#general

1 messages Β· Page 383 of 1

karmic geyser
#

hello there, hope all godo!

cyan parcel
#

All godo here

high mulch
karmic geyser
#

It's going great, on a grind for AD stuff on THM.

high mulch
sand trench
#

sooo deep the split custom keyboard rabbit hole

tropic quest
#

what kind of practical projects?

image.png
arctic cradle
#

hey peeps, I just started blue team stuff at THM and stumbled upon MITRE ATTCK framework which is quite popular for job seeking, I really want to somewhat master it, I played a bit with the framework and saw how it works partially but I still don't know how people use it exactly as a part of the Blue team, could someone give an advice how it would be helpful in a real work environment? I can only assume looking at potential logs of stuff and checking if flagged things are mentioned in the MITRE framework or just using it as a cyber tech wikipedia

tropic quest
#

what's the path to master sysadmin in tryhackme?

high mulch
eternal timber
#

Elo

coarse moth
high mulch
sand trench
arctic cradle
harsh sedge
#

hi

shut hawk
# 
https://images-ext-1.discordapp.net/external/MlKSWhyEaVN_IzzhVecnh6NKRhoVNhRjRp3rX8FcLT0/https/media.tenor.com/gj_1JMalIiYAAAPo/rickroll-rick.mp4
twin ridgeBOT
#

Gave +1 Rep to @shut hawk (current: #14 - 560)

high mulch
#

omg, it's pocoyo!

sick lance
tepid furnace
#

very useful

#

that gif shall be taken and saved

sick lance
high mulch
#

OH my gotto, it's Zumi Yumi!
WIndowe softwaaare is gotto!

tepid furnace
high mulch
#

dedsec badge revoked.

sick lance
#

Can you change your profile please.

#

Your joke.

cyan parcel
#

I have a dumb question that might make you laugh:
"The most common C2 channels used by adversaries nowadays:

The protocols HTTP on port 80 and HTTPS on port 443"

Why 80 and 443 and some other random digits πŸ‘Ά

tepid furnace
#

It is friday

#

get your finest attire on

sick lance
cyan parcel
#

Yeah I got that part

sick lance
#

which known services run on default.

coarse moth
#

assembly was made by a woman?

sick lance
cyan parcel
#

Are the ports 80 and 443 always the common C2 channels?

sick lance
sick lance
cyan parcel
#

It commands and controls

tepid furnace
#

we should lobby to change all the default ports

sick lance
#

And how would it send and receive commands?

tepid furnace
#

port 500 seems cooler for http

#

port 700 for ssh

cyan parcel
#

So those are just picked by default because they are HTTP and HTTPS, right?

#

Damn sorry

sick lance
#

Yup, who's going to question traffic on those ports at a glance?

cyan parcel
#

That makes absolute sense

#

thanks

high mulch
sick lance
#

And Discord.

cyan parcel
#

but isn't IRC easy to detect nowadays?

sick lance
#

IIRC != IRC.

sand trench
#

if i recall correctly
if i remember correctly

cyan parcel
#

So those are different, I see I see

sick lance
#

IRC == Internet Relay Chat

cyan parcel
#

Internet Internet Relay Chat = IIRC

#

blobfingerguns gotchu

flint lintel
sick lance
flint lintel
#

what advantage does it have over lets say a telegram group ?

tepid furnace
#

just give me 3 more months to exfiltrate please

steady stirrup
#

Hi, is virtualbox itself so slow, so it has more than half a minute input lag?

tepid furnace
#

you definitely spun up that python http server I promise

#

it's always been there

sick lance
#

Or accelerated graphics.

#

etc

flint lintel
sick lance
#

We can't just swing at a very bland statement.

cyan parcel
tepid furnace
#

good

#

gooood

#

now let me see that kernal

#

<3

steady stirrup
tepid furnace
#

I can be trusted with direct memory access

sick lance
cyan parcel
#

All the trust in the world

sick lance
#

What an odd number.

clear jackal
flint lintel
#

since when is 12 odd

steady stirrup
sick lance
#

I was talking about 12 being used for RAM, not the number itself.

clear jackal
sick lance
#

Commonly 8,16 32 and 64.

steady stirrup
#

got 4gb stick for free and bought 8gb more myself

cyan parcel
sick lance
#

What about cores, how many are you leaving to your host?

flint lintel
#

so is 24

steady stirrup
sick lance
sick lance
steady stirrup
sick lance
#

I'm no pro to VB.

flint lintel
#

make sure hyper V is disabled too

#

on windows

#

I'm having a really hard time understanding how stack and all works, I do have basic knowledge of coding in C from small arduino projects and a college semester, any tips guys ?

#

my brain froze on those buffer overflow rooms 😭

steady stirrup
# sick lance Graphics etc.

oh, it only had minimal 16mb allocated, changed it to maximum available in the settings
and changed the graphics controller (there was a message about some misconfiguration with it)
feels a bit better now

image.png
blazing granite
flint lintel
twin ridgeBOT
#

Gave +1 Rep to @blazing granite (current: #71 - 96)

high mulch
#

yes x100 times

restive harness
#

I am getting a error while connecting open vpn config to my machine

#

Fatal error sum like thay

#

Whats the fix

high mulch
#

One of the things that made me dislike windows even more. lol

restive harness
#

Alright

high mulch
#

Yeah, but somehow I didn't feel it as tedious as the Windows one.

blazing granite
tranquil osprey
sick lance
#

Uh, I don't think you can change what the pineapple is.

#

It's not like a Rasp pi.

flint lintel
#

How does running a program in windows as administrator using a standard account work ?

#

Is it like linux, where any user in sudo group can run root commands ??

sick lance
#

Standard account would need admin password.

mental geode
#

We got MHA room b4 gta6

#

πŸ”₯

sick lance
#

You can add them to the Admin group.

flint lintel
#

ahhh so that first account you make on windows is added to admin group automatically thats why it works ?

sick lance
#

First account created is an Admin account, but not the default Administrator.

sand trench
#

guest:guest:guest

flint lintel
clear jackal
sand trench
#

still not super hard to enable

rapid merlin
flint lintel
#

and whats the deal with the "Default User" account ?

#

that sits hidden in the users profile directory

glass nest
#

Its a default

high mulch
# flint lintel that sits hidden in the users profile directory

The Default User account is a built-in, hidden profile in Windows 11 that serves as a template for new user accounts. It is stored in the %USERPROFILE%\AppData\Local\Default directory, where %USERPROFILE% represents the current user’s profile directory.

Purpose

The Default User account is used to preconfigure settings and applications for new user accounts. When a new user account is created, Windows 11 copies the Default User profile to the new account’s profile directory, applying the default settings and applications. This allows administrators to standardize user configurations and ensure consistency across the organization.

- Quick google search

flint lintel
#

It is stored in the %USERPROFILE%\AppData\Local\Default directory you sure about that ?

blazing granite
#

Hi People! what's up?

mossy river
#

heyy πŸ‘‹ how are you?

blazing granite
#

resting a bit, I just come from my dad's flat

#

what about you?

#

Anything interesting to do this weekend?

#

Missing Israel so I'm listening music in Hebrew πŸ™‚

loud marlin
#

so fara so good

236-2024-08-23.png
mossy river
mossy river
#

I just got back from the bottom of the UK (I live in the middle) so I am resting up this weekend.

blazing granite
mossy river
#

Gosh

#

Yeah that sounds like a lot

blazing granite
#

a bit settle now, this whole dementia stuff it's new to me and you need to catch up quick

crude stump
#

I love stick bugs

blazing granite
#

I know that it won't be everybody's cup of tea, but if somebody want to give it a shot this is what I'm listening https://www.youtube.com/watch?v=-ZWUycv07d0

YouTube
EyalGolanOfficial
ΧΧ™Χ™Χœ Χ’Χ•ΧœΧŸ Χ™Χ€Χ” Χ©ΧœΧ™ Eyal Golan

ΧΧ™Χ™Χœ Χ’Χ•ΧœΧŸ Χ‘Χ‘Χ™Χ¦Χ•Χ’ Χ”Χ©Χ™Χ¨ "Χ™Χ€Χ” Χ©ΧœΧ™"

ΧœΧ”Χ•Χ¨Χ“Χͺ Χ”ΧΧ€ΧœΧ™Χ§Χ¦Χ™Χ” Χ”Χ¨Χ©ΧžΧ™Χͺ של ΧΧ™Χ™Χœ Χ’Χ•ΧœΧŸ ΧœΧ—Χ¦Χ• Χ›ΧΧŸ:
http://onelink.to/zb8p6q

Χ”Χ¦Χ˜Χ¨Χ€Χ• ΧœΧ’ΧžΧ•Χ“ Χ”Χ¨Χ©ΧžΧ™ של ΧΧ™Χ™Χœ Χ’Χ•ΧœΧŸ Χ‘Χ€Χ™Χ™Χ‘Χ‘Χ•Χ§: http://facebook.com/eyalgolanofficial

ΧžΧ™ΧœΧ™Χ: זאב Χ Χ—ΧžΧ”
ΧœΧ—ΧŸ:זאב Χ Χ—ΧžΧ” Χ•ΧͺΧžΧ™Χ¨ Χ§ΧœΧ™Χ‘Χ§Χ™

אם ΧͺΧ¨Χ¦Χ™ ΧœΧ“Χ‘Χ¨ ΧžΧ—Χ¨ אני Χ—Χ•Χ–Χ¨
אל Χ”Χ€Χ™Χ Χ” Χ”Χ—ΧžΧ” Χ©Χ‘ΧœΧ™Χ‘Χš
ΧͺΧ Χ™ ΧœΧ™ שקט Χ Χ€Χ©Χ™ Χ•Χ›Χ— ΧœΧ”ΧžΧ©Χ™Χš
ΧœΧ—Χ™Χ•Χͺ אΧͺ Χ—Χ™Χ™ ΧœΧ¦Χ™Χ“Χš

Χ¨Χ§ Χ—Χ›Χ™ Χ”ΧœΧ™ΧœΧ” Χ’Χ•Χ“ Χ¦Χ’Χ™Χ¨
Χ“...

β–Ά Play video
loud marlin
#

to purple ?

image.png
sand trench
#

the braile code for how much usage of cpu and gpu is near impossible to read in that screenshot

#

so probably yeah

loud marlin
#

lets try fix that πŸ™‚

boreal scarab
blazing granite
sand trench
#

keyboards keyboards and more keyboards beerrise

sick lance
#

Bside Newcastle stickers...

IMG_5701.png
boreal scarab
sand trench
#

today on new wines to test:
shadow stompy feet wine
where you buy grapes and shadow stomps them
then you can make wine out of the juice

#

^ heard some wines are made in similar ways

boreal scarab
sand trench
blazing granite
fiery imp
#

Can any of you suggest some newsletter which talks about hacking and cybersec, also if it'll be free it would be great

boreal scarab
mossy river
fiery imp
boreal scarab
#

A wild Jabba appeared πŸ‘€

mossy river
#

I've been here πŸ˜‚

sand trench
fiery imp
mossy river
loud marlin
#

dear lord Discord looks just wrong

image.png
sick lance
fiery imp
sand trench
#

smh no rss feed link

blazing granite
loud marlin
#

heh

boreal scarab
blazing granite
sand trench
#

eh

#

edge has internet explorer mode

loud marlin
#

here shadow... fixed
πŸ™‚

image.png
blazing granite
#

Every time I see Edge I remember that in order for microsoft to have a half decent browser they had to used chromium code and I laugh πŸ˜‚

sand trench
eternal timber
#

No time for hecking lately

dull portal
flint lintel
high mulch
solar echo
#

Hello.

prisma void
#

When is THM releasing something to compete with HTB's CISSP ?

pallid lotus
#

... HTB's CISSP?

fallen pendant
#

Hello expert in the room I have a question. Is it introduction to Networking on Tryhackme enough to the basics of networking as you start a career in cybersecurity?

sonic dust
#

that is tw different companys lmdao

clear jackal
clear jackal
fallen pendant
#

And I have a degree in computer science

clear jackal
#

Yes, work experience

#

OK, did you not take a networking class? The introduction to networking would be a good recap of what you learned there.

fallen pendant
clear jackal
#

Huh

#

Interesting

fallen pendant
#

It wasn't a complete curriculum

steel kraken
#

Hey! Anyone heard about this vulnerability in Pixel? - iVerify Discovers Android Vulnerability Impacting Millions of Pixel Devices Around the World

glass nest
#

Serious question to any Americans/Mexicans on here. how on earth do I eat a Taco without it going everywhere? Figured I'd try a taco bell... and I'm covered in lettuce and sour cream πŸ˜„

clear jackal
fallen pendant
kindred wave
#

That’s why I just eat a burrito

glass nest
#

Is the mess an accepted outcome of this type of food?

#

I'll bite, and everything just mooshes out the top

clear jackal
#

I usually bite bottom, mid, and then top as I work my way down the taco

glass nest
#

so the first bite is all garnish, and no meat?

fallen pendant
#

I should go ahead and study for the introduction to Networking on Tryhackme @clear jackal

#

Even if I don't have the basics of networking

clear jackal
glass nest
#

the intro rooms are great. Even if you've done it before, it's a nice refresher, and sometimes theres a few nuggets of knowledge that get clarified

clear jackal
#

Meat, meat + topping, topping

#

Down the taco length wise

glass nest
#

so.. you hold it up, and attck it from underneath?

fallen pendant
#

Thank you guys for the help I appreciate πŸ™

prisma void
clear jackal
prisma void
fallen pendant
prisma void
#

One sec busy typing why

clear jackal
clear jackal
fallen pendant
twin ridgeBOT
#

Gave +1 Rep to @clear jackal (current: #17 - 449)

clear jackal
glass nest
#

Alexis, The intro rooms don't take too long. Worth taking a few notes aswell - Helps to cement ideas into your mind

boreal scarab
#

I join... and I thought @glass nest was asking Amazon Alexa to do something kek

glass nest
#

Nope. Just my inexperience with tacos πŸ˜„

prisma void
# fallen pendant Hello expert in the room I have a question. Is it introduction to Networking on ...

It is a good introduction for very basic networking. I would recommend learning the following:

Ports, learn what port connects to what https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Learn what the differences are between UDP/TCP, learn SYN and the SYN ACK pipeline. I think you can find this in the introduction.

Learn Tshark and Wireshark, and how to identify network traffic and what all the network traffic means.

List of TCP and UDP port numbers

This is a list of TCP and UDP port numbers used by protocols for operation of network applications.
The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) only need one port for duplex, bidirectional traffic. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist....

#

And theres much more but I'm too lazy to type now, will send you some resources later.

sand trench
#

alternatively learn termshark instead of wireshark and also continue learning tshark

glass nest
#

Well.. Understand networks first πŸ˜„

atomic arch
sand trench
#

tshark does cli

boreal scarab
glass nest
#

I bought some Tacos, And don't know how to eat them without them going everywhere, but Moose solved it using geometry

tired spindle
#

I have a question, if i cancel my subscription now, will i lose access immediately or when the month of sub passes?

glass nest
#

end of the month πŸ™‚

tired spindle
#

Thanks fam

glass nest
atomic arch
#

How do you level up?

glass nest
#

Keep doing rooms on THM πŸ™‚

tired spindle
sick lance
#

Not all rooms grant points, new rooms give more points.

glass nest
#

If I bribe the mods with cookies, can they give me points?

sick lance
#

Nah, we have 0 control over the site.

I can change roles.

glass nest
#

what if its a LOT of cookies?

#

πŸ˜„

atomic arch
glass nest
#

Haha

atomic arch
glass nest
#

0xD. honestly, Doesn't take too long to get there.

atomic arch
#

Yeah couse the green colour looks fancy

glass nest
#

You can get a fair amount of points from doing the free rooms on the beginner rooms

atomic arch
glass nest
#

A lot of them are tutorials. plus the challenges that are in the paths are there in such a way that by the time you get to them, you should have enough knowledge to get through them

keen coral
#

i wrote an article for copywriting xD

atomic arch
glass nest
#

how do you mean?

atomic arch
#

I needed to know about libraries nmap metasploit all before they were on the path

glass nest
#

The 'free path' that Shadow recommends in the pins is more an unofficial pathway

#

However, do remember that a big part of all this is figuring out the right stuff to research.

#

Nmap is usually one of the first things to learn, and if i remember right, is early on in the THM beginner path.

#

Metasploit is quite a big subject though, as it can do a lot

sick lance
keen coral
#

I was excited

atomic arch
#

After Network services

glass nest
#

Ah, ok. Well, there are a fair few fundementals that it's worth knowing. Means you can kindof visualise what nmap is actually doing

atomic arch
#

Yeah I did both rooms whilst doing the network services room so I get how they work

glass nest
#

Sweet

atomic arch
#

Btw are there any rooms on how to actually stay hidden whilst doing such attacks. Couse like in koth I don't want to be noticed by the opposing team

glass nest
#

Not specifically, however Wreath Network covers a couple of techniques. I think in ethical hacking as a whole, keeping hidden isn't really needed if you have your signed permission form/scope in your hand πŸ˜„

atomic arch
glass nest
#

anything that might help keep hidden is likely to slow your connection down, so probably worth learning techniques and stuff first befire putting it on 'hard mode'

atomic arch
#

Any tools I need to learn that are useful for anything besides nmap and co that I can learn with a free trial?

glass nest
#

There are a metric tonne of tools. the likes of nmap, Burp suite, metasploit have a lot of uses, wheres things like hashcat, John etc. are only really used for a single task

#

This is where the paths come in handy - If you follow the web path, it will demonstrate various tools for helping with that (for example)

atomic arch
#

But aren't the premium?

glass nest
#

Not all of them. Some of the rooms in the paths might be, but you can skip over them until you get a subscription or do self research on the subject of the inaccessible room

#

really wanna see what b0rk is gonna say... I'm on the edge of my seat...

atomic arch
#

Me too bro's writing an entire book

buoyant tree
#

aye @sick lance if you're free, I've got a few questions about Diablo IV

sick lance
buoyant tree
glass nest
#

I think you are doing this on purpose now, b0rk πŸ˜„

buoyant tree
#

Also from what I understand the entire focus of the game is about leveling up your character, so do you do that by playing increasingly more difficult levels or by doing some quest

sick lance
glass nest
#

Anything planned for the bank holiday, scrubz?

sick lance
frosty acorn
#

of topic but my friend has a discord sever and he said i can have roles but he left them unlocked and i wanna know how to claim them he said i chould

#

and u would save me money

#

its a bet

sick lance
buoyant tree
sick lance
sick lance
glass nest
#

I gave my PSVR setup to my nephew and neice. So I'll probably be hearing about all the fun stuff they are doing. they are into job simulator at the moment πŸ˜„

atomic arch
frosty acorn
#

so i am trying to get admin in friends sever and u know how u can chosse to let the roles be public taken how i dd that and claim it on my friends sever

glass nest
#

Haha, Well I've encouraged them to get Beatsaber.

sick lance
buoyant tree
buoyant tree
atomic arch
buoyant tree
glass nest
#

trendo - It was how I exersised during Covid lockdown

tranquil osprey
#

Bruteforce:

  • hydra for credentials, username and password
  • gobuster, dirsearch, ffuf for dns, vhost, directory listing and fuzzing

Hashing/Cracking:

  • hashcat, john for cracking hashes

Web:

  • BurpSuite, mitmproxy (scripting)

Binary Exploitation/Reverse Engineering:

  • Ghidra, IDA Free/Pro, BinaryNinja
  • radare2, gdb, strace, ltrace
    • Knowledge of working and internals of stack, system calls, ASLR, PIE, ROP Gadgets, some assembly

Networking:

  • ftp, ssh, smb, nfs
  • iptables, ufw, firewall-cmd for firewalls
  • tcpdump, tshark for packet capture

Misc:

  • steghide for Steganography
  • SUID binaries
  • CVEs
  • CMS exploits
atomic arch
buoyant tree
glass nest
#

It was for Trendo - Tools that b0rk uses

cyan parcel
glass nest
#

Steg is a lot of fun

tranquil osprey
#

There's a lot, I can't type everything πŸ˜…

buoyant tree
#

oh k

atomic arch
#

What is staganography

high mulch
glass nest
#

Trendo - hiding stuff in files

#

like pictures and things

atomic arch
glass nest
#

It's not used a lot, and you'll mostly see it in challenge rooms and CTFs

#

(Capture the Flag challenges)

atomic arch
tranquil osprey
#

IIRC, one or more KoTH has Steg

atomic arch
#

How long does it take to be able to solve stuff like the rick and morty room or the mha room by yourself

glass nest
#

Depends on you, really

#

Each room has 'tags', which will give you an idea of what sort of stuff you'll be getting into. Rick n Morty is all (or a lot) of web stuff

atomic arch
glass nest
#

See, at that point, you go and research SSH, based on what you found out during your enumeration

#

(enumeration = info gathering)

#

"When in doubt, enumerate"

atomic arch
glass nest
#

Ahh ok. Was port 80 open?

atomic arch
#

To be honest I don't know anymore

#

I think so

glass nest
#

Hehe. you'll end up with your own processes. Like.. if you see 80 open, what should your next move be?

atomic arch
#

Idk what to do with it

glass nest
#

Well, Looking at your other resources, what is usually on port 80?

atomic arch
#

That's usually an inidaction for http right?

glass nest
#

Yep. And what would that imply?

atomic arch
#

That the website uses http?

glass nest
#

that there IS a website. So... Next move for enumeration?

atomic arch
#

Open the website and check the source code for comments

glass nest
#

exactly!

atomic arch
#

Or have a look at the requests

glass nest
#

So you ran nmap, saw a web port, fired up a browser - thats the start of your methodology.

atomic arch
#

Yes I did that

glass nest
#

And now you know that there may be some access gained through the website. So you start going through the enumeration for web apps

#

Jumping straight into requests might be a bit hasty at this stage

#

but hey, You do you.

atomic arch
#

What's a web app

glass nest
#

a web application. a website or other service that has a web-facing interface

atomic arch
#

Ok

glass nest
#

First thing I'd do, is click around on the website as if I'm a normal user. See whats there

atomic arch
#

But it's just a picture with text?

tranquil osprey
#

Check response headers (e.g. Server: Apache/2.4.49) > /robots.txt > View Source (to figure out where and what to enumerate, .e.g .php extension) > Click around, navigate b/w pages > Check API requests > Try Malformed requests > Check Cookies, Sessions, JWT (tokens),

glass nest
#

In that instance, yep. And that is info. i.e theres no login page/search box to exploit that way. So you don't need to think about those

#

It's just as important to figure out what you don't need to do while figuring out what you do

#

honestly, doesnt matter how long it takes you to do the room. only that you learn while doing it. honestly, I felt like the king of nerds when I did my first room without peeking at a walkthrough πŸ˜„

#

(It was Startup, for reference πŸ˜„ )

atomic arch
#

Well I got close but then stuff happened that shouldn't usually have happend

tranquil osprey
#

Lol, among non-cybersec colleagues you can feel nerdy/geeky

glass nest
#

Well, I don't own a black hoodie yet, so probably can't feel TOO geeky

high mulch
#

I'm always sudo updating, because I want to look nerdy/geeky

glass nest
#

Hehe

tranquil osprey
#

cmatrix background lol

atomic arch
glass nest
#

Hehe.

#

honestly, I can't remember Rick and Morty room well, I do remember it was fun though

high mulch
#

I can only remember the one from Mr. Robot because I redid it 2 times, and took my time, since I was fanboying it. LMAO

atomic arch
high mulch
#

I didn't say "I'm in" though. sadge

glass nest
#

Steel Mountain?

atomic arch
glass nest
#

Thats a Mr. Robot themed room

#

I think there are a few. Can't think why.

atomic arch
glass nest
#

Ahh ok

#

Well, keep plugging away at the tutorial rooms

#

All the info needed for the challenges is there - Especially the easy/medium rooms

crude stump
atomic arch
tranquil osprey
glass nest
#

Do you know what you want to end up doing?

atomic arch
glass nest
#

Ok. so it doesnt matter which path you take then. pick one at random πŸ™‚

high mulch
atomic arch
#

I just don't know where to start

glass nest
#

"Would you tell me, please, which way I ought to go from here?" "That depends a good deal on where you want to get to," said the Cat. "I don't much care where--" said Alice. "Then it doesn't matter which way you go," said the Cat. "-so long as I get SOMEWHERE," Alice added as an explanation. "Oh, you're sure to do that," said the Cat "if you only walk long enough." - quote from Alice in Wonderland

atomic arch
#

If I do pentest I might not be up for blue team but if I take blue team I don't know if I will complete any of them even though I extra installed a purple team os, taking into consideration I might wanna do blue team. But up till now all I've done with Blue was read or maybe nothing at all?

teal wharf
#

Guys sorry to interrupt the convo , but what is a CSRF Vulnerability

glass nest
#

do you reckon a red team person would be better if they knew how blue team stuff works?

#

Cross Site Request Forgery, Oussama

atomic arch
glass nest
#

I think OWASP has some CSRF examples on it

#

Also, never apologise for asking a question. we are just shooting the wind here πŸ™‚

atomic arch
#

Do you guys also have the problem that tools sometimes get installed but are missing stuff

glass nest
#

shrug, not that i recall specifically. but if it happens, just find a way to make it work πŸ™‚

high mulch
glass nest
#

's a good point X.

atomic arch
#

What do you guys do?

glass nest
#

Personally, I struggle to eat tacos.

atomic arch
glass nest
#

Hehe. Nah, I work for my families pizza business, but I used to work in digital forensics

high mulch
#

Have in mind the requirements of each paths' branches. If you're willing to take that route or not.

#

Me, personally I pray for a miracle atp. lol

crude stump
glass nest
#

did you ever visit the pool on the roof though?

blazing granite
glass nest
#

AceS - Kinda. it's Domino's. Some purists would se it as cheating

crude stump
#

That’s cool

glass nest
#

Noo, I wish. I'd be minted! We have 12 stores in south west UK

#

It's a Franchise

atomic arch
flint lintel
crude stump
#

That’s amazing

glass nest
#

Yah

#

Well, it's a whole family effort

atomic arch
#

Cool

high mulch
glass nest
#

Oh, we got the stuff for the new pizza today -I think it's out on Monday. Korean pulled chicken. The standard pizza also has red jalepenos on it. too spicy for me!

crude stump
#

I love chicken

high mulch
glass nest
#

But the sauce is lush on chips (fries in freedom-lingua)

sand trench
#

kick en???

crude stump
atomic arch
#

You got margarita?

glass nest
#

Cheese n tomato? of course

atomic arch
#

Noice

crude stump
#

Margarita and bbq is my favorite pizza

atomic arch
glass nest
#

Cybersec is a relaxing hobby for me, as is helping folk πŸ™‚

high mulch
#

Yeah, I've taken it as a hobby lately, hopefully one day I can work off it tho lol

cyan parcel
mossy river
#

Get out of here

crude stump
#

Its good man

atomic arch
crude stump
#

Bbq pizza is a life saver

mossy river
crude stump
#

Yeah pineapple

atomic arch
#

Broccoli?

crude stump
#

Personally

#

I’m not a big fan on broccoli

atomic arch
#

I don't like it on pizza same as carrot pizza

high mulch
#

Bbq pizza is top tier.

mossy river
#

Nahhh

#

Get out of here all of you πŸ˜‚

glass nest
#

exits, stage left

high mulch
#

misunderstood by the world

primal yoke
high mulch
#

yeah, web can get messy.

#

IT IS messy*

glass nest
#

And that mess is where we find vulnerabilities

teal wharf
glass nest
#

right. time to hit the 'ol dusty trail. Gnight, geeks!

teal wharf
#

Gnight G

atomic arch
#

Gnight

shut hawk
#

Is that Jayy with a single J

visual pecan
#

Sup

pallid lotus
#

I mean, SameSite=Lax is default for pretty much every modern browser now. That's a reliable prevention... unless you actively set it to None as a developer

#

i.e., it's secure by default

#

CSRF tokens are largely redundant these days, for that reason

#

Yeah, but I'd bet you'll still see freakin' RFI show up sometimes

#

Side note, iirc THM had a couple of CSRF issues a few years ago lmfao

#

It... Really shouldn't lmao
Again, secure by default. You have to go out of your way to screw it up these days.

#

Can't remember if that was the case in 2020 or whenever those were found, granted

#

August 2020, so just about the cutoff.

#

A) you know I work for an international bank, right? That's a poor system if things are getting pushed out without security sign-off.
B) the security companies really should be setting the example there...

#

February 2020 for Firefox. Curious.

dusky bone
#

Hello, I am new here and tried a ctf and had to use RDP, problem is I have not yet covered that in a room. What room covers RDP, I completed pre sec and now on beginner path.

pallid lotus
#

Oh, my point there was that you don't need to explain business practices to me...

#

I am well aware that PMs want things pushed out on schedule, security be damned.
Hence the second point. It's a poor system where they're allowed to overrule security sign-off

dusky bone
#

Hello Zumi, thanks but that is the room I had an issue with. It does not teach how to do RDP. What is a good room for a complete beginner

high mulch
#

So... fuse2 deletes ubuntu desktop gnome... noted... πŸ˜…

dusky bone
#

I have never used that beofre

sand trench
#

oh merry witching hour muiri

dusky bone
#

Its alright Zumi, I will have a look around. Thanks anyway

pallid lotus
#

Research what RDP is, then how to use it from your system.

#

Develop base understanding then use that to learn technical understanding. Build security on top of that.

dusky bone
#

Thank you, I will have a look.

pallid lotus
#

Either way, research is key. Google everything, and take lots of notes.
Enjoy!

dusky bone
#

Cheers buddy!!!

#

Have a nice night, Im off to bed.

high mulch
#

nvm

#

google it xD

#

I'm hitting the hay as well

sand trench
#

meep moop finally time for sleep sloop to the beep boop again

crude stump
#

What are some ports that are usually open on most computers. My windows machine only has SMB, netbios and windows something(I forgot)

loud marlin
#

you can open port if wish

crude stump
#

Yeah

#

Im prolly gonna do ssh

#

Forgot Telnet and ftp

simple valve
#

But then again, those require very specific configs to be enabled…

#

I’ll have to check with my Windows VM

gilded peak
#

this might be a dumb question, but how do I find the domain name to add to the /etc/hosts file? for instance, i am working on the archangel ctf and i went to add the ip and archangel.thm, but it doesnt seem to be working. how do i discover what this is?

dense bear
crude stump
#

Thing is I configured the firewall to allow all inbound traffic

gilded peak
dense bear
#

ip where domain should be and vice versa

slow helm
#

hellllo

crude stump
#

Yeah I’ll try

#

Definitely

slow helm
#

hey aces

sonic dust
#

HELLO I WILL TAKE MY M&M'S NOW

image.png
crude stump
#

I don’t test anything bad on my windows machine. only tools

simple valve
crude stump
#

Obviously I would properly isolate it if I was testing malware etc

crude stump
slow helm
crude stump
#

Yeah it’s connected via host only so it’s no internet connection. Tbh that’s the only way it would actually work for me is host only

crude stump
boreal scarab
#

Hey, anyone fly drones here?

crude stump
boreal scarab
#

@shut hawk You fly drones, right?

boreal scarab
#

Just need a cheap one to inspect roofing

#

No pwanes

coarse moth
signal lava
#

has anyone done the U.A high school CTF? cuz i have been trying and researchig for 4 hours and still got nothing

simple valve
signal lava
twin ridgeBOT
#

Gave +1 Rep to @simple valve (current: #22 - 394)

dense bear
#

gonna be there in 6 months i promise

sonic dust
#

i didnt do it in 600M omegalul thats how long you get the room for if you keep extending

#

but yes you will @dense bear it IS a fun challenge

dense bear
#

a lot of rooms say 120m and i do it in like 20

dense bear
#

it will take some time but i will get there

eternal timber
#

Hello heckers

unkempt vault
#

Hello guys I'm thinking to subscribe but is it okay if I only use attackbox rather than a VM cause my laptop is not that great so I'm waiting for few months to buy new laptop

pearl raven
#

If you are subscribed attackbox is fine, especially on "not so great" hardware.

unkempt vault
#

So I can complete whole academy with just attackbox right?

rapid merlin
#

Yes

#

@graceful thistle you here?πŸ˜‚

graceful thistle
#

Whats up

eternal timber
#

How’s it going

#

Burnt out from work and about to sleep

graceful thistle
#

Deditio leaving me hanging

rapid merlin
#

The time for me

rapid merlin
#

YOOO

graceful thistle
#

So whats up

#

Tell meeee

#

I cant progress my day if I dont know whats up

#

Aaaaaa

buoyant tree
graceful thistle
#

My day is ruined now

pearl raven
#

Dang, even I wanna know now...

rapid merlin
#

πŸ˜‚πŸ˜­

#

I'm with 4 men sleeping in a garage

#

Friends*

#

And i cant sleep

#

πŸ˜‚πŸ˜‚

clear jackal
#

You pinged dolphin for that?

rapid merlin
#

Yes

#

Was about to ask how her day was!

#

Soo

#

Uhhh idk

#

Maybe because it's 4 am?

clear jackal
#

You had all of us waiting, and all it is, is a sleepover?

rapid merlin
#

YepπŸ˜‚πŸ˜‚πŸ˜‚

#

So how's your day?

pearl raven
#

Fml...

heavy burrow
#

Good night!

rapid merlin
#

Sleep well

graceful thistle
#

Lmao

rapid merlin
#

Dolphin, hows your dayπŸ˜‚

graceful thistle
#

Well my day was nearly ruined but you restored it now

pearl raven
#

NO!

rapid merlin
#

Ah nice

heavy burrow
#

I from brazil, learning about cybersecurity for the first time

graceful thistle
#

Good so far, am enjoying the good weather and did chores in the morning

pearl raven
#

Yeah, my evening is ruined now.

rapid merlin
#

Basicly I'm doing the dams

#

Same

#

But okay

rapid merlin
heavy burrow
#

thanks

twin ridgeBOT
#

Gave +1 Rep to @fervent meteor (current: #154 - 48)

rapid merlin
graceful thistle
#

Well we are driving the island round

rapid merlin
graceful thistle
#

Which we often do

heavy burrow
#

What do you suggest I study to start?

pearl raven
#

Find an awesome german shepard gif!

graceful thistle
#

Get some coffee and maybe a slice of cake at the beach house

rapid merlin
graceful thistle
#

Not the whole of NZ lol

rapid merlin
#

OhπŸ˜‚

rapid merlin
#

Me right now

#

πŸ˜‚πŸ˜‚

heavy burrow
#

I already did this

rapid merlin
pearl raven
#

Lol, my dogs every time somone uses a word that sounds like, treat, walk, or ride...

#

My balance has been restored, thank you

rapid merlin
#

Mmm for a what?

#

Deciding whats de price?

heavy burrow
#

Do you have a lot of rhythm in the area?

graceful thistle
#

Live from NZ

20240824_134927.jpg
rapid merlin
#

Ohhh, can I ask how it got damaged?

graceful thistle
#

Whats the matter with the side of the house?

coarse moth
#

The complete beginner path is more advanced than the jr penetration tester one πŸ˜…

buoyant tree
#

@graceful thistle I hate DMC

rapid merlin
#

Ahh like that

graceful thistle
#

Blocked

pearl raven
#

lulz

rapid merlin
#

πŸ˜‚πŸ˜‚

buoyant tree
#

I keep dying

rapid merlin
#

I forgot what dmc means

#

πŸ˜…

graceful thistle
buoyant tree
pearl raven
#

It's like that...

rapid merlin
#

Oh found it

#

I am maybe tired, but not THAT tired

#

Devil may cry 5

graceful thistle
# buoyant tree yeah

Well they do call it Dante Must Die for a reason (unless youre doing Hell & Hell, which is also called double hell for a reason)

buoyant tree
#

managed to kill a few demons before taking damage and dying

#

and then alt f4ed

graceful thistle
#

The one where you die in 1 hit?

rapid merlin
#

Don't be a swat?

#

Sweat

graceful thistle
#

DMC IS THE BEST ON THE HARDEST MODE

#

In fact I want harder modes still

buoyant tree
#

I did that... well that was a little less challenging

graceful thistle
#

I want hell & hell with DMD difficulty enemies

buoyant tree
#

so I thought I could do the hardest difficulty

buoyant tree
graceful thistle
#

And LDK on top of that

#

@unreal solar knows whats up

rapid merlin
#

Simply guitar

unreal solar
#

who dares summon me

buoyant tree
#

somebody recommend me a good movie

#

done.

unreal solar
rapid merlin
unreal solar
buoyant tree
#

done.

loud marlin
unreal solar
rapid merlin
#

Ralex you should sleep... Right?

buoyant tree
#

done.

unreal solar
#

5 is so easy on dmd

loud marlin
unreal solar
buoyant tree
rapid merlin
buoyant tree
#

@loud marlin this movie?

#

done

unreal solar
buoyant tree
rapid merlin
unreal solar
#

whats up @graceful thistle how you doing ?

graceful thistle
versed veldt
loud marlin
buoyant tree
#

Done.

loud marlin
buoyant tree
#

Didn't like it

#

Done.

#

Done along with 1917 and dunkrik

#

Till 10

loud marlin
versed veldt
loud marlin
#

Donnie Darko

buoyant tree
loud marlin
#

idk

buoyant tree
#

I've seen a lot...

loud marlin
#

it's not american crap...

buoyant tree
#

Yeah he's in it

graceful thistle
#

To win H&H use Vergil and jc yourself to victory AIO

buoyant tree
buoyant tree
unreal solar
#

dolphin

loud marlin
#

then Samantha Darko. his sister

buoyant tree
buoyant tree
unreal solar
#

i'm brute forcing this box since 4Pm

loud marlin
unreal solar
#

definatelly not watching this anime after this

#

lol

loud marlin
graceful thistle
#

Sickboy very soon dmc anime, netflix posted few teases in the last 2-3 weeks. Its real

versed veldt
#

Lol, it's about the Mandela effect. It's hard to explain, I'll look it up

buoyant tree
graceful thistle
#

No

#

Mad God is a cool movie AIO, took 30 yrs to make. Its all stop motion

buoyant tree
#

Think I watched it on a netflix binge irc.

buoyant tree
unreal solar
#

gotta find something hidden

buoyant tree
#

Lot's of Gore, wouldn't recommend to anyone blindly though

graceful thistle
#

Damn youve seen everything

unreal solar
#

or elese i'll never finish it

buoyant tree
#

I want something new that I haven't watched

#

that I will like

unreal solar
#

for sure lol

buoyant tree
#

monoke?

#

Uh no I haven't watched that

loud marlin
#

Fear And Loathing In Las Vegas (1998)

buoyant tree
#

mononoke*

buoyant tree
loud marlin
#

great movie

graceful thistle
#

The old Legend movie is cool as

#

1985

buoyant tree
#

Wanna watch something English

versed veldt
# buoyant tree What's it about

PLOT: When a man learns about the Mandela Effect soon after his young daughter dies, he begins to believe we're living in a simulation that could be rebooted

buoyant tree
#

Signs?

graceful thistle
#

Coraline?

buoyant tree
#

You watched too much Mel Gibson's along with me

versed veldt
#

basically based around Simulation Theory and the Mandela Effect.

buoyant tree
graceful thistle
buoyant tree
#

somewhat the result of this conversation

buoyant tree
#

2049 you mean right?

#

right?

pearl raven
#

lol

buoyant tree
#

oh k

#

Thought about a fugazi poster I saw a while ago

pearl raven
#

Classics.

wispy sparrow
#

The Godfather

versed veldt
#

Morgan Freeman plays in it, don't know if you like him or not

buoyant tree
#

1 watched, 2 not, 3 possibly

pearl raven
#

It is called short circuit but anyone that's watched it knows what you mean.

versed veldt
#

johnny5 is alive πŸ˜‚ no disassemble

buoyant tree
#

now I watch movie

#

bye

pearl raven
#

I've just started the force awakens... put it off for so long...

graceful thistle
#

Took me a bit

pearl raven
#

It's a whole ass movie, I've been avoiding it since my wife isn't a star wars fan.

#

she won't be home for 3 hours so... may as well!

#

Cool, I'm glad to hear that, hopefully I'll like it too.

#

So far so good.

#

It's been 9 years???

unreal solar
versed veldt
#

It started out at 39 minutes, an hour later and still 33 minutes to go πŸ˜‚

Screenshot_20240823-222809.png
buoyant tree
junior summit
#

XP

kind moth
#

Δ€i

versed veldt
#

yeah, it's Xp πŸ˜‚. Nothing fancy, but I can run it on my phone without it being slow. Anything higher euns too slow

#

Just something to give me access to CMD and PowerShell while I'm away from my laptop

versed veldt
kind moth
#

Fine you

clear jackal
junior summit
versed veldt
junior summit
#

exactly url?

versed veldt
versed veldt
kind moth
#

I don't understand this group

versed veldt
kind moth
#

Ok

rapid merlin
#

πŸ‘πŸ’ͺ

coarse moth
graceful thistle
loud marlin
kind moth
#

Any business owner here

coarse moth
versed veldt
#

We are all owners of our own business, and I mind my own business so you do the same too πŸ˜‚

upbeat spoke
#

is there any thing i can do by my phone to find good discord usernames ?

coarse moth
#

It's literally the worst server to try to do that on

versed veldt
coarse moth
#

XD

clear jackal
#

?

#

They pinged a random user, the automod won't trigger on that

coarse moth
#

omg

coarse moth
kind moth
versed veldt
#

This is a place for ethical hacking tips, not business tips. You're in the wrong place kiddo

kind moth
twin ridgeBOT
#

Gave +1 Rep to @versed veldt (current: #1102 - 3)

versed veldt
#

it wasn't meant as an insult, it was like how when someone else speaks to you and they keep calling you "dog". It's not an insult towards you, it's just something they got used to saying

coarse moth
versed veldt
#

Who would have guessed a server named Try Hack Me would be about hacking πŸ˜‚

clear jackal
versed veldt
clear jackal
#

@upbeat spoke please note that unsolicited DMs are prohibited. Also, I am not a mod, so I cannot unmute you.

solar echo
#

REMY BOOO O OOOOYZ, YEAH, 1738!

#

Good evening, good morning and good afternoon.

graceful thistle
#

Ultra late response but I was distracted touching grass. But I wanna play DMD with a DDR mat βœ…οΈ

#

Im not sure how I would map everything but Ill make it work

#

Somehow

versed veldt
loud marlin
chilly veldt
#

Morning

loud marlin
#

morn bell

static peak
#

hello

unreal solar
#

I'll never watch this anime lol

image.png
#

never spent that much time on a easy box

remote swallow
unreal solar
#

The box is easy

#

is just hard to figure out at first

#

and i spent a LOT of time looking for stuff

#

when i already got what i needed

sick lance
#

My thm stickers are on their way 😎

unreal solar
#

holy

#

USDoD just got doxed

#

On the other hand, the USDoD hacker provided a statement to Hackread.com, revealing his ambition to turn his life around, leave the cybercrime world behind, and do something positive for Brazil.

Get the feeling bro

#

I actually feel sorry for him

#

imagine getting doxed by crowdstrike

remote swallow
#

Our decisions make our future . Not what we want

unreal solar
#

agreed

#

I mean. there's lots of reasons not to go in this life in the first place

#

I feel bad for him because i'm also from brazil so i know what is like to live here

remote swallow
#

If you are doing something illegal the worst thing you can do is to brag about it . Pretty much everyone i've seen get caught was either bad with the opsec or bragged about his accomplishments

unreal solar
remote swallow
unreal solar
#

Doens't justify, but it is a thing to notice

#

like wanting to get ouy doens't mean much

remote swallow
unreal solar
#

you could leave any time you want

remote swallow
unreal solar
#

Now the brazillian feds are gonna give him up on a silver platter to the US

#

to be prosecuted

remote swallow
#

Yeah probably

#

He might get jail time or a job . Who knows

unreal solar
#

Damn crowdstrike hahhahahahaha

remote swallow
#

But yeah getting doxxed by crowdstrike is a L

#

Huge L

unreal solar
#

its true

#

can you imagine

#

Some people get seduced by it

#

as it is painful to get a honest job

unreal solar
#

he pissed off too many people

#

important ppl

remote swallow
#

There is no honest job in a poor country . You either get underpaid and f..ed or you make good money and take the chances

unreal solar
#

no job offerings for him

remote swallow
#

Who knows .. NSA might like this guy and say homie we fieends

#

: D

unreal solar
#

i wonder if in 5/10 yeas they'll be in the same spot

remote swallow
#

Just my personal opnion

unreal solar
#

lol

remote swallow
#

They still value there words yk

unreal solar
#

i'm not joking man

remote swallow
#

I'm not joking either

unreal solar
#

they pay students to learn hacking and cryptomining

remote swallow
#

You provide value to them they provide value to you . That's a deal

unreal solar
#

specially crypto

remote swallow
#

Better then a deal you will get from government ever

#

; D

remote swallow
unreal solar
#

The governmnet doesn't stand a chance

remote swallow
unreal solar
#

Student loan can break you

remote swallow
#

Loan in general can break you

#

I've never took a loan from the government neither do i plan to

unreal solar
#

He stated that he wanted to do somethign good for brazil

#

i mean

#

he COULD

#

any time

remote swallow
#

If this hacking shit din't workout for me i would open a bbq shop or become a lock picker

#

I have plans : D

unreal solar
#

why expose senstive data from NPD ?

remote swallow
#

( and still learn hacking though)

unreal solar
#

If you have these skills

#

do something that's actually good for your country

#

plenty of bad ppl here

#

Predators

remote swallow
unreal solar
#

etc ...

#

you get the point

remote swallow
#

Yeah

unreal solar
remote swallow
#

I have a certification coming in few days . So hopfully i won't be doing that : D

unreal solar
#

nice which one ?

remote swallow
#

Biggest mistake i ever did was to not do certifications in my early stages . with time you seriously start doubting yourself and your abilities

remote swallow
unreal solar
# 
If he was serious about turning his life around, he could turn himself in at the nearest embassy, get a sweetheart plea deal, and in 3-5 years, he’ll be the figurehead of some new cybersecurity company making mid-six figures. It’s a well-worn path that many former computer crime convicts have travelled.

JH is right on this

#

but sweet-heart deals with the feds usually involves flipping

#

and that's not good

unreal solar
remote swallow
unreal solar
#

defnatelly on my agenda

unreal solar
remote swallow
#

Do you have any certifications ?

unreal solar
#

not market certs

#

i want PNPT + Pentest+ first

#

then i'll move to harder ones

#

Maybe Sec+ is easy ?

remote swallow
remote swallow
#

It's practical

#

You have to write a report,debrief all that

unreal solar
remote swallow
#

I don't wanna spend my money answering multiple choice questions

unreal solar
#

would be very nice to have their cert

remote swallow
#

Yeah go for it

unreal solar
#

they released a osint cert right ?

remote swallow
#

amm i think that is a certification of complition

#

idk about if there is a exam in place

unreal solar
#

meh

remote swallow
#

you should ask in there discord

#

There Osint course is dope

#

I liked it

unreal solar
#

i did mayor's MPP before it was retireed

remote swallow
#

I would say the any course from them is super valuable . But if you have done tryhackme or htb for a while you might find it super easy

unreal solar
remote swallow
#

Cool i would just do PNPT man

unreal solar
#

when i got better at AD i will take the PJPT

remote swallow
unreal solar
remote swallow
#

In my opinion

unreal solar
#

started with programing logic and front end

#

then i got a voucher for PEH

#

and after i did it a couple times

#

i realised i needed more foundational stuff

#

hence tryhackme

#

been there ever since

#

last year i got accepted in college for a cybersecurity degree

remote swallow
#

My journey was a bumpy ride : D

unreal solar
#

now i live for this shit

unreal solar
#

but it is fun!

remote swallow
#

I dropped out of high school , Din't had a penny in my pocket for anything . Bought a cheap as computer started reading books on hacking got into the linux rabit hole for almost 2 years ( was in high school at this specfic time) . Dropped out of the school and bought tryhackme after few months of that and never looked back

#

But the books i read on linux to this day helped me alot

unreal solar
#

based

remote swallow
#

You can't compare anything with a good book

unreal solar
#

I have a relic here

#

Red Hat Linux guide - 2002

#

not RHEL

remote swallow
#

Yeah after almost 3+ years PNPT will be my first certification

unreal solar
#

the OG red hat

#

give me some of your vibes so i can get it too!

#

for me

remote swallow
#

I've read the shellcoders handbook ( a while ago )
How Linux Works
few other ones i can't remember : D

remote swallow
#

I can screen share and show you the course for it . It's not hard at all

#

You can prepare for like 2 months and go for it

#

It's just AD basic asf web-exploitation no exp-development and even linux/windows privesc is optional
It's a ad based cert

unreal solar
#

I do have skills

#

but i need to get better in AD

#

and windows

remote swallow
#

If you can operate linux,windows with no problem and know basic networking (tcp/ip osi model, how routers work) you are good to go

#

They cover pretty much everything that will be included in the exam in there courses

#

and there is no time limit