#general

Bro started being active in thm

I've been looking at the member list, some real's in here

Where is everyone

Usually kinda dead after about 7 US.

Ah I see

wait why cant i use emojis here

I bet its popping at 3AM US

Like absolutely POPPIN

You need to verify.

As always we gonna start with nmap

lol

In lieu of certs I just put Top 1% THM on my resume, it's worked out very well

You got it where i'm coming from?

still waiting on THM certs

I refuse to use other platforms

me too brath

you got your OSCP via doing thm?

Ooh oh nice

For what exactly.

I did all the THM content, bought the OSCP exam (I never did the course) and passed no issue

Taking CRTO now, again, just THM

This platform has it all

Bro I am building activedirectory

Which THM room teaches how to build AD?

The Active Directory room

Hi
I want to learn more about anomalous network behavior
How is it being detected today? what are the signatures and rules to detect anomalies?

Anyone have idea?

I mean that’s kinda broad but take a look at yara rules

I want to know like for example yara rules, what is the input to the yara rule.

Flow:
Is it a network packet that comes ----> yara rule checks?

I'm most interested on the input that the detection or behavior or pattern check happens on

Hey all anyone online available for a quick question about the buffer overflow prep module ?

For help with THM content, #room-help is the best place to receive assistance

May I ask why no to other certs? Such as Hack the Box?

There isnt anything on Hack The Box that I cant learn on THM, right?

Nope they dont even have blue teams tho

Which brings to blue team labs but meh

Yeah! TryHackMe number one!

HTB premium is bs. Paid 18$ and got to 41.04% progress in my chosen path with only 20 modules. THM? 105 done (and more are available) rooms on premium which costs less. ❤️

I want to add my opinion. TryHackMe is better than HTB. I came from HTB and now knowing the THM Platform that's really cool!! Especially for Blue Team Aspirants. TryHackMe has SOC Level 1 and Level 2. (Which both those two are completely highly righ in content, actually better than courses of companies like TCM)

❤️TryHackMe Forever❤️

The weird part is that they have academy and app. Separate subscriptions, but I was told to give academy a try first and then go spend my money on app. 🤷‍♂️

Yeah, it's a true fact. I think TryHackMe offers a lot of content all-in-one at the same price than HTB ’academy’ and ’app’.
You'r right bro

(I just failed in Written Grammar. Using cell XD)

that's why it's edited

: )

hello world

Hello

https://tenor.com/view/office-milton-sitting-waiting-gif-10654068083597262833

https://tenor.com/view/imindanger-danger-ralph-gif-22328804

https://tenor.com/view/sup-baby-yoda-grogu-gif-25118331

If we're doing tryhackme vs HTB, I like tryhackme's website better but HTBs VPN works for me and THM's doesn't. So using the attackbox makes everything slower.

I think this might be a UDP vs TCP thing? HTB has the option to use a TCP config for VPN. THM does not.

Interesting!

Also I like how HTB have set up their vulnerable website tasks. You don't need to connect to their VPN to access them. They have public IPs. While with THM I need to spawn attackbox and open firefox on attackbox in a VM that I'm running in Firefox and it's all very meta.

THM has those too

Just not in the older rooms

apache, nginx or openlitespeed?

any coupon codes for premium?

Never had an issue with THM VPN.
On HTB I had many issues with submitting flags due to poor sanitization. But I do agree - some publicly available websites used for modules makes more sense, rather than spawning VMs.

I prefer openlitespeed + LSCache.

I like nginx idk why

used nginx before, loved it. switched to ols last year.

Yeah it's definitely a UDP vs TCP thing. I can't connect to HTBs UDP VPN either.

Although while I can connect to HTB's TCP VPN I can't ping their targets today so can't actually do anything

#site-support if you would like support with the VPN please.

Learned more about computers in a month than I have in my entire life with THM tho

And I started using computers in Windows 3.1 days.

Morning everyone

G'day.

How long would you say you need to be learning to do some of the easy practice machines like fowsniff? I'm halfway through complete beginner and Jr Pen tester.

I'd say if you've got an idea on how everything works, then you can roll up your sleeves and give'r.

Morning

#room-help

It appears that my body has worse virus protection than my pc lol

Good Morning Everyone

G'day.

good morning everyone..sure haven't been here in..2 months?

Morning

☺️

Average THM user behavior

How is everyone ?

Good , WBU

So today we find out which ten are selected for personalized support?

I feel like my government is testing what software and tools people use to bypass blocked sites. Blocked Instagram, blocked YouTube, blocked Discord yesterday

And for example, before I could access sites by bypassing DPI. Now nobody can

Do you think the government could do it just to gain information on what people do to bypass and how they react?

I think it's more like a control thing , They can filter stuff and block stuff when shit goes down the drain

That's what I meant, that they collect information for this reason, to know how to act when things are... Messed up

It's about time before every government will adopt the same habbit and it will become a norm

Unfortunately

The hilarious thing that Discord was used by the military for communication 😶 and ofc they have troubles now

I will never understand this logic

TOR was created by US navy soo they have there ways

I learned about TOR on MR robot episode 1!

https://tenor.com/view/shit-leslie-jordan-gif-11334450875675318506

Obvious troll, is obvious.

It's just that a hilarious government causes problems for soldiers while promoting the war

Governments don't care about you or the soliders : Lolz

Can we please leave politics and such out this server.

Not politics

You uh, just mentioned the word government.

Yeah i din't mention which government

Irrelevant..

The subject as a while has a blanket ban.

So what should we talk about my good sir

I didn't even mention the county or anything, just complaining about useless domain blocking

Why am i a troll? Okay fair, I was.

You've been here long enough...

And just suggested what it is done for

Please see my previous post.

Ohhhh

Scrubz is the fun police I keep hearing about

Ah, you must be another frequent user of HackTheBox.

Well, im certainly in the more professional discords. I wouldn't claim Hack The Box is one of them.

Scrubz is my father and if you have issues with him, you have issues with me

Regardless, you are a bit infamous

You're in HackTheBox....

No point lying about it...

I can see mutual servers too

I am not sure what you mean

We call Hack The Box the 'cesspit' for a reason

Now you do.

Well, I am not trying to start beef with you - just a friendly conversation between security professionals

Good save

To be fair, a ban from here is a rite of passage, it kinda means you've progressed in your infosec journey

It's a neat server though

Cool people

You're not banned though, unless you're on an alt.

I am not an alt, Brath is my handle

Out of curiosity why is there such a schism between this server and HTB?

¯_(ツ)_/¯

People have to argue about something.

Probably started by users on which is better

No kidding

Even though i won't consider them a competition to each other

Hack The Box is a stomping ground for highly intelligent hooliganry and at the same time absolute skids. I generally recommend new players in the cybersec world start here.

Hi

hello brath

I would personally suggest newbies to start with THM and then move to HTB because HTB won't serve you everything on plate like THM does and some people might get freaked out cuz of that

howdy

Spot on

Then you can move to real platforms like Vulnlabs after a few certs

Yeah

I would perfer to play Networks instead of CTF's at that point

I don't play CTF's just due to the nature of players using chatbots en masse

I used to

Anyways, I did indeed come here to see what's up and LARP as a skid. I'll excuse myself - keep up the good work THM.

I'm moving on to HTB after THM

I personally like the style of "here's what you need to know, go solve it yourself" of HTB more than THM

I felt like I learned more and accomplished more

Even though I'm banging my head against the table

But THM is an absolutely great structured learning path if you're lost

i got 3 meeting now and have to fit in my doc appointment in bw

im so exhausted

Oh nah! You saved me a headache. Thank you Kind Sir!

Gave +1 Rep to @earnest fog (current: #2261 - 1)

omfg I almost had a heart attack. I was just chillin then I noticed breathing noises like loud inhales and exhales from unknown location and they stopped when when I went closer. It was just random chance and the sound was from outside construction whatever and the walls made the sound muffled and it sounded exactly like breathing 😭

for context im home alone, kinda dark and im tired

Throw glitter in the general direction of the noise and whatever’s hiding will appear

😂

Help me please

Someone

I came to this server because I need help my account got accused of something I didn't do.

Pls help me

Anyone

which account?

My account

PLZ help

PLZ

of THM ?

CAN WE TALK IN DMS I CANT SEND ANY PROOF HERE

Idk

All I know is that

My discord might get banned

proof of what ? no explain the context here

Within the 12 hours

Ok so

" Recently, I received a message from a friend with an invitation link for a Discord server. I scanned the QR code to enter the server, but it turned out to be a hack. I immediately changed my password to log the hacker out of my account. However, during the hack, my account was used to report random friends in my friend list and people on my servers, including you"

My friend sent me this

If it's one of those "I accidentally reported you and you'll get banned soon unless you do xyz" those are scams dude

Hug

Huh

IDK.

Is the website just not working for me? When I try to submit something it doesn’t work and takes a few minutes to submit

YEAH IT HAPPENS TO ME TO.

No it's fr.

avoid QR codes like a plague

What do you think this discord can do? You need help from discord support.

funny joke

I don't think anyone here works at discord

I don't understand how can they get you banned ?

Idk too i tried to Submit the request

just send a message to discord support and explain calmly the situation

He's been sent a scam phishing message

They message you saying "someone hacked me and reported all your friends and you, go to this totally real website and enter your discord details to solve this".

My friend told me to add someone called mwp_2001 apparently they work in discord but

good luck with discord support lol

they are not accepting my request

ah ok

And then after you have entered your details into the totally real website they phished your credentials

The account is still hacked.
This is a scam.
That is not your friend.
That user does not work for discord.

2024 and people are still falling for this.

Wait but

yep just change all your passwords

Be polite. Don't victim blame.

Can I send you this in dms pls.

it can be year 3000 and there will still be uneducated people

Don't victim blame. Be polite.

dawg.

https://discord.com/safety/understanding-and-avoiding-common-scams

Read "Discord staff impersonation"

"Discord Staff will never directly message users on the app for support or account-related inquiries. If someone claiming to be staff asks for personal information, payment, or changes to your login credentials, we recommend that you do not engage further. "

https://tenor.com/view/thanos-its-just-the-way-it-is-im-just-the-messenger-gif-25567865

Bro thanks to ninja I can help now 😭😭

Hacking in the movies: "I just sudo'd into the backdoor and ran a trace on his kilobytes and I'm in"
Hacking IRL: "Hello I'm the password inspector"

"recommend"

AD 101

Start focusing on your studies and stop comparing A and B.

Well they can't force anything

If someone wants to play with petrol, they can 😂

Could've make it sound a bit more serious than just recommendation

I benchpress naughty students

Pocket mask indeed! I also have a trauma kit and mini AED on my rear on my belt

Yo quick question. Can TryHackMe certs substitute those industrial certs like CompTIA cuz really wanting to get a career in cybersecurity but getting those expensive certs seem like a rip off

No they can't

No, but putting it in ur resume does you no harm

You don't need to have certs to get a role in cyber, but they can help a lot

And the TIA certs are pretty cheaply priced, compared to others

that is well said, discord staff will never DM you, whoever claims to work for Discord is clearly trying to scam you (token access / phishing)

From my Region and country they always put something like "certs are a huge plus" but clearly they only take candidates with certs its just how HR works here.

If you don't have certs most of the time they will ignore you...

But planning to take Security+ and CySa at the same time. You think this one is alright for someone with no experiences. CySa might be overkill for someone with no formal work experience but if I am trying to differentiate myself from the rest of the applicants I guess its the right thing? What you guys think?

I saw someone say they put that they completed Bandit on their resume. I am not sure if they were genuine or trolling. (Disclaimer: I am an education major not a cyber security major)

Don't know why someone would troll on their resume..

@night prairie

I once made a lua script to change the LEDs on an RC car controller to a different colour and uploaded it to github now I can officially say I contribute to opensource projects in my spare time.

Fair question to ask, I'd put it in #cyber-and-careers and give a bit more information about yourself and the region your from

Well, I mean... You did?

You've created an open source project.

Creating something to do something, is much better than "I've completed X,Y,Z on platform X,Y,Z".

Well that’s not always true

ha ha, this comes from another discord where we were half joking about resume padding putting our hobbies into corpo speak

Give me an example?

Certifications are one such example

https://tryhackme.com/r/room/cicdandbuildsecurity

someone can vote for reset the machine?

#ci-cd-and-build-security

That is completly different to completing a room on TryHackMe.

Like "In my spare time I contribute to the latest in opensource bleeding edge 2.4ghz LoRa communications"
Read: I fly drones and am part of the ELRS discord.

But it is still something that you’ve completed on a platform no?

Well, no..

Because you can't prove you actually completed, or just copied answers from a write-up you've found on Google.

On….a certification exam?

That is completly different to completing a room on TryHackMe.

If you're going to debate, don't ignore what I say to get your point across.

i think that proves my point even more

Being ignorant? It does not.

You can’t really copy answers from a writeup on a cert?

Again, you've taken what I said completly out of context.

My reply was a reply to this.

I saw someone say they put that they completed Bandit on their resume. I am not sure if they were genuine or trolling. (Disclaimer: I am an education major not a cyber security major)

Maybe clarify what you mean then

Oh well in that case, yeah don’t put that shit on your resume

Hello everyone!
a curious student needs help!

I am trying to get into the cybersecurity field, but there is a bunch of YouTube tutorials and a roadmap..

What are you thinking where should I take the cyber security online course?

So far I found this one https://www.simplilearn.com/pgp-cyber-security-certification-training-course

But I am still not sure!

More than happy to help my friend, first YouTube is an excellent resource

But you have to know how to filter the trash from the gold

This course is pretty good sure but I would recomend taking some other supplemental material such as overthewire as well

If you need additional resources, please don’t hesitate to dm me

dude i haven't hacked in like 6 months and i forgot everythingggg

There are no URLs in that message.

Thanks!

@grim sparrow it is a online course from simplilearn . com

Gave +1 Rep to @eager marsh (current: #1497 - 2)

Hi guys how are you ?

Any good vpn to suggest ?

What's the use case?

I like 12vpx

Work , cyber intelligence. New fiekd for me

I recomend using wireguard

So nothing malicious

Very good option

But if you’re looking for a good enterprise option Bitdefender or Nord should give you what you need

I am not looking for the most secure "black hood bad guy hacker darknet God" . Just something good for work

Ty a lot

Gave +1 Rep to @eager marsh (current: #1127 - 3)

Hey it’s no problem happy to help

Talking about work i can spend more to "look more professional"

In my last work we used to use Openzvpn , given by the company

openzpn, or OpenVPN?

I tought about OpenVPN again tbh. But i see they offer mostly "Company packages" not individual ones

Working in remote i can choice the One i prefer

I'm not sure if we're talking about the VPN app here or the VPN provider

OpenVPN offers both

They offer an access server at arround 7 dollars per connection per month

Just setup own local VPN

As well as a client

Yeah but you pay 7 dollar per connection with 10 connection

So about 70 dollars per month

Well the guy ain’t lookin for anything fancy. No need to break the wheel

Which is why I didn’t recomend you openvpn

It can get pretty pricey

Yeah but im looking for something more basic . At least at start

Is that just one server?

It’s just the one that you can host on a machine

I pay $10 / month and get over 50 in different countries

well if it's for work, then setup an OpenVPN/wireguard server or something always-on vpn

hmm ill start with wireGuard then starting looking around

don't need to use an external company

I use Malware-Bytes.

yeah, I am also talking enterprise 😄

It's remote work , so they give you the option to set up the vpn you like the most

Not for personal use though, you'll have that from work.

i used to use OpenVPN , given by the company

if it's personal use, then mullvad vpn is my goto

it was a very good option tbh

ill give a look at it too , thank you

Gave +1 Rep to @chilly veldt (current: #7 - 886)

we are finally in our "fine writing" period of our report, reading it through and deciding what needs to be rewritten/deleted

Is this Blue or Red team report?

https://tenor.com/view/gm-good-morning-squishiverse-squishie-morning-gif-4701675560681324567

Hi, im searching a team for do the hack the boo, i have some expirience in cybersecurity and hacking.

You should probably ask in their server.

Is anyone interested in an amazing programming community that supports all languages and project types?! Check my bio for invite!

Please don't advertise your server in here, it's in the rules you blindly accepted.

Ok

Sorry

Hows everyone

Does anyone ever actually answer truthfully to this question

Probably not

Some people genuinely do, that concept is completely alien to me.

To strangers on the internet? Probably more than real life

In person, it's always "I'm doing well how about you?"

Get some rest :)

I'm always saying, busy and tired

😂

lol that's fair.

Right. In the US at least, it's seen as rude to burden someone else with your problems, unless you're asking for help

Sure seems that way.

I just lied for solid 40 minutes but it seems like I'd need a nap, though I'd do a few tasks at THM before giving myself a powernap

tbf, everyone has problems. I can see why it's seen as rude

It's socially awkward when people are gonna explain their problems in detail in real 😂

What about a nap first, then some tasks?

:p

it bugs me if I don't study first, it's gonna be on my mind like a triggered OCD that I have to take care of before fully resting my mind

Fair

Very much so, especially when they start to overshare.

Do the time it takes to complete a room estimations take into account how god damn slow it is to do anything on attackbox

Oh you want to open firefox? Wait several minutes

just create ur own attack box

can't get on the tryhackme vpn

hey i got a question, i am still new to all of this and i just completed the learning roadmap and did the career quiz, should i learn and study something else before heading into the Jr Penetration Tester roadmap or can i jump and learn on the way to see where i lack certian things ?

Like typing has lag

Your own VM probably works better then

Why doesnt that work?

I'm running linux and have all the tools but since these websites don't have public IPs I can't get at them with my machine

#general message

This is a community recommended order

But you can use the VPN?

I can't

@rapid merlinthanks

Why? 😅

UDP openvpn blocked on my network

Oof...

Are you a subscriber?

yes

Hmm for me the attackbox works fine, so thats strange

it works but it's incredibly slow

Like if I type something I'm waiting for it to actually show up

The labs where you have to load up a website are sheer torture

Also the constant freezing

i only ever used the thm attack box if i want to redo something real quick

apparently it just crashed while we were speaking and I'm having to respawn it

lol

All I want to do is go to this website to see the practical

Damn... Where are you located? As the Attackbox-servers are in GB afaik

Why not give them public IPs?

Asia

Because Public IP's get scanned a lot

And sometimes even breached automaticly

Sub attackboxes have Public ip's

Zcorp is talking about the target machines, right?

yes

Which country are you in?

Yo if I skip Security+ and go straight on CySa. Would it be okay? Cause I looked at Security+ it seems that I know most of the things covered in it and I'm confident of my computer skills and would like to pursue CySa despite having no work experience.

#cyber-and-careers

Macao at the mo

Ah, China.

Just asking here for some opinions if I skip Security+ 😅

Scrubz means, you can ask it in that channel ;)

Depends who you ask 😅

Wait can you explain that to me? It's an administrative region in China right? 😅

Now im curious

Some people consider Macao and HK to be countries in their own right

Ahhh

Is something wrong with accessing machines since yesterday ?

No

Ok then its a me issue

I mean, Moose was already speaking to you

Cant split screen the Autopsy room

I cant split screen the Autopsy room but can connect to it through AttackBox, weird

Hey hello foks

You guys new about KIA car hacking

Its prevalent on non high end models/trims

No, it works on all the KIA cars made after 2013.

Really? I thought that as long as your KIA has the "immobilizer feature" it should not work... I mean the news said it

WOOOO Let's drop some tables

Is that the one where you just use something to turn the key barrel that isn't the key?

Not much of a hack

well I also heard that it works on all KIA cars made after 2013 which is fucking crazy

@gray sonnet

as far as I know you just need burpsuit on your phone

Morning 👀

https://tenor.com/view/vain-so-vain-full-of-youself-love-yourselv-britney-gif-12117985

True. I guess Canada is going to ban Burp Suite now

😂

So this isn't the one where people were inserting USB sticks into the key barrel?

Might try it... with consent ofc.

No

https://www.youtube.com/watch?v=jMHFCpQdZyg

I find it hard to believe especially on the higher trims

A look into @gray sonnet and I's DM's

Crazy

Only works in US i suppose

here is a video from david bombal

https://www.youtube.com/watch?v=lDdJLrxQg24

Just use the hammer hack it's quicker

well i actually shorted an old Fita Tempra 15 years ago 😄

https://arstechnica.com/cars/2019/08/wiseguy-changes-license-plate-to-null-gets-12k-in-parking-tickets/

Oh KIA fixed it

Just a software update you have to install manually?

Or?

It was a software update

mmh probably via OTA.

The same thing happened when a guy thought it was funny to have the vanity plate "NO TAGS"

Ohhh wait it was not a problem in the cars

So when police wrote out a ticket to a car without a license plate they wrote "NO TAGS". And he got them all.

But in the KIA website

I dunno if this one is real though cause how did someone not noticed this issue?

Corporations tend to have some serious media control.

KIA is a big brand so they actually have the right connections to do damage control, cause without it then they probably went out of business a long time ago.

mmh well I am still watching the video from david bombal. But as far as i know it was an issue with the dealsership website.

Captchas give me sooo much anxiety

I had to do like 6

Select all pictures with motorcycles

DO I HAVE TO SELECT THE SQUARE WITH 2 PIXEL MOTORCYCLE IN IT?

mmh maybe ask ChatGPT 😄

running a vpn?

captchas can get crazy insistent if you have a vpn on

No, just selecting bad I guess

i suggest doing the voice one

https://tenor.com/view/captchas-aycd-get-aycd-rage-rage-against-the-machine-gif-25842611

Like this

This ones

ok so the vulnerability for the KIA hack was basically a poor programmed website. They were able to do an authentication bypass because the dealership API was running besides the enduser API where car owners would lock in to configure the car software remotely.

True

I guess the guys from Kia should have done the introduction to webhacking on tryhackme.com 😄

cause it is explained there 😄

😂

Why nopady likes chatgpt

GPT is cool, it has some good use cases

And some bad ones too

:)

as with all things

Anyone else got issues with AttackBox opening

Oh no, an error occurred while starting VM: PARSING_ERROR

kali linux work tho

Probs the config file. Have you tried resetting the attack box

how so

You can usually reset the attack box by terminating the active attack box

it wont even start up

And then restarting it by clicking the Start Attackbox button

there is no active box

Oh in that case contact #site-support

They should be able to help you out

👍

You can also contact them via email using this

@shut knot

Hmm

Report is finished and submitted

Good job Bella!

Bye

anyone there

#room-help

thank ya mn

Gave +1 Rep to @chilly veldt (current: #7 - 887)

00's want their humour back.

Humor*

what are some great rooms for people that are currently studying Security+

I would recomend the SOCLv1 as well as some of the pre security pathway

Those should give you a good starting point in the more practical aspects of the Security+

thank you !

Gave +1 Rep to @eager marsh (current: #916 - 4)

No problem happy to help

guys how do people create drawings like these in terminal , is there a tool or it is just manual

Probably a tool.

Or a website.

do u know any specific one

Not really, not the sort of thing I use.

Figlet

Thank you man

Gave +1 Rep to @shut hawk (current: #14 - 571)

Is that a download ?

It looks it, I wish it was on the website 😎copy and paste

If anyone can help with this question I'd appreciate it. Don't want to get banned by breaking the rules lol.

Don't use THM art in your thumbnails, and don't put hashes/passwords/flags in the write up.

Thank you for this. Is there a time block on new rooms? e.g I have to wait until a room is 30 days old before publishing online?

Gave +1 Rep to @sick lance (current: #1 - 2852)

Staff request you wait 72 hours 🙏

Brilliant, thanks for your quick response! 🙂

I wanna have a go

I love how they added the outtake to the Cisco video on the networking course

Adds humour

I have a question

I want to train a deep reinforcement learning agent

Is there a way i can get in contact with admin or something, tryhackme email systems are a bit bugged

i submitted a writeup but i got an email that I think was meant for the owner of the room

@umbral bay Not sure if this falls under your department or someone others. regarding rooms and writeups.

Doesn't leak any sensitive info don't worry, but it was definitely for the owner

They'll most likely tell you to email support, but still pinged one just incase.

Tim isn't support.

Noooooooo really?

I didn't know that, thanks Scrubz

You're being sarcastic and it's not needed.

They'll most likely tell you to email support, but still pinged one just incase.

That makes it look like you pinged a member from support.

What are you using this for?

It will be a autonomous system where agent can decide the best action based on the state:

Is this for work, school or something?

Please stop posting walls of text.

If you want to send long messages, do so in a file.

oh ok

but I want to understand how crowdstrike falcon works currently

Whats the main reason of this server?

It's an ethical hacking and cyber security server that is for https://www.tryhackme.com

im just tryna grab a lil something a boot a lil something

Eh?

dm me

Er, no thanks.

You can state in here.

just have a question

How does intrusion detection systems work?

Then you can ask it..

Surely you can google this?

I need specifics

I intrude, it detect, SOC employee respond

false positive

Normally they work off heuristics and or a signature. If a certain piece of malaware or an action in the network happens, the intrusion detection system will trigger an alert

and then I get DA

Ordinarily these intrusion detection systems don’t do much other than alert you but there’s also intrusion prevention systems

These can actually prevent an intrusion

There’s a really good book by No Starch called Evading EDR

You can look at that for more info : )

How is the current landscape, are the products mature and good?

Don't wanna build something that no one will use

@shadow isle hello man im doing one of your room and i met answer problem.

The room name : Nmap Basic Port Scans

Problem :

When its time to enter what port was discovered in the new scan im pretty sure its the right answer but nop. So i tried to enter each port manually but same 😦 , have you solutions maybe ?

Lots of good products around

You’ll have your work cut out for you

Crowdstrike is one such example

then no point lol, where do you see a gap in cybersecurity?

That’s a rather broad question, but if I had to give one. It would be the people

The main reason for breaches is human error

can you explain how it is the people? what kind of human error

Easy. Social Engineering revolves arround the issue of human error and the manipulation of people to get into a system. Thus non technical people are a lot more inclined to do things that may reduce a company’s security posture

Interesting, so your saying the systems are well placed, but the manipulation is which allows to bypass the system

Such as clicking on links they shouldn’t. Tailgating, Circumvention of Security controls via manipulation. I could go on but most breaches and gaps often have an origin in one person or a group of people fucking up.

This is true, but it is equally possible that humans could make a mistake and introduce insecure practices like vulnerable code and poor asset management.

what is primarily the subject of cybersecurity is it [ IDS, SOAR, Code Vulnerabilities, Human Error]

are most products that make up cybersecurity as whole in that list

@rough gorge guess it'll be friday...

yeah might be 🙂

I’d say the last two are the biggest culprits of glaring issues in information systems

So you would say the last two needs most innovating, as first two have matured systems in place

Yes!

In terms of code vulnerabilities, wouldn't it happen at CI/CD level. Aren't there tools that do scanning?

While there are tools yes, but these tools aren’t perfect and don’t catch everything

Like SonarQube

Yeah. Why do you think CVEs are so plentiful

Sometimes these tools won’t catch everything

any books on Static code analysis?

I’ll find some gimme a sec

This one’s pretty good

Do you see any opportunities here in automation

How to uninstall Kali linux From my bootable leptop?

Please 🙏

https://www.kali.org/docs/installation/hard-disk-install/

I mean yeah, anything can be automated but you’ll probably be better of doing it yourself

Bro I want to uninstall

Kali

Install a new os?

No

In that case just make a bootable USB and set your bios to boot from it

I want to remove it fully

In context of autonomous agents, do you see some Deep RL algorithms that can be applied here

I have bootable USB

Hmm that’s outta my scope of knowledge sorry

Please guide me how can I uninstall

Please 🙏

What do you have on said usb

Kali lunix

And what do you want to install to replace it?

And I want to uninstall from my leptop

Because you have to pick an OS to replace it

I want to use windows

Again

https://support.microsoft.com/en-us/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d

Follow these steps

Ok

U mean I have to clean my bootable USB then install windows?

https://answers.microsoft.com/en-us/windows/forum/all/make-installation-usb-for-windows-10-on-an-ubuntu/9c7b4cc1-ba59-4f77-8771-1bb61dfab02a

if you plan on doing it from your Linux install, please follow these instructions

You should format it first yes

So I have to formate my bootable USB?

Correct

Do not format the laptop itself

windows is not working in me

What do you mean?

Just Kali's is opening up inside my leptop

Because you haven’t made the bootable USB for windows yet

So I have to make a bootable USB for windows now?

Correct

And format Kali from the botable USB?

Right?

Yes

Format the Kali installation usb

NOT the hard drive with Kali on it

https://itsfoss.com/bootable-windows-usb-linux/

.

I hope all my florida cyber nerds are staying safe ❤️

Hm seems to be a few “new” accounts trying to add me, not suspicious at all

Bro

Can u please dm me

🙏🙏

if it helps i think you can set your account to just not receive friend requests

not totally sure though

Oh that would be nice

@eager marsh please 🙏🥺

I didn’t know you could do that, thank you. I’ve changed it now. It was easy to find too 😭

Gave +1 Rep to @oak skiff (current: #459 - 11)

There are plenty of guides on how to install kali and also do a live boot off of a USB device. Just conduct a query utilizing your favorite search engine.

Can someone reccomend a good router pls?

Is Linksys Hydra Pro 6 good?

Requirements? Price? Country?

Bulgaria, 200$

max

Requirements - Security primarily

I just want a better router

I have a tp link

Archer

Some S-box (Derogatory)

If you have $200, it may be better to purchase a Dell optiplex and put OPNSense on it

Huh

I have a raspberry pi

3b+

But it seems to run only on amd64

Should I just go for another Chinesium like Tp-Link?

Maybe an Asus is a good choice\

Build your own instead of purchasing overpriced potatoes

That's what I am saying

Also wifi is like a whole other thing

But wifi for houuuuuse

😭

Do you have a wifi router currently? Put it in bridge mode if you build your own

I have, its what gives me internet

Router in a box basically

https://ardes.bg/product/asus-rt-ax86u-pro-90ig07n0-mo3b00-322456

This seems like a good choice if I wont build

Or?

How do i refresh my discord level?

I got into OMNI but it didn't update in discord

Nvm i figured it out

So I started gaming but now I’m on phone games

Anyone played Evony?

@hollow zenith

I read that as banana, I need my glasses

hello

anything i can help with ?

THM really helps me with uni, since it covers Linux

One year helped me with using hashcat and installing verification keys for documents

And now I can run the simplistic webserver with my site for uni

Pc gaming better!

You mean the game that shows the fake ads?

I don’t think it did tbh

I’ve not seen any ads

I used to play pc but I quit

Evony: The Kings Return?

can u check messages i think i found u somewhere

hmmmm

can you specify the place ?

just a quick question, I vaguely remember connecting to the attack box for OpenVPN but I know there is a second step involving a remote desktop connection. any help with that or a source

cyberxbytes

yes, it is me

the 0x0face

ah i see ur doing pretty good

do u see 0xballs 😂

rank 11

cool

i am very busy with college, that is why i don't have much time to play CTFs

fair enough some of these rooms annoying asf lol

they even added rev eng challenges

i don't know anything about it so far

😔

ik so annoying

and the web challenge discover is so weird

it asks about the numbers 12345 on the secret dir

i am not complaining about the level of their challenges

my problem is with my current knowledge level

all web challs easy until discover

also kinda annoying all their updates are in arabic

as were speaking i completed another room

😎

you can cook

hahaha

"What is the number "really ?
70 this one

good for you

keep shining

I can’t see anything else other than the word Evony but it’s probs the same thing

meep moops time for the sleep sloops to the beep boops

eepy seepy deepy weepy?

I might do a jamming session in VC tomorrow if people are interested

https://tenor.com/view/bubu-dancing-dance-happy-dance-bubu-cat-gif-9406698208260770694

I got 8 hours of house music ready for a playlist

daaaaaaaaaaaaaaaaamn

I need to play for a week

there should be a lot to choose between

also currently downloading a playlist that is 20 hours long

O_o

guys how can i decode this
📧💖💇💱📧💖💈💧📧💖💈💐📧💖💈💓📧💖💈💠📧💖💈💆📧💖💈💐📧💖💈💧📧💖💈💢📧💖💈💓📧💖💈💡📧💖💈💩📧💖💇💲📧💖💇💞📧💖💈👼📧💖💇💕📧💖💇💥📧💖💈💍📧💖💈💣📧💖💈💡📧💖💈💓📧💖💈💍📧💖💈💔📧💖💈💃📧💖💇💘📧💖💇💘📧💖💈💍📧💖💇💵📧💖💈💞📧💖💇💥📧💖💈💫

never done emoji decode or wtv

Hm

The first bit says if you want to E date you gotta cut your hair

Then you’ll get paid

Lets see if ChatGPT o1 can decode

HC BD BB BH BD BM BB BD BA BH BL BP HS HH BA HH HC BR BB BL BH BR BB BD HH HH BR HS BH HC BD

(Generated by AI)

Oh nice

Where did you get it?

do i still need a universal forwarder if i want to digest my local sysmon logs into splunk? I have my splunk instance running on the same local machine

Hi

o/

Hi
I have the error in my project.

What's this for? Work, school, etc?

can someone hack a tiktok acc for me

@mossy river

Oh wait maybe they gone already. Sorry

Hey this is illegal and against our community rules

Hi

I just almost dropped my phone on my face again

@slender scaffold

https://tenor.com/view/doggo-boop-gif-22290017

https://tenor.com/view/baby-seal-cute-animals-gif-16233025

Boop you!

Two types of puppy

I need a drink

I’m stressed out haha

Hey guys, are there any penetration testers here?

get urself a milkey shakey

or some hot tea if u feeling 🥶

I made broccoli cheddar soup, and poured myself a glass of wine

@blazing granite you can be in this convo too lol

A milk shake sounds good

Are you still adulting lol

That sounds like some advanced soup right there

I am still adulting

It was pre-made I just heated it up I put my heart and soul to make that!

https://tenor.com/view/hmm-suspect-gif-22611582

Ask your question

I have been a BugBounty Hunter for two years, and I have passed many different learning stages, such as Linux, networks, programming languages, offensive security, etc., and I am really struggling to obtain the first vulnerability on BugBounty platforms.

https://tenor.com/view/santa-kitty-merry-christmas-gif-24427779

Does not play

Hm

Tbh I don’t touch bug bounty’s cus it’s scary so I don’t really know

You could ask in #bug-bounty

Is there anyone who has gone through the same experience and can give me some advice to help me? I would really appreciate it 😔

Zumi said portswigger is good

Making me hungry

My job here is done

I don’t have anything yummy like that

I’m studying too because I can’t sleep

https://tenor.com/view/sirsir-getmethose-butsir-getme-sir-gif-21367400

paused on time

https://tenor.com/view/deflect-mob-psycho100-power-gif-15431115

I’m gonna have mushroom soup instead

https://tenor.com/view/hanukkah-happy-hanukkah-hanukkah-song-chanukah-dreidel-gif-10490506

its almost that time of year !

What time

To celebrate the miracle of Hanukkah !

When I look at other learning platforms that aren't tryhackme 💸

$1649 for Offsec Pen200 and that's the cheatpest package

Mb 😂

That’s literally what you said in that gif but that’s not what I read

https://tenor.com/view/monke-monkey-gif-25423353

The awkwardness that comes in the office when your diversity hire turns out to be a pro Israel republican.

👀

funnily enough, my rainbow six siege nickname used to be cyber monkee

https://tenor.com/view/mmmm-monkey-monkey-ug-master-oogway-oogway-gif-19727561

hi

hello

Toaster what did you get your PHD in if you dont mind me asking ? Im looking at grad school here next year

Critical infrastructure

Pretty sure

“Kenith-Can you give me the zuck”

Ah, any advice for a 29 year old who pivoting in to the industry late ? I already have a degree but it was in business. Im finishing up my CS degree at the bachelor level this year

not sure i understand this

Hold on

https://youtu.be/DzDd9cT_2UE?si=-_9nxxKnJw03Rnxf

ah yes that is my far removed cousin. I had the same nickname growing up

Ima be honest

I ain’t in the industry yet

I want to be tho

Sooo

https://tenor.com/view/wat-gif-5001440307614895833

Ah I worked in IB for a bit fing hate excel spreadsheets

Looks creepy

i see the death in her eyes

IB means what again?

investment banking

Oh

its not glamours or high paying unless you go to an ivy league lol your just a VP's bitch

lol spreadsheets... excel black belt here 😦

Spreadsheet competitions

Imagine

when your only view is a spreadsheet for a couple years it drains the soul

Sounds soul draining

atleast I know how to load shellcode into a vbs script now lol

trying to focus on this buffer overflow prep lab but my adhd is kicking in with the repetitve part where you have to trigger 10 overflows in a row doing the exact same thing lol

What certs would you suggest are most valuable currently ?

Would really depend on the type of field you go into and also what the job is asking for

I mean offsec would be ideal. honestly I want to just work remote somewhere in a ski town and red team so i can mountain bike and ski. I dont want to do anything crazy with my career I just love CS and cyber. Im hoping to get in grad school to study either Information Science with a telelcommunications focus so I have a specialized understanding in networking. Then I plan to get the OSCP and CSIS. I really just enjoy being a student and playing sports

*either IS with a concentration in telecoms or CS

East Coast ? Whys location matter everything is virtual in this industry

yeah

What is it for uk

👀

Are there any certs that don't cost $1000 ea?

Defence

Blueyyyy

No

Sadly they all cost a toe

Why are they so expensive?

Think of it as an investment.

The money you put in for certs is nothing compared to what they get paid

I guess its same with student loans and payments for regular school

what role you want in blue team?

blue team is sorta... broad.

My cert to teach English was like $19

Rush B blyat

Sorry what