#general

if you want cheap

eh the 75$ one is within my budget range

thinking if i could score a better router for the same price in good quality used

i've got a $1000 fortigate sitting under my desk and i still use the $30 archer, lol

well, more accurately, like four of them (the archers, not the fortis)

Only need one.

what's a fortigate

firewall appliance

NGFW.

That new marvel movie...... horrible. The acting is piss poor, and the story is just so cliche

Like always.

Movies nowadays are pretty boring.

eh a few good ones come out but mainly watchin old movies

Nothing beats 90's and 2000's.

also a lot of remakes, it's like people run out of ideas/talent 😂

haven't seen a movie in ages

i'd rather be fishing or something tbh

thats a federal offense

watch a good movie now

Yes, absolutely. There's also the concern about avoiding political issues, if you catch my drift.

End game was good, but this one was like "If you do X, you will be X" Like breh.... think we all got that, why the fuck put that line in?

Screentime.

if i'm gonna sit here and do nothing for 3 hours i'd rather pick up a book

Same thing with video games. Last time I played a game was like back in 2012.

uhm...

so u havent played any of the modern masterpieces

No.

you should

eh depends which book

I am not interested in playing video games.

modern masterpieces? not many nowadays

It's not for me.

I couldn't sleep today because I kept reading Harry Dresden

He stopped playing in 2012 before RDR2 came out

I tried playing games one time after 10 minutes I got bored, so I stopped and never played since then.

if you like actual physical books i recommend checking out the Everymans Library collection

good publisher for classics

cheap clothbounds

eh I do e-books

(instead of the normal plastic crap)

cheaper and better

was never a fan tbh

ah yeah when people say "modern" in regards to games they often mean more recent --- rdr2 is timeless

eh Hi-Fi Rush was great

I love e-books because I can carry around a lot of books in my kindle, I moved a lot, I lived in 4 countries, shipping books it's expensive, I have around 1000 books in my mum's home

E-books are great.

yea ikr

I got a kindle atm

planning on upgrading to a kobo

I only use pdf's (ideally).

eh epub's for me

I don't like pdf's

too much like reading images

You can have images in pdf's.

epub FTW 🙂

Frankly I also don't care which medium it's in. As long I can actually read the book.

yea

what books u been reading lately

There is like at least 15.

Mainly IT related and 2 about genetics (personal interest).

eh I read 6 books this month, just a fantasy novel

ah k

I can't read fantasy stuff.

I do read philosophy here and there (mainly logic stuff but that's about it).

U read a lil abt social engineering

Yes.

been reading a lotta books on that also lately

U read how i rob banks and other such places

great examples

I haven't read specific works on social engineering, but I'm deeply interested in psychology in general. I mainly focus on understanding the fundamental aspects of the human psyche, the ego and common issues that many people face. I find that understanding these principles helps me make connections with social engineering concepts. You can also build frameworks.

The Emperor Of All Maladies (a biography of cancer) not exactly genetics but I love that book

I will check it out, thanks.

Gave +1 Rep to @blazing granite (current: #152 - 41)

Seems interesting.

This as well.

Did any of you watch Mr. Robot? People talk a lot about it.

I won't watch the show I just need to know the whole backstory and how it ends.

i didn't but the family enjoyed it

i have a feeling it'd be like being knowledgeable about firearms and watching an action movie, where everything it just glaringly and unimaginatively wrong, ruining it, so i haven't actually watched it yet

oh k

It's probably over the top.

would tottally recommend it

kevin mitnick style book

Sure, I will take a look at it.

everyone i know that's watched it (not in the tech space) has enjoyed it though, never heard anything bad

Same here. Everyone (generally non techy) seems to like it, but I couldn’t stay engaged. I loved the early episodes when it’s all tech/hack focused but it just gets weird later into the show.

The extent of my knowledge about it is limited to a YouTube video where Elliot used Linux Mint.

Hey can anyone recommend me a box to practice linux privilege escalation that is relatively hard

Do the hard machines.

Some say that as well.

if you're ready to do harder stuff i recommend adding HTB to your repertoire as well

generally less hand holdy than THM

Yes it's good but it depends, it's very puzzle like.

^

You need to have the right mindset.

agreed

But it's a very good platform.

OKay thanks i will look into it

I did, nice series

Is it primarily about hacking or is it overrun with pointless drama?

It’s a FREAKING SUPERCOMPUTER on a single chip

We road-test

lol, 00 were a different time

DAYMN the world will change

Got 800Mhz PIII in my Win 98SE machine

I like that era, especially JDM wise.

Agreed for sure!

Some of the finest engines ever developed during the 90s.

lol the Night Boys or whatever in Initial D use Dell XPS machines just before my 99 model

I remember when I bought a 386 and put a 100Gb HDD I thought I would never filled that HDD 😂

Never watched initial D. I did watch Midnight 200mph Blast though.

That's where I learned about the 1jz,2jz,RB25, RB26 and so on.

Tuning nowadays is garbage though.

Can highly recommend Initial D, especially for the 90s/00s cheese. Dat eurobeat, and yeah they do go all out on the car tech, even if it’s sometimes fantastical

If I ever decide to start watching entertainment, I'll keep that in mind thanks.

Eliott it's a cyber-vigilante it's a mix of both

Is it edgy?

lol you can’t keep infosec-ing 12 hours a day. Great goal but need to balance with other hobbies and media you’re passionate about

I like it very much so not an issue.

All my hobbies are IT related aside working out.

Exposing yourself to more hobbies will make you dramatically more well rouded and will play into your infosect interests indirectly

I read a lot about diverse things but that's about it.

More you learn about modding games very directly influences infosec, and can get into reversing

I will gamify Ghidra or IDA Pro.

the problem of seeing old series, it's that people watch it with present eyes, without having in mind the context in where was created

Totally, and while I wouldn’t say gamify, yes people use them all the time to reverse and patch older games

I'm quite open-minded, but if it's excessively edgy and involves senseless hacking, then count me out.

The thing is I tried playing games once.

Last time I ever did was like in 2012.

Lasted 10 minutes.

I just somehow doubt that infosec is literally all you do, you do need to be more well rounded in multiple feilds of tech alone to excel in IT

maybe you can find some clips on yt, give it a few minutes

@rapid merlin What do you do for work?

I am a student.

Ah, alright

I will check it out.

You?

Anyone here follows like cyber news stuff

You have to.

Absoultely

I do incident response and pentests in between, merging more into Web Security

Nice nice!

Very nice, you are then definitely way ahead of me.

I ugh, do all infosec tasks at a small org, but it’s interesting

starting to do web pentests now, and responsible for implementing the fixes

or rather for many orgs lol

I got lucky, and have studied security since I was 12 haha

Valuable experience.

and I have an amazing mentor

Then we have something in common.

How old are you now?

20-21?

Between 16-22.

Yeah Managed Service Provider is great experience

Ah, I’m 19, so we ain’t too far off

Y’all hear about how lockbit ransomeware attacked a children’s hospital and won’t unlock there systems even tho it’s a non profit. Talk about a new low

that's great, I never had a mentor

I have about 12 seperate Active Directory domains to protect

Definitely not far.

yeah, I’m lucky he found me haha, especially since he leads the main web sec team at a large security company bought out by google

that’s what’s insane to me

Will you be held responsible if something gets nuked?

Mandiant?

yep

Also Ellie I got a question

I have a possibility of being hired under him sometime this year

Is the 1960's Ocean's Eleven worth watching

We’re an LLC, but I’m not legal so I can’t speak to that

That's nice. I particularly like Mandiant's reports on APT's.

he’s fighting for another associate position

lmao I applied there and nobody ever got back to me
like a year later they emailed and were like Hey! We were bought out by Google and none of our applications were reviewed! Come apply here instead!

I just focus on the tech, but fair I get pulled into compliance and bussiness stuff more than I expected

guess i'm never working for mandiant unless a recruiter reaches out to me first

yeah, they just went though layoffs too

Yes, showing a strong desire to learn will definitely help you.

got i hate their application portal

but the web team has extra budget

I’ve not seen it, heard it was decent. Obvs the 00s one is

I see.

My mentor would be my big boss, so he’d refer me, but would have to step back from interviewing me

I am thinking about doing research for the main part (ideally).

Yeah just wear many hats (job roles) at this small Managed Service Provider lol

Yesterday, we got "smart Meters" for our heaters. Today, I'm researching SDRs and the things sheets to see if I can grab data.

Something along the lines of what IOActive is doing.

re: LLC thing: Like everything, it depends. Genuine incidents are likely without liability (as written into their contract), but negligence will never be without liability

an EXPLAINABLE mistake is one thing, negligence is another

SDR is lovely, let me know if you need anything. But I know we have other peeps who are even more into it

also, backups

all the backups

You are probably learning a lot.

if you fuck up and you can't restore, that's a bigger problem

Got it thanks for the heads up.

Gave +1 Rep to @molten sky (current: #98 - 63)

yeah right now I do security for an MSP

Yeah I’m in year three now

ye 00s one is great ngl

I know it's important but the compliance stuff it's so boring 😂

Cool.

Agreed, but I can do it. And at least it fuels change both internally and at our client orgs. No we can’t sit on this, compliance needs it, sorta thing

Politics.

(as a note : the msp would be liable, not you, unless the msp goes after you directly as an employee for something dumb like you sabotaged shit -- but the msp is liable for the customer stuffs)

so being infosec person kinda advantageous at times

Data on the Meters is sparse, as one would expect. Seems to be broadcasting to their collector station which is also in the house at 868MHz from what I read. Some say it's also encrypted, which would be sad.

I'll definitely read more about it. I'm pretty clueless when it comes to that.

Also hi Noir!

That's very nice.

That can get tricky indeed, but there are many common radio encoding standards which are trivial to decode with SDR

868Mhz doesn’t sound too high for an RTL-SDR Blog USB stick at all

they just released the v4

probably most economical way to get into this stuff

if you're an employee you don't need to worry about it much. the legal stuff is handled by the employer. if you're the employer though or if you're an independent contractor, security and managed services can come with quite a bit of liability without both the knowledge to avoid issues and the right legalese in your contract

I enjoy reading about a variety of topics, so I'll likely get to it eventually.

It was found that cheap DVB-T chips could be tuned to whatever, custom firmware and then custom USB devices cropped up as a result, just for SDR

But it's very good to know, thanks.

You're a godsend. Rootsend?

🍻

susend actually

Are you into exploit dev?

This is the bit that worries me, I’m an independent contractor out of expediency for out of state work. Not huge on that, but I have signed company NDA and more which is kinda holding company in check as well

Not a lawyer but pretty sure you can pursue civil cases against anyone who intentionally caused harm to you. Using your privileges at a business to commit federal crimes would also boil down to the employee being charged so, basically I wouldn’t necessarily be telling people they can’t be liable for things.

Of course, you are always liable (it's just relative).

I haven’t done much other than simple buffer overflow stuff. I mostly deal with login an authorization/authentication issues

Very nice.

yeah but we're talking normal course of business. if i stab you in the parking lot you're obviously not immune to liability because i might be an employee

(hence negligence mention)

@valid mauve 👀

Are you into exploit dev?

Yeah I missed the original message in that thread basically saying “are you liable if the customer gets hacked”. So yeah, I agree on that, not unless you’re criminally negligent.

yeah as an MSP you're there to reduce the odds essentially

unless zero downtime is written in your contract, which would be dumb imo, downtime is inevitable

Not realistically, at work I’m primary defensive and securing infra/doing security engineering, but I also validate new products and continuing infra via some security testing.

Plenty of attacker focused and good bit of reversing in my spare time, but I wouldn’t allow myself to be called an exploit dev there yet either

ugh. @mossy river

Ew

Done!

so much spam in the last few days coming from aged accounts

As if anyones like, “hey that sounds like spam, but the account isn’t brand new so..!”

I get it, nice.

I am not an exploit dev either yet.

Still have a lot lot lot lot lot more to learn.

I didn’t take a look at that one but simple, deploy info stealer, steal Discord API tokens, go to town… or similar

I’ve had to kick some long inactive members of other Discords who got compromised

they aren't even stolen accounts -- a bunch of them have been sitting in the server for a while just waiting
wonder if there was a sale of semi-warmed bots

if quack like a duck and walks like a duck, it needs more time in the oven 😂

Probably.

is that your goal?

Yeah no idea, could for sure have been seeded but I haven’t seen a lot of this on the servers I mod… but I’ve been too busy to really check in much lol

Kinda let go of admin on some when I realized how much IT job would take up my life

Mainly do security research/having my own business.

So yes in a sense.

Business administration, compliance, and finance is not fun

keep that in mind if you want to start a business

It will distract from the actual tech

some people find it fun… not me lol

If it's worth it sure.

lol, i was asked to help mod a PT the other day

like i have the time

Public Telegram? lol what’s a PT other than that Silent Hill demo that was killed? But yeah I get you

Computers follow patterns, humans are far less predictable (bad way). I have little tolerance for stupidity because it's politics.

nah, i dm

@bold dawn Like you won't have a smooth sailing operation.

Ideally, you seek individuals akin to yourself, yet in reality, you will encounter individuals whose actions can nuke your business.

Or just mess things up since they don't work at your level.

For instance, I tend to handle everything on my own, especially in group projects (at school) . However, this approach isn't sustainable. I am good at my work, I just prefer not to deal with individuals who don't take things seriously.

I also admit that I can be the worst teammate sometimes (I do everything at the last minute : homeworks, projects and so on), haha.

If you genuinely perform better solo, it might be best to avoid team work. It could otherwise hinder your talents and drag down your performance.

I tend to work/do everything at the last minute because I enjoy it, it adds to the challenge.

Getting a good grade holds more personal value when you start and submit your work just a few hours or minutes before the deadline.

It serves as a statement of your intelligence and overall capability.

Of course, if the team is worth it though.

I believe I'm a great team player, but where I currently am, I'm truly at a disadvantage when working in teams.

yep, I feel you, and I'm in the same position as well, I do great when it comes to individual competitions, where other people's work don't affect me, but I need to learn to work in a sub optimal team, in my current position

Cybersecurity is better solo though? does that sound right to you?

depends on the context

often a team is better tho

makes sense, I have a long way ahead of me, hoping to learn this too at some point

Depends.

Same thing.

I am not good at all at this yet.

I will probably label myself a hacker in like 7-8 years if everything goes right.

you're way ahead of most people from the conversations I've been in with you, so I think you got this

Thanks but still I am just above mediocre.

Gave +1 Rep to @glossy portal (current: #800 - 4)

I need to know way more.

that's literally why you're ahead of people

you have no idea how many people i meet that are so called experts and don't know shit

so many people never leave the "i copied and pasted this script off of the youtube comment section" stage, lol

aight night y'alls don't do anything dumb while i'm gone

or at least record it if you do

eh factory resetted my rpi 4 about the 30th time

ubuntuv28 atm

but missed renaming a few

Agreed with productivity. I know both of us have pushed you a bit, but it’s only because yeah you show great promise. Just again I will advise to round out your at least infosec technical studies in other fields of IT. They all feed into the same pool of knowledge in ways you can’t anticipate

didn't even notice that msg

i still don't know shit

Learning basic sysadmin tasks on Windows AD/Group Policy or Linux is a massive benefit

google is a critical part of my job

just as a small example

lol indeed

90% of what you learn will be how to become more proficient at google

well, let's say 80%

I appreciate it.

tbh if you’re familiar with Linux troubleshooting, then already will be. But fair you sometimes have to delve into black arts to find actually helpful Windows pages that aren’t straigt up sysadmin lol

Script kiddies at best.

I will get into linux exploit dev eventually after windows.

It’s often a bit easier than Windows, but fair some of that is my famialirity

So I will eat, drink, dream and breath low level linux for a while.

Googling is the most important skill.

Just trivial for me to read and understand the Linux exploits, vs crazy API calls some Windows app may be trying

Same with learning.

That's a good skill if you eventually move to linux malware reverse engineering.

I just have to analyze any given payload and determine what it does lol, not always given the choice. But practically it’s most often just phishing and me analyzing the payload is going above and beyond lol. Already blocked the sender

speaking of, Microsoft, please get better about all the *.onmicrosoft.com phishing you’re sending out. It’s a pain in the butt to block properly, especially if they spoof another *.onmicrosoft.com recipient

It’s also funny to see how threat actors poorly misuse what is clearly phishing as a toolkit service powered by *.onmicrosoft.com, they spoof being a Gmail sender via onmicrosoft, and then spoof a ton of replies they got to their phishing, trying to legitimize the thread with real replies and signatures….

but every reply is like indignant “this is SPAM, unsubscribe me NOW!!!” lol

Just poor templates and poorly ran campaigns lol

haha

Ellie u remember this scene

Yes

pretty fun if u add in the context of the episode

Whole show is great

and yeah especially the ciphers and hidden clues everywhere

First instance of time travel, yep that character was in the background of all the episodes he popped into

seriously?

only ramps up from there

yep

didn't notice him

Mhmm, always a sign of a good show, then they planned this stuff out well ahead of time

Babylon 5 is my fave for that, but not recommending you jump straight into that just yet lol. Probably need more 90s TV watching

That series was just planned out for the entire run, with “trap doors” written into storylines at any time if an actor or actress was forced to leave the series

happened at least twice for very major characters and handled well

I totally see what you mean.

There is also the language barrier.

Indeed but most of these phishing as a toolkit things have sane extremely tricky templates out of the box

With Russian as my mother tongue, I can discern things pretty quickly (forum wise).

I see some Intuit (Quickbooks) phishing that is quite scary at times with the same tactics exactly, but done properly

I am not too well versed in phishing but basic social engineering should help assuming they genuinely care about it.

hmm

Just glad my fave CPA firm is good about spotting and reporting this stuff

The weakest link is the human being, so it's good that they are well-versed in phishing.

At worst it’s spoofing their own address from an *.onmicrosoft.com domain/IP. Obviously can’t block that. So I block the *.onmicrosoft.com tenant via Regex content matching in the headers

I see, personally it's the ransomware messages that can be funny to read, especially the translations.

It's next level bad in some cases.

I like poor phishing attempts.

It's funny.

Can’t say I see any of that at work, but tons of “we watched you with your webcam on while you did X, and hacked you, here’s out bitcoin address” sorta thing.

Super lazy, typically not bad english but all templates

"If you no pay us now, we delete your messages and file."

Things like that.

I totally get that.

Yeah those sorta things I see are all lazy templates and low effort tech, big meh

Mostly they spam them using spambots. So, it's not very targeted.

APT style attacks are very much more next level because they actually go ahead and build the proper infrastructure.

I’ll just say that targeted attacks also range from extremely dumb to extremely sophisticated

Yes I agree.

Some fields or areas are more susceptible to phishing attempts than others (finance and so on).

Deal with both nearly daily. Even tho I’m mostly doing high level infosec stuff, I accidently became “the phishing person” as a result lol. Again just small business things

This is tax season and our CPAs are getting slammed with industry specific phishing

Despite the harm caused by Carbanak, their whole APT style attack is just incredible. So I like reading about them.

I understand, it's logical too.

I’m actually kind of proud of our best users, they know something is up and tell us if they opened the attachments in the slightest.

Yeah no, a PDF asking you to sign into DocuSign is indeed not normal lol (lead to O365 phishing, they didn’t click on that)

btw if anyone is a MSP or IT for a law firm, there’s a big O365 phishing campaign going around, with infrastructure based out of Brazil. Compromises legit legal (usually paralegal) accounts and spreads

hmm interesting scams

Yeah I kinda get to see it all, it wild range from obvious to full on “this could potentially fool me too but I’m glad our clients picked up on the issues”

Not saying I’d nessessarly fall for these, but bit more scary when they’re actually using 1:1 sorta email templates

hmm

haven't seen a lotta examples of industry targetting

just general scams

where can i find ghidra logs?

~/. ghidra/

If an APT is really dedicated, they will succeed.

I am trying a lab in portswigger academy on delay attacks but this script does not work.

cookies = {'TrackingId':"x' ; SELECT CASE WHEN (1=1) THEN pg_sleep(10) ELSE pg_sleep(0) END--"}
r = requests.get(url_to_attack, cookies=cookies)
print(r.status_code,r.elapsed.total_seconds())
exit()

however manually intercepting and adding this same TrackingId works. Why is it not working in the code?

Threat modeling is the name of the game. Do consider I’m doing IT for small/medium business and we are not the concern of nation state or APT level hacking. Yes this concern is factored into our threat modeling, but it is not a practical business concern

Yes definitely.

Which is why I like reading about these APT's.

It's very sophisticated and well organized.

lol if you read some of their playbooks, not always

for sure depends on the threat actors

no such folder

dir /b /o:gn
docs
Extensions
Ghidra
GPL
licenses
server
support
bom.json
ghidraRun
ghidraRun.bat
LICENSE```

Are you sure you are inputting the same thing into the intercept?

You immediately end the query

x' ;

Carbanak is really next level.

Ya I mean I am copy pasting and i get a delay of 10 sec (that is what i want)

One second, I will go verify on my side.

Are you typing ls -la?
Try cd Ghidra; ls -la

Some described “APT”s are literally googling their tools, so must take a grain of salt with both the source of the report and the associated attackers

i am on windows

These are bad, it's not professional.

whats is -la?

Obviously, just don’t be mislead by marketing is more a subtle point I’m making.

Yet you tried to type ~/ ? haha, ~ is Linux specific

List all and show permissions basically

dir /b /o:gn this is cmd command

-l Use a long listing format.
-a --all List all entries including those starting with a dot .

Sure thing.

Hidden files*

Yeah I loled at that thing yesterday “3 million IoT toothbrushes used in DDOS attack”. Nah it was translation error/misunderstanding lol….. but still profited the security company in question lol

If I am not wrong the man page states : do not ignore entries starting with .

So all files/entries.

That is correct, but it is more accurate to say hidden files 🙂

IoT hacking can be pretty bad.

Got it, will keep that in mind. Thanks.

Gave +1 Rep to @mossy river (current: #6 - 1146)

What actually happened then?

There’s no way your toothbrush would be connected to WiFi lol

Next level connectivity.

I am pretty surprised as well.

Nothing, it was an IoT hypotehtical taken out of context and language barrier

Maybe the dock is connected to wifi.

AKA hidden files, every file that start with . it's a hidden file in Linux

ahah, I guess that's on Forbes or whoever wrote the first document.
Journalists smh

Same thing with dir right?

Yeah it went from Sweedish misunderatanding to English fact

yep

Got it, I never bothered with the terminology.

It would be nice to see it being used so that doctors can monitor specific patients to see if A: the toothbrush is being used, and B: their toothbrush performance

So I will definitely keep learning that. Thanks

I would assume the dock being the culprit hypothetically.

I assume it's possible technically speaking to hack an intelligent toilet (yes that exist).

They would only ever communicate practically via bluetooth so it’s not even sensable

If you can wirelessly monitor the dock for battery status and similar information using WiFi, then it might be possible.

Still very stupid to implement.

https://www.bleepingcomputer.com/news/security/no-3-million-electric-toothbrushes-were-not-used-in-a-ddos-attack/

Malware bytes did it best

Iot devices are a mess.

I like bleepingcomputer

Never tried.

nice articles

Will check that out.

Bleeping Computer has saved my butt at work and made me look impressive

Turn of 2022 our firewalls were randomly rebooting, instantly saw the issue there and reported to all techs

Mitigated pretty quick

and Elizabeth saved the day 😂

But lol at Year 2022 bugs lol

"Jabba 'Jeb' Jalapeno says that all journalists at Forbes are dumb" more at 11. Journalism in a nutshell

Intriguing.

I will check that website.

https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs

Didn't even need to ask to know it was time related

Thanks, I will read that.

Gave +1 Rep to @sinful moon (current: #40 - 181)

Exchange also had major hickup for 2022 lol

I remember the Y2K panic people media they thought the computers were going to stop working and paralyzed everything 😂

Security wise, Microsoft Exchange is a disaster.

Same, remember watching early Futurama around then too. Good vibes the late 90s c:

You can’t disable NTLMv1 without breaking Exchange or dramatically modifying how it works

Ellie how many ubuntu machines have u set up

I love Futurama 🙂

Easily lost count, and what distro doesn’t matter as much, why do you ask

https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=Microsoft+Exchange&search_type=all&isCpeNameSearch=false

eh these last few months I have reinstalled ubuntu so many times

and kali also

That’s not normal, why do you “have to”

A lot of nice red colors.

You reinstall Kali?

Just use the prebuilt vm.

Yes this vuln is part of why this came up

I see.

Honestly Outlook and Exchange is kinda notorious about leaking NTLM hashes, it’s not great

lol one two years ago was triggered by a “remote alert sound effect”

why? I installed ubuntu on this laptop like 3 or 4 years ago and I never reinstalled anything just updated

CVE-2023-23397 if I am not wrong?

Most likely, it’s getting too late for me to double check

Sounds right though

I always go for ISO and used that to create the VM so I can have options, but even that I never need to reinstalled it

I only use about 2% of what Kali Linux offers in terms of tools. I tend to install everything as I need it on the fly.

There’s no need ever to reinstall your Linux infrastructure unless you messed something up

Kali Linux is very cluttered.

Like dramatically

If you are doing everything right, there is no need, so yes I agree.

Yes, but is instantly deployable for people who know what they need. If you’re still learning then… again I just literally installed all the packages I needed in arch which is good bit more painful in Ubuntu unless you want franen Kali kinda setup

I'm not 100% red so I use kali purple

I haven’t actually seen material differences in Kali Purple beyond theme

sudo apt-get install
sudo apt-get update
sudo apt-get autoclean
sudo apt-get remove
sudo apt-get purge

All I need.

still had to download promised included software from apt

If it works, it works. I am not there yet.

zzz slow and busted old package manger

It works, it's fast for me.

I want something that works right off the bat.

pacman new hostness and downloads concurrently

although obvs *buntu need not apply lol

I don't need all these novel features.

I am good with apt for my use case.

There is also dpkg which I use from time to time.

that’s totally fine but you need to expand your view a bit in my opinion. I’m not saying use Arch like an elistis, I’m saying try all the Linux distros you can and learn how things differ. Especially stuff like Fedora since that could have an impact on future careers

still Debian/*buntu specific, same difference and not what I’m trying to get at

I mean yes but right now I don't want to bother with it. If I need a customizable distro I will go back to gentoo since I used it for 3 years.

Don’t pidgonhole yourself in *buntu land, there’s much more to LInux than that

I use Linux solely because it's a useful tool for me.

Otherwise, I would be on Windows 100%.

Okay… but it’s an ever growing segment of “cloud infrastructure” which must be understood, and that has its own set of condrunums

You just seem to be trying to learn skills for IT, so I’m just trying to assist with some goals

cloud/devops is huge, and securing that properly is even better

I will learn cloud that's for sure.

I’ll just say all the Linux knowledge you can get will be beneficial, and will scale with importance for how large the org is

Thanks, I will learn rpm and so on.

But I am not daily running it.

Gave +1 Rep to @sinful moon (current: #40 - 182)

a bit more focus on defence, elastic sec, kali hub, soc in a box, kali autopilot, etc

@sinful moon I also have remnux which is nice that it's based on ubuntu installed on another vm.

Bit odd not to have OpenVAS out of the box tough

it's a work in progress 😂

@sinful moon Do you run hyprland or something like that (not sure of the name)?

lol fair enough, yeah I do have a couple dedicated OpenVAS boxes so I was curious about this particular use case

Like a dynamic tiling Wayland compositor if I am not wrong.

If you mean automation such as ansible, my scale is much too small. My web hosting Docker-Compose is the most complex I’ve gotten lol

No these are servers

No graphical interfaces

On your personal computer do you run it?

I am a huge noob when it comes to linux customization.

Like I legitimately know nothing.

One sec

So Wayland is indeed the display server of the future, however Nvidia are dragging the feet and forcing people to stick with the traditional xorg if you want reasonable gaming performance.

At the moment my Linux gaming laptop is running Arch KDE + xorg, because I have Nvidia graphics and need 1.5x style fractictional UI scaling. Something my fave DE, XFCE, can’t do natively

I see, interesting. I once attempted to set up GPU passthrough to a Windows virtual machine on a Linux host (a bit of work but it's nice).

Not practical at all though.

It’s a pain and a half if you were doing qemu/kvm aka libvirt stuff

But there’s for sure easier ways to PCI passthrough

Either way, it’s doable but not something I’d recommend for someone with little Linux experience

it's a natural progression of things, same thing happened with XFree86 😂

headless rpi

if network changes i can't connect to it

If they want to learn it's nice and fun.

so factory reset it

ip scan lol

also why not static IPs

I always suggest that people start with challenging tasks so they can push themselves to learn quickly.

Too easy = too boring.

Only if you are perfectionist though.

Sure, learn LInux, X509 <3

gotta conect it to the network first

okay, so it’ll get DHCP and you can IP scan where it lands

I definitely will once I tackle exploit dev for linux/or just in general.

imho don’t get overly ambitious, just learn the basics and using it like a normal OS

then you can grok how to exploit even better

you need a baseline for what you’re even exploiting from

That's how it began for me with Gentoo. I genuinely believed that was all there was to Linux. Looking back, I think they recommended it to challenge me or just for laughs.

hfilebrowser/filebrowser:s6 "/init" 2 minutes ago Up 2 minutes (unhealthy) 0.0.0.0:8080->80/tcp, :::8080->80/tcp

I don't think they expected me to get it up and running.

hmm anybody got a idea why the docker container isn't serving

Gentoo is far from the best start with Linux but yes

It's very hands on but it's not hard by any means.

It's just tedious.

A monkey could get gentoo up and running.

No one sane compiles everything in 2024 lol

Such a waste of time.

compile only what you need to

Yo

Sure if you have to.

Hi.

is anyone able to assist me with tryhackme steel mountain
ive completed the entire room with CVE-2014-6287 rooted and priv escalated but the room wont accept CVE-2014-6287 as the answer

even writeups / walkthroughs show its CVE-2014-6287

it's like using 1993 slackware in 2024, it's insane 😂

Hey Gentoo at least has dependency management

||Remove cve from the answer.||

i did that before but there was a space imma shoot myself

cheers

It's always like that something small.

hlo

All I have to say is that stock Ubuntu and Gentoo are poor reference for working with Linux professionally, especially not using them all that much

indeed, I remember it was a nightmare when I had to update things, that's why I moved to Debian after a few years. A friend recommended me Debian, package manager was a heaven even dselect 😂

how do I claim roles/

Yeah can not blame you one bit lol

@foggy leaf

thanks

You are 100% right.

Debian is nice.

What’s good yall

Yeah I don’t mean to harp on it so much but Ubuntu Server is what I deploy at work, do kinda need to know just terminal administration basics to get ahead there

let alone my docker setup

although lol Docker-Compose is trivial to administrate once it’s set up

throw some Fedora, Alma, etc. I like RH base distros it's big on corporate places and there are differents as you know

If I ever need to handle administrative tasks, I'll look into Red Hat.

I def think the Debian stuff is nice in my book, it all just kinda works, and ubuntu has easy access to most packages, tons of documentation, fairly lightweight, and runs on anything.

Yes 10000%.

Ubuntu is awesome.

Yeah refer to GNU-Rex’s post above. Fedora is just one of the eiaser ways to get into rpm based distros

I will check it out assuming it doesn't destroy my workflow.

I will go back to Windows Vista.

It's so flawed that even malware can't affect it.

Ellie I finnaly crashed my RPI

It can

you and your sh*tty vista 😛 😂

Unless patched it’s vulnerable to EternalBlue and much more

I like UAC spamming me for every action I take. It just means the OS cares about me on a human level.

On a side note, Eternal Blue is incredible (when you learn how it works).

It's borderline art.

yes

its awesome, I've done the TM labs for it, and it is a great feeling when it works.

You just feel like a hacker

Did you get a kernel panic legit? Those are nearly a couple of a times in a lifetime evens unless your’e poking at the kernel hard

It's known for causing crashes, even kernel crashes in some instances, but when it operates smoothly, it's seamless. These vulnerabilities are among the elite, high-quality ones (it's super easy to use).

I actually lost my 19 day streak

will I get it back if I contact staff or create a ticket?

No (just try again).

did you actually do anything that day?

Yes you can and that is the method to do so. But had to have a valid reasoning why

no. I wasn't feeling well yesterday.

Not sure why that guy said no lol

don't think they would just cuz u wanna keep ur streak....lol maybe worth a try

Because I am fairly sure he did nothing that day.

Happened to me as well.

Being sick that day is pretty valid

but did you get your streak back?

u can win streak freeze tokens or whatever, but u'd have to have it upfront

Nope, I didn't even ask.

Like THM support has a method of contesting this

don't forget to attach a doctor note 😂

and my streak-freeze got used up cuz I was in a CTF (24hr one) in real life.

Exactly.

How would you even go and prove it?

That is a joke obvs, you don’t need to prove it, just give a valid reason

Alls u gotta do is answer one question I think, or do you need to finish a module?

to keep streak

Really? Ok I didn't know.

Pretty much.

THM staff are not hard butts if there’s a reasonable stance on why

ohh thanks

Gave +1 Rep to @sinful moon (current: #39 - 183)

I understand. It's just not practical to enforce. I would expect them to be less lenient in order to ensure people actually go through it and avoid making excuses, even if legitimate.

Not something to abuse, but being sick? Yeah that’s no fun for anyone and understandable

Yah, I dunno. Could go either way I guess. I've never tried to contact them for anything.

Everything is smooth sailing so it's good on my side as well.

I mean, if ppl are able to hold their streak for 20+ days, then missing 1 day is kinda unusual for them without proper reason.

U guys are also sick today?

I guess, I don't know. I don't really care about the streaks to be honest.

I believe that other than a site error or downtime, there is no other valid reason to ask for a streak restore, it's your own responsibility to manage your time, also you only need to complete one task to maintain your streak

It just comes up less often, not everyone cares about their streak. But for those who do, yeah having that support is helpful

Right, but at the same time. ur streak isnt really all that important in the scheme of things. So you lose ur streak and start it again today.

Exact.

Of course.

That's what happened to me. I just said whatever and started again. Knowledge won't go away though.

I mean, its kinda motivating for beginners (like me and my frnds)

Certainly, then that will foster your "try harder" mentality in hacking.

so are they gonna spend time answering emails, etc for something like that........obv a few here or there, but if it was large scale, I can't see them taking the time to deal with each case.

don't know

It's unfeasible and a waste of ressources.

I read this
https://www.reddit.com/r/tryhackme/comments/k626ma/lost_your_streak_find_out_how_to_get_it_back_here/?rdt=33275

3yr old post

just was playing 8 concurrent streams

while plex and jellyfin weere doing metadata lookups

in my opinion anyway

From a business perspective you are right.

Nah, I was sick on this day, I unexpectedly had to deal with a family emergency this day, sorta thing. Imho that makes sense as exceptions. I’m no mod, but there does need to be carve outs, but only for exceptional cases

At the end of the day, It's just a streak though haha

.

Also, it is worth ur time & effort to try to get it back, right.....lol

inb4 a user reads this and asks for their snapchat streak back

Exact, while at the same time gaining that knowledge back.

Do u get extra Attack box time or something, I forget what the streak benefits r?

btw, so you are a THM staff?

https://tenor.com/view/pedro-monkey-puppet-meme-awkward-gif-15268759

Using streaks as a motivator can be effective, but relying solely on them for learning information security on THM it's not good.

it said access to network

do u mind helping me with my query?

Also @sinful moon what game's have the best music/scores

What's your query?

.

To make maintaining a streak worth it, we throw in various rewards for different streak milestones, such as:

Badges,

Access to TryHackMe networks,

Streak freezes,

Discounts on merchandise

can u read from there

No clue, you actually can get something?

what do they mean by access to THM networks?

Contact support at support@tryhackme.com; please provide your username and the last value you remember your streak was before it reset. While waiting for support to get back to you, you can continue your streak; those days will be added to your original streak count.

You have up to 7 days after losing your streak to contact us, or you will be unable to claim your streak reset. Furthermore, support will not combine old streaks or transfer streaks between two accounts.

This is on the website FYI, https://help.tryhackme.com/en/articles/6596150-how-do-streaks-work

That's cool.

I think my longest streak was 40 something days, but I never paid much attention to that.

I saved you a ticket

Literally had no clue that was even a thing.

thanks

Gave +1 Rep to @mossy river (current: #6 - 1147)

currently at 80 smth

You are forever in my debt @foggy leaf

Tricky question so splattershot approach: Final Fantasy IX, Chrono Cross, Super Mario Galaxy, Neir: Automata, Katamari Damacy

I’ll leave it at that for now as to not rack my brain too much

alr, it's almost 5:30am, gn yall

G’night Jabba!

thanks gn8

never heard of Chrono cross

morning

have you heard Nier: Automata’s music and can I DM you with it?

Hi

but I’ll sure as heck spam Chrono Cross if you’d like that too <3

Anyway I have to go, things to do. Time to no life what I was doing. Goodbye everyone

G’night X509!

heard of the game but not about the score

sure dm a few over

Thanks you too assuming it's night as well

Gave +1 Rep to @sinful moon (current: #38 - 184)

morning here, 7:24

same here

was just awake

10 am over here

9am

haven't seen u in a while

did ur boss finnaly pay u

only a small amount ready to sue now.

u got the proof

i have loads of messages of me asking him when were getting paid. also have emails from a payroll intern he hired asking how much i was owed

he should pay you with interest 😂

ahahaha yes internest for all the mental strain 😂

interest for the time, on top of that he should put more for emotional distress 😂

yes exactly ahaha. one of my collegues is so stressed about money hes drinking everyday. but yeah i need to sue now and see him crumble ahah

yay, get the bastard 😂

yep ahaha. he keeps trying to guilt trip me too making me the bad guy for not working

Once somebody try that on me, and I told him, you got there wrong guy, I don't give a sh*t about, you can drop dead for what I care but not before you pay me, FYI I have no emotions 😂

ahahahahhaha i am losing my patience. he owes e 7,600

me

that's a chunk of change 😂

it is and hed better soon. One of the main tech guys is so fed up he started his own company ahaha

he should take all the unhappy employees with him and let the guy alone to deal with all the problems 😂

well he asked me to help him get clients on a commision basis. if i bring anyone in i get 25%

I must go, see you people!!

@brisk tree I hope you get pay soon

bye have a nice day or sleep

sleep 😂

ahahaha

Morning

i have this if statement
in ghidra
how can i make it always false
i dont want to break the whole program

morning

I had a fun night

Let's just say that I forgot it was picture day today, and there was karaoke

oh damn. least you had a fun night

Where did you get this? 🤔

my friends crackme

Then awk your friend. 🙂

Ask*

i figured it out

Morning guys I'm a new one on this server

Hello a new one.

he created the crackme as a challenge

I can't confirm or deny this, I can't confirm this isnt part of a job interview or an active ctf.

fair enough

This server collects hackers?

Only ethical hackers. 🙂

Good so white hat hackers,

Yes

M I'm a cyber security student nd I wanna learn more and more in this domain

welcome, youve come to a good place

Thank you @graceful thistle

Gave +1 Rep to @graceful thistle (current: #22 - 348)

Eyyyy dolphin

Eyyyy

how are you

I'd suggest using tryhackme.com alongside your studies.

Tired, was drinking last night

Ey

yo

Mornings

Alright

Good morning

hm, working today?

Picture day at school

ah, you went for peak photo day conditions

Yes

pff, too much keyboard switching. 1 trillion typos

Cause I had to crash at my friend's as my car got locked in and I couldn't get out

Get home*

Site down ?

Working for me

Seems up to me

oh damn

is c++ null == 0x0 in assembly?

What are you doing? 🙂

learning

nullptr?

no

the valuetype is a class

Is this home work or school work?

home work

We don't help with homework, sorry. 🙂

i meant like not related to school

this server is for cyber security 💀

what should i ask here

so?

about politics

?

Doesn't mean we should help your homework

its not homework

i am just learning

?

I don't believe you.

i am not in college yet

i meant it isnt related to school or college

Use google, take a look at C++ pointers and assembly comparisons

hmm

are online c++ to assembly actually accurate or is it asm pseudocode?

Why do you need a specific answer

when you can learn what it does, and answer

Assuming it isn't a college homework

🤔

why would i want to learn wrong information

Wrong information??

Wdym

Learn what pointers do, learn assembly instructions

And then you will find the answer

wtf there is no null in c++

Null pointer?

Can i ask something about game cracking (for educational purposes only) (no techniques) or is it not allowed?

What does it mean to "crack a game"? I am assuming they are not referring to just obtain the files from setup when installing it

We don't discuss piracy in here.

Fixed.

I don't mean to pirate a game but what are they referring to when they say that they cracked a game?

mostly means bypassing the copy protections. don't do that though

ie CD keys, DRM, etc

Back in the old days you had to put the CD disc in the driver to be able to play it

But now i suppose you say just bypass this protection?

yeah but then burners came along

Back in the older days, they gave you a puzzle to solve to play the game (Escape from Monkey Island)

some had codes in the manual

MGS was a classis example too.

Having the codec address for an NPC on the box.

So they don't refer to just "obtain the files from the setup". Because that is easy to do basically

I am trying to analyze what was happening in the old days when we bought physical cd disks and then digitalization came

hello

Hello!

Heya

Alright alright alright

@eternal ether Cracking a game is piracy

Lo. Anyone familiar with WiFi devices much?

And more specifically Linux comparability here?

I know. I was asking what do they mean in terms of "cracking" the game

Not how to crack a game

It means to pirate.
Hence not discussing it here.

You can always google if the chipset supports Linux

oh, good one

Yep, I know, google and forums. I've been prodding about in there but I haven't found the type of responses I was looking for and thought this might be a good place for some newer/relevant polling