#general

When someone asks you what your job is

How do you answer?

"i break shit"

for fun

Just explained to someone physical bypass methods and they got uneasy af and asked why would someone learn this

so they can be fixed before someone less honest finds them?

dumb Q

That’s what I said

But could still feel some tension

Imagine you have a new bank that opened and you want to protect it from attackers, you can simulate an attack to see the weaknesses

Anybody got a recommended book which entails how encryption was used in the olden times to the newer times

like history of encryption ?

I just learn from my boss who has a master in electrical engineering

cct looks weird

i'll never use cct

always ckt

yea kinda

looking at the code book atm

You mean like caesar cipher?

They used it for military comms

from the old Egyptian times to the new times

if you can include cipher and code stuff that could be interesting

get some navajo in there

some enigma

Sup everyone

this is ok to start with as in hystori of encryption

There’s also Enigma in WW2 which encrypted information for the Germans, also used in military comms

I used to live literally opposite bletchley park

the also have the Colossus computer there too

and what is name of that movie when tye brake enigma. the dr.strange was as main actor or so

Was it called 'Enigma'?

hmm... le me check

yeah

There's a movie about it, its sick

well afaik

The Imitation Game

That's the enigma algorithm

well... yea... just was nice movie

WW2 where the Americans break the German encryption under the wsr

and there is picture or so to "make eigma" with pringless can 🙂

Navajo Code Talkers was our version

Not respected nowhere near enough for the amazing benefit they brought

um

anyone know why a pc would just randomly get slow on wifi

pc slow on wifi slow

how can i verifed my account here?

Few thousand reasons, potentially including the wifi itself or someone microwaving a burrito

nvm im an idiot

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

ty

Welcome!

Rn im verifed

ty

Sweetness.

Yer a wizard Harry

wait no

my pc is slow

Got anything running in the background? Steam updating a game?

nope

ANtivirus sneaking a scan?

windows ?

yeah

oh... it can be lot's of things

This is going to sound funny, do you have any games installed via the window store with Gamepass?

yes

So fun story. When I used to do that I had random massive PC slow down.

Those games don't install normally. They install in their own virtualized HDD image.

And windows likes to keep accessing them randomly

right

ANy chance the timing aligns with using gamepass?

found the fing culprit

that movies good

MUahaha

Is that in the store?

yeah

i never use it

just the end have different meaning... but is nice yea

Glad I was able to direct you

Hopefully that helps if you stop it

Watched it when I burnt my leg, was fun

eh endings a lil dramatic but real

it wont cancel

What launcher is it

xbox

wait thats actually

ok

Yeah honestly I 100% refuse to use anything from the Windows Store

Linux distros with built in shiney package managers are more functional and valid

eh I don't use microsoft store, I use exes

always seems more reliable for me

Yeah I'll go straight to a site always and get it from the source

Miffed Astro stopped offering their mixamp software on the site

I did a reinstall and still need to find it as I refuse to use the store

fixed it

Why?

Games via the game pass always cause slowdown, even when not in use for me historically(and others)

my pc is now extremely fast again lessgo

And the apps aren't maintained well compared to other versions

Hmm, do you have a source?

My life

I've had gamepass for a couple months and all my games have ran great, albeit I do have a fairly good PC

stick to win-get or chocolaty on windows for package managers

Oh they run perfectly fine

Zero issues

The slowdown for those of us with older PCs is Windows likes to keep accessing the "HDD" style image of the game on and off

For no reason

The games themselves aren't an issue

Just windows doing windows things

Sorry I'm not following, as in, not optimised for HDDs?

Don't think so and if I recall when I started looking into it the way gamepass works is it doesn't install in a traditional way.

It installs a virtual "HDD Image" of the game and runs it

That's true, the permissions are weird on it too

Oh, interesting, that I didn't know

Yeah, so if your PC doesn't have ample power floating about it will just randomly stutter/lag for some people even when doing something simple.

anybody here use a walkman

Just because Windows says "lemme touch based with all of these drives real fast"

I did 20 years ago

I had a Walkman cd player when I worked at UPS around 2006

I see, I can understand that

My PC is quite new so that's probably why I don't really notice it

Probably not, I assumme it's mostly a CPU thing

hmm

i brought one the other day

hi bee, is this your yearly appearance?

you were saying my pc was old?

don't think they said your PC was specifically old

well it was implied on being a probable cause

obviously he couldnt know if it was new or not

but ye

wasnt that

also when programming does the speed only count towars the cpu?

like if i had more ram would it go faster?

Hello guys , can someone tell me why the room "vulnversity" keep loading but never works for me ?

one of the new ones or old ones?

They actually aren't allowed to sell those to people in wheelchairs

It's really sad

dheck why ?

(im lying sorry)

I just thought it was a funny joke

you little s*** lol

It's a "walk" man after all

oooh

https://tenor.com/view/jeb-bush-please-clap-mocking-lol-clapping-gif-7921509

as far i like sarcastic jokes... you are on another lvl of it 🙂

I specialise in terrible disability jokes

It's my niche

i remember that sceene from scarry movie. when that guy in wheelchair and one with hand have standof

Which movie is this

w8 ill find clip

Standup comedy?

https://www.youtube.com/watch?v=EaHFBPUGJzE

Actually it's sit down comedy 🤓☝️

oh lord 🙂

Omg I need to watch this

Don't have a leg to stand on

I love both of these actors

hmmm... is it then one leg in grawe or how it's going then 🙂

Pirate

I have a very serious question, is this a frog or a human?

Also hi toaster how are you doing

i amlkjlkj3l2j4lk2j3 ya know.

How are you doing?

Can I choose neither

Sleepy! Bed time soon

If you have a different option do share

gmo something

I was going to sleep ten minutes ago but

Yeah

Ummm. Monke?

No I don't have insomnia really

I'm a sleep procrastinator

if you want to fall asleeep quick, remember point contact diodes are used as RF detectors

Okay I think it's bedtime

Thanks toaster that worked

Schottky Diodes have lower volatage drop!

GN Poki!!!!!

Will add that to the debate, cheers

Nighty night!

Gn

git goes brrrrr

yup

just pushed shadows rofi and i3 config to github and gitlab

gnu stow is amazing too

I've heard of those

i3wm to be more specific

it is a linux window manager

gnu stow is a neat thingy to handle symlinks for installing software from yesteryear

it is amazing for handling dot files

yoooo sup guys

kinda a bad joke

what is the best way to improve my opsec?7

application launcher

Im going to take a look I never used i3wm might try it out

well if you wanna stick with x11/xorg i3wm is the way but they have a nice migrate path to sway

Just a question for anyone who may know, I have a system on a VM that is vulnerable to RetBleed. The Linux distro is not a VM iso image, just a standard iso image so I loose a layer of virtualization/protection, I also have an Intel Core i7-6660U CPU. With that being said, is it considered difficult for an attacker to traverse through the VM to escalate root privileges on my actual system? With me using VPN, of course.

basically hit key combo... type thingy.... hit enter... said program thingy opens up.... tada

but it is configurable and scriptable so you can make it do other menus too

like screenshot menu

or power menu

I mean I just use gnome cause it works and I'm lazy

well it is a lot more messing with configs and setting up what you want it to do in window managers

gnome and kde is more just works rightout the box with less need for configure

Yup

though you can configure gnome and kde quite a bit still

Defaults work for me 🙂

Less fuss

fair enough

use what you are comfortable with

Ye

shadow wanted to try window managers for a bit

so installed i3wm and so far it is great

would have gone sway if it was officially supported by endeavour os instead of being a community edition

I3 is kind of broken on Wayland though iirc

yeah i3wm is only for xorg/x11

sway is the port of i3wm to wayland

they have config pairity for the most part

Granted dm and wm are different things

but the tools around to make a fully working desktop system you will need to replace some things that are not part of the wm

yuups

How do you know if a room wants you to connect using ssh

One can probably shove sway into gnome's display manager

If it's a walkthrough, it will tell you

It'll usually tell you

If it's a challenge, then try

You may find creds, or not

walkthrough rooms will tell
if it is a challenge it tends to be obvious if you exploit far enough
espeicailly in the enumration phase with nmap

Ight

Cus task four of openCTI gives cress and I tried connecting via ssh but it won’t let me, so I’m guessing it’s only on the attack box

lots of stuffs

Anybody here doing the OSU! CTF tomorrow?

Didn't even know osu did a CTF

I should better organize my dotfiles

Some other day perhaps

A job for future hydra

The game?

Yep

this is what shadows dotfiles folder looks like... then you just open a terminal in that folder and do stow blah and the configs for blah gets inserted in the right spot

It's an event based on the game

Yeah, it's based off of it

i.e say shadow wanna configure alacritty
then they just make a folder in this folder above called alacritty for easy indentification
open it and place the folders to the correct path like .config/alacritty/alacritty.toml
and finally just run the stow alacritty command from the starting folder

might sound weird and complex but it is easy

and modular

Someone's having fun with lasers

too much detail

https://tenor.com/view/patrick-star-mind-blown-explode-gif-21533559

yea... colored cards give different vibe

it's diether effect. kinda nice to make it detail if original picture is fit for that effect

Gonna give displate a run for their money

displate have nice things yea

pics like this colors/details give best results

Looks like you want good greyscale contrast

guess xkcd would work fine as engraved stuffs

yea. diether effect turn picture into 256 shades of grey and auto set laser settings on the fly

also if you google ai bas relief image that kind of images works best

How do you make the attack box full screen

Nvm

Found it lol

@crude stump

Oh wth

Did you create that that fast?

nope had it on hand

have a folder with useful tryhackme guide images

Damn

Thanks

no problem

can that pic be added as GIF or sticker to add from menu right thing or so ?

probably

computers are overrated

there you go... gif version

was thibnking to have it here

discord has favourite gif option

ah yes

https://tenor.com/view/chunk-of-cheese-cheese-guitar-yeah-rock-and-roll-gif-16540135

https://media.discordapp.net/attachments/680459914828972076/1212923816402100286/attackbox-buttons.gif

works 🙂

here is another useful one

ah that one also yea

meep meep beeep beep sleepo sloope sleepity sloopity sleep sloop to the beep boop while meep moops time for shadow

i tried one of those "crack your hash" websites several months ago out of curiosity

just got an email that they cracked it, and it's correct

only took like 4 or 5 months to get a reply, not bad

lol

this ?

ay

that's the one

hehe

https://tenor.com/view/who-pinged-me-ping-discord-up-opening-door-gif-20065356

@boreal scarab

from their homepage:

It's like having your own massive hash-cracking cluster - but with immediate results!

quite immediate

https://tenor.com/view/angry-ping-pissed-kill-xd-gif-13919523

btw @boreal scarab

hi

(i'm done)

@boreal scarab

oh hey kali 2024.1 is out

ping berrise for free admin role

https://admin.tryhackme.com/

PLA?

3d printer type of plastic

oh sweet
the lil ip address kali shows when connected to a vpn on xfce? in 2024.1 you can click the ip address to copy it to your clipboard now

(apparently as long as xclip is installed)

nice new wallpaper default

and a couple nice ones alongside

do any of yall know any good kali wallpaper websites?

you want the best kali wallpaper

images.google.com

best wallpaper

wow

thats amazing

i use it for every kali vm

its 16:9

and its perfect for 1920x1080 displays

lame aspect ratio

cus the original image was so low res

its just what kali likes 🤷‍♂️

my kali is 32:9

damn

16:9 is so 2007

grrr

so many wallpaper websites look so sketchy fr

yeah, ikr

actually i had a good one hold on

i found the wallpaper i used for windex on there

lemme check

take your time

https://www.pexels.com/ stock photo site but i sifted through tons of good wallpapers

thanks

poto

poto indeed

(tf is poto?)

😂

oh its photu

lmao

wait phutu

wait fhoto

😶

foto

like that landing page btw

was considering using that pixel thing as well

ima go finish my thm machine

ty but isnt mine 🤷🏾‍♂️

Gave +1 Rep to @molten sky (current: #82 - 76)

😨

how dare you

web dev wasnt my thing and he said he is fine with me using it so 🤷‍♂️

im joking lol

ur good

https://tenor.com/view/dwight-theoffice-identitytheft-not-a-joke-gif-4948829

idk if i want to keep that as my portfolio tho

cus idk if i like it crazy much

what?

what

what?

keep what as your portfolio

i'd ditch the emoji

but otherwise i'd keep it

il think abt it, but i might make my own cus why not

?

i am getting way better at web dev

im confused

productivity what are we talking about

why

its not all my work

so i want to make my own

websites

oh

the on in your description viper?

one

yeah

wait you were actually confused?

i thought you were just bullshitting, lol

no lmao

bahah

i was really confused

i like the website

tho i agree i think the emoji should go

yeah but i want it to be mine tho

but i like the contrast

it might be calling you to learn web dev

let me think abt it

for some reason this whole time i thought your user was viper

my minds playing tricks with me

mind

BAHAHA

im am a d1 gaslighter

ur acc so confused rnt u

🥴

it was vip3r

how did you know

i changed it like 3 mins ago

wait really?

oml

and now ur dead confused

lmao

too many network interfaces!

agghhhh

huh

i've got like 30 vnics on my workstation

docker and kvm takeover

is 0day active here

wait

occasionally yes

i can just check myself

he last messaged

on valentines day

doesn't spent a ton of time here but pops in

normally drops a cat in chat

i wonder how he got mod lmao

well known, at least somewhat reputable

yeah true true

Ello

llo

Hi bella, weird time for you to be up

nah

Well fun story

Heya @sinful moon u got any suggestions I should give to someone who's just getting into gaming

The end

ngl that was a fun story

Thursday night is karaoke night

That's all I have to say

Oh very nice

It's 3 am and I am in a random kitchen cooking food for 3 new friends

I could go for some karaoke rn

And without using any money I have drank at least a liter of vodka

And half a bottle of tequila

And like 6 shots

sounds like an average night

This sounds excessive

Aaaaand I have school tomorrow

Take care of yourself

Welcome to Denmark

lol when i was in uni still that was a thursday

now i'd probably die

Been a long time since I felt this friday-afternoon workday vibe... unmotivated 😮‍💨

Tickets are slow. Woke up at 3 AM. Zzzzz

is it called a friday-afternnon workday vibe when it's on days that in in day as well

What

Hah, I will first be home at 4 am

And have to be up at 6 am

Tragic

lol aka erry day

Cause I have to meet for school at 8

And then I have work party after school

And then night shift

This.. doesnt clear anything up for me 😂

Was it 'days that end in day' > 'every day'?

He was expressing that every day could be low effort Friday on all days that end in y, but typo

Ok interpreted it correctly then

heya Ellie

Heya, no I don't have the energy to guide a random I don't know through what games are best for them to start with. That's kinda based on what kinda person they are and the vibes you get about them

hmm

You're beginning to have a loadout of some games yourself which you may recommend to them based on how you feel

yea thinkin Hi-Fi rush but it may have a lil too complex playstyle for someone getting into gaming

It's all relative and we don't know enough about your friend to judge.

Also u got any comedy movies

yea probably

Stray is a nice game for someone new to gaming but wanting good graphics I would say however

The action adventure game were you play a kitty cat

Hope you have a better day

ya might be a good idea

I'd recommend it for you as well, it's a nice game for sure

yea, starting DMC5 today

but its on my toplay list

Enjoy, never played any DMC games, but pleny similar in the genre

yup

.

Meanwhile, who doesn't want to play as a cute kitty that talks to robots

That is cute

Yeah quite a bit, it's an adorable game with a good narrative, can recommend

i tried getting into it

was about 20 min in

then got bored

was a lil too atmospheric for me

lol keep playing, you got through 2001 after all

This is a good bit more action packed

after a month kekw

Some games are about exploration and atmosphere, just soak up the vibes until you get to the next mission. Kinda a standard rhythm these days

yea, my attention span is getting a bit bigger but it still isn't my vibe although learnt to enjoy it

i found it to be a tad on the boring side

You'll grow to appriciate it more as you get older, I sure did. Didn't really "get" Blade Runner properly until an adult

I wouldn't go that far, but fair enough

eh gotta rewatch it

I thought it was cute but yes admittedly often a bit easy

watching The Looney Tunes show atm

yeah i think it was just a bit too easy for me and the headstate i was in when i played it

Dr. Strangelove, Airplane! The Movie, Monty Python and the Quest for the Holy Grail, Young Frankenstein, Office Space

Bunch of classics

Oh yea reminds me

U watched twilight zone

Watch out for the 00s in commedy, it's horrific if you choose something liek "whoops all Adams Sandler"

Yes the original series is fantastic

what about Monty Python and the flying circus

yea talking about the original one

Yes the entire series is fantastic

The Quest for the Holy Grail should be a good judge if you like the birtish humor

prior to jumping into the series

hmm

Eh jokes with British accent's always more fun

lol fair enough

I always use the Old Greg skit

You either adore it, or loath it

can't wait to watch Dune 2 tho

Yeah was about to link Dead Parrot, due to ubiquity of it

I was just telling a gent at work yesterday about Black Adder

Especially considering how much of an emotional powerhouse ending it brought

This is a good one for sure: https://youtu.be/evPZ-0UhL1E

what about Blackadder the one with rowan akiston

Also a fantastic show, love it quite a bit

good comedy

SHUt your festering GOB

Oh I'm sorry this is abuse

First time I realized "House" was in Black Adder I did a double take

Bonking on the head is a better thing than I can imagine

Yeah it's a fun sketch

I gotta watch monty python

And yeah I do believe Hugh Laurie is in Black Adder, he did a good bit British sketch commedey and had the show "A Bit of Fry & Laurie" as sketch commedey between him and Stephan Fry

Yes Hugh Laurie plays a dimwit prince in Black Adder Season 3

I just thought I add the conversation I stumbled in

Mhmm, I'd only seen up to the WW2 stuff, upon which I got distracted. Loved that series

up to? the ww season is the fourth and last also it is ww1

Totally fair, and yeah I didn't see it but meant to. I'll get back around to it with my next re-watch lol

Probably need to grab that on blu-ray if even possible. It's all taped afaik so difficult

https://www.amazon.com/Blackadder-The-Complete-Collection-Blu-Ray/dp/B0CPKRR219

eh its on blu-ray

although quite expensive

I got my dvd set right here

it was not that expensive

It's region B only, and supicouisly doesn't show up on Blu-ray.com. I'd go for the DVDs

These are likely to just be simple upscales

hmm go for the DVD then

there are also special episodes that are missing sometimes

you dont want anything incomplete do you?

also Ellie u watched Devs

Fun, but yeah similar issue with Doctor Who and etc. Thankfully modern has specials collections for that

I have not AIO

hmm

Also Stepehn Fry plays Black Adders main rival in season 2

this rivalry was the best

bro

Yeah really enjoyed that show

wigle.net is so annoying

How so?

istg i cannot request anything from it

Watched a lotta clips of blackadder but I LOVE it from the lil I have seen from it

You trying API stuff?

i make 1 query and it gets blocks me

no advanced search

im just tryna find a ssid

If you don't mind me asking, what country in the world do you live in

'murica

Sounds like GeoIP... ah I'm wrong

?

aka it's not based on your country. But there may be something that is still getting blocked because it's sus. Wigle should still be pretty open but yea idk their restrictions

can u search a ssid for me

I just never had any issues with the app or website with my consumer connections

i cannot get it to work

Nah it's best if you figure it out, I don't know your full intent and goals

its for a thm machine

sakura room to be specific

I don't know that specific room but yes try to do this process on a machine not VPNed in or otherwise done on a remote host

im doing this on my host machine

Fair THM VPN shouldn't affect anything, but that's a knee jerk tech support response

im not using the vpn or on kali cus its a osint room

i dont see the need for it lmao

hm

I don't mean to get pedantic but is your host machine VPNed into THM or using other remote connection software which may question network lookup of Wigle of your connection?

realistically VPN only matter if it's tunneling full DNS/HTTPS/etc traffic, but this is not

Just might as well eliminate possibilities

https://tenor.com/view/forest-gump-wave-hi-hello-howdy-gif-22164679

lol, heya productivity, how's the shrimp catching?

my vpn is on my kali machine and im not using it currently

y'all like numbers?

here ya go

learn something about numbers

3.141593653

no

yes

learn

LEARN

so now what do i do cus it says ive used all my requests for a day

and im not using api

shrimp tasty

Use the Android app if you have an Android phone. It's honestly more fully featured there

And kinda the inteded use case

If you hit your local web request limit, well there's obvious well known ways around that

sorry if this doesn't help you much but my attack box is remote and I just ssh in, and tunnel traffic back to me. For all intents and purposes this is my VPN solution for this sorta thing lol

Typically you can expect this kind of blocking actually if you are on a datacenter network at times like this which may be banned, but sounds like you were mearly limited

Freaking Reddit doesn't like where my work remote server is living and blocks me until I try https://old.reddit.com instead lol

yeah but i dont have an infinite amount of emails and accounts

i wish there were mor alternatives to wigle

Hi guys, are there any noobs looking for a team?

I meant try on a different network

But I've never run into issues doing Wigle stuff for a room tbh

DM me

Wigle may consider your ISP to be sus lol

damn it, guess im alone with this

You can easily validate if this is network or account related after waiting that timeout and trying via cellular hotspot. That sure is a different network

If that's still an issue there than you have something greater going on

k ima switch to my hotspot rq

Sounds good, just wait for however long they said the timeout was

thats the issue i tdoesnt say

Props 15-30 minutes

DK1F -G is the ssid

oof, yeah I hope that's not actual current day

May be the case

ergo im gonna have to find someone to do it for me

idk how you didn't just get this instantly, but fair I don't know that room. When I have had to use this it was just one SSID search and match

idk if getting people to do this for you makes any kind of sense. In an infosec and even business sense, yes sometimes you have to work around these limitations. Use another Email Alias to sign up potentially or try other options.

i did try lmao it didnt give any results and then when i pressed again i got that

yeah i agree

il try to bypass it somehow

If you just wanted the answer, there's writeups often for that

well its not like that

That's fair but just mentioning. If you want to do it legit, then the above should be sound. I'm no expert on WiGLE however so I could be missing something big

Just used the app a few times and the web interface more than a couple without issue

Yeah you're right, il try my best ty

Gave +1 Rep to @sinful moon (current: #38 - 188)

lol to be fair it's not a part of the room but indeed a site limitation. It's just something I'd troubleshoot

k i created the 3rd account

and still no results appear

and its not the error

All I've seen is that WiGLE is super un-intutive to use via browser

I do remember another room where this was instant

i dont have an android

notably your room name is completely non-standard and most likely unofficial

So who knows how well they set this challenge up

yeah true

k time for 4th accounr

Hold up, I'm having issues achieving what you're looking to do even on my regular

fr?

I remember this being aboslutely trivial for an official room and not sure why this is so difficult

oh wow

should i just forget abt the room?

Finally found it

with android?

Advanced Search, use SSID and remove the most likely extrenious space from your SSID:

It's somewhere in Japan

man fts

it was the space

because of the space

i had to create 3 accounts

Yeah I've been trying without the space because I noticed but only had scuccess just now

even if burner may want to remove lol

why

spam and operational security

oh

More of a best practice, no worries for this sorta thing. But best not to announce your infra directly

lets pretend i never sent that

Hah, I sure don't mind

and plus its isnt burner

i have a list of them somewhere

from a bunch of precreated

i just cant find it

so i gotta use my email dedicated to ice spice

mhmm, operational security is just covering for your own infra/addresses/and etc to make sure they aren't exposed while doing infosec stuff

ong

yk whats funny

wigle isnt even letting me log out

uh, huh, I was going to counter with screenshot of the logout button

very stable site lol

i quit ts

not really

but il figure it out

You got the info you needed though right?

nada

because i tried again with the space in the -

it doesnt let me use it again

https://wigle.net/search?ssid=DK1F-G

obvs those comments are red herrings by users

yeah

@molten sky @hot cairn https://youtu.be/EIHIHqvqmOk?si=xpwQhbMIrIibBm_l

it kinda is

bullshit

LGA

lga is not that bad

not that EWR is good

but it's LGA

jfk

is...

JFK at least has a decent lounge I can use

normal

"free" drinks

when the new lounges open up in 17 years in EWR term A i'll be happy

34 years later

So does EWR

not really

Terminal C united club is nice

they have like two lounges in C

not very accessible when you're in A or B

Bus

They’re opening one in A too iirc

Flying into A this weekend sadly

#general message

hopefully lol

but still takes FOREVER

like holy shit you built an entire airport terminal in how long? and it takes you like twice that to build out a lounge?

nada. bus either goes one direction, at the wrong time, or not to the correct terminal. never ideal.

the bus just does what it does to suit United

(i mean, it's their bus after all)

unless you meant the actual bus, just assumed the shuttle

honestly tho ewr has a good design pre-9/11

the pinwheel and parking style was well thought out

post-9/11 security just fucked it all up, lol

KMCI old terminal was interesting

Flew into that a bunch

ya know as much as i hate chicago as a place, ORD is solid

i wonder if we included canada's "mega" airports, if EWR/LGA would still beat out YYZ or not

okay bye everyone

just disappeared on me 😶

first time i've ever had the thm vpn fail with networkmanager

wonder what changed

good evening

Hey guy, we are not supposed to store user password on the client side (local storage or session storage on web browser), aren't we?

If so, how does silent authentication without refresh token works?

not sure if i understood that or not, but..........

correct -- don't store the user password locally. instead, a session token should be issued. the server will track the session token going forward

well, until it expires

could be in a few hours could be never (if designed, imo, poorly)

Active Information Gathering I

https://youtu.be/CcaghL31LFI?si=FqHisBhFuQ5gv-a3

So basically silent authentication without refresh token is just using access token along with authentication session

i don't wanna mispeak and give you the wrong idea by accident, someone else could probably weigh in
but yeah storing the password client side is a big no-no
session token theft is already a big issue, that would just make it worse

Yes, I got that one

Btw, JWT concepts is such a mess

I do some research on Internet recently

And even on stackoverflow, people cannot have the same agreement and still debate

Whenever or not they should store jwt on the server side

Or how they should implement token rotation correctly

stack overflow is a disaster, lol

used to be the go to

now it's become my place of absolute last resort

after gpt even

morning

m

how are you

checking out the moniker link box rn

knew it was bad but my god is it bad

damn that bad

Literally zero need to

Whole point of JWTs

hola james

Mornin

just got my new gaming laptop and its so beautiful

wait

YOU CAN USE RDP

i've been here for too long to not realize that

If only that were easy, man

No it really is that easy

Everything is ok if I use only access token

JWTs exist so that the servers don't need to maintain session state

However, things get more complicated if I implement remember me feature via refresh token

Due to its long lifespan and the ability to grant access token

There is no way I can rotate and invalidate it

except storing and managing its state on server side

til it reachs expiry time

Rotation and invalidation is handled by looking at the iat, nbf, exp, etc

If you're storing people's oauth JWTs server side, you've seriously messed ip your architecture or design

Some dudes on stackoverflow even recommend to store a hashed version into database lol

That's why I say JWT saga is a mess

It really isn't.

Same thing as always, people not learning how things are meant to work and not reading the docs.

‎

this

JWTs should be generated as needed

I feel like libraries would just sort this

that makes no sense

like...on the client?

@molten sky do you disagree?

eh it's complicated once you get OIDC in the mix

nah just did my duty as redditor when someone says This

i actually agree

JWTs exist to delegate authentication to a third party

Smh this isn't reddit

And working in stateless servers

eh, there's almost always some state

in practice

Nah I'm not expert in JWT, too

But it means you don't need to track authentication state at least

But my point of view about JWT is a mess is not changed

yes

What is meant by "JWT"s?

I also read Auth0 docs, and this is how they invalidate and rotate JWT

"The Auth0 Authorization Server has been keeping track of all the refresh tokens descending from the original refresh token. That is, it has created a "token family"."

JSON Web Token?

aye

ffs there is an RFC for it already

it's old tech tbh

of course there's an RFC

there's an rfc for the proper use of carrier pidgeons

that feels wasteful

why wouldn't there be an rfc

I mean it was an april fool's joke

Here is the link if you are curious: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/#Refresh-Token-Automatic-Reuse-Detection

it's a completely viable protocol

naysayers are just in denial

Keeping track doesn't mean storing tbf @crimson hedge

That is the entire intent of the RFC. They are bearer tokens

I've heard of implementations

the tests people have done are interesting, lol

I would be happy to read about these tests!

Oops, a big 7!

Ah, my favourite data transmission protocol;
Wireless Pigeon Transfer Protocol (WPTP)

https://youtu.be/4pz2kMxCu8I

It's the lesser spotted 3$ snakey boi.

HTCPCP is my favorite protocol

https://www.bleepingcomputer.com/news/security/cisa-warns-against-using-hacked-ivanti-devices-even-after-factory-resets/

Ivanti are not having a good 2024.

Damn

Even after factory reset

Why is Google showing me a tea pot with wires in? 🤔

That's it.

https://filippo.io/linux-syscall-table/

Here it shows the opcode for write is 1, but how come in assembly i have to use 4 for write?

here for example

hacker is not HeapOverFlow

he is real hacker unlike you 💀

||JK||

what is that?

Because that's the table of x86_64 architecture. Here is the x86 syscall table:
https://x86.syscall.sh/

oh, thanks!

Gave +1 Rep to @devout palm (current: #28 - 279)

It's a little teapot, short and stout.

interesting

Accurate.

||Your name scares me||

In what way

😂

MAD and alos Scottish

and burd too

Ahahahaha yeah

you real scottish?

No, she's fake.

She's a wannabe.

Real

or it's a catfish acc 💀

Nah, she's not a catfish, she left Scotland.

😂

a scott is more scary when scott in scott land

she is harmless now. she just mad

Yes I am from paisley

Near Glasgow

😂

I used to talk to people from Paisley.

as I said... you are harmless now

Good Job..

😭

Good morning

Hello hello.

On April 1, 2014, RFC 7168 extended HTCPCP to fully handle teapots.[4]

This really is something else

I appreciate that there is protocol out there for Smart Teapots

Hopefully they don't leak creds.

These iKettle would leak creds.

I love IoT devices.

Now I am just wondering whether it is similar to the toothbrush case.

As in completely made up.

IoT devices are stupid

My washing machine shouldn't need an internet connection

Don't buy one with a connection then?

I like them being part of some skids net

Change the default password and pihole them.

"sorry, you must have an internet connection to wash your clothes"

admin:admin is secure enough for a god loving american.

So you can access it without their knowledge? 🤔

Having a way to automate and remote control things like heating is actually quite useful, I want to add.

Heating, yes.

Washing clothes? not so much.

This is where self hosted comes in

boiling a kettle? nah.

Smart fridge that tells you the contents, possibly.

Yea, the kettle is a little strange.

Most kids are actually renting APIs to make booters now

I need me a smart stove

When you program Java.

nah, I only have one screen

You poor soul.

am poor 😦

You poor poor soul, then.

😢

I should really do some studying today

My monitor quantity relates to my relationship status

I got 2 phones

noice

And one totp phone

Hi day

Hey hey

Hi stuub

I just finished an amazing project that I started last year

well, It's not finished but It's finally where I wanted it

Commitment noice

What is it?

https://davidinfosec.com/2024/03/home-it-support-ticketing-system-revisited/