#general

nice

thanks for the help guys

i would say play around for a month see how it goes then you can think about it

Then make your decision

starting this night

Have fun

😎

im sure u will be an advanced persistent threat someday

Goodluck:)))

I'll do this just to learn something new, as I dont persue cyber security as my career

but it sounds super cool and I need to test my servers 😄

okay ! it will be handy goodluck again

😎

THM NEEDS TO ADD PAYMENT METHOD IN RUSSIA , ESPECIALLY AFTER SANCTIONS

and they need to add regional pricing 😭

haha

regional pricing in difficult to enforce and even more difficult to maintain profitability with, unfortunately

yeah thats true

thats why, discord got rid of it this month 😭

whats the discord token for?

on your thm profile?

To verify here.

enter /verify {token} anywhere

nice 😎

https://tenor.com/view/night-at-the-museum-ben-stiller-you-give-me-gum-gum-dum-dum-yes-gif-4927387

good movie

https://tenor.com/view/dum-dum-dumb-dumb-moai-moyai-greycity-gif-9397592557777937503

Oh I love the movie

Monkey time

not really

https://tenor.com/view/slap-night-at-the-museum-gif-21374689

is there any way to get black theme for the web page?

What is going on here

for now there is no offical dark thm theme. you cna use dark reader

for now is crazy

shouldve been the first thing they implemeted tbh

yea

ik shadow doesnt mind

lmao

if so there should have also been the option between light and dark themes to help the visualy impaired as then contrast is important

facts

just my opinion but i feel like people who makes the websites should also take into consideration the people who are visualy impaired too. very few websites that actully do that

yeah and it meeping sucks

then again shadow is not 100% sure how the visual impairment tools and helps work for websites and stuff

shadow has more experience with how hearing loss and deafness works

can i change my country in tryhackme ?

well yes

how

where

#site-support message

Hey there!
With our new API changes, our "update-timezone" URL has been moved.

To update the timezone/ country flag on your account to your current location, disable any incognito browser sessions/ VPN connections and click this link:

https://tryhackme.com/api/user/update-timezone

You do not see anything happen, but it should take you straight to your dashboard -- this means it has worked. If you receive a 404 error, your page hangs or there are any other errors, please ping me with a screenshot of your issue:)

Thanks and Happy Hacking

@rapid merlin ⬆️

i mean country

does also change country

yeah that changes what country it thinks you are from

be sure your ip says you are in the right country for it to work

so if i'm in the USA ill use VPN to change into UK

right

yeah if you use a vpn that makes your ip look like you are from the uk it will change your country to uk

yeah thanks

mind if i ask why?

to me?

yes

i was curious

stay curious

xd

what do i get in the end

some certificates?

for completing a room?

or a path

but yes

rooms have certificates

xd

i mean paths

the certificates from completing tryhackme paths have very little value for job searching if that is what you mean
make sure your full name variable is set on your profile or it will use your username instead for the certs
also some rooms give badges

badges* you mean

ig

well badges too

well the advent of cyber rooms have certificates

yeah but it got functionality as certificates

tbh the certificates dont matter

just a cool lil thing

to show you completed it

which makes shadows slowness in completing all the paths annoying

im doing the soc 1 path right now

and im having a blast

tho for one of the tasks its making me sign up for phish tools to use there tool.

shadow was doing offensive security

i dont really wanna sign up for it

then they got distracted by intro to docker

and all the room testing

oo

is it fun

to be 100% accurate you never need phish tool for any of the tasks on that path as far as shadow has seen

ight

gophish

go fish is such a fun card game

but something strange is going on

as you are finding the kings and queens and guards in the water

someone entertain me

completly forgot how to play go fish

uno

https://tenor.com/view/nervous-laugh-smile-anxious-jester-super-bowl-gif-16197383

let me get my joker fit on r

q

anyways it is 02:03 in sweden so shadows is gonna go meep moop to the beepity boopity beep boop for sleep sloops

I use PhishTool all the time to ingest phishing emails that are submitted to us outside of our normal phishing reporting system.

I can not recommend PhishTool enough and use it nearly daily at work

sweden isn't real change my mind

phishtool is very convenient

Seen so many that appear to be Gmail sender but actually spoofing that with *.onmicrosoft.com sender

First glance would tell you to block the Gmail sender but nah, that's what they're counting on

well if you only count sweden or only count finlands populations we amass to around 1-2% of the world population meaning we are a potential error margin

It's pretty brutal for 2023 Tax Return phishing, them pretending to be a normie on Gmail, targeted at CPAs

Gotta love the client I'm thinking of, they are more than aware of these threats and even report suspicious but False Positive emails with "This is one of our clients, but..."

lol to the random client they had trying to send a direct link to their 1099 that only they could view via their account on the linked .gov website. Email was titled "I found this online" 🙃

bruh is there a way to stop gifs at a certain frame. i cant see what they are doing because the gif changes so fast

Not as far as I'm aware unless it's a built in feature of the site. You could do that with Flash but lol

might just take a screenshot

Could always bring it into Photoshop or something and break it down frame by frame

hey @sinful moon

Heya!

found a good role for ya

lolol

We were considering a solution on a call with the boss today and he cursed when he was it was bought out by Kaseya... just like another long time product we use

saw a few places adding escape clauses into their contracts with certain vendors just in case they get acqed

Guessing by the hatred in that message, Kaseya is bad?

btw you may enjoy to hear we're full steam ahead with new RMM and moved foward with a contract

Look up their security track record

nah they're lovely

nowhere better

Right up there with SolarWinds, indeed lol

ah solarwinds123, only the best passwords

@boreal scarab if you want an idea... r/msp post

it's a recurring theme for them, not one off

https://www.npr.org/2021/07/05/1013117515/scale-details-of-massive-kaseya-ransomware-attack-emerge

btw if you all have any Exchange servers left, they need to be patched for actively exploited NTLM relay. An exclamation mark bypasses former protections.

Exhange 2019 CU14 enables Extended Proteciton by default which protects against this. Exchange 2016 didn't get a SU but needs Extended Proteciton to mitigate this as well

they're known for two things -- buying up everything they can, and then turning it into shit while (literally) stealing from you for months

i assume this is the big one from revil

the big supply chain comp

We were not happy when they bought up one of our solutions, well after this whole security kerfluffle

i wonder what ever happened to kaseya katie

lol was that a mascott of sorts?

Ah reddit user and more

nah she was always on the msp sub and when people would complain she'd pop up like hey dm me and we'll get it fixed

Active as of one month ago

reddit PR person

yup that's her

Yep makes sense

It is kinda insane how many vendors are lurking on /r/msp and soemtimes /r/sysadmin

Surprised almost that I haven't seen them duke it out. Typically they monopolize a thread with their solution... tastefully in most cases

always REvil bruh

That's REALLY fucked up

oh wait lol was that the joke to this

Yeah we have one vendor who's like radio silent on persistant billing issues, very frustrating but I'm glad I just get to focus on the tech and not the business side

hullo

I don't want to name and shame for security reasons but yeah

Heya AIO

how is that the biggest

imagine signing a 3yr with a new vendor and the very next month they get acqed by kaseya

Ellie I need you to help me select a insane movie for today, fast paced

This and SolarWinds were massive massive issues. Kesya just disporportinately impacted MSPs vs huge firms

Rather pay the fine to breach the contract then be with them

Thinking John WIck, Inglorious basterds, Kingsman,

Why breach 50 companies when you can breach the one company that manages IT for them all, sorta thing

Something along those lines

Kives Out if you've seen the above

yeah the solarwinds hack was huge

maybe not fast paced enough but good vibes

it effected so many organizations

Have already

I guess I don't watch too many modern action movies. I'd recommend the original Die Hard or the original Total Recall

Both will vibe well with you given you enjoyed RoboCop

yeah go for that hmem those are always good. total recall is a great comfy one

Die Hard done in april

might give total recall a try

Great then no hesitation on early 90s Total Recall

fast paced, scifi, twists and good fun

or something underrated but not realy fast would be Outland scifi crime with that james bond guy

hm

Congrats on rank up btw AceS!

thanks

working my way up

or maybe strange days

Outland would be the one with Sean Connery. Strange Days has no James Bond cast that I can see.

Not familiar with either though, so thanks for bringing them up!

That being said, you'll be in for a treat AIO. The 4K remaster for Total Recall is pretty great

no not in strange days.. buts its.. like an scifi dystopian cyberpunk like thriller movie just a bit old

i kinda like it

lol I sure don't mind old, more of a concern for AIO. But he's making progress in those regards

has he seen conan?

some of my fave movies date back to silent film c:

Nope

Neither have I really, but that's supposed to be shlocky fun indeed, but not great lol

I think I watched a YT video about the produciton

hmem i liked metropolis i love old scifi and horror black and white stuff its comfy, blanket a storm outside

Honestly I like The Cabinet of Dr. Caligari even more than Metropolis as amazing as that movie is

First twist ending, first use of a framing device for the narrative in film, etc

plenty innovative as well

have not seen that one but its supposed to be good. It all started one night in my room secretly watching tv and ther was that crazy movie the maltese falcon XD

Jumping foward two decades, yeah The Maltese Falcon is one of my all time faves for sure

I'm big into Film Noir which is half of what went into my modern username lol

yeah those are great

btw the 4K remaster for Maltese Falcon is stunning

Yes HDR makes a difference even for black and white movies lol

hm okey uh uh the big sleep is the other realy good one

is kinda ironic we have amazing remasters of movies up until about 00s when we had low res digital cameras, until about 2012ish when they started mastering above 2K

there is just something special to it how they use light and shadows back then

Chinatown is amazing for being slightly more neo-noir, same with LA Confidential.

Casablanca I unofficially count as Film Noir and obvs one of my faves. There's tons more I'm forgetting but plenty of great ones from back in the day as well

Chinatown yes good one

But indeed it's kinda hard to go wrong with a decent classic movie with Humphry Bogart

you cant top them

Mhmm, probably my fave classic film actor of all time

ewww tehy made a new marlowe movie... did not like it

Yeah there were several attempts since the rights to those books were shopped around everywhere, very incosinstant as a result

better the old sherlock holmes ones with uh basil rasbone or what his name was

Hah haven't seen that, just read the books

uh you would like them

you should check out strange day to

Yeah I'll just have to track down which of the umpteenth Sherlock Holmes movies there are in history

and indeed, I may have to along with Outland!

sherlock holmes basil rathbone full movies its on the tube

just copy and paste

not really film noir, it's a post-war spy movie

Indeed, part of why I said I just consider it as such. Most deffinetly not but fits many of the cinemtography vibes of Film Noir and happens to still feature Humphry Bogart

the 1974 one? not realy spy stuff more conspiracy and murder

that's mostly because it's bogart in black and white

half the cast is a current/former spy in morocco

They use same dramatic use of lighting as Film Noir, but fair those were used plenty in black and white films of the era. I just vividly remember the moody scenes in his apartment which mirror a lot of the same visual cues

hell, mallory from archer implies very strongly that she's the inspiration for the ingrid bergman character

lol, makes sense

as an aside, I really appreciate the well done computing easter eggs they leave in Archer

computing easter eggs?

in archer?

Yeah not only have they hidden ARGs, first actived just by watching and spotting something odd, but have kept legit linux commands on terminals and more

ARG?

and yeah normally not sober when that's on soo 🤷‍♂️

Augmented Relaity Game, where a clue can lead you to an entire puzzle of subsiquent clues, usually across the internet

Major spoilers for the ARG here: https://www.reddit.com/r/ArcherFX/comments/30yre4/archer_super_easter_egg_hunt_arg_writeup_and/

typically does involve cyphers and other fun infosec stuff. Similar to what Gravity Falls was known to do in each episode

ngl haven't watched it much since it was moved to fxx

I don't understand why anyone would opt for a silent movie except Mr bean

got eh

wait was archer canceled?

it looks like it was canceled Aug 30th

Because that's all tech could do in the year 1920 when this film was released.

And it's still a great film despite the technical limitations

isn't there a modern remake of the cabinet of dr calagari

it's called Shutter Island No not really at all

Shutter Island just rips off some ideas, but that its self is based on a book iirc

Heya!

You don't need modern remakes of classic films. Most of them are completely awful

Watched it but don't remember it

lol for the best, it's a so so movie

and spoilers for Dr. Calagari: ||yeah it did this same twist 90 years ealier better, again in the first ever twist ending in film history||

@sinful moon I should watch the 2012 version right?

Indeed, I’ve not read the book for Shutter Island despite my thumbs up above but heard great things. It’s on my radar

of total recall

No lol

Different worse movie

Just kidding, knew u would react that way

Tying into what I was saying lol

Fair but lol it’s almost always the case

Eh gonna watch the 1990 one

Mhmm fantastic movie, good fun

At least with this the story it’s based on is like 15 pages so no reading the book first there

I will

"We Can Remember it for you Wholesale" and "Shutter Island" respectively for those two messages lol

heh. nice.

Nah Philip K Dick is an all time classic. I'm more partial to the golden age trilogy of Asimov, Clarke, and Henlein though

Philip K Dick is really hit or miss for me, really love some of his, am "wut" about others

But he's been adapted into movies probably more than the other three combined

Sorry PKD, but Blade Runner is better than "Do Androids Dream of Electric Sheep"

Thankfully he was pleased at test screenings just prior to him passing away

totaly

I have not, I'm all about the scifi literature classics but been burned a couple times by modern SciFi such as The Expanse which is a big meh

I'll have to put it on the radar

Also Ellie I need advise on a topic, I finished sunset overdrive now to decide which one to finish next, both are on the second playthrough

neither

get Control

RDR2 about 40% completion

Play a new game, but how do you only have 33 hours in RDR2

Played it already

First time was on rockstar laucher

launcher*

bought it again on steam

Obvious from their avatar lol

you like portals?

lemme check rockstar playtime

Yeah you were talking about Portal yesterday

got i hated that launcer

meh play cyberpunk

play it

78 hours in

Portal Revolution just came out

Eh gonna finish a backlog first

was pretty good

What backlog? You're trying to replay games

i am scared to look at my playtime

Move onto your backlog lol

Yup I can't leave them on a half played same

save*

You beat the game though, it's totally unrealistic to 100% evey game

that's best for second playthroughs... years down the line, not immediately

425 hours

For RDR2?

Eh I enjoyed them a LOT

cyberpunk

DAYMN

how many playthroughs

cant remember

Ok I can probably do this

Ah fair, my Cyberpunk is only around 60 hours. my RDR is at 113.5 hours

i have seen all endings i am sure

RDR2 I had about 60 hours in on rockstar launcher on first playthrough

God the freaking Rockstar CAPTCHAS are insane

I too went through this process but it was dramatically different

same sorta ideas though

My first ending was the low honor one

i have not finished rdr2.. i got bored

I was just having fun

But this time its at like 60-70% honor atm

Thanks I'll keep it in mind!

in chapter 3 right now

Is it a single book

or a series

The story is well worth finishing, I'd go so far as to say it's a near masterpiece

really saying something after how awful the story in GTA V was

it was way to short

How is it too short if you haven't beaten it?

and you got the feeling of nothing was achived with gta

Oh GTA V? Yeah it was majorly lame

no i was talking about gta 5

Agreed for sure

I'm doing a replay of GTA IV and yeah even then, so much significantly better. Especially with the DLC

GTA V is empty, vapid, and so much more scripted mission wise

i hope the next one will be good

heck San Andreas had some of the most hard hitting social commentary out of the entire series

That is already on my radar indeed, thanks!

Giving that a mental +1 lol

Ok should I finish Alan wake's DLC's or play RDR2 or play Miles Morales

I need help

I can't decide

for sure, although all kinda killer soundtracts

Play a game you haven't played yet, like if you ahven't done Alan Wake's DLC

you're too early into your gaming history to obsessively replay things lol

eh but its fun

so are hundreds of other games you've not tried yet

currently replaying the half life franchise

Heck yeah

Half Life 25th anniversary update made that great

Can't recommend checking out Half Life series speedrunning enough if you're in the mood

but but but, I can't leave them on a half complete save

minor, but liked that they changed it back to the old valve logo too

Yeah the classic menu vs the modern Steam one was a fantastic change

mirrors the classic WON release much closer

I'm more focused on Half Life 2 speedrunning (lots of neat engine tricks), but this is a great video for HL1 speedrunning history. Not quite SummoningSalt level (famous WR history creator) but good content:

https://youtu.be/qqvKrhzQLYU

Ellie is Total recall supposed to be grainy as hell

yes as intended

like its crisp

but grainy

that's what film looks like c:

classico

turns out when you scan film at high res it looks like film lol

Purists like myself despise digital noise correction

if you've seen Terminator 2 in 4K then you know what I mean, worst offender

Everyone looks like plastic

too much smoothing

If it were up to you I bet you would probably play the film directly

it's all been smoothed so much that the texture of the actual video was degrated

Nah I'm happy with my 4K remasters, Terminator 2 is just total garbage as a remaster

yea i agree

Nice! Heck far before we even had these terms

To make you feel old, I was born around when T2 came out lol

the calculator or the computer

It's okay zoomers on Discord do this to me constantly

91 for me

iirc T2 is 91

My old "wut" was what do you mean Wii was your first console. But heck we're getting even younger now

Also pulp fiction

weird movie

interesting yet weird

No worries, I only latched onto the date due to proximity

if xbox live wasn't nuked i'd love to have a classic xbox and a 360 again

some good games on both that still can pass-ish graphically

heavy on the "ish" part of that tho

One of my emu dev friends made Enigma, a reversed implimentation of OG Xbox Live. You can use this to play OG Xbox online still

Erm let me get the right name of the project, it's similar

ping me w it when you get it i wanna know -- stepping away tho cause i need to run to 7/11

https://insignia.live/

that was quick

Yeah had to find the friend's name and confirm quick lol

only 33 online is surprising

He's lead dev of CXBX-Reloaded one of the two notable OG Xbox emulators

xqemu currently has better support but that's due to CXBX-Reloaded being an inhereted High Level Emulation project vs xqemu's more low level focus

lol I try, whatever that means tho c:

https://www.youtube.com/watch?v=DmvDgNAvdWM

i haven't seen that green dash in years

Yeah freanking lovely

iirc you can boot it in xqemu

Emulators that preserve the home screen of newer consoles are <3

MelonDS is another example, along with Dolphin (emulator)

Ellie could u remind me what iirc means?

iirc iirc

"If I Recall Correctly"

Oh k

aka I can't be asked to check, I'm just going from memory lol

ye

I usually just say ig

but eh iirc seems more accurate

that means you're guessing tho 😶

None taken at all, I just loled at others thinking it was wierd.

I knew what you meant lol

no offense intended
i'm offended

head hurts

they mean ig != iirc

yea i understood

I'm not guessing, I am recalling something I have experierience with lol

Yea just something to remember now

Also speaking of remasters

the best ones I have seen yet are 2001 and Alien

total recall doesn't go on the same level tho

Yep, and there's plenty more where that came from

also those were heavy film grain film remasters c:

yeah but I didn't mind those too much

Total Recall 4K is a fantastic remaster but sure doesn't go quite as hard, but is also shot on more modern film stock where the grain and more aren't as apperent despite your complaint

but total recalls bugging me a lot

You sure you got 4K master there? The Blu-rays I can't verify the quality on without checking

think so

Personally I was plesantly suprised by Total Recall's remaster, but I've seen the film for decades on other media

old person vs new person

Got a 4.5/5 star video quality review on Blu-ray.com:

Can't complain with that, we've massively expanded our blu-ray library staring in mid 2023 to nearly five bookshelfs full lol

And yes something something pipeline to Plex and Jellyfin which my country's laws allow for

wasn't it 2-4 before

Yes, it's expanded and getting insane lol

my SO is a bit addicted

I love films too and bought many but whew

Ouch lol, and yeah I remember our old DVD library back at my mom's which was also big but not anywhere near this extensive

i fracking hate cable management....

You don't own anything on Amazon Prime

also significant worse quality, lack of UHD or HDR for many films that have it, etc

what is that?

what it sounds like lol

managing how cables are routed between devices in a sane way

the thing that was invented to piss me off

at home we barely cable manage, at work yeah we cable manage to the extreme so it's very clean and tidy

you stick it in and it works

Yes, but that doesn't do in a business enviroment

yea... until you need find one that you need replace

sometimes it reaches out to you but it only wants to play

also think about cable management for racks

can you imagine poorly cable managed 24 port switch?

yeah i know its a mess here but at work its different

we like to use pink white and blue

Yeah at home idgaf, but at work we have to care... or at least I would if I wasn't 800 mile away remote worker lol

and on work things are more expensive to be fracked by poor cable management

Meanwhile server at home lol, just messy corner of home office with no real cable management, or rack because lol space

yeah... like that one time he said pack the server please... just turn it off and i did.. folowed by you did not just turn it off right..

he told me to

but hey sure has those dual redundant PSUs and NICs wired up, including lights out managent third ethernet

lol don't put both PSUs on the same battery backup if you're at home scale. It will drain it fast 🙃

i remember my firt 10 minutes before 5 call i always hide now 15 minutes before 5 XD

left alone no clue and nothing worky at the company that called...

I'm having a hard time parsing the above lol

@sinful moon nice that looks like one of the T440's i have to work on

Yep! Literally a T430 c:

so close enough

it's populated with second Xenon basically making it a T440 anyways

they left me alone in the office and one of the clients called 5 minutes before the end of the day.

Shoot, I mixed up generation vs feature set but you get me

Yeah not fun at all, indeed. Thankfully we have a couple layers of dispatch and help desk before I'm actually answering phones

from the others its what they do sometimes... like having someone do something but they know they are not ready for it and will break it just to see how you react

I never answer a phone or email 5 minute before the end of the day, suddenly I have an urge to go to the toilet 😂

hmem thats what i learned that day

What’s the point of having a home server

there are many reasons

Home lab, self hosting services, tons more

just to play with it having mutiple vms and little lab

cabels hang in backend =/

To put it simply in terms of our media library consider Plex/Jellyfin. We buy our media, ingest it, and host basically "our own Netflix" to watch it

same server can also be used for ripping and encoding, spinning up more encoding resources to scale with demand

And that's just a single use case

We use this server for far more than that

You got one of the most fire setups

lol screenshot of encoding VMs going burrr at high load

what are the colorful disks on the wall?

more setup = more cleaning... 3d printer makes my room looks like plastic garbage graveyard

Got the Kali and parrot open. Stacked up

TST logo

just kali

Oh wait yeah nvm

Another use case, why host Kali locally wen you have a server for VMs, and also potential targets to test at, all with nearly "unlimited" resources

Just saw the sign thing. What ever symbol that is

tst = the satanic temple

what can we learn here hm... pez, thingy member of an left hand path occult group, likes girls dresed in black, drinks german? bear, there is a fire hazard

I'll do you better, why have pentesting VPS with another service when I have THM and HTB attack box? Because it's persistent, my own infra, and doesn't touch my home network

bicicle playing deck maybe a bit into magic

It's a very minor concern and against THM and HTB TOS, but users could theoretically pivot to your machine via the target machine

Also Ellie how the heck did you transcode that huge library

This server lol

It takes too much time even with my rtx 3070 ti

I intend on doing so in the near future, currently buying parts to build my NAS/Virtualization Server

NVENC will be poor results vs CPU encoding. NVENC is more ideal for Streaming or non-archival kinda footage

And the more research I am doing into games it appears that I like PS3 style modern games the most

Prompt: Explain it to me like I am a baby

What do you use to ingest the media?

NVENC is Nvidia's GPU encoding/decoding pipeline. That's all I can add to that

PS3 style

Ok. understood it a lil

I've been told not to dig into this too deeply on this Discord before. But basically Blu-ray ripping

Oh, ok

thanks, haha

Your local laws will determine if this is kosher or not

There are no lawz on the internetz

hahaha

lol, and indeed at least I'm doing my part actually buying the media

Yeah, I intend to do this too

actually the halacha or Jewish law determinates if something is kosher or not 😉 😂

If you don't mind a quick DM, I can give you a complete answer @lime bobcat

And I've got a BUNCH ov VHS tapes to digitize too

lol sush you know what I mean

#nice

Has someone books for beginners?

One of the main ones it's called the Shulchan Aruj

https://tenor.com/view/shrimp-frying-pan-seafood-frying-shrimp-food-gif-21674480

discord just crashed on me

https://tenor.com/view/lobster-grill-grilled-lobster-butter-delicious-gif-10027044

love some good shellfish

i sent the first and then when i tried to send the second it just blew up, lol

discord crashes like once a day for me lately

hoie

weird, I haven't had a discord crash for 3 or 4 months even more

it showing blank while running maltego

hmm

same thing happening with other vm

any idea what going on

i asked for digitalocean to open port 25 for me idk how many years ago and the seem to have changed their policy back in 2022 or something to never do that anymore?

but apparently mine is still open

so yay

... i need a smoke...

How do people pen test WiFi. Like you can pen test your own but like what else?

the same way you do anything else, really

my guess is that it is because people do dumb things, and were running spam mail servers off the DO infra on low-value accounts. Rules exist because people can't act like respectful grownups

you get s signature that says "break my shit" and then you try to break their shit 🤷‍♂️

It's a bit more involved than that, but that's the absolutely highest level explanation that's still valid

oh i absolutely get it on the provider level --- ip rep is hard to repair

absolute pain in the ass

i hate it

that answer was more for those watching the chat than for you. you've been around IT long enough i think you understand most of the org reasoning

i'm just happy that i'm not affected 😂

i finally shut down my pop3 and smtp, management was getting to be more time than i wanted to spend.

on that note, sendgrid is one of the worst companies i''ve ever communicated with

tried to make a new account and i've been going back and forth for weeks cause they refuse to provide any information whatsoever as to what tf they want from me to set things up properly and they're just like nope screw you go away find somewhere else

eh, it's twilio now. they are messing with my authy clients, i don't like it

has twilio ever been pleasant to work with

i don't remember a time they were

been PoCing mailgun and not a huge fan lately

have had deliverability issues

was considering PoCing SES but i believe the pricing sucked

looking at postmark now

also i agree managing mail servers sucks now, absolutely not worth it
i just wanna be able to send myself email alerts for issues and job statuses and such

(so luckily no recipient stuffs)

that's one of my fallbacks but i don't wanna have to loop in unrelated services if i can avoid it

https://www.reddit.com/r/oddlyterrifying/comments/1asozqr/openai_just_announced_sora_their_first hm.

https://openai.com/sora ridiculous

uh

hu

am i supposed to see this

i assume that's from your computer / vm

( if so the answer would be yes )

no its not

its from the attack box

then also yeah that's fine

you're root on the attackbox aren't you

okey

or at least have sudo

i don't use the attackbox so can't remember

Legally?

Yeah pentest your own infra obvs

i guess i would get a second router and a pc make a DMZ put it there play around with it.. wep wpa wpa2 enterprise is kinda pricy

back in the day I just used my old WRT54G as a spare to setup vulnerable networks lol. Just use your old WiFi APs if you still have them

is there a cheap way to play around with radius

You can do so with custom firmware, but iirc RADIUS links into LDAP so you will need to have AD/Samba infra to account for that. But don't quote me on that, just my understanding

https://github.com/FreeRADIUS/freeradius-server

Even better c:

oh

so there are a lot of legal ways to play around knew it

i save that for later thanks.

Gave +1 Rep to @whole yew (current: #10 - 727)

your verbiage isn't quite right, elizabeth. LDAP is the protocol, so it's used on the wire to communicate between devices

Well I just found out my colleague is tightly wound. Got angry at me because I was using the sofa in the office.

you'd normally have a directory service that enables other services to check credentials and permissions with a central identity provider (FreeIPA, IdM, AD, Samba, etc)

time to grab the laptop and start working on the couch

@sinful moon followed ur advise and finished Alan Wake 1's DLC

never use a desk again

Heart rate was at 140~

Literally don't understand his issue. I can still see the CCTV. Just a different chair.

1 More Alan Wake DLC then I can uninstall Epic games launcher

I did mention LDAP, and potential providers of such. Curious where I went wrong there. But thank you as always for corrections!

Gave +1 Rep to @whole yew (current: #10 - 728)

What's your job?

the way you said it implied that LDAP is the identity provider, not the protocol used to access the identity provider

reminiscent of how grocery store employees can't sit on a stool at their register

except at lidl ofc

That's fair and understandable

it's like saying you have a TLS server

lots of things use TLS, but TLS isn't the service

mhmm error was just in how I worded it

yeah

Many people get hung up on the appearance of professionalism

Yeah I think that's his issue. No one can see me from there. No different to the chair.

Of course if I was asleep I would understand. I wasn't tho

any of y'all have tooling set up to monitor for new subdomains and such? bouta rebuild my suite considering options

wdym by monitoring for subdomains

projectdiscovery has a good dataset of subdomains and keeps it updated i think

easy options, Shodan monitor and Hacker Target. I specifically use Hacker Target's DNSdumpster extensively (but manually).

For more manual configs, it shouldn't be hard to set something up for this, but typical vuln scanning platforms aren't looking for new subdomains. Shouldn't be to hard to automate with Gobuster and similar even if less than ideal.

Monitoring for malacious subdomains I believe would potenitally be covered by the above but it's not something I've ever run into practically. Your milage may vary and I'm sure there's better tooling than what I'm aware of

Guessing this is a lot of what you already know, but this is me who does vuln scanning against their orgs

amass actually can query the Shodan and HT APIs so those bases are covered, it's more a matter of simplifying my automation a bit
i.e. run amass for each target ones a day (or however often), notify upon new entries

@molten skyhttps://chaos.projectdiscovery.io/#/

this one

been digging around their website a bit, it looks pretty interesting @buoyant tree

you use it?

used it once

cool thingy

Could always just cron or RMM it if your RMM does Linux decently. And thanks for mentioning amass, going to check that out

Gave +1 Rep to @molten sky (current: #90 - 68)

surprised you haven't use it actually - amass is quite useful for enum

if you have API keys it's quite extendable

https://github.com/owasp-amass/amass

Yeah instantly looks invaluable and not sure why I've been manually interacting with these sites lol

ur forgetting subfinder

I prefer ffuf 😶

subfinder got passive now also

wait what

hold on

subfinder's been updated a lot its one of the fastest and most accurate

oh shit subfinder is by the guys you linked?

i never noticed who they were, lol

yup

projectdiscovery's a great team

they made httpx, nuclei, subfinder

and a lot more

teaching me new things as well, thanks AIO

httpx is solid haven't used nuc

interesting results

Oh I thanked someone else too reciently, so it didnt' fire

ty

Gave +1 Rep to @sinful moon (current: #38 - 186)

Heh nice that even ty qualifies

Did some personal testing as well a few months ago

stuck with subfinder because of personal results

prior image 2022 this one 2023

amass found twice as many from Delta there but still pretty close for Spring

the 2023 one shows amass being slightly faster with Sprint as well, but equal on Delta

spring airlines

sprint, damnit

shit

spirit

Nah we call it Spring Airlines now, you travel by bouncing on Springs

was wondeirng about that but yes

i was thinking sprint like sprint mobile

Best way to describe the experience on our AIrplane package as well

no hyped up Spring Java vulns there c:

i've literally never used it but amass can generate cool assoc maps tho

seems cool

mhmm, for sure took note of that when visting their github, amass seems awesome and thanks for the recomendation

probably gonna run both subfinder and amass in the new automated stuffs

btw where did those subdomain finder comparison graphs come from?

its a article on medium I think

or some of the tool's github repos

https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off-4e5

Danke

there's a golang module for subfinder as well

bitte

so direct interface in ur code

ngl was probably just gonna dockerize it

keep the host clean

All of my Linux hosts in prod are just docker hosts running what I need, indeed. Some custom Docker Compose there too.

Too small use case for K8s

hmm, didn't know it had a docker container

Even if it doesn't, you can make it one with a DockerFile describing how to build

not listed on the git readme but it's described here -- dockerhub is projectdiscovery/subfinder

oh k

similar for amass but i don't have the dockerhub name in front of me anymore

Just curious, what if any do you use for vuln scanning infra, null?

oh nice hackertarget wappalyzes stuff as well

depends on the context. if you mean just passively watching things, i keep finding myself looking towards openvas

if at volume then nessus

To be fair OpenVAS is active just like Nessus, but indeed. OpenVAS is what I ended up deploying since I wasn't given a budget beyond the server that hosts the infra lol

yeah the main advantage to nessus proper is more up to date definitions and multi tenancy, otherwise openvas works fine as far as im concerned

Greenbone Community Containers are most viable way to deploy outside of Kali, comes with some minor caviats

still not gonna call it greenbone lol

me neither lol, even in our work documentation I have a disclamer that "what I call OpenVAS is another term for what is now called..."

I literally have openvas (Internal) and openvas-ext01 lol

I will say it works half decent after groking some weirdness UI wise and more

reading amass docs for automation and my eyes are just glossing over

most important bit I'll say, if you got with OpenVAS, make sure your Tasks are "Task is Alterable". This may invalidate former Reports, but allows you to actually edit your Tasks as you may expect should be the case

otherwise they're immutable

ngl i never remember anything about that process for some reason and it's always a PITA getting it spun up when i need it cause i always forget the little nuances

i feel like it was simplier to spin 5 years ago

Yeah it's freaking trivial to spin up with greenbone-community-containers these days

all the distro packages... including Arch, that aren't Kali are broken

that's been my experience

distro native never works OOTB

just a large Docker Compose yaml for all of what OpenVAS needs

and just werks

downside, no SSL/TLS, but they finally added official docs under "workflows" to clarify how to add that self signed or otherwise

banged my head against that issue with forum posts until finally got it working and I'm elated lol. OpenVAS screams at you at login that you're using HTTP and insecure, despite default of greenbone-community-containers

#letsencrypt

done with about a hour of total recall, its right now at a 3/5

sadly that's significantly harder to automate unless you terminate SSL/TLS with something like Traffik or Nginx Proxy Manager

right

docker

Also lol I gotta find this post

idk how i feel about using npm exposed but internally it just works

well i did something in the 23 hours today, crawling to bed now bye

man, i just wish letsencrypt worked for code signing

10% of the way there

G'night equals! 👋

staying motivated i sgetting kinda rough/

G'night.

I was saying Goodnight to equals lol, not going to bed myself

i have too much other shit going on, but i've also essencially turned my hobby into work/homework. Completely killing my enthusiasm.

Not sure how you're keeping it up with your job, although iric you may be between jobs so that's fair. Yeah it is tricky though even at the best of times

Yeah turning my hobby into what I literally do for work has had profound impact on my life. It's tricky

yeah

1k 👀

I live and breath tech in all forms, reading news about it, living it, trying wild things for fun and more. They're now all slightly tainted by "this is a work related thing" lol

1.5k is the highest tracked streak badge.

Also Ellie rapid fire Video Game songs with violin's

this

I'll bring this to DMs if you really need this in your life lol

I do

I have listened to everything Violin almost

Need new things

my headphones just died though so lol, may have to wait a moment

They got a 24h battery life

what the heck

just charge them every 2-3 days

they must be drinking streak freezes

im just slugging around that empty feeling you get after you finish a series or a good game fransiche

And heck Streak Freezes are a more recient intrudocution

same with sunset overdrive, the movement was great

now tmrw going to finish Alan wake

its like a good thing that still hurts a lil

Yeah I guess I get those same kinda vibes when I'm doing my own tech these days, depends on the motivation.

There're ways to trick or bypass streaks entirely, or just stretch courses to cover more of a streak. I still have the same 1 day frezee streak you get at day 7.

At least for me I love retro and the more retro I go the less it feels like work lol

now imagine that feeling not going away, lmao.

start a new one

does Undertale classify as retro

They're talking about work vibes/hobbies/and more

When your job is also the thing you do for fun, it becomes challenging

Oh you like PC gaming? That also involves computing, slight twing of work similarites and etc

"don't think the first thing a lot of chefs do when they get home from a 10 hour shift is cook." kinda deal.

Yeah I need more hobbies outside of computing. Been well too long since I've played my guitar but lol, most of my hobbies are based out of computing

wait u can play a guitar?

Even my former alt career idea, graphic design, that was just all Photoshop and Illustrator

👀

Yes, I have since I was 18

I thought of you as a banjo player more

letting a strak lapse is such a relief tbh h

I know how to play Banjo and Ukulele as well but I have literally no idea why you would have known or thought of that

i'll do that at 1501

Eh just how you are.

There was even a time where I would have liked to get into drums except excessively loud in small house and huge kit

Actually when the restaurant close the chef cook for the stuff before everybody goes home. I worked in restaurants 🙂

Eh gonna go to violin's and piano when I get the chance

you're still at work

Nah I'm a guitar person though and through, but fair I'm huge on stringed instruments writ large

I just love the violin

I played Viola back in the day but struggled with sheet music in my middleschool days

Don't know how many times I have said that but I am sure its a lot

no, they finish work, it's like a get together before everybody goes home

Also chefs are always cooking I have friends chefs

they enjoying cooking, it's like breathing

I don't mean to dumb guitar and similar instruments down, but tabs are so easy to read it's silly

Rex what do you even do

even for fingerpicking

I got guitar pick's but not a guitar

I'm huge on classical guitar style tbh, it's lovely

Came bundled in with my ifixit toolkit

Right now, 30% of you are thinking “does this guy think I’m stupid?”, 50% are thinking “yeah I really should sort that out”, 19% are thinking “amass uses API keys?” and the other 1% are bots that made it past the paywall.
ngl good way to start an article

that's a plastic spludger lol

good idea

don't use it on a guitar please

Ello Ellie

Heya!

google shows it as the first result

How you been?

Yes it's a plastic spludger, it's not a guitar pick

do not use that on guitar lol

Stupidly busy at work juggling more projects than I can manage 🙃

are we the same 😄

have to harden a kubernetes system

i hate kubernetes

I hate C#

https://www.youtube.com/watch?v=kDCnoaPXtQ0

Turn ur volume up for this

Doom vibes

lol latest boss ask "harden our Azure, every admin/vendor has Owner role" 🙃

Haha well, I got alotta stuff to do but I'm confused what to start with so I'm just watching some The office vids XD

at least for my Linux container stuff it was just "I need a multitenant webserver" so I was like "sure here's this docker-compose.yml" I did and Linux server

when i was play guitar i had Gibson ES-335. quite nice guitar...

Ellie they work good on a guitar still

every admin and vendor?

Gotta be that good

then the panic sets in

Ello ralex

ello

How long you been awake?

around 36h cca

Yeah lol, thankfully they have Entra ID P2 so can roll out PIM, but I'm not rushing into it lol

F that's alot

mind you this is same time I'm co-lead on refresh of our RMM platform which is even more game changing, among many others lol

I've slept for 12 hrs now

Still sleepy

kinda. 72h or 3 days is my safe limit...

Sleep is very important

Don't push it

i try do do cable management... dumb ass thing lol

i don't. clinical insomnia =/

You do cable management?

yea hehe

Let's talk cable management

no lol

I use duct table, cable ties, velcro

I forgot, I know this came up last time but yeah, just don't want people to get the wrong idea

true... sleep is must 🙂

I just use a rope

knowing you, ralexander you probably have custom 3d printed parts

I already push it with my 6 hours of sleep or less at times. Yeah 6 hours is somewhat sane for an adult but not when you're um doing other things to relax

i got some amazon things for cables. just can't sort it as i wish heh

Accessories for cable management huh

Sed I don't have enough cables

yea. like clips that sticks and so

Yeah you can get routing things that make this easier

yea. i take walks 15-20 min and some food. just to relax brain and so

Good vibes, yeah I take similar unnanounced breaks from work from home. Not quite as long but I'd go crazy sitting at that desk all day

Also Ellie, just noticed due to your flim recommendations been watching a lotta great movies before was just watching the latest releases bad or good

Are you asking if new movies are good or bad? It dramatically depends on which movie lol

Nop just thanking you

Like I said, "Everything Everywhere All at Once" is now one of my fave movies of all time and is modern

Before it was just looking at netflix and watching modern ones

AH totally fair, I sure don't mind

yea, its like a 7.8/10 for me

Alien is 9/10 tho

I'd rate it higher and you may as well as you get older and understand more of the vibes

totally fair tho

yea

if you like war movies. Max Manus: Man of War

https://tenor.com/view/baby-movement-gif-20869879

I'm just glad you enjoyed Alien as much as you did, since that's a much more suspenseful atmospheric movie than Aliens would lead you to believe

god no Aliens spoilers

lol and that's one of the awful 00 films

I haven't watched Aliens yet

I like Mad Max 🙂

Mad max is gooood

8.5/10 for me

Aliens is worth a watch but nowhere near as good as Alien

you can stop after that c:

spoiler if you didn't see it by now 😂

yup now mad at you

He hadn't seen RoboCop until 2024 so spoilers are warranted lol

alien movie is movie like you have cat that is crazy

Alien's entire plot basically

Protect the cat

no matter if you are dying

Protect the cat

In a nutshell

80/90 movies are the best

To be fair, frick the other crewmates and their disagreements with you, cat is impartial

yup

nowadays are all remakes, it's like hollywood run out of ideas 😂

• the android twist was a good one

• Love how star treky it looked

And they're all bad lol, beyond Dune but that barely counts

It looks nothing like Star Trek. Alien is a very lived in battered down world

Eh the ship's

the remake of Dune was awful, original Dune FTW!!!

Dune 2021 was a remake?

Even the ship is closer to Blade Runner or 2001 than it is Star Trek

eh don't know it looked star treky a lil to me

A remake if you consider both films were adaptatations of the original book

yes the original is from 1984

hmm

Nice bait, but unironically the 2001ish TV mini-series was also great

original 1984 David Lynch film has gained a new found love these days but was not always the case for sure. I love it in its own way but doesn't come close to 2021

Although both of the old both in chat right now

If you love Sci-fi and want a interesting twist on time travel

Watch this tv series

Peripheral

its new and its gooood

I'll keep it in mind, but as you say, I too have a massive backlog lol

based upon a book

yup

although its only 8 episodes

Quantum Leap, but the original TV

Also in my backlog

gtg bye cya

Fringe. tv serrie is also great

I'd link a classic image but it wouldn't be kosher here lol

G'night AIO! See ya

The Twilight Zone original

twin peaks

Still haven't seen Quantum Leap directly but did love him as Johnathan Archer, Captian of NX-01 Enterprise