#general

is something that can be use for ever. Thank you very much.

I have done a little too much PowerShell scripting, so I should know a trick or two

Moar DevSecOps rooms!

Moar Infrastructure!

Chatgpt🤮

so now they using terminator to promote IaC

If I haven't created it in 4 hours please ping me, then it's because I might have forgotten about it

Need to travel home and make food, just got off from working out

Sure, no problem. Thank you a lot. You should put it in github, if you get it to work. this can be a very powershell tool.

Gave +1 Rep to @chilly veldt (current: #7 - 808)

Here @earnest knot

$userAccounts = Get-WmiObject Win32_UserAccount | Where-Object { $_.Disabled -eq $false }


foreach ($user in $userAccounts) {
    $username = $user.Name

    $netUserOutput = net user $username 2>&1
    $comment = $netUserOutput | Where-Object { $_ -like "Comment*" } | ForEach-Object { $_.Substring(10).Trim() }

    Write-Output "Username: $username, Comment: $comment"
}

Fail ping

@dim dirge

DevSecOps Terminator says: I'll be Rollback.™️

that's how all things starts... soon there will be "clan" site, then will make gatherings, then some will bring guitar, and soon there will be revolution 🙂

You are rude

what?! No, how?

Is it foolish to try helping somebody?

"I'm not here to terminate, but to upgrade your security" 😄

Hasta La Visa Baby

huh?

"No problemo."

Oh you were replying to "Try harder" message

I tried the script now, is giving me access denied I thing i will need administrator rights for it

I will try it with administrator and see if it works

yeah

Sorry, thought that was directed to me

🤝

Gave +1 Rep to @devout palm (current: #28 - 273)

Love the comics!

THM always makes it more entertainable

I think it's because of the net user command

Maybe because it doesn't allow you to take a look at other users

If it works for the same account, but not others.

Something with the script execution then

General perms to execute a script

Do you know what it's being blocked by?

Execution policy is an easy fix etc

Ah no wmi access, rip

Looks like you'll need to script net user or use a different powershell cmdlet

Yeah it's using a different interface that needs privs

Scripting net user isn't thaaaaat bad

I mean you said it works as a DA

It's working on my machine as well

As a standard domain user?

yes

I already know you're running it as DA for it to work.

What user account are you running it as?

When it doesn't work

Can you be more specific?

I had to do
Set-ExecutionPolicy RemoteSigned

It's not that

That'd be a different error.

User name                    hacker
Full Name                    hacker
Comment
User's comment
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

Password last set            2/15/2024 12:49:06 PM
Password expires             3/28/2024 12:49:06 PM
Password changeable          2/16/2024 12:49:06 PM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   2/15/2024 4:44:19 PM

Logon hours allowed          All

Local Group Memberships      *Remote Desktop Users *Remote Management Use
                             *Users
Global Group memberships     *Domain Users
The command completed successfully.

this is the user

No no

It's about WMI

Hmm, interesting. Both domain users.
So evidently you have something set different

@dim dirge Try logging on and running it rather than using winrm

Remove that as a variable

Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is denied.
At line:1 char:1
+ Set-ExecutionPolicy RemoteSigned
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
*Evil-WinRM* PS C:\Users\hacker\Documents> 
``` I get this error

We did say that wasn't the problem...

try this:

$userAccounts = Get-LocalUser | Where-Object { $_.Enabled -eq $true }


foreach ($user in $userAccounts) {
    $username = $user.Name
    $netUserOutput = net user $username 2>&1
    $comment = $netUserOutput | Where-Object { $_ -like "Comment*" } | ForEach-Object { $_.Substring(10).Trim() }

    Write-Output "Username: $username, Comment: $comment"

}

true, let me try it

Local users or domain users?

local

whops

Would Get-ADUser fix it?

I don't know what api that users
I'm interested to see if it's a winrm issue though

yes give me a second this thing is slow to boot in

The first script also is local

something with the WmiObject

Ph0bos - try this too

Oh man, i hate these VMs

Is taking for ever to boot

Honestly SSD/NVMe for VMs is a life changer

Yeah I will try all, had you try it in a AD?

Nope, i don't have an AD lab set

Oh i see,

Love NVMe

ok

im in

Prepare statement in php is an efficient way to prevent SQLi. The best way to prevent it is to use parameterized queries or prepared statements

what is the script i should test?

the last one?

The first one without the WinRM and the second one normally

ok

ok you were right

here is the problem... with the pc it works BUT you cant see what is in the comment

this time worked but you cant read what is insied

is all blank

huh?

yeah look here

because the description is empty

most likely

No no, look at the other logs

There are passwords on it

I mean, which one are we talking about right now?

Iiiiinteresting

First or the second script

Username: Son, Comment:
Username: Administrator, Comment: Built-in account for administering the computer/domain
Username: Guest, Comment: Built-in account for guest access to the computer/domain
Username: SQLService, Comment:
Username: elisabet.jeanelle, Comment:
Username: odelle.bertha, Comment:
Username: kassey.clemmie, Comment:
Username: roxana.cindi, Comment:
Username: avis.cathie, Comment:
Username: brier.stephie, Comment:```.

and it doesnt work with evil-winrm

can you see it with net user SQLService?

Yes

uhh Might be the "User's Comments" part it is showing im not sure

the Get-Local one works with the winrm?

let me see

AccountExpires         :
Description            :
Enabled                : True
FullName               : son
PasswordChangeableDate : 2/16/2024 12:37:15 PM
PasswordExpires        : 3/28/2024 12:37:15 PM
UserMayChangePassword  : True
PasswordRequired       : True
PasswordLastSet        : 2/15/2024 12:37:15 PM
LastLogon              : 2/15/2024 12:40:31 PM
Name                   : son
SID                    : S-1-5-21-4067545166-1296066028-3412031950-1535
PrincipalSource        : ActiveDirectory
ObjectClass            : User



*Evil-WinRM* PS C:\Users\hacker\Documents> ````yes

I meant the script

👀

Alright

You're welcome

Tricky that they put the pass there

I've never seen a CTF do it.

But that won't say it won't be done.

@rapid merlin ur so hot topic i like u a lot

good stuf

my head hurts

I think amazon is telling me i'm fat, everytime I type amazon it takes me to a pack of 12 chocomel

Might be left there from yesterday

Is chocomel good?

The best

hmm

what is chocomel???

That remind me of a Daniel Tosh about google, google make me look bad every time I type a, google goes Asian... 😂

yes shadow knows this is not jeporday

Some form of chocolate milk

A dutch chocolate milk

and a daymn expensive one at that

give me IDK for 200 Alex 😂

6$ for a can of chocolate milk

I love chocomel, it's in lidl

Sooo good

lidl?

An amazing grocery store

It's a German shop, where here in the UK is the cheapest place to go

use acupressure on right before the palm of the two hands and the nose thing that smells like intense peppermint perma and heavy and put urself in a the very cold

hmm

also paracetamol with coffee combo

It's German but the UK has stores of them

Gave +1 Rep to @near hawk (current: #90 - 68)

I want to switch to this field, can someone with experience give me suggestions?

It's very broad, which part of the field would you want to go in?

For some reason my work assigned me two projects due tomorrow even tho i'm off sick til the 5th

Damn, son

Esqyyy, I hit the meanest leg day today

It's only to upgrade the Windows 10 to 11 but still why assign them to me lmao

Cos no-one else wants to do it, so they assigned it to you, knowing that they'll be like 'He's off sick!' then have an excuse to reassign it to someone for next week, and putting it off for longer

howdy

Seems that way I asked if I could ask them to work from home 3 times said will speak to HR but never got back to me

They're also making me do Scope of Work and sending them out to customers for already completed projects from like 1-2 years ago

My legs are so dead tomorrow

You got that mind leg connection

hi! how goes it

hi bee, long time no see

Hey

Another bee over here

Bzz

Thank you so much for making honey

I mean, I hit 140kg leg press, 70kg calve raises, 80kg hip thrusts, and 60kg leg curls today

Make sure you get good sleep mate

I'll most likely get 10 hours

that is 5 times the amount of sleep shadow had last night

It's 5 hours more than what I had last night

uuuugghhhhh

tor is being annoyinggggg

what you doing over tor bee/jazz

stuff for owrk

noted
jazz/bee is a journalist and taking information to and from using tor

no i just need to download a ransomeware dump

Hmmm @mossy river

Malware is restricted to the advanced channel

Furthermore, you have already stated that you are new to the field, don’t go messing around with things until you learn fundamentals

So u wouldnt advise going on vmware and mess around with different malware samples as a beginner?

nope

Definitely not

@mossy river do u got a list of playlists ? im bored from the one u sent that day, thanks

Gave +1 Rep to @mossy river (current: #6 - 1157)

Both

Nah all my playlists are private sorry boss

no worries 😄

absolutely not. this is how you infect every device on the network

100% both

if you don't understand how to be safe, don't play with dangerous things

@dim dirge you still wanting me to look into it?

this.... so very very much this... also the reason shadow don't touch malware research for now

Sure

would removing all networking from the machine fix that issue?

#advanced-general

As I said before, if you get to put this together. This can be a very powerful tool.

😭

Get gud, noob 😉

Only get it if you're 0xd, done throwback or have a high cert

You're almost there, keep at it

Throwback was retired, no?

Might have been

Yessir

Throwback was

Infosec devoloper too

That's not given very often

Just had an absolute miracle, got the sticks trapped between the chair-lift poles and it took my hands upwards with me, if they were metal instead my wrist would have most likely been broken

Ahh channel description still says throwback

Still eligble xD

oxD is probably easiest

This is why you remove them before going on the chairlift

Yeah should not have had my gloves attached to them

Lesson definitely learned lol, think that aged me a bit 😆

hey guys, is OBS safe

I think that problem has arisen many many times before, sadly

Depends on where you get it from

Obsproject.com

That the official site? Can never remember

Yea, that's the official site

ok

becuz i keep seeing these ad things

which go to weird websites lol

I think I was so focused on not dropping them, that I didn't realize that I might have needed to, like in that situation

On another note: night time skiing is absolutely amazing, would highly recommend if you have a resort near you

Only takes one freak accident, unfortunately. You got lucky and only had to pay a set of poles

Agreed, though they usually limit the trails. Plus there's no snow here anymore. Was 18 this afternoon:/

That does seem the case everywhere, out of the 9 trails here only 1 is open due to the lack of snow

Very sad 😢

Is this for THM?

What are you scanning?

Gotta wait for the AMOC to collapse I guess

@sick lance no this is not for THM

Once again, what, exactly, are you scanning?

@shell nova This is one of the assignments that I am currently working on.

We cannot help you with homework

No no it's not homework

Wow yeah, seems scarily close

We cannot help with assignments either

I am doing a project about web dev and after it did live we Wana check it .

Bro please try to understand it's not an assignment but if you can't help me it's okay

Have you looked at the nmap room on tryhackme for a tutorial on how nmap works?

How are you enjoying those 50kbs speeds

@shell nova yeah obive man

Then I suggest you redo it because the lesson doesn't seem to have sunk in quite yet

Ty

Gave +1 Rep to @shell nova (current: #12 - 544)

Take notes

Understand what you're doing

Probably not

VPN won't do anything

@distant gazelle i lik ur name and pfp a lot appreciate u being here gj

@rapid merlin ur question make me learn a lot keep it up boss

What would limiting the allocated RAM do in terms of security?

Can't say, I am not a malware expert, but I wouldn't touch that stuff with your level of experience

Gave 1 Rep to thatguy2328 (current: #996 - 3)

Nothing tbf

VPN would also just give the thing an easy path to your host as well

VM is a good start, but it needs to be hardened and instrumented

maybe evil will be slower

Anyways, advanced topic not for here

Nah, evil doesn't care

These things can run on your toaster

wow

Shouldn't it be 2024 bot?

now you know

It was written in 2023

https://arstechnica.com/gadgets/2024/02/mozilla-lays-off-60-people-wants-to-build-ai-into-firefox/

.....

AI is becoming really competitive

Layoffs are never good news for the people affected. The last CEO had been gradually increasing his take-home with no increases for staff, justifying it as there being no money (not because he took it all, of course). Glad to see a new interim CEO but they do need to do some heavy promotion to get the word out. Most of their money comes from Google sponsorship and most other browser users are using Chrome or a clone

yeah but building in content plagarism engines into a browser sounds bad

oh..... that was towards blackout by the way

layoffs are also nearly always bad

this guy shows Bitlocker bypass (once all set up) in 43 seconds, pretty neat video explaining the attack {there is an add for cyber sec platform at end}

this video is good at teaching
https://www.youtube.com/watch?v=wTl4vEednkQ

Everyone wants to get some kind of cashpile out of the AI bubble before it bursts. There's major technical problems with how it works and ethical issues about where they're getting their data, so we'll see how far it goes the next few years

yeah

kind of thing theyre probably hoping to figure out later

companies cant really afford to slow down

I'm sure it'll all work out in the end and we'll be able to build an intergalactic space-based civilisation with plenty of sci fi toys to hack in the future. One can hope

shadow really wants firefox and mozilla to succeed but man do they have many weird things that don't look promising

we need firefox to stay around, i see why they have the version of Delete Me thing for monthly subscription

100KBS excuse you!

Definitely, it's been my favourite browser for a long time and I would like to have a non-Google browser well into the future

exactly this subtlety

compition in the web browser space is very very helpful and needed

My mistake pls forgive

this time i shall

Maybe we need to fork/clone it for preservation reasons

i have heard some mentions of Arc browser, haven't tried it

there already are a few good forks but yeah

wow, lockpickinglawyer has 4.45 million subscriptions! 🤯

lpl is just polite mcnally

Macos and iOS atm with a Windows beta. I live on Linux 😛

Linux 🐧

btw

just mentioned Arc since discussion was on browsers

linux is the way
linux is the life
linux is the future

It's an interesting looking project alright

i learned about Quickemu project! omg Linux is awesome

open source

i updated my Linux Mint VM, it's now cinnamon

what's the difference between that and just qemu

simplicity ?

it can run MacOS

can qemu not

I've been using Mint Cinnamon for years. Just upgraded to the latest a few weeks ago

i dont know

i upgraded yesterday haha

seems that quickemu will just get the image for you? no iso?

that is what it looks like, it will have it for you

interesting

i watched The Linux Experiment youtube video on it

@dim dirge I almost got something here 👀

My brain not braining

@dim dirge I got it!

just need you to test this out, it works on my machine at least

Gave +1 Rep to @chilly veldt (current: #7 - 809)

give me a sec

the singularity is only 5 years away!

(i hope)

https://gist.github.com/KyootyBella/57db78c6cdb7b95b8f02078350073d9a

Nice one bella!

thank you

it works?

ah

no worries

if using wget allow you to scrape paid content on some website, is that consider a bug or so ? by paid i mean you shoud not be able access it without pay it.

Bad architecture

that might be because they don't have a comment

give me a second then

weird, mine shows

it's local, as I don't have a domain setup right now

what box are you working on?

yayy (i barely remember anything from the last room)

ah, goad

ah yeah, give me a second then

just weird that it doesn't show

"net user comments" tldr?

me no do windows

only edits or creates

doesn't show

i mean wtf is a net user comment

you mean like the comments for an account?

those user comments?

yeah

got it

thank the lord tomorrow is friday

That's why you need to take notes. Congratz, btw

amen

redoing rooms after a bit can help a lot too

i'm as far away from windows as i can get so the phrase net user comments didn't land at first

Absolutely, freshing helps

not really

we get alarms on this

😄

in a SOC

we get alarms in the SOC every time someone runs net user

SOCs are overrated, just install mcaffee

Damn

yeah, I'll work on it tomorrow on why it doesn't work over evil-winrm

should maybe work for a local access to powershell

alrighty

Hello

👋

I did use that script

I used the script and made my own net user parser

Yeah, going to see tomorrow what causes this issue

https://www.tomsguide.com/computing/malware-adware/first-ever-ios-trojan-discovered-and-its-stealing-face-id-data-to-break-into-bank-accounts

so... it begins 🙂

didnt they also put a piracy app on their store

some piracy movie thing

There's been a few apps they've put on they're they had to pull back because a few were malicious

cries in the i am rich app being pulled

which was an app that costed 999.99 usd and gave you a red gem as a background on your iphone

Is it really the first IOS trojan

maybe not

could just be the first found one

yea tomshardware quality has been reduced

eh there have been more that were found

nearly top 400 :)

My friend's rank 399, time to kick him out of the top 400 >:)

eh no need for that

u got a great rank

404

Rank not found :)

the forbidden rank

just stay afk for a while and get 418

even better

teapot moment

Congratz!

Thanks thanks :)

403 , what a great rank

shadow has still not broken into the top 2k

neither but i am currently pausing active work on THM

reminds me I have to do TCM

well yeah have been playing a ton of dragonfable instead of doing tryhackme

i wish Go Lang and THM meshed haha

doesn't made sense

if THM had learning Go
then both learning happens at same time

ur learning Go/?

yea, i tried Rust but did not like

yeah veggies is messing around programming in go

you probably won't get any points on tryhackme for it but you could make rooms on tryhackme that are related to golang

eh u will like Go

great language

yea, that is the plan!

my room will take awhile to get approved, so if you see Hashcat Playground, i made that

simplicity & sppeed

Go is cool

well shadow will know before most people as it will drop in room testing channels

yea, that's right, you test rooms for any shadows

and as you are in this discord you will be added to the thread for your room to take feedback and patches from us room testers

lovely

⬆️ quite sure shadow is allowed to state this for how the testing phase works

would otherwise also be possible to learn it from releasing multiple rooms or asking other room creators

i gave invite to 2 people, only 1 tested it

think vain gave cheesectf invite to 2 random people too

or well friends of vain

i tested that room, did not get far

not a very good red teamer

t minus 3 days

t minus 3 days for ?

pay day for shadow and finalising the dragonbox pyra order

🐉 in a 📦

sounds like a CVE

it is a mini pc running debian arm linux

and shadow preordered it in 2016

⚠️ there may be a 🐉 within this 📦

a child in the world named Debbie/Debra needs to have Arm as middle / last name

friends would say, Deb Arm uses Linux

@blazing granite yo, you on?

The nostalgia of playing DragonFable. It's such a good game

indeed

and it still gets updates

here

and amazingly diverse challenge endgame fights

Too late. I ordered a pinot noir with a lean brisket

Yes indeed! I haven't played in a few years thou so probably there's alot that's been added

yeah you have quite a lot of story to catch up on then

which is the best part in shadows opinion

Discord is drunk

sadly one of the lead devs got sick in covid this week so probably slow release or not very big release this week

Is there a Hashcat version for Mac so I can use my actual machine to crack hashes in CTFs ?

If it's lean it's not a bad choice

@boreal scarab I answered the second I saw the msg I wasn't paying attention to discord 😂

it has a homebrew install options so probably

not sure if that is only for the intel based macs or if that includes the m1-m3 series

if that fails look at this file: https://github.com/hashcat/hashcat/blob/master/BUILD.md

Tsk tsk tsk

you telling shadow a gar licked this bread??

I had to look up what homebrew is, its basically what apt install on linux is right?

@blazing granite My personal sommelier should be by their phone 24/7 for all my requests!

/j

yeah but you run it as brew something something what to install

it is used a ton by developers on mac systems

okay nice

will let you install tmux and vim or neovim too

for a convenience price he can be /j 😂

https://tenor.com/view/kim-kardashian-money-cash-make-it-rain-make-that-money-gif-6509116106792146073

oh noes they nuked the wrong server

@blazing granite

Finally got to the top 400, wew

knocked my friend @rough gorge out of the top 400 by 3 points haha

I saw him sitting at 399 and had to do it :>

https://tenor.com/view/its-melting-in-my-mouth-the-great-canadian-baking-show-gcbs-thawing-in-my-mouth-its-so-delicious-gif-21139059

Yes! It'll be fun to catch up and binge the story as much as I can

would be a shame if you lost that streak

It would be, I've kept it up for a while

whats your goal

Getting a job

but basically everything is full-time, and I can't really do that while in high school

mornings

kinda blegh

and heading to sleep in about 1-2 hours

What's y'alls opinions on this Artix rice, is it looking good?

Could anyone tell me how I got about getting started on the website in terms of which module I should start on?

@keen depot I'm just getting started I've doing the coursera certificate so still fairly new to this

Sounds good thank you

to add onto what weary said

#start-here

wait nvm it doesnt tell you the path you should take

but it tells you good info tho

Guys is it worth it spending a lot of money on a macbook pro for studying cyber security? or should i just go for the cheapest macbook air?

i think any computer is good with cybersecurity but ram is the main thing you want to be looking at

Everyone here will typically tell you, you can essentially hack off a potato and still get away with it

yeah

all you need is linux and vms and basically your set

well vms has linux but yk what i mean

macbook air is half the price but it has 8gb ram

im guessing your sticking to apple?

Though 8Gb RAM min/16Gb recommended for the sake of how many tabs you might have open, and a 4-core 2ghz CPU would be great for long password lists if you're using something like a brute-force pass-cracker or hydra/an automated webcrawler with a bunch of threads

I bought an M2 Air for University and it holds up to the amount I paid.
But, I also have a tower so everything I can't do on the Mac I do on my Tower

i think so yea

For Cyber, MacOS is terrible and M chips make everything super long winded and horrible

Especially with the no ARM support

whats your guys opinions of lenovas

shadow only used mac back in year 6-8 of school

Cheap, last long and are good for on the go hacking machines

so long ago

facts i think there pretty good

should i get a windows laptop then?

Does anyone have any guidance on linking my THM to discord? Ty :)

i dont need to game on it, i just need a laptop for tryhackme and studying in general

🤟

then a macs good if your sticking to apple

Just do like me and put Ubuntu on your mac

My macs also past its end of support date (10 years) so not much choice for me

I love both but the Macbook Pro is too expensive

idk who it was but i remember someone converted a crome book to linux?

is that even possible?

Why wouldn’t it be?

I never owned a chrome book so honestly don’t know

Nah don't do that

If you don't want to use MacOS, don't buy a Macbook.
And if you're doing CTFs or whatever, do it in a VM.

I once used Chrome OS, it gave me nightmares, felt I was trapped inside a chrome browser with not possible escape 😂

We got spooked by a Chromebook user which we were unable to support at work today actually lol.

It’s literally based on Gentoo Linux base, and the Android subsystem is a framework and not the core OS

Not all Chromebooks (especially very old) support running Android apps at all

Why wouldn’t it handle another flavour of Linux tho?

Apt over brew

They’re locked down in ways that make it more difficult than standard x86 machines, or are just ARM. You can do more free Linux setups but they’re typically using ChromeOS developer tooling

They’re pretty much the same tbf

Except for some things such as PIM

Being forced to keep chess is annoying

MacOS is quite a bit more limited in tooling than a typical FreeBSD or Linux install. Yes Homebrew has a lot but you’ll practically need to ssh into a real Linux box to get a lot done pentesting wise

Hey all, I have an idea. I want to create a script that automates some commands over SSH. I was thinking of doing it in C, since I'm using it for a course at university and some practice would be good, but I was wondering if bash or python would be better. What would you guys use?

Also I'm kinda a trash C programmer 😛

For automating commands on what kind of system?

I do use a Mac Mini as a side computer in work from home setup, mostly for *nix stuff indeed… including sshing into my real pentesting infra lol

Linux for now

Dobby keeps the game or Dobby gets the spray bottle again

Python is highly used in infosec, and bash is invaluable knowledge. Doing what you describe in C is for sure doable but just why?

Id go with bash

Yeah I’d agree

Why over complicate?

I need the practice tbh, I'm learning about C in university so I thought some practice would be good

Problem is, I don't know bash at all

And I'm already learning 3 languages in uni so I'm hesitant to jump into a 4th

Nothing wrong with that either, whatever works for you as long as you have some Linux around. Personally I main Linux but fair I use all three main OSes every day

Can you recommend a laptop I should get? I was thinking about a Macbook but the price is crazy

imho that’s the best way, just be well rounded and know how to do what you need in any OS put in front of you

I can’t easily without knowing your desires. My laptops these days have a gaming focus and may not be viable for you

and expensive lol

I game on a console so I just need a laptop for studying/pentesting

Even still, I'd recommend getting a good laptop even if it's a gaming one

You kinda want one that will last you 8 years

I’d used to say something like a Dell XPS but those have gotten weird with “invisble track pad” and touch function keys. Just shop around for best ultrabooks

likely fit the bill but yeah you do want to make sure you have proper CPU and RAM long term. Upgradability is great but depends on how “ultrabook” you go lol

I’ve never had a laptop without a pipe key, it’s kind of essential for backslash alone, but idk your keyboard region

As a pen tester bash has been invaluable, more than other languages

Power shells a close second

But depends what you do if

I’m en-US so Pipe and \ are basically a given, even on this iPad physical keyboard I’m typing on

Heya Ellie, bought katamari damaci reroll

got it for a great deal

1$

I'm planning to be a software engineer tbh, not in the cybersec field

While it is fun I'm paying £9k a year for a CS degree!!

Oh then it’s probably less relevant for you

Ryzen 7, 32GB RAM

Is that okay?

My new laptop however doesn’t have a Print Screen key and that’s my biggest complaint lol. Yes Win+Shift+S exists (and I use that mapping in Linux as well) but not the same

Same, at first it was daunting but now I struggle to leave the safety of a shell

Which Ryzen 7, but yes most likely especially on RAM

Are you also a tester?

yes the macbook pro i wanted was twice as expensive and had 16gb ram

*annoyed at how many laptops butcher the sysrq key

Fair

the sysrq key is magical when used correctly

Bash is handy as its everywhere, such as embedded systems are usually based on a type of bash

lol I’ve had more than a couple without that, but fair I rarely had a need for it. Always fun when it did come up

Yeah I see that bash and PS is very handy

Must learns for IT/infosec indeed

yeah normally you will not need the sysrq key... but when you actually need it it is an amazing life saver

bash scripting is pretty easy, honestly Powershell isn’t hard but learning the syntax is a bit more insane

may be a stupid question but I have never heard of the sysrq key before

But I primarily work with Java and Python, with experience in C, PHP, JS and a few others

what does it do

https://en.wikipedia.org/wiki/Magic_SysRq_key

this is the most common use for it nowadays

for legacy uses see this: https://en.wikipedia.org/wiki/System_request

This is more a complaint about Powershell writ large (documentation as code) but would you rather:

md5sum or Get-FileHash <file path> -Algorithm MD5

I do THM only because it takes me hours to complete 1 room, what's a VPS ?

Far from the most extreme example but it is interesting to think about

Virtual Private Server

I use a VPS for my THM stuff

What would I use it for?

THM isn’t a huge risk but I don’t want a machine on my local networked VPNed into THM

(personally)

You can use a VPS as your attacker machine and baby steps to C2 infrastructure

You can then use methods like SSH tunneling HTTPS or RDP traffic to your local machine when you need it for THM

I just learned about port forwarding so Ill probably wait a little before getting a vps subscription

still learning the basics

Yeah if you don’t know why or if you want it, best to wait

Also persistent infrastructure and filesystem that’s retained on your machine unlike Attackbox (and has internet connection)

That’s fair, but yeah my VPS doesn’t set me back too much. Although I likely over-specced it for my needs

I was more sane with the VPSes I deployed at work

I'll try python for my project

I've been meaning to learn argparse anyway

But a Kali VM gives you a lot of the same benifits

main thing with a VPS is you have some infra outside of your home network dedicated to pentesting/attacker machine

Just don’t mix it with work if you end up in IT/infosec. Make work provide infra

Black Hat Python from No Starch Press is also quite a good read

I'll give it a look, thanks for the recommendation 🙂

Gave +1 Rep to @sinful moon (current: #38 - 185)

No problem, I’ve been flipping through it and learning tons about interacting with sockets and more via Python… and then seeing how similar interacting with sockets was in other languages

Let me know if this laptop is a good idea or not please

Acer Swift X

Ryzen 7 7840HS(3.8/5.1GHz 8 cores/16 threads)

RTX 4050 - 6GB

32 RAM

16" OLED Display

Hah but at least these are monthly vs AWS run amok with scale

depends on the price

Read tons of reviews first

1657 EUR

1784 USD

Over priced

I’m more partial to Asus than Acer though so I’m not as familiar with their lineup

Okay

Yeah that’s about what my proper gaming laptop from Asus was

You can get it for like 1.2-3k$ for the same specs new

So indeed a bit much for ultra book 4060

don't you have a 3070 ti?

No Ti, but otherwise correct

Hmm then my laptop's better than yours.

Youre right it was expensive because of the OLED display which i dont need

I got the 3070 TI

gaminglaptop.deals

It was around $1,600 but directly competes with Razor blade which breaks $2,400 regularly

its made by a youtuber

usually a lotta good deals listed there

Congrats you bought your laptop a single year after I did lol

Really this stuff is marginal, doesn’t make sense to upgrade for years

got me about 1,700$ with taxes

Yea, next upgrade of mine probably gonna be a PC

but saving up nearly 10k$ for it

You mean a desktop?

1.4k$ done

Yea, semantics

all laptops I found with Ryzen 7 and 32GB RAM come with a good GPU

I would for sure recommend building a desktop, but not viable for my current situation and job

Eh not viable for me also atm due to family

But just saving up

Only spot I have for a desktop is work from home office which you bet I don’t step foot into after work lol

I miss bringing my laptop to different rooms/places, im bored of sitting in 1 place

You do have a server

a beefy one at that

Yes in work from home office lol

I access that remotely because, lol, it’s a server

ye

My old self built desktop is in there as well but I haven’t used it in a year and a half at least

also I got 2 great deals today, Portal for 0.5$ and Katamari Damari reroll for 1$

Is the M3 CPU on the new macbooks really that good or is Apple just extremely overpriced?

the ryzen 7 laptops im checking out right now are half the price

Awesome!

Apple is overpriced

Don't go for apple

import argparse


def get_args():
    parser = argparse.ArgumentParser()
    parser.add_argument("ip", help="IP Address for the system", required=True)
    parser.add_argument("-u", "--username", help="Username for the system to SSH into.")
    parser.add_argument("-p", "--password", help="Password for the system to SSH into.")
    args = parser.parse_args()

    if args.ip is None:
        parser.error("Please provide an IP address.")
    if args.username is None:
        parser.error("Please provide a username.")
    if args.password is None:
        parser.error("Please provide a password.")

    return args

Alright, decent start!

@rapid merlin mind if I dm you with some laptop buying advise

Also Apple silicon will dramatically limit your ability to do x86 stuff like most VMs or easily running Linux natively, despite Ashai Linux coming along well

please do

An apple silicon is a glorified android

Change my mind 😉

im new here lmao so how do i hack i want to help people

No need lol, I have a very limited use case for mine. Like lol sshing into my real Linux machines

And just typical office work with some light *nix on the side

But lol I just got a Mac Mini for fun and curiosity, in that respect it was a better experiment than expected. But these things are cheap

True, I use my x86 Mac for uni and coding (even though it can't run Visual Studio) and it works great

They're not terrible

Yeah it’s just my quick portal into slightly more *nix friendly world as my third monitor, while I’ve got remote Windows Server up on my other two monitors at work

Also Ellie question, Portal with RTX or without

Without for your first time, besides your 3070ti will cry

Isn't it a 10 year old gam

e

Yes play the original game

My laptop was crying yesterday
movie + music + 2 browsers + docker (2 containers running) + game

game was sunset overdrive on max settings

Uh only 16GB RAM?

yup

That’ll do it

when i closed 1 browser got 20 fps more

but still was playing at 80 fps stable with everything

I am also unfortunately stuck with 16GB due to half of it being soldered in, could only max to uneven 24GB. My last laptop I upgraded to 32GB (despite not listed as supported by OEM, but sure worked)

Part of why I have a server with 256GB of RAM to offload things to lol

┌──(kali㉿kali)-[~/CustomScripts]
└─$ python linuxForensicsCheatsheet.py 10.10.97.6 -u root -p password
Connection succeeded!
Connection closed.

https://tenor.com/view/frankenstein-its-alive-gif-10618052

Good stuff!

you can upgrade it to 48 I think

atleast on my model

the 16 gig will remain in

but u can add a second card with 32 gig's

Most of the hard python stuff is now out of the way

With DDR4 it’s less ideal to not have the same sizes than DDR3

meep moop time for sleepity sloopity sleep sloops while the beepity beep boopity boops goes in the background

Now it's just about how to run commands via python

G’Night Shadow!

noight

beep boopity bye

eh its DDR5

Same sorta concepts

You’ll loose some efficiency once you pass 16GB since it’s not easily able to live on the other DIMM as well

Eh haven't upgraded yet

its on a wishlist if I win the lottery

If gaming is your main concern, skip it. If desktop is bigger concern sure, but may still be odd

Buuut you could buy a super computer

No you can’t even with lottery kind of money

My priority list really.
Open ear headset (THe ones with air passthrough)
7.1 Surround sound system.
Top End pc but full AMD and 128 gigs of ram

and a server

and a monitor

Some lottery’s go up to a billion except tax

Guys, you don't need to win the lottery

You're only 36 hands of blackjack away from becoming a billionaire

Should I sacrifice performance and get a laptop with a 4K Display

Or get a powerful laptop with a disgusting 1080p display 🤔

Go for a 2k display to assert dominance

Idk if we can help you Rixon

It’s all preference tbh

1440p is the best way

Unless lol you live in 2000 and 1Ghz is making mags go “It’s a FREAKING SUPERCOMPUTER in a single chip”

I love my 1440p monitor

Gotta love streeet legal

Sounds legit to me

Bouta buy one

We’re talking 1000Mhz, aw yea!

Wish me luck hall

Bruh I hate autocorrect

Who's hall 😉

Although if I think about it I may have seen a thingy like that in a flea market

lol still beats my 800Mhz Pentium III retro machine. The 1Ghz slot 1 PIIIs are stupidly expensive

Hey hall

https://tenor.com/view/scott-the-woz-sonic2-now-thats-funny-gif-24121538

Uhm shouldn't it have gotten cheaper

I dont but 1080p display is pretty bad

I jumped from a 386 to a Pentium MMX it felt I got a NASA supercomputer in my room 😂

well... if you play games on CRT... don't complain 1080p =/

Ellie u were right

No it’s uncommon vs socket 370 variants, and very saught after even today

I gotchu buy one of this puppy’s

Portal with RTX has some high system requirements

Like INSANELY HIGH

I'm literally getting distracted by pretty colours on my terminal

print(Fore.GREEN + "Connection succeeded!")

Higher than Cyberpunk 2077

Yeah don’t bother since you’ll likely play at 30fps for your first time

Just do normal Portal

Eh but I like shiny stuff

Gonna benchmark them myself

And much easier than color escape codes in bash at that!

do some math to see what's the better scientifice choice

colorama?

I was so happy to see it was so simple

yuup

nice

wanna know a secret to make it easier

green = Fore.GREEN

Hmmm

Maybe

then you can do py print(green + "Connection succeeded!")

Eh close enough, I got this

That's true

a lil prettier

Damn it meant to reply to the super computer one lol

eh its still lower specs

We need that super computer

lol that was not going on the wood floor

HAVE SOME FAITH ARTHUR

sure no room for a rack atm, so quieter tower server was perfect for messy home office corner there

Bloody 'ell Tommy

Is it bad my cpu is at 186 degrees

Ferenheit?

Yes

Follow the daymn plan

Was about to say

Should I cook a egg on it

People typically measure tech specs in Celcius even in the US

Yee

two eggs

@sinful moon here is one vid of engraving. real time was around 47 min
https://www.youtube.com/watch?v=-ZlDy7x8wmE

should be around 70's

Arfur follow the plan

99°C is typically max

We can escape to Tahiti then

Before severe throttling

What type do you like. Runny or scrambled

its more at 99*C

Okay first stumbling block: I ran the command ls -l and nothing is there, now what
client.exec_command("ls -l")

60-80 is about ideal under load, above 90 is potentially thermal throttling unless AMD or designed for such. 100c is indeed danger sone

the censor is broken

https://tenor.com/view/danger-zone-gif-6160128

my laptop's usually around 75

I'm sorry for the gif span I can't help myself

😡😡😡

Wrong meme for that

How dare you

I think mine usually stays at 50°C

It was degrees F

75 in iddle ?

https://tenor.com/view/im-ready-lets-go-lets-do-this-prepared-helmet-gif-14804916513894161995

Left it in the sun

While gaming

65 while idle

True dat

ah.. thats ok

Yeah 75 under load is sane

especially in these laptops

wait its 75 atm

I burned myself on one of my work machines

ain't gaming but got firefox, chrome, plexamp, plex, task manager, armory crate, cpuz open atm

btw gtg

Did it feel like the sun

brb 1 hour

Guess you can say money is too

Yeah, it was pretty damn hot

Also if that is Armory Crate, try G-Helper, the minimal replacement

Magic

I’ll just say things like gaming laptops become sensible if you have the income and legit need for it

3d printer nozzle is 220C... and touch that is painful as hell

┌──(kali㉿kali)-[~/CustomScripts]
└─$ python linuxForensicsCheatsheet.py 10.10.97.6 -u root -p password
Connection succeeded!
Output: root

Connection closed.

We are so in boys

If not, yes always build your own desktop

I'm gonna say it

I'm in.

Just touching a hot glue gun nozzle

yea

Gave myself a bad blister

I was working with hot glue and the glue stuck to my skin

if you know what white phosphorus is. that thing if you get on skin.. you have rly bad day

Used in some weapons. Horrible stuff

My gaming laptop, 2021 Asus Zephyrs G15. Best of both worlds, 3070

yep... quite bad stuff

“Banned” weapons of course

Plenty of thin and light while also have like 12 Ryzen 6 cores and dat mobile 3070. More than enough for my needs beyond the RAM. However they’re getting even more ultrabook with some of these gaming laptops these days

Oooh

Looks nice

Yeah competes directly with the Razor Blade line but undercuts by a good $1,000

British "smoke" grenades used it too

But was it used against people? Or just for smoke

Yeah, the 2024 go even slimmer, but I need to see more legit rather than launch previews to know if they’re decent for real

Not sure tbh

Cus ik white phosphorus creates a very thick white smoke

It's very good for that

it was used in ww1 and ww2. and now is banned in general. i have it in lab and we also need to have special papers to have it

Also infamous part of Spec Ops: The Line

Mfw my mate brings out an old army smoke grenade in airsoft

for sure straight up chemical weapon that is banned under Geneva convention

Made your own ssh?

Just a script which automates ssh atm

Yeah nowadays they use magnesium. Still burns but is a very gray area

I used paramiko for the ssh connection, argparse for the parses and colorama for pretty colours

But sounds like they’re building it out for security checks

It's a glorified script

Sounds cool

Mostly for the Disgruntled room

Slim computers are always so nice

It's fairly decent, I'm following this guide they gave me to create it

it can be used in smoke and so things. if content is extra low. aside that. if you have it might be best to call police and so

Until this computer is wasn’t aware you could do both slim and gaming well in one package, but very little complaints with this laptop

I was only kidding 😅