#general

yes

Ahh that's tough. Gottta go with what supervisor says 😅

always found that typo funny ngl

that used to be your username right?

or am I just misremembering things

man if YOU all are saying these things, im defo screwed with the ngfw project

it's close

very close

huh

then I don't remember lmao

i just removed my legacy tag thing too so you'll never know 😶

well, instead of looking for a solutiuon, start looking for a problem, then its easier to find a solution to it

hey that's me

I'll just call you foss then

if that works with you

it'll probably change in a month

'eh, idk how good you are at programming and how far you want to take it. But 3 months if not a lotta time for a deliverable imho. You or someone else might breeze through it 😅

if you dont mind me asking, where exactly should i look for a problem?

like any other great tech company in Israel one of the founders served on Unit 8200, like the founder of Cybereason

i was surprised "fosscad" was even available

👀

give me an hour

Can start by asking people what they find annoying, that's a great way to start

If a lot of people are annoyed by the same thing, then that is a problem

aight. there's a VIP sub in it for you

Here's a problem for you: how do I get random strangers on the internet to stop messaging me to hack their friend's/exes/boyfriend's instagram accounts?

¯_(ツ)_/¯

Don't market yourself 😄

No one asks my mother to hack instragram accounts

you should see shadows main emails spam folder

Eyyyy shadow!!

morning

check out my panel so far http://127.0.0.1:8080

it just says 'get hacked'

context aware llm ai filtering system tied with social media api to auto report and block handles maybe? thats outta my scope tho

omg omg, I got hacked!!

I saw cmd console pop up for a moment and then it disappeared

requests to hack
pyramid schemes
selling drugs schemes
afrikan prince scams
and more

this is still ongoing 👀 ask away https://www.reddit.com/r/tryhackme/comments/1bberf4/ama_im_ben_cmnatic_a_fulltime_content_engineer_at/

also, isn't shadow supposed to be asleep?

yeah...

...

go bed

it's 2 AM

got sucked into a rabbit hole about android captive portals

oooh, android captive portals I see 👀

https://tenor.com/view/ninjala-jane-hacker-hacking-computer-gif-20337624

that's a decent enough reason to stay up

3 keyboards ...

did you know most phones send a request to google every time you connect to a new wifi to check for captive portals

It can't be done, people like that will always exist. It's like they grow from under the rocks 😂

no mouse tho so we're good

imagine having this muscle memory confusion and you lose intuitive keyboard usage for a moment

what month is 15?

a rock is an understatement, I would say a boulder

UK time/date format

the only right format

also can you hack nasa for me

ends on the 15th of this month

asked my question 😄

i can maybe do your toaster

wat m8

that's where i cook my bread

Can you hack my toaster? Its 20 years old

the correct date time format is specified in iso 8601

quick detour from whatever we're talking about, Ben here is an absolute legend, helped me and shadow resolve the 39% error when uploading our vuln box to THM

how many times does shadow have to teach you this lesson old man

r/ISO8601

hold on, that's a thing?

no

it's fake

you're in a simulation

anyways shadow is now gonna go meep moops to the sleep sloops with the beep boops

isn't everyone in a simulation?

no, just you

Good night shadow

👀

I choose not to believe that

What to do if you have a virus in your computer?

nuke from orbit

nuke the drive

reinstall windows

or whatever OS you're using

Nuke?

except that second part

hard wipe the drive

yeah just use one of your handy pocket nukes

I mean I can't run anything yk.

MOAB

Ask it to leave

you don't have to

if you don't consent to being hacked they can't do it it's illegal

why didn't I think of this

Try using anti-virus and removing it manualy

It isn't working bro. It's running itself

Please don’t give this as advice, this should be the last option.

ah, my bad, I'm sorry

eh, for run of the mill stuff yeah || ( this is in agreement ) ||

Exactly

Think outside the □ 😎

square?

mb, think outside the cube

parallelogram

But for starters, try to find out what persists it and then kill the processes

somehow I was thinking about nuking a driveway

No, square

It was all black and now I see alot of pop ups

I don't know who put you up to that, but it's most definitely not me

I feel like I'm in a big trouble ☠️

Imma put the blame on you

what long/lat?

i'll see what i can do

420/69

What kind of user permissions do you have on device, can you freely kill processes?

do you have another computer

try installing an anti virus software and use that to try and remove the malware your computer has

Nah man

good question

then yeah best bet is to try and download an AV 🤷‍♂️

❤️

oh yeah this is also happening btw

not to plug

but

🔌

https://www.linkedin.com/events/7173320092334714881/comments/

go sign up 🫶

ask me questions (make them easy pls)

probably a dumb q

but what even is cmnatic

like is that a ref to something

or

initials

or

nah your name is ben

not that

it's a name I thought of when I was wanting to get into cinematography

back in like .... 2013 lmao

that makes a lot more sense than expected

so it's basically just a play/compression on cinematography I suppose

Q 2

yes

shouldn't it be cnmatic

yes

what kind of questions?

😶

easy ones

i made a typo when I registered the youtube account for it and just well stuck with it

feel like that sums me up pretty well lmfao

😰 What is considered easy - to him or to me?

ask him how to write hello world

for that interview?

Ben has created 90+ rooms on the THM platform -- covering both blue team and red team. We will be talking about careers, his work at TryHackMe, guidance for making rooms/vulnerable machines, and much more.

for my AMA on reddit rn basically anything that's covered/related to what I put in the post 🙂

you can also ask me what my top 3 favourite eurovision entries for this year are 😎

Just did, have a few questions about creating rooms.

is it easier to make difficult rooms or easy rooms?

cool cool. I'll get to it -- just working through a backlog 😄

Really hard to say to be honest. I think both can be equally as difficult at times. There're a lot of variables. I.e. easy room != easy to make. Depends on the practical, or usually, it requires a lot of written content (i.e. translating technical topics to a beginner audience) , etc. Where a difficult topic, you can get away with a bit more assumption of previous knowledge.

i Qed

That's why I asked, for easy rooms you need consider with the fact that beginners don't know what you know 😎

yup!

Maybe I should start trying to make rooms at some point, could be fun experience, got a fun hands on training with IaC already

I've had some difficult rooms that have been a breeze to dev, and some "easy" that have been hard. The practical element is usually the biggest decider

I would honestly say go for it. You learn soooo much doing it

good way to practice/pick up soft skills as well. Communication, etc

Is there perhaps a template somewhere that describes how the room should be delivered?

dockerfile or vm snapshot whatever

Needs to be uploaded as an OVA (vmdk technically works but imho it's a bit...iffy. OVA is your best bet). But ofc you can run docker on the machine. Hang on let me find some docs

That would really give an overview how to approach the engineering in first place

https://help.tryhackme.com/en/collections/3665115-room-creation here ya go

.OVA is nice, but if I want to make a windows based room, then windows loves to steal space

if a mod happens to swing by, ask if they can add you to #creators-lounge if you have any questions

Cmantic, planning on creating a walk-through room about SQLi but just different types across a couple of DBMS, what's your opinion on it?

appreciate it

oooo i want access to #No Access

it shows no access

they always forget us poors don't see what it says

That's fine. Use Windows Server (say 2019) over a Desktop (Windows 10). Also, make sure you setup the VM in BIOS/MBR mode and not UEFI/Secure Boot. Try and set the disk to a reasonable size. I find 40gb to be fine if you're not installing a lot of things, at max i'd say 50-60gb.

you'll need to ask a mod if they swing by to add the role that allows you to see that room (mention it's creators lounge)

what I mean that in order to great the room I would also need to find the space on my computer 🥲

But yeah, I will worry about that somehow

what? you mean you don't have 16TB drives lying around?

Of course not, I am not collecting daily PCAPS here

I just think room creation would be a very good approach to applying knowledge I gained from getting my certificates 🤓

yeah sounds pretty good. Across multiple DBMS would be cool - especially if that was included in the practical

gonna submit a qcow

ovas are overrated

you can't

can't stop me

Although how many DBMS's would be too much.

well, you probably can but the conversion is not compatible

curious what the hypervisor is tho

submit .bin, why format

Maybe one for different langues. I.e. 1 for NoSql, one for MySQL, etc. But basically I would say ... maybe 3/4 is too much for one box?

just rename extension

.md with directions to build the room yourself

make it .txt, readability is laziness

WHERE EXE?!

So about MongoDB, MySQL, Weaviate and one of those cloud ones.

unless you can run the cloud one locally, it won't work. Machines in rooms don't have internet access 🙂 others sound good tho

AlloyDB may work locally, the postgres wrapper thing by google.

STINKY NERDS

saw wall

wall gone

where wall go?

https://tenor.com/view/vanish-illusionist-magic-up-in-smoke-magician-vanish-gif-17491990

oh mah lawd

another crit microsoft cve related to email stuff

number?

CVE-2024-21410 looks like ms exchange priv esc

ahhh that one

worth reading or nah

oh wait

i dumb

i thought this was a different one

cve-2024-21410 is pretty cool. Low attack complexity and requires no privs

was looking at this a couple weeks ago i think, around when the outlook cve was published

The MonikerLink one?

i thought this was novel but nah

yeah monikerlink

ahh yeah. That one is cooler 😄

they've not been having a lotta luck recently. Welcome to 2024 😄

it's quite interesting actually i agree

played with it a bit at a k12 just demoing things for someone there

( legitimate )

It's *apparently *possible to get RCE. Been trying to expand my PoC to do so but no luck so far

i haven't seen any RCE poc yet, but i was hoping to experiment a bit

might read up on monikerlinks and see if there's any interesting functionality

ooh this repo recently added a demo of it but not published. https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/tree/main

Welp, guess It is indeed possible and i am not smort enough😅

ooo 👀

oh shit he's got a shell demoed

have you done my room on it?

a few days ago I ran through it -- pointed one of the aforementioned k12 people at it as well actually

ahhh fair enoguh:)

honestly it's harder sending the email because it's all local rather than actually exploiting

pretty amazing it's gone this long

one day instructions for RCE ™️

'eh in this case yeah. The mail server has to be on the windows/vuln machine unfortuantely - no internet access etc and it's easier than telling people how to setup a mail server on their devices.

In the real world that wouldn't be the case. Though, you'd likely have to use domains and stuff for SPF/PTR records etc to get through spam filters

oh no i agree, just emphasizing how simple this thing is

ahh yeah 😅 yeah it's crazy cool. I was reading the ms advisory and was like "surely this won't be hard to write an exploit for" and nope - It wasn't.

i should take a look at some ~forums~ and see if anyone's talking about an RCE method

Just saw your answer Ben, great advice!

@lone thistle how dare you

vim >

hahaha

honestly if anything requires more than nano I throw it in sublime text

nano is for editing sshdconfig and when you don't have sudo to install vim

ahah trueee

With nano you have Ctrl + X, Ctrl + W (whereis), Ctrl + / go to line and Ctrl + C for what line you're on

what else do you need?!

i guess copy and paste too but that's it!

can't name it in general but you know that one forum that starts with a lowercase d that always has a waitlist to load

yes

loaded in like 15 seconds right there

fastest i've ever seen

I hate the captcha on that damn site

i have never gotten that first try

it's clever tho ngl

indeed. I mean it's' better than the one that they were doing with the clock. I mean I can read a clock but ... apparently not LMFAO. Or the one with the images that were like 3x3 pixels

hm. wonder if they made it like "always fail first attempt"

mayperhaps

hmm

i know where to look

damn, ol reliable has failed me

write your own. EZPZ right? 😄

if i had the energy to write my own i'd be writing my reports right now instead 😂

😄 mood

one of the mon link PoCs i stumbled across is literally just sending the email via telnet with sleep 1 between every line send

is that the bash script one? 😄

yup that's the one

haha yeah

can appreciate the simplicity of it i suppose lol

although a loop would probably be cleaner

I had a very interesting PR from someone when I published my PoC that basically complained that it didn't do the things that I said I intentionally left out in the README, and then turns out their PR was just entirely copy and pasting someone elses', removing my attributing, and adding credit to themselves for someones entire code

i was like ... ah yup ... this is why I don't publish things lmfao

like i'm not surprised

hehhe

but i'm still just very disappointed in people

pretty much!

KEKW

Eh add a code comment with your credits

or just your name in a function

those people usually don't bother to check for that

gonna PR all your repos just to prepend attribution to myself

Morning

m

Mornin'

How your fast going?

slow

Going pretty good, currently waking up to make breakfast, got a little under an hour to make and eat

nice, that times usually the sweet spot

Yeah, I can feel that my body isn't used to waking up at 03:30

if I have the NTDS.dit file from a target machine but I don't have admin so I can't get the SYSTEM file in order to extract the info from NTDS using secretsdump then what do I do?

eh, you get used to it

I just was super tired on my first fast during the last hours

i have to admit im still very bad at windows post exploitation xd

i have to admit im still very bad at windows

same

it's the lowest on my skills matrix in theory. Not my worst out of those, but yeah it can be tough 😅

also means i need to complete more THM rooms in general 👀

i started being active on thm again

feels good

i did like three rooms so far

completed anything fun recently? both El & product

in the last idk how many months

one of them was monikerlink ofc

more like reviewing stuff

but its also funny to do so

fair enough 🙂

Yeah, I have been taking naps, but today I can sleep till late after breakfast, which is nice

yeah I need to make more of an effort actually doing rooms lool. My rank slips day by day

I try and do one every 1/2 weeks or so, but I guess after creating them & reviewing them all week full-time, time away from a screen is also good 😅

Also I need to go to my local bazaar for some dates

nice!

same, just need some things to learn

dried fruits are a migraine trigger for me 😦

Awwwwwe

and im seeing sheesh these days by someone

I am getting dates to proper break fast with, and to eat a proper suhoor

wait a min...

muslim?

Not fully, but trying out Ramadan for my first time

TIL

means new muslim?

"TIL"?

id

k

just "today i learned" re: KyootyBella

https://www.tiktok.com/t/ZTLL4ht7c/

Give this a try if you don’t have any allergies to anything. It’s so good

I'll see what I can do, I don't have a blender

This is my suhoor meal today

what time is it rn for u?

04:04

A.M?

Yup

then the 3rd day of ramadan has started now for u ig

and quick reminder for advice

wait brb

No worries

back

anyways quick reminder that if u wanna become a muslim, u should read story of lut and what happened to them before converting to avoid smth i cant say it here

@chilly veldt

comparing it to my meals, fried paratha, naan, seikh kebab

you're too healthy

I get that

perfect understanding

Ahahahahahaha, yeah, I am also still keeping my diet going, for losing weight on top of this

How's the ol' gymming going?

GL, you got better determination than me

I gotta lose like 5 kilos but I like food and if I don't eat enough I get hangry

Me and my husband went on a diet. we just eat salmon, brown rice and veggies for the most part and eat egg whites for breakfast. I try to change up how I'm cooking everything and try new recipes, but my husbando lost 27 lbs in 2 months form diet alone and he's full from all of our meals. even snacks on apples in between

you can do it. just gotta find what works for you

I just asked chat GPT to sound scottish and im laughing my ass off at the results

pls send it lol

"🎮 Welcome tae [Community Name]! 🎮

Hail, fellow gamers, and dinnae be shy – ye've stumbled upon our digital sanctuary, where the thrill o' victory awaits and kinship kens nae bounds! Whether ye're a battle-hardened veteran wi' a trove o' tales or a fresh-faced recruit ready tae set forth on yer gaming journey, ye've found the perfect haven tae ca' hame.

Within thae virtual walls, ye'll find a vibrant community o' like-minded souls who share yer passion fer gaming. Here, triumphs are hailed, challenges are met head-on, and friendships are forged in the heat o' battle.

As ye roam through our channels, ye'll uncover a treasure trove o' topics tae suit every gaming fancy. From heart-pounding shooters tae sprawling open-world adventures and all in between, there's a spot fer every gamer tae claim as their ain.

But mind ye, yer journey disnae end wi' just joinin' the community – it's only just beginnin'. We urge ye tae take an active hand in shapin' our community by selectin' yer preferred roles. Whether ye're a master strategist, a crack shot, a healer, or a jack-of-all-trades, yer unique talents and interests add tae the rich tapestry o' our community.

So tak' a wee moment tae introduce yerself, mingle wi' yer fellow adventurers, and embrace the spirit o' kinship that defines us. The road ahead is fraught wi' challenges and triumphs alike, but together, we'll face them wi' courage in our hearts and a twinkle in our eyes.

Game on, brave souls! 🚀✨"

its too accurate ahahaa

hi

have u guys actually found a real bug

in actual systems

how hard is it

hi guys

where i could start hacking from , i know some python , c++ also , if require html and css lol , and learning javascript

Hi guys. Maybe anyone by any chance has tested an Asus EBR63 AX3000? I wanna buy it to build my home network, and make it more secure. Also any tips on building secure home network are very welcome. Thanks in advance!

nope

roadmap .com

Any tips for SSH enumeration via android?

good morning

good

hi

hii

😓

Im thinking about some reversing and binary analysis tools, can you tell me what is your favorite and why?

one min ...

Ghidra. It's an open-source software reverse engineering (SRE) suite of tools developed by the National Security Agency (NSA). Ghidra provides a wide range of features, including disassembly, decompilation, scripting, and more. Its user-friendly interface, extensive capabilities, and active community support make it a powerful choice for reverse engineering tasks.

Ok...

I assume you wrote that, I like Ghidra too

use ghidra and become reverse engineer , yeeeeeeeee

so easy.\

Ghidra is bae.

Please I have a question...is the networking in Tryhackme enough to know the fundamentals of Networking?

help

What's up?

It can give you a good grasp of the fundamentals.

If you do all the network rooms you'll be in a better place.

I'm a beginner, I'm Brazilian and I'm having some difficulties

"" You discovered that the login page allows an unlimited number of login attempts without trying to slow down the user or lock the account. What is the category of this security risk?""
what would be the answer?

#room-help for TryHackMe related help please. 🙂

thanks

❤️

Hi

Hello 👋

Im new here hehe

good afternoon

Good morning, and welcome!

nice user name 😂

Hello to the people of the internet , I am new here.

same, Hello

Greetings, Human!

Hello to both of you

I joined the server just now

Nice to meet you.

Morning

Heya

nooooooooooooooo. I'm still dreaming

another 5 minutes

I never understood why the nickname HANCOCK is banned in Europe

i cannot remember how list all scripts in nmap.

I feel like such a newb.

why fail me memory

I really hope you pass your trial ❤️

It's the second time today that I woke up😭

i know i could just google it but I need some social interaction today

Thank you!

Gave +1 Rep to @karmic furnace (current: #176 - 35)

scrubz is on trial!?

order, order

That's why my name is blue and not green 🙂

oh, that kind of trial.

Looking at your palms, I see you becoming a moderator in the future

He better.

Yeah, not court trial 😅

darn, gotta put my robe and fancy wig away then

Isn't that itchy?

probably

I always see them and think they must be itchy.

Courts are always boiling

https://tenor.com/view/phoenix-wright-judge-ace-attorney-capcom-guilty-gif-16885690

I like the wigs.

anyone have book/any resource recommendations to get ready for CEH exam

there should be course material, no?

i mean not really

As a newbie that wants to start a career in cybersecurity the Tryhackme has been so great for me 🙂

Microsoft copilot just gave me the most realistic picture ever omg

Are you all crazy about ai? Nobody worried about Skynet 3.0?

what do you mean when you say AI?

I’m just using it to make logos

I am talking about Artificial Intelligence, which encompasses the development of computer systems that can perform tasks that typically require human intelligence. These tasks can include things like understanding natural language, recognizing patterns, learning from experience, problem-solving, and decision-making

I'm not worried about any of those systems.

It’s not too intelligent yet. It can’t even spell and code is riddled with error so I wouldn’t worry. I keep arguing with it on a regular basis

Does it like to talk about cats? i like cats

Spelling mistakes and coding errors? Sounds human to me 😁

😂😂

I was trying to get it to spell my gamer tag and it was soooooo off with the spelling

@sick lance

Asked it to make it more Scottish and not anime and it made it more anime 😂

I just the official challenge for it.. and it was by far the easiest thing I'd ever done..

My practical knowledge is insane.. not so much the theory.

Done!

Jabba took Scrubs Jooob

hlo

nah

https://tryhackme.com/room/ccstego
this room does not give points huh?

Scrubz can’t use the bot at the moment, users with the “Mod” role will have to be pinged for the time being

he can still mute though

can someone check and tell?

looks to be a private room

idk

try this link

Please do not bypass private rooms @foggy leaf

other users who attempted seem to have got 660

my frnd sent me this room

You do not earn points from private rooms. This room was likely made private because of outdated content

Done!

[BANSPAM] I cannot DM busy_capybara_56285#0!

Can I? 😄

do it.

for one minute.

to me

permission given

No, I can't joke mute/ban/etc

Miss use of powers.

I literally have given you permission though. :<

Is it still misuse?

You can test on my alt @celest lava

But I know you can’t use any of the bot’s commands

If you can then that is a misconfiguration on my behalf

Nice try! You are not a moderator

Nope. 😦

Hydra lied.

This is why we test things.

Hydra might be referring to Yag but we aren’t supposed to be using that bot

I was going to say maybe yag, but not trying.

Anyone watch mr robot?

I'm 4 episodes in and it's great

Here's me thinking it was gonna be a Wish made Terminator series 😂😎

anyone here has completed google professional cybersec cert?

is it free or paid?

its paid

but my country paid for it for me

nah actually i did appear for cloud digital leader certification but couldn't clear it

How

The whole show is hit and miss,the ending ruined the whole thing for me.

but what i wanted to ask is about 30% of discount for comptia sec+

so if anyone did google cert pls let me know

It's a very easy certificate to learn the very basics of cybersecurity. Although it will give you a voucher for some money off the Security+ certification, it's not sufficient to train you for that exam. It also spends time discussing another exam, the CISSP, which is intended for people with 5+ years experience in cybersecurity. If you can do it in the free week at the start, it can look good on your cv/resume, but it is only a certificate of completion and not a certification to show your abilities.

I wouldn't pay the almost $50 a month for it, as there are much cheaper options, like THM and many books at reasonable prices

im not arguing at that, i mean its a beginner certificate

but is 30% discount permanent and can be used any time?

What discount?

30% for sec+

Usually they have like half a year - year to use period

But I can't tell for sure on this case

That reminds me, my CCNA voucher is expiring soon

You'll have to check the terms on it yourself

aight then

thanks anyway

Pretty bad ending?

I wont spoil it to you man,just watch it.

anybody down for a study session with voice chat with me? im an network services room

Man, I am on season 2 of Mr. Robot. I have loved it so far. Which episode should I stop at so I don't ruin it.

Watch it till the end yo,form your own opinion

you watch the avatar series?

Guys, please tell me if CCD certification is worth it? Or TCM security of PJPT worth it?

I mean if these certifications are recognized by HR?

Check your local job postings for mentions of these certifications and you'll know if they are sought after where you are at

@sick lance congratz!

Thank you for replying. I didn’t find in my local job posting. But the thing is I am interested in practical exams certifications like the one I mentioned, not MCQS like comptia security+. For practical exams you actually know what you’re doing 😔

Gave +1 Rep to @jagged moon (current: #12 - 557)

I started finding more tcm stuff in "is a plus" sections recently myself

Oh yeah. The only ones i have are practical too so far

But still, if there is some multiple choice cert you are easily able to obtain and it's highly regarded locally, why not

Basically tailor it to your job market, not your preferences, imo

Thank you fluff!

Gave +1 Rep to @jagged moon (current: #11 - 558)

I have CCD and it was valuable in terms of me describing what i learned from it,also writing stuff that we did on my resume. I wanted to do BTL1 but it was kinda to easy compared to CCD,so i choose second one. Overall its decent cert,for final exam you 48 hours to do ThreatHunting with ELK,solve Disk/Memory/Network Forensics and solve some email perimeter defense questions (only 3 questions).

@ashen wadi gudetama ❤️

Overall CCD certificate helped me land a job as Soc Analyst,in one of the best firms in my country. But the thing is,i also did Security + few months before that PLUS i also did over 250 of challenges on THM in 2023 year.

🥚

This kind of certifications interests me as you actually learn and do stuff to prove that you know something and learn a lot of things a long the way but my employer asked me to do security+ and its so boring because he provided me pdf and PowerPoint slides. Currently i’m learning from THM and was thinking to either go to red team (TCM pjpt) or blue team (ccd)

Sec+ sure can be boring BUT it gives you valuable knowledge of security basics.

I'd pass sec+ as asked and do pjpt or ccd on the side to learn in that case. Not actual advice though, just how I would handle that

I think Sec+ is great to get people torealize Cyber Security isn't just a computer screen.

It removes the movie glamor

Majority of people wach Mr.Robot and wanna become hackers or pentesters,but reality is totally different. I mean sure there are expections BUT usually pen testers are roles reserved for really experienced people, with years of experience. So its totally fine if you start kinda lower,you know as network technican or soc analyst,from where you can build up on your skills and if you show interest in other things ,you will gradually move up.

Most folks don't think about when you are setting up a new office/warehouse/whatever your going to walk around with a long stick with a wifi on the end and then measure ranges and adjust signal strengths so that you get maximum coverage but limit bleed outside.

ANd that it's going to take an entire day

Also big thing that helped me pass CCD is Soc Tier 2 (ELK threat hunting modules),kudos to thm for that.

I would love to do physical pentests,as i read someone had to pee on a door and it sounds really fun.

Quite an interesting motivation

Whisky through a door also works

Check all the deviant ollam talks. They fun

Hi em

(https://www.youtube.com/watch?v=SDl4AO4ancI)

Elevator talk ❤️

Great minds think alike

So

WHy does whiskey/pee work

https://www.youtube.com/watch?v=rnmcRTnTNC8

Tl;dr Rex sensor being triggered

oo, this is going to be a fun watch

Those damned sensitive dinosaurs

the thing you normally trigger to exit so you dont need a key

you just make it think somethings there

compressed air is a more sane tool

And one that probably doesn't leave genetic evidence...

Do we even do physicala pentests in Europe?

I only heard about those from USA

I promise you there are plenty of companies that do.

Yup

In America it's just popular to talk about

But in America I can drive across state lines with a USB device

COntaining specific data

In Europe, you can get fined or end up in jail doing that

SO people just talk less about some of the tech stuff there

Granted I admire Europe's protections for people in that regard

America just farms it's citizens data out to corporations

Man I keep eyeballing snagging a Steamdeck for my India trip

Steamdeck is bae

i sold my pc and got the LCD on sale, trust me pair that badboy with a ps5 Controller, its a dream come true

I was looking at the 1tb OLED. Looks flexible for both steam games and additional capabilities for games outside Steam

THing looks like it runs GTA V smoothly

Just gauging if my left thumb will be ready by then lol

was that even a question to begin with lol ?

i run NFS Heat easily and NFS unbound at a 40fps

so gta 5 is a butter smooth experience

even tho id recommend discovering your backlog, i've finally played skyrim thanks to it

and the emulation is just the chef's kiss

Only issue is your pinky will go numb after 1-2 hours, so ps5 controller was a must for me

Ahahah

Don't want that

I have a PS5 controller though

As well as an accessible 8bitdo with all the buttons on the face

But yeah I was looking at backlog FPS/ADventure games

Also if I could plug in a bluetooth trackball mouse for say Rome Total War 2 or Stellaris

This thing

Has been great for playing some games with thumb issues

Sits down flat and you just use it with fingers

i was gonna buy the 8bitdo ultimate if it was available in my country sadly i had to settle for the 49€ Ps5 controller that costs 89€ here

with the matching charging station its sick

For mouse heavy games i guess the steamdeck trackpads do an amazing job, i only tried with game specific layout for factorio and oxygen not included i dont know abt full RTS games

the 8bitdo ultimate i mean

oOO

Factorio would kill some time

As would Satisfactory

Man me and my brother can lose hours in Satisfactory maximizing production

https://tenor.com/view/satisfactory-gif-23142535

This needs to be a thing

satisfactory is awesome!

v

Is it possible to change the MAC address of a switch?

You can switch the MAC of a pc, phone, tablet, etc, so I don't see why a switch would suddenly prevent it

software/firmware is different. May not support that.

Depends on the switch possibly. Just off the top of my head, probably not. I'd do some research on the specific device.

All it is, is just a bundle of code. Once you understand the code, you can do anything you want I'm sure.

In Cisco 6500/6000, 4500/4000, 3750, 3560, 3550, and 2970 series switches, you are not able to change the MAC address on a switchport. In Cisco 2940, and 2950/2955 series switches you can change the MAC address of switch ports using the command mac-address, under the interface configuration mode.

All depends on the switch and what it's running or compatible with.

Even IF a change isn't possible, a spoof would probably still plausible

https://tenor.com/view/whats-up-nerds-brandon-reed-welsh-corl-whaddup-nerds-sup-nerds-gif-17552961

Matt! 🙂

Looking at SDRs... can't find a decent repeater out where I'm at right now... 😦

boyz how can i connect to openvpn on kali ??

Hi, what topics are most frecuently like in jeopardy CTF's?

#site-support

how many times did someone attempt to drive through the truck though?

thx man

Gave +1 Rep to @near hawk (current: #73 - 82)

hi all

does someone know for what exploitdb is crashing?

Your network?

Maybe it's having server issues?

crashing how?

ok i'll check this rn

i got an issue like

error 505

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/505

ty bro

so if i understood

I get a 500 error

must just be down atm

Looks like a site issue. It'll likely be fixed soon.

i have to get an acces on exploit db with an old version

Well, with Barracuda, they're not wrong 😂

lmao

I had a barracuda drive once... once.

What about burrying my files in a wooden chest 50 feet in the ground in the middle of the woods?

I can even confirm, a NAS with a barracuda drive failed within 2 months

give it a day and some guy from 4chan would find it

Not if I cover it in deodorant

eh although can't someone track it by satellites coverage as ur moving across the woods where there's little tree cover

Don't need sattelites to track human movement through woods.... js. 😛

yea a dog could do the job

I just mean a 4chan user won't go near it even if they know it's location at that point

Like reverse magnetism

Internet joke

I forgot 4chan existed

yea

Seen too many creepy things related to it to ever go near it

Don't even need dog really.. humans are messy in the woods. Can't NOT disturb things..

I'll just let it sit in it's special corner of the internet with the FBI

https://tenor.com/view/hi-hi-there-gif-16107842475380108536

yea probably

Btw question, seen this in a lotta movies and books
Like how is saving a email to a draft folder more secure than actually emailing it and then somebody else accesses the email to view the draft

What if I pay a herd of beavers to bury it near a dam they built

Have you tried @naive violet ? He's, in my eyes, a wiz when it comes to radio antennas.

Yes I know you have a license, but James..

wood they? 🤣

Hadn't seen James here today yet.. until now. lol

👀

I has summoned James!

🙂

A nice vertical outdoors with a groundplane

I didn't want to bug James. lol

I'm scanning 2m right now.. not much out there in my area.

and 70cm..

Ez in the middle of nowhere

Now I want a bagel...

I'm actually not. I'm close to town. lol

Bagel and some iced coffee

I'm baking salmon

anybody got any ideas

You'd have to have the login for the E-mail account.

If you leave your E-mail logged in, and your computer unintended there isn't much you can do.

If you have a draft you don't want people to read.

Either delete or don't stay logged in.

perhaps a point in favour of the draft approach is that you are fully in control of maintaining integrity, as there is only one account and you control it. emailing it to someone means two accounts, one of which you don't control.

sending also means giving someone else access to the info.

Bagel!

Because there is nothing leaving the email. Nothing to intercept, trace, track, etc. While there may be login events being tracked by the SOC, it may or may not alert on logins deemed "standard"

but aren't draft's synced across devices so they do travel across the internet

although that may depend on the email provider

depends on the email software

some may store drafts locally

what filling dough

Lox spread!

Looks like cream cheese and lox

what is lox

Salmon

mmmm, tasty bagel

It is!

Not in the sense that it's being sent over SMTP traffic.

How about an Arizona green tea with ginseng and honey?

coffeeee. 😄

Celsius for me

It's one of those nights.

the jokes... so bad...

Nothing wrong with Dominos.

not the food. the food is fine.
but the jokes that tracker makes are atrocious

I heard they're written by @glass nest

suddenly it all makes sense...

Wait

WHen did Dominos get Eva as a tracker

At 70cm your coax losses get really nasty

RG58 and such are naaaassty at UHF

VHF less so but avoid long runs

Ah, physical medium ptsd time

That was meant to be a reply for @normal fable

It can't be too bad as I just have the UV-5R right now. lol

And.. I already modified it so I can receive and transmit on frequencies that I'm not supposed to be able to. 🤣

5W might not get you far but I'm doing 10mi or so

Is it the 8w?

I've got the quansheng uv k5(8)

I've got a lot of trees and such for obstructions. I'm picking up a few signals but out of the bands I can legally transmit on.

Ah you're more restricted on bands? Ouch

Yeah. Outside of my legal reach. lol

I can listen all I want.. just can't transmit without the FCC wanting to fine me.

They opened up most of them for the bottom license here

No morse code test any more

It is the 8w version, but I'm not sure it's actually 8w.

Not got a meter?

No. I need to get one.

Ah

I've got a nice 80s one

Nice. I'm sure it'll never die. 🙂

Yeah I might change the connectors but they work well now

What meter do you have?

It's a Welz SP-400 I think

There's not a lot of info out there

Looks good. I like older tech.

Simple doesn't break that easily. lol

It's fun to watch the needle bounce

As long as it's accurate.

Yeah it's pretty good, compared it to a proper specan

I may see if I can pick one up similar for cheap. Might need more than 130-500 MHz though.

for future-proofing..

it is an analog thingy

its accuracy is infinitely larger then a digital one

but harder to read in most cases

Shadow knows radios and equipment?

also make sure to not try and make the needle go in reverse

nah that info was more general from the electrical engineering course shadow took

in the part about sensors

Ah yes. I did take a class on electronics.. learned a lot.

also shadow and class mates made a multimeter/voltmeter break by connecting it in reverse making the needle break.... can't recall if it was a multimeter or volt meter

was a valuable lesson

Don't install diodes backward.. sometimes they don't like it. 🤣

The magic blue smoke will escape... lol

some types of diodes are installed backwards on purpose to be used as random number generators

https://en.wikipedia.org/wiki/Zener_diode

have fun learning here

Zener diodes are different. 🙂

yeah

shadow has a random number generator that uses zener diodes or similar working ones

got it from last job

Nice.

not really that useful of a device but it is fun to be able to spam the entropy on linux

HF ones are cheap

I'm gonna have to look at some reviews and browse some forums for info on what to get. I don't want something that's a potato out of the box or will die in six months..

Analog is best imo.

analog has a lot of charm

Yessss needle bounces with cw

What language is most worth learning for the backend part? I understand that php is still the most used and for pentesting it can be the most useful but I would like to know which one you think is the best

There is no 'best' programming language.
There is a subjectively best programming for your specific task.

There are also preferences and a few other variables that may influence a user's choice in selecting a programming language.

I like C. 😉

I like rick lang

There is a github for that.

what is the best language for creating exploits for vulnerabilities

Depends on the exploit.

The answer is "Yes". lol

Metasploit uses Ruby and Python iirc.

Mostly Ruby

is assembly used in that ?

I don't understand your question

Perl too?

Does Metaspoloit use Perl??

It was "perl-based" on first release.

Converted to Ruby in 2007.

I did not know that

Learnt

i mean im interested in how software works and reverse engineering , if u match that with cyber security u will end up in writing exploits and researching what should i learn for that

my english is kinda bad

sorry

You are asking about multiple different topics within Cybersec

Your English is fine don't worry.

Use try hacks me

i couldn"t explain well

i'm already using it

You want learn about software engineering then ?

Reverse engineering and exploit writing are two separate topics, although relatively closely related technically.
And asking how software works is a massive topic. Depends on what type of software, what about it you want to learn etc.

april 1st...

https://tenor.com/view/hmm-suspect-gif-22611582

Where i can post announcement about CTF ?

what kind of announcement?

For most exploits, any language works, as long as it supports packing binary data (for memory corruption exploits) or HTTP and JSON (for web exploits). Both Python or Ruby will work for those. There are even frameworks and libraries for exploit development, like Metasploit, Pwntools, Ronin, go-exploit, etc. If you're writing Kernel exploits, you need a compiled language which precision timing to trigger the vulnerability in the system's kernel.

My friends have organized a CTF tournament

That sounds like an answer from google or AI. 🤣

hi i want to learn cybersecurity but i have no idea where to start

Have a read over #start-here

So i should go through the tryhackme website first?

Not first, but it's a great way to learn. 🙂

There are paths. Check pinned comments too. 😉

I smell food. Must be about lunch time.

Any book recommendations?

Some good pinned posts and suggestions in #bookclub

you can find it at #bookclub

#bookclub

I feel tempted to do

#bookclub

thanks

I need to read more. I need to get new glasses first..

i like textbooks

I like physical books.

same

Maybe in the near future i need glasses too :(. My eyesight is getting worse more and more

I like the way they smell.. and feel.. and taste.. 🤣

i just like the words mainly

plus the feel actually

..and the smell

Do you eat them?

Someone once told me to ingest the words.. so I did. 🤣

Ah

But nice that they taste good

with
5% off swag what is the discount on?

The swag shop.

You can find that here.

Still no zip-up hoodies 😢

And the stickers sold out pretty fast. 😦

Still waiting for the socks

Grippy socks?

Wish they had joggers or sweatpants xD

Like the ones they gave me in hospital?

Btw how does it apply?

Automaticly?

I feel ya

No, you need to contact support. 🙂

Ah

For a discount code or smth?

Yeah. 🙂

The bottle would look better in black as well imo

But now i have a streak like 50 or something, can i still ask for a code when the streak is expired?

why do you have that name?

As long as you E-mail when you have a streak of > 45.

Because its just funny

Ah

I find it funny,

I grew up with Looney Tunes etc.

So it's good to see Acme products.

have to ı learn about on pentest or ı focuse one topic on cyber sec web,wifi or software

https://tenor.com/view/acme-daffy-duck-gif-8909993

follow the paths it covers all for begginers too

like starting from networking and just covering a lot more step by step

any tool for bruting a locked file on linux

Depends, what's the file?

txt file

thank you dude

Gave +1 Rep to @coarse moth (current: #1337 - 2)

Where did you get it?

htb module

Then you should ask in their Discord? 🙂

IIRC, some of their content is asked not to ask about spoilers, I wouldn't like to skirt their rules if it's the wish of HTB/content creator.

?

sorry my kid smashed y keyvoard

my bad

bro is trying code inyection

😂

im a different breed

@sick lance congrats on the new role

Thank you! 😄

Gave +1 Rep to @silver sky (current: #46 - 159)

Congrats

Thank you!