who is best in python here

?

LMAO

@sick lance is pretty good

and java ??

That is a general question, nothing wrong with it.

And I'm not the best at python. lol

who knows css

who cares?

haha

Are you going somewhere with the questions @kindred apex

never played css. tf2 was my jam

nope

@sick lance would you consider yourself more of a scripter than a programmer?

FUCK YAH!

Neither.

Dragonborn Helmet with Dead President's effect, favorite hat and unusual effect

gas anyone used esp8266 microcontroller

has

?

lots of people have

I feel like we're playing 20 questions here with no clear answer in sight...

So do you not put together small scripts ever in your job / hobbies?

who is a programmer here ??

Not as often as I'd like.

who is a programmer anywhere ??

@sick lance can I DM you, I've gotten suspicious dm

There is a discord called something like the Programmers Paradise, that will be the place you need

If you have an issue with another user in the server, you don't need to ask 🙂

(also yes, you can DM)

Is life just one huge coded simulation?

oh k bro

hey man

Hello

Can you please ask people before you DM them, it's in the rules of the server, that you've accepted.

He dm'd me too

H1

Thanks.

Gave +1 Rep to @stoic fjord (current: #1343 - 2)

Thanks

Please what is the meaning of this?

Is it like a rank?

its just a way for the discord mods to see who is being helpful

What are you learning about today rswallen?

learned some snort earlier

0x3 , wizard , infosec dev , god all are just 50 shade of green

nothing wrong with a little green

Don't forget mods

and contributor and bug hunter

orange gang💪

Tbh green for a mod with a blue shield makes no sense

I didn't make the colours 😦

what if

I like my name colour.

the one who did had colorblindness

but, 0day is orange, hydra is green, jared is blue and scrubz is cyan

much confusing

Jabba is staff.

More of a sky blue than cyan

Staff overrides mode

very very limited choices of color here

I like scrubs color

0day is old man mod 😉

All the other colors are bleh

jayy color is best

Yk what would be sick. Dark red with a red and black shield

missing a desaturated yellow

0x9

thats more orange-y

still better than overrated green

room tester?

Would be terrible in dark mode

Jayy's colour is lead bot dev

Eh light red then

Something that strikes fear into users

May cause issues with colour blindedness

🥴

forever changing rainbow zalgo

oh it is yellow lol, my monitor has more orange yellows

it is. Im colorblind. Please dont change

A white name with a black shield

Wait no

white will be chad

https://tenor.com/view/yeahmrwhite-breakingbad-gif-9579350

Black shield wouldn’t show up

White shield with a white name

white/grey is the unroled colour

😨

Just us saying hi does that more often than now 😉

Not for me yet.

Or the dreaded '... Is typing'

Morning Hydra. 🙂

You're still new at this 😉

Afternoon

0x3 enjoy god status

amongus

nah, 0xD is god

I’m curious how do you guys even choose mods. There’s so many qualified people in here I feel like it would be tough

among us

Mods are chosen from the Community Mentors.

Ooh

That makes sense

Community Mentors are voted in by the current CM's.

far better than strange women lying in ponds handing out swords, to be sure

https://tenor.com/view/emerging-from-water-katherine-langford-cursed-holding-sword-lake-gif-17690182

hi

HEllo.

https://tenor.com/view/dante-adios-jump-dmc-gif-20630491

https://tenor.com/view/hello-how-are-you-gif-9994233183292931248

I'm fine, how are you?

fine

Truth

That sword looks heavy

. /verify

Hell yeah

makes more sense with a \/

/verify

I feel like that would confuse someone more

../../../../../verify

. /verify

That’s better

i am surprized how i didn't get ban yet

Why is that?

I'm still going through that command challenge that shadow posted a few days ago. 🤣

it's pretty fun but challenging

Scrolling through YouTube Shorts and I end up getting @hasty sand in my feed. Mfer's hacking my YouTube too

HACK THE PLANET

DRINK ALL THE BOOZE!

wait wrong song

🤣

Can't type today?!

me neither

been awake since 3 am

😄

Get some sleep

I don't know what time it is there, but it's almost noon here.

Or I'd be taking a nap too

almost 5 pm

just got home after work, stopped working at 2:30pm as I started at 6 am

I don't know how you do it Bella. I work from home and I'm dead asleep by 9 or 10pm.

it's the thoughts

the numbers make me awake

0day is alive.

It's the voices for me

I think Relax was going to send out a search party

oof

but i guess hess afk now since im late lol

You missed by minutes.

ill pay Sopranos guys to bring 0day to discord 🙂

dinosaurus extingt but no trace of 0day hehe

"What kind of commitment are you will to make, in order to make that reality"

Server ramps up speed and I lose internet connection.... fun

bsod is next

now we expect something smart to tell...

I was playing a game, then it said no internet... I check the router, that's fine. Check my phone, down, laptop up.... like tf

but we will be wrong

might you have flat tire

Sometimes when it’s very cloudy the internet acts up

How long have y’all been hacking

got this mail here

so close but so far... my life have no meaning...

It's about 12 here, so about 2 hrs

Hm

12 years

?

12pm

Mines fiber, not satellite. But the fact my server ramped up fan speed like it restarted was weird. No power outage

Oh I went like In all

Ment

That is weird

Check the uptime of your router. It sounds like it restarted, since other devices were randomly offline too i.e. phone.

working in cybersecurity for 7yrs, was into hacking as a kid.

Uptime is many many many days, that didn't go down. Server shows power unit powered down then back up 5 seconds later

Nothing but PSU alerts....

maybe it's time for an upgrade.

Of WHAT?

u

what to do when ur bored

Better user

Damn

That router was changed recently, been good to me..... minus the VLAN headache it's causing me right now

https://tenor.com/view/ese-comeatme-gif-10451582

🐱

Browsing round Shodan....

Do you think they have enough open ports?

more than 7

But wait, there's more!

Every one of those ports? NGinx

What's your favorite

They're all Synology disk stations

Security through obscurity 🧠

https://tenor.com/view/modern-problems-chapelle-modern-solutions-gif-15497728

That's not even the best one. Browse another category, they got CVE's going back to 2006......

82 CVE's on this one machine... JFC

One exploit doesn't work? Try 81 more!

I'm honestly losing braincells browsing Shodan.... I have lost faith in some people

What you doing

@crude stump

Browsing some categories in Shodan, (and for the mods, ONLY BROWSING) the amount of shit I've seen open that shouldn't be is astonishing

IT 🤝 not having an accurate inventory of assets

https://tenor.com/view/star-wars-admiral-ackbar-its-a-trap-meme-gif-8125029

I really wanted to do capture the ether, any place where I can practice it

cause ig the rinksby network is down

Have you found devices that are currently ransomwared?

Not yet, have you found any?

Hi all. I just subbed to tryhackme.com and I'm at the Linux fundamentals part 1 module. I've been trying to get openVPN to work but it will not connect to the configurations given to me by tryhackme. I cannot answer the provided questions and complete the rooms without opening the machine on the vpn. There is a different machine on tryhackme called the attackbox but it can't be used for these specific questions. Is anybody able to help me figure this out? I'm just starting my venture in the cybersecurity area.

Yeah, 3 or 4

Remember how many CVE's were listed?

You can't ssh in to Linux fundemental 1, that's a standalone machine.

You need to level up for the advanced chats, lol

but there are only two option for machines. It says use a vpn or use the attackbox. But the attackbox doesn't have the right answers for that room

So..... got MalwareBytes browser guard, browing some ports on Shodan.... get an alert:

"Website blocked due to insecure login"

You're using the wrong machine, if you look at the bottom tab of the attackbox, you should see `linux fundpar..``

I think I laughed the loudest I have ever laughed at that message

oh man. I feel stupid. Thank you so much

Gave +1 Rep to @sick lance (current: #2 - 2080)

Not stupid, you're not the first that has been caught out, you won't be the last.

hi

I really appreciate your help

Hello 🙂

It's fine, although next time can you use #site-support for support please 🙂

I shoul dhave asked you to go there first.

oh. i'm sorry. will do

Is there a way to configure local dns on ubuntu using commands/shell scripting?

I have found people doing it using the GUI only but surely you can do it through the terminal?

Holy Fucking Mother of God

I just spent two hours troubleshooting a script because i missed a single hyphen

Apologies for the profanity

hyphens, spaces and capitalisation... the true terrors

Indeed

Like when you miss a semicolon...

More than likely, what are you looking for specifically?

Trying to configure local DNS to use quad9's service (9.9.9.9) as the default DNS server using shell scripting

Edit the interface .yaml file located in /etc/netplan

(if I remember correctly)

and then netplan apply

is it not through resolv.conf?

I thought resolv.conf was deprecated in the latest version?

honestly, I may be completely wrong - haven't used ubuntu in a long time so

no idea but I just opened the netplan dir and it only has one file (.yaml)
and it has like 3 lines none of which are useful or related to dns

https://www.baeldung.com/linux/permanent-etc-resolv-conf
does this help?

I'd try the /etc/resolv.conf

what is the discord token for in the account details part of tryhackme?

To verify your account here

if you click someone with a coloured name it will show you their level

I now have 15 E-mails with my beta invite to Arc...

they really want you to use it lol

I get a new E-mail every second day...

I got some on my other email accounts (around 4 unique in total)

is it anygood, this arc thing?

its alright

very morden design, but extenions don't really work well

WEEWOOWEEWOOWEEWOO

 cat /etc/resolv.conf 
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search localdomain

what should i do first comeplete begginer or web fundamentals

Am I supposed to change loopback add 127.0.0.53 to 9.9.9.9 to make it my default dns?

or add a line under it
"nameserver 127.0.0.53"
"nameserver 9.9.9.9"

how would i go about verifying my account

@river drift

Like this

Thanks. Is there a way to confirm it's working though?

Try

dig \@\$DNSIP

recommended order -> #general message

You see it says "do not edit"?

Look into systemd-resolved

Mine doesn't say all that, 😅

I'm back 😄

You were gone?

yea

about 3-4 month ago

on ubuntu?

Nah, kali.

I didn't want to do anything, but I'm fine now

there be the reason then 😛

Kali is better? I agree.

Kali is better

it is, but wolverine is using ubuntu

Look

I'm amazed at people's willingness to look past "Do not edit."

Like that's clear...

needs more xfce

It;s gnome

heresy

you should have realised when you saw the panel below

I did. hence why it needs more xfce 😄

cool background tho

needs more cowbell

it's default

moo

❯ cat /etc/resolv.conf
# resolv.conf autogenerated by '/usr/bin/ivpn-service'

nameserver 127.0.0.1
❯ cat /etc/resolvconf.conf
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
#name_servers=127.0.0.1

TADA

Magic!

Ah I see

vpn works flawlessly so far

Guys how to not become a script kiddie

xfce FTW 🙂

learn how things work instead of just using the soft, even using automatic tools learn what happens on the background try manual configurations, etc

could even write your own versions of tools to gain a good understanding of whats going on under the hood

https://www.obscurifymusic.com/home
Interesting stats

That seems reasonable, the past 4 days i have been doing the networking room and actually learned and understood a lot but now that i got into nmap, i feel like its too much to remeber. Like i cant remember every flag and what packets it sends

that's next level, first you need to hammer the basics down

tfw you see GB and thing storage not country code 😅

must take notes on everything you learn from the basics to tools.

I thought this too lmao

You mean to write them into txt files

use a notetaking tool like

obsidian

eeew relying on spotify

or cherrytree

👍

Gonna check them out

Thanks guys

TRILIUM NOTES

spotify is pretty much useless unless you have the premium

for that store in database instead of .md files meaning no angry windows defender

ive been taking notes but they're getting kinds messy now, do you have any extra tips

how do you structure yours

structure??? you structure your notes???

you can structure them by tools, rooms, general info.

and here we see apple getting sued in anti trust cases in the usa

iv just decided I should probably keep electronic notes and not paper ones, gonna start copying stuff into obsidian this weekend. looks decent from what iv seen of it so far

yeah??

ok thanks

Gave +1 Rep to @wild rose (current: #380 - 12)

Yup thats what im going to do, im gonna rewatch my completed rooms and take notes

@boreal scarab

where is the ceramic 3d printer???

soon™️

you can 3d print ceramics?

probably

not sure ceramic as 100% ceramics. but you have filaments that are infused with things. like carbon, wood and so

there is ceramic hotend and even nozzle that have ruby mineral top head

anybody here got final fantasy knowledge

I'm pretty sure its a game series.
but that is about the extent of my knowledge of it

"final fantasy knowledge"?

ask chatGPT 🙂

its a movie series according to that

yes. and quite big serries

thinkin about starting playing the series but need agood order

sequencial?

it appearsto have a zelda like timeline

...

yooo i got a prblm plz

while trying to send files using nc

FF series should be played in the order they're released in.

this on ma machine
└─$ nc -l -p 1330 < linpeas.sh

this on the remote : basterd@Vulnerable:/tmp$ nc ip 1330 > linpeas.sh

Honk mimimi

With the exception of FF X and FFX-2, FFXII and FF VII with the spins off, they're not really related.

You'll get the odd easter egg here and there.

What is this supposed to mean

hey guys

not really, there's no real connection between them besides mortifies

Hello

is this for a specific THM room?

yh yh

Is this for THM?

https://amp.knowyourmeme.com/memes/honk-shoo-honk-mimimi

ive been having a problem with my VPN connecton

look

#site-support

Step over to #site-support

#site-support

yup

Said it first

Ha

Refresh your client homie

Not on mine you didn't.

Bruh

I call edited

It's not, refresh the client.

I’m joking but I am refreshing but it’s still saying I’m first

Nvm

probably best to try in #room-help
this channel tends to move fast

Or, use the channel that is intended for room help, lol

have you played the new ff7 rebirth?

out of context.

Not yet.

honk

shoo

It's better than remake

Hiya

Heap!

Mac!

Sup

Not much, currently digesting wonderfully tasting food and thinking about taking a nap (I mustn't, I got stuff to do that's got a deadline that's tomorrow morning). You?

Can’t wait to cook, so hungry

A little nap wouldn't hurt :p I'm currently trying to solve a RE challenge

eating things raw is not good for you 😂

https://tenor.com/view/capybara-let-him-cook-gif-11999534059191155013

This is so funny ahahah

Twisted my whole perception

there are ceramic 3d printers used in dentistry, to print crowns and the like

carrots taste best raw.
I dare you to fight me on this.

I'm here all way 😉 😂 😛

How do you print ceramic?

ah jea that. didn't cross my mind. was thinking "home user" printer

honey sauteed carrots

https://tenor.com/view/stonecold-fakelaugh-sarcastic-stone-cold-gif-5233420

you dont print it as you might think.

Hm I’m guessing it’s sort of like a resin printer but with ceramic?

you can steam them, or slow cook under low temp too, other than in a salad there aren't many places for raw carrots

like two component glue. something like that yea

Carotenoid absorption will be better when cooked rather than raw though.™️

full size 3d print. =/

human adult size?

y

there is 20kg of filament for sure to make it

What’s the budget to make that

Gotta be over 100

In filament

1kg of filament is around 30e cca

are people with a cybersecurity profession more likely to get cyber attacked?

yes, because they are more likely to be on a targeted network

I mean if your a admin for a company a threat actor might focus on you then someone else

Basically got the keys to the city

same reason tornado chasers are more likely to get caught in a tornado than the general population

One one hand, they are useful targets. On the other hand, they know more how to secure themselves

But at the same time a cybersecurity specialist knows more about internet safety so going after someone with none might be there main priority

Not entirely, if you take the basic steps to protect yourself like not reusing passwords, enabling 2FA, and keeping up on your cyber hygiene you shouldn't be a high target compared to someone in HR, C-suite, or a domain controller admin.

I wonder what's the most targeted cybersecurity position

intern

This

depends on your followers on twitter/X lol

the more followers the bigger the game.

Like watchdogs

Ooo

Never thought of that

Crazy

yeah don't do that one. lol or don't be on social media at all.

social media is the antithesis of social

whoops, didn't mean to reply to that

Uploading the whole daily schedule online

as a not super social person it's been eye opening reading the mitnick book, just how much he did with lists of employees/roles and such

Which book?

ghost in the wires

Thanks

np it's a good read/listen

https://tenor.com/view/boing-gif-6037249

https://tenor.com/view/real-estate-freedom-llama-bouncing-gif-16430000

boing boing boing boing boing boing boing boing

https://tenor.com/view/llamacorn-cool-llama-no-drama-llama-jsm91-gif-6096571044993378682

SEC573: Automating Information Security with Python

Anyone know how to get a free course of this

la llama que llama 😂

sec573: automating information security with python free GIAC

Anyone know how to get a free course of this

Work for a company/instutution that pays for you to take it.

If it costs money, someone has to pay for it

It's a very expensive course

It will not be free

Yeah by paying for it

who tf payn for tht

People

why is it so much lol

Organizations will and do.

have u guys taken it?

I got about 15 grand worth of training at one point that way.

i mean if u count degrees

Usually company’s buy it for there workers to train

ahh that makes sense

Yeah, generally 100% a business need or contract obligation

if they can get a package deal

Yep

Money talks

anyone know of any internships to apply for?

i getting at over 200 applications this week

Search indeed

got every indeed post

LinkedIn/Indeed will help you far more with that as it will need to be local.

Use LinkedIn

linkedin covered too

Hmm

lockheed and raythion covered

Could be your CV isn't making it through bots or you are just lost in the volume

Wdym covered

i mean i only applied to these within the past week

Oh

applied for

Bruh, some of those takes a very long time to hear back on lol

It will prolly take awhile

Even months

yeaaa

yall think the netowrk + cert is worth anything?

Over what time period have you sent almost 200 apps?

or is there a better/cheapeer alternative

8 days

Damn lmao

Wow..thats nuts, do you just spray and pray?

lmao

What are you gonna do when they answer you

for the most part

10 have cover letters

get my interview game on

Your wild

Over 200 applications in 8 days

spray and pray is best way to get interview if you don't know what you are doing

then what entails knowing what you are doing?

Somones with connections

i have multiple resumes to cater to position

Get a job fast

yeaaa i need to go out and network

cant seem to find any tech related events tho

in NYC too

only one i found was some bootcamp thing

Really? I'd suspect tailoring the application to each opportunity is much better, especially when considering how many apps they must get

scouting the employees of the company, befriending them in a social setting, talking about your competence 🥷

How I do it

Key words

Then you already are knowing what you are doing, no?

I guess

thought about that but felt like it was a bit weird

Personally Bryce. Ask the ceo out for a drink

Works 100%

lmao

why not a coffee

or a spa day

Yes

on me

ill cover the bill

Hand him a Hundred and tell him to buy himself something good tonight

naw, you need to get along with the person who would be involved in the hiring process, go out with a "potential future boss", have few drinks and some man to man conversations

Tell him you live in a mansion

I slept my way to the top

Anybody here going to get the brain chip

at my desk

Hell nah

will it get me an internship?

Why not, it worked

Maybe if I’m paralyzed

or a monkey

Wyd if someone starts controlling your thoughts

😂

I personally don't feel comfortable with something like that in my most vital organ

feels weird to be promoted when everyone around you is actually doing the things and are more competent

https://tenor.com/view/richter-cotr-bf2-robot-gif-24218712

Exactly that. You hear a faint whisper in your ear “take over the world my personal robot”

But as Warren Buffet said - if you don't make money while you sleep, you will never become rich
So I started sleeping at work

eh although the chip isn't capable of transmitting thoughts to your brain

that's why I get paid overtime when I'm oncall

its only able to read your thoughts and upload them atm

like if you want to play Pong

dont want my thoughts being uploaded to the cloud kthx

don't want to download someone else's thoughts

they'll probably serve you ads 24/7.

My thoughts: ||Never gonna give you up||

Then you'll need an additional chip to block ads.

💀

you read my thoughts

I almost got rickrolled atm

then you need to pay for subscription to not have ads

but the service will change and you will only pay for less ads

Wait how does the chip work. Does it not have a battery?

Like how does it charade

Wireless charging

Charge

its got a battery

and it charges like phones

so you have to plug yourself in using USB-C

Yk those movies where they gotta plug themselves in with a charger to sleep

Lmao dex is one step ahead of me

hi all i have question how i can do architecture of honeypot for protect system if you have advice

https://tenor.com/view/introvert-introverted-recharge-recharging-emotional-gif-14475114

I’m not understanding

i want do like simple architectur for see threat in system by using honeypots

Ok, so do it?

You can build a fake SSH server

There asking how

For instance.

It's off the shelf foss software

Well documented

i know i see low interaction honeypot like cowrie for ssh

https://tryhackme.com/r/room/introductiontohoneypots

i read this room

Ok so, what exactly are you asking for?

its just introduction for understand

this the probleme

for me

Spin some up in a lab and see what they do

i want like using dionaea on docker for see in the first how its works

Try it

@astral fiber Do not send unsolicited direct messages, it is against the rules

@astral fiber Please do not send DMs without getting permission first. It is against the rules.

okay i understand

Is there a book I can read? Most certification courses have books. I don't see on amazon

Yes, it's part of the course material that you purchase

You realise that SANS courses are notoriously expensive right?

Who got 9 bands laying around

There's Blackhat Python instead if you just want a book

I see you can join the school for free till you get a job

Too simple

SANS course are designed for employers to purchase to train employees

If that's too simple, you evidently know enough to do self learning

Yah most of it is showing you how to connect sockets and make tools. Plus command and control centers with python. I rather have a project based book to do some little sample works

Find some projects then and do

😦 I want that course though

Very structured

You want the course without paying?

More modules than black hat hook

No I want a book that reflects it's course

So you need to buy the course for that.

SANS/GIAC are like other cert providers.

Pentesting CompTIA reflected intro to ethical auditing

And everyone like sybex makes a book

Why not GIAC

hey can someone help me with an encrypted string? i think it's base64 but can't decrypt it

Industry doesn't work like that

where's it from

Google decrypt base64

Hello

SANS provide good training material. That's their market offering. No one tries to write material for their courses and exams

I asked where it's from, not to post it 🙂

ok, it's from reverse shell trojan malware, that connects to C2

@thorn basalt

wtf comptia pentest is 400$

That's cheap for a certification.

so the connection allows to execute commands and it sends them encrypted

should i get it

It's pretty decent, I took it and passed

or is getting the normal comptia what i should aim for

It's like everything from the PenTest PBQ and then some

Wat?

Comptia are a company

like would it be weird to have only comptia pnetest

and nothing else

No

No you should aim for stackable certification from CompTIA and ethical hacking certification from e council

🤢

Everyone posts materials for books online and learning

and i can go into this test bare knuckle?

fuck it ima do pentesting comp tia

No they want you to pass by their definitions

And it's just PBQ to become junior PenTest

Also pentesting by their definitions is just auditing not like a criminal bug bounty hacker

https://academic-store.comptia.org/comptia-acad-pentest-pt0-002-voucher/p/ACAD-PEN-002-TSTV-21-C

is there any entry level jobs and or internships tht make sense for a pentest comptia cerrt?

You ok?

No penetration jobs are usually for people with higher experience and higher degree

Lawd

PenTest gives you that your knowledge in pentesting not being a super skilled in hacking and finding every flaw

mmhmmmm

ok hb this cert? https://security.ine.com/certifications/ejpt-certification/

Which company wants

Companies want people with experience in pentesting, you got to start from sysadmin or something

You very much don't have to

Look at job description 3-5 years experience in diagnosis and blah blah blah certifications

Lmao, that's not a requirement.

Yah you can have labs to prove you did in GitHub

That's true

They're always "our ideal candidate" not requirements

And lawd not github

This ain't dev

ok ok

which is the best recognizable pen testing cert

OSCP has the best mindshare IMO

It's auditing, you show you did dam vulnerable and many other things

Lmao

OSCP is recognized globally. Not all certs are iirc.

OSCP doesn't tick compliance boxes for pentest roles

I disagree with not having programming knowledge to show like CompTIA PenTest shows

I push sensitive outputs from pentesting engagements to public github repos. My customers enjoy being able to access the findings quickly.

so what does

Depends on the country etc

nyc

USA

Sec+ is good for gov work in the US..

Why would you show actual work vs labs from vulnerable virtual machines

US Pentest+ ticks the box but I think DOD 8570 or whatever is getting overhauled

Moose was being sarcastic

8140

ok so DOD 8570 is the best?

That's mandatory I think

Ah it's out? Excellent

Listen to moose. 🙂

8570 only matters if you're trying to do DOD work

ok lets be straight forward here

8140 is the replacement but it's not fully implemented yet

which is the best to get if u have none

that ticks boxes

awhhh man

There's no "best"

Security+ is the baseline for security

Best to work in the field and I need help finding that impossible content

That exam is the bare minimum amount of knowledge that you need

this will chear you up
https://github.com/coreutils/coreutils/blob/48cd67663daceba437c327c18a963634e3430c9c/src/stdbuf.c#L328

There is exam questions and no study guide yet

haha brilliant 😂

yup

Strongly recommend you don't get a cert just to get a cert, or because you think it will open doors. It won't, by itself. Look at job reqs in your area, and target your learning for the things those are asking for.

What do you mean?

It's always best to just work in the field and gather certification like juun days

which one? SYO-601 or 701

No that isn't a clarification on the statement I replied to

Yah I mean the book for the class, all I see is exam questionnaires

For what class?

The sans one?

Yup

I swear to whatever deity, stop trying to pirate that damn sans course or I will ban you

Government jobs are a different kind of thing entirely than private sector. Comparing hiring requirements between them is like comparing arsenic based life to carbon-based.

I haven't kept up with the exam cycle. Take whichever, just know that one will be retired and you'll need to take the exam before the retirement date

601 will be retired*

Okay

Look up the retirement date and if you think you can study and take the exam before it sunsetting, go for it.

can anyone help me with decrypting a string? I'm stuck

this one

I have already directed you to the advanced channels 🙂

To clarify, we don't discuss malware analysis outside of the advanced channels

but i need to be level 13 or OSCP, lol

It's a potentially dangerous area of study

ahh okay

Scary stuff right there

one day!

two days!

3 days

its gonna take me a while to get top rank, but I look forward to knowing more by then

Yes that's what happens when you expose stuff to the internet

You're on public infrastructure, it'll happen

There watching

They run a cloud

wait for the 40 thieves 😂

Good

Dropshipping is the worst thing to exist

They wanna know what your cooking

They knew you were making to much. Suppressed you

I need to order more chocomel

Flavoured creatine was probably not my best purchase

Yea, never go for flavoured

I 'dry scoop' so I thought it would be better to go flavoured

it doesn't sound good

non flavored creatine is hell =/

the flavour is not that good.. strawberry and lime

I think I'm conditioned to the chemical taste of unflavoured, it doesn't phase me

I don't get point in flavoured creatine when theres shakes for that

I thought it would be nicer for dry scooping but it's so strong

you can take with no flavor for sure. kreatine don't have bad taste, compared to BCAA natural taste

It tastes like chemicals lmao

it tastes terrible

Creatine? I don't think you're supposed to.

You can there's nothing wrong with it

yep. tbh one of most terrible taste i know from chems

It's not dry scooping per say, I just fill my mouth with water and scoop into my mouth

Flavoured creatine is ultra processed that's why I stopped taking it

You aren't meant to dry scoop anything

I usually take creatine tablets

flavor is added. you can also use some dextroze if you wish to add some "taste" to almost anything

You should only take dextrose if you need it

i was more in to add small amount for taste

or to "mask" some bad taste

Mhm but not to confuse your statement with "dextrose makes everything taste better" because you will give yourself diabetes

true...

Whats the string malware analysis tool called Yet another ****

Always forget

Found it nvm

Was bouta say. How do you not choke on powder

Like eating a popeyes biscuit with no bev

is there a way to use the static analyse room for malware analyse on a file i found? cant use my own pc as iam not at home 😦

or do i break the rules or smt when i transfer it via the keyboard ?

I believe putting malware onto the machines is against the site's terms of service.

They are not intended for personal use regardless.

ahhh damn 😦 ty for the answer

Try malwarebytes

@crude stump y or falcon sandbox, the problem is, i cant deobfuscate it and just get the sourcecode there

Jared I’m saying if he thinks he has a file that’s infected scan it with malwarebytes

Jabba I ment

its infected. i already know it

Oh

100%. i also know which techniques it uses. but i need to get a vm where i can decompile & deobfuscate it, so i hoped i could quickly take the room vm as there are already the tools i need and the possibility to transfer it

but if its not allowed i dont do it. thank you anyway guys

We limit malware discussion to the advanced channels 🙂

@mossy river guess i have to link my discord to the thm account soon. anyway 😛 ty for answer

Gave +1 Rep to @mossy river (current: #6 - 1199)

@crude stump ty

Maybe you should pin this so people know

Or I mean

Pin it so all you gotta say is check pins

It's confusing and still relies on me saying "check pins"

Someone might check the pins looking for resources etc.

Ah true

Had AI make a cool claymation image of a 1980s "hacker" in an office setting and honestly, it's neat. usually very hit and miss

Bros hacking a city

is that the empire state building???

Yes lol

Mr hack the world

im surprised it made a decently good looking chinese characters

Yeah it usually fumbles on that

unable to download wreath vpn :(

What subnet are you on?

none

need to download the config file

Open the wreath room and screenshot the network diagram please

alright

Aw yeah, AI has come so far what with this machine learning derived song

https://app.suno.ai/song/7fd34463-d28d-4f2f-a6c3-a132a0c0466b/

@sinful moon Hi!!! No time no see 🙂

Heya! (also the above is halarious)

I've been around but busy with work as always, but did get to see a show last night which was nice

I thought it was me because I change time zones, I'm in Argentina visiting my family 🙂

Nah only one or two timezones away from me, I'm in EST. But nice!

I've met a lot of retro gaming friends from Argentina on Discord

Israel is 5 hours and 6 in summer hours ahead of Argentina the first 3 days jet lag was the B.... 😂

Oh damn, I forgot you were based out of Isreal but yeah, must have been rough

Thankfully I've not had to experience jet lag. I've just been up and down the US East coast for the most part

BRazil and Argentina

Half my retro systems friends be from abouts there

Oh yeah there's plenty in South America, especially with the massive Sega dominance

Heya Ellie

long time no see

hmm, it still seems like AI or too much autotune

lol that's the point, indeed

It's spitting out a basically "I can't fufill that request" prompt, but this is a song generator so it'll still make a song out of it

I sadly watched madame web since I got a free ticket

and I have to say its a ~~great ~~movie

Hmm, didn't realize that, gotta pay attention to lyrics

anyone wanna have some fun troubleshooting with shadow???

send it over

somehow shadow about once every 3 months corrupt their sudo cache making it impossible to run sudo commands until they relog

any idea what could cause it or how to fix???

I've not run into that in 16 years of Linux use. Real weird issue

possible crontab modifying that 3 months of a unrelated process

Are you using any PAM stuff?

it fails on the password prompt taking all passwords as invalid

well kinda

That's about my only thought, other systems that hook into this sorta thing

not a huge problem as reloging fixes it

just it feels weird

What is that PAM solution you're plugging in if you don't mind me asking?

pam is only plugged into lightdm and not sudo

and in there shadow also added the option to use a yubi key for login

Fair enough, yeah normal use case

Hmm, maybe something weird there but I doubt it

I just know my work MFA can hook into PAM and many other security solutions can so I was curious

You are asked to test an application but are not given access to its source code - what testing process is this?