#general

Might be because I’m on the phone

█ is fun

Light mode ahh

ew shadow uses light mode

it is the full block char

it keeps same colour as text

‎is better

Ugh today I had to yeild and start calling Azure AD "Entra ID". Was specially asked by the boss loosely "help what do for Azure permissions".

lol now we're plowing forward with Entra ID PIM to manage Azure roles/resources and Entra ID roles in one spot with a sort of privilege escalation for roles when needed

Was not about to juggle Azure vs Azure AD for a couple hours so fair I give up Microsoft, I didn't like this change but you win

Have no idea what your talking about but interesting

weird. who tf cares what you call it

anyways shadow should try to sleep sloop to the beep boop while they meep moops again

This is unfortunately more clear despite the awful name

i also rarely if ever said azure ad, lol

always aad

Society

society can..ya know what, nvm

Indeed lol, even the Entra ID urls still call it AAD internally

Oh it’s a Active Directory

Azure Active Directory which is a seperate concept

and nowhere near as easy to manage as AD/GPOs lol

Azure AD is now called Entra ID formally

it's one of those things where if they called it Entra ID from the start it would be perfectly fine, but it's because they set the standard

stop changing shit

Yeah for real

Yk what I love about this server. Everyday I learn something new from it

I'm only just now adjusting to saying Microsoft 365 unless I have to use accronym like O365 lol

O365 is still my go to

just automatic

fo sure

even though it's actually different here

365 is 365 is 365

But I will admit my Skype to my boss explaining that Entra ID PIM was the best way forward would have been nearly unintelligible attempting to differentiate Azure AD from Azure roles and etc

in a few years they're gonna change the name to Microsoft One

lol, skype

Yes, unalive me now 🙃

y'all are on 365, presumably bus prem, you have teams

makes no sense

Yep! We even administrate Teams for clients lol

dumb af but okay

Don't ask me lol

Boss old reason was it was easy to dump chat transcripts out of Skype, but that hasn't been easy in years

There were attempts before my time to convince him of Slack or Teams but didn't work

btw if y'all have 40 minutes to kill, just saw this good talk from one of the github cofounders https://youtu.be/aolI_Rz0ZqY
learned a couple things i'm actually gonna add to my own workflow

Nice, may have to check that out!

as much as a hate microsoft, teams kinda just works

the new desktop app sucks tho

lol, common theme with Microsoft but yeah

huh. bugcrowd recruiter just reached out -- interesting

Here's the new Outlook, aka OWA and missing tons of features! What? Oh we'll bring PST loading eventually lol

oh my god, new outlook is the worst thing i've ever seen come out of microsoft

i actually didn't mind the previous one

hate to say it, but it was fine imo

the new one is terrible

i really really don't like praising microsoft but i actually found the previous version useful

Yeah I've seen old Outlook break in catastorphic ways but it was very rare and usually only limited functionality to a degree

But lol new one is just missing critical features indeed

I do daily have issues with Outlook, but that's probably our crappy internal infra more than anything else

y'all manage any exchange servers?

lol don't you dare click on 67k unread messages "Logs to be Reviewed" folder in support inbox or expect to have Outlook hang so badly that it's significantly faster to kill it

67k unread messages

ngl my personal email (practically a spam email at this point) is probably at like 18k rn

Yes, ugh, unfortunately. We're down to four, two at one client, one at one client and one internal

Everyone else is on O365. We're making pushes to migrate client with two Exchange servers

Zoom Zoom Zoom

lol

Sounds like an old Mazda ad lol

hm. one of my huntress people on linkedin shared something about an exchange IOC but i can't find it now

I want a creepy child to whisper "Zoom Zoom" when I connect to my Zoom room plz

just trying to figure out which version of my resume i even applied with

Interesting, also I plan not to make a LinkedIn until I really need to lol

the person was quick to reach out tho, just sent it earlier today

gonna assume it's the several month old version and not the new one

okay thank you linkedin

no header no menu

awesome

👋

found it

*wave*

🌊

Proper wave in blue.

when devsecops path? 👀

just canceled

It’s like currently happening with all the devops rooms released recently, I need to catch up with them admittedly

I’m sure they’ll consolidate them all

helo elizabeth

i have a problem

Heya!

same tbh

have you integrated mail servers with a third party bulk email provider

As always: soon.™️ 👀

lol having issues with new DKIM/SPF stuff for Google/Yahoo? I have not directly but help push some of those efforts.

We have an Email Security Gateway which is our main ingest/output. But typically we did have to log into the third party bulk email provers to properly test the successful DKIM/SPF and etc

are y'all having dkim issues?

i haven't had anything pop up. just new requirements that it exists

( i think i misread )

Possibly but you're close on the mark, Mkunkn has some question about third party bulk email provdiers which my boss handled a bit more than I.

Wait is the devops room the tickets?

wut

Nvm

lol above they're clamoring for devops path, and we're seeing quite a few new rooms that align with such a vision

unrelated but speaking of third party providers ffuuuuuuck sendgrid

Im thinking about those tickets. The one where you wins stuff.

agreed lol

such a pain in the ass to do anything with

bouta call them tomorrow and cause problems

see them among phishing senders plenty as well

Interesting name

although ironically *.onmicrosoft.com is getting to be among most prolific of the not great phishing we get

weirdly more than gmail

why cant i use my own emotes wtf

Verify prolly

sadge

https://tenor.com/view/image-perms-flex-gif-22350600

Even weirder, when they spoof a Gmail address despite having *.onmicrosoft.com lol. Trying to throw off the scent

Just want people to block the first address they see, but also, lol these people aren't always using advanced phishing toolkits very well

Popular opinion. Cranberry juice sucks

fake

But I am more than glad to domain block Haskell28471.onmicrosoft.com or cooldentist.onmicrosoft.com in our systems lol (as theroretical examples)

I have a scam blocker. It actually works hella good against bot calls

ngl i don't see any reason to even allow *.onmicro

X-Effective-From: more or less leaving out our filtering solution's name. This header identifies the true sender and can often expose legit uses of *.onmicrisoft.com

You’d be suprised

So we'd get false positives if just blocked them all

if a random company out of nebraska doesn't want to set up their email properly they can deal with the consequences

Same deal if I blocked all the awful AmazonSES phishing we got lol

I’ve seen it a lot for schools aswell

/ students

eh who cares about the students

that would actually kill our EDR's alerting emails to us

Depends on the company I guess lol

tf lmao

that's poor design

Nah I mean I can block individual AmazonSES fine, but you know how effective that is

but if you block AmazonSES globally, yeah you'll have tons and tons of false positives

honestly you should be whitelisting trusted senders instead

so much safer

You possibly misunderstand just how much email we ingest lol

nah they can wait

lol

my fucking i key is sticky and takes me like 4 tries

every word with an i

tried and true messge of banging on the key a couple times to unstick, and hope there's no gross residue that's the actual cause lol

the opposite, actually -- it catches on the way down and won't press all the way

like a ridge

Is this a mech keyboard?

shitty old membrane dell from the basement cause my old keyboard broke

oh lol

waiting til i has monies to buy a new one

probably plastic failing and or debris in membrane

literally never used before 🤷‍♂️

just shitty dell

Meh I do have Dell tech that's holding up for 25 years now lol, but fair enough

durable and refined are two different types of quality lol

Don't make me link my beautiful Pentium III machine again to proove a point lol

https://tenor.com/view/intel-pentium-inside-cpu-processor-intel-inside-gif-17715599

Too bad I’m doing it anyways, original PSU, original a lot besides GPU, RAM and Storage. Dat legendary Intel 440BX chipset that everyone emulates for compat

Plus bonus pic of my cat

surprised how not yellowed it is tbh

Yeah it lived in basements, although I had the SO get some black out curtians for the room it's now in

I can likely retrobrite if needed, but prefer not to

was gonna say that's an unfortunate desk

but it kinda brings it all together

indeed lol

Well now it's crammed into home office, since we needed that as a spare bedroom after all lol

and now server lives under this desk, excuse excessively messy picture

speaking of, I gotta check iDRAC. lol that little blue display turned orange with a warning

heya Ellie

hmm Venture bros

10/10 series, do watch

Too many ECC errors on DIMM3, I'll keep an eye on it. No emergency

https://youtube.com/shorts/gzj5-pr7Brc?si=LrD5XU46hbTIWx0E

100% sounds like me

hey timtaylor you still lurking

just found out yesterday timtaylor is a insane hacker

like top 220 on THM

Hello, can someone help me with a phishing simulation?
I am studying Cybersecurity at university and they asked us to simulate a phishing attack using Microsoft's "Ethical Hacking Resources" application and I don't know what is wrong in my php code 😦

I'm from Mexico

Unfortunately we are not allowed to assist with school assignments, can always ask a classmate or official school channels for assistance! But no worries

also Ellie mind sending a few more video game tracks my way

I’m getting a bit too sleepy tonight, maybe another time!

ok

But here’s one more video game cover as a freebie, cover of an amazing into song on PS1: https://youtu.be/CiE8p5VjZgo

Just wait for the drop lol

Morning fellows

Hi there!

We don't help with school work. 🙂

https://tenor.com/view/tim-allen-christmas-with-the-kranks-yeah-well-on-the-phone-gif-15530470

listened to the entirety of super guitar bros

but good song

what kind of music are you looking for

eh instrumental video game tracks

or any scores

ah okay

preferred if violin's in there

https://www.youtube.com/watch?v=EQ7fsaj-8jc&ab_channel=TaylorDavis

not sure if this is kinda what you're thinking. it's from an anime tho but still pretty sweet violin

actually one of my favorite artists

playing her on shuffle atm

nice

yea love her music

if u got any artist like her lmk

👀

Morning

Alr listened to Mia Asano, Lindsey Stirling, the piano guys

Hmm I don't really have too much violin going on in my library

Arcade Fire - Song On The Beach is a beautiful piano piece tho

listened to it also

and I think the ads are getting too targetted

basically any Debussy is nice but I'm sure you're already familiar then haha

Oh violin 💯

https://www.youtube.com/watch?v=DmQmepDPg6I&ab_channel=PatrickBennett

hella good show too btw

Happy Valentine's

https://tenor.com/view/heart-love-love-animation-kathal-happy-valentine's-day-gif-3682800382547626839

@glass nest

Very neat-looking 🙂

Yes, a bit nicer than the last.
Some improvements to make but if it works properly then I'll publish it

You get a chatbot!

You get a chatbot!

https://www.nvidia.com/en-us/ai-on-rtx/chat-with-rtx-generative-ai/

Chat bots for everyone!

35gb download
smh

Spooky popped XSS on it already

Why am not surprised?

Have the wrote about it?

I used to follow their twitter, but I deleted it ages ago

i can never stand debussy, the way he uses modality though i like his orchestration

oh, except maybe the flute, harp and viola sonata

do i get the cat with it

Lol

Uh oh

What’s this for?

Satellite stuff

Just gotta mkae a box for it now

What do you mean by satellite stuff?

May I ask some questions from a Pentester here? 🙂

Just ask, if somebody knows the answer, they'll answer.

How long does it usually take to finish a pentest process?

I mean... when all the documentations are done and you're there to start to enumerate.

Engagements can vary, probably written in the contract when you can start and finish.

Right. But does it take a few hours or days?

You know I'm just doing these rooms and I can finish it in a few hours.

From one of TCMs videos on external pentesting:

but it will depend on the scope

The rooms were designed to be done in a few hours...

If you want a longer room,

I suggest either #holo-network or #red-team-capstone-challenge

40hrs is.. well, 8hrs a day for 5 days.

Yup

I'm just curious how does it work in real life 🙂

There is no standard.

You could spend x amount of hours doing this, that and the next thing.

You do it in a 9-5 fashion if not stated otherwise for as long as the contract is stated

in my experience about a week, plus a report. it depends on the scope as scrubz said

@mental hound -->https://www.youtube.com/watch?v=wDQ0KXR4D7A

but normally clients want the bare minimum

It is a "bias tee" to power an "lnb"

90% of my projects are a week at most

Thank you! I'll check it out

Gave +1 Rep to @glass nest (current: #19 - 386)

james - obviously it'll work better when you attach those BNC plugs 😄

And what if me as a "newbie" start a pentest and I'm unable to exploit the system, because you know... there aren't any writeups but someone else could easily?

Oh nice, what did you use to design the pcb?

what do you mean?

I mean if I'm not good enough...

If I miss something

if you can't do a pentest technically you can't be a pentester

Practice makes perfect, don’t be so hard on yourself

Ah you'll normally be mentored by a senior colleague

Just study more

Well, You'd not be working in the industry if you couldnt, but pentests are done by teams. You'll have co-workers and stuff

They wont just push you into the deep end

Unless there isn't a vulnerability.

As for missing stuff - you're only human. You should just do your best

That sounds good 😄

Sometimes I'm sure companies will have their stuff together.

Not looking at you SolarWinds123

And follow a methodology

If you have a checklist you're less likely to miss stuff

Yes. No about 'Missing something' - Like Scrubz says, it might be a secure enough system. In your meeting with the client, you'd go through what you'll be looking for and your (or the companies) methodology would (or should) be set up in a way that will check for those.

Scrubz and Aquilo making my point while typing it.. I swear you are watching my computer...mutter mutter hackers

😄

As for write ups.

I don't think you'll get access to a previous scope and contract, I could be wrong, I'm sure the NDA would kick in though?

You can get access to the previous pentest report

When I was in forensics, we basically had templates.

Doesn't exactly work as a writeup tho

What do you mean by writeup? @mental hound

Nah, I didn't think it would.

I'm sure pretty much every company does

Unless they're treating a pentest as a CTF

When I'm stuck in a room I'm looking for some help online.

Yep, at my place we generate our reports using a report tool and then fill in the blanks

Did you ever see that thing about the "keylogger" that could predict what key was being pressed by the sound...

Thats terrifying. Why you listening to me type?

I have

Okay - so in the context of a pentest, if you're stuck on something you'd ask your coworkers for advice. But finding 0 vulnerabilities doesn't necessarily mean you're stuck

Thats as mad as someone hacking a bios based on the sound of the fans on startup

Just find a zero day smh

Wdym?

The typing is a coincidence...

I mean you could but that'd be a fast zero day

Thanks everyone helping me with your thoughts. You're legendary 😉

bella - ---> found one

Sure thing

Boooo

Scrubs, so one of these drones hovering outside my window is yours? Dammit

Have a great day guys. I'm going back to learn 😉

My friends found one doing a security test of a product

Didn't take longer than 3 days

That's fair it defo happens

Yeee, it's also OT

All the drones are belonging to us.

IOT stuff is fun

oooh, that was ALMOST a classic interenet reference

Yeah, IOT != OT though

What is OT?

another IT acronym

Of things?

Ah operational technology

Curse them acronyms

Oblong Table?

Osome Time?

Ordinary Thing?

Osmosis Trend?

could be anything

Truly a mystery

Yeah operational technology, such as big machinery etc

Man, when members get muted, why do they always DM me to them un-muted.

Cause they think you can scrub it off

Like Hex? he is big machinery

Hex puts monster truck tyres on for fun.

I wanna do that, but my car is too low

Hex wears a tractor tyre on his pinky finger as a ring.

( @silver sky I just 'Chuck Norris'd you )

Oi oi

I am classed as heavy machinery

Hey

Hi everyone, I have a question about John: Im giving it a hash to crack, and it sends me "No password hash loaded" and I dont understand why... (I use a Ubuntu VM), the command i used is john key.txt, here is the beggining of the hash :

key.txt:$sshng$1$16$6ABA7DE35CDB65070B92C1F760E2FE75$2352$22835bfc9d2ad8f779e84676de801a2712ef86e499d5cad1af838d19402729c471837fbdbe7eb172e8e9cd40ee52d959a3d772204241e305194ee7813ec99be3ced17455644ce550ad51edcb52b668bcb62e46b60a77e3cfc2e5bfe14c69db0d5d1be3c3f1d18867173d8f01ee7b00d5e88f62b3d91c81f740e14862548f318bfbf510bae62e9fae40d2bf15f36dd7d702400dfb74f9154e3d00454a049b599cb4c4070df59b18efd252d702a21a5f941f79731a70840e51608701396955798d946e01686edc557b350263e279f971eee37846e07d3594b8669d25a656c26f85046b05f44edf9529dea4ce1f8193469485640909d9dbfd4f9d45ab2ede8c6aca494a53674fb1e53bae5bcf02a6bacbea202bfc284db9d3ae446780aa8b431325948599c9ee32acb1137dcdbbe61cd555887a1642e0b4e7da972d1b32a188accf9e595a173ab64f065bfc8b23530dd0c4de3463a9b38694fb34d6101628847150f684af5f25719f8e958d34570da834bdb129482d4295768f01f4e3219d5db7c92d85a55f19c926954c84a0ba6bbe697b8655c5f98cb7441c2b8a0a3b569118ca8b14dc1a3f125857a1dab94a1513137b6d4a68f9e2d856ce66a39b5ba560e18b43517e718fd6de9b9fb4ef6fbec009ac86cc774ba4802a666bffd21c114e7adb455858d4251fef118d99b9b3607ccd130329a44da2f261526951422440b7703827e53bd05177e1e82249455ae177157256a563b28b7e0b317b99b5a6e6716c4cf3e53a79dd0ba266ad41148de21b2f305c5ba6d7e6cf

i got the hash using ssh2john.py

In fairness there are some seriously dumb vulns around lmao

Ello

Use a hash identifier script to identify the hashing algo being used and add whatever you find as options to John so it'll have something to work with..

Also If this is for a room, use #room-help next time

LMAO yeah that's a good point

Me rawdogging every room, having no idea what to look for and spending 4 useless hours staring at my screen: 0-0

A room is very different vs a pentest

True that, but i still miss alot

You're trying to "solve" a room, not note down every vulnerability that exists

Hmm yeah itll get better! Recon is a skill

I still feel like my recon is terrible but it's way way better than it used to be

Yesterday i was going down a rabbit hole that led nowhere because i forgot -p-

Always fun to repeat those mistakes

yup, some dude tried to get a CVE on DVWA once, that was fun 😄

I think muiri means that there are some silly-easy zero days to exploit out there

yeah, that too

oopsie

taking notes while doing rooms helps a lot with this

you're more likely to get that 'wait wtf did i not check this?' moment

Speaking about OT and 0days, this one was what I was talking about Aquilo CVE-2023-20235 😄

and it hopefully won't be 12 hours in 💀

Ohhh docker shenanigans!!

yup

they got asked to test the switch for a customer and found that vuln

I want to try to get a CVE this year, need to start poking at different products

Ello bella, poki long time.

Hi hi i remember you!

You're the JLPT guy?

Yeah im gonna make writeups and pentesting reports for each room to build up a portfolio for me last internship, should show some good initiative

Haha yes

Ahh how's the JLPT journey going?

Hello fluff!!

I hit alotta people thinking they were you XD

hell yeah

Hitting people is bad

Would show my thinking and that i have documentation down

Was gonna go for N3 this year but Microsoft got a jump on me and now I gotta somehow prep for how to research malwares

Report writing is a great skill to have

That sounds exciting woah

I may pick N2 back up later this year..i want to start taking classes again, i've been really busy so no time

although i've forgotten a LOT

it's bad

Hit em w a text like "you still retro gaming?" And they were like "What?"

That's not me i dont think

Retro computing?

What was the term

You're thinking of ElizabethNoir

Ah F

Hehehe

Oof

Can be skilled all i want, if im unable to write it down clearly and in simple speak itll be hard to convince a company to patch something

We've had this convo before Haven't we

Yep

Yes somehow

It's very funny

No wonder I keep failing robot checks. My memory got corrupted

But yeah I seem to have mixed info on a bunch of people

foO

It's kind of hard when there's lots of people chatting

Anyway. I atleast remember that you know Japanese

Know is a strong word

And you went to a sushi shop that dolph visited

I am learning! (but it's been awhile LMAO)

I super did not

Not sure who that was

May i interest you in notes feature of discord

That's what I was about to say...

LMAO

all you need to know

Hi humans, I don't know who's who

It's okay buddy

You'll get it eventually

Am btw reading ghost in the wires, great book, really compelling read

Oooh cool

I still dont lmao

Fluff is either not in Germany, or not Russian.

I'll formally introduce myself then. I'm usually called Tank/Rinz. Been here for about 2 years but only been active for around 6 months. I think I met alotta people here or not so I don't remember who's who, my bad. I'm still a student who'll graduate in mid 2025 and now I know German and Italian too

Yup that's all

Cool! I'm Aquilo, I'm a pentester

I pop in and out so i'm not super active

u ar poki 🙂

yes i am poki

https://tenor.com/view/thumbs-up-double-thumbs-up-like-agreed-yup-gif-11663223

Ello ralex

ello ello

Oooh I'm still confused what I wanna be so I'm doing everything

I may change my thing too eventually

Forensics, defense, offense, engineering, devsecops, cloud, hardware

It's good to experiment

Yes blue team seems fun

🤢

but i'm leaning towards red team hard

Nightmare level stuff

nightmare scary dream or nightmare binary exploitation course?

no u

Oh I wondered where poki went.

Just a name change.

Aren't both fun and scary

I am a professional blue team hater

Yep it's still me haha

True!!

Why!!

So boring

What

I got the budget for 3d printer

Now comes space problem

What do you mean boring 😨

It’s dead

What do you want to do jabba?

that's true yea. which one you think of to get

#redteam5lyfe

Ah you want to get into red teaming?

Contemplating. Dunno pros/cons to this stuff

evading edr and stuff i presume? actual red teaming or do you want to get into pentesting?

or are you just into the offensive stuff?

Offensive jabba

Pentesting but I’m not fully locked into anything yet

Ah okay

for weekend ill be free and can share some wisdom. kinda bussy atm

Pentesting is fun. I think you'd enjoy it

Jabba is a closet blue teamer.

People tend to hate on the report-writing but it's a good time i swear

I know where you live

I like writing reports

I'll wait for that then. Prolly not gonna buy till July since I gotta move around alot this summer

ah. fair

Bring merch.

Gib tips

Need that thm sticker fr

Generate reports based on a premade template, save 20 hours in formatting

But I think you already got that don't you scrubz

Not yet, I'm waiting.

How many screenshots should it have and how professional sounding should it be?

a lot and as professional as you can make it sound?

This is a very vague question

Indexing stuff at the start is good to have right?

Hence the dilemma in alotta stuff

Like a table of contents?

Yup

i hope everyone become good person in future and hapy

When did you order it?

I mean you can kind of judge it for yourself when you finish the report. How quickly can an executive get the gist of what the report is?

He

He

So it depends on the complexity. And do you make the report along the way or after you're done?

I haven't. Lol

You definitely want a ToC and an executive summary, but no matter what job you're doing i doubt you'll be making the report template

Gotcha

Tanks poki

+rep @grizzled crystal

Gave +1 Rep to @grizzled crystal (current: #123 - 50)

So we use a tool for generating the report. I write out the findings while doing the pentest, and then i generate the docx file and add the specific company details at the end

or in the beginning of the report

but at the end of the pentest

Scrubz. remember the problem i had yesterday? to ssh james the password for james was november16 right? when u tried to ssh in and it worked did u use password november16?

So.. you won it?

Sure thing

So tired 🥱

Hmm alrighty that makes sense. Thanks again

Sleep

Gym time

Nvm, grind it

Need more redbull

Les is redbull, more water

How are you still alive

Redbull

I have a lucozade alert but it doesn’t hit the spot

But Lara Croft drank that, and shes a Tomb Raider...

Hi!

Hello!

a vicious cycle

Redbull sponsor me

I just finished my redbull

What is the she/them

my pronouns

According to the pfp, id call you a rocket bunny then

Doesn't have a pfp with red bull.

And a rabbit

No only the rabbit

Bunny?

Huh

My English brain left me

Theyre the same(right????)

same

so tired though

Bunny rabbit

Rabbit bunny?

I need to buy new running shoes.

I have that problem too frequent :p

At least you have an English brain

Yeah

same, need to get some indoor shoes

Believe me my dutch brain is mostly inactive

I had a 10 for English lissening test

I do almost anything in English

My Dutch brain is dominating me

dominating

is that a word

That's impressive as our grades only went up to 5

xD, lets say, all answers are correct

10 = 5 =A(+?)

We grade 1 through 10

what does it mean?

Jester can i DM you?

Ayo wtf dont trigger my bad side like that

Of course

Im so confused?? Thanks?

My younger siblings studied in another country. And they were like
"what grade you had in English?"
"5"
"loser, i have 12"

XD

Thats awesome

it means that I go by she/her and they/them when you talk about me

I find multiple pronouns have an ease of use so to speak, you have two to choose from

Bella do you have a preference?

Sometimes I don't other times prefer she/her

Gotcha

Off for lunch

Behave!

No promises!

Ill keep em in line

(For a given value of 'line')

We got 1-5, 1 being the best 😂

we got A+ through F

usually based on a 100 point system

some local school did 1-5 though. My wife’s school did that

https://tenor.com/view/sleepy-boo-rubbing-eyes-monster-inc-gif-12486750

breaking in some new jeans at the gym today

thats crazy lmao

what do you mean?

it that not normal?

sheesh

wasnt my name a diff colour

Normality is often described as what’s consistent and expected from a societal perspective - saying that, society is crazy nowadays so do whatever floats your boat, I guess, lmao

lol technically my gym has a sign saying not to wear jeans while working out

says it’s “intimidating”

well for me, it’s just convenient lol

Levelled up?

2 rooms until 800.

Are we seeing different numbers

That's probably out too by a few thousand.

Website states 798.

Weird, unless three rooms were released within the last 24 hours

The stats should be using the same API to get that information

How often does the bot update the number?

cause discord shows 795 still

Every 24 hours

ah

why the facepalm? are you not also questioning it above?

Unless the bot crashed

AAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

I don't think it's vulnerable to an overflow though

my brain is though

Oh that's another issue, sup?

Why?

If anybody scans/tries to attack me.

THM will see it. 😎

Also default Kali environments are pretty secure

I know.

hapyy thoughts flowing through my brain, cause I just had a phone call with some people about some project and they both are okay with me being autistic, and using they/them and she/her pronouns

I'm not concerned with with my Kali being attacked, I don't use default creds either.

Was making an observation 😉

I know 😉

Oh that's great news

Looks fine to me, it might have been rate limited

Now i know that your password is not root toor 😄

yes, aaaaaaand, it's such a cool project!!

That was my assumption.

I meant the stats bot

Huge!! Inclusive employers are the best

I got called a SME 😎

That is the stats bot

I'm happy for you!

can't say much about it, but it looks promising

If you're running Kali as root you're doing it wrong

why

i do that

Why!?

Because i like control

You shouldn't be running anything as root unless it absolutely needs it, and even then

I thought they didn’t use toor for the password in forever

do you like to get controlled?

No, i like to control

Although when I count on the website, I get 766.

76 pages of 10

one page of 6.

76 * 10 = 760 + 6 = 766.

Unless my Maths isn't mathing.

There’s rooms that aren’t on that page that are included in the calculation

use it on demand not constantly. It's bad.

Which could very well may be the case 🤓

or just the unknown factors

Why shouldn't i use root in a VM?

I don't care if anything happens to it

Not only is it bad practice but it also breaks tools

Your goal should be to create good habits not bad ones

Bad practice ok, how does it break tools

permissions

Elaborate?

some tools set permissions based on the user that runs it, if root user runs the tool, it can break the permissions for other tools making them not work

hahaha

From what I'd gather, tools have different users for services/daemons set up. If you install as root, your permissions will be above those and the installed tool will not be accessible by the service, for example.

that too^

Hello mates,

I am a Intern student from INDIA and want to get monthly subscription of TryhackMe. When I try to subscribe its only allow credit card and paypal account that I don't have. Can anyone suggest, is there any other payment mode to get the subscription.

sudo & su is best practice.

Any book recommendations for digital forensics?

Makes sense

Now

I think India could have an issue with payment plans etc for subscription.

You may need to purchase a voucher.

Support can assist best.

Have a look around #bookclub

If you ever remotely use the user account rather than root, even for starting up your OS and logging into LightDM to enter your session, anything you do as root will likely not be accessible

Ie you open up dolphin to browse your folders. Whatever you made as root, you won't be able to see. The app manager launches dolphin with the privileges of the user which logged in to that DE session

FTK Imager is good for forensic imaging

Or if you can see it, you likely don't have read/write permissions so nothing goes in or out that folder

oh boom

book

I read “tool”

my bad lol

Unless you painstakingly open up a terminal, and run "sudo dolphin"

Thanks ! I'll connect with support team

Gave +1 Rep to @sharp citrus (current: #264 - 18)

Speaking of "best practises" I should probably change my baremetal system's password from "root" sometime soon. Just freshly installed it and that's the placeholder until I've done all the initial installs I need

I hope you're joking...

I wish. I forgot this wasn't a test VM and rolled with it because its quicker to type out

I'm not installing anything outside of the trusted repos though, so unless someone's tampered with those I'm alright for the moment

hey, dont call me out too

what would it take to be able to escalate from hacked vm to hacked host

a cia elite expert?

until then im safe if only my vm gets compromised right

A 0day.

ah.

And nobody is gonna burn one of them on a random.

thats hard to find right?

hi

Easier than you might think

LOOOOOOOOOL

That's why I'm changing it soon

@rapid merlin i dont know this person and is harassin me

and scrubz cal me a random

help

MODS

If it was that easy, you'd change it now...

@swift patios

Yep, that's what I'm doing once I'm at the machine

Soon, because I am not physically there yet

You just pinged a random user.

it says he is moderator

i only ping the nice mods

because when ill be in the the professional setting i want be prepared social setup and public relationship and not ask favours yet

It's just a name.

i hav so many things to say

this is it for today

sight

Uh, Ok.

is fine

I have to start drafting a draft of a draft so I can send that to my manager to get that draft drafted properly, which I then can start drafting the final version

You might be cold with all them drafts,

yeah, I am wearing a hoodie to not drift away in the drafts

Having more monitors is always a benefit.

Trust me, I have 5.

5 all on your desk?

3 on my desk, two on the wall.

Damn

Full SoC centre here.

I got 3 monitors

planning on a 4th when I get a good paycheck and gotten all the other stuff I need

but first, a proper power supply for my pc 😄

I have 3 in total, but not dock lol

need a dock before I can add more

Question is, do you use them all?

How do i turn openvpn off to thm i did ctrl+c and closed terminal but im still connected

All the time.

What are you using 5 for?

sudo killall openvpn

okay

And for instance, what have you opened on them? Terminals? Monitoring systems?

Spotify? Discord? 😛

One for discord, one for 5 vm's

One for a main screen, other 2 for whatever

five VM's? Interesting

For testing purposes or smth?

Kali, AD and other things.

Ah

Alright alright

Dammm

I think i have a problem

Just ignore that page.

But i need to disconnect bc i think smth wrong i cant even ssh anymore

to thm challenges

That page could be bugged

ip a | grep "tun"

That worked

Ty!

oh well, time to go home

i had some blue colour, i think it was a temporary role from an event

How you been anyway? @sick lance

Yeah, that was removed lol

Can't complain, yourself?

@lethal spruce

Go to learn

Then again learn

And choose one of the paths

I would recommend Pre Security

ok thanks

this is not completely free I did few tutorials now its accessible for premium users only

Is it completely free

Alright

92% of tryhackme is free, the paths just show some planned rooms together which is why some of them are paid rooms

If you go to the "search" feature you can see all rooms and will be able to sort out any paid rooms

If it's just something that doesn't work then it's just putting it in #room-bugs or #site-bugs if it's an actual security vulnerability, then you'll want to contact support

Thanks a lot I will try it

Gave +1 Rep to @chilly veldt (current: #7 - 807)

beta root:root vs chad root:t00r
||joking||

anyone has an issue connecting via openvpn?

if you really need an attack box then just setup your own vm

Finally, car theft is over. The flipper zero, and any similar wireless spectrum computer board, I guess, need to find the language of the act, is banned. 😅

rofl

I have some letters to write today to my MP.

like that'll do anything

glhf

You sure that it's correct, what if you press ctrl+f5

Gonna tell them to be screwdrivers because they can be used to turn the ignition of a car.

Maybe wire cutters too that can be used to disconnect alarms. 😓

don't forget a prybar, or a large rock

I guess they're not interested in things that can actually be used for the purpose

Throw a mail to support then

i hate being rich i hate easy life and i hate fame and yesmen

biggest bait in the book

I mean I did try a replay attack on my car with the flipper, it naturally failed

I heard that it's necessary to finagle in some other software and tools to get better functionality on the Flipper

there is a bug bounty program

please report the issue to support

Good luck

be sure to be precise and detailed in your report

Gave +1 Rep to @shell nova (current: #12 - 542)

you can finangle hardware as well

noice

don't be stupid 😉

don't attack things without permission

if you don't have permission to do a thing, then it's illegal and you could face prosecution and all that entails

generally explicit written permission from the true owner of the device/network

yeah

attacking "your gmail address" for example, is illegal

IMO, there is none

grey hat is mostly vigilanteism, which is also illegal

we do not condone that sort of behaviour here, and doing so may result in you being removed from this server

bingo

And because of them

ur not in jail

:))

That’s why labs exist like tryhackme and hackthebox

just remember to stay in scope

But thats also a fun part right?

And you can use a cloud PWNBOX or not?

Im not on HTB so idk

I got started a few years back with an offline CTF

naw

internal corporate

Attackbox ftw

Make a bug report then 😄

attackbox is unlimited for subscribers

that's assuming they qualify the bug

Up until 6 hours at a time*

I mean you can always terminate and restart

Yup

That's why I said at a time

But lets be honest, your own VM is always better

Even as a subscriber

With one screen yeah

But still, when im on my laptop without external screen

And im using attackbox

Full screen mode

😄

HackThisSite

I mean I use my VM over ssh so

Hey guys, how are we all doing today? 😄

I started learning stuff on RootMe

I started on THM :p

it's ancient

Real old

Outdated

Gave +1 Rep to @atomic aurora (current: #1995 - 1)

Today has been an amazing day for me

I'm good thanks! I was just reading your guys's conversation. Very interesting. It all sounds a bit like chinese for me still but I hope that within some months i'll be able to join you guys xp

Gave +1 Rep to @hasty star (current: #1995 - 1)

Wait-

It is valentines day

Didnt know

Yeah

Single life ftw

I forgot and I'm married

Watching Champions League and doing some THM this evening

Oh no

never once have I celebrated V day

My wife doesn't like it

when I remembered this morning I texted her

plus our anniversary is 3 days after V day lmao

every day should be v day in a relationship bro. Always love and spoil your wife

My Valentine's Day is celebrated by going shopping for a new pair of running shoes and then going for a workout

I started mine with a workout lol

I started mine with work

I have ordered pancakes for myself hehehe

I got my wife a gift for it, I just gave it to her 2 days early

Just missing that out

I started my day with an exam about economy

Ah nice! Very good very good

Got her one of the Cirkle flavored water bottles

Maybe you can bring home some chocolate

I should also go grab myself a weight, so I can weigh myself

I'll add it to the shopping list

then had a nice date planned for sat (anniversary), but now we have a family funeral this weekend

Oh I'm sorry

Hand stretch over keyboard to reach 0, too much effort

I got one that transmits the data to a phone app. It stresses me out more lol

it started telling me my weight in the color orange bc I'm overweight by BMI standards

uhm is this a black hat or white hat server

I am also grabbing one that can calculate BMI lol

White

White hat

Only

ok

im white hat

Any black hat stuff will get you removed according to the rules 😄

I need to get down under a certain BMI level, due to hormones

guys what is the main difference to white hat and black hat hacking]

im new to this

white is ethical

White hat is legal, black isnt

Legal vs illegal
Permission vs no permission

Well, one's illegal and the other isn't