#general

They did what???

Changed it ages ago.

Less sugar 😦

It’s basically steps

With answers of course

https://www.reddit.com/r/Scotland/comments/wt5rhy/new_irnbru_still_enrages_me/

whats the benefit? isnt the whole point of doing this to learn?

When downloading software, you can check if the hash of the file matches the hash that the software developer gave you right?

It is

Yoy can still learn from writeups...

NOOOO WAAAAAY

Correct

Nooo!!!

So what if for example someone took a screenshot of a JPG? Would that screenshot have a different hash than the original?

But if it’s the wrong hash what’s even the point of checking. Still downloaded bad software. Investigation Maybe?

Yes

Yeah?

It's a completely different file.

who plays chess here .

??

Hackers can change the hash on the website so it matches the one they uploaded which is malic

It's very important not just from security standpoint. Like if it's installation media for OS, you can brick your setup if it's corrupted

I know how to play, but I haven't played in ages

Malicious

Or a new firmware for a device

Ah

That’s scary

Okay nice so a matching hash is a sure way to tell the file wasn’t manipulated with?

Oo

that just kinda defeats the point tho no? tjhe questions at the end get your brain to pay better attention to the content so you know the answers

Good !!

come back again

When your teacher gives you filled in notes to study do you learn?

That’s the same idea

If you just copy pasting answers it's useless, yes. If you learn from what you missed from someone who didn't, it's invaluable

Hi! Guys I don't know if this server is for this but i have a problem with offline ai ollama on my cmd, does someone knows anything about ollama?

Good writeups don't just provide answers. They narrate the methodology and way of thinking

Why the author did this then that

Personally the only time I glance at a write up is if I’m struggling on a answer for hours and am not give anywheres with it

And even then I try to get the answer myself after

I read writeups all the time!

the good ones do 🙂

See the software people used. Tools. What they did different

ohhh okay i just misunderstood the point lol i thought there was people just copy pasting asnwers to get through the lessons faster lmao

Etc

where u can check the hash of the software ?

Some people do and some don’t

Some developers have it on their website

that would be answer dumps

some software, comes with the hash file or you can download it from the developer/company website

i see now

any articles abt this topic ?

Hm I think scrubs will tell you that’s a advanced topic only

I’m curious how does an Antivirus detect malware or an AI detects illegal multimedia, is it the hash of the file? Is it the file not being somehow verified?

just wanna read hahah

https://superuser.com/questions/849845/what-is-the-value-of-md5-checksums-if-the-md5-hash-itself-could-potentially-also

There are various means. From basic file hash, to heuristic analysis of calls made by any software

For media, it's also matching it like shazam does

Looking for close enough match in sample dbs

Also the antivirus prolly has a data base of known malicious hashes too. Sort of like virus total

That’s so clever

I wish I could create my own software like that

Like a noob version

Fluff, I will be walking like you tomorrow, bent over with a bad back

Nooo

You can. Might take a lil bit but it’s possible

https://tenor.com/view/tranform-switch-convert-shift-walking-gif-13432576

The og Shazam

Get it, cause you're old

I am tired

Ban ban ban

For me it's because I am working out😎

Same

I mean it’s not your own antivirus but you could create scripts for snort to use and block traffic

taking over the security work left me with a lot to catch up on

rudeeeeeeeeeeeeeee 😉 😂

Ikr

https://tenor.com/view/car-wtf-weird-cyriak-gif-13984840

Why...

however, I am in charge of our web security, and doing a lot of our general security as well

Thanks !

Gave +1 Rep to @sick lance (current: #1 - 2185)

just sayin hi

That's not hi

That's my new nightmare

that's....somethings not right in that...I just can't put my finger on it

Are you enjoying it Darek

I don't want to be inside that car for sure 😂

🐉 ❔ 🤨

Guys I don't know if this server is for this but i have a problem with offline ai ollama on my cmd, does someone knows anything about ollama

yeah

Anything about that google position?

Why not

too bumpy for my taste 😂

I am allowed

Confirmed. Bella is allowed. Deal. 😛

This server is for the TryHackMe learning website. You're probably better off asking in a more LLM based server.

okay thanks

Gave +1 Rep to @clear jackal (current: #20 - 390)

yo whats up i got question

what book should i buy right now at the star

start

ngl the only time i use books for this stuff is when i'm reviewing for a cert or something

otherwise all labs

oh haha but i like learning from book

things just move way to quickly 🤷‍♂️ any book would either be outdated or highly theoretical i feel like

someone may have a suggestion still i just can't picture it lol

It's hard to give recommendations if we don't know what you're trying to start. We do have a #bookclub and we also have #start-here.

yeah i kinda just assumed sast/dast bc of thm, but could be anything really

What do you guys think about this build?

sucks

too much nvidia

there's literally 1 nividia component...

well here's an intel one

which one's better

that's too much

I am not going for an AMD GPU

is try hack me even working?

bad experience

yup

weird seeing that the 13700 has 16 cores but 24 threads

e cores

i forget they're doing that weird only-perf-cores-hyperthreaded thing now

yeah

the intel one significantly more expensive though

is it? it seemed close at first glance, like 50 bucks

not quite?

What's your intended use Vain?

well, mostly an AD lab and medium gaming

I'm getting the 4070 cause I'm getting ready for GTA 6 lol

if it were me, i'd pick the 13700 over the 7700 simply due to thread count, but that's more valuable for my workload nowadays

I have the Tomahawk motherboard, it's decent

aye, it falls in my budget so I chose that

it has 3 nvme slots, so I have a lot of upgrade space in the future

You're missing slow storage

aye

i would swap the 1tb nvme for a 2tb tbh, if within budget

1TB seems like a lot, but it really isn't now

relatively cheap nowadays and games are big af

I have a 2 TB hard drive in my laptop, I'll just chuck it into it

You sure it's SATA?

yup

aye, I'll look into it

i'm also biased towards samsung nvme drives but i'm sure WD is fine

I'm already overbudget by like 120$, but a few more bucks couldn't hurt

aye, but Matt suggested this one cause he uses it and it's really really fast

https://www.amazon.com/Samsung-Internal-Computer-MZ-V9E2T0B-AM/dp/B0CRC7H66Z/ literally like 50 bucks more and twice the capacity

CL30 is a higher latency RAM, but I'm not sure how much that actually changes things now

well, it is DDR5, I have to look into what's the lowest latency DDR5 can get and get the lowest one that falls in my budget

i feel like that's not as impactful for most ppl tbh,,, like you'll see it in benchmarks but that minor difference can't be too tangible in games and such i feel like

wow

could be wrong ofc

Also, I'm not sure 750 watts is actually enough for a 4070

i think 1000 is optimal

i agree

according to the wattage calculator in pc partpicker it should be enough, but I am going for the 850W PSU, it's just not on the pc partpicker website, but available where I'm getting my PC

I'm not sure how PCPartPicker calculates it's power requirements

it does

although i still say amd > nvidia

I don't remember if it takes load in to account

the gigabyte 850W fully modular one is just isn't on pcpartpicker

https://youtu.be/OF_5EKNX0Eg

what happened to @sand trench ?

If you go with the AMD CPU, I would probably go with an AMD GPU for their RAM sharing and fabric stuff. I forget what they're actually calling it.

its kind time i don't see him/her/she/them

ah, then I gotta research what AMD GPU matches the 4070

ooo i forgot this was a thing too

7800XT I think?

It should be. My Ryzen9 4080 super specs out to 625w

still running an intel cpu cause it's an older build of mine, so i can't use those fancy features

that's not much of a buffer tho.. it'll work, just not the ideal

if I go with the RX 7800XT, it's actually cheaper than the RTX 4070

huhhhhhh

Oh OK, interesting. I thought I had seen something on JayzTwoCents

it does, but unless you are running mix-and-match workloads (ie, openCL kernel or equivalent) work divisions don't really happen

how do u guys fix the browser jumping around all over the place on the attackbox? thank u

Yeah. I went with an 850w PSU just in case, but a 750w should work assuming it's not actually bad

750 is perfect for the 4070 dont worry

any idea what gigabyte's rep is for psus nowadays?

no clue, i have been using corsair modular PSUs for the past 15 years

okay, so what do you guys think about the R7 7700X and the RX 7800XT combo?

well, google says it should work flawlessly

Right, but it's not just the 4070 is what I was leaning towards. You still have to power the CPU, Fans, Hard Drives, RAM, etc under load

but 🤷‍♂️

Yeah I know, 750 is literally perfect

ha. i got an old 1500w corsair a while back in a (fried) parts computer i got for $50
corsair replaced the psu at no cost and i was running with that thing for years

powering a 1060 3gb lmao

that fan didn't spin once

Get the ADATA XPG Core Reactor 750W

It's the best bang for buck you will find, A Tier PSU

i think that psu is somewhere deep in a box in the closet now...

I got the Core II (newer version) but thats because my 4080 Super has a newer connector

I believe juun, it's just something that people don't always take in to account or put the total draw too close to the maximum output of the PSU

You don't want too much overage either

The bigger problem is when everything goes from 0-100 at once. If one isn't benchmarking the entire power curve, the amp jump on a single-rail PSU can cause a power stutter. Multi-rail PSUs have other problems

my god, adata still exists

If you don't like the one I recommended, here's a PSU tierlist

https://cultists.network/140/psu-tier-list/

If I do go with the RX 7800XT I can manage to fit the R7 7800X3D into my build

you can also run linux without wanting to kys

Nice, depends on which games you want to play tho

Corsair or Seasonic are two brands that are trustworthy

mostly, hell let loose uh...well milsim games

If youre into Esports, better CPU is a priority

If youre all about high resolution high details, GPU is a priority

Can you explain?

a bad piece of ram will stop you from turning on
a bad psu will fry your entire build

Because when you lower the graphics to the lowest 1080p, the game utilizes your CPU the most

and vice versa with the GPU

power supply issues are also a massive pain in the ass to diagnose

not dissimilar to ram issues

what if you want good quality for your esports?

then GPU is a priority

¯_(ツ)_/¯

Do you have a source for this? I'd like to read it.

hi shadow

huh. i didn't expect that much of a score difference betwen the 7800x3d and the 7700x

eh..depends on the game

Single core performance is important for games but to sacrifice a good GPU for a better CPU seems odd and goes against recommendations typically.

buying a pc for a single game is a huge waste of money. spec it out for budget, and then consider performance within your budget.

some titles are very cpu bound just like some titles are very gpu bound 🤷‍♂️

Some games are still CPU bound, but that's getting more and more rare

Right

mostly csgo at this point, really

I'm looking at squad

otherwise gpu all the things

i wont sit here and try to convince you

try it out yourself

not matter what game youre playing, when you lower the graphics to very low 1080p, your CPU takes care of high frame rates

once you set everything to MAX 4K, your GPU will be taking care of that

https://www.youtube.com/watch?v=xhYvDCandPQ

32 gigs of ram should be enough for an AD lab right?

Unless you are an esports pro or streamer who uses the game to pay the bills...... That's a huge investment for one game that's going to be outdated in a couple of years

he's talking about one specific game that just so happens to be cpu bound
that's not a definitive "lowering your resolution means your cpu does the work instead!"

I was just curious and wanted to learn something, but if you're basing it off anecdotal evidence, that kind of tanks what you're saying...

he also didn't say anything about lowering res doing that, just that he upgraded his cpu

this works with all games because its the fact that you lower the settings to the lowest that makes it CPU bound

not the game itself

aye!

You have to try it instead of denying it without trying it

Nope, i tried it myself

Now I am going to have to ask you to provide non-anedotal evidence. You're making large claims.

that's IF you're even bottlenecked

😦

IF you're bottlenecked, then removing that bottleneck will do that

That doesn't mean anything, it's annecdotal.

and that's in EITHER direction

Try it and see guys, there's no point in arguing when I'm the only one who actually tried it here

You're just disagreeing without trying it

You're not providing evidence of the claim.

you just have a fundamental misunderstanding of what happened

Anecdotes aren't evidence

you removed a bottleneck, you didn't offload to the cpu

What games did you try it on?

"I went outside today and saw that the sky was blue, this means clouds are a government construct." that's the level of validity you're providing, since you aren't providing actual evidence.

CS2 and Valorant

(I already specified im talking about Esports here)

Same

You just love arguing you wont even try it

BLEGH

there's nothing to try if we aren't already bottlenecked 🤷‍♂️

you can't increase performance by lowering performance (this sounds weird as typed)

Both of which are very much CPU bound, unlike a lot of other games...you can't just say because it did it for those two it'll do it for every game

Why would I want to play a game on Roblox's quality level? /shrug

Esports

alright, the quality of this discussion is degraded to the point of not being useful to anyone

I was genuinely curious in what you had to say, and was excited to learn something new, until you refused to provide any actual evidence. Please don't ping me again until you come up with some non-anedotal evidence.

move on to ta new topic pliease

The weather was decent here today

ayyy gcia is a good one

I am going through account hell right now though, reapplying to all the accounts that I already had at my previous employer

Zeek got renamed, right, or was that another tool?

BHIS made it?

i think so?

huh.

wasn't it Bro

think it became zeek in '18

Yee, I think that's it

Unless they renamed another tool of theirs lol

Hi

Oh, RITA is BHIS

Hey folks how are we doing, i am currently wrapping up the burp suite unit.

dragonfable best in slot guide

GOD MEEP MOOP THIS IS NOT FIREFOX

why xfreerdp is so slow?

for lord

Hi 🐝. How is the unit?

What I mean is how are you liking it.

crap.. burp isn't loading in Kali.. Java errors.. 😦

More coffee needed.™️

depends on how you use it to connect

:java:

damnit

why did it display then just give me an error and send the text

discord sucks

Because Java. 🤣

How do yall deal with stripped screws

Is this a dirty joke?

Nop

lol

Repairing a laptop just trying to remove a stripped screw

I usually use my fingernail and put side pressure on while unscrewing. Works most of the time.

It's likely the threasd inside and not the screw itself.

yeah, but the screw is a circle right

Magnet

what's stripped, the threads or the head

head

your best bet is an appropraitely sized removal bit

its all the way tight

its a laptop so a lil scared taking a drill to it

but be aware that it's more likely than not you'll damage something else getting out that stripped screw

if you have a rubber band, put it between the screw and driver (and press)

it's why it's important to not overtighten

yeah, I know already

and to use the appropriate locktite and not the green bottle

tried it already

still spinning

the green and red locktite have no place anywhere close to your electronic cases

eh red bottle is fine

shh

Reverse drill bit..

if you have a heat gun and don't care about possibly melting the chassis, sure

i'd start with a left-handed screw extractor bit first

Those don't work all the time.. but yes. Appropriate step.

we had a bucket of red loctite at one point and i would literally just dip bolts in the bucket before using them sometimes

yeah ... I don't have all the equipment talked about herer

if the extractor doesn't work, then try to drill it out.... but again, be aware of the risks

Last resort, dremel a slot in the head and use a flathead screwdriver to extract.

a screw extractor set is pretty cheap

If it's a laptop screw then it's pretty small too..

thinking about that right now

Is it surface ot deep set?

or*

surface

ok

tiny metal saw blade works too in a pinch..

hello thm

Ben!! Hi! 🙂

I feel like I haven't seen you around in a while.

Hello:)

yesyes

busy 😄

workin' on all sorts of things, keeping out trouble, etc 😄 you know me

how's tricks? @normal fable

tricks?

Hello Ben

oh sorry british saying

how's things

good good. Besides the broken wrist.. I keep breaking things.. lol

Cmon moo get to the British slang 🤦‍♂️

I'm working on it.. moo...

oh eek. sorry to hear

Do you not like being called moo

I have a doc appt tomorrow to see if I need surgery or not.. hoping not.

moo is perfectly fine with me. 🙂

Great

Or should I say brill!

Trying to pop this thm box.. man.. I need to knock the rust off. lol

What room is it?

Brick Heist

oo thats a fun one

Just finished Pre Sec Path LFG boys

now what next?

.

oh perfect thanks!

Very informative unit thats for sure, i really like the automation it presents

Also I got my act scores back, exceptionally good scores for the scholarship im applying to

party time! 🙂

it's almost honk mimim time

have a good honk Jabba. lol

Guys, Who try to exploit CVE-2023–45866
Did any of you find a problem with the success of exploitation?

Trying to use mitmproxy as a replacement for burp suite proxy.. can't get that to work.. 😦 502 error... bah!

Is this for a THM room?

No

aha! I had to add --ssl-insecure to the cmd.. lol

So what are you targeting with this?

when the room says artefacts, are they refering to apps? or like logs that shows all the actions thats being taken on the computer

My own devices, of course
other activities are illegal, So I am not able to do that

in your example the later.

Artefacts are traces of activity. For example, if I log into a machine, there will be artefacts of the fact that I've logged in (assuming I haven't removed them to clear my traces)

ah i see

like clues almost

We can only help with THM provided practice targets.

pretty much. Artefacts/evidence, etc

thanks

In fact, I did not want to help with that. I heard that there are people who did not succeed in exploiting the vulnerability on unpatched devices, so I wanted to know the General effectiveness of this vulnerability.
I tried on two Android 7 and Android 4.4.2
And It worked for me

while doing these practice ssh's theres random pngs in the ls directory, is there any way to actually view these or are they just null files added to make it more realistic

welcome helldiver

We can't verify what your target is when it is not a THM room. 🙂

a wild timtaylor appeared

Listening to Joep Beving, so less wild this time. 😄

The THM room is like a real hacking operation
What if I want to hack a device but there is no help here because it is not about THM room so I go try this on THM room, I will find help here because I am trying on the THM platform, understand how to hack and then go practice what I learned in reality 🙂

sus

@umbral bay Hi!!! How are you?

Mr Productivity what's up? 🙂

Anyone helping you, concerning a non-THM target, inherits potential legal risk in helping you, this is the issue with helping with unverified targets. That's why we have safe and legal practice targets on the THM platform. If something goes wrong, it is safe, and best practice.🙂

not much productivity, that much i can say

Not living up to your name huh

debating if i wanna keep applying for other roles, hit a bounty, or jump onto irc and handle some things i've been putting off for a week

nah that's exactly my name lmao

productivity to the abyss

straight to the void

nonexistent anymore

It’s gone

https://tenor.com/view/feed-the-void-black-cat-snack-hungry-cat-hungry-gif-306965068353833327

It is Wednesday, also known as Wotan day, so should be adventurous. 😄

@umbral bay what is @throwback

cause it's not the pepsi

I will repeat what I said 🙂 , I can learn on the THM room and find help here and after understanding the process I can apply what I have learned in reality.
If a person's goal is bad, nothing will work, Any little piece of information can be turned into something bad. This is similar to the way you want to use a knife: do you want to cut bread with it or do you want to kill someone with it?
In any case, we cannot prevent the sale of knives, Because we do not know what the buyer will use it for

Throwback was a legend of a Network.™️

Another way of looking at it is preventative measures to avoid undesirable outcomes. 🙂

this is not the right discord for what youre asking dude, this is for help with anything related to THM hacking is a fine line and if you use it for anything other than THM, anything given to you as help to do that would be aiding you. risk for a stranger wouldnt be worth the reward

Maybe 🙂

Wednesday from the Old English Wōdnesdæg day of Woden AKA Odin 🙂

See if you can create a room for that CVE, and thousands will benefit from your research.

@umbral bay sometimes my linguistic side comes to light 😂

I think this requires a level that I miss. Information is not a problem, but I do not know how to create a room
Anyway, I will be happy to help other people

We have help pages to get you started, and an amazing community of creators 🥳
https://help.tryhackme.com/en/collections/3665115-room-creation

In Dutch it is Woensday, pretty close to the Old English.

Thanks man, I will read it

Gave +1 Rep to @umbral bay (current: #16 - 441)

They say Freysian, spoken in the north of The Netherlands is very close to Old English. I don't speak it myself, except for the word Jiskefet, which means trashcan. 😄

Indeed, English has its root in the Germanic languages families as Dutch, but you don't see much similarities nowadays, Old English looks closer to German than modern English

Actually Old English originated from a German tribal around Frisian North Sea coast, so it's not strange that Freysian is spoken there 🙂 The history of English language was one of my favourite subjects in uni

Exactly, there still is a province called Friesland where they speak it, probably in the north of Germany as well. So you must also be a Tolkien fan, given his linguistics background and infatuation with Old English. 😄

Some how Odin is compare to Mercury in Roman mythology that's why Wednesday in romance languages like Spanish (Miercoles) and Italian (Mercoledi) is actually the day of Mercury 🙂

yes, I read the Lord Of The Ring as well as his linguistic work

Odin is very Faustian, nay, Faust is very Odinite. 😂

If you like mythology and symbolism, my favorite dictionary is The Penguin Dictionary of Symbols, by Chevalier and Gheerbrant.

Mercury is depicted as the revealer of divine secrets, much like Odin's dominion over runes and hidden wisdom, I think from there it comes the connection

and shadow is gonna go unawake by lying in bed listening to beep boops for the sleep sloops while meep moops

I have the Mytology dictionary of Pierre Grimal

https://youtu.be/QPjeTSFhfP4?si=EUnviibtPEqKsNW0

W vid

When I was a teenager I was really into mythology and I learn Greek, Roman, Nordic, Babylonian mythology, etc I went into a kind of a rabbit hole for a few years 😂

the white goddess, and Greek myths by Robert Graves are pretty good too

Food For Centaurs it's also good 🙂

I have those in two volumes I think, not in hardcover though, so elligible for upgrade. 😄

I know that they were big and fancy about using notepad with emojis and using like a windows key to input them.. Is it a matter of a simple reg key to prevent "notepad" from displaying emojis in the middle of my app dump?

this just feels like someone is trying to t-bag

Adds character

Indeed

how it feels using ligating fonts

I still have those volumes in my mum's house, and I have it on my kindle too 🙂 I have to move to digital after I lived in 5 countries, shipping books cost a fortune and I have a lot of books so I left most of them in my mum's house, I'm talking about thousands 😂

@molten sky .. Ligating fonts, like ceaser? none of those fonts are here i think .. this is just straight up .. conslas

Yeah, next time I move using Pods (mover containers), one of them will just be books. 😄

not sure what ceasar you're referring to, but ligating means like turning --> into an actual arrow and such

making actual symbols

OH

In writing and typography, a ligature occurs where two or more graphemes or letters are joined to form a single glyph.

same thing here, really

That was the definition i was thinking of

Yeah, it turns 😦 into a frowny face or 🙂 into smiley etc

: ) : (

!= might become the =/= one char symbol for instance

cause people want to be special or something idk

+=1 for thumb up etc

BUT .. why is this in notepad

Its notepad, its not "clean my toiletpad" its not "make my sandwich pad"

I started buying books when I was 6 when I learn how to read, I'm 47 so that's a lot of books, plus the ones I got as gift 😂

you can read?

a bit 😛

Ah you're under 50, lucky you. 😄

https://tenor.com/view/muletas-gif-25133704

And I look 30 😂 a blessing now a curse when I was a teenager, I looked 12 when I was 18 so it wasn't fun back then 😂

How do you manage te hair thing lol

Me? I was getting MPB @ 16

https://tenor.com/view/bald-bald-head-shiny-bald-head-sponge-bob-sponge-bob-square-pants-gif-4830356535569685568

Haha.. thats the secret to looking young.. just cut all that gray hair off @ the scalp

WOOOT

Buzz cut

one down, 1 to go..

Congrats 🎉

If you have an existing aws cert i think you can renew it for free via cloudquest

At least up to .. .. the sa series?

Okay, time to celebrate. one thing done

Hi, I'm a beginner student in the world of hacking, and I recently became interested in studying about DDOS attacks, so I hosted a website for my domain, and used some tools from GitHub, but it seems that they are just toys, and don't work at all, what do you recommend?

most of the hosting platforms would have some kind of DDOS protection

we don't do that here really

aye, any recommended books

read the oxford one

and another one which told the history in a story like form

just want the general knowledge

Hey there! Just so you're totally aware, DDoSing a service you run on a platform you don't own is usually against ToS and is illegal in many areas.

hell, even port scanning your own VPS is often against ToS

Worried about the book you're writing right now Rex

The White Goddess, Greek myths and Food For Centaurs all of them by Robert Graves. The Twelve Caesars by Suetonius if you like roman history. If you want you can send me a DM with what you like and I can recommend some more 🙂

Sure

Please no

NO

NO

NO

yeah i know! The website I hosted is made specifically for this, and I used Whireshark to see the data input, but nothing entered, in other words, the DDOS tool is fake

He means where are you hosting the website

The host website allows this

that sounds..questionably vague

and odd, to say the least

I can't say, but there is no danger in carrying out this type of attack, the strangest thing about it not working is that the site does not have protections itself

uhm ... I have another concern for you

Probably READ the source code for the program you are running

A lot of those programs also have malware in them

wouldn't be the first time a PoC or so-called security tool was just a trojan

awfully ironic too

yeah, I have seen a couple security tools have miners or stealers built into them

Usually they are copy paste clones of popular projects rebranded

It's the "gamkers-ddos" tool. I saw some videos talking about the tool, and it doesn't look like some type of malware. I'm running on a virtual machine.

pretty much why i wrote my own debloater, lol
every one out there was questionable feeling and so large and oddly written that they would be a PITA to audit myself

Is the machine segregated from your network

lmfao @buoyant tree this is the first section of that script

print ("\033[92m")
print "________________TRYING TO REACH THE SERVER_____________________"
time.sleep(5)
print "_________________ESTABLISHING CONNECTION_______________________"
time.sleep(5)
print "_________0100100 BYPASSING SECURITY LAYER 001010_______________"
time.sleep(5)
print "_________________CONNECTION ESTABLISHED________________________"
time.sleep(5)
print "    DDOS ATTACK STARTED. NOTE: ONLY FOR EDUCATIONAL PURPOSES"
time.sleep(3)

Uhm... whats in the rest of the script

literally just a while true sending urandom bytes to the ip

Man I could write a better DDOS tool than that while not sleeping for a week

lol

And probably also riding a bike

Its just stupid

there's also this gem

print "Note- This Tool An Illegal Tool & It's Only For Educational Purpose.. Use It At Your Own Risk,We aren't responsible for your actions"

just noticing it also seems to increment port number on each iteration (resetting at 65534)

I don't know where to find reliable sources of tools on the internet, or write my own, I am truly a curious person

😅

yeah we can't really help with that here unfortunately

Well I would suggest to follow @whole yew 's recommendation and don't use those types of tools unless you learn what you are doing

For which you can #start-here and understand how everything works and it will also give you a overview on the law if you follow the pathways

regardless, there really isn't an ethical use of DDoS tools. "As a learning experience" isn't sufficient for us to allow DDoS discussion in this channel

Wasn't aware there was a ethical use of DDoS tools

From what I read even in a assessment DDoS isn't given as a requirement

and is usually deterred from

Very very rare, and only under specific employer-specified circumstances

testing owned infra is really it, but that's both rare and way beyond what anyone just learning would do

dis

This is a curveball, how are we going to test without ''testing''?

math and theory

But we have to know real world applications

and prayer

Well .

Step 1: Hire a professional. 😄

ah sure

yeah that's really the only one tho -- testing owned infra or in collaboration with your cdn/csp/etc, and often would need to be worked out with your isp itself as well since it can cause a degredation of service for those not even related to yourself or your target

Are you available for hiring right now?

it affects people not even related to what you're hitting

Is there any problem that leave all infra to us for test in real world

ehm

translator?

Knowing what you shouldn't be doing is as important as knowing what you are able to do.

scope? what's that

Roger that

This learning throughout the virtual security process is very curious, if it fell into the wrong hands it would really be dangerous, but my question was more about not wanting to harm anyone. I just wanted to know how I can study this more deeply beyond the basics

I don't know if I'm overstepping some process, but it was something that interested me 😅

sorry if that seemed stupid to you guys

there are no stupid questions

yeah thats why #start-here

it starts you from the basics

Also its the same as knowing how to set a fire

You can use it for heat and other stuff

Or you can use it to burn things down

that's a really good analogy, thanks. I'm going to be more careful with what I try to inform myself without knowing what I'm dealing with

Gave +1 Rep to @buoyant tree (current: #132 - 50)

I also believe that 🫡

while you're here @umbral bay, can i have admin
this guy says it's okay to ask

😂

is it not?

never said the answer is granted!!!!

i'm bouta get nuked

I also believe that knowledge is something unique to each person, each person will always have doubts

that's how everything started a gift used as a weapon 🙂

Thats sure

knowledge is power

Sure 🙏😌

I so want to buy a framework laptop, maybe my next laptop 🙂 I like the idea

i support it

I could probably use phone as a weapon, they hit hard if used properly

i can use my weapon as a weapon

can't beat that

Who says my phone wasn't a weapon to begin with

hi guys, anyone here works with azure cloud can share some related groups? Much thanks in advance

My martial art teacher once told me, everything is a weapon if you know how to use it 🙂

which martial art?

this is a real error page github just presented me

Eh I only get rate limited

lucky

Jujitsu

Nice

I had a taekwondo teacher who taught me something important

how to dance

Hey chat. I had an unforseen event coming up, and it brewed up this question in my head.

Even after two years of graduation, would it still be possible to land an IT or cyber job?

"signed an nda sorry"

but actually tho, yeah it's doable

just stay up to date on shit and stay practiced

don't get 5 years behind because you haven't touched a computer in 2

Luckily, I've been doing THM stuff everyday

behold

woah what a giant number

the fuck

F12?

ye

even with that

still no job

the world is funny

shit you actually are at 690

nice huh?

btw there's someone with your same username but lowercase who has nothin yet

btw x2 your linkedin button no worky

really?

hum

lemme fix

aight so i have a major problem

same

i cant stop doing fucking rooms theyre too addicting lmao

thats not a problem

bro I can't

use my LinkedIn URL in the webpage

On my profile page

for some odd reason

did you ever set a username

it's not your name

otherwise you can just go to your linkedin profile and copy whatever is after the /in/ part of the url to thm

There

https://linkedin.com/in/THISPART

I just placed my LinkedIn URL in my "Personal Website" entry

also no worky

Bloody hell

the part that is your name and numbers

put that as your linkedin username

ok

there

ayyy there we go

pog

Now then

... I ran out of time

shit

but

but but but

lmao oh well

tomorrrow is my fridays

my french fries fridays

im gonna have frency fries on friday tomorrow

for dinner

and then

I can do more XSS stuff

until then

goodnight!

night!

time to catch some 💤

@boreal scarab thats a neat pic

what did you do to gather their attention

I stole the picture from the interwebs

Birb holding phone

nothing is worse than tryna download shit via tor

my download est just hit 1d2h

@normal fable https://youtube.com/shorts/rAjzSKKTN-w?si=k6ZnJEfNYe9pVfUi This yoy?

I'll watch in a little bit.

Typed out a question about a problem I was having and realized how to fix it when I typed it out

@boreal scarabMind if I dm, finalizing lockpicks

i do mind, actually

Mornings

m

trying to do this room but the site will not load says connection timed out but machine says its running properly

have you run your openvpn configuration yet? and btw you should post these questions in the room-help channel

boi

Today is the last day of a huge cyber conference in Dubai and I want to go but still ill. I don't know 😅 scared I'll infect everyone

that's unfortunate. Do they also put it online afterwards?

I don't know. But this would have been my first conference so wanted to go in person

Just don't want give everyone the flu

yea. Well get better soon

you should go in a hazmat suit

when people ask just say you've contracted ebola

they'll understand

Ahahahahahahahahahaha

I'll see how I feel after a shower. Just going to be daunting going by myself. Won't know what to do or anything ahaha

alcohol can fix that last problem

I can't turn up drunk to a conference in the UAE 🤣

oh shit that's right uae

Ahahahahahaha

that piece of information slipped past

Ahahahaha

Just sitting here in the train and some random Arduino tried to connect to my phone with Bluetooth lmao

Should I buy The Hackers Playbook 3?

@sick lance

Ahahahah

Yeah, quite funny to see it pop up

Ahahaha I bet

Oh? It's released for free?
I thought that was pirated😅

I wouldn't take the chance to talk about or use pirated books😅

Ahahaha yeah I get that. I don't really use it anymore

@brisk tree Please don't suggest pirating books

Sorry

@rapid merlin Please don't suggest pirating books

@deft cloak Please don't discuss pirating books.

Hi everyone! Is anyone attending Cybersec Europe 2024 in Brussels (29th/30th May)?

oh okay..

archive.org is considered as?

Yes.

pirated? 😅

Yes.

oh okay

Should I buy the book as beginner?

or there are other books which I have to look before the hacker playbook 3.. ? 🤔

and yes I mean actual physical book buy from Amazon

Id check Amazon or Ebay. They are where I usually get most of my stuff from

Imo it's an old book

I'd get one more up to date.

What the third one

Thought that was the latest one

Any suggestion?

Or is there a fourth now

Still 2018

Me too..

I mean, it's the latest but still old

I looked for Preface of 1, 2 and 3 😅

I mean, what sort of book do you want?

As a newbie.. I don't know this

so I should not buy that book..?

I'm just searching for pen testing books released last year

Red team, blue team, purple team, crypto.

To suggest a book, I'd need a more specific category 😅

beginner.. literally beginner.. which let me clear theory part about Ethical Hacking..

See what they have on the Kindle app if you have it

See if you can guy anything from there

See

I recently only saw that there is something called CIA triads and before I don't know about them also.. also learned recently about cyber kill chain from tryhackme Intro to Cyber Security learning path

https://www.amazon.co.uk/Ethical-Hacking-Hands-Introduction-Breaking/dp/1718501870?dplnkId=34421d32-8d87-4e6c-8d0c-48b04f49a3c5

2021, but no starch press books are good.

Have a look on humble bundle, they regularly pop up on that

If you want to learn the basics cisco have a free ethical hacking course you could start with. It's 70 hours

Any more q's.

Plenty of resources in #bookclub

And goes over the basics

let me look for amazon of my country.. 😅

Doesn't need to be Amazon.

yeah it's available on my country amazon too..

Thanks ^^

Thanks @sick lance

Gave +1 Rep to @sick lance (current: #1 - 2186)

Thanks @brisk tree I have account there.. I use it to learn C++.. I will look into it.. ^^

I've started it and it's pretty good. Get 30 labs to do too

Yo @molten sky mind if I DM?

give thanks have cooldown??

yup

5 minutes iirc

I will thanks MadScottishBurd after 5 minutes than xD

I didn't realise how many books there were for pen testing

@sick lance did you know it's going to be a legal requirement that employees in the EU can register time worked?

Will that apply to the UK though as well see nice it left the eu

nope

Lol

it was taken up in 2021, but just this year finalised iirc, (at least in denmark, it's from June that it's mandatory to have)

Aww

Better than what apparently might happen in the UK

it doesn't affect if you're fixed rated, it's just to prevent overworking

which I think is cool

That's good then

Yeah that is cool. Cause so many people overwork then burnout bad

Thanks @brisk tree

Gave +1 Rep to @brisk tree (current: #313 - 15)

yeah, just looked and it's only Denmark that starts out with it apparently, but it was taken from an EU legislation
https://www.grantthornton.dk/en/insights/articles/news-2024/new-requirements-for-registration-of-working-hours-adopted-by-the-danish-parliament/

No problem

That's a good rule to have

I feel more countries should do that because the amount of people getting ill from overworking is not great. As they say too much of anything is bad for you

Hi Just wanted to ask if I want to add google authentication on a avatar in navbar like when not authenticated it should show normal avatar, but when authenticated with google it should display the profile picture of the user instead of normal avatar..

How can I do it ??

why are voice channels locked for me?

You need to be verified.

That's a thing?

uint32

YEZ

It'd be a nice feedback -> #feedback-and-ideas

For thm?

Is this for thm?

I think so

nah 🥲

OK tell me how I should learn ethical hacking from 0

Take a loot at #start-here

okay

Goodmorning everyone, quick question. What would you guys say you’d use more whilst working as an analyst in a SOC environment, bash or python?

Can't be done.

If you use Google sign in, it creates a an entirely new account

If you use Google sign in to create an account, younvsnt change the e-mail

Can't

Depends on the org I guess.

Oh i see

Ofcourse

guysssssssssssss

Yes?

hey all i have a question i was doing ctf rooms why is that people at the bottem get the score for same question low compare to upper one's is it becuase of attempting the machine after long time since it was launched

Blood points, first people to answer questions on challenge rooms get extra points.

This field is massive, what do you want to specialise in?

What is best depends on your interests

This is down to preference...

Ah, so you want data.

I want free windows license key

Me?

Right now?

I low key wanna be jobless if these meetings don't end soon

I'm just living

Doesn't exist

The money is in the banana stand

If you do CS for money, you won't do it

Eventually, you will conclude that it isn't worth it

money money money

Ml is money printer for couple of years at least

I would rather be in meetings than what I am doing right now

Money 👀

cyber sec do be more important

More. "this is my startup. It's a clippy. But with AI!!!"

Lmao

So true

AI?!? We're gonna be rich, let's invest

Yup

No thanks. Am in meetings

Not sure i will ever leave them

This proves that you are bored

Lol

Chatting with us

I didn't say i am busy

It's soul crushing really

I do nod a lot though

One of those that should be an email

And that i shouldn't be CC'd on too

- So Fluff, what do you think about it?
+ Yeah uhh no. That would be great

Fluff can we switch?

Pretty much

I would rather be in meetings than write Javascript

I'll stop whining. Pls no js

not just pure js

google 👀

JS integrated with google apps script

Gave +1 Rep to @gray sonnet (current: #124 - 52)

you're welcome

in all seriousness, you can literally find the difference on google 🤷‍♂️

I don't feel like making a wall of text, but I wanna show you my shitty code fluff

@desert iron has been warned.

I got hacked guyz ma bad

: 0

You can get help from communities about a range of topics, however when it comes to certain questions that are easily found with Google, Off Secs website probably has the difference listed on their website (and their own Discord)

I am actually on track now in tryhackme.. whatever doubts I am trying to ask.. I found their dedicated rooms.. 😅

Cyber field is massive, red team, blue team, purple team.

Then they branch out.

Red team, pentester.

Blue team have DFIR, malware analysis, soc.

Then don't even get me started on the rest 😅

This is the best server imo.

I am finally done with this JS stuff

no more JS

plzzz

Pick one that interests you, if you need a vector right now. You don't wanna be stuck analyzing malware if you don't like reverse engineering down the line

There is a lot to choose from. And you don't have to while you start out

You'll figure out what you like more while you get the basics out of the way

Questions are welcome here, but you need to show us that you've done a bit of research before, and if there is something specific you don't understand, then explain it to us so we can help you.
For example:

" I went on offsecs website to look at the difference between OSCP and OSEP. I saw that they mention X and Y, but I am not sure I understand Y. Does Y mean that, or am I misunderstanding? "

When someone tells you to google something, it may seem a bit harsh, but they are probably trying to get you used to researching, which is very important in this field 🙂

On top of showing us that you made an effort before asking, it will also make it far easier for us to help. The more details, the better. Show us your thought process when trying to understand something technical.

Today my attack-box keeps crashing,
am i the only one?

No need to apologise 🙂

guys I need kubeletctl for a box https://github.com/cyberark/kubeletctl but there seems to be no ARM support... any chance to get this running on a Mac/Kali-ARM64?

https://kubernetes.io/docs/tasks/tools/install-kubectl-macos/ Maybe? Never tried, but found this with a quick google search.

if i research a question and i find the answer in a tryhackme walkthrough would that be cheating? 😅

Would you learn something?

Or jaut copy paste and move on?

Or would you try and see how they got the answer?

Now that you know it.

good answer yeah i guess it depends on how i handle that information

i probably would get a bigger dopamine hit now that you mention it if i find the source where they got the answer from 💀