#general

We're many geese.

the thing is, i understand, but i mean, what is a protocol exactly? i know it's a set of rules

but How?

Gaggle of silly geese

that's what i can't understand

like softwares are codes that are excuted from top to bottom

research will tell you everything about it.

there is no easy shortcut

Wait are you asking what is the difference between them?

nope

not the difference

Oh

silly geese with big plans

what are they, really

their core

Literally made up by humans 50 odd years ago

if i wanted to create my own transport protocol

I think you're confusing software with it; its not, TCP and UDP are protocols, as in they're a model designed by ARPANET if google isnt lieing to me rn?

how would i do that

That’s where computer scientists come in

You would decide what information needs to be transferred, what your requirements for robustness, speed, etc, are, and then write a specification

Basically

The specification (which in real world terms tends to be an RFC -- request for comment) can then be implemented

Udp doesn’t care if your quality is absolutely dog

TCP: Did you get the joke?
UDP: I dont care if you got the joke, i thought it was great

A protocol is literally just an agreement of how systems should communicate

but, i don't take care of that, it's kinda seemingly automatically being taken care of

magic

Maybe this might interest you? https://www.ietf.org/rfc/rfc0793.txt

What

Whenever you feel you got the answers you wanted, feel free to DM me and I'll show you a few things

Who takes care of tcp and udp?

The computer gods 😂

well, let me explain you the mental model

hahahahaha

my mental model

I think you're overthinking it tbh 👀

Maybe just a little bit

Nah, I can see why they might be confused

i am not overthinking it, i really just imagine a pip

It's just an idea people designed years ago and has become 1 of the standards used today 😅

pipe

that the information slides through in from a computer to another

Basically is. Data flows from one device to the other

That was all sorted decades ago.
When networking started to become a thing the computer scientists sat down and decided how data would be transferred physically (a series of electrical pulses sent down a wire). Those pulses needed to be formatted in a way that both sides understood, so protocols were developed -- most notably TCP and UDP, but also ICMP and a whole variety of others.
These were coded into drivers which are installed on your computer to let it communicate with other computers.

Other protocols were then developed at higher layers in the model (e.g., SSH works over TCP, QUIC works over UDP, etc).

But there in packets and then remade

Or put to gether

That's how it started, and it still works that way 50 years later

I gotcha man. There’s the design spec (protocol, etc) then there’s the implementation which is effectively software that carries it out

that's a good explanation

That’s a good explanation

Oo

That’s a good explanation

Oh FML

hahahaha

you stole my mind

Literally facts

Muiri somehow was able to give an entire compsci history in one paragraph lol jk. Dude, that was awesome

https://tenor.com/view/he-crusing-pixelated-dance-gif-15324363

Average udp experience

That covered a lot though Muiri haha

You realise HTTP/3 uses UDP right?

so we can say that TCP and UDP maybe is the organization of pulses in a way such that both sides can translate it?

Exactly, yes!

It's not by chance that he wears the top hat 😉

okay great, that really answered my question, hahahaha

i haven't taken hardwares

so i am blind to that side

Are you familiar with the OSI model?

Anytime I have a question, I'm waiting for Muiri to be online 😂

that's actually a question if you go to the room-help

i just asked it

i wanted to understand it

https://tryhackme.com/room/introtonetworking
If not

Still had that in my clipboard lmfao

application, presentation, session, transports, network, data link, and physical

those 7 layers

I’m talking about video quality

now transport layer, i understand it kinda

Yep, exactly

what about other layers

where do i learn

more

to visualize it

exactly

I just use this- i stole it from somewhere on this discord lol

that's a good explanation

hello

😉

As traffic leaves an application it gets encapsulated down the layers (although we use the TCP/IP model in practice). Applications don't need to worry about the lower level layers because lower levels in the "stack" handle those for it.

how goes is Muiri?

stolen that too

For example, a web browser doesn't need to worry about TCP -- the TCP/IP drivers installed on your computer deal with that part. All it needs to worry about is HTTP(S) -- plus some other lesser used protocols

Eh, I really should be asleep
You?

mnemonic for OSI model All People Seem To Need Data Processing (Application, Presentation, Session Transport, Network, Data Link, Physical)

probably headed that way soon. Gonna watch an episode of Chicago PD with my wife first

Enjoy!

Thanks!

Wait. Aren't you in the states?

What kinda time do you call this!

love it!

don't make fun of how I go to sleep like an old man 😂

9:30-10pm and I'm out

but I also get up at 5am or earlier daily

I used to follow that show but it went bad a few seasons ago

I wish I could do that. I screwed up my sleep patterns years ago

I physically can't sleep in

It's currently almost 0300

damn lol

I wish I could stay up later

And I will be up in a few hours

I wish I had more hours to be more productive

put more work towards my education

I wish I had more hours so I can sleep more 😂

See, you say that, but I'm 22 and starting to feel tired. It's not good for you to run on a few hours of sleep each night. Not for years on end anyway.

oh you're younger than I thought

You work in the infosec field, right?

Mhm. Pentest + red / purple team

you have wisdom beyond your age 🙂

I wish I had more so I could learn more + work out more

ah okay. I do Red, Purple, and Blue lol, I'm in charge of Web Sec for my employer

anywho, off I go for a bit

Like, full on red / purple team ops, or covering the general spectrum of offensive and defensive security?

Little help? Playing KoTH and the king will just “lock” the king.txt file and idk what to do, what command are they running (“Permission denied. error)

love your competitiveness

Don’t think we can help with koth or ctf a

Morally or literally?

Literally

kk

Well like

Considered cheating

alright

👍

Try your best tho

Mostly just in general, with occasional full pentests on external entities

hi how i can start with ethical hacking?

most are on ones we host

#start-here

Can start here

#start-here

How dare you

thx, my friend minecraft account was stolen i just want help my friend

I love Bon Jovi

Oo

@shell nova

The discord account was hacked but he only changed a few things to make fun of his face

Report it to discord

They can help

all the knowledge is for educational purpose only, don't do anything that it will get you in trouble and you'll regret later. Always go the legal and ethical route

💯

Can you give me examples of times when ethical hackers act?

Fair.
Did wonder what the point in having a purple team session would be if you were both the red and blue team lmfao

yeah lol. It really depends on the context of the engagement

btw guys

when i was very young

Taking up bug bounty’s

i wanted to try hacking

hahahaha

We have too little business to separate them, but just enough to do them all

and i used a program to create servers

called

njrat7

Helping solve problems before bad guys can exploit it first

what happened with that?

i was a kid so i didn't really search, i was just applying what i am learning

yesterday? you don't sound too old 😂

i am 21

i am talking about 10 years ago or something

:P

wow you're really old then 😛

i am old :P

hahahahaha

Ethical hackers can also act by taking up blue team, and protecting systems or investigating intrusions etc

There’s so much ethical possibility’s

Yeah, usually a purple team is an actual sit down session between representatives of adversary emulation, SOC and/or threat hunting, etc, to execute test cases and find blind spots in the org's controls

you were younger, but still young today 🙂

=_= yes well i was planning to throw my dream to be a hacker away

https://spotify.link/VQD4U5LXyIb

but now i am learning these cyber security and stuff

all my old memories

is coming back

Just as a red team op is a colloquialism for an adversary emulation exercise where you've got white hats spending a month or two simulating the activities of a known threat actor

Neither are very useful in a small org 😆

where hahahaha i hacked someone on facebook with a njrat server with social engineering where i made him download teamviewer and i took the server from my computer and ran it on their device

:D

Uh

fun

old

days

i wasn't the bad guy btw

No comment

fun old days?? at 21?? really?? 😛

Uh oh

hahahaha why am i feeling like suspected

TwT

.

i wasn't the bad guy

as i said

they were group of hackers

using exploits

to destroy facebook accounts

i social engineered one of the dumbest of them

and took their device

and threatened him

and they stopped

stop talking 😂

WHAT

am i evil now

hahahahaha

yeah, we don't do red team engagements. When I said red team, I am meaning general offensive security as in pentests

Is purple team half red and half blues

Yep yep, makes more sense 😆

i want to get into that

Red and blue does make purple. Good job. Ya learned colors!

Wow 🤩

Honestly the whole lot of terminology is a bit dumb.
Think of a purple team exercise as being active collaboration between the defensive folks (SOC analysts, cyber threat hunting, etc -- anyone who actively defends the org), and the offensive folks -- specifically the ones who focus on emulating threats

https://tenor.com/view/you-get-a-cookie-ricky-berwick-put-cat-pet-gif-20618162

Thanks

Interesting

https://tenor.com/view/learn-how-to-read-study-jon-taffer-gif-16744379

my girlfriend's favourite color is blue and mine is red, i am the attacker and she is the defender, seems accurate

So it’s either your a red teamer or a blue teamer working with each other

Gib rep

They usually involve the blue folks identifying areas they want to test detections in, then the red folks provide activity to trigger those detections

Thanks for this

Gave +1 Rep to @boreal scarab (current: #31 - 237)

Ez rep

Interesting

https://tenor.com/view/i-bid-you-farewell-ok-goodbye-paige-sinclair-paget-brewster-bojack-horseman-gif-16578585

Or less ideally, the red folks identifying areas in which the blue folks should test detections

Wait so how did y’all choose between red team or blue team because. I feel like blue team is my thing but I also do red team rooms and I enjoy that too I just don’t know

I just like red teaming more

though i technically havent fully chosen which im 90% sure ill go with red

Just ftr, you're aware it's about 70% reporting, right?

Not the part im looking forward to :(

but yeah

Oh nah nvm

I like breaking things, and I like building things. Writing detections for things is fun -- I enjoy the neatness of it and I'm familiar with the process because it helps the red side -- but it's not what grabs my attention.

Yeah the reason I like blue team is it’s awesome defending against attacks

Genuinely, think really carefully about it then.

Just remember, everything in business is about value, and "hacking" is no different. The reason you are employed is to provide value to the client (internal or external clients, it's all the same in practice).
The client doesn't care that you executed some super cool kill chain that compromised their system -- they just care about fixing the vulnerability, and for that it's the report that matters.

Like a cyber superhero or sum 🤣

Your "product" as a pentester or a red teamer isn't actually your skills, or your experience, or the work that you do on a system. It's the report. That's the product.

Is a security analyst blue team?

The report is the product, the product is what gives you value, and value is all that matters to a business.

Ill be able to and give a good one but i just wont enjoy it for sure

Generally speaking, yes. Job titles in cyber are a mess, but security analyst tends to mean soc analyst in my experience.

Ikr they are a mess because different company’s name them differently

And it’s so confusing because there descriptions are all different

That's my point. If you don't enjoy reporting, think hard about whether you want to go that route. The report is the important bit -- it can be a pain in the backside, but if you actively dislike doing it then you're not going to enjoy your work as a whole.

I've never done that, but I believe that it's a fine line between don't sound super technical so people don't understand anything and don't sound super common either because you won't sound professional enough

hm ok

Don’t be discouraged tho

I think there are reporting websites where you can practice

Maybe do one of those and see how you like it

Oh God yeah. There's a very fine balance between including enough technical detail to replicate and remediate, and overloading the poor devs / sysadmins.

It gets even more complex when you factor in the fact that a single report needs to have multiple different levels of technical density for different audiences.

Ooo can you think of any?

You need to hand over something that's informative to the techies, but also to their project manager, senior management, and potentially up to C-suite 😆

Have you completed Wreath?

I havent

The final part of it is report writing. If you want to practice, complete the network and write the report on that. I'm afraid the prizes for best report were claimed a long time ago, but happy to review it if you want 🙂

Alright!

i've seen the same title for vulnerability assessments lol. it really is a mess

🤦‍♂️

A lot of companies have absolutely no idea what they’re talking about, i’ve seen LinkedIn offers for swift that required eight years of experience, even though at the time swift had only been out for five years

The logistics company?

i think so

Like the swift trucks

Yk

The trailers

no idont

I

Hold on

No i mean the language lol

Omg

Lmao

huh?

Oh that was a joke

Lmao means laughing my ass off

ik

Intro channel is just people saying hi lol

Yes

swift like the apple app language

yeah

Hello fellow cyber friends. 🙂

hey

I'm happy to be here. A bit of a noob but excited to learn.

Me too

I just got into networking and im working on web exploitation too

Haha awesome! I'm entering a KOTH just for fun to see if i can get anywhere.

nice!

So far ive loved koth

I'm hoping to eventually get some cert's in networking.

except when people lock the ming.txt

king*

Doesnt happen often but it does

Honestly I probably won't make it far, but good practice I suppose?

Ye

I must go now, good night to you all!!! 💤

Nighty night

Maybe start on normal machines a bit 😅

So far my favorite machine is space jam

A pretty cool concept

Perhaps you're right 🥲

I'll look at that one! Can you send a link to the room?

I dont know if you can just play it tbh

its a koth machine

ohhhh i see

If you want i could play it with you in a couple minutes here

cuz you need 2 people to start

Sure that would be fun!

there is only two of us anyways

Yeah

Hello community, I love using THM, it is so easy to learn and practice the learning paths, I used the platform extensively when I was studying for eJPT version 2

and plan in using it for my eWPT on a near future

spo spo spo-reo

(sing it in the melody of ophelia)

ello derek, how ya doin

'ello

( in bri'ish )

woah.

wait.

hydra is a mod now.

Hydra has been mod since forever

his new role is lead mentor

wasn't he a admin

^

https://tenor.com/view/dolphin-attack-wet-sassy-fuck-off-gif-6046213

he was mod a the same time

technicalities technicalities

was admin

is not admin

= change

change scary

he hasnt been CM for a while but has been mod all that time and now still with his new role :p

yeah idk wtf CM is can someone translate

oh nvm

i need a drink

CM =/= nimda

Defensive security is protecting an organisation's network and computer systems by analyzing and securing any potential digital threats .----> investigating infected computers or devices to understand how it was hacked , tracking down cyber criminals, or monitoring infrastructure for malicious activity . (Blue Team)

what does monitoring infrastructure mean here ??
what infrastructure are we talking about ??

Firewalls, Intrusion Detection systems, Intrusion prevention systems. that sort of thing.

https://www.ibm.com/topics/intrusion-detection-system#:~:text=the next step-,What is an IDS%3F,activity or security policy violations

ohhh so basically blue team monitor the computer systems infrastructure ?? to protect it from hackers , they build firewalls and intrusion detection system ?

I'm personally picky about the terms red and blue and don't quite agree.......but generically, yes

got it

you could swap generically with "less pedantically" as well probably lol

the way the job roles are bifurcated into teams is gay

it makes sense when used properly -- it's just nobody uses them properly

tweaking firewalls is defensive. but it's not blue teaming.

clicking "Critical!" in a soc is defensive. but it's not blue teaming.

what you mean ?? so as far as i know red team is breaking into stufff , blue team is making sure nobody breaks into your stuff ??

isnt defensive security = blue team ??

soc ??

The term red team (an allusion to red cell) goes back to cold war era and such. Red because the communists were red and communists were bad.
So, in war games and whatever tf else, the people emulating the bad guys would be the red cell or red team. The defensive party would then naturally be blue because that's opposite of red.
They are direct counter parts and one can't exist without the other

( 1 ) If you don't have a red team you don't have a blue team

( 2 ) You can have a red team and that doesn't mean everyone that's defensive is blue teaming

Security Operations Center

bruv can we take this to the DMs , i have lot of doubts , will you please clarify ??

Just as an example.... in a proper, technically correct, environment with a red team, the threat hunters (who are actively countering the red team) would be blue team

yeah you can dm if you want

won't be here for long but a few mins

thanks cuhh , check dms

wreath environment , specifically speaking, prod-serv is extremely slow... is that normal?

typing a command using the root shell is painfully slow... it even disconnects itself and I have to ssh again and start all over.

Is it possible to extract files from a vdi?

I think it sounds like your files are fucked

I'm gonna do it lol. I need them.

well good luck on your quest

What if I roll back my distro to the one I used with those files?

But sounds like it'd be compatibility issue when I'm positive it isn't

All the YouTube ones want me to download software and I don't trust that at all

I have a VM just for opening software i dont trust

morning

Morning

I think that today I learned that I need to try harder to learn something new every day...
Life lessons.

i need to do the same

Same

Yeah imho very important. I'm always learning and it's addictive. Even if it's just Wikipedia or reading in depth system architecture of retro consoles writeups, yep that's still giving me info

85% of my YouTube is just things I can learn something new from and informative while being entertaining, good vibes

I need to find a way for me that doesn't involve reading hundreds of pages

I can still kina sing.. kinda.. lol

Pls someone should recommend a good free course for a beginner

I need to talk to someone.. I need guidance..

#start-here
Also check punned messages.

What are you trying to do specifically? What is your end goal?

lol well if retro console tech does happen to be an interest of yours, these are relatively short reads. He also have ebook copies which equate to about 50 pages at most:

https://www.copetti.org/writings/consoles/

Aww nice I'll take a look at that

Hey, if response size in http request same. What does that mean?

Yeah, highly recommended. Despite me being all about retro gaming, the tech behind it, hacking them and more, I've learned tons from these

Great citations as well

Heya @sinful moon

haven't seen you in a while

Heya, yeah just been busy. I'm on-call this week in particular

nice

In a bit of a dilema right now

At times I'm slightly burnt out of my job and don't want to have anything to do with tech after work, but that's a me issue lol

Hmm

More small business things and how we run things, it's no worries

But do tell

What else you been doing

Gn

Goood Morning 🙂

G'night spore

Finished everything in arkham knight except riddler things and main story (90%)

Gaming and reading extensively

I really wanna finish the game on 100%

but riddler is too boring to find everything

What you been reading?

More of Ray Bradburry primarily, finally read The Martian Chronicles (amazing) by him and now I'm onto The Illustrated Man

Just great short story collections

How short are the martain chronicles

Been reading "What if?" lately

The Martian Chroniciles in particular is a neat fix-up similar to "I, Robot", where he makes a effort to link the short stories together

yeah What If is great

It's a full novel but each short story is... short

The jetpack gun was a thing that I actually was thinking about

hmm

I will say though, if you've not gotten around to any of my scifi reading recommendations, I'd probably put "I, Robot" first, but I'm a sucker for Asimov's plots, but he's nowhere near as an expressive writer as Bradburry

I haven't read it but was needing a fiction book

Been reading a "A short history of nearly everything"

Also is the movie good? (Presume its bad)

both classic scifi fix-ups for short story collecions turned into novels

Yeah it's quite bad and has little to do with the souce material

hmm

chapter long short?

sorry for the delay, internet went out

Like 5-10 pages short, these were originally published in scifi magazines

oh k

and those are pages according to my ebook reader and settings

scifi short story collections are a good time, and fix-up novels even more so tying them all together

Also reminds me to ask you, should I wait for a kobo colour or get the libra 2

Just get the Libra 2, I don't expect Kobo to come out with a color eink display for a bit. Just look at Kindle and other compeditors that aren't rando Android chinese devices

yea

Although how good does the kobo support pdfs with illustrations

like on a tiny screen

my old kindle does a terrible job and treats it as a big image (the entire page)

It's not bad on 7" but you may have to do some zooming and scrolling depending on the kind of content. Ideally you'd just get the proper epub or such of them

What If? for example is fantastically formatted in ebook formats and is not an issue

Not something you'd need a PDF for

yea but its brother is a terrible example

Thing explainer

Yes that'd I'd just read on my iPad tbh lol

I've always had a seperate device for comics and other things not quite suited for eink

oh k

btw any chill movie recommendations

like the cornetto trilogy

I think you've seen Kinves Out and Glass Onion, those would be some good recommendations for vibes

let me check our library

yea Knives out is done and glass onion also

I implore you to rewatch Glass Onion although, I don't understand how you even like it

Bad take on your part

I've seen it multiple times, it's not as good but it's nowhere near a bad movie

Eh its a 4.5/10 for me

Just butchered the original

ouch, personally disagree

not quite the same vibes but watch Big Fish (2004), it's a fun movie

Old man tells tales that are blown out of proportion... or are they?

Good movies that spans the spectrums of genres. One of the least Tim Burtonish movies Tim Burton has ever done

Watched it, although not that fun

bah

I'd say possibly too young but I enjoyed it tons when I was your age

If you want fun have you watched Bill and Ted's Excellent Adventure yet?

nop

very highly recommended, you'll have a good time

ayee, keeanu reeves

mhmm one of his very first roles

recently rewatched John Wick for the 3rd or 4th time

lol this will be in very strark contrast to that

yea probably

may watch the matrix again also

I can also recommend nearly every movie Mel Brooks has ever made, even more on the comedy side, but they're inventive and neat
Classic movies, but they're fast paced to your linking
Airplane! is my fave but he has tons

hmm

Are nmap scans considered OSint?

No they're active scans, you can use Shodan.io and dnsdumpster.com for similar results for pure passive OSINT

also worth it?

For OSINT, you don't want anything which actually ties you back to a machine you manage

I see. So no communication with the target machine what-so-ever.

Wait for a sale but I had a good time with it, but I also have massive nostaliga for the original

Thanks!

also any opinions on psychonaughts

2

Yeah, and no problem! OSINT is by definition just using info that you can find on the internet or by other passive means

Has to be info already in the wild

Supposed to be quite good, all I know. I'd probably recommend playing the first game but I don't know about how much of the story is implicated in the second

I've played the first game and it's for sure good

hmm

Making a 3 day vacation plan for eid

Thinking about things to do

Hey everyone!

Hello

Heya Scrubz, you think maldevacademy is worth it?

How you been?

Not sure, not interacted with it much.

OK, just awake you?

what things you thinking of

gaming and movies and twin peaks

Are you asking me if i just woke up?

he said hes just awake and wondering about how you are

aww sounds good what games

Alan Wake 2 (after Control AWE DLC)

R&C Rift Apart Achievement finishing

i need to finish alan wake 2

ahaha

quite a heavy game isnt it

haven't started

played 1, dlc

gonna replay dlc

then alan wake 2

Skipped through most of it at the time sadly

Ah! Now I understand. I'm learning English and practicing it here, so sometimes I might make a mistake or not understand something.

That's understandable

Aww ok. I've been playing too much apex recently ahaha

I need to finish bualders hate

Who here plays koth?

eh, couldn't get into it but fair

baldurs gate 3*

yeah

No, i did

Sup

Are there any steroids but for brain?

Yeah, they're called books.

No. That answer would be equivalent to dumbbells if it were steroids for muscles question

Go crazier

It's nighttime here, i'm going to sleep now

It's already 4:35 in the morning here

I was studying, I didn't even notice the time passing, I was supposed to go to bed early

Nighttime studying hits different

Sounds good, I'm forma 5km run. 👋

Yeah, true

That's it! It's always good to take care of yourself

Have a good run, bro

Thing is, there’s anxiety going on trying not to wake up the loved one

That's tricky, I always try to stay quiet and type calmly

The problem is when I stop studying and start walking around the house, and then my bones start cracking😅

The body is idle too much. Make sure to stretch regularly

Get a yoga mat and go at it

Feels good to stretch the whole body after sitting all day

I did stretch regularly

So good!

my request was ignored please help me☹️

My friend was a security guard and had to stand on one spot for 12 hours. At the end of every shift, his shit would crack violently, like from neck to toes cracks.

Definitely looks like a form of rot. Feed it to AI prompt maybe

There’s more variations of rot, not only 13

Damn! Didn't he exercise?

Hello

He was a fitness instructor lol. Turns out it’s not very healthy to be idle that long

I have tried everything

If you truly tried everything, there’s nothing we can do to help

Meaning there might be a blunder somewhere

Wow! I didn't know it was that bad

The words could be guessed according to the theme of the room

Well, I'm going to bed, it's very late.

Can you add me as a friend? I want to have someone to practice my English with

Sure

ok I'll look again

Where did you get it?

It was a friend who gave it to me

when you spend time adding details to a cv template for it to just ask for money ahaha

you profile pic looks like the apex legends logo

Never use those

Then I think I already told you we can't help, as we don't know where they got it from.

Could be data farm

It actually is

nice

Here https://france-cybersecurity-challenge.fr/

Theb we definitely can't help, that's an active competition.

yes I was inspired by it

@rancid swallow

Nice

I play fuse btw

No hard feelings kid. What happens in the arena, stays in the arena

I am not participating in a competition

It doesn't matter, I'm going to assume your friend is, and they're stuck, and you thought you'd ask in here for help.

Please don't.

but don't worry I'll find it on my own

That's the spirit.

That's me just sent an email to my landlord to say I'm letting my flat go in the UK so my money doesn't run out 😂

Huh

Long story

I got smelly armpits

and i can let air smell like shit

Dream team

Ee ahaha

It’s taken care of

Psychological pressure is a thing

Lol

I didn't think you were coming back, your flat empty?

i have someone who can clear it out for me

just emailed my ladlord. feel more relaxed now

will use the free time i have to keep learning so i can get in the industry somehow ahaha

aoa
Yaar Koi Multan Say Hai

whatchu wanna do?

What job wise or study wise

job

but its both I guess. Ur gonna study what you're gonna work

question out of cyber topic just curious, i dont have a monitor atm (im buying a new one soon just searching for a good one) and i wanna connect my pc to my laptop and control via obs, can i get usb-c to hdmi plug in the usb c to my laptop then the hdmi from my laptop to my pc and turn on my pc boot up obs on the laptop and control it from there?

Any aspect of cyber my goal is everntally pen testing or ai

just wondering if it works like that

use spacedesk

then you dont need a wire

it works wonders

connects straight away and acts like a second monintor

i know bout it just wanted to know if theres a way using a wire

you would need to connect it with hdmi and ethernet cable

so its on the same wired network

alrighty

Hiya, English only on this server please. 🙂

hi im 13 and my friend that's tech savvy told me to join this server what does one do here?

Didn't your tech savvy friend tell you what the server was about, whilst telling you to join?

no he's dumb

@open magnet

so if your friend told you to jump in a lake would you?

? joining this server isn't gonna hurt is it? kindly use your brain

Don't be rude other users please.

i just don't get why you would join a server randomly

idk, the question was illogical and dumb but sure, why not?

This server is an ethical hacking server, it's accoponie by the website http://www.tryhackme.com

This server is a public discoverable server...

It's not private, anyone can seach on Discord for it and join.

very good point

alright so basically cyber safety lessons

more the opposite lol

Not always, there is offensive rooms also.

Have a read over #start-here

wait what?

WAIT WHAT? WE LEARN TO HACK HERE?

Thm teaches how to hack ethically.

wait like aimbot or hack into grandma's pc to remove the other hackers kinda hacks

No, aimbot is against tos and not really hacking.

And the second point would also be illegal.

or hack into rockstar and leak gta7 kinda hacks

you must know my grandma too

More black hat.

right, right right so what do we hack?

sure

tryhackme.com

explain what that meant

all the hackers are always in my grandmas computer cause she clicks all the links

oh so this is duolingo for hackers basically

Did end up losing my files I think. I can't find them. Time to restart THM from scratch.

I hate this new Kali version so much

2024?

Yeah

I installed it, but keep going back. its really annoying me

Why is it annoying?

define and give an example of ethical hacking

i found installing a lot of things out of the gate just a PITA. google-chrome, rustscan, gobuster all gave dependency issues

i tried to compile dirty.c last night and the system kernel panicked even. was fine after, but yeah. ill wait till 2024-2 lol

my chome issue was like a Microsoft install. had to reboot my system for it to run...found that very odd

If a bank wants to stop people from breaking into the bank to steal money, they might hire someone with excellent skills at breaking into banks
That person will test the security and tell them what they need to improve

having permission to attack your target.

@sick lance you seem to know a lot of around here. I was trying to find a room, but maybe I did it in another environment and thats why I can't find it here.

Was basically a room where you attacked a minecraft server. Think it was a log4j demo

Log4shell by John Hammond?

pl

ok

ok

https://tryhackme.com/r/room/solar

?

ty

Hi the link in #cyber-and-careers is safe

?

try putting it in something like virustotal.

No clue, deleted it for now.

There's definitely at least one HTB box where you attack a Minecraft server (albeit unguided). Not sure about THM.

Yeah

Log4j

There was a really old THM one, but it wasn't exploiting the actual MC server

You need a minecraft client tho

I remember that one.

the John Hammond one was definitely the one I was looking for. I wanted to run a demo for my 14 year old, to show him. He wants to run a minecraft server, but doesn't want me to be part of it...I was like yeah...were not letting a bunch of random kids in to my network lol

CyberCrafted was the name.

Signed up for a CTF, got sent an invite to their telegraph group... 😦

im old-school internet havn't even touched it. Is telegrah any good or just pure evil lol? all i see is evil c2 crap coming out of them lol

actually I think im confusing myself with telegram

what's telegraph?

A crap newspaper.

I meant telegram.

It's the next, highly advanced, version of telegram

Damn I'm too slow lol

aha cool cool

Is there much overlap between Sysadmins and Ethical hacking? Do sysadmins typically learn and research whitehat stuff to better identify any weaknesses or potential mistakes to avoid? And do ethical hackers sometimes set up their own network just to get a better perspective how a network works?

And is it possible for a sysadmin to pentest their own network as a whitehat?

Well drive time before my flight to India

depends on the company policy and the standards they applied. According to the standards, the duties should be segregated and can't overlap much so a dedicated security team would be best

but companies that like torture employ devsec ops to do everything at once

In a class B network, if no subnetting is done and there is a single subnet with 65534 hosts, will it be easier for a hacker to perform a DoS on the network by continuously pinging the broadcast address?

DoS via "ping" is a very 90s thing

A lot of what pentesters do invloves using the tools that sysadmins use to interact with systems. Sysadmins will frequently have knowledge of security features and functions and how to implement them. Good admins will frequently have processes to test that their security systems are functional and may read up on security issues but they won't usually conduct pentests, as this requires authorisation from management and sign-off from the legal team, due to the nature of what 'whitehat stuff' is.

A pentester will frequently be encouraged to set up test systems during their learning, and when pentesting potentially fragile systems where interruption to business operations could occur. That's why using a platform like Try Hack Me, or setting up your own systems with vmware/virtualbox or physically in your own network is beneficial. You could set up a Linux or Windows system with services running that you can footprint thoroughly to see that you actually understand how they work and what potential vulnerabilies you might find

how else would one do it

(just curious)

We're not going to tell you how to perform DoS attacks here

Very much and practically exclusively unethical.

hmm ok, thanks!

@hearty pine Please respect that we don't discuss that here as it's unethical.

Can we discuss bad system designs with no targeted intentions but just to promote best practices?

You were, in that case, trying to guide them towards how to perform a DoS - not OK.

If you feel like you're trying to bend the rules, simply do not.

kinda sensitive in this case but noted!

We have to be. Discord deletes servers that allow discussion of illegal hacking.

99% of the time in a penetration test, intentional DoS is out of scope. You validate that the issue is there and then simply stop.
They don't gain value from you killing their systems.

Especially if you're testing in prod

people will go back to IRC I guess if this goes on

i literally see no harm in discussing bad system designs

it's not like somebody will learn step by step how to do stuff

but the information is public

This is the problem.

The information is public, but it doesn't mean it's welcome in this server.

How is everyone?

Pretty good, got some bits for projects to assemble

guys what u think which image is better kali linux installer or NetInstaller ??

You want a big download now, or when it's installing?

m on wifi with plenty of time so it doesnt matter if its big

All it changes is when that big download happens

so Netinstaller will download everything during installation and installer will have everything already?

Basically

You have meta-packages to increase the size if you want

@naive violet still which one will u suggest ?

or if you're going to be in a facility that has no internet, freezing a server room.

https://www.kali.org/docs/introduction/what-image-to-download/

https://www.kali.org/docs/general-use/metapackages/

i already read that still just needs a opinion

It is case by case, there is no "best"

Best is always best in a situation

Download the tools you need for the situation

kali-linux-everything: Every metapackage and tool listed here

most preferrable by u if u gonna install which one will u chooese

Okay.. I"m out lol

I simply do not care

lol xD

Toss a coin

Pick one

thanks

Gave +1 Rep to @cosmic pendant (current: #37 - 196)

I got most of the bits for my superheterodyne

Ah, my channel list is back to the right size, I don't need a magnifying glass to read them.

ah does hyper-v/secure boot(windows), core isolation(windows security defender) create issues in VMware or in kali linux booting ?

I haven't had any issues with it

It used to

and now it doesnt ?

They made a big deal about having fixed it

Nah, like Blackout, I haven't had any issues or problems.

cool

idk why all the things happens to me only

Could be a whole lot of things.

idk yesterday i just expanded storage from 20gb to 60gb and then boom when i boot it up it goes to the window where the dragon fills up in blue and then just black screen and cursor blinking 🙂

@winged crater Please don't send friend requests without getting permission first

oh ok mb

https://communities.vmware.com/t5/ESXi-Discussions/enlarged-disk-too-much-now-VM-won-t-boot/td-p/1864297

Oh, that's fun. I think it's funny that superheterodyne, makes me think there is a hetrerodyne....

Heterodyning is just mixing

whatrs the super part?

I think that's the difference between the name of the concept and the name of the design?>

what are you mixing?

Radio waves, making a reciever

Hey Doc 👋

Hello!

Local osciliator plus..... whatever that get's mixed with ahha

I like SDR :D, no Local osc

how're you doing this fine day?

Alright, how are you doing?

good too!

what've you been up to?

work, work , work, radio, work, and if i'm lucky, alittle code

Good day!

How's everyone?

Gouda morning. 👋

How are you doing good sir?

any professinal ctf player willing to help me with learning how ot solve a ctf ??

I am currently doing the easy THM paths

Once you do them

I believe that you might have the necessary skill for an easy CTF

ohh thanks

Gave +1 Rep to @oak river (current: #2050 - 1)

Which CTF?

No, sorry. we're not helping in Active CTF's.

oof pretty busy

nahhh i dont need help finding the flags since i only solve the basic ctf like swamp,tam,ritsec,dam

But you just asked

it's fine , even if you help me to solve after the ctf ends

There will be writeups posted, I'm sure.

Or Yuri will post one.

its not for acctive ones, i just want to gain the knowledge in proper roadmap

Then build your skills through learning, that's a much better way to learn how to do CTF's.

i'm aware that there are plenty of writeups but personal doubts can only be solved by a professional i guess

okayy got it

Hey, if response size in http request is same. Does that mean the request was successful or not?

isn't that what the response code is for? 200 vs 300 vs 400?

That is an interesting inference attack though..

Bruh, Huawei is asking me if I want to try an experimental "Social Credit" system

hey toaster do you know how much soc analysts use zeek?

If they are smart, all the time

We use it, but not enough

hm

In my old IR job, when we went into an unknown enviorment, we would place zeek sensors everywhere

Think about it this way.

if you don't know the enviorment, but you know your sensors..... YOu can learn alot, real quick

and by sensors do you mean scripts?

hm i dont think the zeek room covered sensors

it took only 60 years, maybe in the next 60 they will debate what's the right approach and in other 60 will do something 😂

good morning people!!

Wait, I think one more would fix it

turn one side into a train track

cut towns on the amount of lanes

downs

nah the curve is too much tho

Usually the cause of traffic jams like that are something further down the road. Potentially traffic lights or something causing drivers to slow down.

yeah

hm

is there a bypass?

Hey guys, I have Kali-Linux loaded up into Vmware player but every time I try to change the password and username I get stuck on the Kali log in screen without the login interface

Any advice?

What username are you using?

The one I’ve been trying is “Hammer”, not meant to be secure I just wanted to mess around with Kali in a low risk wat

way

Ok, try hammer

Linux uses lowercase usernames.

Maybe the issue is the password I was using had a capital in it?

Like I can log in it just doesn’t boot up to the home page of kali

It would be really silly not to allow password complexity.

It just gets stuck on the screen after you log in, the blue Kali screen after your credentials have been accepted

That doesn't seem like a login issue.

VM or host?

VM

https://forums.kali.org/showthread.php?33825-Kali-2016-2-Screen-freezes-after-login

When I use the defaults it doesn’t do this

Oh so it might be my nvidia drivers not meshing with the VM/Kali?

Nvidia has been bad for Kali for awhile, but I have 0 issues.

I’ll just stick with the defaults for now

Kali is fully functional if I don’t change the password or username, and I’m not using it for anything security related atm

yk whats kinda annoying about linux is if i want to go back to a certain directory i have to cd and redo the whole change directory

Change what? lol

so like look lets say im doing Desktop/Exercise-Files/201.zeek and i want to change to 202.zeek i have to get rid of it all by doing just cd and restarting the whole command: cd Desktop

is there another way?

is 202.zeek inside excercise files?

if so

yes

cd ..

hm

That will take you back one directory.

oo

life saver

thanks scubz

r

guys this is the fourth day i am trying to add ubuntu to my website through kasmweb as a workspace and that should be simple and i dont know where is the problem and i am stuck for 4 days can anyone help?

that's why I don't use the vm file, I just download the ISO and install the VM from the ISO gives me more control and customization

i use iso too

or am i not?

says i downloaded the iso file 🤷‍♂️

hey can someone help me with allotting processors accroding to my pc specs in VMware m a little confused

and yeah i just installed kali linux installer and extracted to a folder now i have some files but dont know which one to put in the vmware choose iso file section

@sick lance sorry for ping can u help pls

Just let vmware choose

@sick lance

whata bout the iso file ?

You're creating a VM, and you're making it so much harder for yourself.

Do you have an ISO?

👋🏻

i installed the basic instller zip from the website extracted it and u can see all the files in the above folder

hi

ah ik why

your trying to download the pre made virtual machine version im pretty sure

when you open up the kali linux files whats in there

are there 2 diferent things?

@crude stump

Use the WinRAR file.