(kidding)

You know, I should ask my friend if he wants to go fishing again 🤔

licensing for anything in NJ is a complete disaster and very steppy

I got my license this year.. gonna try deer and maybe elk hunting. and fishing of course.

where at

If you harvest for meat, Elk is divine. Fucking love it

west side WA

I love deer and elk meat

caribou in on my list for when i can place things around it

Could go bear as well.. make sausage.

*have sausage made

elk as well ofc but caribou i feel like is a lil less common

i'm tryna get a new contract soon so i can start planning for dove season

get some tacos and poppers and shit goin

man i was right on the dot

• $2 x a few for paper print outs in store
  then gotta add the other stamps later as they become available

no donation? wow

no morales

I see

also lol @ the government charging mandatory "convenience fees" rather than just increasing the cost

nah the fish cops here suck

Nice cowboy hat

no green backs for green jeans

Jesus

I'll just stick with my fishing and trout stamp, thank you very much

ya know what's messed up

@bold dawn my buddy gave me a stetson...

we got whistle pig up here in jersey but you can only use rifles for em on private

gotta use pellets on public

they just gave it to you?

does it fit?

those are usually pricey...

It does. It's a $800 hat..

dang... you know, I think you should introduce me to some of your friends

specifically that one

He doesn't wear it so he just gave it to me.

hahaha

😂

He's a younger guy. 18.. and going into the army.

the hats I wear are from a brand that sponsors me

Nice

He used to ride bull.

I am going working out tomorrow, haven't worked out in a while but I need to get ready for the 22nd

my dad used to be a rodeo cowboy when he was young

too dangerous for me since I'm married with a (maybe as of today) kid

👀

possibly grats

hope it'll go well without much complications

He's getting married too. I adore his fiance. They are such lovely people. I consider them family.

That's great for them! I hope that everyone gets as lucky as I did with my wife

This would be illegal, we don't discuss it in this server

22nd?

I hope so too. I will not.. but ya know what?? I'm happy. 🙂

going training with the military

Ahh

ope, wife says doctors are coming to let me in now

yay!

finally

we have a day of fighting in buildings, and leaning how to figure out if it's a friend or foe in the field

Derek probably be with your wife instead of discord

Well O can't be

😂

they have me locked out

behind security guards

https://tenor.com/view/keanu-reeves-john-wick-gif-19698031

The foe will be shooting at you /j

lmao

but no, if everything goes well I will be signing up

it's not the military military though, but home guard

they lied to me, no one has come to escort me

CQB?

so we will be supporting and helping the military at trainings and keeping guard when they are landing with helicopters etc, as it's the airforce we are home guard for

possibly

talked to reception, they said "the doctor is still in there with her, so I can't let you in yet" and then my wife said "ain't nobody in here"

this isn't the first time the hospital has been unfair and lied to me when keeping me separate

it pisses me off. I wonder if it's too late to switch hospitals

Bust through the door

i am dming you a pg13 joke

https://youtube.com/shorts/Ljz2pqZWuEo?si=PoknRHda9KBiwYCq

????

Tf?

"As a kid growing up in the 90's I didn't need a phone to be sad. I was ahead of my time." 🤣

It's not for texting and phoning, but more for the social media apps. It's also only being considered right now, and there won't be any changes until after the general election

I've seen the whole cyber bullying thing be a problem in schools...

It 100% is. In my opinion, this would be a great thing

I think we in the US should follow that.

Maybe just have kids lock their phones in lockers at the start of the day..

Most schools here have banned phones anyway during the day. You can have one on you, but it can't be taken out

It can be quite difficult to enforce though

Hey everyone 👋

Emeritus roles are no longer a thing moving forward. If there are any questions or concerns, let me know 😄

@pallid lotus

We have sorta the same here. You can have a phone, you can use it in free time, or lunch time. Bur during class, no bueno. I believe we were allowed to listen to music though 🤔

Yah, I have a question. WHY?

Similiar. But you can't use it during free or lunch time - those are the worst times as well

We used to have this at my school then they outright banned phones. If it’s seen, you lose it.

Our school said it was to prevent cyber bullying but you could still do that at home..?

We also had this ^^. It actually changed when I was in the middle of school lol

It's not only that, but also for things such as recording fights and conflicts - then spreading them around

I remember hearing, waaaaay after I finished school, that they wanted to ban water bottles

We noticed
Makes sense -- very on brand 😆

I say we give @pallid lotus Room Tester as the main role, closest to Admin Emeritus. Red looks.... weird

We are currently restructuring our community teams and channels 🙂

No thanks
I was a room tester for years. I've done my time

Gave +1 Rep to @boreal scarab (current: #30 - 260)

Muiri where is your fancy colour? :(

Oh wait you were talking about that xd

Muiri, you better hide or you'll be bombarded with similar questions

Yeah. Every time I've stuck my head up since yesterday lmfao

Hey Muiri

why the color?

xd

Muiri I have a more important question

On your blog website there seems to be a space where a new blog should be 😉 😉

A blog about what happened to your role color

Ooo, new channels. 👀

This was addressed further up.

Sounds about right. Fun is no longer allowed

😉

I know, I am messing with him in the context of the conversation

https://tenor.com/view/joke-dumb-you-gif-8906255

There's only so many times it's considered funny, then spam.

Just me, or is discord a lil slow?

What are you doing?

Especially loading profiles

Actually did some planning on that the other day. Thinking of doing a nicely structured API so I can add in a bunch of the other services I run as well (e.g., the dynamic flags)

So when clicking on someones name :)

Sending messages? switching channels/servers/proflles?

It's slightly slow for me

Then again my internet is crap

Nah, there is a delay

Or there was.

Ooo nice, looking forward to it!

Of course, when I want to record it, it pops straight up

Also means I get my choice of headless CMS as an editor that way

😂 imma try one too

I'm super close to releasing my blog post, vendor's been contacted and they've release a security fix...so just waiting for disclosure now!

Sometimes even longer

absolute vibes

Oh sorry it did my music too

I do not run a bug bounty programme. Leave my API alone lmao

LOL don't be sorry

Is it public? 👀

Pokey Pokey.

https://tenor.com/view/hammering-plankton-spongebob-squarepants-bashing-battering-gif-25583117

It will be. Gonna be the new blog, amongst other things

You should do one, and giving away t-shirts ;)

Where is the decline button smh

Although you bet your arse I'll be making life difficult for anyone poking it

Sounds promising.

Maybe get the other half of your name 👀

If you thought my CTFs were bad...

I don't, they're good.

Try my prod apps

Roblox about to be wild https://www.pcgamer.com/software/platforms/ikea-is-hiring-workers-for-its-online-roblox-store-for-pound1315-per-hour-and-you-can-even-serve-virtual-meatballs/

I'm more interested in your malware

Bad for sadism

Hm

How would that work

Glutton fur punishment, I think?

No idea

LOL

You would prolly get a 0.000001 percent chance you would actually be picked

It's only 10 candidates

https://thecoworker.co.uk/

No way lol

This is way to serious

What we offer:
This is not the typical IKEA job. Candidates will be recruited to work inside our newest store, located on the gaming platform Roblox, getting a taste of what careers are like in a real life IKEA.

-Fully Remote and Flexible.
-£13.15 / €14.80 hourly rate.
-Limited Contract.

How do you feel about being turned into pixels?

Prolly one of the easiest jobs you would ever have

No because What would you do if we ran out of pixelated hot dogs in our bistro?

Century Link?

Cook up some new ones fr

Nah bro, id spawn in new ones

Ah you right

Tell the customers to make there own

Imagine getting fired

Like /give-inventory pixelated-hot-dog 64

That would be the most funny dismissal ever

Can't fire me if I leave! Alt+f4

Then hop in the store on another account

And yell about that you are fired there

my current

The ping scares me most

not too shabby 😉

Hi all. I'm mentoring someone and she's looking to get into Digital Forensics. She's completed the Pre-Security and Intro To Cyber Security learning paths. If she's pursuing forensics what would be the next logical learning path to start? SOC Level 1?

Yuup

Thanks @rapid merlin!

Gave +1 Rep to @hexed ether (current: #2088 - 1)

What would the best path to learn pentesting be (so far Introduction and working on Jr Pentester)

#pre-security-legacy-path
#974406074444685322
#junior-pentester-path
#offensive-pentesting-path
#red-teaming-path

alr thanks

is how shadow would do it

but generally learning some parts of the defence will help you be a better attacker too

aight

how do I give rep lmao

+rep @sand trench

thank you @sand trench

+rep @sand trench

I have no clue

Gave +1 Rep to @sand trench (current: #4 - 1762)

Gave +1 Rep to @sand trench (current: #4 - 1763)

oh

there we go LOL

oh there we go

lmao

rep farm???

sorry for all the pings shadow

nah no probls

what is your favorite cheese?

depends on for what purpose/use you are gonna use it for

Let's say a ham sandwich

probably cheddar or red Leicester

also, grilled cheese and or quesadilla. These ones would be a surprise for my wife when we get home from the hospital

dunno on quesadilla as never had one

but for grilled cheese a mixture of easy melty cheese and some smoked gouda is amazing

Good to know. Quesadilla is probably about the same

yuup

+rep @sand trench

Gave +1 Rep to @sand trench (current: #4 - 1764)

I've never had quesadilla

I know what it is, but I've never had it

Slaps Rex with a tortilla You're missing out

not really I'm not big fan of mexican food

It's for real just comfort food. Doesn't fill you up, but can hit the spot.

for you yes, because you probably grew up eating it. I grew up eating asado, empanadas, a lot of italian food and some spanish

wth

Just ate it a few hours ago

any OSINT recomandation?

for what?

Someone say OSINT?!?!?!?!?!

if you dont like mexican food - you havent tried some good dishes

@sick lance do you know if next ctf event on 6/6 will be available for streaming or this is not possible?

need more osint

I dont wish to say, since its classified, but it isnt use for any type of illega stuff or anything like that.

It's on3 of those, fucked up sleep kinda day, been so tired

any osint challenges to have some fun with

OSINT is purely legal though? It means Open Source Intelligence, we ain't breaking into any systems (and that would be illegal, without permission, to begin with)

Or are you saying, the topic is classified, as in you don't want to say it publicly. Or is it really classified as in military?

Its a military type classified

Very Classified

Nope, uh uh. Ain't touching that with a 10 foot pole

War Thunder

Joking

Within TryHackMe, or elsewhere?

i aint going to teh USA buddy

ive tried most of the thm rooms

https://imgur.com/FhBnfFP

Alright, Interpol watch list then

would like some more in general

;((

Give me a sec, there's one off THM that I've liked

i escaped 2 years worth of taxes

Okay, how are we able to help you if you don't tell us what you're trying to achieve?

trust me

@velvet solar https://sourcing.games/

i alrdy found one

irs is a joke tbh

nope

That one, I know, looks like a sketchy site, but it's full of OSINR challenges

i mean

yes

it is

my favorite osint related thing ive done was find someone's highschool yearbook quote from 3 online chess games

irs is fake

..

stuff is so fun

Which ctf?

thank youuuuu

Gave +1 Rep to @boreal scarab (current: #30 - 261)

https://ctftime.org/ctf/1047 this one THM will be sponsor also

Hell yah! I LOVE OSINT

For me, my greatest one was getting weather data, and news articles for a specific state for someone as, a business that I shall not name, made a pregnant lady work out in -40F degree weather, when there was a MASSIVE blizzard.

Person sent it all to OSHA, and they got fined.

Not sure. I'm not THM staff.

Geo osint

amazing haha

You're welcome! If you need anything reccomened for OSINT stuff, feel free to ask me, or you can even feel free to DM me. I love talking OSINT

i loveeeeee osint

give me a website for OSINT

You mean the guy that can take a trashcan and find exactly what street it was on? Lol

https://sourcing.games/

It's OSINT challenges

yeah lol

@polar spoke I need hashcat help

What you need Bella?

is it good idea to try crack a possible 14-25 character password?

oh guns make total sense

your first osint challenge is to find it yourself

I can answer that, NO

That's HUUUUGE

unless you have a few weeks / months almost a year to spare

I believe chicken told me the odds awhile back, even with 12 4090's it would take AGES

I smell like bolognese

actually my question is, how can I create a mask that allows for bruteforcing on that amount of characters?

https://tenor.com/view/milk-mocha-gigit-gif-5735841667350117868

if you the password has capital, symbols and number I hope you have at least a few hundred years 😉 😂

should i focus on ethical hacking more.. or boxing.. hm.......................

with help of lit bit social engineering, would reduce time much

if it's just all lowercase letters.. 25 chars is not that big.

there are way worst smells than that 😂

I know

Can’t you do both? A hacker boxer would be wicked

hey guys ! is #1247565835791368243 a new room?

hackboxing

lmao imagine jumping someone and after hacking them xD

#general message

We said ethical hacking right

"so only a cool 623 Billion years 🙂"

https://tenor.com/view/munsonated-gif-26549638

Have you seen chess boxing?

I have

OOH I SAW THAT

Its some good shit

I thought about millions but I wanted to be optimistic 😂

unless there is 10 year old kds that cant fight

We are not creating a botnet. Bad, no

what if u had 200 million 4090's?

That's a @polar spoke kinda question

and what if the password was 1234567890123456789012345

let's say 50 years until quantum computers are a thing 😉 😛

sup

it me

I has raised the chicken!

shit i spiled capri sun on me

yo

oh one of these questions?

ezpz?

yes

mask on a pkzip hash that is probably 8-25 chars which you can write in hand? 😄

is it possible to bruteforce?

no

LOLOL

I remember that guy

Totally possible if you have enough time.. before the world comes to an end. 🤣

How difficult would it be to try and connect all 200 million GPUs to efficiently crack in the first place

🤔

you'd spend more time setting it all up than cracking

gimme a min and i can address all of this 🙂

and even longer earning the money to buy it all

200 million RTX 4090 GPUs, it would take approximately 3.33×10223.33×1022 years to crack a 25-character PKZIP password, which is astronomically impractical.

you could borrow some bitcoin mining equipment

You could take over bitcoin

all of the GPU in the same time

it's for a redteam/blueteam competition right now

oh, sorry, i didn't use Chicks benchmark data (ty btw)(in that first estimate, the one below uses it)

1.89×1025 years to crack a 25-character PKZIP password with 200 million RTX 4090 GPUs.

If you didn't know: https://gist.github.com/Chick3nman/32e662a5bb63bc4f51b847bb422222fd

effing zoom why doesn't have dark mode on the Linux version

zipcrypto or AES?

not that hard tbh

just costly

Your first problem is using zoom lol

zipcrypto, already cracked with bkcrack

but we need the password itself, not the zipcrypto keys

oh you have the keys but you dont have the password

thats annoying

yup

gotta do it the "normal" way

which means no good guess on time

I don't have any choice I have a meeting and they send me a zoom link, I'm not going to boot on win just for an effing meeting

and management want the password

hmm

it's likely that it's able to be written in hand, can't exlude or only limit to leet speak

who wants a caprisun

it's been running on a 3080 all day long so all shorter things are checked through

bkcrack itself is at 14 in length

well

rules and a good wordlist will probably be best bet

I was mainly kidding

yeah, oh well, we decrypted the files anyway

Why not rent out like 12 4090's?

It always sketches me out when someone uses zoom at work

management want the password, not a paycheck

I had to use zoom today to talk to a vendor..

They want the password? Gotta fork over a paycheck

https://vast.ai/

If ya ever need it.

you got the hash?

ye

i can throw it on later and see what comes out

At least I have an out

That sounds awful

I'll send a dm

cool

Old job, used to be nothing but zoom, till they moved over to Teams, but big meetings, or off VPN, zoom.

freaking bkcrack isn't GPU compatible

omg get your fire extinguisher..

it's only 40'C or something like that

Oh that's not bad

Mine is like 46c right now... lol

looks at i7 7700k ahhh, idle at 50C yum

I think my 5950x idles at 40°

who are ping me

nvm

Hey, at least it's multithreaded. ;)

potato

I really need to clean my cooler. 🤣

I sleep.

cpu no sleep

You know, I'd lend you some CPU power if I could.

Lel.

Just learned about the cal command.
It's kinda cute.

Pong

I wonder if booting up a windows 10 VM on my server and giving it loads of cores would actually work in doing that 🤔

Try this telnet towel.blinkenlights.nl

Oh, that one's hella old. ;)
Surprised it is still hosted, whahaha.

It goes down a lot.. but always comes back.

.

Hey *

Heyo. 👋

How is it going ?

Just waiting for DNS records to expire, I'm hella bored.

How about you?

I don't know what that is, maybe explain to me like I am a golden retriever what is that and why are you bored.

how many hashes/sec are getting?

Basically the thing that tells your browser and other tools what IP address to go to when you visit https://example.com.

toaaaasteeeer

Ah I see.

Where!

And why are you waiting for it to expire ?

I pointed a custom domain to my github pages website and now I need to wait for the old record to expire so that the new record is used instead.

E.g. example.com currently points to 10.10.10.10, and I need to point it to somewhere else.

What is a github pages ?

do you know any walkthroughs or challenge rooms to learn ics?

A very simple way to host static web pages.
Html and Js and so on.

AHH I understand now.

not really, it's pretty specific, depending what your'e doing

Thanks.

We just talk about this this in here a few days ago

46 more seconds until I found out whether I screwed up my config.

Oh, no problem.
Always happy to explain stuff.

Can't you tell github to expire the dns manually ?

wdym by "depending on what you're doing"?

well none right now 😛

The DNS records are not handled by Github, only the html files are located there. ^_^
And no, DNS caches have a time to live (TTL), and they only check for a new value once that expires.

search for ICS in this room 🙂

So the longer the TTL of a DNS record, the longer it will take to update when you change it.

one sec

Ah gotchya, can you set a smaller TTL then, like a second ?

Theoretically, yes.

But that is not really pratical.

Depending on your use-case, you would go between 30 minutes and 48 hours.

And boom. DNS records updated. :)

I see, so is the DNS cache stored on the website (github pages) or somewhere else ?

Nope, it's stored on some public DNS server.

These are usually made available by the hosting providers you have registered the domains with.

Sorry for the many questions and happy ur dns is finally updated : )

Go ahead and ask, that's how you learn.
Don't really have a problem with explaining stuff.

Thanks a lot for your time, just one last q I guess.

Isn't the hosting provider in this case Github ?, or do you mean the DNS cache hoster ?

Or is the domain provider somone other than github ?

Well, it's a bit more complicated in my case.
I have my files hosted on Github, which makes it the hosting provider for the files.
But I registered the domains with a different company, so the DNS records and TLS certificates and all that is hosted by this other company.

And then I basically just create a DNS record on the domain providers DNS server that tells my domain to point to the Github pages domain instead.

So instead of the default <username>.github.io domain, I can use my own one.

I think I am getting the gist of it but have so many questions, is there a room on tryhackme that explains this in more details ?

DNS?

Erhm, I don't know. 😅

DNS TLS domains and github pages.

Ah I will look for something tommorow.

Thanks a lot.

There's lots of documentation around online, but it can be a bit confusing.
Feel free to ping or dm me when you need help.

I will, thank you!!

@sand trench I has acquired the good gouda!

You can get TLS certs for free

it doesnt matter who your registrar is

where the nom cheese emoji

Yea, but you still need to have them hosted somewhere.

On the web server thats serving requests yeah

Yea. In my case on the servers of the company I registered the domain with.

Github pages will just request a new cert for your domain via LE when you use them

The actual github.io domain has its own certificate, yea.

I think Hostgator and Godaddy do that now too iirc.

When you do a CNAME, i meant

I stopped paying for hosting a while ago. lol

Most things use lets encrypt free certs nowdays tbh

Ah, that.
Well, good to know that I got multiple certs for the same domain then, lel.

Fine with me, as long as it works.

https://crt.sh

shows you issued certs for your domain 😛

Closest one

Huh, why do I have three?

Guys

I need help

On CSRF room

I can't find for updated password of joshua

Account

#room-help

@molten sky mind if I DM?

@hot cairn emmmma, been to Ireland before?

no

i hve only this $currentPassword = $_POST["new_password"];

how can i get the updtae passowrd?

i thinked here was some good hackers

now i see ii was wrong

There are good hackers here, they‘re just all asleep right now. ;)

Actually tho, you will mich more likely get help if you ask in #room-help and also are a bit more specific about what you were doing and what the issue is. ^_^

time to make beerise mad again and go meep moop to the beep boop for the sleep sloop

@velvet solar oh forgot to add onto it. It was a very small town, so news articles were very scarce. I believe I ended up finding a Facebook page of a sanitation company stating that there is a state of emergency on that date, so that helped too.

Amazing

damn i main got hacked

my

What happened

Basically I didn't realize that one of my friends on discord Lost their account

So I thought it was them

welcome to dual channel communcations

hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

For contact this is one of the friends that I know in real life I didn't realize what happened until like 10 minutes ago I made sure that none of my personal info got leaked

where if your friend seems just a tiny bit sus you verify over anotehr channel

Yeah my bad

nah that is a huge bad by lots of people

a lot of people never think that through before it happens

All my other accounts are fine so doesn't really matter that much I just have to figure out a way to change the email on that account and change it to this one

At least I'm safe from all these fake friends scams, cus I don't have any 😎

That's really bad and really good at the same time

Based

If discord support doesn't want to help I'll do it myself

Anyone US based online?

hi friend!

I am us based

btw

I have been compromised

based

Someone in #cyber-and-careers could use help which job portals are popular in the US.

Someone will respond eventually

YoU hAvE bEeN hAcKeD!!?!?!11?

lmao

inb4 it’s the same sorta method just mentioned above, but for real we can advise if you need it

lol I’d just say my first reaction would not to be posting to Discord

Brotha is not scrubz 😂

Temu scrubz

Hi @sinful moon !!

no im not T_T

lmao

Jk

Every type of scrub is welcome

ok pal 💀

lolll

temu scrubz 😂

Oh never been called pal before

That’s a first

😂

LMAO I say it all the time lmaoo

Meanwhile by far the most time I say “pal” is to refer to the TV broadcasting and input standard lol, I’d say it’s not super typical

investigator@sharp citrus:/etc$ ls cron.d
anacron e2scrub_all popularity-contest
e2scrub_all

wild

What the

What is that?

im doing a cron job room rn looking for malicous jobs, and I saw my name

lol

Ooo

Doesn’t putting anacron into your cron.d make it a bit superfluous unless you really need exact timing? Although tbh first I’ve heard of this command

Sounds like it does account for missed jobs tho so that makes sense

I never heard of cron until today

Interesting

yeahh

I love weird cron jobs. 😉

i've worked with it before so im not too worried just a fun thing i found

So you can set up cron and schedule jobs that will be carried out on your operating system

ngl, every time I see Scrub is typing, I think it's Scrubz. lol

That’s cool

Yeah, it makes sense. I’m just not too worried about ext* cleanup upon boot being not enough

yep, both for system-level and user level

Weird C quirk of the day: some_array[0] is equivalent to 0[some_array]

They’re also something you should investigate in the process of pwning linux machines, sometimes you’ll find interesting cron entries with SUID or more

Or even scripts you have write access to

Wait so I can only find a Wikipedia page on this, and if I’m interpreting this correctly, the user level would be your apps? And the system would be your kernel?

It’s the same as normal Linux permissions, root does have power over kernel resources and more

yes, but you can also set custom cron jobs. for instance you can create a backup that happens every 15th day of any given month at exactly 8:15 pm

Ah I see

That’s actually very cool

Basically automation

It’s akin to Windows Scheduled Tasks directly

its like ultra-precision scheduling

very much so

I’m guessing cron would be the Linux version

want something more weird?
void **

In enterprise we use Remote Monitoring and Management (RMM) software to do similar

Yes… lol that’s the implication, but cron predates Windows Scheduled Tasks by a dramatic margin

Lmao just figured that’s what you were implying

the wild card in linux and most other things (*) orginated in cron if I remember correctly

That sounds wrong but I have nothing to refute this with how heavily cron uses *

so very well could be right

User level and system level here, I suppose, is not to be confused with actual protection rings where even a root user is not running stuff directly in the kernel, but only initiating calls for the kernel to run at even higher privileges than "root":

https://en.m.wikipedia.org/wiki/Protection_ring

Just an "oh BTW, it gets more fun" ^

Oh thank you

Yeah CPU ring != OS level rings for the most part

Using wildcards in cron jobs is usually not a good idea.

Ooooo that’s actually makes so much sense

* is a metacharacter, I think they were just reserved characters when developing Unix/Linux

Wtf discord

Actually I think that’s a standard part of cron, it’s like reverse order from minutes to hours to higher, and it’s only the higher you do * which makes sense

Markdown

We all love Markdown

I take this back, It originated in the TRAC (Text Reckoning And Compiling) Language.

@sinful moon @crude stump

it was 1959-1964

Yeah I actually can’t believe that Discord added headers and named links to their markdown support

used to be bot only

Named links is kinda gross google.com

On the first few days of releasing the update to the public you could spoof URLs with markdown

Make a link to whatever look like a link to YouTube

You can still do that

It'll warn you though

Not back then

lol I probably did it wrong but yeah

That’s why it’s user and system. A normal user can access the application layer and deeper down you go, your privilege has to escalate to access

Google.com

Nope

google.com

You do need http(s) on the target domain

google.com

Got it

Ah. The schedule, yes. Not the job though. 🙂

Yes and no. I'm no expert here but I believe there is a difference between file permissions between users even root vs others, and then the protection rings further into the kernel belly

Yeah protection rings CPU level are totally different and depend on the OS’s implimentations

I’ll have to look more into it

Thanks yall

You got it

Typically you would need to know only the file permission stuff, but it doesn't hurt to know that there's more to it

Very cool

Should I go for AMD's bug bounty for CPU bugs** on my personal laptop**?

When you understand file permissions, go look up how permissions in NFS shares work, and how you can avoid people abusing access to it by "root squashing"

Imagine the Linux operating system being split into two parts, kernel mode and user mode. Kernel mode is the core of the operating system, things like device drivers to talk to your GPU. User mode is all the software you interact with, services and much more. Even as root user with the highest privileges you are limited to user mode.

Fun stuff

in most OSes it’s only the kernel that functions at ring 0 and I believe administrators at ring 1. But mainly I know a lot of Windows Anti-cheat and DRM goes all the way to ring 0

Looking at you, valorant

DJMax Respect V anti-cheat as well but lol yeah, it’s a considerable potential vulnerability

Ah so kernel mode is just “there” you can’t really do anything with it

Should i make a youtube channel for showing how hackers and scammers use telegram and how hacknig works any thoughts?

There’s plenty of youtube channels detailing such, what do you plan to bring to the table that’s fresh?

Not saying give up, just that you’ll have to innovate to get noticed

Good night folks

i mean actual stuff and real scam sites and stores not some how scamming works on telegram

You can talk to it from user mode using so-called sys(tem) calls. For example the write syscall to write to a file. But you don't get to run code in kernel mode. That code could access any and all hardware, memory addresses of all running processes. That would be unsecure.
At least that is my understanding, I'm not a Linux kernel dev 😄

Aye I gotchu 😂

Did you literally join the server to ask that? Lol

Your previous explanation was great

Fair but there are channels who do such atm. But I’m not part of your target demographic so idk, I don’t watch much infosec on youtube compared to reading

thx for advice i also want it to be a type of vlog channel like life channel where i go through expirences can i dm you and update you on my progress for feedback?

Gave +1 Rep to @sinful moon (current: #38 - 195)

Unknown you might as well try

i will thx

For windows, this scheme explains well

I’d prefer not to be DMed but thank you for asking. I’ve just got an active infosec job and etc.

Gave +1 Rep to @keen ferry (current: #2088 - 1)

ok

You're too polite

lol I try

Oo thanks

Gave +1 Rep to @devout palm (current: #26 - 309)

Ima save that. Idk what I’ll do with it but aye I might get a question about it in the future

It's a rabbit hole with no end. Doesn't take long and you're reading articles about intel cpu instructions Thankfully you don't need to know much about this to use linux in practice.

Read that book on Windows Internals from Starch Press to learn more, it’s on my radar. I guess it’s a spiritual follow up to the ones by Mark Russinovich (Sysinternals)

Or save your sanity and move on lol

lol if only

Chances are you will only need to know about file permissions

It's significant if you want to mess with mals

File permissions were one way how I [did certain things as a kid], lock that stuff down

should i show my face in my channel bc i dont want people to be able to find my digital footprint but i want to have good interactions with my audience

Also why did chatgpt write me ransomware that passed virus total ai is crazy

Depends on the face.

trust me its a good face

Depends on the age

And your ambitions with the content

And how long you wanna keep doing it

And your camera quality - not as important as audio quality though

How about getting through puberty first mate

I mean no disrespect

But you have so much time to figure stuff out

Don't worry

I know just scary not knowing if ill be able to secure that job like i know i can but still something always doubts it

War might break out in 5 years then what

does it even work

yeah

then prayers

Indeed

Lots of "X for prayers" memes

I’d just say make sure you have more than the basics down before continuing, having no rank on THM is a little concerning. Most will want to hear from experienced folks in infosec

fuck it ill just make video idc im not trying to become the next cyber mentor no disrespect to him but can he even hack without being inside a companys network with premission lmao

You could always first start talking about the basics

huh?

i dont do tryhackme i use to

I've been asked to keep my opinions about TCM for myself but I'm happy to hear you won't strive to walk in his footsteps

I’m sure he wouldn’t want to do that even if he could

yeah because he knows he would fail miserably

Asked by whom?

Mods don't want drama from the outside

wat, you do know we’re here for ethical hacking endvours, you always need permission this which is non-negotiable legally. Also what you mention is not how this work, you’re typically not granted these credentials unless you fail external access afaik

i know im talking from a black hat hacker point of view or a attacker

From a?

Criminal POV ^

So don’t say that an ethical hacker isn’t trying to take the same mindset and steps, that is their job, threat emulation

Ik I just read to much into it

Thought he ment like he was the criminal

My bad

Oh I'm sure Mr YouTube star has broken plenty laws already

100%

I’m not sure we need to go there or dwell too much, and just say good luck on your future career.

I guess it would be bad timing to announce my own future YouTube channel now

Go ahead

lol, but nice tho

Today, we learnt about windows internals

Be the second one today cyberterms

at the cyber security course i have participated in

Oh no

Sounds rough

lol came up here as well, but nice

First day was assembly

So now you're an asm guru?

Also arm or x86?

pretty much not

x86 they mentioned

Ok

i know a little bit of arm because of the silicon mac

Also curious x86 or x86_64?

elf_i386 specifically

makes sense, gotta love dat linux

Cool

The fun part begins tomorrow

hehe

That is when we get nasty

What kind of reversing or work were you doing on Apple Silicon?

I was just compiling my C code and putting it into disassembler

Aight I'm out as well... Gn

Totally fair, quite interesting stuff

Nighty night

G’night Birb

I did literally get M1 Mac Mini specifically because of the Apple Silicon change, too interested to resist

On friday, i will be having an exam. I hope i can get into the team (Malware focused team).

I’m a huge fan of PowerPC era Apple so it really appealed to me lol

oof, good luck!

lol i bought a laptop because of win internals

and generally for visual studio

Red Team ops kinda stuff?

It's nice having a mac as an extra

Yeah fair enough, even just startling infosec/sysadmin it’s neat to have some Windows machines to mess around in

mhmm for sure

Yeah kinda

For years my Mac Mini was my third monitor in work from home setup, not on the work network so was helpful to troubleshoot and identify network issues externally

i think newer modles are unessecary unless your programming Ai or using a Ai software beacuse of the dedicated ai chip

But separately from that I do operate an OpenVAS server, at work, because no budget besides hosting lol

Makes sense

I use Barrier to switch between mac and windows

So it can be like second monitor

You got to be a content professional or developer to really run into M1 limits tbh

https://github.com/debauchee/barrier

Makes sense, yeah I just have this three monitor layout with third being Mac, just nice for *nix tasks and things not on the work network

Had to stop myself from commenting on Linux qemu/kvm lol

why lol

Not a Keyboard Video Matrix or whatever the original stands for but Kernel Virtual Machine

Arm sometimes be annoying

kvm is based level 1 hypervisor, no complaints really

How so?

Incompability when your workload is mostly x86-64 binaries

Which OS? I mean it’s pretty darn seamless on macOS

macOS

heck depending on what you’re going for, qemu emulation gets you a lot as well

Haven't tried qemu but ye

Will defo try that

When i get home

Fair enough, I guess I’m just not doing tasks performance intensive enough but Rosetta 2 has just werked for me, including games

Well qemu is neat, but it depends on what you’re looking for, there’s also a very advanced mac frontend for it

one sec

https://mac.getutm.app

is UTM using rosetta 2?

It's slow

No this is native qemu emulation just with a pretty frontend so ARM to whatever target platform, qemu supports way more than x86

Didn't qemu get taken down by Nintendo

Rosetta 2 isn’t really slow, but I’ve not tried UTM out. Have plenty of experience with qemu on Linux though so I’m curious what you mean

I meant the UTM

Yeah I don’t have direct experience with that but I think some but not all have JIT compilers, but expect retro systems/OSes to run significantly faster than emulating modern x86. This is not Rosetta since it can’t be optimized to the same amount

You can somehow do the job but it takes a little effort

And my macbook has 8 GB of RAM and 256 GB of disk

It's very insufficient

Ah ouch, yea not very viable for larger VMs

This is what i don't like about apple

Yeah probably soldered in RAM if not in the SOC if you have M1 or higher

yea

RAM is for sure the main concern for VMs

Have 256 GB in my server which is a VM host, that’s more than comfy despite being older

Other than that, it is fine

I would use it further

as my main machine

Do you have other machines which could be upgraded in RAM?

I have 16 GB laptop

Lenovo

Both sticks upgradable? 32 GB is a big upgrade in terms of VM host than 16

Idk

Can potentially run 2 Win 10 level machines at 4 GB

Or a DC at 2GB and workstation at 6 GB

leaving 8 for your host

I was also going to install asahi on my mac

Have you tried it?

Very very cool project, no complaints if you don’t care much about gaming, but even there it’s improving

No but I follow the project closely

Tbf, i wouldn't game on a mac

lol I don’t either beyond out of curiosity or on a actual retro Mac, such as my iMac G3

Ouu

Beautiful setup

Danke, yeah the few retro machines I have room for

Damn. I'm a little jealous

obvs love the Dell XPS 500 the most, been upgraded to 800Mhz CPU and GPU sidegraded to 3dfx Voodoo 3 which was also available as an option for this machine

I want to CODE in that machine!

So nostalgic and motivational

Mhmm and would feel great too with the Alps switches on the Dell AT101 keyboard I got to match it

I'm curious: what does one do with those? Nostalgia I understand but that's interesting for a day or so. And then?

Retro PC gaming to the max, and also enjoying the vibe

Like a collection or smth

I’ve beaten many PC games I would never have touched if not for this system

That dell keyboard looks like the classic IBM keyboard

It’s the Dell ATA101 Keyboard, a sorta legendary Alps mechanical switch keyboard

https://deskthority.net/wiki/Dell_AT101

Originally this came with Dell QuietKey keyboard which is decent but membrane

So I decided to do a slight anachronism and mix the two

I had a model f but threw it away many years ago before knowing what it was 😕

Ouch, I have a model M in storage but missing many keycaps and also original AT connector

https://tenor.com/view/june25394-gif-9355980

@sand trench

I guess you've heard about this infamous Indian retro-ish keyboard that LTT imported for a video? If not look it up should be your thing 👍

Also sorry not sorry, Windows 2000 is the best OS Microsoft has ever released and it’s all been downhill since then

Stopped watching LTT years ago due to issues with their content which has only gotten worse sadly, but thanks for the shout out

It's 5 years old already https://youtu.be/PIi0eO1Ws-A

lol long before I stopped watching but I’ll give it a gander

TIL Gander is more than an airport in Canada on the route between North America and Europe.

lol is also a proper english verb

for taking a look at something

Will try to use it

Didn’t notice until now that was a curiosity rather than a correction lol

Gonna give bed a gander now 😴

lol close but… c:

Shit, sorry I was so late to this, the day caught up on me I guess.

but if you’re really heading to bed then G’Night

Curiosity!

Should I @ juun to talk to them, is that what you're saying?