#general

Not that

Oh

Tbh manuals scare me

Spooky

Red Team field Manual 🙂

It’s a pretty cool manual but it doesn’t really explain to to use all the stuff

I’m guessing you would have to research it more

is just shot notes kinda

Cute kitttieeees!

You're in the wrong field then

😂

Nah but fr I don’t mind reading

Do yall like pickles

I absolutely love pickles

@mossy river funny timing -- just scrolled through reddit for a bit and the "add commas to your passwords" thing is a hot post today in a sub or two

Hello everybody

cursed gif

but also hello

hello I'm new !

Hello New, I'm GNU-Rex 😂

new meet gnu

damn thats actually fire

it is kinda nice to play with

bluetooth tomato right

i never buy adapter for some reason =/

yep

and free c2 server is crap

IDK why but that remind me of the film "Attack of the Killer Tomatoes" 😂

for c2... you miss nothing... i host it on AWS and is just pain in ass

Gave +1 Rep to @loud marlin (current: #26 - 315)

oMG cable is also kinda nice

@boreal scarab
https://github.com/hak5/omg-payloads/blob/master/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt heh

Lmao a Florida man shot at a Amazon delivery drone thinking it’s a spy drone

ofc

its florida

ofc alliens would like to see tf they are doing

Correction “Walmart deliver drone”

some dumbass also try fly drone in our company... guard shoot it down =/

With those signal blocking gun thingamajigs or a net gun

real gun

Uh what is going on?

Conversations

Nice marksmanship

Wait are those already out?, thought they were concept

They are used in military

they are army. just in case that we do some super high lvl then also special army is there. and yes they have full go if some is stupid enough to try walk in

Blink if you work at a military base.

https://youtu.be/_GPLsJ4FLuA?si=BiM0Oqjlye0VCpld

Quite much better

AI written code is not usually secured by default

So yes, 0day's will be much easier to find

Right now, you would need a way to train the model to find zero days, from my understanding, which would be quite difficult.

Zero days are unknown

Can you use LLMs to make exploits more efficient or have a higher success rate? Yes.

AGI is likely where it's going to fork a bit though

or as some train a the big birds like eagle to catch drones 🙂

Oh yes I see that too

That’s very cool too

To dig into this deeper, you may be able to train the LLM on some form of pattern matching? Such as training it on a category of exploit and then looking for patterns that match in what you're testing? Idk, AI is not my area.

like burp automation testing links and or so ?

I just went on a 5k run

I don't know why I did it, but I did...

go sleep

More like pattern matching in code

Nice!

I can't 😭

gonna start off the day with something nice hehe

aye! exercise is good 😄

now drink water atleast

You have x result, review the code behind those results(human & machine reviews), see if there is a pattern, go from there

Not immediately

In a couple minutes

I guess, more realistic is it running code and finding irregularities in execution flow that are indicative of flaws. But don't quote me on that, also not ai person

Yeah, this is kind of what I was getting at but didn't know how to put it into words

Hey Fluff

Kind of like debugging, but on steroids and much faster than human would do

Pretty much

It's not that it's doing the work itself, it's the x factor of work output of an individual contributor

Idk if that sentence makes sense, I'm tired af

Force multiplier is probably a better way to put it

Ai fuzzer could be fun. Without actual fuzzing, just simulated based on decompiled binary

I am proud of you

and yesterday too, right?

Hey Verum 👋

Hey me

GIB KISMET CASE!

welp that's enough discord for today

Hello there 👀

https://tenor.com/view/kto-lbow-hi-hello-hi-there-gif-25347432

Good night!

hi

So, it drops your entire folder structure into your own Discord via webhook?

Hi 👋

hru mate

Doing good, got back from a 5k run and took a shower

good joob

W mans

uk you just reminded me to go back to running

mmmmm 221 Human teeth

YES, go back to running!

i'm specialist at 1.5km run

Detroit become human?

running is fun and all
but it's like 100 degrees and 97% RH rn so yeah let's not

In what reality does that look like Detroit Become Human?

https://tenor.com/view/bonk-gif-13392138837084579216

it's 75 degrees here lol

37 degrees for all you weird temperature having places

what game is it then 👀

bro my dad doing sport since he was 18 now he's 56 yo never smoked or something but he got heart atack

doing sport is better than nothing

you mean non-freedom units

I went mountain biking today, it was a mistake

Police Simulator Patrol Officers, with the Highway Patrol DLC

Oh wow, nice!

looks like tomorrow is 90oF and 72%

With heat index it was like 110°+

high UV index as well

I also broke a pedal

who needs pedals anyways

flinstone that shit

My bike is Giant, both in name and in size

my knee hurts if i dont move for more than 15 mins do you have any idea why?

I'm not a doctor, so probably not haha

haha true

I can't touch the ground if I'm on the bike, and I'm 6'5"

we use meter 💀 so i dont understand

Move around more, it will help your ligaments and tendons

2

~197cm

Oof, tall man

can i start running again? ( stopped a month ago)

I'm 5'10...

I probably wouldn't off the bat

Damn, my discord bot will mean the death of Discord lol

Running is high impact

Im taking it out replacing it with my own improved version

SoundCloud and Spotify are going down too

i'm 5'90 😊

You need to strengthen before going back to running

my bro at www.whyp.it has made a nice app. but playlist.lsangeles.com will be far better

but tbf if he's already been running he probably has proper form, so not AS high

(probably)

cuz i walked alot since it started hurting but nothing changed

it also makes sound hhhhhhhhhhhhhhhhh

In comparison, running is one of the highest impact things you can do to your joints on the cardio scale

100% --- just thinking more along the lines of "can i resume"

You may want to see a doctor, we're not medical professionals

ye true

Yeah if there's pain, probably not

i'm tryna figure what noise hhhhhhhhh is and where it's coming from lol

from the bones

i missed a few messages apparently 😂

Yes

Actual bone pain is typically pretty severe

How old are you?

19

You could be getting late stage growth spurt

but the pain comes only from one knee and only if i stay too long without mooving

Body does weird things sometimes, but at this point I'd recommend a doctor

yes you're right i should see a doctor

Walk (forwards and backwards) , swim, cycle

i went to the beach today

All of those are low impact

( i almost died i couldnt swim well with that leg in pain )

OK, so see a doctor

cycle x2?

but yeah doc

is it bone direct or muscle or so ?

bro didnt hesitate haha

We're not medical professionals

just a 2 bones friction sound

At this point we've given basic remedies

cs majors 💀

yes and thanks a lot

Gave +1 Rep to @clear jackal (current: #17 - 430)

So everyone's weather was miserable today, right?

then might the soft thing in middle. idk english name

and sorry i didnt google

I know it was too hot here

my life is

Probably going to try and stay inside tomorrow

here was 3x rain in one day =/

May get roped into car repairs with a friend though

how many degrees was it today?

I put it above, with the heat index 110°+, so 43°C+

daamn where is that?

DMV

i guess i should thank god for the 33

Gotta love when the boss straight up copy pastes my email response to someone else inquiring about the Ticketmaster Snowflake breach notification word for word

My body is still trying to recover from the strain I put it through today

Guess I did good lol

gl with that hope you'll feel better tomorrow

Also I feel sorry for you and those temps lol

Do hope it gets better

Yeah, it's probably going to be high 90s until August

This summer has been miserable here, might move tbh

Go back to New England or try out west somewhere

if it's temporary it would be fine

try harder

eyy codecademy

whats that

ure in the server

wdym

what server

the... codecademy server

you are in it

am i

yep

idk what that is

we have it in common

where is it

idk man

idk where its located ima be real

jk its the white C

i dont remember being in

in blue background

r u a hacker

yes/kinda/probably not

why

inspect element

why?

@whole yew

who that

am i in trouble

?!

@sick lance

if there is no option to download them might not be ok to do so

why are you pinging every mod

yeah its pretty damn obvious ima be real

is that against the rules

???

is stealing against the rules?

oh

yes

it is

im sorry ill delete

i didnt know

lol

well you cant ask for help for something not legal

ok sorry forget it ever happened

its not up to me

its up to the mods

i hope mods are nice

they are

not to me they arent, but in general they are

😂

i know scrubz

@sick lance scolded me yesterday and told me to ping anyone

hes the boring one

that was doing something not nice

well that aint a good way to get a slap on the wrist

damn you really woke up on the wrong side of the bed

no he knows its like

inside joke

he’ll find it funny i hope

bad humour

well they take illigal activity very seriously here

yeah fr

insulting =! funny

isnt it !=

idk man

havent coded without auto corrector in a while

i didnt know i joined 2 years ago but my first message was yesterday

why is there?

theres an extention for common typos only

damn

tought luck

i see

bad day to start msging

ai also does the same

youre scaring me

😂

?

mods please have mercy on me im new im young im dumb you can mute me for a week but dont ban me i think this server is very useful 💔🙏❤️

he said nothing but warnings

omg where is scrubz

yeah

lmao

i think hes offline

What are you yapping about

aces

Yes Alex

she wanted to download stuff not allowed

call a mod

like, stuff w/ copyright

and was yappin bout asking

they arnt gon ban you

https://tenor.com/view/you-are-banned-banned-ban-ban-him-ban-hammer-gif-3899611162483726731

okay i asked twice i didnt know it was that bad

U see

🍿

yeah

im eating rn

mexican stuff

not really, its kinda from panama

im mexican

good to hear

i was watching the copa america

cool, anyways

@molten sky you made yourself a taco finnaly?

and i cried cus santiago gimenez

ah i see

idk bout football

r u mexican

yes

tacos tacos and cartel and stuff

r u allowed to say one foreign word or is this strictly english and a big no no

alexandro mamamiya

i love tacos

you are already in trouble

please, just leave it be

idk what scrubz is doing over there in arkaham city

okay true im sorry

there are rules you must read

#rules

i didnt read the rules, i just follow my intuition

really aint that dep

deep*

( SAME )

just dont do anything wrong :V

Honestly that’s not a bad take lol, just follow common sense and don’t be an asshole and wow you’re follow the rules in nearly every server

yep

reading rules is a red flag fr

Ill study the rules 🧐

but fair this server does have some stipulations for advanced malware discussion which are limited to more advanced rooms

cuz you either paranoid, or want to say "technically it wasent against rules"

also, hi elizabeth

didnt see you in a while

havent*

Heya, yeah I’ve been around but mostly tired from work and distracted with Kingdom Hearts Steam release

seen*

lmao

lol you can press the up arrow to edit your lass message or right click or long press to edit a specific one

okay brb quick

good night guys

good night

where the hell are the mods

goodnight

the fuck

i am not going to sleep

i was answering a msg

.-.

but you said goodnight

yep

cuz when someone says good night

so i say it back

i say it back

jinx

@umbral bay help me out

with a situation here

i know him too

i like him

i think they can check logs

its okay

how do you know every mod and not know the rules

you are the situation at this point Alex, damn. You pinged all the mods already, let it go

they will get to it when they get to it

hey, yesterday they specificly told me to ping them

there are 2 options
1 - you're dumb
2 - you're acting dumb

my first message was yesterday

and you did, so now you can move on

aight

You can stop now

hi mod

Piracy is unethical and illegal, we don't help people do unethical nor illegal things

okay im sorry

will you mute me

please dont ban me

Best way to avoid forcing us to take action is to be a good member of the community and stay within the rules

okay sorry ill be responsible

@sinful moon have you been able to use RegreSHHion's POC?

i found a bug bounty with the vulnerable version but i cant use it

dude im so pissed, im like 3cm away my first VDP

I didn’t think there was a valid public POC, I know there were some fake ones. But yeah the very low chance of successful memory corruption makes this very tricky to validate

wait

i thought i was running the origginal one

everyone was yappin bout it taking like 8 hours to run

hey look i think im okay now

i assumed they were all talking bout the same one

Qualiys didn’t publish their POC afaik

mods are nice

thats good

what why?

well i guess ik why

thx lexi

Gave +1 Rep to @jovial musk (current: #1065 - 3)

wouldve been hell on earth

because yeah it is dangerous, but they did give enough into for others to do so themselves

thanks

gotcha

well that sucks

but there was a ton of work which went into their POC which we’re not seeing

i wouldve gotten like 10 bug bounties honestly

hm

do you think its comming out soon?

also, @timber nova

we are fighting ghosts

i was running like 1000 scans

I wouldn’t hold your breath, this practical but kind of silly to make 6 hours to days of attempts alone to begin with

he will be in chat

wait a sec

hey diyo

hey

note that bounty programs often make recent CVEs ineligible for reward until 30 or 60 days past initial publication

new color baby

also their POC was against x86 only, the AMSR on x86_64 is significantly more difficult

hold on WHAT?

yeah i had a nuclei template

nice

sorry ASRM

i had ez 50 ip's that where 100% vulnerable

or whatever I probably got it wrong but it’s for sure not AMSR lolol

lmao

Address Space Randomization

sounds about right

From what I’ve read Address Space Randomization has been somewhat broken/vulnerable on x86 for a long while, but can’t say the intersection between 32bit OS and 2021+ regression will be high at all

idk what that means ima be real

32bit Linux with a 2021+ install date is very rare

which is what the Qualiys POC was targeting

i see

welp, ive wasted like the past 1 hour

which is nothing, but still

hello

hi

yeah chance of getting that going for x86_64 is somewhat impractical

whats up

gud

what are you looking to learn?

bunch of things

lmao, if you search the nmap topic on GitHub, nmap itself is only #2. rustscan is #1 for the nmap topic.

thats so sad

like, funny

Awesome well TryHackMe (the site) will certainly help there, no matter where you’re starting from

does rustscan support NSE?

AIO i see you

typing then deleting

Eh I haven't ever installed nmap manually ever.

wat

yeah i have been there so far

Watching tv show

to be fair I classify “manually” as doing so via package management as well

I don't recall if it supports NSE proper, but it does support some scripting engine. And in either case, it can often pass results over to nmap proper for further processing (inc. nse scripts)

nmaps scripting engine

I know

gotcha

oh sry

lil weird tbh

Eh I use nmap usually via kali/parrot usually

I was saying wut to AIO never installing nmap themselves

not unbelievable

just unusual

honestly i just do pacman -Sy nmap

Only installed it on windows via the nmap.org site

indeed, I just use it tons outside of Kali and etc

nmap on windows sounds cursed in itself

cuz, i use arch (btw guys i use arch(btw guys i use arch(btw)))

Don’t do -Sy for installing packages, this leads to partial upgrades in Arch which can break things

only do it with a full -Syu

oh gotcha

sure

now im better at arch (btw)

lol indeed

And Ellie, I'm mad at you

same

I died 6 times today in Nier while trying to retrive my loot

it’s not likely to break things but if a package has a dep for a system package which got upgraded, and other apps depend on that library, it can break things unless those other packages are upgraded as well

im not getting the inside joke

Ellie recommended me Nier automata

gotcha

well i can see how its her fault

and I don't want to blame myself, blame falls towards Ellie

yep

lol hush

I haven’t had that experience much so I couldn’t even say

@buoyant tree i recomend you dark souls 😉

I didn’t even know you dropped your loot when you died

nah but fr you all should play dishonored

actuall best game ever

I thought it was pure save point based

(in Nier Automata)

Seriously tho, I feel into a area that wasn't marked as a level 40 boss and I'm level 12 and I couldn't leave then I skedaddled

You losle all chips and your levels

well il be going for a bit

good luck to you all

nah that’s a natural part of sensible world progression

You’re staring to see less railroaded design philosophies, enemies don’t scale to you, you have to scale to the enemies to actually progress in those areas

Yeah, but atleast it should have been marked

"DANGEROUS AREA"

harkens back to classic Dragon Quest, Final Fantasy and more

nah

you very clearly learned it was a dangerous area via your own gameplay and it generated a story

so it will be all the more rewarding once you come back and just decimate that area

Yes, and after that I ran to a save check point then closed my game

yeah probably

This is organic game design

vs handholding

Did you fight the robot on the top of the building called "Father servo"

idk, there’s a lot of robots in those games 🙃

The master oogway type

is there a giant crater in your main map?

I doubt it

Then I most likely have played it and had no issues

oh k

Also have you ever used this thingy called "Lossless scaling"?

Anyways I’ll do the obligatory whine, I’m burnt out at work but still love infosec. Plz help lol

Honestly just need to get a new job but I want to fix some cosmetic health issues first with dental and more before I move on for better chances with interviews

That’s a bit of a misnomer, so I’m not sure what you mean

Don't you work as a sys admin not specifically in Infosec

https://store.steampowered.com/app/993090/Lossless_Scaling/

No I do it all at this small org lol

that’s not “lossless” that generative fill

it is lossless in that you’re not lossing the original image but that does not preclude upscaling artifacts

Oh yeah you're the tech person.

Anyways infosec is my main focus but I’m also sole linux sysadmin, sole compliance manager, one of two Windows sysadmins, dip into many other concerns, and yep just basic help desk when the need arises

It’s just a small enough org that I wear a silly amount of hats/roles

Hope you get the job you want.

Totally fair, I mean this is the job I wanted for a long time and it’s been extremely invaluable experience wise, I’d just appreciate something a bit more focused. We shall see

Which role you looking to fill

infosec or Linux sysadmin are my faves that I’ve listed above, and heck for infosec alone I’m just doing it all for this company so even that could split into many specializations

that's what you get working for the same MSP in the middle of nowhere 😛

if you want to get picky/silly I’m a Senior SOC manager, Incident Response Manager, Threat Hunter, very rarely Pentester, and doing other stuff like vuln scanning and more

lol this is in a major southern US city, it’s just a small org

honestly, you should really be looking to go to either a larger company or a startup trying to scale to full-on enterprise

i'm sorry, southern?

this is news to me

Yeah no it’s clear that need to be my next step

I’ve gotten a couple of low key offers from my Incident Response Manager friend at a major financial org as a level 2. That sounds lovely but I’d like to make myself more presentable to a major org first

Imposter syndrome

Make the jump soon

Yeah it’s like 800 miles away lol, but also my coworkers are real chill and it’s a pretty liberal environment in case you were expecting the worst

And thanks @whole yew, you’re most likely right but it’s sometimes hard to break these habits and thoughts. We shall see but I can confirm I’m burned out AF

Gave +1 Rep to @whole yew (current: #10 - 765)

@sinful moon ngl being on this side of things makes it different to interview sometimes too
many large companies want someone who's done x y and z for x years, not someone who's done a b c d e f g h .. y and z spread thin for the same time

specialized sucks but generalized can be difficult as well

burn a week or two of PTO, chill, and rework that resume. Send it to me and I'll help you orient it towards the kind of position you want. then start looking

ah that's right--was like i know for a fact you're not southern --- the farthest from, lol

Yeah thankfully with my work experience I can tailor that as exact or broad as I want since I’ve kind of done it all

also fuck coding interviews

eh

coding interviews aren't bad

No PTO, cheap small business independent contractor things 🙃

i just had someone ask me to write a ceaser cipher in python --- like yeah i maintain some pretty public shit in python that you can see for yourself but when tf am i gonna be moving individual chars around? i deal with larger data sets

not a good representation of ability often times

99% of th time, they are tricksy string manipulations and data structures that are well known but reformulated to be more complicated

they're testing logic ability, it's trivial but they just want to make sure you're not the 'import pandas' without understanding the why behidn it

Yeah that would be annoying, could be simple to code but… we have libraries for that even for a cipher this simple…. but I get it

logic ability
sure, if done right. but many aren't

so you get paid shit, and don't get any accrued PTO? you absoultely need to peace out of there ASAP, I know a year ago you were reluctant because you were learning, but youv'e been there for long enough you are going to be trapped if you don't go very soon

Yeah you’re not wrong at all

^ MSPs are fun at that level short term but not a career (unless you own the place, lol)

I’ve kinda grown past the learning phase and onto the stagnant phase without more stimulus

ironically may be returning to an MSP myself shortly but it would be in a pretty narrow role with apparently good comp 🤷‍♂️

We’re just also paying off our first house and I need dental work so we shall see

waiting for the city to sign off on shit still

if you jump ship fast enough you can maybe get dental at your new place and not pay shit

lol I’m just worried about interviews, but fair I have no idea how they may be conducted and if I may be able to work remote or not

honestly just interview anyways

even if you aren't looking

I know my friend works remote but he’s full up IR manager and can commute onsite no problem

passively price shop a bit and get good at doing it

covid changed things, almost everyone in IT can now be full time remote

lol

eh

Yeah that is my hope, but not all businessess are as chill

i wouldn't say almost everyone

i can't think of a shop that isn't a SCIF off the top of my head that requires 3 days in the office

but yeah I can take the temp with my friend

many many many many companies around here are going back to onsite and hybrid

mhmm lol

the remote roles suck to apply to as well because you have hundreds of applicants first day

esp after the mass layoffs in the US

ironically thanks to MSP, yeah I have legacy on onsite experience tons and tons, was there for the dying days

tons of companies are firing people who don't go back onsite still

sorry onsite server experience I should say

companies are realizing "we're paying for this big building and nobody is using it -- let's fix that"

those companies that don't do remote are only going to get absolutely green juniors or dinosaurs on the verge of retirement

I have never even visited any businesses who are clients or even our own office 🙃

not at all

not here

that should be a sign of the exodus that the company isn't sustainable

so many of the roles i've been contacted for recently have been at least 2x/wk

especially in the ny [metro] area

there are some benefits to be in the office

Yeah I’m just somewhat warry since this is a major financial and software institution so I expect them to be a bit less progressive than full on tech firms, but yeah I’ll just touch base with my friend

the team i work on is spread coast to coast, and we have overnight staff overseas

banks are a different beast

my last enterprise place slowly eased back into 4x/wk where they're at now ---

they aren't in any exodus either, and would seriously disrupt the entire market if so

the financial sector in general is one of if not the most conservative industry in the US

i was the only person on my team in this part of the country. i was effectively remote. still required to be onsite 2x/wk in ny.

the "everywhere is remote" is behind us already

Indeed, thus my concern but idk, I know my friend has excelled there and that business has done a ton to revitalize the state of the city they are in

lots of places still are remote, but it's already not the rule anymore

Yeah I loled at what happened at Dell

“If you stay remote you won’t get promotions and are subject to other conditions”… lol a majority stayed remote

honestly, it's middle management power tripping. I get that they are wasting money on the huge building, the solution is to downsize the building and not spend millions on the office

it's middle management power tripping
spot on lmao

Yeah, it’s just ironic too since if you go back into the office, you’re met with an empty office and Zoom calls anyways

i went into the office one day when we were still hybrid, but on an off day, and my god it was a ghost town
i saw two people on all three floors and one of them was IT

lol sounds about right

caught the IT guy off guard too, lol

https://arstechnica.com/gadgets/2024/06/nearly-half-of-dells-workforce-refused-to-return-to-the-office/

all of them are also now job shopping (while working), 100%

well, they should be

Yep mentioned heavily in the article indeed lol

one of the major attractions for me is the 100% remote

maybe once a quarter we have an in-person meeting at corpo HQ, but it's pretty rare

which makes sense, it's about a $2500 per person to travel and accomodate since we're a distributed team

I can agree although I won’t lie, as a very social person I very much missed out on having actual office commrodery and friendships. I do have people I favor as friends at work but never meeting them and etc is kind of wild

depends on the place

But yeah at these much larger firms, can’t garuntuee you’d get that either

the corpo place i was at before, prefer remote 100% any day of the week

way to corporate

not as enjoyable or casual

Mhmm, I just I guess expected my first “office job” to be more typical, but fair I was hired during height of the pandemic so 100% remote

Why not work government

not even sure if I stepped foot in South Carolina before lol

poor pay, IT can be lackluster at times, it all depends where

annoying politics, poor comp, fixed timelines, etc

also a very broad spectrum

would rather work for a [gov] contractor

Yeah

yeah sounds like a much better idea

Really depends on what government agency too

Just sucks so many of those are multinational arms dealers 🙃

cool with me

I freaking laughed out loud when I saw the gay programmer socks that Lockheed Martian has

I promise you I’m not making that up

Martian

👽

immediately reminded me of the ATF gift shop selling stuffed/plush dogs

lol they’re trying hard to get the programming socks crowd

missed opportunity not making them thigh highs, but Lockheed Martian is only so progressive 🙃

don't think i've interviewed at lockheed specifically but have had some chats with people there at one point

some interesting projects (at the time)

Yeah I know an individual who was very much on the spectrum who interviewed for them or another defense contractor. They do very much want those very obsessive programmer types

just lol blatantly telegraphing their intentions with the above “programmer socks” :p

as opposed to..normal socks? or are all programmers gay or something

just noticed but the text lines up in this pic

like it's still readable across the gap

“programmer socks” as a meme are thigh high, the meme insinuating that many low level/obsessive programmers and etc are trans

pls what time is it now

11:35 EDT

time for a snack

also lol this is what NTP and chrony are for, use it lol

(*nix network time protocols to be clear since you’re new)

whoa it's 04:36 here

mhmm I’m a US Eastern Time peep

got one of those +0101 time zones

I’ve got a fantastic article if you’d love to hear how wild time and date is to code for

Is that really a thing? Don’t even joke +30 and +45 timezones are already hell lol

wdym? you don't just use time since epoch for everything?

lol literally the title more or less

https://zachholman.com/talk/utc-is-enough-for-everyone-right

https://www.reddit.com/r/ISO8601

I’ve linked this numerous times but 10/10 write up

appriciate

appriceate

Slay gal, yes, I format all my filenames for company sharing with ISO 8601 timestamps

been especially useful as I’ve had to do the same compliance or security tasks x years in a row

I can not even express how much it bothers me when people don’t stick to this format for their filenaming and mess up alphanumeric sorting despite appending a date

no 06.30.2024 is not the same, thanks boss (and others) lol

that and written months inside the document

I’ve not read the actual text of the ISO standard, just respect it lol. I can say I just use common english in documents to refer to dates per our locale, but file names I’m all or nothing the ISO standard and obsessive about it lol

Oi Ellie, any idea to read Wikipedia as a whole on a ebook reader

easiest way I’ve found stock is on Kobo ebook readers, you save a couple jumping off points like Wikipedia lists in Pocket and read them on Kobo, you’ll then get asked if you want to open subsiquent links in Pocket on the Kobo

Obviously it can be eaiser with the web browser on Kobo or on Android eink devices with Wikipedia app, but none of them are as well formatted or native enough to be like the Pocket experience on Kobo

I’d type more but kitty agressively wants attention

I've got a kindle for now

Yeah I hate the formatting for wikipedia in a kindle

It's in freaking desktop mode

I’m sorry to say your potential ideal device circa a decade ago is no longer in production: https://en.wikipedia.org/wiki/WikiReader

Ah crap

Yeah Pocket does solve that for Kobo devices thankfully

that does look like something I would buy

Just makes it ebook formatted

Yeah, I tried to turn wikipedia pages into a epub ebook

Better but still okayish formatting

Oi, found this

https://polyreader.app/

Seems like a good solution except I would have to turn off airplane mode

Second page off camera shot of Chain Home page on Wikipedia on my Kobo Libra 2.

looks nice

Kobo's got a better UI

any of those links you could also choose to “Open in Pocket” allowing you to continue your similarly formatted Wikipedia rabbit holes

this is just making it a normal ebook/eink UI

So that's your secret to reading hundreds of wikipedia pages

obsessive interests

Sadly not in my budget right now to get a kobo but it's defo on my wishlist

lol mainly showing off Consoles and Computers here but Wikipedia reading lists are addictive

btw wikipedia reading lists on mobile are also stored offline c:

and sync between devices

Eh I can't read wikipedia on my phone

too small

font size is customizable in the app

Then I gotta go like grandma font size level due to my phone's size

lol

lol just how small is your phone

I mean I’m on an iPhone 14 Pro (not Max) and this is concered small these days

It's like iphone mini level

It's a chinese one

i hate it

6.12 inches diagionally

too large

i've got a 12 pro and unironically considered a mini when i was buying

I ironically downsized from my final Android phone in size

dramatic improvement in usability

wow I don’t need a pop socket just to use my phone with small hands anymore

Why the interest in cold war

because it’s freaking rad and wild

Those aren't the words I would use to describe the cold war but I could be wrong

Enlighten me

https://en.wikipedia.org/wiki/Nuclear_close_calls

articles like this are very much my thing

if war doesn't interest you, you probably haven't read enough about war

I haven't

any americans can tell me if you need some sort of license to sell pentesting services? google is just telling me what schooling/training you need to do the job. Assuming you self learned and dont have a degree/certificate

one of the best of all time was this soviet radar technician who was working in 1985 or so and saw 5 nuclear missile radar signatures and correctly called it as a bug. He was trained that the US would launch a massive strike, not something like this… so he didn’t even ring his superiors

you don't need a license but to do so without being a registered business with insurance and without a proper contract in place would be fuckin nutty and not worth it

kindles are the best

He alone could have averted nuclear war just by his inaction there

since you can send it pdfs

oh sry i just jumped in lmao

i thought you were still talking bout pdfs and kindles

no worries, we’re talking about that too lol

Uhhhhhhhhhhh

just happened into Cold War as a happenstance of discussing Wikipedia

also just a note when asking about professional licensure in the US --- like with most things, it varies state by state. Every state can be as different as every country in the EU in some facets. Being in the EU means some laws are commonly shared, but far from all

Kindles are terriblwe with pdf's

nu uh

Not properly sized up

It's usually treated as images

Kobo > Kindle

Me with my 2016 kindle

which one can handle industry standard epub files? Kobo

And my kindle's bugging up with the wifi

I connected it to the internet after a year

@molten sky well yea im assuming someone opened their own business and did all the necessary legal things like insurance, if they didnt have a degree/cert would the government allow them to still sell security services

Now it isn't staying connected

yes

there isn't much (professional licensure type) regulation (in any state) as it pertains to technology services, aside from low volt related items like security cameras, alarms, and such

Goverment does vet their vendors lol, but sure much much lower stakes for municipal government and MSPs unfortunately

i ask because like for a plumber you cant do that without the pro license, i was curous how it is for it security if someone wanted to

yeah for gov work you have a higher bar to meet

still not licensure, but a higher bar for sure

Got home, shower or bath? 🤔

depends on the state still

not all states require trades to be licensed

Yeah it’s still a mess for municipal goverment vs federal

I need to relax for a bit, but might fall asleep 😂

but yeah licenses don't exist in any state for IT type work

G’night if so xana!

what if someone hired a pentest against their home network setup, id imagine your isp wouldnt allow that lol

And I’d say shower personally

gn @mortal echo

theres only one way to find out

lets try it at home

well it depends ofc --- but things like DoS are often explicitly prohibited by your terms with your ISP

Where are you from?

internal scan is obviously no problem, external scan, sure maybe run that past Comcast or whomever but I run these scans all the time and it’s no problem

mexico

reason being, for DoS, you're affecting other customers at the same time

hbu?

Cya, me go now

cya fam

even some cloud service providers prohibit port scanning against your own servers for some reason, lol (even dedi)

Yeah if NAT is in place, this is a big concern for vuln scanning

True, haven’t made my lunch for tomorrow yet so I need to be awake for that.

@mortal echo whyd you ask?

cgnat will be the death of me

What time is it for you?

I specifically asked my VPS provider and they were a-okay with it, was happy to hear

10 pm

I see, was just wondering.

even they would not allow nmap?

should i change my pfp?

They said if I wasn’t low level manipulating and spoofing TCP/IP packets, then I was fine

i feel like im tired of this one

yeah in MOST cases it's more of a "there in case we need it" kinda policy, i've never seen anyone actually enforce it in normal cases

Simpler always the better 😂

some don't

mhmm

idk id like to have like a cobra

like a cute one

same as my thm profile

why would thjey not allow nmap tho? insurance reasons probably or some technical reason?

I just literally run an external vulnerability scanning server from work from my VPS service and no complaints or issues, same deal with my private pentesting VPS server

but sure was glad I asked them first

but some not

whatcha all think

lol found a property we help out at, but has another primary MSP had their freaking property management server exposed to the internet 🙃

i have try it

just easier to have blanket policies against certain types of activity and selectively enforce rather than leaving the door wide open
scanning if done in certain ways can be quite invasive or demanding, reducing their ability to service real traffic

yeah

"im with prod on this one guys"

if everybody was scanning 24/7 (even if legitimate) it'd cause a lil bit of a problem for providers

depends

if they all do stealth scan idk

but like a -T 5 i aggree

still traffic and compute

agree with that

@molten sky stay with this pfp or go back?

ngl not too sure what the original was -- but the snake is fine 🤷‍♂️ lol

the original was the one discord gave me

like, the discord logo but just the default pfp

ah yeah then may as well

what the hell

aka ouch

is that your internet provider?

like, that has all those vulns?

QoD?

whats qod

that is a hotel property management server I found exposed to the Internet for a client we only do on-site support for. They had their PMS server exposed to the internet, a huge nono

QoD is Quality of Detection

wouldnt it be detection of quality

nvrmind

just, nvrmind

ah, hotels. the pinacle of secure infrastructure.

yes ofc

imagine the service you use to check guests in, stores cardholder data and more being exposed to the interent

where there are def no cameras, right Mariott?

@sinful moon did they have any sqli's 😭

squillies

none of our hotels are this bad, but this one managed by another MSP had this egregious issue, this should not be publicly accessible

good pet name

im naming my next dog that

I do not have enough leverage or proper permission to test SQLi on this client, and even if I did, I would be extremely cautious with little bobby drop tables. This is a production DB, but I don’t think it’s SQL from what I could see externally

this was just a casual scan of their public IP to see if there were any issues

@sinful moon is it true that "1 or 1=1" can mess up tables?

yes

:0

god damn

im a war crimminal (joke, kinda)

although syntax needs to be more exact than that

But I knew what you meant

for the uninitiated:
https://imgs.xkcd.com/comics/exploits_of_a_mom.png

like what?

like the above

that joke is on cs50

oh

so not 1=1

that cant do anything

that is a method but it needs to have proper leading SQL characters like that to terminate the expression

gotcha

just know, a lot of SQLi you’re learning early on is extremely dangerous to do with production databases if you don’t know the consiquences

yeh ik

good thing they have backups right? right?

omg

Thankfully we do up the wazoo but yeah good point for sure

did i ever tell you about the time i searched r/unixporn (the subreddit) in my school and got suspended?

like the subredit about ricing linux

also I feel like a boomer saying wazoo but I couldn’t think of a better word at the time lol

that would be kinda funny to see happen actually

how do you get banned from /r/unixporn lol

no

my school

suspended me

freaking lolol

cuz i searched up r/unixporn

and they were like "funny shit to do alex"

so yeah

it was probably just the “porn” bit which is hard to explain

yeah

i was like "look at the subredit" and they said "how dare you suggest such a thing"

lol

Thankfully my IT admins at school were understanding, but fair

my parents did see that it was just linux and didnt ground me

my it at school knows nothing

like, he actually just has a portal and istg he would rm the whole thing if a guide told him to

I will refrain from commenting on my school activities lol

no, go ahead

ok, story time

no I will defer to the rules and the mods former statements lol

if that had happened to me it'd be a battle between wanting to be like "you're a dumbass just open the link" and keeping quiet for a free vacation

Do you have a web filtering tech in place, null?

when i was little tere was a thing where you would read and get points, the thing is the passwords were based on your name, there was a girl in my class FILLED WITH points, so i went into her acc and spent there all

i was 6

i also got suspended

are you asking if my school did at the time, or if i manage any now?

but i wouldnt been caught if it werent for these meddling kids

Is of need for us so I’m curious. I’ve tried out some solutions and boss pushes back against uBlock Origin

Now

I've dealt with DNSFilter with pretty positive results

Just spoke with an old lady today who clicked on a Facebook ad for “Celeb News” and got standard Microsoft Virus Warning template scam

uBlock would fix but yeah

oh no

wait, pass me the number

i love scambaiting