#general

I started hyper fixing on it and completely forgot what I was doing

Yuuuup

nerd

Heard the whole speal

both ecsc and after

Yeah, I got direct updates from the Norwegian team

everything around the ctf was nicely organized (minus food during the ctf)

but the ctf itself was a disaster

Torino is a chill city, it'll be fun this year

Yeah, big time

and it's good orgs

AND Torino hosted the 2006 winter olympics!

Torino is pwnthemole area

just like Hamar hosted the 1988 winter olympics

They also host molecon in Torino

yep

Did molecon finals last year

Cause I couldn't go to ecsc

I got to bootcamp and then wasn't chosen

And now I am in senior, so I am f'ed in being able to go

too many seniors in dk?

Too many good seniors

haha wish we had that problem

Luckily lyak isn't playing

2022 we had 3 good seniors retire, then 2023 we had 3 more retired and we're left with 2 of us

• 2 juniors that played some ctfs before and 3 that didn't play much

so

team pl is

I should get a new citizenship is what you're saying

Tbh I ain't playing much CTF either

Only hitting a couple of the high rated ones with Kalmar

And of course google and Defcon

i play most of the ones jctf plays

plus some with two smaller teams im in

Szy 👀

go away emma

do your job

I am currently lighting fires

sucks we didn't qualify to google finals last year

Fire?

Yes fire

Google finals was amazing

I played it from home

It was fun sitting at 3 am right after finishing a 17 hour shift and just hack away

the ones in london were the best in-person finals i was on

Why?

Wish I can go next/this year

would've been on the team in tokyo if we qualified but didn't :(

Yeahhh, Tokyo seemed amazing

did you have many people working on the game remotely?
when we played in '22 it was basically the 4 of us that went onsite

I will not be able to go to Defcon this year, except if I get trip sponsored

It was me and 4 onsite people

And then 3 others looking in real quick, but didn't do much

we had some people join in for the final match but they were behind on all the stuff we've added during the matches days before and even semis so they couldn't help much realistically

can you pentest on your own router jabba?

We dynamically updated our GitHub when something got added

well same

But holy last year's game was interesting

but just tracking code changes vs knowing what patches/features you've done and why is different

Yeahh

i heard some stuff from WTL about it

We sadly got knocked out as first team

But the games we played was tight

they got our tooling but the engine was very different and while you could get the base ported most of the utilities couldn't be ported easily or at all

Do you mean will society let me or will my skill let me?

Yeah, we wrote it all from scratch

justCatTheFishWare best

society.

Only used like 3 weeks in total which was a reason why ours wasn't the best

we hastily implemented a watermark on the screen before the last match of day 2 for getting into semis

We had so many issues

we did ours in <2 weeks, mostly 1 person working on it until few days before flying to london

Yeahhh, exactly our situation

madman coded an entire replay system himself

ecsc mentioned

The issues of working and doing CTF

and another madman coded the pathfinding in an evening before day1 when we were in london

Tf

Wow

https://fxtwitter.com/justCatTheFish/status/1568609472968364034

this was the last game of the day that determined if we got into semis

On the main router no because I we are renting it from the ISP.
But, on my networking access points, yes because they're mine

indeed

Nice, love the watermark lol

are you team europe??

Yuup

because i got this not in service router and i was wondering if i set it up and start pentesting on it is it aloud

im in the initial group yeah

im team usa LOL

noice

hope i get onto the actual team 😄

ohhhhh

You'll need to check your contract

yall havent done final selections yet

nah

we do ours hella early

ight

thanks jabba

I was close to qualify for team USA without being a US citizen

it was top 120 that got taken on to the private round

🫑

Yeah, I couldn't talk my way out of no citizenship, so I didn't qualify

just steal one ezpz

Yeah, that's what I thought too

But nooo

are you european too?

Yup

Not on the Europe team though

Close to getting on the Danish team last year

oh wow y'all have like country teams

i mean i guess im on a country team

for ecsc yeah

but we just compete as a whole body

this is my first year

wouldn't you be playing ecsc as a guest this year too?

so idrk some of it

yeee

unless something changed you would

same for canada

We compete country vs country for ecsc and then top players at ecsc get on the European team

not necessarily top ecsc players

that's p dope

Well in the countries eyes

depends on the country

Who would be best for the team right

Yeahhh

for us its who actually wants to, which last year was one person

Reminds me of my bootcamp in Estonia last year

this year it was 3 and all three got in because 2 of the initial country picks and one from openecsc

we do pl qualifiers too late to do any of the practice rounds between country teams

we're one of the last if not the last countries to pick our team

well i say "pick" but it's just a single ctf qual round

We already have Danish qualifiers and soon have the regional finals

And then in may we have national finals

too complicated

3 rounds and a bootcamp to get chosen for the team in Denmark

jeez

We have 700+ people who qualify

we have big open ctf, then top 120 go to the combine, then top 30 get picked for the team

We have qualifications where everyone can qualify, then regionals which is top 5 in regions and top 50 in total, and then nationals which is top 10 of senior and junior, and then bootcamp where it's 5 seniors and 5 juniors picked

what are "seniors" and "juniors" in this context?

team eu is countries put out 1/2 picks (+ extra if someone got in via openecsc), there are bootcamps for the entire group then there's a qualifier round from which the team gets picked

15-20, 21-25

since ecsc is <25

Yup

huh i guess thats smart

some countries do funny qualifiers that result in the teams mostly changing every year like germany

You're only allowed 5 juniors and 5 seniors on the country team

but then you also have some that just have simple quals like us

with an asterisk if your country is small enough, you can be permitted to break the limits then on a case by case basis

yall got some tiny ass countries over there

Yeahhh

the european mind cannot comprehend the distance i drive to still be in the same state

Oh well, I am almost home from work, and gotta eat breakfast before I sleep

there's not that many that can't put out a larger team though, i think every team had 8+ people in norway?

in prague iirc slovakia had 3 people

played as an observer because of it

Yeah, there was also a team who had a junior forget his laptop at home

we had a junior that decided to not show up to day2 in vienna because of the whole hackinglab situation

Oh lol?
What happened there

tldr hackinglab had weird creepy osint challs and also stole some challs from ctfs which was noticed by people from the team they stole the challenge from

Ahhh yeah that

canada had some dicegang people and they noticed that some of the challs were just theirs with small changes that didn't change the challenge itself

best one was some crypto that was 1:1 from a diff ctf but with variable names changed

Looool

someone from team geramy ended up making a "this challenge does not exist" with randomly generated vars and that challenge source

Wasn't there also a "crack this hash" challenge at some point?

also ecsc chats are always just

dunno, maybe

Or was that openecsc

I think that was open

openecsc was super cursed last year so prob that

Yeeee, it was the flag hashed

And we had to crack it

Basically "impossible"

idk didnt play openecsc, only saw my teammate lose his mind over some of the challs while simultaneously playing plaidctf iirc

Yeeee

Canada mentioned

go away

Did you play KalmarCTF though?

yeah

Good

well, team played

Your thoughts?

i wasn't planningo n playing and only really looked at one chall

but overall it was good

funny how some people voted it low because it was too hard

Yeahhhh

def deserves higher weight

And then also all the ctftime issues because we didn't get the proper weighting factor

that got solved relatively quickly though thankfully

would've taken longer if vos wasn't on discord

the slack is basically dead

Yup

did they update the attackbox or somthing

i swear its different

meeps moops times for shadows timey whimey sleepy sloopy sleepity sloopity sleep sloop to the amazing beepity beep boopity boops

they do do that every now and again... most of the time the changes are barely noticeable

the way ISN is explained in the "Packets&Frames" is so confusing 😅 - i think i got it now with a friend explaining it and looking at it in Wireshark, researching is fun

I just found out I have a gold wedding the same day as regional finals, so I have 6.5 hours to qualify

(the competition is 10 hours long)

past two years our qualifiers were running the same time as a bsides i attend in the uk, so i've qualified the two last years drunk and hung over

Lol

I have half the competition to qualify, maybe a couple of minutes in-between foods

just whip out the laptop mid ceremony

i'd do that

free travel

can't argue with that

Yeahhh, it's my grandparents gold wedding

hey Szy!

Scheduled my Network+ exam

Still nervous though

Hello

frack...

Ralex!

HAHAHAHA

Hey can you remove the forkbomb from your bio, please?

why?

Rule 4

Ohhh ok ok

Thank you 🙌

no problem 😁

Is learning path in tryhackme is free or paid ?

Depends

Some free some not

What all can I learn in free path ?

It is marked for each path on the website

Okay thanks @dire crane

Gave +1 Rep to @dire crane (current: #1350 - 2)

Though I answered your question 😢

Thanks @crude stump

No problem, and if you can afford it, I can recommend the subscription to learn. It's a good investment in yourself.

Could you please explain to me how a Setuid file works? @primal schooner

I saw there is a room for vim but I use nvim I know nvim is like a version with more things of vim so those this means all the things I can do in vim I do it in nvim

yeah its a fork of vim i think

fork ?

when a project is forked, it typically means that a group of developers has taken the source code of an existing project and started their own development efforts

for example more features or something like this

alright but maybe they did delete or change some stuff from the original code

and there is features from vim no more available on nvim

also possible

alright

thanks

no problem

I wonder what exploits were in the mailing systems before email

good old mail thefts

Interception of mail was either more or less difficult

Is still common practice in social engineering

but i'm not sure if the topic violates rule 4

What is that equivalent to today

I meant like real life compared to digital

Think it's called onpath now?

The cpts course is very fun

Stealing mail.

Yeah the term in Comptia and everywhere else is on path attack

No cap

Here I come hecking ur smtp

Can't tell if they change it for inclusivity or just because it didn't fit the interception methods anymore.

Maybe they were “on path” to a mitm and said screw it this is the new name im tired of the old world

if some1 can help me in #room-help

morning

👋

What time is it for you burd?

https://tenor.com/view/top-top-of-the-mornin-to-ya-cats-gif-9436667

08:57

gosh

ahahaha yeah

what time is it for you

ahahaha

does tryhackme count hours if youre on a different tab/window?

here it's 11:01 AM

5am

have you seen the leaked Facebook mitm "approach" papers?

where they were moving their victims traffic through their servers and decyphering it

Nice

Damn thays warlt

Early

yeah, but I think they might be using their ads platform the same way

Allah 🙏

Pretty funny, im watching a video on it right now: https://www.youtube.com/watch?v=WkLvpxImRGw&t=432

It’s just really really late…

But honestly if you use a vpn from facebook its your own fault

You’ve been up all night?

Potentially

facebook made a vpn?

Years ago. They bought one

Onavo

Just wanted to say to everyone who helped yestarday thanks 🙂
you helped me dodge a huge bullet by not trying somthing on my own

I'm currently having to sign some stuff in order to do what I've asked you yestarday how to do

Nvim has better plugin support so even if theres something no longer in nvim which was in vim, which i havent noticed yet, theres probably a plugin for it

does anyone have an idea about the Cybersecurity job market in Canada here?

on my way to the office
Gets team message
"I am not at xx today, the meeting is online"
Turns around to go back home

lucky you.

Eh, it's a public holiday today, so I'll still be working on a holiday, but at least I can do it from home

hi

It's one of those everything is shut down holidays too😭

Yeah we got easter this weekend, 4 day weekend but everything is on sunday hours or closed

damn you, sunday trading laws

The way my Uni days falls I'm not back until next Friday 😎

They're antiquated

Same here, Thursday till Monday

Gotta work today, tomorrow and Saturday anyway

But that holiday pay

@molten sky ure learning german?

i just realised ure in my server

I just saw that video

No surprise there

Big corporation using child companies to illegally use your data, then get a slap on the wrist for it

During CTF while taking notes of cmd and output should I copy and paste or I need to take ss

depends on how you like to take notes

But what is the preferred way

The way that suits for you.

Everybody is different

Morning

morning

That comes post painting for me 😅

Coffee...

nah, tea 😋

DIY evil.

https://tenor.com/view/sleepy-cat-gif-12971458

morning

Morning

hi guys, any idea of what does 4 days of access left mean?

is it going to be closed or what?

#general

No, after the 4 days are up you're removed to save resources, you can add yourself back in after

ty @sick lance

Gave +1 Rep to @sick lance (current: #2 - 2104)

Is the ISC2 "free" cert actually free?

Like, it says free but, reading medium article it says it's not entiely free
(And I can't read more becuase paywallks ☠️)

Meaning

You can get the cert, but it expires after a year if you don't pay the sub IIRC.

It's free but it costs money to maintain

Oh that's fine then, I honestly just wanna see if I'm capable of getting it

ISC2 CC?

its $50 for the annual fee

but iirc, thats the annual fee for all their certs

https://tenor.com/view/cat-kitty-eepy-cat-eepy-kitten-eepy-gif-8186911474993351997

Waky waky is time for school

is the lack of SMTP AUTH considered a vulnerability when interacting with an SMTP server ?

nah bro alread time for bed

No is time for school wake up

You gone be late

ye

it can give way to email spoofing

yea, but is it normal that many companies don't implement it? like for example google

I'm pentesting a company where i managed to send an email from their smtp server but they have another security layer (fortimail) that blocks it

Guys registry explorer isn't loading hive in windows forensics 1. Anyone knows what could be the problem?

#room-help please.

nope, most reputable email service providers implememt smtp authentication

someone needs to update this 👀

iirc OSCP doesn't have bufferoverflow anymore

whats with the new ui

didnt notice

#feedback-and-ideas or #room-bugs

removed the best part

Welcome back!

hello

How are things?

im alive still

so good

continuing the usual: work/travel/ctfs/cherry coke

Sounds good!

ayy greetings

👋

does the SMTP AUTH prevent you just from using MAIL FROM commands or all of the commands, such as (STARTTLS, DSN, DELIVERYBY, etc.)

that i do not know, sorry

🎉 We did it, all buffer overflows are patched. 🎉

These are the sort of things you can ask in your company, not our sourcing work on a public Discord server.

And even though I know the answer to your question, I'm still not going to help you.

@sick lance ❤️

Hello to you too.

i dont get it

what a dayyyy.

What's not to get?

how is asking a general question "outsourcing"?

It's not a general question.

They're currently doing a pentest on a company and they're having an issue.

I'm more than 99% positive they're is a confidentiality clause in their contract.

yikes

do you really think i didn't do that before comming here?

I'm not sure what you done to be honest.

But my point doesn't change.

We don't help with work or education.

it's alright, boomers like you exist everywhere anyway

Ahahahahahaha

damn

Now you're being rude.

helo bella! how have you been

how's the podcast renovation going?

weren't you when you were quick to judge ?

I wasn't judging you, I was telling you what you can't do in this server as per our rules.

It's finished

I might be talking to a kid for all i know

Now I will go to sleep

bye

See you 👋

Just finished an hour and a half of meetings

And now it's sleep time

Cause I had to wake up at 7 am this morning and I got home at 2 am due to work

there's someone... off... about asking volunteers on a learning platform to help you solve a problem that you're getting paid for.

And then taking a huff when you don't get the answer.

But it's dealt with.

👍

almost there

so far CRTO has been good, cobalt strike is rly nice to use

cobalt strike is a absoloutely lovely piece of software

I'm sorry mister I know everything about Cybersecurity

ur like scrubz

As I said, it's dealt with, however if you're going to be rude to users, you'll lose your right to speak temporarily.

let me help you by leaving the server

If that's your wish.

its a pita to use

They're not wrong though..

both your pfps are all transparent

how so? 😮

plus, follow up question: whats ur preferred C2 right now

clunky, can't navigate through it quickly

at work it has to be CS but for labs i'd use sliver or no c2

also sleep is a cursed scripting lang

is this for making a malleable c2? i have not touched that yet. only thing i know is sleep 0 turns it interactive

malleable c2 is a profile config, different stuff
sleep is the language aggressor scripts are written in and it's... awful

just a random example: https://github.com/harleyQu1nn/AggressorScripts/blob/master/CertUtilWebDelivery.cna

why does my body hurt.

this looks so freaking weird

also szymex being a new user is so confusing.

why did they choose this language...

they didn't choose it, rsmudge made the language for scripting of another project of his and just integrated it into armitage/cs for the same purpose

isn't armitage just a GUI for metasploit?

yes

And God awful

yeah, its rough..

whoever thought about putting the lighting around boxes..

needs to be demoted.

I use it only for the network diagram

http://sleep.dashnine.org/manual/ 😟

keep it up! you're doing good

thank you poki 😄

Gave +1 Rep to @grizzled crystal (current: #117 - 53)

how's it going so far?

how so

this sleep language looks god awful just reading the sample docs or i might just be a python elitist that hates on anything not remotely resembling python's easy syntax

szymex is a beginner! look at the little leaf next to their name /s

wish there was an easy way of integrating anything else instead of sleep/aggressor but it's a pain

no it's quite terrible to use lol

well, you're not new. I remember you from years ago.

nah nah, im new here

its kind of... weird i'd say. its unlike the PEN-200 course where they have mini labs that helps you do it.

pls don't gaslight me ;D

its like youre walking through the whole forest while learning the attacks

discord doesn't lie!

for CRTO

oh yes, you can't really do that here. my approach is notes first, then do the whole lab going through the course material

i haven't been able to do any notes..

because its just word spaghetti.

it'll help with persistence since you'll need to do the lab over multiple days minimum

notes my beloved

you just gotta pick a system that works for u

right now, im still at WKSTN-2 with a pivot to WEB but so far have not pushed forward as im following the course

cool cool

did you also create your own network diagram?

thats the hardest hardest part for me, because I just can't find anything that works for how my brain seems to work.

i don't remember the lab very well but it covers everything

im thinking if I should do that also and add it to my notes

nope, cobalt kind of does it for you?

what do you mean by network diagram?

i guess a network diagram of the lab i guess

once you do all the machines in the lab you should already have a clear diagram in CS

what do you struggle with exactly?

not as a pwn as you go but something to keep your mind about i guess. i just realized yesterday that WEB doesnt have outside access

but i will keep that in mind

by the end of the course, i am assuming you will successfully compromise the lab, yea?

I dunno honestly, structure?

oh maybe, it could help if you want to visualise the network

yep

nice, something i can look forward to then

I have it set up in a "website" format. With links to other pages

this works for me

it's a bit messy but i know where things are

i can never layout mine well enough.

You don't need to worry about layout too much imo. Once you start writing notes a structure will sort of naturally form

looks great imo

i also can never force myself to write notes..

icons are so nice

i really like the icons imo.

thanks! i would be dead w/o my notes

Notes. Are. King.

speaking of death i should back mine up

it's been a minute

what app is that? im currently using trilium. its pretty nice

it's trillium

huh. wow

I was using.. uhhh.. obsidian

i use an obsidian theme

ahh

https://github.com/greengeek/trilium-obsidian-theme

i like the purple haha

oh man. thank you

I need to transfer all my notes on to one big platform, I have notes here there and everywhere.

i swear there will come a point where it will be easier to write them than not

you just need to get over that hump

so worth the work

maybe its because I have to write notes all day for work.

although i know people in infosec who barely write notes! and they do fine

it's not mandatory

I just have a terrible memory so it helps me

well, the comptia certs were a breeze, and i didn't have notes for those (Except for the network one)

yeah no that makes sense

cool! maybe you're just not a notes person

it is likely.. I just.. remember?

crazy

i don't know why i do but i do.

superpower type shit

its likely why work makes me go do installs and stuff for hw roll outs.

Aquilo, have you watched strange new worlds?

i have not yet, i want to though

i love the musical episodes (ive seen bits of that one)

I wonder if there are any good note-taking templates for physical notes

Cornell template

something that could be printed out to make notes more efficient, like categorization or something

hmmm, let me look into it

didn't know that was possible

Hmm, that looks interesting

I usually write my notes in YAML style

rastamouse, the creator of CRTO, doesn't take notes apparently

Rasta is a different breed though.

Even if he is unhelpful.

eh i dunno

he's only human

he's unhelpful?

Got it all set up. Looks great. Thanks man

no worries!

I bought one of his courses with my student email, my college closed the account and I asked if I could have it changed to my main account.

He told me no, because I can't prove the E-mail is mine.

Despite I had the receipt, the card and my name matched the emails.

gonna be messing with icons for the next few days i guess haha

Satan🙏

Rennet 🙏

Let's not.

ah, that's unfortunate. I kind of get why though, i suppose you could fake pretty much all of that

Still sucks you lost your account. Which course did you have?

his bug bounty one.

rasta does not have a bug bounty course iirc

He does. 🙂

what's it called?

I'm looking for it

there's another guy with a similar name who has a bunch of bug bounty courses

i think you're thinking of him

why is burnout so common with everything.

maybe i'm just having some depression.

the xss rat?

Yeah

yes ty

Gave +1 Rep to @simple valve (current: #22 - 360)

different guy

Hm, my mistake then

Ok

xss rat is unhelpful. 😄

probably being blind here but - how can I retrieve my achievement link for a previously completed room ?

hi guys, can i get a comptia certification being 16 years old?

yes.

:0

but your parents have to be a guardian for you

oh right

thanks!!

its okay.

thats a lot of certs dude

still doing the CEH one atm.

good luck!!!!

but eh, that's not that many.

I intend to get more.

i think after i get CEH, I'll go for CFA as well.

what ab network+

pretty well known

I've got it.

oh alr

Is there a cert for the CDSA? 👀

that's what Net+ is

oh ye didnt notice

are there only mcqs btw?

technically only on HTB

No, there are some PBQ as well.

Yeah, i was asking about tagging me with pretty one here..

Ask one of the mods, maybe?

Certs are fun

I enjoy the stress of the exams tbh.

For sure, let me reach one

I don't, I do enjoy the process of learning though

@mossy river Can i Dm you?

Go for it

the stress of the exams were more fun for me than the learning ;D

Not very excited for my next cert exam, whenever I choose that to be

Likely summer

which cert?

my goal

GCFA

That's a solid goal.

EXP-301 looks like a pita tho

true

the price..

holy moly.

i dont like exploit development 😄

oh yea, the price would be 1650 x 3 i think

I loveeeeeee BOF stuff tbh

I want to get into exploit development next

My company doesn't want me to do any sort of secure code reviews for their software.. which is quite frankly frightening because I've seen BOFs in minidumps..

i might buy a lifetime sub to maldev academy if i finally get the money

you know, overprepare as always

aww that sucks :/

but also, it might be additional burden on you if you do manual code reviews

like i would do it manually..

i'm not the dev team, I'm support so it ain't my problem.

is the platform good?

i'm gonna vanish for a bit..

hello

ive heard great stuff aboiut it

how do we start for a mac

been a long two or three days, and i feel like i've not slept in weeks.

heard mixed reviews but mainly just its over priced

do you think its overpriced?

hven't used it personally

Do you know if they offer any trials or something similar? Couldn't find any free options on their website

should I pay for the other part of "Network Fundamentals"

in the pre-security path

I got two Maldev courses

Most of it goes over TCP/IP and OSI model, if you’re familiar with those then you’re good

AFAIK no 😦

the pricing structure is pretty weird too, i'd say the $499 is the best bet

alr what abt the other sections

are they paid too?

That depends on you, do you want to complete that module and path? To clarify, a premium subscription gives you access to all paid rooms, not just the ones in that module/path

Don’t know what’s not paid, I’m premium

Yeah, but that is a big investment without even knowing if you like their teaching style. Will have a look at their refund policy

well i pay to learn something new so why not

any active coupons?

Only student discount currently

bruh

Honestly the $14 or $15 a month that you pay is a insanely good deal for the amount of information you get

which ones?

ur right

Not even sure, I grabbed them off LinkedIn ages ago then forgot about em till now.

I try to spend about 2 hours on tryhackme a night with YouTube on in the background, definitely beats Netflix in terms of cost to return lol

So just weigh what you’re willing to spend, like is this something you’re just interested or something you’re passionate about? If the answer is the latter maybe it’s time to buy the subscription, if you’re just interested maybe do some more research before

do yk any maldev alternatives?

Sounds like piracy?

Do you own this app

@sick lance probably can help you out a lot

@sick lance

Oop

Wrong person

lol it’s good

My bad goth

Mmmmm are you sure about that?

What’s the app

That doesn’t make it not piracy

I smell vengeance

:hammer: hessi3700#0 has been banned.

This reeks of cyber-vigilantism

Please don’t interact with rule breakers 🙂

Have y'all added the minimoddimg rule back yet?

Nope. Wonderful

Didn’t mean to in a way that encourages him, was just trying to get him to spill the beans on what he was actually trying to do so someone could see and ban him. I’ll remember for the future

nerd

Cutie

Please leave that up to the moderators, they are trained specifically to do this :)

I appreciate your help otherwise

Wait

There's training now?

hydra said there is even a test

Apparently

It’s a 100 hour intense course wherein we sit in VC and I just vent about things that have occurred in the last week

Yeah, we've been making that joke for years 😄

Copy that, my apologies

Valid

I KNEW It

Thought y’all were serious

Would’ve been cool tho

Kinda contradicted myself there

You’re all being secretly assessed, that’s the test

Oo

Muiri has to say that, can't let the secret out

It’s all propaganda

https://tenor.com/view/always-has-been-among-us-astronaut-space-betrayal-gif-23836476

hey

Allah 🙏

https://www.amazon.com/dp/B0B8D8XD3R/ref=sspa_mw_detail_0?ie=UTF8&psc=1&sp_csd=d2lkZ2V0TmFtZT1zcF9waG9uZV9kZXRhaWwp13NParams

Wonder how useful this would be

no

might be better to get a wall poster of it.
kinda pointless as a mouse pad if you need to move keyboard/mouse off anytime you need to lookup something

Oh yeah

That’s kinda stupid

hello, i need help with to understand pwn writeup. which channel do i use?

Tryhackme?

#room-help

Morning!

https://youtu.be/SpMFnKTdUXg

Running Hashcat in WSL2... at that point, just use your host

Morning!!

Afternoon

Please don't.

Sorry 🙏

(they've been not to also, I'm not just picking you out)

Why are the channels so small!?

Maybe because the font is small 🙂

Did you put yours in the dryer? 😛 Have you zoomed?

It's not, it's the only text that is small

Your discord is really weird

Ikr!

It happened after I changed my PFP.

Try kill the process and then reload potentially?

change the font scaling and space between message groups to 12 or 16 px

That makes my chat text really big, lol.

Does increase the channel size, but it's still not proportioned correctly.

Guys, I'm a little new to Metasploit, also I'm not good at English, what is this error?

Bad-config

That's really weird. Are you in an app or browser? Tried logging out/in or clearing cookies?

App, that does nothing 😄

I think everything I put is correct!

I'd look into what this says

if you could write the previous sentence, certainly can understand bad config 😂

I'm in browser so settings are slightly different

I didn't understand what it was

See if its the same in the web version, if its not - remove the discord %appdata% folder to force a re-install

https://tenor.com/view/it-problem-phone-call-have-you-tried-turning-it-off-and-on-again-gif-17823069

😂

yeah ur app is borked lol

Frankly, I am speaking in translation now, but I understood what Bad Config means, but I am sure that everything is put in the correct way, but the words after this sentence I did not understand even with translation.

Is this a TryHackMe room?

hi

whats up

Stranger.

I really like these new UI changes

I like the estimated room time completion too

Hey I had a question about vpns and using tor on a mac

is the snort room only applicable to a specific version of snort?

Shoot?

"applicable" ?

im just curious how VPN's work and if vpns from the appstore with the same as downloadable vpns

and in regards to tor on mac whether anyone knows for sure if it works?

To disable the DefangedMode option in Metasploit, you can follow these steps:

Load the desired module in Metasploit. For example, if you’re using the smb_doublepulsar_rce module, you would enter:
use exploit/windows/smb/smb_doublepulsar_rce

Set the DefangedMode option to false:
set DefangedMode false

Run the module:
run

Please note that you should only disable DefangedMode if you’re sure you want to proceed, as it enables module functionality. Always ensure you have the proper authorization before proceeding with any actions in Metasploit.

https://youtu.be/b6ZWC-wQjL0?si=RSIt39YLAM-CnRED

And I guess my biggest question in general is how to protect yourself to the highest degree from a laptop

What do you mean by this?

Protect is interchangable with Untracable lol

I have no idea what you mean by this, but ok 🙂

the commands from the room don't appear to work with the version I install in kali through apt

tl;dr a VPN works by shifting the point of trust to the VPN provider instead of your ISP. all of your traffic going through the VPN gets encrypted and sent to the VPN servers which then decrypts it, makes the request, and then sends the response back to you also encrypted

however, w/ modern standards today using HTTPs/SSL, practically all your traffic is encrypted to sites and back

I'm here to listen and learn from others so usually, I don't comment during chat

as it enables module functionality123
could you please explain what is functionality123

Ah, maybe the version updated they've changed the syntax.

Thank you, I fix it Since few, I forgot advanced settings, I get another error, I will try to disable the firewall

Gave +1 Rep to @fallen beacon (current: #2040 - 1)

@rapid merlin The exploit failed, firstly, is the target actully vulernable? And what are you running this against?

Spare me please, I'm not a Pentester

maybe you should check what you post first before directly copying and pasting from GPT

I didnt check if it is vulernable, i go to the exploit before doing that,

but i check this before doing update to the pc,

I told you yesterday, you need to check if the things you're running against is vulnerable or not.

It will save you alot of time and effort.

there is no sense getting an exploit, and then checking if it's vulnerable, only to find out it's not.

Because of reason x,y and z

You're also avoiding the question of what it is you are trying to attack?

yeah, right, you are right
i will do

I suspect their own router

They were asking about it yesterday.

no sorry, i forget to reply, this target is my own computer

Even if you interchange the words it makes no sense

No device is truly untraceable

yeah

Just depends on who you're up against

If you updated your PC in the last couple of years, it's protected from that old attack vector.

I don't know what functionality123 is. Can you teach me, please?

And also goes to the NSA

Through Cloudflare

:3

yeah it is on the last update, without wasting time then uh

https://tenor.com/view/thumbs-up-conspiracy-tin-foil-hat-gif-20017163

lol ok

wtf

I try MS08–067 vuln yesterday, The exploit succeeded, But in an old computer that is not up to date, I think the last update for this windows xp was twenty years ago

Can we make sure we are posting data from verified resources, please?

My bad, link: https://www.businessinsider.com/snowden-leaks-timeline-2016-9?op=1

indeed it, microsoft withdrew support on April 2014, I don't remember the exact that, my memory is not that great, so yes probably a few days shot of 20 years, in computer time it's like millons of years 😂

I thought this was already known for years now

@sick lance yeah, it is not vulnerable, But before the update it was vulnerable, but when exploited, the connection fails

That update would have fixed the vuln.

for encryped channels, the VPN doesn't have full visibility into the actual traffic, just the destination.

Please refer to https://docs.metasploit.com/docs/pentesting/metasploit-guide-smb.html Also, can you share your screenshot of the target PC you're trying to exploit?

also, please use #room-help or #room-hints for questions and help about THM rooms

A film? I remember a documentary and a book I guess not everybody moved on. Last time I heard Snowden still in Rusia and Assange is in Ecuador, right?

@rapid merlin isn't doing THM, this is on their host.

Yeah, Windows 8.1

ah, ok

assange is in the uk iirc. he was in the Ecuadorian embassy, but got arrested somehow

you are being safe and running the victim windows in a vm right?

you aren't trying to exploit the host from the guest?

I guess it didn't work out for him escaping to Ecuador 😂

No, the target isnt a vm, but what this not safe!

yup been here for 5 years, currently fighting extradition to the US

I could have sent you the vulnerable Windows 10 image for the VMware player/ VBox which has Ubuntu-enabled CLI for practising exploits. However, I'm not allowed to redistribute as it is licenced by the author.

Hello,
Just commenting here to let the dev know that
The new UI is sick

Loved the interface

Documentary and book is enough imo😂 I just find it surprising that people are unaware about what actually got leaked

https://youtube.com/shorts/2ebb65zXavY?si=RrvSt3zlhdiPpY4M

Yah bad actor social engineering is going to go fucking BRRRRRR

How can you say you care about information security but you haven't read the book or at least browsed some of the crazy shit snowden leaked smh

why is that your basis

I have previously tried exploiting this vulnerability from THM room and it worked

some people may not be a fan of how he leaked it, regardless of what he leaked

Because the THM room was set up so it would work.

Thus going back to my comment of "Checking the version is vulnerable"

Otherwise you're just wasting time.

Because some people call you a tin foil when you mention things from the leaks and I find it funny

@simple valve

It's not the information, it was the source.

How do we know the image you posted was from a reliable source.

how can you say you care about hacking if you haven't watched Mr. Robot

Very true

I know that the THM room was made specifically for exploit this vuln, I did not mean to ask about how the vulnerability was successfully exploited in THM room and how it failed for me

So true

Because it's a fictional drama.

I agree

Enterprises are determined to act/mitigate actual credible threats to their security posture, and not focus on perceived threats they have deemed not applicable or prioritized in their threat mitigation strategy. 🙂

(it was a joke)

I'm using a Home lab. You can always ask the THM technical team. They are super helpful if you're ever stuck in any of the rooms. My knowledge is limited. Good Luck friend. 😇

with his position, he didn't think about the damage that could cause, and who may get hurt in the cross fire, getting all vigilante is never the answer it, no matter how good your intentions are. Not in vain people say that the road to hell is paved with good intentions

Again so true mr tim, isn't it boring to only care about your enterprise environment though? The snowden situation was absolutely huge, I'd even say it was historical.

I never ever watched Mr robot