#general

All ports with -p- tho

jep, and sT does just a connect scan which will be quicker

Mm, good point

I think I'll need to redo the nmap room tbh

Well, that got me the answer (It was between 1-9 to be fair) but I think I'll be redoing the nmap room before I go forwards

I need to take that attitude 🤣

Good evening (or morning, etc). How is everyone?

Doing well

Getting back into THM stuff, yourself?

Eh, just lamenting the background check for a job lol. Wondering if I’m gonna be one in a million or just fail as expected haha

Fingers crossed!

Thanks

What THM stuff you getting back into?

Eh, just starting things. Networkservices room at the moment

Onto red-team stuff later, but going back to basics until it's more concrete in my head

Yeah always gotta make sure your basics are solid

100%

Hey

Hi

How can I make money? So I could save it for my cybersecurity certifications.

It depends on your location. In the U.S. most people depend on the jobs they work to make money

Exactly, I am unable to make money as a student in my country. Thats why I'm bit frustrated rn. Don't know what to do to make some money

bug bounty

Maybe you can work online if it’s allowed?

Yeah, but i couldn't find anything reliable. Tell me if you know any online jobs i can do

Unfortunately, I don’t know of any personally. Have you tried LinkedIn?

I don't think I have any professional skills to represent on LinkedIn

You could always market any skills you do have in a clever but still honest way. Worth a shot. Sorry, wish I could be more helpful. I wish you the best.

Thanks

Gave +1 Rep to @round jay (current: #1999 - 1)

Thank you

Haha rich is relative lol

🤨

thats terrible advice

Doing things I wasn’t supposed to do a long time ago before cybersecurity was gamified. Granted, I shouldn’t have done those things. However, I learned most of my current skills recently

Please don't say these sorts of things. We don't take kindly to trolls here

please dont say such things

oh

Morning dolphin

good morning

I make $28/hour. So not sure if that makes me rich. However, I’ve worked minimum wage jobs most my life

hey you two are new here, I'd ask you to please take a minute and read our #rules

this server is PG13

strictly

I think both of you may need to chill a litle

🍿

Why do you think?

This isn't tiktok

Please leave this to the mods.

anyways sup james/dolphin/other james

Just lamenting a job I’ve applied for that I probably won’t get, lol. How about you man?

struggling with golang for a few hours, lol

Nice, that sounds tough but worth it

not even writing any go, i just want it to work 😶

@hollow matrix everything alright?

What are you working on?

my god i just noticed the meows

@hollow matrix Please don't spam here. If you continue, you will be muted

owasp split amass into pieces in their new version...... now instead of running amass in a docker container i have to run amass enum in a container and install each of the oam_tools on the host separetely, which requires go 1.21+, and only 1.20 is available on the repository, and when installing manually the gopath gets screwy, and nothing is consistent

bouta just use a deprecated version of dockerized amass and be done with it

I never got amass to work

Is there a PPA with the new package you can use?

i've never had any issues with amass until they decided to break it into 17 different tools

rhel and also nil

Wait, doesn’t go require a manual install anyway?

dnf/apt/yum/whatever install golang

Hmm. Try going to the go website. I think it’s pretty easy to install without package management

It’s actually the preferred way last I checked

yup it installs fine, but when installed manually none of the pathing is set up properly by default for some reason and even after setting it up things just aren't where they should be

repo is preferred here cause it can actually get security updates as needed (w/out intervention), but i don't mind binaries or source when necessary

Ah, I see. Sounds like some configuration is required then

For the paths etc

Installing go from the repos is almost guaranteed to get you an outdated version

which is NORMALLY fine

it's normally fine being one behind or so

but nope it uses something brand new

Ubuntu etc always seems to ship ancient versions and I've had tooling not work because of it

ahem Nuclei

yeah ubuntu is horrid in that area

but hey, it's stable

wonder how easy it would be to intertwine rolling and stable repos to pick and choose for each package

Run a stable core set and rolling addons?

si

I guess libc etc is the hard bit

w/out ppas or equiv

@molten sky does it install to /usr/local/go?

But you could also just go for something like flatpacks with a fully immutable OS

honestly idek anymore lol i'm just gonna use an older docker build at this point

very true, forgot about flatpak

It's what the steam deck does

been curious about silverblue/spins

ostree and all

Silverblue? What’s that?

tldr; immutable fedora

Hmm interesting

I’m currently running Debian as my host and love it

Simple af and just works with tons of supported packages

I had weird issues with it as a desktop

not sure why

Hmm, interesting

using fedora now tho so 🤷‍♂️

Haha nice

Fedora is solid

I got exposure to Fedora with QubesOS

My vault VM ran it

fedora kde has been the most pleasant OOTB experience i've had for a workstation in years

(with dedi gfx)

it just worked

no artifacting, stuttering, no weirdness whatsoever

Yeah, I didn’t have any issues when I ran it either

Like I said, it’s a solid distro

the only issues i've encountered since rebuilding have been discord being a POS (normal though) and HexChat crashing because it doesn't support wayland

hola

aloh

Probably due to the fact it’s upstream from red hat. Although the corporate changes may affect things. I haven’t been following it

coming from manjaro it's night and day

Hexchat! Nice that was my jam! Are there any active servers on IRC anymore?

from a distro that can't even update their damn certs on time to here

I'm on several, actually

oddly enough, HexChat is preinstalled on the cinammon spin of fedora. not on the kde one though

I see. I’m trying to remember the name of the server that replaced freenode. That was the last I visited ha

##security lol

Yeah buddy

And ##privacy

Libera

That was it

Libera still exists i think

not on it tho

Oh and OFTC

No worries I don’t expect you to drop your hangouts in chat haha

all of the ones i'm on rn i probably can't name drop in #general lol

if i was in the super secret special hackerman channel then probably

but i lazy

been 0xwhatever for like a year

Haha no worries man I understand

nothin too notable tho. the more interesting stuff is on forums elsewhere, where I probably wouldn't want to use naked irc

Haha yep. IRC - the original reason to use a VPN to hide your IP address from creeps hahaha

Totally get it

Anyway, I’m off to bed man. I gotta get some sleep. Have a good one dude

huh. i've got a gluetun container running. i wonder if i can redirect hexchat to use that.

probably a waste of time tho

peace

@forest root Why?

What?

What?

Why did you post an email address here?

:hammer: hileci31.#0 has been banned.

well then

Any certs for digital forensics?

:hammer: glock19ext#0 has been banned.

You can bot discord accounts

:hammer: postagent#0 has been banned.

Interesting

It's a breach of ToS

Discord actively detect it and ban accounts

I'm aware, but it should be harder on discord compared to other platforms

sans has a few but they aren't cheap

Three bans in a row, damn

Low effort trolls

Deserved then

@spare ridge what's up with the recluse thing in the bio

Basically time until vacation

Been a busy month

ooooooohhhh my goddd

i figured out a way to make it work

i forgot you can install other versions of go with go itself

that tracks

hey guyz

does anyone knows how to use burp collabrator feature in zap

Good morning

I am currently studying GCFA, if you have means of employer financing it, then that's what you could look into

i need to learn how to use git properly at some point 😭

can someone help me rq, i accidentally fucked up my commit history

i changed a file name via windows then pushed it (didnt using git mv), but then i see in the remote repo that it created a new file with no commit history and the old file still remains

i tried git revert but there was a change made after that to the new file and now there's a conflict

reset and rebase then force push

uhh i kinda fixed it ish

so i reset, there was conflict cause of the latest commit, i discarded the changes by deleting the file and pushed

that works

now the old file still exists in the remote repo, but i dont have it locally

tried git pull but says it's up to date

the commit tree is fine locally tho?

git log what you expect?

just cloned it again lmao, least amount of work

was gonna say

in the future, interactive rebasing is your friend ----

git rebase -i <bad hash that ended up in the middle>

then git push --force-with-lease (similar to --force but safer)

I'll have a read on what that does and how it works, thanks

Gave +1 Rep to @molten sky (current: #88 - 69)

ffs

used git mv this time

and no commit history

im confused

shows that it was renamed

but in the commit history of the file it doesn't show anything from before the rename

normally it says it was renamed and theres a button to view older commits

fuck it, im recreating the repo and redoing each commit 💀 it's gonna show i started the coursework one day before the deadline though

I want to learn

top 0.1% after about 7 months, never give up!

That's amazing !!
Someday I want to be like you!!

thank you, just takes alot of consitency, every day hacking, only missed about 4 days

Gave +1 Rep to @hardy spade (current: #1999 - 1)

https://arstechnica.com/tech-policy/2024/02/air-canada-must-honor-refund-policy-invented-by-airlines-chatbot/

I'm new to the site, is there like a page with the correct answers for some tryhackme rooms, for when im stuck?

#room-help

dont try look for answesrs, hints or a little bit of a push, persistence is a useful skill when hunting for bugs etc

what happened with the chatbot

On challenge rooms, theres a tab at the top labelled 'Writeups', that should help. For tutorial rooms, if you can't answer the questions, it's worth re-reading the content.

Yeah the writeups tabs are pretty useful aswell

Aye. gotta use your own personal ethical compass too. Only read enough to get the hint

I’m dirty coin expert

Cool. I have a genuine 'Piece of Eight' on my shelf 🙂

yeah i use to just give up immediately, but then i found out its looked down upon, now if im super stuck i use it just to see if im in the right direction

Thats the key to learning. Just getting the answers to gain THM rank is just.. cheating yourself

Wat

Can't be an expert of my coins, they're all clean.

I put them in Coca-Cola every day.

I'm either tired or naieve. I genuinly didn't think it might have been something 'untoward'

Maybe try Cillit bang. make a penny look good as new

yeah

Again, wat?

Ahh. Lazy sundays 🙂

💎

damn nice find!

how'd you get that?

is that a diss?

For folk who just churn through to get answers.. Yep 😄

"The bot is responsible for its own actions" 😂

Tom - My Dad got it for me for good luck 🙂

damn looks nice, is that the original case or a re-used one

sorry not case, box**

His dad was Long John Silver.

Long lost relative of Peg Leg Pete.

Well, it was the box that it was sold in. I guess the seller put it in there to look nice. The holder and chain are cool aswell, It's engraved with the name of the ship it was recovered from

HMS Hollandia (IIRC - I'm too lazy to walk 1 step to the shelf)

hmmm, I could go for some honey sesame chicken

for the rest of the month

damnnn it was recovered from a ship, better hold on to that

would be cool to myseriously give to your grandchildren

for no reason

Ooh bella, that sounds nice.

never had it

You haven't lived.

😄

yeeeees, I have like 1.3kg of chicken breast in my freezer, accidentally froze it all in one bag, so I have to make something out of it, and after making the chicken I can freeze it again

Eesh. hammer n chisel time 😄

or just make delicious food out of it

Meow

Done!

@naive violet

You are too damn quick!

you must go through a keyboard every month as a result of the keys melting

I heard his keys are all faded.

Ignore it 🙂

And remove the URL from the pic.

Rather not somebody click it in here.

@hollow stream please censor phishing URLs

Hellloooooo

Hiiii

Hello!

I wanna ask who got linux basics for hackers pdf🥹

I do.

There is a new book coming in May 🙂

Can you kindly help me with it🙏🏻?

What do you need help with?

From occupy the web?

Yes, 2nd Edition

The pdf

That would be book piracy, and that's illegal

Do not pirate, the book is worth it's money.

Interesting

This actually just reminded me to sort ouf my PDF folders.

/banspam

rather prefer a real book, tried tech books on kindle, doesnt really work out for me

Add it google drive and add me I don’t care about piracy its for my personal use

😟😟😟😟

We care about piracy.

I bought bunch of books on humble bundle only read one

For real.

I agree it’s a lot better

If you really want the book, pay for it.

No

PDF is easier to search.

@ornate root has been warned.

[WARNING] I cannot DM that user.

Why pay when u can get it for free

😯

because someone spent a lot of time to serve the knowledge nicely arranged on a plate

:hammer: ssiimmppeell#0 has been banned.

Lol

hi m new

speaking of books, need one about vba, work forces me to dig into 🙄

Thanks for your help

Kanga - For VB surely you could just throw a stone

jep, reading some samples on amazon to find something decent

Ahh, so the question was more to whittle it down 😄

just some ranting lol

err or vending whatever

hello new friend

nice i am getting it

https://tenor.com/view/cat-confused-gif-7441776660901104597

Wondering if anyone has any interaction for powershell and what could be good sources for more hands-on interactive learning for it (Something in terms of challenge / solution )

Underthewire

https://underthewire.tech/

Thank you

i just cracked now and its say rubber-hose. Did u carcked correctly ??

CTF?

yes

Active?

its hiring challenge

We can't help then sorry

Errr the whole point of a hiring challenge is to test your skills

i already sloved

just want a confirmation from him

oh no! anyway

what is this

ISC fees

I don't have any certs though from it, so not much point in paying

is this phishing email ?

nah lol

https://www.isc2.org/

oh ..

so... you are expecting a knock on your door asking if you are John Conner?

aws showing no card detail and I can use the instance

so I can use without payment?

Mor Ning

Afternoon

good night

so uhm, my speakers in my monitor just broke, so now I can't hear anything from my desktop, yaaaay

That sucks! Can you replace them? Driver issue? Just the entropy of the universe?

physical speaker issue

I ordered some external speakers instead

found some cheap one

Hopefully they'll hold you over a while at least

It’s too cold

yeah, the speaker in my monitor held for over 2 years of constant usage

The ones in my laptop stop working occasionally. Only solution I've found is to reboot into Windows so am assuming the manufacturer's software does some kind of verification or something...

This one is for my desktop, my headset broke in 2022 and I haven't bought any yet, I just used my speakers in my monitor instead, which now broke

Lol

Yeah it sucks when stuff just dies. Like, you were working fine just a minute ago... what's changed?

Scratchy scratch sounds, due to a Spotify song which was too loud

Well yeah I guess that helps but at least you can get a replacement

Some of the keys above the spacebar on my laptop stopped working one time so I've been using a usb kb from an old server the last few years

Hey 👋

Guys quick question...it might be a little bit meh and basic, but how do you know what directory listing to use when enumerating.. like i use "directory-list-2.3-big.txt" and in some of the room write ups, i've found people using different list like "common.txt" or "dirsearch.txt" and get the expected result.

Or at what point you are like "Hey, this is not working, let me try anathor directory listing" ?

A lot of rooms provide a package you can use that will include the solution since it's a training room not a challenge room.
They tend to be cut down selections from the big lists that are tailored to the THM learning experience.

@jagged moon FLUFFFFF. Did you have fun on http of our site? 👀

yeah, for now I have set up my phone with audiorelay, so my phone plays all the sounds from my desktop

Ususally I start with the smallest list or a common list

Good job! Total hacker workaround 😛

I'm impressed

yuuuuup, quite nice

well, i do mostly challenge rooms so..the ones i've encountered dont have a listing, but thanks

Gave +1 Rep to @split compass (current: #53 - 124)

Thanks Thanks.

uhh i thought you had to have a card on file 🤔

@gray sonnet

:(

Well yes

True

Whoever did this.... i hate you.

And you spelt "You're" wrong

No more sus for you! DNS no likey

@hot cairn go fix your spelling mistakes, lass

Or @jagged moon 👀

It's the candian spelling

Thankfully it is not.

Took the time today to migrate my family away from locally saved passwords to my Vaultwarden instance.

No more "Aaaah, I forgot my 6char password which is based on my name!"

Makes a very happy Mac.

Lemme guess, they still use the short passwords and not generate long ones? 👀

@gray sonnet "How do I disconnect? Fucking discord"

My little brother actually generates them! I'm impressed.

Hello anyone know a good LFI automation tool

Discord mobile is weird...

I love seeing the TOR networks accessing the site too.

And gave em all @lastname.com domains that forward to their actual addresses thanks to CloudFlare. Which mainly is a bling thing more than usability, but still nice.

https://tenor.com/view/parrot-einstein-parrot-african-grey-parrot-bird-funny-parrot-gif-14531098

https://tenor.com/view/shiba-shiny-shiba-doggo-good-doggo-shiny-doggo-gif-16082089

discodogo

dogisco

Guys, what vps do you recommend that takes paypal/crypto? I dont need anything fancy, I just wanna test my api, learn how to setup https, try to hack it, bla bla bla, so that then I make sure my main server is secure

not able to just use a card? even a prepaid one?

Can’t you just host it locally?

You’ll still have to ask the VPS if it’s against their ToS

Oh yeah, That too.

esqy. ever run to gridfiniti project 3d prints for tool storage and tings ?

I considered it, but found it's cheaper and easier to just make the storage out of wood.

yea. i just making one to test. rly nice project for sure

finger joints are way easer to cut with a jig on the table saw than waitiing 3 days orthe laser.....

Or. Hear me out. Buy a server and everything you do on it. You're allowed to do, because it's your server.

It's a great idea, The whole gridfinity thing is a good idea.

Also, I generally just butt-joint stuff - actual wood is kinda pricey, and finger joints on plywood are a PAIN

yeah, that's fair

that being said, I might give it a go for my next thing - Pirate treasure chests from reclaimed Palletwood

tear out is a lot worse on ply

do you have a jointer?

Hello guys

because you'll want a jointer to build the sides and top of your pirate chest

No, But I do have a router table and a dovetailer jig

hmm

hmm, weird one of the websites I manage has a comment with burpcollaborator.net in it

Any ideas what it could mean

Wait.. Jointer - Yes I do.

For some reason I was thinking of a Mortiser

router to make the edges perfectly parallel is going to be a LOT of work to get right

Hehe, I got confused cos you jumped from joints to edges 😄

kek

yeah, you answered the joinery question, so it was time for a new topic

I got a cool planer/jointer thing. Good for a lot of stuff, but I bust out the actual planer for the harder woods

Picked up some Cherry, Sapele and Purpleheart planks last week. Dunno what to make from them yet though

so you have one of those electric hand planars? i'm looking at one of those, but i'll probably split the cost of a thickness planar with my dad before i do

It means someone's been spraying payloads

get ready to change the blades in everything the purpleheart touches

Yeah, but rarely use it. The planer is one of those Triton ones borrowed from my buddy who's in Canada for 2 years

already replaced the blades on it, cos he last used it on SUPER dense seasoned oak he salvaged from work

purple heart is going to tear those blades up waymore than that oak did

it's way more dense

it's almost as dense as ironwood

or ebony

He works at a dockyard that service submarines and ships, so they use these giant oak blocks for support. Basically seasoned to the gills and spend a tonne of time in a nautical setting. Planking them up with a chainsaw and jig was FUN

Yah, but purple looks SO NICE

Any ideas if I should do anything?

Just thinking to monitor logs for anything suspicious

This is normal for anything exposed to the internet.

I made an Ebony pen t'other day. First 2 I tried chipped right at the end. Dense and brittle.

You should always be monitoring for anything suspicious. Get centralised logging

if you are doing any crossrips of the purpleheart, expect to change blades at least 3x as often

Yah. Measure THRICE and cut once on this stuff

I got notifications turned on since they are relatively small sites

That's not what I said though is it?

the trick with it is to douse it in Isopropyl Alcohol before finishing, and leave it in the sun. That gets the purple a-poppin

Hello

but UK being UK... right now the last purple pen is a boring brown 😄

Can confirm: notifications turned on is not the same as a centralized logging system

Okay, will try and see if there's a good way for logging

Syslog

Syslog is the industry standard

oh you mean logging the server's actions

May I recommend, OCSF

seems like that might leave weird stains - does it make it pop more than just tung oil or danish oil?

i thought about the website

No, I mean centralized logging

That's website logs, server logs, all of it.

may have to do the room on logging again

Nah, the alcohol works well. Evaoprates super quick. I use it between sanding grades

Probably works better on tiny pens rather than anything bigger

Logs!

Hmm, lemme see if its possible with the different cms's I am working with

Bleugh

Although I think UV light is the key. I have a few scraps of Purple, I'll try the oils and see what happens

I love logs

It's lower level than that

I should go grab dinner

Yes bella! honey sesame chicken!

a few are built on godaddy's own website builder, it is not known for being super helpfull for debugging

Sorry for hopping in grossly... So what are you all up to today?

that's not today, I have 1 portion of chicken alfredo left

So what're you thinking? Chargrilled with mushroom?

tho will try and implement syslog for the wordpress and self-hosted ones

I need some free rooms

where can I find em?

Excellent.

on THM!

I'm there LOL

I'm just confused

Shadow has made a suggested free path - I think it's pinned..

where do I check...

Yup - second post on the pins of this chatroom

If you go on to search, you can sort by free/subscriber

ohhh

found em

Whats the percentage at, James? was 80% free last I checked

thanks 😃

thanks, Uncle and Ninja

Not a clue

but James, you know everything!

how do I use the attack box?

Click 'Attackbox' at the top of the room

then?

Click on one. It will open up in the side of your browser

ok

btw when I use it it is VERY laggy

why is that?

do I need to use the vpn with it?

This room should answer your questions --> https://tryhackme.com/room/tutorial

you don't need vpn if you're using either of those boxes - they're already inside the network

what now?

Well, it's web-based, so reliant on your internet connection

Work through the Tutorial room.

i believe the resources those boxes are given are also based on you being subscribed or not

might be wrong doe

where do I find the tutorial area?

For real, stepping through the whole process is long - the Tutorial room explains it a lot better than we can

https://tryhackme.com/room/tutorial

You're right

There

You get better attack boxes when you're subbed

no change there 😎

It depends on your connection's stability or latency for most of the cases

You're right.

Free users get 512mb and half a core.
subs get 1GB? and a full core.

ok the attack box is loading

im in tutorial room now

same

Hello and welcome.

Have a read over #start-here

just been long in this server LOL

hello

So many new people today 😄

Chill 🙂

okay I pasted the IP

now what?

yes

Follow the tutorial.

@naive violet

.

im so confused

with everything

:mute: cihadulah#0 has been muted.

Just read through the tutorial room. It tells you the exact steps to take

what do I do now

Hello

You don't need to connect to the VPN if you are using Attackbox. So you can simply start doing rooms

bruh

vpn is only if using local VM/kali

im done with the tutorial and I only pasted smth in a web...

That's the intro to the site

this is the whole tutorial?

There's a lot more teaching content after that

Aye. That was a 'how to use the site' room

ohhhh

now I found some rooms

😬

i got curious after they didnt reply

so i checked it out

downloads a fake d.js package from npm which installs malware

the package had almost 100 downloads in the past week alone

they dm random ppl in the discord.js server and ask for help with their bot, saying it wont run

@sick lance your time to shine and have some fun!

oh

they're not in the server

i should have specified that, my bad xd

was just sharing it cause i found it interesting xd

If Scrubz wants to RE that malware, and share with the class his findings 👀

hey is someone also having issues with the vpn?

EU3?

all of them

eu 1, 2, 3

Sophie looks like the Terminator.

One day...

One day we will teach you your shapes. 😄

Haven't been on in awhile. But 3 is known to cause issues, in the past at least, that I'm aware of

Which country are you in?

switzerland

Ok, country is fine.

Let's take the this to #site-support

Im finally GETTING “going”

oo

Yay, back home! In the airport there was an Windows XP display that had crashed

Wasn't me!

👀

should have made it linux

I know it's just running a display, but jfc... XP at an airport

https://tenor.com/view/throw-up-dry-heave-vomit-gross-eww-gif-23254765

Lol if it ain't broke don't fix it I guess (till now)

Probably vuln to EternalBlue also.

Let's hope it's not networked then 😆

https://tenor.com/view/discord-please-keep-chat-in-english-english-only-english-only-discord-gif-21618641

Pff. Why would it be?

Hehehehe

To get up to date data from their servers?

Nah, a departure screen is fine how it is.

It's a static display, so ideally shouldn't have to get updated information

I need help

You're a static display, Jayy

Are you going to tell us?

Or will we guess? 😄

It’s with the web app security

Section

t minus 4 hours and 35 mins

@sly saffron #room-help then please

I think I need help. I need Marie Kondo to come over to my house to get rid of a bunch of junk

At first I thought you spelt Mario Kart horribly wrong.

That would be on-brand for me. both the game and the typo

In Football news.

You can take Kane out Spurs, but you can't take Spurs out Kane

😐

Should I do TCM today or Portswigger

Yes.

not both

yes

rip, was hoping i could check it out with any.run

i do the same haha

well, i have everything forwarded to a proton inbox

USE THE DEFAULT SHAPE FOR SCREENSHOTS

Nice drawing

Anyone got a paid any.run account where they don't mine running a sample for me?
File is too big for the free version

hmmm

sounds #advanced-general to me

Oh right

I'll ask again when I reach 0xD 😂

):

I need to grind

IIRC they offer a free 14 day trial.

Get the hash of the file and chuck it in Virustotal

Just use
https://tria.ge/

@night prairie

hello roomies

ello

hows it going?

so far so good

Didn't know of this, thanks.

Gave +1 Rep to @shut hawk (current: #13 - 476)

I much prefer it over any.run

Oh, I wasn't aware of that. I think I'll try out triage for now and save the trial incase I need it in the future.
I did try putting the url into virustotal but I don't think it downloads the file from the URL, and I don't want to download it to hash

Get the hash and virustotal it?

Ah, I see.

I mean, I already know it's malicious, I'm just curious what it does xd

It's a shame we can't talk about it in this channel...

LEVEL UP!

:c

I haven't completed a room in so long 😭

Slacker.

IIRC yeah

DO and Github are two I see around here suggested.

Used DO for over 2 years, highly recommend

AWS gives you a free Windows and Linux instance for your first year

Very easy to setup

It's for a month right? 750 hours iirc?

750 hours per month

Ah okay, cool

AWS is a whole skill

Like navigating a maze that an evil puzzle master setup

Set up another one

It's like a videogame with lots of in-game purchases and subscriptions attached 😛

https://tenor.com/view/eeeeeeeeee-ohshootaaaaaoaaao-gif-26159816

Link your IG account.

They want to?

It shows on their profile.

not twitter

twitter re-directs to X

It's gonna be a use case. So much of cybersec and infosec is based around careers and working. IG is more of an artistically creative thing

And peoples dinners.

Eh I don't like meta

It's the 'social' part of 'social media'

pihole configured to not even resolve facebook.com

or instagram.com

why lol

too much tracking

That's what the pub is for 🍻

• I don't use those platforms a lot

Not even their marketplace?

Fair enough

we got a local alternative

Yeah FB marketplace is goated

"Olx"

That reminds me, I need to buy new running shoes.

how?

I gotta use whatsapp

Don't need an FB account to use Messenger.

Really good deals for second hand items

tried to convert everyone to Signal, horrible fail

meta = facebook

X = twitter

same thing

I don't think you do?

Yeah several attempts to bring my friends over... They're just too attached to Whatsapp

yup its a futile effort

https://tenor.com/view/patrick-stewart-cyborg-serious-scary-gif-1000347867466686561

Meta is the company

Facebook is the product/service

before facebook was the company and the product

i think it might be slightly unsafe

???

shadow has zero of those accounts

is your threads account

not even whatsapp?

whats that???

legit opened it once and never again

Imessage?

eeew apple products

Eh. I can never get into those social medias. I used facebook a fair bit in the early days as I was travelling at the time, and facebooks was great to keep in touch with folk. but the other ones... eh. Like... posting on Twitter/X - Why would anyone wanna know what my thoughts are in 160 chars? IG - I don't take that many photos, unless they are wires that I need to remember how they are set up. I still have Facebook for messenger on my phone, cos my friends use it. Linkedin - I'm not actively looking for a job

That's a different account though

Do you text?

like with SMS/MMS

using sms yeah

okay

yea linked to your phone no

i never understood twitter either

Whatsapp is giant in europe. met so many people who use it as their go-to

My family use Facebook, however I'm talking to them less and less, I could delete it it and they won't notice.

I use IG for my Hyrox and ORC racing.

Discord & Reddit for me

Hyrox?

Functional Fitness Racing.

What's that

https://www.youtube.com/watch?v=btOVW8eTdPY&pp=ygUNV2hhdCBpcyBIeXJveA%3D%3D

some south asian countries too
i heard it's not very popular in america tho

I got a game y’all should play. Hell diver 2, it’s so fun I really recommend it

Helldivers 2*

Bruh

Yk what I mean

Break it accidently probably

I know East Asia - for various reasons - use Wechat. For pretty much everything - Calling, texting, paying

I think normal operating system's dont work on it

So no windows/linux

I may be wrong, but can't you already rent them in the cloud?

I don't use Cyber-sec at all on IG.

Not exactly the purpose of them

@rapid merlin https://aws.amazon.com/braket/

I look at it sometimes for Woodworking, for inspiration. But Youtube works for that. Usually If i have time to do that, I'm sat at a computer.

Hmm, I'd probably try to use it for some sort of AI model (no clue how AI works, so perhaps it's not applicable in this case)

You?

Jarvis 👀

i wonder how long it will be before someone tries to make jarvis

well, before someone makes a good jarvis*

https://tenor.com/view/ultron-there-is-no-man-in-charge-marvel-avengers-age-of-ultron-gif-26346106

gotta watch age of ultron again, that shit scared me when i was younger 😂

wish we had more iron man movies

ig we still get the techy stuff in spiderman now at least

they have using openai

with the hologram also

yup

Bad protections get bypassed.
Defence in depth is valuable, and some vulnerabilities can be properly mitigated

For example XSS, you can use safe sinks and CSP etc

For SQL injection, you use prepared statements

when do site ranks get synced with discord? ive gained quite a few today and see im still level 3 here 😂

You can do it manually.

But it's once a day usually, although I think it's rate limited.

ah cool thanks for the clarity. Guessing i just run a /verify to manually update

Gave +1 Rep to @sick lance (current: #2 - 1974)

In the end, security issues usually boil down to bad code or bad design

It should be

But it very much isn't

It's a solved problem

PHP feels like the only thing I know that still allows it easily

quite a large supply chain attack due to SE and SQLi here in the UK last year

But developers suck

Most languages I've used allow it, just with Go it's more difficult than using prepared statements.
I've seen it on a number of ASP/C# apps

Was a big one, but primarily due to the social engineering aspect of the attack. Companies infrastructure tend to be a lot more lenient the further you get in

oh yeah but I mean more easily than doing it properly

Yeah, Go is the only one I've used that achieves that

PHP is PHP, Python makes it easy-ish, Java made it pretty easy but I guess that depends what libraries

Hibernate makes it bloody annoying to allow injection

Hi all

hey bois

Hey GIrls.

I'm guessing a linter?

Superstar DJ's...

Here we go!

i need ur help, I am not able to connect thm via openvpn in windows (I tried all servers)

#site-support please.

I can help there.

For anyone using a vertical monitor, do you have any preferences? I'm thinking I get a 24" one, but I'm unsure what's most comfy

nah, it's got it's own intermediate language that it uses

never had one before, i'm splurging haha

I have a 22" and I think it's just comfortable for me.

yeah, is 22" not too narrow?

It's great for Discord and Word.

Not at all.

oh great

Oh it's an ORM

yeah it'll be nice for referencing docs and whatnot

Boo that's no fun

😭

aye

I run 2 24" at work, left hand vertical and right hand horizontal

It's nice

that's what i'm thinking, one 24" IPS

Need to rotate one at home but I don't want to buy a stand

there's no name for it?

The same as it would be outside an API? I don't get what you're asking

I normally just say "I've found a vulnerability in this API"

Gave +1 Rep to @naive violet (current: #1 - 2100)

If someone wanted to go down the path of VR and expdev, which resources would you guys recommend?

I know of pwn.college but is it enough to get started on real bounties?

My one can rotate.

What's the word you're trying to find an equivalent to?

I have stands that can but I don't think they'd work since they're sprung for more weigt

Oh wait, I seem to remember something about your set up...

Yup, that's it!

I mean my new ones are just tilt stands

pwn.college is really good for fundamentals, idk about expdev but its a great start

you essentially get a couple of college courses completely free

No there's not a different word for it

Nope, I mean it depends on what the vulnerability is

https://owasp.org/www-project-api-security/ check here

Tfw "bola"

I once spoke to a guy who tried to convince me BOLA was when API and IDOR was when not-API

I like the idea behind calling it bola, it sounds more accurate, but.... IDOR was already accepted

I had to actually pull out google in front of him he refused to believe that they're the same thing

yeah it's confusing for sure

IDOR is what i'm used to, but i feel like BOLA is also pretty easy to get used to

and it feels more accurate

As easy-to-use terms though BOPLA BFLA and BOLA is just evil. Too many acronyms!!

Tryhackme? That sounds like an interesting site..

Alright, I'll just start with that for now then.

I did get invited to this VR server for UK nationals a while ago, it has both students and professionals, but unfortunately it's not very active

I think it was created by one of the exp dev companies here

do thm

htb is hard for beginners

Imo, THM is better for beginners, though I heard the HTB Academy isn't bad either

have fun hacking

Gave +1 Rep to @noble veldt (current: #998 - 3)

productive pain

Pwn.college is great for binary exploitation fundamentals specifically. For general fundamentals definitely look at THM & HackTheBox

No worries

t minus 2 hours

Keep it up!

TryHackMe isn’t fully free is it

Gave +1 Rep to @proven quartz (current: #21 - 351)

…

Nope. It's mostly free though. the number I go with is 80%

tryhackme is mostly free but there are indeed some parts that are paid

main ones would be networks and paths

I can’t continue the intro to cybersecurity

you can skip the premium parts.

mine was to graduate, im a semester away and think im looking good for it :) ended up with my dissertation going in for becoming intellectual property for commercial use. which is unexpected, and nice xD

I’m doing it on my phone and I don’t see an x

Do it when you can. Set a time and try to commit to it. Eventually it will be 'the thing' you need to do

just click on learn, and open the learning path again.

Will try again

I have a question . Is there access to systems and knowledge of programming languages ​​explored? ; A question that confused me

??? does not parse question.... error error ????

Guys

Anyone tried the hacker arise course? Its 3 years long and its from the guy on David bombal podcast thats fighting in the cyberwar in ukraine

Im thinking of taking that after cpts, that guy sounds like he means serious business

Why, brother, does he not have an answer?

Is it available on YouTube?

No you have to buy it

Its 1500 dollars for 3 years

This Is why i was asking if anyone tried it, If hes like on David bombal yt channel he def knows his stuff

I mean hes fighting a war with that

He probably can teach you the skills that a senior pentester need lol

He has a YouTube channel

No

I mean

Its not linked from David bombal videos

Oh, that's the man I know

The website gives me very script kiddie vibes

And it's $1000 which is a pretty hefty price tbh

They’re revamping the website

I wish it was warm all the time

Brother, are you kidding? He has his own channel for fun

Where

They recently released a course for $99 for gold member a month

Yea but from the podcast seem legit

in youtube

That occupytheweb guy types so slow.. I think he's a course and books seller at first place

What Is the name of the Channel

Yea he create a linux basics for hackers

Hmmmm fair enough

https://www.youtube.com/@davidbombal

Bro

I know

There are a lot of free podcasts

This Is not hacker arise

why

Because hacker arise Is a guest

David Is david

Hacker arise Is guest hes not david

https://www.youtube.com/watch?v=GudY7XYouRk&t=9

There are two people here

One Is david

The other Is occupytheweb aka hackerarise

You mean by me, the channel, not me, David

Bro i dont even know what language ur speaking now

hhh am sory

Does the "START MACHINE" feature and OpenVPN feature have unlimited uses? Or does it have a limit like the AttackBox?

im*

I speak Arabic

technically there is limits but you most likely will not run into them.....

the limit that you might hit with the start machine buttons is the max 5 running target machines

the others is unlikely

Alright. Thank you.

Pretty sure it’s 3

could be

never hit the limit so dunno

It's 3.

Maximum of 6 hours too.

But they can be re-deployed infinite times

anybody did the math how much it costs thm for a hour of running the attackbox

$73

Brother, what is David talking about during this interview?

They go through how to hack like mr robot, theres a whole series on it

Not sure how much THM are paying for the services tbh

Send it to me, brother

Cyberwar

https://youtube.com/playlist?list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q&si=2ysBoyoalspYWDCy

This person David is talking to is crazy

Idk im reading some weird stuff about him

Seems like his course Is pretty sus

Do you think there is a learning path?

thank you my brother

Gave +1 Rep to @near hawk (current: #88 - 70)

@blazing granite what's the name of the wine maker?

Cause it's hard to find any bottles with that whitaker name

@boreal scarab get fid

Fid?

And you claim to like OSINT.

Yes, not on my computer nor a sommelier