ahh start printing

you are heartless 🤮

https://tenor.com/view/cat-printer-surprised-gif-14834886

my rabbits think that the printer is the final boss.

not really

Do they smack the printer?

yup, thump it and then tries to dig from the top.

no the gov officials should be arrested

they turnt it back on bro

breaking human rights

Probably best to leave this conversation or take it to DMs please 🙂

It’s not really appropriate for the Discord server

i would say they are winnin

my printer stopped working last week

its fine now tho but lol

Find any carrots in it?

i hope not lol

Any can get gmail psw for me?
I can pay for it

again 🙄

casually bossing me everyday

@sick lance

member since July 28th, Joined THM, July 28th
Did you just create a discord account, search the word "Hack" into one of those Discord server finders and join this Discord, without even googling what TryHackMe is?

Or a throwaway account

:hammer: icyy017#0 has been banned.

bye bye bad user

i have heard quite some good praise for an indie game satisfactory. Anyone who has played or willing to play? im considering buying that

what?

Somthing you don’t understand?

Damn

Satisfactory is pretty good

rip ur legs

What's snort?

IDS = Intrusion Detection System.

Thank you

Gave +1 Rep to @wild rose (current: #261 - 20)

NIDS

Being scammed by subway

Hello.

im buying it now! hyped!

https://store.steampowered.com/app/526870/Satisfactory/

also a ips

Hello

Just shutdown and erase everything on the system . Can I now trade ?

i left my personal snort setup hanging. busy with a lot of stuff 😦

yeah good game

what do you mean by this

Open new telegram
New wallet

My wallet was drain yestersy through my telegram

So I had to erase all my stuff on my phone and laptop@

CONSTRUCT
https://m.youtube.com/watch?v=eMS6DHj5yU8

I log in on my laptop my telegram

So need advice I lost a big money but I don’t wanna lose again

change your password

what u lost?

dont click on random links you find on a telegram

They took my solana

I terminate the person that login on the telegram

Can still use the telegram

I don’t want it to be occur

Immediately I post my win on twitter my account flash . Can they use username to attack my wallet ?

its nore your password

more

create a very strong password

Can I create a password on telegram?

I wan do 2fa

I wish could catch the hacker

yooooo

Pls can some one use my username and enter my telegram to cashout my solana ? Immediately I post on twitter my acct gat flash

wassup

this is hilarious and insane. such a banger tbh

Yetti

This isn’t the right discord server for questions like this

Guess who is back

the ugly face red man?

damn

elloo

hi

Joe

joe who?

any experienced threat hunters here? need some advice

the lyrics are top notch. can't way to destory mother nature in the name of profits hahahaha

maybe #infosec-general might get you more traction. Also better to post your question too

I need help so I won’t lose again

Still... Not the right discord

Mark my words as a wannabe god 🙏🏻

oh hey dude, long time. I'll take you up on that offer then

Alright then, It's a very basic question. You're given the name of the target. Let's say DPRK. The scope is too big, where do you start from? there are many sub groups that come under DPRK like Lazarus, Kimsuky and all. How do you approach it? Just take a target and go with it? Choose the small fish first?

I dont specifically work in threat hunting but if it were me, also in the context of threat hunting, I would pull all relevant IOCs first (maybe MITRE ATT&CK works good here)

Depends on how you want to attack the problem and your experience in hunting. If you're looking to block URIs and IP of each group, than that's low hanging fruit, but if you want to tackle more advance hunting you'll need skills at detecting Tactics, Techniques and Procedures.

Yes we would collect IoCs but DPRK is an org made of sub orgs, every sub org has different IoCs. Even in sub orgs, there are sophisticated ones and non sophisticated ones compared to other sub orgs. I may be thinking too much but that's what happened when I tried to hunt Turla as well. They are the most sophisticated of russian APTs and I didn't consider the fact that going after the final boss would take me months to produce results, but again going after the associates of turla doesn't guarantee clues to hunting turla itself

yup, I'm after detecting TTPs and basically finding new TTPs that might be available. Not really experienced in this stuff since I just started hunting two months ago

and there are not many resources available when it comes to "how to hunt"

Try asking your supervisor then what they want out of the threat hunt

oh , actually I'm hunting on my own. Was in an internship of two months. They hesitated in teaching me how to hunt because well, they had their own stuff going on so I had to hunt on my own

trial and error

Oh that sucks

Like Mkunkn, focus on their usual TTPs and start with detecting 1 TTP at a time vs trying to tackle the entire APT at once.

Definitely consult with your supervisor is what I recommend

I still was able to produce results via pure OSINT but couldn't really make a methodology to follow when hunting

It looks like you’re going in blind without having a concrete objective

.

Alright, maybe I'll just contact my former manager XD

Its an internship, they should be teaching you

are u trying to hack russian hackers?

nope

I realized you finished your internship already

then what r u trying to do?

Silly me

cuz u mentioned lazarus

They're north korean

Ahahahah

I was the very first threat hunter intern they hired in my country, they told me "sorry for the trouble but we don't know how to handle an intern"

oh right

Try following sec groups that focus on threat hunting. I think my company has podcasts that help break down their thinking. Let me see.

Yeah that sucks sorry to hear that

If you’re on your own

oh yeah, just a week ago

trying to continue on this path

a long journey

how you doing? decided to change companies yet?

I concur

do u work?

I suggest doing labs from https://www.securityblue.team/ or HTB Sherlocks

btw hey james

I’m good, I work as a red team operator now

I also am lost so I’m in the same boat as you

How Much do they pay in Ur country

Not enough

Typical

so you're telling me to single out a ttp and focus on behavior rather than the specific tech? I guess that might work

thanks man

but you work by specialty

Yeah, that is the best way in detecting stuff

https://www.linkedin.com/events/threathuntingworkshop-huntingfo7212094644942249986

nope, a student

Also what are you using to threat hunt. Is this a project your doing

a whole year left till graduation

If you read the latest CISA Red Team report, their blue team couldn’t detect 6 out of the 9 C2 frameworks used

You’d be surprised

Only consultants I think are like that

Even then, if you’re not doing anything, you’re an expense

Good luck on GXPN!

currently I'm using OSINT to figure out some behaviors that are predetermined by other hunters, then pull some hashes and crack em open, find some new stuff, compare to other samples of the same target to figure behavior, make yara rules and make an ecosystem that gets fed by malware bazaar and runs my yara rules through a set of newly submitted samples on malware bazaar

Is that the virtual or live class?

Did someone say blue team certs?

This is the next workshop we're doing. I think you can lookup the past workshops.

dayummm, what you simulating?

@heady nova needs help with how to begin threat hunting

a certain threat actor?

Oh, I’m not yet emulating specific threat actors. That’s the beauty of a red team. You don’t necessarily need to emulate APTs to be valuable.

Havoc and Brute Ratel are one of the undetected ones afaik

then? pure malicious behavior?

In person are always better

virtual?

Yeah it's a virtual workshop that's free.

Something like that, you provide scenarios and threat model with your team to see what can be emulated

oooooh thanks man

Like e.g. is an SSO compromise, what’s the extent of an attack like that?

I see, and your end also makes detections for the behavior that goes undetected i presume?

Seems boring imo

Easy, get virustotal subscription and just sit and reverse malicious samples to see if theres any pointers to IPs etc

I think they're also doing threat hunting workshops at Blackhat, but I'm not going, so I'm not 100% sure.

Black hat is expensive as hell tho

Hopefully no, you should build the concept on how to detect a certain behavior not build the detection as that is blue team’s job

virus total sub give you access to retrohunt and livehunt?

Cause Blackhat is not intended for personal use

gotcha gotcha

It can be a bit boring sometimes but its part of the job so I can’t complain

Yeah, Black Hat is a corporate event

Some does yes

I would not have targeted APTs if it wasn't for upcoming Mitre Evaluation

yup, makes sense

It’s a constant battle

fortnite cash cup is good

hunting is, at large, making educated guesses. nothing wrong with that as far as you don't ignore the cues that your prior inference might be wrong

I do get that, told me the importance of gathering info as you go and beforehand

not just a phase ,that part

it also requires to be highly trained pro to find them

there are only a few places that offer these courses

I'm wondering about one thing right now

Should I use microsoft products, even though they gather data about me?

I enjoy it so much

I use thunderbird, firefox and etc

nowadays, not rlly

I mean I'm already using windows

cuz there are many encrypted alternatives to microsoft products

I don't really trust anyone lol

Plus once I learn how to use linux properly, I will probably switch to it idk

Yeah the scope is really vast. They just want you to tackle DPRK, so then pick a ATP that's focuses in your industry like Hymnosi said. Whether it's Financial, Manufacturing, Agriculture etc. Start with past IOCs and then pick a TTP that they use and understand how to detect them, then you work on your yara rules for current IOCs that your SIEM or EDR hasn't detected.

ur doing the linux fundementals room are u?

Yes

No

I have done it perhaps

I forgot

Havent been to THM in a bit

But still support it with my monthly subscription

i dont mind microsoft

but wdym by this

Im still angry at myself that it so hard for me to sit on a chair and read

its been good to me

That I like linux more as it's open source and more respectul towards the user

Or jack my neighbours WiFi

im asking wdym by learning abt linux?

sick

you have to learn to use linux

I know how to install it and use it on a basic level

But like flashing USB on linux

Etc.

Not used to such stuff

u want to take full advantage of it

Yes

I know how to install packages, but not completely remove all files

Windows uninstalls programs (Completely I guess)

But in linux I am still not completely aware of how things work as much as I do understand windwos

which linuxOS is best for hacking?

Which is illegal.

Kali

Yes of course

For real?!?

for both offensive and defensive?

you are gonna be surprised what im about to so

who cares abt legality, the government doesnt seem to care

Will he their ToS,.but would you really want to?

But they do scratch my car for no reason or hit it without leaving their phone number right? They did steal the sink from my villa right?

I do.

you can't be saying these kinds of things here

Sharing a little wifi wont hurt them

Its not like I do anything suspicious

lol

Just because they do stuff that is illegal. Does not make it ok to "jack" their WiFi.

its like saying

i didnt break the door

i just removed it off its hinge

I am not supporting illegal activity

So don't make jokes then, that sound like you are.

Was just reffering to another option for more privacy

Privacy is illegal

cancel him

cant a isp see whos using there wifi

they can

Well morals here are different so

Yes, you can also see on the router settings all devices connected.

People constantly borrow other people's stuff without asking here

And 50/50% of the time it's fine

Doesn't make it ok in this server.

dont become like them

then im sure they would flag it if someone whos not paying for wifi is using the wifi constand

Again, im not promoting anything

Im just saying what the reality is over here where I live

i dont think it works like that

if that were the case, then only the father would be able to use the ISP

The router I have lets me know when somebody connects.

You are a person with much more technical knowledge than the average user

I believe

Anybody with the same router will have the exact same setting.

I guess it's not a cheap router

A standard TP-Link?

which company's router do u use

Eero.

dont most routers let you know when someone connects

Over here people buy whatever can do the job (Most of the time)

Not actively

Nah, my BT router didn't.

not mine

Which is a TP-LINK archer C6 right now

Or something like that

that should be mandatory imo

Nah, google is off limits, only e-mail and search engine is welcome

in exchange for data

there are better sustitutes for them

For some of my e-mails*

My main e-mails are swiss

u could use edge or firefox

Gotta support toblerone country

How do you propose notifying the owner?
Email?
Push notification?

wow you think so? i kinda hate their youtube censorship

i would say yes but at the same time people have alot of emails and push notis

can i send a youtube link here?

So that's a pretty major setup step and relies on a third party service

what about a app

Through logs

Same thing

but it shld be visible at a glance

I wonder why the police confiscates routers

When they raid a home

I mean you could delete the memory or logs?

but do most people know how to look at logs

the logs will always be there

It depends on the device but they generally are

My ISP's router will send an email and push notification through their app, so it's slowly becoming standard.

For what?

connections

I heard that in some countries like France, only your ISP can give you a router

You can't buy your own router or it will not work

Or something like that

wdym?
i thought only ISPs had routers

openwrt, ddwrt?

Im talking about router in a box

That we all have at home

ik what u r talking abt

When someone tries to connect to even alerting me if they stopped a malicious download.

W isp

I haven't given enough time to it

Verizon

it is a good company

https://www.youtube.com/watch?v=YnSv8ylLfPw

I know ppl who work for their business division that also threat hunt as MSP.

do u have the link for it?

ltt

do they use automation when then detect malicious downloads from there customers.

also it says you are new

it has that 3 leaf clover thing

oh

Well their IPS should drop the traffic if they deem it malicious and even have web blockers that stop you from accessing malicious sites.

I don't know more than that since it's getting into the sauce of their infrastructure and detection systems.

thats cool

is this still relevant in this day and age?

sick

wow

hmm... where is quotes # ?

wait they got rid of the quotes channel??

;-; how will people learn how stupid shadow is now

well.. can't find it

Seems so, sad, there were some great ones.

How did he get caught?

you need try harder now in general

weird package name is funny: thcrap_proton

I used to like Dexter Cartoons when I was a kid- what's your inspiration behind the name?

my car @vernal nebula

:D

https://tenor.com/view/dexters-lab-eyebrow-raise-gif-3619595598378081378

dex

fex

FedEx

fex

🤔

great surprise

fez is a beautifully funny puzzle game

https://tenor.com/view/ready-or-not-ron-curious-can-rolling-gif-17721407850655272027

What is a bind shell?

emm.... what the shell !

https://cdn.discordapp.com/attachments/1258620607096950838/1267157259658596486/Himegoto_Casting_Malloc.png?ex=66a7c3a9&is=66a67229&hm=f4ff0763902ee1a14dfbeed81a818f1e5c29d069a7c4989e6d8fe92527bd5cf2&

I dont get it

       If size is 0, then malloc() returns either NULL, or a unique pointer value that  can  later  be  successfully  passed  to
       free(). ```

shell is terminal. the cli thing in linux

bindshell*

is same thing. is where the target machine use shell to connect to your local shell

https://tryhackme.com/r/room/introtoshells might help to start

already doing it but couldn't understood

thanks @rapid merlin

Gave +1 Rep to @coarse totem (current: #120 - 58)

by ddefault, you connect to target via terminal or to say shell. yoiu send command and terget accept you request and open the connection. this is same just in reverse. you listen for incoming connection and target send request to you machine and you accept it

roughtly explained

thanks @loud marlin

w8 w8... no rep...

Gave +1 Rep to @loud marlin (current: #26 - 327)

thanks for being you

awww

Gave +1 Rep to @loud marlin (current: #26 - 328)

opa lol

Anyone here work on HackerOne?

going nice 🙂

Damn looking good

cost me own sanity

also hyprland or ?

hmm

i used script from github of one guy doing it in kali. is bit different. and i isntall lot's of things

even need to change things in .sh to make it work

laptop or what you use to have 800mb =/

host pc ?

what kind of memory ?

i have some cards from laptop that is somewhere around my room

ah

then ok

also ssd will help for sure

that's ok

Sushi just hits different after 2 days of drinking

when you get resources in correct way will work

i got memories box 🙂

Does anyone here game on LInux full time now days?

Shadow may qualify for that?

yes...

though if your questions is about raytracing on linux shadow has no clue

Osint time

paris

Nope

you at the olympic games???

hi guyss, someone have to try exploit android using msfvenom? i wanna ask something

An event yes

what do you wanna know???

Tailaphaooau?

HOw is it? Issues? Anti-Cheat issues? WHat'st the headache like?

@silver sky Yo, you alive?

near 0 issues for any single player games
don't play a lot of multiplayer games so can't say much there
most games with easy anticheat work as well as on windows nowadays
major headaches can be in optimising the games
or another major headache can be modding games

Football

modding is decently easy with some games and tools

Yes

mor vs argentina i guess ?

old legacy games work wonders under lutris with wine

Find the stadium and you'll know the teams

also heavily recommend steam for game store of choice for linux gaming

Geoffroy-Guichard Stadium ?

sure there is ways to run epic games store and gog galaxy stuffs

Yes. Epic and blizzard/battle net. They work .

How I play my non-steam games.

Just can't play online games that have anti-cheat in a lot of cases.

unless easy anticheat

as epic games apparently made a deal somewhere to add an easy to switch toggle to make that work in wine and proton

meaning you can play games that use that no problem at all on linux most of the time

Good to know

it makes shadow fully able to play and enjoy battlebit remastered

I can't play a few titles due to anti-cheat.

Close

Not the west side

Better guess with the sun

is not Geoffroy-Guichard Stadium

But.. can play 7 days to die, trackmania, assassin's Creed etc.. singe player games in most cases will work.

Is

oh

Easy Anticheat works well on Linux

That's what shadow was saying. Don't know that I play any titles with that though.

The rootkits probably have issues

Squad, Battlebit Remastered and a load more. Anything released on UE can have it.

EAC doesn't use rootkits. Vanguard and a few others do tho

My point exactly

Eric Parker just did an interesting video on Vanguard

I don't want any rootkits on my system anyway.

Too late

if your running windows you've already got one

Yeah...

Omg that's huge... Lol

Dats a big emoji

Sorry. Didn't know.

only reason shadow has to wait to play battlebit again is because they waiting on a cable for their microphone

Discord mobile got all weird again..

I don't even want to know how big that emoji is on mobile.

It takes up a lot of screen space on my phone.

Rather large

@wild rose

It's about the same on desktop

Not bad

also figured out openrgb to get full red glow from pc now

Is there any poll on what is the most used browser in this community? Just curios

@cosmic pendant heavily recommend checking: https://www.protondb.com/ for which games work on linux very well using proton

Inside the red

Barely though

I think you may be a block off

Netscape obviously

this site also lets you see how many of the top 10-100-1000 games work on linux

and that list is ever growing

the steamdeck helped tons

and valve keep pushing for linux support

There's white seats to my left

Amidst the green

obviously not ladybird

Yeah

Starts in an hour

Never heard of that

it is a rare slightly newish browser trying to make its own browser engine from scratch

still in early alpha state

It's all about Netscape Navigator

i.e it is a rare competitor to chrome and firefox and safari

Hello everyone, i am just starting with cyber security as of now what i know is only few things that's HTML, CSS and Basic of JavaScript, please guide me how do i get started?

which are the 3 main browser engines out there currently

#start-here

Hey,
is anyone familiar with running sqlinjections against a phpmyadmin service ?
probably running at version 4.9.5

Im curious to see it when it comes out which seems to be a long time from now

same and planning to maybe send some donations

as more competition in the web browser space is welcome

Against the login page? What are you attacking?

as what their current goal is is basically impossible for most people to achieve and do

Actually I don't need a guide about the server but on how do i get started with THM 😅!

RoN?

Amazingly if you read that it'll tell you nevermind they've changed it

UwU

i'm new to pentesting and wanted to try myself on a little box. It's just called expose
Yes, it's against the login page.

So how do i get started?

Where is the box?

Dont want to run a sqlinjection by hand if that's possible

Like what platform?

By signing up?

You'll need to be specific with what the issue is

it's on tryhackme.com

I have created my account on thm (no premium)

Ah, please use #room-hints for hints on rooms and #room-help for more in depth help @stark relic

Have you tried anything? You know there's rooms/paths for beginners to teach you everything

Im trying to get a command to be executed at boot with crontab but it doesnt seem to work. I want to connect to the THM vpn at boot. Its in the sudo crontab with the following "@reboot /usr/sbin/openvpn --config /media/sf_Shared/name.ovpn" does anyone know why this doesnt work?

Yup did a few

Then I don't understand what you need to get started then

You'll need to adapt this a little but openvpn kinda has it built in
Running it as an on reboot cron like that is quite fragile
https://www.ivpn.net/knowledgebase/linux/linux-autostart-openvpn-in-systemd-ubuntu/

Thanks Ill check it out!

Gave +1 Rep to @naive violet (current: #2 - 2164)

For why it doesn't work, wha happens if you run the command manually?

what command

shimmy shimmy yay shimmy yay shimmy ya

Might it be the case that it hasn't mounted the media device before the command is ran?

You can also check the logs at /var/log/syslog

That was directed at the user above asking about OpenVPN

ohh sorry for inetrrupting

not a problem

Not far enough north to grab Canadian channels?

Any Brit’s here know the best tea brand. Preferably black tea

for how long do we have these planats beside our names? 😄

Yeah it's a bit later

Not much to see yet

If you want like, english style tea, Yorkshire Tea or Tetley or PG Tips are quite usual.
I'm a Yorkshire Tea kinda guy

Lol

Bet

Thanks ninja

Brew what we call a "builder's" tea

Very strong, very tiny amount of milk

@crude stump

what is that game

-1 A

Nah this is English tea we're talking about

D1/C2 is perfect

is that...coffee?

Nope

Oh! I never tried putting milk in my tea

tea???

wait, nvm, it's tea

Sort of like a chai but different spice mix

Milk in tea is good. A spoon full of sugar too.

I haven't had tea in a while..

No spices

D4 is jus milk

Tetley on top

Although if we are talking tea it's Barrys

so - where does virus total store the 'first submitted' page of a suspicious/malicious url? i use vt everyday and dont recall ever seeing it

That is in relation to the amount of water-milk but always with the same amount of coffee?

@cosmic pendant here is another helpful link if you play a lot of multiplayer games with anticheat and wanna find out if they work on linux: https://areweanticheatyet.com/

i'm guessing this box is asking for the actual submission date to vt as the question is "When was the URL of the malicious/suspicious domain address first submitted to VirusTotal?"

but i cant seem to find this info even through the api call to make sure that i'm looking at everything

any help is appreciated

It should be on the top

tried posting a screenshot but its just not there

we have registrar - creation date - last analysis date.
cretion date reflects when the domain was registered

but no 'submission date' or similar field, unfortunately

super easy box so its frustrating when i run into problems like this lol

vt docs does show that there exists a first_submission_date field so its gotta be there

httpss://discord.gift/hHHfox3000foxyzBajBXnXCU ||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​|| _ _ _ _ _ _ https://discord.gift/PZ76qKbfX8G8hjTKUKYjZntk

(why did you copy it DUMP FUCK)

🙂

I'm not touching it with a 10 foot pole

Least fake nitro link

@sick lance

oh wait nvm, jabba is here

I didn't see Mr. Rabbit was online

🙂

It’s a rickroll

https://discord.com/vanityurl/dotcom/steakpants/flour/flower/index11.html

This is a hidden discord page that redirects to a rickroll

All I had to do was copy the link

yeah i copied the link from no text to speech channel

fr

okay, I'm still not touching it

Discord whitelists any discord.com domains so that the “are you sure you want to go there” page doesn’t pop up

I'm not a hacker

😩

Good afternoon everyone! Our friend, @gray sonnet , just recently went through a bunch of emergency medical surgeries. He's in need of funds for his college. Any amount at all that you could give, would mean the world to us!
Disclaimer: I have been granted permission to post.

https://www.gofundme.com/f/support-anirudh-dillis-education-after-medical-crisis

Rick Astley lives forever

Thank you!

Gave +1 Rep to @fervent meteor (current: #508 - 9)

shadow plans on donating when they have spare funds

btw @mossy river where is # quotes ?

what'd they do to my boy #quotes

https://tenor.com/view/pay-respects-press-f-call-of-duty-respect-press-x-gif-22309724

Damn

Wasn’t expecting that

Inactive channels have been removed from the Discord server

meep moop cookie time

But but but.... we wanted it revived!

was it at least archived

all the memories my guy

It was, I haven't released the archived channels list yet.

https://cdn.discordapp.com/attachments/964891560951050344/1240010044771143841/4x.gif

anyone know of good microsoft certifications for cyber?

and who:s fault is it that quotes channel became inactive???

^ probably shadows

Tbh I didn’t even know we had a quotes channel

Their SC-300 is good

I got to play with kittens this weekend. 😁

Why would it be your fault?

was meant as a joke but probably bad taste

kitties! 😺

3 day streak, things are going great

like shadow is the reason I bought too much from Ikea so many plushies.

blahaj?

means blueshark and is also the name of the famous plushie form ikea

yeah yeah it was a question if they've acquired some as well

my friend's daughter loves her ikea plushy

djunkelskog

your friend will be happy to know that ikea plushies don't use button eyes which can get loose and get stuck in kids throats

What is your favorite episode of Skibidi Toilet?

all the ones shadow has not watched

oh god no, my nephews are into it and I'm like have you lost your minds.

haven't seen any but pumped for the movie

..theres a movie of it?

https://variety.com/2024/film/news/skibidi-toilet-michael-bay-movie-adam-goodman-1236077245/

thats something

would be impressive if they could get perms for the movie considering some of the main characters are heads from half life chars which intelectual property belogns to valve

yo

ehm please

i need help

why do when i click on "show split view"

i dont see anything

idk maybe disable adblock?

oh ty

Gave +1 Rep to @supple tangle (current: #653 - 6)

it works?

yup

I would have said allow pop-ups from THM.

opinions on brave?

avoid

urban vpn

• mullvad

urban vpn for the web explorer

and mullvad for my pc

stancking vpn ?

whats wrong with being chromium based?

am i wrong on urban vpn is full free ?

im also using brave and its good

I find their crypto stuff to be kinda weird

if its free yyou are product not vpn 😉

that is exactly reason why i ask

you can turn that stuff off

I prefer librewolf or ungoogled chromium for simplicity.

no love for duckduckgo?

Duckduck no thank you

apparently now they censor "russian propaganda"

which is a bit suspect

anything ungoogled is better than its googled counterpart for privacy

i tried hard to use the searcengine it but cant find shit on there

im okay with that. i use yandex to browse that when needed

https://searx.space/

My goto

i dont care for anything like that but i would still prefer that my results arent meddled with by politics

Netscape Navigator and Yahoo search for me. 😂

has anyone tried iceweasel?

I had briefly at one point. Didn't get much of an experience.

https://www.techspot.com/news/103999-secure-boot-rendered-useless-over-200-pc-models.html

sers

If you're really worried about privacy, don't use anything Google.

neither did i, i recall that it couldnt even load images or embeds

and im sure there was a fix, but im not going through that much effort for a browser, really

It's basically a complete GNU variant of Firefox. Used to be the standard Debian browser

Not sure but I think that was fixed when I used.

i might have to give it another try then

thats how i figured out about it

Review it for us. 😁

linux extremist reccomending it, so i tried it out on my ubuntu vm

I just use ff and Google.

Hate it when I forget to shutdown my kali vm on my desktop. lol

leave ur vm on

and leave ur python http server on too

pretty please

Honestly, the only way to have real privacy is to first use Starlink

nah nah

?

the only real way is to own your isp

thats crazzzy

Disconnect from the internet for true privacy. lol

like big fortune 500 isp

that way the burdeon of trust is in your own company anyways

wasnt there a way to hack a starlink terminal and have access to all other starlink terminals like a year ago?

no internet, no hack

Dishy McFlatface 😭

lmao

guys i need some help

i just installed kali linux and tested it out, after 20 mins sth my pc froze and keep on restarting

boot loop?

did you install kali on a VM or as something to dual boot?

How so, did you install it directly on your PC? Do you have another boot?

i use it on oracle

virtualbox?

yes

What version of Linux?

What OS specificially?

Distro not version.. brain error. lol

https://www.kali.org/docs/installation/

oh wait

image installer

I think the problem must be related to VirtualBox or managing virtualization in your operating system

Ah. Use the Virtualbox version. Never had that issue witht the ISO installing Kali

Strange to have a boot loop after initial install. Did you do anything else?

im checking out if i have a badly installed ram rn

since i got one installed earlier

and i was stuck in recovery screen

Wait

RAM issues would make your computer itself have issues.

Is your computer rebooting or the VM?

Dude how much resources did you allocate to the VM?

9gb of ram

i have 16 gb

I see

You shouldn't allocate more than half your host's memory to a vm

im trying to see if i can successfully boot up my pc

yeah it worked after removing one of my ram

I'd try re-seating the stick of RAM. If it wasn't seated all the way it would give issues.

Otherwise it's likely a bad stick.

I'd also recommend always using the same type/brand of RAM when you upgrade.. if you can help it.

i got this stick on warranty a while ago so that should not be the case

i will try later with the stick installed, how much ram should i set this time

assuming you had 16gb installed, you should have 8gb with only one stick.

Hi guys im a begginer and im doing the presecurity course, do u guys have any tips for better learning experience?

nah not rly

take notes. learn to search for explanations/ solutions

Take notes, simple sentences that work for you to remember. Do not copy and paste the entire article, you need to condense it to make sense for you.

Take notes on commands you use. You may modify them later on but it's good to have your own quick reference.

I'll second @fervent meteor if you try to work it like you are explaining to someone that doesn't know the topic you're gonna have a better time.

Solid example imo ^.

Gave +1 Rep to @pearl raven (current: #141 - 51)

thanks a lot

Gave +1 Rep to @fervent meteor (current: #471 - 10)

why you keep this in your notes lmao??

imo this can be easily be remember xD

no I'm not

It's good to have in your notes.. even if you do know it. You may forget the syntax monetarily and need a reference..

that's like certutil.. how many people know how to use certutil to dowload files.. right from the top of their head??

Not to mention.. this is a learning environment. Should encourage people to take notes.. imo.

You should see my notes

It’s all command s

First thing I'm not against note taking
I'm against stupid / time wasting notes the only thing that needs to be noted is something important/mid-important that you well forget, other than that I think it is being just a waste of time, understanding the concepts and noting only important things, and yes you don't need to memorize every command but some you well use every time, then why bother and take notes of it?

• it is better being a leader than a follower 😉

whatever makes you sleep at night buddy

Feel like we've had this conversation on the importance of notes before...

I started taking notes since I talked with muiri

but not dumb ones

study smart not hard

Good luck with that

How is it a waste of time tho

I don’t get that

If taking a minute to write or copy and paste a command is wasting time then cybers not for you

"dumb" to you may not be to others, we all have our strengths and weaknesses, let's not be quick to judge what notes people take

ola

Dumb is highly variable, to some it is important to some it is unimportant, you are not in a position to deem anybody's notes dumb, unless you are them

Room : Subdomain Enumeration, Task 3 : Using This command "site:www.tryhackme.com site:*.tryhackme.com" find TryHackMe subdomain beginning with S... but there is not such sub domain.... Is this a wrong Command or something wrong with the room ?? PLZ help

there is one

and that filter would work for it

well actually idk why there is site: twice, just use one

also valid

if anything, more specific

eh, works well enough to demo what it's for

and gives the answer

got the answer.. did a normal subdomain search using "site:*.tryhackme.com -www"... the command they provide is wrong and miss leading... where can i report this ??

did the command on there not have the -? in which case, #room-bugs

listening to tryhackme walkthroughs when not doing the sessions themselves is unironically helpful when they explain the meanings of the terms and the tools without outright giving the answer

Walkthroughs that give them answers with no work is criminal

for sure, the THM equivalent of tutorial hell

yuppp, I usually go to the walkthrough ones as well, I often aim for the ones that blur giving out the answer, but simply puts the steps used to get the answer.

yep, explains everything leading up to the answer, gives you the tools to find the answer yourself

Even with the ones that give out the answer, I still do the steps, and re-do it a second time with the notes I collected along the way from my POV.

Only time I look at a walkthrough is when I’m stuck on a answer for ages. And even then I look at how they did it so I can replicate it myself.

typically i do the same but more recently, sometimes i just listen to a walkthrough to see what im getting into, then do it on my own

🤨

How's everyone doing this afternoon/evening?

What’s wrong

crowdstrike

Doesn’t make there information wrong

i didnt think it was, i just find it ironic that im seeing this room right after the whole BSOD thing

cava is cool

nice rice

what window manager is that

i3wm

they also pushed the changes on a friday and have pisspoor compensation currently

oh sorry we dont hire a quality assurance team or pay them pennies on the dime and shut down 911/emergency services in multiple countries killing hundreds of people

Gave +1 Rep to @sand trench (current: #3 - 1845)

@rapid merlin you what's happening

can ask the same of you... did you read the technical?? do you realise this is the worst computer incident in history by a huge margin... causing billions in damages and ending lifes....

tbh I'm suprised essential services would be relying on windows

because shadow has a background as a hospital med tech and know that they plan for minimal downtime always so this is one of the biggest life enders ever

when you need uptime in the 99.999%

Do you have sources for the last part? "ending lives"

where you do upgrades and changes in staged roll outs so the entire thing is not down at the same time

Around 75 76 percent of essential services run on windows

911 services down in multiple countries... calculate how common ER visits are in said countries... do the math of how many of those are lethal inside a few minutes... extrapolate for how long the crowdstrike outage is going on

https://eu.usatoday.com/story/news/nation/2024/07/19/crowdstrike-outages-what-happened/74474725007/

That's not how that works though. Unless you have specific proof, I would avoid such claims as it's really hearsay.

then honestly crowdstrike is dumb for pushing to prod on a friday

how does it work then???

What didn't this his get done by a security company

what what?

also avoid why should crowdstrike be excempt for liabilties if previous instances of other crashes because of security software( see mcafee ) made them liable

what what?

what is going on here...

They where talking about how a security agency had sent out an update

i think theyre arguing about the severity of crowdstrike's outage

https://tenor.com/view/im-in-dange-the-simpsons-ralph-wiggum-meme-gif-17180214

that is crowdstrike

You'd need some sort of verifiable proof that the person was killed by CrowdStrike. An outage and guesstimating how many deaths could have potentially happened does not mean you can prove attribution.

Idk if I worded that right

Anyway can I get some feedback on this setup it's my first one

setup of what?

there is nothing that is as critical to skip some basic checks to make sure things don't fall over the instant you push an update no matter what

Nevermind as it won't let me send photos

!docs verify

it is a slash command now

in this case the impact from this push is way worse then what ever "critical" thingy they tried to fix

I'm going to send the specs let me copy it

you have to verify your account, then do a screenshot

and also tell us what you trying to do

Oh thanks

you failed to interpert it even though i explained it as simply as possible..

a vuln in a pipe is worth to bring down major systems for most of the world???

(if anything, Crowdstrike violated their SLAs, they are in some legal hot water, but to what extent remains to be seen)

not arrogance, you simply refuse to interpert it in the way i meant it, i simply said its ironic

That's fun looks like I can't verify

so by your logic there are exploits that are worth bricking systems and shutting down 911 for???

do you already have your token associated with another discord account?

No

also funny how crowdstrikes driver was marked as boot critical so windows could not automatically disable it to boot into safe mode by itself

even if said systems run infra critical stuff???

because shadow hard disagree on that

you do sanity checks and a lot of QA before pushing fixes for critical stuff if said pushes can break said critical stuff even for just a few hours

from shadows perspective it is never justifiable if it can bring down emergency services

luckly shadow has not heard it affect any power plants but you could guess how that could have turned out

yes as what they have done now with this push is worse then any national security threat as it impacted the majority of the world at least partially

https://tenor.com/view/cat-funny-tree-christmas-christmas-tree-gif-27191348

nope shaodw is assuming any national security threat only applies to 1-2 countries

as it is national

unless you are using the meaning of national wrong

why do you keep speaking in third person?

this whole argument is so goofy lmao

if someone is pushing a thing that could crash nuclear power plants to cause meltdwon or blow up you are doing that then???

Can I have some feedback on this it would be my first build
ITEMS
COMPUTER CASE
3000D AIRFLOW Mid-Tower PC Case - White CC-9011252-WW 1 $89.99

COOLING
A115 Twin Tower CPU Air Cooler CT-9010011-WW 1 $99.99

MEMORY
DOMINATOR® PLATINUM RGB 32GB (2x16GB) DDR5 DRAM
5200MT/s C40 AMD EXPO Memory Kit CMT32GX5M2B5200Z40 1 $144.99

STORAGE
CORSAIR MP700 PRO 1TB CSSD-F1000GBMP700PNH 1 $179.99

PSU
RMe Series RM850e Fully Modular Low-Noise ATX Power Supply CP-9020263-NA 1 $129.99

TOTAL $644.95

i.e this crowdstrike bug if it affected the right systems would have possibly caused what you are affraid of here agianst nuclear power plants

Britain's National Health Service (NHS) said that the issues are "causing disruption in the majority of [English] GP practices",[93] with some of its services, such as GP surgeries, which rely on a software product called EMIS Web, unable to view and manage medical records, issue and manage prescriptions, or make appointments.[73] Manx Radio reported that GP surgeries were affected in the Isle of Man.[215] The London Ambulance Service experienced an unprecedented surge[58] in 999 and 111 calls following the outage, responding to 4,500 emergency calls by 17:00 (BST).[216]

I'm broke