#general

so, its shared with the host IP

Correct

same goes with containers. You can configure the NIC or assign seperate cards.

so good luck

yeah because those are generally more fun and run better on linux

suggest me a good indie game im bored of nioh

Lol thank you, I'll need it

Gave +1 Rep to @pliant cairn (current: #653 - 6)

gunpoint

its very short though

or mark of the ninja

price range???

cant be as short as cyberpunk. i felt it ended even before it started.

hmm i dont know how long that is

im fine with a bit of overspending too. i played inside, stardew, hotline miami

I appreciate the help! For now I can do my practicing on the same host and try to figure out how to connect them via separate laptops in my free time. I'll look into configuring the NIC

My favorite "indie" game is factorio...

Later everyone!

Cya.

laters have fun

factorio is great

space expansion soon

shapez is fun and very cheap right now

https://tenor.com/view/hype-party-gif-23560775

stacklands is fun and has cute artstyle

noita feels fun

is that kinda circuit building?

Ultrakill and Shadows of Doubt are also great indie games

nah, card game

no more like putting together pieces to make specific shapes

Another few months of my life gone...

shadow finds paint the town red fun as a break here or there game

stacklands is cards, shapez isnt

against great darkness is in early access and feels great to play too

it is a rougelite with brick breaker shoot them up style

paint the town red is funny

i missread

oh and worms man. its funny as hell

@mossy river token reset please

could recommend inmost and eastward too

though not fully played either yet

Que

eastward octopia is also amazingly feel good game

oh yeah bought a bundle with the worms games ages ago

did not regret

https://discord.com/channels/521382216299839518/742894185186590720

Someone leaked their thm token

eastward octopia is stardew-ish first impressions

damn inmost looks good. wishlisted.

yuups and it is fun and relaxing

shadow actually had an NDA with chucklefish to go playtest eastward octopia

oh nice

found a complete hardlocking yourself so you need to quit the game without it saving bug during said playtest

which got fixed before launch

nicely done

apparently steam says eastward, cyberpunk and witcher 3 are similar.

the math aint mathing

it is based on the user tags

which is a bit of a mess yeah

shadow longs for the day when developer tags become a thing on steam

oh also if you liked the gameboy advance advance wars series shadow could recommend wargroove

hahaha you are expecting a lot from valve

eh they keep making stuff to keep their platform better while keeping all the good stuffs

valve doesn't do a lotta of the bad stuff thier competitors keep pumping out

exactly

stay winning by only making minor stuffs

and shadow don't want them to remove user tags

just want the developers to have an option to add their own tags

wtf

uh

hmmm

interesting

looked like a wrong window paste there

was that a phishing log

No

https://www.fakenamegenerator.com/

could be google chrome form data pasted into wrong window

oh k

Wanted to make a prank leak

oooh

you messing with fake info generators

Yeah

learnin osint 🙂

Got to make it more convincing

still not a good idea to post stuff like that here as the moderation team would have a hard time monitoring and moderating it

@sick lance can probably explain that better

i felt bad for kenneth something something lol

i take a lot of time trying to decide what to play and endup playing nioh or warhammer or switch off my brain and play bf2042

yeah know that feeling

kinda got stuck in chatting on discord and watching live streams

so hard to find "time" to game now

yeah fr

yeah i haven't played anything in a month. just watching twitch instead

12 hour streams with piratesoftware thor and woo where did the time go

I feel that, this past week after a mild burn out, I decided to play some games, ended up going back to final fantasy online, which got me busy. Definitely understood some of the dynamics of the game, since last time I played it I was still with the WoW fever, hence, I didn't invest too much time on ff online.

https://www.youtube.com/watch?v=AXbycRBb-6E

ah the irony of shadow watching this when they just bought a new computer and gpu

lol

i miss new world. i stopped playing it cause i got a burn out playing that game lol

and ofcourse due to the fact that there is like almost no content in the game since, forever.

I felt tempted to get into that game, but I decided to give it time, and it flopped. lol

yeah new world had a great launch and then went downhill from there

i was grinding eve online and then started learning c# in that time instead and just didn't go back to games yet

yeah give it another 27 years game will be good trust me.

Great choice lol

Some mmo I usually go back from time to time is warframe, and that's just because I did invest too much money on it, I feel like I need to at least take advantage of it. lol

But the recent content has been good imo.

I used to put crazy hours into EVE Online

yeah eve is a huge timesink

I've recently been playing no mans sky

Beautiful graphics

yup. and the expansion was meh and pricey. and despite no SEA servers i still spent money on that game cause i loved it and here we are. i wanted to support devs and so i did. well all my rupees are gone now lol

i picked it up on the sale played a bit today for the first time

the UI is so frustrating

Game got boring

and building things

yeah the new update pushed that hard

hmm how so?

really? im considering to get it

it's a bit of change but I got used to it

they've released a lot of stuff

if you played nioh with keyboard any ui and menus would feel clean and neat.

lol

oh LOL, does jetpacking above work?

that's funky

I got it in the end had to go outside the building and snipe an angle for it to snap 😭 will try jetpack next time tho

and it's like

I played that game with Keyboard, and then I tried with controller since some friends were "Uh, souls-like games are better with controller".

I couldn't with the controller. I already had everything mapped with the keyboard, it felt smoother.

WHY do I have to hold down buttons to confirm the simplest of actions in the UI

For me. Once you get a good ship you just don’t know what to do

What ship did you get?

Factorio?

a fellow nioh enjoyer on keyboard.

no man's sky

fair point

I wonder if there's a setting for that

ahh...what about that expeditions and stuff?

cant wait to get myself beaten up the 20th million time lol

S class solar sail

BOOO not showing the colorscheme/theme BOOOO

looks good. what theme is it?

soon™️

oh i think u can get way bigger ship then that fwiw

its hyprland with things

if it was just "hold down to destroy something" sure but having to hold down to open something, confirm dialogue, hold down for visor, hold down for so many reptitive things qq

all the info

see easy to see theme

yuups

lmao, yuppp. But sometimes I simply use a trainer for those games. Although I simply try to keep my character leveled up enough I can still die if I don't pay attention to healing/attacking timing.

I might get back into it

I still got the game just haven’t touched it in a while

wasn't fastfetch discountined or something?

neof

neofetch was yes not fastfetch

oh right

i felt bad lol

nah understand the missunderstanding

went for fastfetch as it is faster and currently maintained

ok yeah the building is annoying 🤣

yeah 😅 other wise it was great fun so far

quit and went on satisfactory instead

Good choice

3D factorio is not something I realised I needed

anyways off to sleep. Nighty night heckerpeople

gnight 👋

1.0 RELEASE SOOOON

So hyped for it

And factorio DLC

Nighty night

What a year

september! but wow expansion is gonna be having me in a chokehold when that comes out in august

October is factorio and September is satisfactory right?

I believe so aye

gonna have to micromanage my time between like 5 games

MFS 2024 in November. Craazy

WAIT FR?

Not another one man

YEAH

oh Jayy you need to watch the trailer

I'm starting uni in September

https://www.youtube.com/watch?v=p3xp-SnZDoY

I'm SO excited

I'll put it on the back hold

MFS more important

defer a year 😛

Playing Microsoft Flight Simulator on PC is a much much better experience than Xbox lol.

Tbf....how hard can the first year be anyway 🤣

HYPE

The air ambulance omg

🔥

Hey. Does any one of you earn money from bug bounty or cyber assessments online?

I have a few questions

I'm curious about some things

Ask away

dcs > mfs

BOOO

https://tenor.com/view/boo-gif-19787475173016375

you just fear the aim 120c

you just can't beat the MFS graphics

here you go @sand trench

Thx

Gave +1 Rep to @chilly veldt (current: #7 - 859)

on some aspects yes

What kind of level does it require?

some dcs instrument models look nicer and feel nicer

but overall terrain mfs > dcs

YAY found the guide again: https://www.youtube.com/watch?v=6rZxeyILYmo

I mean is it way harder than what we do on tryhackme or is it almost the same...?

well

beautiful!

doing bug bounties is different then thm persay

places like thm and htb just give you the tools to do the job

and even then it's still not an exhaustive list

it's a lot of trial and error and just learning what to look for

Also you have to take into consideration the scope

Wdym

not to mention people who have been doing bounties years longer then you will have taken all the low hanging fruit

honestly completely random, some people just come across leaked API tokens - no skill in that. On the other end of the scale you get very complicated exploits that require more knowledge then just from THM

do you know what a scope is?

Is it your case or do you have the occasion to get some nice bounties?

what do you mean

Bug bounty’s have a set of rules you have too follow so you don’t disrupt or cause problems with the website you are doing the bug bounty.

that's just how it is in the bug bounty industry

some people do it as a fulltime job

thus those people who have been doing it for years have years of experience looking for bugs

Yeah i see what is the scope. I just asked what you meant but i guess you just said about what is required

and most likely have automated lots of the low hanging fruit

Ok i see

And you guys happen to do some bug bounty?

By all means though, go for it - bb is a good learning opportunity

I've done some bug bounty before

I dont do it personally since it doesnt seem like something I wanna do rn

but before attempting bug bounties be sure to stop by the owasp room

or even just read the owasp top 10

Well that's why i was asking

It requires experience, lots, just try and learn

portswigger academy will also be a good resource since most bug bounties are web based

I like doing some cybersecurity but rn i'm starting to need to get money. I was wondering if i could manage to get a couple hundread bucks a months just doing that

no

not soon anyways

My advice would be to go into it with the mindset of learning something new, not as a money source

Oh. What I ment by take into consideration is you have to have knowledge on the tools you are using so you don’t accidentally ruin something and now the company is after 🫵

Yeah sure, i did it, it was nice

do not start doing bug bounties for some money

you will not see any money in the first few months

unless you already have lots of experience

It's not a reliable source. You can get lucky and hit a big jackpot but then you might go for months without anything

do bounties to learn instead

Oh ok i see. Yeah that's another problem

Ok i see

Yeah it does seem great for learning

and also remember when doing bounties

if you have to ask yourself

"is this allowed"

it probably isnt

Lmao

always read through the scope throughly

and document everything you do lol

Are there a lot of things forbidden?

And do research on why it isn’t so you know even better for the next time

it varies bounty to bounty

but 99.99% of scopes do not allow disruptive methods

like dosing etc

Dosing?

I'm not doing advanced stuff rn

Denial of service

Oh yeah sure

I encourage you to look into web servers and services first

and then attempt a bounty or two

I've done almost every offensive path in thm for now

I'm finishing the last one

Then i'm gonna finish more rooms until top 1%

you should most likely link your thm account then

I was thinking of bb to survive but i guess i'll have to work like everyone else

With discord?

and I hope you've been taking good notes

yes

it's how you see peoples ranks

it's just a neat little thing

I'll look into it, see how to tomorrow

Well that's another thing. I've taken some notes for the lessons rooms but not recently as i have been doing more practical rooms or as i thought i'd not look into my notes later soo... I've been taking less notes

it wouldnt hurt to look over what you have and update it then

a good knowledge base goes far

nobody can remember all the syntax and commands

Oh so you note what commands and syntax you used on an assessment?

yup

and then an example of the output

@molten pagoda

Thx. I was exactly on it

you should also have access to a few other channels now

From discord, how do you see one's account?

Oh

True

there's a whole bug bounty channel

Oh neat. I'm gonna take a look

be sure to check out the resources channel too

But if what u said is true i guess i'll wait before doing some

you can try them now if you want

but just dont expect money

Thx

Gave +1 Rep to @tepid furnace (current: #1081 - 3)

np gangster

I also wanted to ask the same questions as @molten pagoda regarding when to start looking at bug bounties

Yeah well, time is a little against me rn

Thanks for the info

yee

and unfortunately having a fulltime / parttime job while studying is just a way of life :c

would be awesome to dedicate 100% of time to studying lol

Yeah, it would be

But i have to get a part time job, study too, and then the time left is for tryhackme soo....

just part of the grind

WOOOHOOOOO

good afternoon

Good midnight

good beep boop for the meep moop to the sleep sloop

hey, you guys think CySA+ is worth it?

@idle mica CySA+ Input needed 😄

I think that's the only person with CySA+ in here, that is atleast online/ in the right pane

Hello.

I got my first ever "You have been hacked" email!

Almost 19 years on the internet, this my first. 😄

It's a level above Sec+, so if you have some security experience, I would go for it over Sec+. @north raptor

Classic scare tactic

It's the best phishing I've seen yet, the remetent sent it from my own email... **apparently

Depends on what you're going for. Sec+ covers a lot of general topics, but CySA+ goes more in depth with threat intelligence, SIEM stuff, TVM, incident response, etc. It was pretty dry, but ultimately good information if you're going to work in a SOC

Interesting

Yeah, I am trying to figure out how they did that.

I wouldn't "go for it since it is higher than sec+" arbitrarily. There are potentially better certifications out there, depending on what you wanna do

You should scan your email for a data breach

well if you want to keep up for Comptia certs then go for it, but yeah depending on experience there are other certs to go after.

The classic CTRL+V phishing copypasta made me believe it was just an attempt. Not an actual hack.

And that specific email has been breached before several times but I obviously took care of it since then lol.

Is that all they said “you have been hacked” or did they leave a attachment too

My opsec with my own email is becoming so complicated that I almost lost access to it once.

CompTIA certs are mediocre and the only reason I'll ever recommend them is because of HR

Nothing factual, just a pure ol' copypasta asking for money in LTC.

Otherwise, they can all go burn in a hole

Ah definitely a scam then

But why is it my actual email though?

Has 4 CompTIA cert tags

Hey guys I possibly have been actually hacked LMFAOOOOOO

I hold all of CompTIA's cyber certs lol

https://tenor.com/view/were-not-worthy-waynes-world-gif-9201571

Spoofed it maybe?

CASP+ was somewhat decent and the SecurityX exam content was decent, but the exam itself was straight booty cheeks

Especially compared to GIAC

They prolly spoofed your email

Yeah, I am thinking that's the case too.

They hired a toddler with MS paint to make the PBQ graphics

Bruh help me out, stop flexin' on us.

My point was that I'm familiar with the exams and training content

But it’s stupid that they would send you a email with your email. It could be to pushed the “you have been hacked” even more

I know, baby, I am just kidding.

I’m sure someone who isn’t familiar with scams saw that their own email was texting them.

I'm shit at reading tone online

Yeah, they said they hacked me on my Microsoft online.

We are hackers, we are (almost) all on the spectrum. We get you.

Working on AWS security cert rn which is just long winded.

What I find funny is when I get scam messages or calls of stuff I don’t even use

I do use my Microsoft email, though.

It's most likely spoofing but... to what extent and how, exactly?

https://www.cloudflare.com/learning/email-security/what-is-email-spoofing/

I heard the AWS stuff is a lot. I've gotta take the GRTP by August 5th and I've been slacking on reviewing kerberos 😭

Good Luck

Yeah, I know, but how did they do that with Outlook?

Aren't they supposed to be over with this kind of thing at Microsoft?

Imagine building LLMs and not using them to train to filter out phishing emails.

https://support.microsoft.com/en-us/office/phishing-and-suspicious-behavior-in-outlook-0d882ea5-eedc-4bed-aebc-079ffa1105a3

Yeah, what I initially thought. I am not going to explain it here because it could teach some folks how to perform a wild and (apparently) new spoofing method.

Wowzies, they are getting smart.

If you think about it, people would probably get upset...

Hm?

Not only that but wouldn’t you be filtering out alot of non scam emails too

Question (for mods, specifically): is it ethical to track cyberwallet information? cause some are public, right?

uhm is this normal?

What's wrong with it?

no ip

Screencap the entire browser/application.

we already reseted

The machine takes some time to deploy

I'd wait a bit

Oh okay, previously it did instantly so I thoughts its a bug

I mean, it may be a bug - but I'd wait just in case

Specially if your specs are a bit older, mine are mid at best and I had some issues deploying the machines before.

Mr did you google stopped texting

Aw man

Nothing to do with your specs, all the machines are deployed on AWS infrastructure

"hi Microsoft here, in order to protect you and your safety, we're going to scan and feed all of your emails to an AI/LLM."

I was wrong

There has to be a least a little bit something with the specs because once my Attackbox lagged so much that I had to take a break.

It more than likely wouldn't go over well, in the US at least, tbh

this is hilarious to read through

I am pretty sure that they already do that but.

For deploying, no. For accessing, your network connection would come into play

And is probably a GDPR nightmare

is it a puny code email or what?

Spoofed email, my very first one ever.

oh interesting

so its just an imitation?

We don’t use the n-word here @solar echo

Outlook is very limited so, when I clicked the Contact info, it only showed my actual own information, even my LinkedIn.

Fair enough, Jabs.

oh, it being outlook explains a lot lmao

havent heard a single good thing about outlook... or any other microsoft product

I use it for normal purposes. My cysec email is on Protonmail. Which is just ~le hacker email provider.

i use tutanota

after the french protester + proton thing i kinda dropped it

I don't like Proton either, there are some things we do just for the aesthetics because people are more likely to trust things that are aesthetically cohesive with the premises of whatever they are looking for.

If you read Proton's ToS you are going to piss yourself laughing too.

trying to find one non-rounded corner in a proton product is difficult, i like back when they advertised themselves with the black and green format, when proton VPN felt like some cheesy hacker movie command center or something, it was sweet

tutanota doesnt look pretty, but you can have it be greenish and black, which is pretty enough for me, and from what ive heard its pretty secure, i havent heard the big scandals i have heard of with proton mail

I hate the fact that we as a culture have this idea of necessity of being ahead of everything before it even gets anywhere.

Everything gets destroyed so fast, it's so exhausting to be jumping from one thing to another.

I am pretty sure I am late to the party when it comes to VPNs too, I am still using Mullvad.

ive heard great things about mullvad, i only use proton because its free and i cant get an income yet, once i can without a doubt i would be paying for mullvad

What other scandals were there, besides being forced to provide a public IP address by the Swiss Authorities under threat of company closure?

mullvad was awesome

i feel like their ip rep has gone down tho

coincidentally, the ip rep [seems to be] worse now than when they allowed port forwarding

A VPN fixes the issue too

Swiss Authorities

Have you heard about the thing with the .ch domain? I am pretty sure most people here are familiar with that genius scam of theirs, right?

from what i heard they had to hand over the emails the french protester sent that were in any way involved, i remember shortly after there was a second scandal and everyone was saying "they never change" or something, i didnt look into it much, even though i dont have anything to hide, its not something i want to deal with

My hacker friend who happens to be extremely talented and much more knowledgeable than me gave me Mullvad for free and told me it was good.

oh i see, so they handed over data of a french activist and participated with the FBI to hand over information, the FBI thing was the second scandal, just had to google a bit

But I question everything as we all probably/should do, right? so I was like, isn't there a better option?

hi

Basically, any VPN providing company which has diplomatic ties to the United States is forced to provide information as requested by both the CIA and the FBI.

That's why, even though they have incredible reputation, most high-level unethical hackers don't trust VPN servers which are hosted in Iceland.

apparently they havent and dont hand over VPN data because swiss laws dont make them, but swiss laws do make them hand over the email stuff

thats what ive heard, im not swiss and wouldnt know otherwise

?

ohh proton

i used to love proton

before they started handing data out lmao

thats what we are talking about

the mail stuff

The folks are answering for me.

yeah i used to use them until all of that happened

also does anyone remember what kaspersky got banned for?

russian

i remember it was because of NSA having the like, 300th lapse in opsec, but i mean i really liked kaspersky

No, I think it was because the FBI bought them?

You heard incorrectly as far as I can tell, it was just an IP address. https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

I forgot, which VPN company did the FBI buy?

all the sandboxing videos of it against viruses i watched showed it outperform other top notch antivirus by a decent margin

UNBELIVABLE LMAO

ties with russian intelligence

oh, thats fair then i guess

Every VPN company has govt. ties, but they're handled by specific countries.

the best antivirus is common sense, though

just looked up their wiki page --
that's a sick office ngl

same way an american vpn company that had ties with american intelligence would be unusable in russia tho lol

One of them is Russia with equal-level ties with China, North Korea and Cuba (and I am forgetting probably two or three small nations in central america and Africa). The other is the US.

hollly they have the holywood overhead screen ring

i would kill to work there

Proton's issue.

I might correct myself. Mullvad is probably just existing LMFAO.

check the back glass

the frosted window

tbf in protons privacy policy it does state they cant transmit data to foreign authorities but may be legally required to disclose user information to swiss authorities if swiss law is broken

oh wait

they gave the info to spanish police?

Which is what happened with the French case, they told the French to buzz off

The info has leaked.

And now everyone has it.

Which was supposed to be TOP SECRET because VPN.

From what I've read, the Swiss are getting notifications through EuroPol and making determinations on what they're requiring Proton to provide based on Swiss law

if im reading this article properly the guy or lady connected their apple account as a recovery email on proton

lmao

are there any THM modules for malware, not black-hat just for pentesting/offsec

mfw Switzerland's cybersecurity laws

they have a pretty neat office

Looks like every other hq

I'm not really sure what you're going on about fwnction, but do you have any sources for what you're saying?

Not really sure why you're reacting to my messages either

then every other hq is pretty neat

¯_(ツ)_/¯

a spokesperson for proton said in a statement "Note, Proton does not require adding a recovery address as this information can in theory be turned over under Swiss court order, as terrorism is against the law in Switzerland." and "Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper OpSec, such as not adding your Apple account as an optional recovery method."

Gotta love the semantics.

real asf for it though

This Retracted room.🫨 🤯

wow the KT drama in korea is wild

Is it a good challenge for you?

morning all

🙂

In a scale of 0 to a 100, how embarassing would you say your CGPT's history is?

Mine is probably like 20.

I just asked it "what is a breadbasket failure"

there is a learning path on THM for DevSecOps? this is sweet

I would reconsider taking it if I were you.

A DevSecOps professional here mentioned that it is 90% non-updated and had straight up errors in it.

And that the reported it and that some staff members were working on refining it and fixing the errors he reported.

yoooo

"90% of the beginning half"

wazzup

well once its updated ill have to look into it, id like to learn how security is implimented into applications

Hi, youngling.

theres a problem in one of the rooms
idk if its a bug or its a problem on my end

are there any paths for how pentesters make malware? (moderators i swear to god this is purely because im curious about it in a whitehat context)

bro had to clarify

lol

Pentesters don't make malware particularly.

fwnction

And malware is a restricted subject here so you have to be like, something special to have a convo about it.

.

What's up, youth?

#room-help #site-bugs

well whats the name for malware that isnt malicious, but is in the good faith of pentesting?

sure

Just a pentesting software.

well are there any paths that go into that?

I don't think red-teamers use malware, lol.

i know there was a programming for pentesters one

They probably code their own, that's as much as I can say as I am in a thin line with every mod here.

No.

red teaming and pentesting are two different things im pretty sure

i think that may be sufficent

so ive seen lmao

they r

oh it was scripting for pentesters

powershell and python

Red teams coexist with blue and purple teams within the pentesting umbrella. They would be the ones creating "malware" in your case scenario.

Exploit development. Also completely okay to try out the DevSecOps path if you're interested in it.

much appreciated

https://tenor.com/view/voxterego-voxed-jodie-foster-rozed-gif-19662726

dudes

i will add it to my cart

Jodie so based.

my attackbox isnt working

#room-help

and #site-bugs, my friend.

theres no one there

can u try and help pls?

so would the scripting for pentesters path be sufficent for exploit development?

i need to summon an 0xD or something

One thing you gotta learn is just explain your situation already don't preface it with something that's not going to help us understand any of what you are going through.

sure

I think you have to be either 0xD or something else within the community for these.

I don't have access to the malware rooms.

when i type whois facebook.com in my attackbox
it says network is unreachble

for exploit development?

i didnt know that rooms are rank locked

At least within the THM community, yes.

is there that much of a wealth of content?

internet connection only available to subscribers iirc

i mean that seems reasonable to me

rooms solveable without internet so not required

but its not working tho

There's a locked/restricted channel here for it, so I assume the same logic applies to the rooms.

did you subscribe? you don't have the role here yet

i was just curious about it because no matter how much i learn not making my own tools feels like a skid move

i didnt

It’s not

exactly

but this room is free

so why is the attackbox feature not free?

the attackbox is free

the attackbox just does't have an internet connection (when free)

It is, but accessibility to some specific stuff on the website isn't.

bruh

so the scripting for pentesters module should be sufficent for me lmao

honestly in my (albeit limited) use of the attackbox and online kali box, I have never needed the internet for more than maybe pulling a file from my local once or twice

I studied 96h in a 144h period of time (?)

Jarvis, is that possible?

ill send the ss

Ayo, just say screenshot.

nah ss 100%

ong

Making your own tools doesn’t make you a better hacker. It’s how you use those tools. Does it make you a worse mechanic if you use machine made tools that you yourself didn’t make? No it does not.

The political implications might get the kid in trouble with moderation.

yeah because you're not a subscriber
what room is this for?

introductory networking

once i become a subscriber i will do Jr pentester > security engineer > SOC level 2 > offensive security > scripting for pentesters > red teaming > dev sec ops and then do some reinforcement

i think you're the only person who thought that lmao

Yeah, what room is it and I'll test it for you.

Link, child, link.

omg

that is a helpful way to think of it

Bruh, I have been SILENCED for less, so, youknow.

https://tryhackme.com/r/room/introtonetworking

I'll get back to you in a second.

reinventing the wheel is definitely not always a good idea yeah. Devs often want to build their own tools too which will take lots of time and effort, while there may already be a fine product available

lmao that's a bit of an oversight i guess

sure

how

oh right

because this one does require internet

lol

all of these you can run locally on your own pc tho, which is good

but how?

The child is learning, don't make things more complicated.

are you on windows or nix/mac

windows

i dont got linux

Don't worry, you don't need to learn pip and sudo apt-get install yet.

not really, no vm needed for this Q, just pop open a shell

its one of the commands taught in that room tho

yeah I cant say I havent done it myself either, haha. Its fun so its fine, but professionally its good to know where to draw the line 💯

not pip

coomands
Ew.

Pip is for Windows/Python.

In Task 7 it mentions for you: 🙏
For Free Users using the AttackBox, there is a web version of the whois tool.

But yes, learn how to properly apply your sudo commands RESPONSIBLY.

in that case i unfortunately can't guide 😂 if it was linux i'd just say run the same command as shown, whois xyz.com

Fine, we will let the child cheat. whois.com is a thing. @pale swift. Click on Whois on top-right side of the website too.

idk if windows includes an equiv outside fo sysintenernals, which is a separate pack

thank u my good sir

Gave +1 Rep to @solar echo (current: #470 - 10)

Yes

ah nice that was thought of when making it

https://www.whois.com/whois/

completely different info

not really close imo

you can get domain info by mailing a letter to the registrar as well

I took down an illegal pornographic website with Whois once, BASED!

Got some rep from one of the scariest countries on the planet for it.

im not even gonna ask how

yo thats sick dude

which country?

https://tenor.com/view/winnie-the-pooh-hungry-dinner-gif-14590837

perma notif

Ikr

It’s annoying

i dont get it

One of which was dark mode.

dark mode 👀

They recently said they're still working on it... since 2022.

yeah i thought it was still TBA

does anyone have any suggestions for a CTF i could do once i finish the jr pentester path that i should be able to do? im looking at the stuxCTF and Mr robot CTF but, i dont think i would be able to do those based off the jr pentester path, would i?

Seens like a crazy hard task ngl

actually i didnt realize the jr pentester path was so in depth

Mr. Robot CTF

first CTF i saw

Have you seen the show?

watched a bit of it and when it got into the drug spiral i got bored

You're a 0x2 too, a baby, I wouldn't recommend the Mr. Robot CTF yet.

i said when i finish the jr pentester path

aka once i get a subscription lmao

its hard to find any that i could do as "a baby"

which is why im asking for suggestions

Just go for the introductory learning paths.

well once i use those up, what is something i can do to reinforce whatever i learn

so quick question basically the gobuster tool is limited when it comes to real world situation right?

i mean it does what its meant for from what ive heard

After that, go Security Engineer.

How serious do you want to complete it, or did you just start the learning path?

i think if a website is faulty like the fakebank thing, it would work the same way it does in that room

could you elaborate?

Did you try the free rooms in the learning path?

ohh buh in real world cases real web app banks with 80% or 100% security thier are other tools that comes in handy right?

yes, i got up to the pentesting fundamentals room

Yeah that sound like you broke a law

he broke the law in a good way

It’s against the community rules here

It didn't, I worked with the country's intelligence agency and security bureau, I recently got the news that the hosting providing company shut down and some folks were arrested. 😄

I just don't talk about it here because people mocked me the first time I did it because it's hard to prove it.

Do you have-

Yeah…

Without, you know, breaking NDAs XD.

Probably shouldn’t talk about it if you risk breaking an NDA

I am pretty aware of it.

if you say so

If you haven’t already, I would read the community rules :)

There should be more free rooms in the learning path, I know it is unfortunately not self-apparent which rooms are free on either the outline page nor on the enrolled path page. 🙂

would they be sufficent for my first CTF?

It depends on personal foundation, it is a good start as a general introduction for offensive security.

any suggestions? i dont have much of a foundation which is why im doing the paths

If it is challenging and many things don't make sense, might be an idea to start with Complete Beginner learning path.

i understand most of what ive done so far without issue, im just looking for a simple CTF to reinforce it

Super search 😄
https://tryhackme.com/r/hacktivities/search?page=1&order=most-popular&difficulty=easy&roomType=challenge&status=not-completed&contentSubType=free

should these be doable after i finish jr pentester?

comprehensible?

Bro, just do it.

Make your dreams come true.

I genuinely believe you are capable.

Tim can I get a rep for that?

dude

standing ovation

genuinely good advice

what age do u guys think is the optimal age for a person to start learning cybersec

At any age

It doesn't matter

LMFAO any age, bruh.

I hacked my first CCTV at age 6.

uh huh

But I learned cybersecurity like 3 months ago.

Probably, but there are usually write-ups when you get stuck. In the Write-ups tab on the room page for challenges. @fleet turtle

u started or completed learning?

Not the best idea to say that you've done illegal activity

Started.

It wasn't illegal.

😴 💤 ?

was it hacking or one of the ones that you just search the ip and it opens up?

Out celebrating my friends birthday

u completed the learning paths?

ive seen far too many like those

have fun 😄

how did work go yesterday?

you never finish learning, really

Yes, it's called Google dorking and it's that easy.

I just recently learned that you can properly hack big stuff with that.

I just did that when I was a baby and got scared for my life.

i remember figuring it out and it felt too much like liveleak to not be unsettling

Thank you, they are all tired, and therefore it's discord time

Gave +1 Rep to @graceful thistle (current: #23 - 367)

Too many other things to do, so I didn't get to rewrite

Today I know that it wasn't illegal because it was a public cam for a factory in the artic circle.

what was on the the CCTV?

now that is pretty sick actually

thanks, good to know

Gave +1 Rep to @umbral bay (current: #16 - 464)

real

It was a factory in a very cold country. I could see some workers in uniforms, some trucks coming in and a BUNCH of snow.

did it happen to be a seed vault?

what field do u plan on going into?

theres only 1 right?

I'm Brazilian, Liveleak was not on my computer, it was my outside

theres many, the one in iceland is just the most well known

I already am a Cybersecurity Engineer.

oh sick

that makes sense

I shifted from AI engineering to Cybersec and now I am an engineer in both.

oh wow

I'll go to uni for biology so I can become a computational neuroscientist. I think that's ultimately what I want to be.

did u design the AI's or just use the prompts

XD

I program the AI models, yes.

noice
pretty sick

ive still got a long way before uni

So, you're a baby baby, huh?

bruh, no

It's pretty cool that you are already taking your first steps into what you want to do.

im in highschool

That's not too long from uni.

That's like 3 years?

this much info at once is quite daunting tho

3-4 years

You'll learn to deconstruct your perfectionism with time.

You will be crushed by any area of study if you look at them with an overview of what they can possibly be.

its already been deconstructed

But don't mind it and just go for whatever you are interested in and keep going.

looking at all the paths at once

its very nice that sites like tryhackme and hackthebox make hacking an accessible topic even for young people

ye

completely off topic

but did u know theres a lizard that shoots acid out of its eyes?

Yes.

It's not acid, it's blood.

oh

i know there a beetle that shoots basically fire

that was random 🥲

some people just like chatting

¯_(ツ)_/¯

I have no complaints

i cant blame anybody for it

theres also an ant species that has almost completely taken the insect world

the one that takes slaves?

I will counteract with that fact with a crazier yet similar one: there are venomous birds.

oh wow

hell from above

https://en.wikipedia.org/wiki/Toxic_bird

somehow australia isnt mentioned

Guess I am not going to sleep tonight

I am in reversing mode

It's in Papua New Guinea, close enough.

But neither Brazil or Madagascar are mentioned, that's what's different.

those birds are most prolly being used by the cartels

crazy animal facts always welcome in the Great outdoors thread

malicious version of a carrier pigeon

a pigeon with weapons

the pigeon mailing equivalent of malware

Dolphin, it's new project time!

nice, what are you up to

Reversing some stuff

And then making some project out of that

Open source of course

awesome 😄 gl,hf!

I forgot my laundry... 😦 damn.

Need a break from RoN..... traps keep killing me even though I peak, and there's 0 traps... just materialize outta nowhere

Thankz, have some friends who works on the closed source project, but they were like "just reverse it"

what is RoN?

So took it as a challenge

Ready Or Not

oh i see

Skill issue

You got RoN?

No

Game looks intense man

Then shhhhhhhh lol

I can still say skill issue

Oh it is, it very much is, all CQB

Not till you tried it 😄

Yes I can, cause I know how the game works

https://tenor.com/view/oh-sure-john-candy-ok-gif-15377612

I wanna play RoN again......... but ugh

i would if it wasnt like 40 bucks

even if i did have 40, i will put it into 2 months of THM lmao

just finished the intro to defensive security room any advice

Just buy a 1 year sub

It was like 100 bucks during Xmas sale I think

i cant, that is a massive payment for the stage im at in life

im unable to be legally employed

a subscription is more sustainable for me

Im not sure if you already know this but there are occasional giveaways you can partake in (like https://discordapp.com/channels/521382216299839518/773968374870966292/1258862647043166309 )

just a heads up, keep an eye on that channel!

@pallid lotus I loved the dirty pipe room well explained well and forces the reader to search stuff.