnet! Some of that is included in the Cyber Scotland 2021 room (Task 4), which certainly can be expanded upon further. 🙂 https://tryhackme.com/room/cyberweek2021

I'd love to see that developed into a standalone box

I would if I technically owned the material. It was done as a contract for SBRC and technically belongs to them

So write similar content from scratch. It's faster once you've done it before 😉

Hey admins, I and a friend have recently created a new room and it was published just few minutes ago, can u guys test it and evaluate it?

It goes into the testing queue where it will be tested+evaluated by the room testers

where can place it in the testing queue

What do you mean?

So you means once the room created and the box is uploaded its automatically in the testing queue

Not seeing anything new in the queue. Did you set it to public?

Yes

It's under

What's the room code?

You sure?

That code does not exist

One second please

Found it

Great btw, we where testing the flag submissions should we reset it

So, it's not currently set to publicly accessible

Flick that switch and it will get added into the queue

Alright

Done

@native raptor you leaked the room code

Hello guys, i have suggestion, maybe not something that is in your business strategy, but still... 🙂 I was subscriber for more than half year. I will continue my subscription, but not for next few moths (btw, THM platform is awesome, thanks ). Anyway, i can see that subscription only rooms are now disabled and that is totally OK. But, I would appreciate access to walk-troughs that i finished, even VM attached to room could be disabled, but knowledge base that i could recall is gone. And as ex-subscriber i could have some advantage over non payers as appreciation for supporting platform. Just an idea, keep a good work going, thanks 😉

#feedback-and-ideas

This has been discussed before, no? Might warrant a faq entry

#feedback-and-ideas

#feedback-and-ideas

recursion

ah @icy trellis you there

I’m here

fast, you might actually beat ninja one day

There seems to be better free rooms than paid rooms. In my opinion, subscription only helps one to get certificate of completion of a path, plus gets to participate in networks like Wreath. Other than these, there aren't much differences between paid room and free rooms, such in style of rooms, tasks and the level of rooms. As a subscriber myself, I don't notice which room I am in whether it's a free or paid.
I understand that not many people will be on the same boat with me. THM is indeed more toward beginner-friendly platform, and without a doubt, it's a great learning platform for beginners like me.

In short, I just want to say if anyone is writing a room only for subscribers, make sure it's worth for paid students.

On the other hand, there might be things I am not seeing. I am only at level 8. I have't much explored medium and hard rooms yet. So feel free to tell me if I miss anything.

In short, I just want to say if anyone is writing a room only for subscribers, make sure it's worth for paid students. - Usually, creators are paid for sub only rooms

So yeah, the admins are there to make sure it's "worth it"

I am now relieved to know there is a process for such. Thank you for the information.

Something like wreath, I'd be willing to bet Muir got paid for.

As a subscriber, you support the platform grow. Besides more rooms, you also get: 1. Unlimited time on the AttackBox, 2. Rooms deploy with more memory, 3. Access to Learning Paths. 🙂

Thanks, @cunning thunder. It's funny that I never noticed those features because I only active as a subscriber. Now I realized how dumb i sounded for expressing my doubts over benefits of a subscriber.

No worries. Thank you for subscribing and enjoy the content! 😎

I wanted to create a room and have a idea
But not sure if you guys would be interested
Actually it's from a bug that I founded in a website recently
Anyone willing to hear it in voice ?
If no ,
Where should I post it ?

tag me in case anyone replies

The knowledge base documents on the TryHackMe site might be of help to you, especially the Room Review Process document. https://help.tryhackme.com/room-creation

Probably a bad suggestion, but just throwing it out there: What about rooms related to various wifi protocols? Bluetooth, BLE, etc? I see only a single room with a search for "wpa". I know that doing any kind of simulation on this solely within THM would be difficult, so it would probably require it to be more of a walkthrough with your own equipment, but it would be interesting (and related to reverse engineering communication protocols).

So there's been some investigation into this, you can virtualise wifi now but it kinda sucks.
Making rooms where you need your own hardware to follow along kinda sucks, as someone who created the Wifi Hacking 101 room

Yeah, wifi is maybe harder- I personally have several extra routers/laptops/etc I use for my security labs, but I know most people don't. But I'd love to learn more about bluetooth, or just any protocol, really. NFC, whatever. Seems like there's some interesting attack surfaces there that don't get a lot of information

A lot of my interest in security is defensive in nature- how do I, as a developer, make my systems harder to hack/break/exploit/etc.

Something I'd love to see is a walkthrough room that actually explains each vuln

Something like an application logic flaw, or unsafe handling of something

absolutely

A lot of what I've seen so far is more "copy/paste this command", without the background on what it's doing or why it works. With some notable exceptions (wreath, as an example, or the encryption 101 room you made)

and maybe that's just because I've been sticking to the path and the easy rooms

the file upload room was another good one, actually- that made me think of a lot of things I can do, as a developer, to prevent those attacks

I love the fact that 2/3 of those rooms you just listed are mine

🤷‍♂️ you do a good job of going into the theory and background, I guess

for me, the "why/how" is just as interesting as the "what", maybe more so

And I don't want that to sound like I'm complaining about the content- I'm absolutely not, and have already learned a ton in my short time here. You folks are all awesome ❤️ 🙂

Walkthroughs are essential for learning, especially when you’re a beginner.
And I’ll disagree, I always see lots of detailed explanations surrounding the “copy paste this command” and I can honestly say I owe most of what I know/accomplished to TryHackMe walkthrough rooms.

Hello, are there currently an rooms touching on the topic of email spoofing? I only found ctf GoldenEye with the "email" tag. Otherwise a room explaining SPFs, MX record, DKIMs etc could be pretty cool.

Totally agree that walkthrough rooms are essential for learning, just saying that in some/many cases, I want more background detail in those walkthroughs. Even if it's just optional links to further resources that don't count towards the room, it's extra information I can add to my notes.

They offer a loooooot of extra resources/links/materials in the walkthrough rooms.
Anyways, I guess they can’t please 100% of the audience, no platform does, but I’m confident to say that TryHackMe and INE are the best platforms out there now for learning/practicing/developing skills.... in my humble opinion, that is.

Yeah, like I said- I love the content here. Definitely not complaining

Hey guys

How does a room related to elearnsecurity courses sound?

So we can answer questions after reading the material instead of just reading the material

I believe they would need permission from the course creator.

Yes, of course

hello i'm creating my first room, i need just to upload the .ova file ?

Yes 🙂

thanks! i'm creating the room then i'll post the link, hope you guys will enjoy it

If you're trying to make it public, please set that option in the room manager rather than just posting the link -- public rooms go through a review process, then get released officially 🙂

ahh ok, didn't know ! thanks for explanation

(Also just given you access to #creators-lounge so you can ask stuff there)

https://help.tryhackme.com/room-creation

ok i'll ask for joining #creators-lounge ! thanks again

Np 🙂

Another random idea: oauth. What are some common attack methods, and how can we defend against them (configuration settings, IDS/IOC, etc.)

Another idea: what about DKIM and other email authentication systems? How to look at email headers, how to detect spoofed/phished stuff, that sort of thing

This article (and others like it) is what makes me curious about protocols and wanting to learn more: https://petapixel.com/2021/04/01/critical-vulnerability-affects-bluetooth-enabled-cameras/

(as someone who was written protocols in the past, I'm curious what steps I can take to make future protocols I might have to write more secure)

Possibly an idea for a network? Or maybe different services running on a single VM? https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

Another idea: walkthroughs on properly configuring a certificate for a web server/email server/etc. ?

I had a look at this and thought it was pretty neat. I think I forwarded it over to Muir. It'd be cool to see TBH. If you're a dev, I'd highly recommend trying out some room dev. It's good fun.

I do actually intend to create some rooms at some point, would love to, both for personal interest, and to give back to the community. Just not sure I have the necessary skills to do it (yet). Working on it 🙂

For me, it tends to be sysadmin skills and webdev skills.

i figure web dev can't be that hard, minus javascript, which I try to avoid

You can do some interesting stuff without frontend, but frontend is a great place to add flavour to your room

It's on my TODO list. Along with a million other things 🙂

I'd actually be totally game for helping to create a room(s), just not sure I'm ready to do one entirely on my own yet

I'm a software dev, but don't know a lot about security, so my knowledge areas might not have a lot of overlap with what's needed

room creation is a lot of fun because you really have to research your exploits that you want to use and make sure they work

Yeah, and since I'm still a noob here, I'm not sure I'm qualified to be teaching the rest of the noobs 😉

at least not when it comes to exploits

everyone is qualified to teach something, just play to your strengths

My strengths are in software dev, though, which doesn't seem to be applicable/appropriate for teaching here

you can a walkthrough room, it doesn't have to be a challenge

true. If there's demand for it, I could try to put something together. Not sure what the focus would be. There's already lots of good resources for learning to write code in various ways/degrees/subjects/etc.

A walkthrough of hacking a machine/webapp is a good start; it's how I started with boxdev.

Yeah, I feel like I'm not yet qualified to do that one. I'm still a noob in that regard 🙂

Probably a dangerous/unwise idea, given the amount of young people coming in and/or wanting to do unethical things, but a room on using something like CheatEngine could be interesting. I tried to create a college course on that some years back, but it got shot down. Would involve some assembly language knowledge, reverse engineering, memory management/understanding, etc.

A lot cheaper than IDA, probably easier to learn. But a room on IDA would also be interesting

Ida freeware is good

I have hardly used it, and not in a couple years

Hey all, was working through the John room when I realized that I need to update to the bleeding-edge version on github. I have no idea how to use git-hub and I know that pretty much everyone uses. I think a room that teaches how to use it would be a great addition to the "Complete Beginner Path" somewhere.

That room is planned but the one planning the path got tied up with other stuff

I know how that goes 🙂

Another idea: how to set up a home-network monitoring system. I.e. wireshark for not just the local device

https://github.com/docker/dockercraft 👀

is this a dumb idea? probably. but could be interesting?

also its old but probably still works (hopefully lol)

i really hope a room on that doesn’t get released

This idea is even less practical than many that I've suggested: What about a red vs blue/koth style system where the defender is just modifying code to a web app/api- perhaps something similar to the in-browser html editor for the recent html basics room. So they'd have to find and rewrite the bad code before the attacker can exploit it. Things like sql injection, bad oauth authentication, etc.

My first room was on the fun you can have exposing a git repo

which room was that?

Git Happens

Still need to fix a bug with that one though...

Current version of Firefox broke the crypto library...but it's not important to completing the room

I haven't done that one yet. Adding it to the list

On Docker? Have you visited the docker rodeo 🤠

no docker is great, i meant that docker/minecraft combo thing