#general

😅

Yeay, likely.

It's loud though!

So loud i probably gave free calls to everyone on my street

Ikr😂

I have an occarina, you can completely break it if you touch the main (thin) sound-making-thingy wrong.

Finetuning sounds is hell.

Ooh nice. Is it a stone/terracotta one?

Uuuhhhh, I don‘t actually know what the material is called in english.

It‘s like, burned stuff.

Say it in German

Second.

Those! Yup!
@bit

https://youtu.be/-74jf8GTX9g?si=L2wpUx-s147Xpd9f

Minute 18:30

Strohbrand.

I see, I see. You went out doing that?

Seems like fun!

we got super happy we'n we fing bug in our frind website

Ahh ok

https://theocarinanetwork.com/what-is-strawfire-t6893.html

i find passwd bug

That was me today. At 2am. Wrangling with a GitLab Terraform CICD Pipeline that ran amok and took up the resources allocated to our terraform training cloud instance, 25 VMs, 25 routers, etc.

Hahaha 'does the maker smoke it like fish' 😄

Lol

And I didn't notice the destroy job wasn't triggering because apparently it's gotta be imported and EXPLICITLY CALLED by extending the cleanup job in the GL TF template action.

you doing some old school phone phreaking????

Ooooohhhhhh

(Playing 7 days to die)

Me: "I can make bacon and eggs."
@gray sonnet : "No, I wanna die first"

true story

@lament tendon since you are from germany... watch movie called Die Welle

Yeah, what about em?

I read the book.

Hey, you good?

Am alright Broh. How are you

oh you went to a rodeo? heck yeah!

My dad used to compete in the bull riding events

oh wow, that sounds so cool

Part time penetration tester Huh...?

How does riding a bull sound cool?

How does it not?

https://tenor.com/view/giddy-up-cowgirl-bull-rider-gif-19832825

#general message

oh damn

nice!

well used to do that

Gratz Hymn!

What about now

Now I'm a part time pentester lol

From my point of view its just riding an animal

i want to make a joke so bad

Hey Hymnosi

I respect the restraint, Haber 🙂

I bet everyone has noticed that

why did you choose the word "restraint" to follow that up 😭

because you are a monster.

im about to hack the mess out of the hill, I will be king, bow down to me all mortals

Whats that? Discord..?

on tryhackme king of the hill

Yah. It's the ultimate game of... Some cool words about competition...

(Improv is hard)

I am currently trying to lose weight, but still want to snack, so I found some sugarfree ice pops, they quite good

it's the most nerdy sport imaginable

Ooh, Love ice pops.

I am so thirsty, but I don't want to make my dog come inside

Yeeees, currently trying out a cola ice pops

You got Blue flavour?

3 calories per pop, I am not sure

BRO

Well if there are any blueys, that will do for me. Thanks Bella!

SEND ME SOME

only 3 calories

gosh

I'm graduating junior college, big stuff coming up, so will start again when I start going to uni

I'm going to die

precision engineered isn't the same thing as reliable engineered

Haha, you made haber go FULL jock

I've gained weight since we found out about the baby

a good bit muscle, I'm still estimated at about 15% body fat

but now I'm 180 pounds, I was 155-160

but I also focused more on fighting and weights, and less rock climbing, though I've still done climbing exercises to make sure that I can climb when I need to

what are you studying

Less Climbing? whats happened to you?

I am currently 220 pounds, and want to go down to 185-188

Money and time

Really

Cant afford the membership, couldn't even afford groceries this month

luckily our in-laws bought us some

We could've pulled from our emergency fund if needed, but trying to avoid that

Damn man. Shame you're slightly outside of the delivery area or you'll be getting some super unhealthy pizza to chow down on curtosy of Duke Esqy pizzas

Hoping to find ways to make some extra money, while still having time to take care of my wife, and have time with my kid when she comes

Esqy, you want to start a shop in Denmark, I don't mind helping out

Def achievable. My longest fight was 265 to 155

Freelance climbing instructor?

I am NOT good enough for that lol

Hehe, I know that feel 😄

I muscle my way up, not very skilled at it lmao

Definitely possible, I did this although from 95kg

Yeah, I have already kinda done it before, but the big sad and overeating took over 😅

Well, if you need any help getting any side-hustles off the ground, you know where I am.

I did too, went from 95-80kg in 3 months

Yeah, I understand. I think the stress about being such a young, financially instable dad made me gain

Thats ok, Haber. You're clearly surrounded by an amazing support network. Both physically and digitally 🙂

Esqy, you didn't answer my question, you wanna start a shop in Denmark?

Only have about 6k in our savings, need to try and keep upping that for emergency fund, and hopefully a downpayment eventually

Bella... Are Domino's over there yet?

But with current standings, I'm breaking even with my checks, hopefully my recent raise helps that

Dominos tried germany, but i guess pizza just isnt what german folk needed/wanted at the time

7 stores, 4 permanently closed 2 temp and 1 is open

Hmmm... not great confidence in it...

Right as I ordered dominos I come here and it’s being discussed lol

Lol

Yeah, sadly

You know what I do for a living, right Emz?

I haven’t had pizza in a hot second

No

Magic or smn? Idk

Work for Domino's lol

Oh, My family own a chain of Domino's. I do maintainance and other support

Interesting

Also Magic, but thats in my Woodshop 😄

Do you guys serve garlic fingers there

People, could you share any resources that you used for learning the networking stuff? I did some TryHackMe and HackTheBox academy modules, but I would need to understand better the http request headers for example and more concepts. I will also dive into Portswigger, but maybe you could recommend me something else...

Nope. Just garlic bread. I'm sure I could make them though?

portswigger is more Web stuff

Must be Canadian thing

Hi,
I was contacted by a company called "Hi-Tech Talents" offering me a remote job (Backend Engineer) for a company in US called "LTK" for 5k USD.

I am 100% sure that they are fraud based on the conversation we had and used terms like "machine is packaged and sent to me" if I get accepted. Plus they were from India (no offense) and it is pretty famous for such scams. They even sent me a coderbyte assessment which I plan to start, write some blah blah code and submit in 1 minute just to see how it evolves further.

https://www.hitechtalents.com/

What can we do to such fraudsters as Cyber students?
Is it legal to do some recon, run some attacks on their websites?
What else?

That sounds delectable

TCM Security's Practical Bug Bounty course

Nope.

Never heard of Garlic Fingers before

If you have to ask like that, it's probably not legal

lol it was trial by fire in my case

Maritimes food

iirc

Aka where I grew up

work being like figure it tf out

Same

Break shit until it works

We got garlic knots

Not fingers

@boreal scarab how’s server

server going brrrrrrrrrr

i can hear the fans from here

Based

Think the server is processing 1 thing right now, haven't had any issues with it

OH, and the 128GB ram just shipped, so getting it by end of the week

256GB here I come!

run hyperV server on it

It's running TrueNAS

Probs what a lot of people are doing post Broadcom

yeah, that's what we have all our server's running at this point

I'll check it, thanks

Gave +1 Rep to @bold dawn (current: #76 - 78)

just swapped one out

absolutely tf not

Proxmox or XCP-NG imo

mods ban him

thx

?

no hyper v

microsoft bad

Kube Virt!

I will get my cowboy hat and make you eat them words

Oh, @hot cairn I got PiHole working on it 😄 The speed of it updating it's gravity list compared to a rasp pi is INSANE

Well, you did like, 500x its performance

Xeon's go brrrrrrrrrrrrrrr

And no SD card

Copied the config from my old to that. Just need to set it up in it's spot, get everything connected, and then I'll swap the Rap Pi PiHole DNS on my router to the server PiHole

I wanted to steal that switch from you lmao

Yeah just let me ship it via ups

You better not lmao

This is so fun!

glad you're having fun!

😃

@hot cairn Here you go, https://open.spotify.com/track/65uoaqX5qcjXZRheAj1qQT?si=dced8f55c3074dde

Some French music XD

Oh yeah I guess the radio in Quebec is mostly french

Shame it's wrong...

Other wise it would be right :joy;

i had to do it... @hasty sand ❤️

So are their elevators, road signs, everything

Aww, Thats really nice 🙂

Oh I had TONS of fun driving in Quebec......

And fun waiting at the border

Montreal is special

It's a special kind of special

That’s incredible! Thank you very much, is that 3D printed & printed on top of it?

Gave +1 Rep to @loud marlin (current: #26 - 282)

good evening

not 3d. laser engraving on bussines card size. 2k pic with IR laser

The stand is 3d printed

Time to ship it

this man is the reason i started cybersecurity

Gotta Hax 0day's address via clever social engineering now

if you have some pic you have in special folder of memory fell free to DM to engrave it. im quite full of fun with laser 🙂

pretty sure he has a PO box :p

No doubt

I know his address!

Unless he's moved.

I think he's moved by that image

I mean he probably knows mine tbh

https://tenor.com/view/funny-uh-ok-shy-gif-13015578

playing with fire

He knows I know.

I dm'd him ages ago

And asked of it was really that

I only have his phone number

I have his discord username

And even then, it's only used for pranking him during live streams.

Elite Hax0r over here

is no issue to make few pics and send it via mail. you never know 🙂 might buy some plate or might some wood plan or smth. will do on slate for sure heh

You mean 31337

"your pizza is ready"

Heey Vibes. How goes the challenge?

Anyone used Eaton UPS before?

was getting through it and exams hit

https://tenor.com/view/package-ups-ive-got-a-package-legally-blonde-mtv-delivery-gif-21999087

so ive been off of cybersecurity for a bit

Ah. Focus on them first. Hence why theres no time limit 🙂

i was even on tv while i was gone

been busy

Of course you were, as thats a totally normal thing to happen 😄

do u need a openvpn to participate in koth if so where do i get the key?

Better be my server and not an empty box like last time!

basically im in the MUN club, its an internation thing where you represent a countries political thinking and you debate like in the UN

it's better... an empty box inside an empty box

and it was hosted in a school near me, where i was in

https://tenor.com/view/rc-staff-keller-bar-box-surprise-gif-17277056

and i was there all swag in a suit

Ahh, some US high schools have a mock UN. Seen lots of sitcoms featuring it

That is true

I will mail myself to you... DM address

well in my school next year they basically designated me as the president of my school for the club bc im the only person in my year bc everyone else left

||1600 Pennsylvania Avenue NW, Washington, DC 20500||

Don't tell anyone, it's a secret!

and i was the only person actually participating

PO Box... 😂

Lol

jokes on you, I work there

🙀

🙀

so does adam sandler

🙀

in the movie pixels

🙀

So what's the right ans ... please tell me

🙀

that's a good movie

Same VPN/network as normal tryhackme content

The answer is highlighted in the text material.

Wouldn't that be cheating?

Someone called me a monkey today so i called them a donkey😎

where do i get the key?

agreed

/access on tryhackme

what there?

1600 Pennsylvania Avenue NW, Washington, DC 20500

HUH

(white house)

im confused

white house in usa?

yes?

ooo

i live there😎

as in the only white house

Vibes - Nice about me

@bold dawn You got that BDE?

what

Kali BG

Big Deck Energy?

kali linux

im confused

same

https://tenor.com/view/i-am-confusion-kansas-arkansas-map-usa-gif-10525591

CHEF MIMAL!

https://cdn.discordapp.com/attachments/680459914828972076/1204524840908890152/iu.png?ex=65d50c2d&is=65c2972d&hm=c0e367ca79ad6a0852bdb1fbb8e933efbf5c74ff05a97f576aaed853e3a73e24&

Thats Backtrack3's Logo

hehe

HEheheha

let's confuse ppl more

i use backtrack sometimes

Yes! Bow to our oldness, you young whippersnappers! (and get off my lawn)

im 17 this year

that feels weird to say

im growing old

Yes! (but i like your lawn i sleep here?)

Yes. Old. I'm more'n double your age, Vibes 😄

I'm getting too old

I'll be your lawn mower

yeah well

and i'll be your lawn sleeper

im starting

mowing the lawn is the only thing you have left when you hit a certain age

to

ge

t

old

Just had to bend down to unplug my ADS-B because it was acting very slow. ooh boy

There we go, ADS-B is working properly again

Yes!

CPU is a nice and toasty 58.4 C

All this time, your poor 3D printer is gathering dust.

Emma has ruined you.

YAYYYY I JUST GOT IN JANS SSH IM PRO!

https://tenor.com/view/the-simpsons-homer-exiting-uncomfortable-leaving-now-gif-2537108106024763419

Whos emma

Heck yeah 😎

oh wait.. no, i wish

U Esqy look

My CPU is −273.15 °C 😎

😎

Emma is some sort af android who's enthusiastic about having more storage any anyone on the planet

Ohhhh okay!

@glass nest im doing ollie on slate. bit extra quality... prob need 1h =/ since is 2x pass

Read the task

I am enthusiastic about being a badass

It has been collecting dust, but since my server has arrived, I can focus on my 3d printer again, wanna know why @glass nest ?

PiHole is running on my Server now, and I can take back that Rasp Pi to use for OctoPrint

https://tenor.com/view/stonks-up-stongs-meme-stocks-gif-15715298

everytime you mention your laser, I get a pang of guilt for not fixing mine

goot to know... will mention it more then hehe

Hmmm.... I'll accept that, Beerise. For now.

Same im very badass bc i go around and i fall and hit my head and people start looking at me because im so badass

😎

https://cdn.discordapp.com/emojis/874369410398322719.webp?size=160&quality=lossless

Hi everyone wassup 🙂

okay what is going on? lol

Howdy howdy!

@hot cairn ZFS is going BRRRRRR

kekw

Mmmm donuts.

guys is there a way to get a free preminium xd

Yes!

how

Highest temp my CPU's have gotten is 35C, nice

Forbidden bubble gum.

https://github.com/xoreaxeaxeax/movfuscator/tree/master what the

Win it in competitions, Or find a place that will give you free money for just standing there and process transactions for customers. At the end of the month they transfer YOU some money... Use that money - Boom. Free Subscription!

yummy

The secret is, you can do that every month!

Mmmmmmmmmmmmmmmmmm 0.7GB free

unused ram is wasted ram

0.7GB goes to ZFS

Lol

Cmon Darkhub. It's not cool to come on here and look for a way to rip off the company that literally runs the discord of the site

My 128 disagrees

Sorry...I searched a lot as well but I couldn't find it

@loud marlin

Thanks a lot 😊

Gave +1 Rep to @sick lance (current: #2 - 1930)

https://tenor.com/view/death-note-gif-25260320

This is safe, right?

The surface of the sun is 5600c

remember this moment ?

So it's normal?

totaly safe and normal

Ah, good.

For a second, I thought it was too hot

Phew

today i learned that cyberchef has extract MAC address recipe function.

that's too cold... you must barely be using it

It's sitting idle, it'll pick up

Wait

It isn't cowgirl?

HEY

yall

look at my role

yay

Check my role now

im 0x6

Esqy clan!

@glass nest can I join ur clan cult, I need free pizza

Haha, There is no clan 🙂

Used to be 😄

you can add cheese to it too 😂

Don't tell @sand trench 👀

https://github.com/estebanpdl/osintgpt

Whats that, Champ?

posting random links on a hacking discord with no context is kinds sus.

Honestly powershell on linux is the best

uhm...

bash is better

is that legal?

@main kraken congrats on lvl 6 bro!

meep meep

VROOOOOOOOOOM

https://tenor.com/view/meap-phineas-and-ferb-phineas-and-ferb-meap-meep-gif-14038245

that the wrong one

smh

https://tenor.com/view/jaja-hahaha-run-running-running-away-gif-14097702707561656636

where do i get help?

#room-help

#site-support

Doctors, counsellors, psychologists, then hospitals maybe

but its not for the site or a room

what is it?

ask your question here then and we will see if we can help

capture the flag

what capture the flag?

active competition or a old one like owasp juice shop???

can u use a rsa private key to login with ssh without password?

dunno which one but one from hack the box

https://tenor.com/view/orange-kitten-orange-cat-cat-waddling-cat-waddle-waddling-kitten-gif-26256461

can't answer if it is an active ctf competition

cannot help you, sorry

oh nah it ended

you may be able to find your answer on google

Don't y'all love random as hell cuts appearing and bleeding for no reason?

depends on how the ssh settings are setup and/or if the key is encrypted or not

got 2 random cuts on shadows right thumb today but no bleeding from them so that is good at least

Yeah, I have a bruise on the back of my hand. no idea where from.

not backhanded anyone recently, even a little bit.

Got a cut on my left elbow, bleeding, but I didn't hit into it or anything

Hey

hi

you just snapped the skin by moving it to quickly while the skin was dry

Fun

that is the only thingy shadow could think of to cause it

@sand trench can u use this file to do the ssh login?

Swagger - Looks like you might have some research to do 🙂

ok

yoo no way

thats the best i got

congratz

thx

nice!

but next time click the button for word history to make it even more fun with the stats

yea

thats almost double the average expert typing speed for my age

is the ssh key like a traditional password or what

It's like a key.

nop at all... but it is the key

So instead of whispering your password through the door, you just use your key.

this is about shadows average anyways

whats my key

The ssh key.

🔑 ssshhh

wheres that

Look up SSH commands, and it will tell you how to use it.

oh wait

i got two of them

when you create ssh key, they come in pair. the 2x files public one and private. and to work properly both keys are needed

is it this one?

There we go, connections are being made. so now you have some search terms.

looks like you should look into public private key pairs and asymetric encryption

oh so its like that

like normal hashing

then i got it thanks

good night yall

Wow. that was easy 😄

https://tryhackme.com/room/networksecurityprotocols <-- Task 3 on this room.

something like that... but more in-depth

Let's a go

Hi, I'm encountering a problem on the "Retro" room, can someone confirm something for me in a private message?

You can drop your question in #room-help

May aswell use the whole community 😄

I will definitely DM you, I really appreciate that. Means a lot that you’d go out of your way to make that 🙏❤️

I was only told recently, man. So sorry to hear. I ate a Large fries in memory of our hero.

How long will the Red team Capstone challenge last?

What happened?!?

Yes, sorry i've just arrived here and I doesn't found the room before... i need some hours of sleep i think, thanks for your help

Gave +1 Rep to @glass nest (current: #19 - 381)

You know what, some times a little time away from the screen helps. You come back with fresh eyes

i use eyes.refresh()

Or be like me, drive for 8 hours, with 1 stop for gas. Your eyes would be your best friend

And you'd be married to a server

required 2fa on github going forward. any reasons why this isn't a good move moving forward?

GitHub outlined some reasons when they initially rolled this out

Because it's a hub of gits? 😄

haha

ah yes, i was more so wondering from this community's perspective.

https://tenor.com/view/the-simpsons-homer-simpson-wedding-bride-marriage-gif-4434861

just wondering is it allowed to use tryhackme's vpn to play minecraft with friends 🤔

just wondering… why?

definitely not the intended usage

free vpn prolly and to get on the same lan

ah, to do local play

anyone know why i cant run a .elf file on the attackbox

definitely not allowed

execute bit not set
missing libraries
it is not actually an executable file
and more

this was an executable created for a payload using msfvenom

when i try to run it from the prompt it says permissions not allowed. double clicking just says there's nothing to run this type of file with

chmod +x

ok ill try that

so it look like it ran because I didn't get an error but there's no session in metasploit

think its permanent

Hello, can I bother anyone with a simple sqlite question

@mossy river would probably be interested

btw hi jabba

https://tenor.com/view/patapon-pon-pata-gif-23780416

huh. that bot has been here since october but was just sitting idle. no message history.

@shell nova @whole yew

@boreal scarab

shit

@molten sky

i meant that to be a reply

@boreal scarab *

@molten sky

I didn't

Done!

but that was only the bot's first strike

👋

https://tenor.com/view/thirsty-water-fall-gif-16327653

knowing how heavy those are yeah can see that happen

heavy? they aren't heavy
what they are is awkward af to lift like that cause of all the sloshing around and unsteadiness

water is heavy

no u

every litre ways a kilogram

Water is wet

i would guess more than a plate

40, 45#

what is that, like 20 wrong units?

Bourbon burn

what's heavier? one pound or one kilogram?

one pound cause kilograms are fake

a stone

A kevin

welp another 503 error

feathers are the heaviest

@slender scaffold

👀

whats applying weight on u from the top is heavier than what u refering to as heavy applying weight on u attractin u down from the bottom
the air u bust up and the sky is heavier than what u call heavy, its a notion invented towards an indirect comparative end, not to be an absolute tag to refer to as a propriety, 5kg heavier than 2kg or water is heavier than calcium is just not a statement at all (like this one right here )

shadow is permanently squished by 1 atomspheres worth of pressure

xd

and it just fixed itself

can a @grim sparrow ping this statement

im so proud

sheds a tear

1st time watching tib3rius livestream

https://tenor.com/view/sweet-victory-spongebob-sweet-sweet-victory-superbowl-gif-13419935

https://tenor.com/view/bird-call-red-kite-robert-e-fuller-calling-making-sounds-gif-6416278871433483267

birds act weird

few ppl know y

notice their head keep tuning abruptly

u wouldnt get it

There drones off course

https://tenor.com/view/birds-arent-real-gif-25870126

https://www.msn.com/en-us/money/other/canadian-woman-uses-costco-chicken-price-misprint-to-spread-political-message/vi-BB1hLpVN?cvid=823885871497498fb5598117b32cc918&ocid=winp2fptaskbar&ei=9&sc=shoreline

https://cdn.discordapp.com/attachments/685171460804837397/1204208544849731604/1707169768216.mp4?ex=65d3e59a&is=65c1709a&hm=4de1ee92ab0568c32e7fd5ca1aa83c338da1e1cd688e2ebba7f11ea81b17b43c&

You have to verify

oh

nvm

Do you know how?

i will

ty

Yw

Smile

https://tenor.com/view/weee-gif-22113548

I’m so bad at privesc it’s crazy

Is there anything in particular you struggle with?

If you say escalating privilege istg 🤣

gaining access to a higher level of existence

once I've established a shell and a connection with meterpreter what commands can I run?

depend's on your privilege

but probably start with whoami

https://docs.rapid7.com/metasploit/manage-meterpreter-and-shell-sessions/

It’s not rlly something in particular. I just don’t look in the right places.

or sudo -l

whoami just says unknown command

Check help menue

You can run hashdump

Can run metaspoit privesc

they call it an art, its bcz there is no right places, make a comprehensive list and follow the trail
as admirable as it is, implying intuision when intuision doesnt belong is not the way to go at the very start, at least for now

so I can actually view someones webcam with this shell?

Escalating privilege is something that just comes with time. Similarly to knowing what tools to run to attack a specific service, but what is great about privilege escalation is that it is relatively predictable because of Linux and Windows systems being the same.

My biggest advice I can give to anyone attacking a Linux OS is to look at what is different compared to a fresh install. Most challenge boxes only install what is necessary for the service and privilege escalation. As well as looking at a default installation, you will just start to see the differences over time. For example, looking in /bin and seeing an executable that didn't exist before.

And don't be afraid to use linpeas, lse and whatever other tools exist out there. Unless you are in an exam or environment that disallows them, they are incredibly helpful. Even if they don't directly tell you what to do, if a new service is on there that isn't on a normal linux install, you will likely see it on the output and can investigate.

There are also a lot of common folders and places you can look.

And my biggest piece of advice is: Don't worry too much about being bad at privesc. It only applies to boot2root challenges. Most CTFs you find on ctftime.org or wherever do not need you to even access the box and if you are looking to go into a pentesting role, privilege escalation (or even initial access) isn't always a requirement.

Learning is a process, you are at the centre of the storm so you don't know how much you have learned, but when you reflect it will surprise you.

AIO what have u done

xd

any reason why screenshot just shows the windows screensaver instead of the actual desktop?

Not all boxes have a GUI

same with screenshare

might just be a server

weird

now how do I exit out of screenshare to enter more commands

im using rdp with this box so shouldn't it show the actual desktop with screenshot. it has a gui

what did I do

Nice advise, and you went all the way to elaborate everything.

xd was a joke as whom pfpless u helped asked if can spy on someone's webcam ahaha but he was obviously asking from a theorical scenario for science only

as it is well known meterpreter has that feature

oh k

i love english

maybe he doesnt love me so much tought

ooooh cool shadow just figured out how to check if all their background images from source files and output had all the same filenames and file in the corosponding folders by using ls -a and the diff command

wp

Spotify isn't hitting tonight

thanks for the help guys im off for the night

I gotcha, 1 sec

and meep moop it is now shadows sleep sloop times to the beep boops

https://open.spotify.com/playlist/7J0ssQcMWpjaR5R59eESWP?si=IYbkcgq3TRCU1EmNlDRN-w

where playboi carti

I have questions, if they arent tech savvy, how eould they know to post in r/homenetworking without knowing what it is?

it says net-something on the front, has to be networking related... 😛

Had a thought while at a bar after work yesterday, would careful vandalism of a QR code (scratching out some of the squares) to send a pleb to an attacker-owned domain be a viable attack vector for phishing? It seems like a lot of work to implement, but also less easy to detect than the normal approach (stick a different code over the top of the real one).

Lol ❤️

it'd take some luck and or effort

qr codes have pretty decent error checking

at least any decent one does

you could rip the entire corner off and it could very well still scan (correctly) depending on what was used to make it

i like ur ,pfp good job

in my head I was thinking you'd need a copy of the code in advance, then decode it to get the URL and which parts of the pattern make which parts of the string (I may be completely wrong about how QR codes work). From there you'd need to identify which pattern areas you could alter to still make a readable URL string, but something with a modified domain that you could register yourself and set up with whatever payload you intended when it's loaded.

And then you'd need to go back and physically vandalise the QR code on the bar/table/whatever, but do it cleanly enough that the code is still readable.

Way, waaaaay more work than just slapping down a pre-printed sticker, but maybe better for remaining undetected for longer.

Jared Jabba ur kind toughts on this ? https://medium.com/@assume-breach/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc

how accurate /10?

https://tenor.com/view/sorry-gif-18453366

sooooouuuuury

sorry comes from sorrow did u know

I don’t mind lol

I went over the intro-to-cryptography room, I'm not sure if I understood anything, I answered the questions, but I don't think I retained anything from that, any ideas what can help me?

Thanks ❤️

Gave +1 Rep to @mossy river (current: #6 - 1143)

Escalating privilege is something that just comes with time.
i think that's just you. i've been escalating privileges since i was 3

just gotta do better

{racist_joke_here}

its gotta be like that a lot, just get the global vision asap and then come back to basics if u need somethin specific. Time is against u always, but can be with u

@glossy portal Id also recommend taking notes of what you’re learning

derek would u say this is accurate or do u enjoy wat u do https://medium.com/@assume-breach/im-not-a-pentester-and-you-might-not-want-to-be-one-either-8b5701808dfc

https://www.qct.io/product/index/Storage/Storage-Server/5U/QuantaPlex-S24P-5U

Me want

so i know someone that's teaching a robotics class at a high school and is using git for them

noticed he's using main on his repos for it

just opened a new issue on it "Typo in branch name"

Hi

👀

👀

howdy

Dogcat and Dreaming rooms DONE 💪 that's all I've got in me for tonight lol time for some Simpsons

lol why did my EDR detect freaking Rufus on my boss’s computer. At least got to look impressive getting that sorted in under 5 minutes

the question you should be asking is why is your boss even using rufus

he SHOULD be using ventoy and never needing rufus again after it's burned

lol I can say why, but was only marked as suspicious for a reason:

Abnormalities

This binary contains abnormal section names which could be an indication that it was created with non-standard development tools

General

This binary imports debugger functions

lmao it uses a debugger? must be a virus

hi jabbas

Ventoy seems neat indeed, but I perked up when I saw random Rufus detection email lol

Article overall has poor flow and is hard to follow. Their sections make it impossible to just scroll to the actual point of the article.

If you’re asking for my opinion on the article content, it sounds like the bitter opinion from someone who massively lacks understanding of what a penetration tester role is.

Not only does it sound like the role they were in was just terrible but I don’t even trust that they were a pentester tbh.

I am not a penetration tester nor do I work in the industry.

Ventoy seems neat indeed
i was sarcastic at first, but have you actually not used ventoy?

I have not, I was more than reading up on it ealier. But yeah I figured. Isn’t that the multi-boot USB/ISO solution?

yes. use it.

nothing easier

haven't burnt an iso onto a usb in years

Honestly never had a need for such, but it came up after some weirdo users who really needed persistence and odd use cases for flash drives

Totally fair

literally drag and drop. i have a 128gb usb that is split half bootable isos half persistent accessable from live boot

Yeah for sure came up in my research and considered it

got a dozen different isos on at once none burnt on

absolutely game changing

Totally fair, I’ll give it a try next time around. Sounded great.

lol expected Discord tech support vs work, I wish I had as much Linux questions at work lol

ay

do you know server hw

like actually know it

But heyy, I updated my Linux servers at work today 🎉

lol

Thank you fo that, I suspected it, but I also got carried away by the feelings for a moment

Gave +1 Rep to @mossy river (current: #6 - 1144)

Yeah I’ve got that PowerEdge in the home, also had a meeting with the boss regarding VMware cluster at data center of our largest client today

but fair until PowerEdge at home, I was all remote for servers

Xeon E3-1275v5

how is

whats up guys

sky

next

oh nice ccw inst

Bah, you hit my weak point, no I’ve not fully adjusted to Xenon naming, but I can at least tell you v5 is head of my server’s dual Xenons

Also can tell by me spelling it wrong

picking out a hetzner auction server

Ah, honestly it’s hard to go wrong with VPSes for most needs

i know the i# chips well but fuck if i know anything about xeon

but i neeed it

Do see Hetzner slighly more often in phishing as the source, but nowhere near as much as OVH

holy crap OVH hosts a lot of phishing mail servers unwittingly

yeah hetzner is pretty decent about it actually (compared to other CSPs i mean)

if you report they'll actually shut it down too

they'll never be zero ofc

Yeah personally I love DigitalOcean but can’t complain with many of the VPS providers focused on SMB/individuals

Yeah I’ve for sure seen at least two from DigitalOcean but very rare

have you seen hetzners prices tho?

the auction prices?

I have not, but I’m doing kinda cheap shared VPS hosting

there is no possible way to get a server anywhere with 8 TB of storage for 30 bucks a month

Oh yeah, I’m not on that scale for my Linux infra either work or personal at all

but yeah they can be pretty cheap

I was surprised when full backup of my web hosting server was 110MB compressed lol, seemed large :p

(home directory files needed to recreate Docker Compose setup and more). Most of it is sane in the docker-compose but does need to pull in some extra files and just get things going

you want 128gb ram dedi?

30 bucks

Not bad

My much lower spec shared VM hosting only slightly undercuts that

elizabeth is it true sysadmin win lot lot more money than pentester and redteamer

is it also more stressfull? and much more efforts?

lol you misunderstand, I have many many job roles in this small company

ya know what's stressful?

I’m sole infosec on all bases

windows

fuck windows

nice

and the average one

Windows does indeed stress me out on personal devices, I can’t jive with it at all. But hey I sure can administrate it via AD and Group Policy just fine, making it slightly more sane at work

When I do put it on personal devices, I majorly take advantage of Local Group Policy to turn off everyting I don’t like

as an employee fuck windows

as an admin yeah that's probably more consistent

Agreed

Has anyone else done the Signature Evasion room? I find it very frustrating. The instructions are really poorly written and I've run into so many technical problems with it...anyone else experiencing that?

wait, we have that?

i should take a look

Possibly try in the #room-help channel, you’ll get better dedicated support there. Also this is not a room I’m familiar with so it may be older

Yeah I don’t know, but it’s not ringing bells. But we do have more modern evasion rooms so I may have missed it. We do specifically have EDR evasion sorta rooms

Ah yes, I should've posted it in there...thank you!

Yep, no problem at all!

Chat here can just move a bit fast, just don’t mind waiting a moment, and possibly link the room in question

It's part of the Red Teaming learning path btw, if you want to take a look!

Ah alright, yeah it was ringing some bells content wise but not room name wise

if i want to add a 16TB HDD it's only 20/mo

not bad for live storage

Indeed, lol you’re looking for full on major duty hosting while I’m mostly doing piddly stuff, but just glad to be hosting some Linux infra at all c:

bouta buy a 128gb / 2x16TB dedi to host my static Hugo website

heya Ellie

Where the heck can I get that deal

i can probably rent it to you

meet me behind the corner store with the first month

sure

hetzer dedi tho

eh then probably not

the reason I even need storage is to access it locally w0 relying on the internet speed

12TB Exos drives can be found for like 200

whitelabel refirb is cheaper if you wanna buy a bunch and go raid with heavy parity (just in case)

eh Gonna build a server later

until then its up to my rpi 4 dying

with 2 4k streams and 3 1080p streams at the same time

how tf are you still lvl 1

you've been here ages

I mean, they are also other active people, even mods themselves who are not even beyond level 4-5

I guess they just like to chill here while practicing on other platforms lol

yeah i've been on 9 for like a year now, haven't done anything

i'm just surprised about 1 lol

Yeah took me one year 2022-2023 advent of cybers to finally hit max level. I love TryHackMe but it’s tricky when you do this for your job lol

Hah replacing Plex host? Yeah I’m sure that Pi 4 isn’t happy. Totally fair!

I can’t speak for your infra or hosting but personally imho direct play is the way. Why transcode anything when modern host can decode just fine

Some people like the color I think

I miss my red role that matched my avatar nearly perfectly lol

oof yeah the theme of your pfp

lol it’s fan art of Sophia Hapgood from Indiana Jones and the Fate of Atlantis (1992 - DOS)

Oh! I watched that as a kid, I don't remember it though...

lol it’s a point and click adventure game for PC but yeah it’s great

Ah then I guessed the wrong one, wasn't Indiana Jones a movie?

Sure is, but they also had LucasFilms Games, later titled LucasArts which was a game dev company

old off CRT shot of the character in her natural habitat lol

Like I said, 1992 lol

Looks neat, only 90's game I played and am familiar with is Cadillacs and Dinosaurs

Um that’s one of my fave beat’em up games of all time, so no complaints there lol

But there were very many amazing games from the 90s indeed

Yep, I had a lot on my PSP, I forgot most of their names though 😆

Oh! Sonic!

There was also mario

Nice nice, however I shall be back soon. Gotta run some errands 🙃

Take care

yea just gonna get a mini pc

Also I started Gravity falls since I needed smth to pass the time and was short

Now stuck on binge watching it

on E5 atm

good comedy tho

I heard security+ 601 is way easier than 701 is that true?

idk

i did the 601

similar to the 701 syllabus tho

Hello, I just recently joined this server and am looking for advice on colleges.
I currently attend Purdue with a major in cybersecurity (which is out of state) and am paying a large sum of money for it. Right now, im contemplating transferring to another university instate and near where I used to live so it is more affordable. I know Purdue has good connections and prestige for STEM and tech, but is it worth the price of Out of state tuition?
I hear that employers tend to not look at your degree (as long as you have one) and tend to look more towards work experience and certs.
If so, what would some of you guys choose where to go?
Thanks

Hello

I need urgent help

I need experts lol 😆

Help with?

It’s about my phone

I recently got a new number ok I use my main number to text it to see if it works wasn’t getting anything I send pictures still nothings but I use the new number can send just fine so I randomly get replies from my new number which wasn’t me. Any ideas

My main phone is iPhone and new number is on a s24 ultra

without scholorships in state is often cheapest if you have any in state options

i just went to my in state poly uni

Enjoy, it escalates quick into some fantastic writing c:

hi

as I mentioned each episode having a cipher for solving hidden stuff is already neat

Speak with your cellular provider, especially if they did the migration/number port

i have reached a new milestone

my windows decrapification script can now remove the extra crap from the start menu and make it small again

permanently for everyone

Good stuff. Just Regedits? I know you can via GPO but… practically that’s applying regedits on end user machines

Did u major in cyber or IT?

<LayoutModificationTemplate
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1"
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
    <LayoutOptions />
    <DefaultLayoutOverride LayoutCustomizationRestrictionType="OnlySpecifiedGroups">
        <StartLayoutCollection>
            <defaultlayout:StartLayout>
            </defaultlayout:StartLayout>
        </StartLayoutCollection>
    </DefaultLayoutOverride>
</LayoutModificationTemplate>

Import-StartLayout -LayoutPath "C:\whereever_tf_that_xml_is" -MountPath "$SystemDrive"
Remove-Item 'HKCU:\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\*$start.tilegrid$windows.data.curatedtilecollection.tilecollection'  -Force -Recurse
Get-Process Explorer | Stop-Process

comp sci

Code wall 👀

hot

well, it won't do hkcu in my code tho

it'll iterate over each hku

but that's easier to test with

also need to adapt it to load the reg for users not currently loaded in hku but that's a later problem

blame micro$oft

But realistically that is sane and looks great all things considered

I always do

feel free to dm if you have any specific questions. might not reply tn cause it's late but i can be more specific there

yea

Yeah you’ll notice the first time travel episode lol, they’ve literally been seeing these cameos since the start in the background

welp broke windows

hmm

gotta keep watching

gg, good vibes. Unfortunately easy to do lol

just an edge prompt

Can likely just launch explorer again but lol

will do, thanks

Gave +1 Rep to @molten sky (current: #102 - 61)

oh shit i can ctrl alt delete

can open task manager

Ctrl Shift Esc

explorer is just fucked

Oh mistread, yep

no worky

also weird thing

you already have it open presumably lol

if i load a live snapshot while the vm is on it's fine

but if i load a powered off snapshot while the vm is live virt manager dies