#general

I started on £45k going directly in as a junior pen tester for an internal team.

Not sure what you'd get going into an equivalent consultancy position, although their cap tends to be higher.

That was your entry point? Cause that sounds ideal then.

Either way, that's above national average

Average salary in UK is 34k now

We cannot gauge the use case or its ethical implications when someone asks of a question, especially ones that are very specific. That’s why the advanced channels are there to facilitate proper discussion. Even there, there is the possibility that the question may not be answered.

Yeah, although I started that role:

1. In the final year of a specialist cyber degree
2. With OSCP, CRTO, OSEP, and OSWE
3. Off the back of an internship with that company, during which I built half the pen testing environment

Right pre-requisites, at the right time

The government will be putting up the requirements to bring a foreign spouse up to £38k a year soon too

Huh. Not sure if that's good or bad. Has net pay gone up, or just inflation?

For reasons I'll have to be making more than that when they do.

How long does rank 13 take?

Back in the good ol' days... Under a week.

depends on you

Lord knows now

Ngl life feels fantastic right now, I can just lay here and listen to the wind and rain hit the plastic

Around 2-4 months

Like rooms wise? Is it a bunch

Yup

And bear in mind they're still not gonna help you with anything remotely illegal (for obvious reasons)

I'm not sure, I am as surprised as you. I left UK 10 years ago. And am considering returning. When I left UK the average salary was around £27k. I looked it up recently and some sources are saying it's as high as £38k. But I know a lot of people in UK who don't make anywhere close to 38k

@pallid lotus

Sounds relaxing af. My wife plays rain / storm sounds at night it helps her sleep. I've grown to enjoy it.

Yeah, that seems high.

Also, if you want some advice on coming back: don't

Absolute hellhole these days

Always was where I grew up 😛

When I left UK if you were on £30-35k you were extremely middle class

Super confused at what that means? So i practise pen testing and cant ask any questions until i get rank 13?

This is like, the feeling and sounds of sleeping in a tent, on the mattress of a bed and the security of not getting wet as a house

You're not practicing pentesting

Sounds awesome!

Really is, and then the direct access to watching the night sky

But to answer the spirit of that question: you can't ask anything that's "restricted" until you hit level 13... and even then it's still limited.

I was writing a report for uni and just realised I'd tuned out to the fact I was listening and still am to the home depot theme song on loop for an hour and 20 minutes

it is a 30 second song

Lmao

I've been making good money working in China for the last decade. But like... if you had a kid would you want them to be in the Chinese school system?

Soft skills are very important, a lot of the time in IT people are... difficult to work around and with.

Where's the fun without the danger?

12 hours of study 6 days a week

Connecting to vpns in a controlled environment with know vulns isnt practice?

UK going downhill but I think the schools are still free and good.

if someone is completely new to this where should they start

that means I listened to it 160 times 🤣

The pool and jacuzzi laying right outside of the dome, that's the fun

how're you doing mate 😄

Moot point. Chances of me ever having a kid are 0

i.e., I've never really considered that question

That just explains why I'm looking into coming back

They're still free... not sure about good...

And trying to find a career that will pay me well enough. The career I do in China doesn't exist in UK

But yeah, get what you mean muiri, this isn't an outside vacation, but a relax vacation, that's why 😝

You dress up as a panda?

We are here to build game cheats, not shelters

Mate, if you treat a pentest the same way you treat a machine on the THM network, you will be sacked within days.

restricted

Enviroment wise good, yes. Education side compared to other countries not so good

Muiri, you don't just blast the living crap out of it with Nmap and run wide open on all tooling??!

@sudden pond

Primary school teacher in a private international school.

That's very cool!

A) you will miss a tonne of the "boring" vulns which need to be raised but you never consider in a CTF (e.g., security headers)

B) chances of you breaking something are quite high

ofc teacher exists in UK. But not paying as much as China does.

I have absolutely suggested that we all dress in maid outfits in the office for a day

And there's no specific role of "Expat teacher"

Are you trolling me? Not upset genuinely curious? Im just a student trying to get into this field so its pretty odd a pentesting learning platform like this is anti pentesting. Please help me understand

for shits and giggles, I got told that I was alright to do it but they wouldn't be

You will literaly screw up the entire thing dude.

I dunno, there are private schools here which probably pay reasonably?
Being able to speak mandarin probably helps with that too

Is it now that I am saying that I will be doing this tomorrow actually and making breakfast for my CTF team?🤣🤣

Hi, I'm "my CTF team?"

UK teacher pay scales are openly posted online, they are not good. Plus it's more work for less pay and the kids are worse behaved.

what's for brekkie

Eggs and bacon

Classic

No, I'm being serious.
I have yet to find a practice environment which accurately emulates a real world setup.

THM is good for learning skills and techniques. It is not a substitute for experience.

And baguette with cheese and salami

Very nice, I've got bacon and sausages in for a bacon sausage buttie some time

I do miss black pudding and Scottish Bacon.

Also, hi!

you been well?

Ehhhh, reasonable. You?

It's not a maid outfit per say, but I will be in an apron

Those just for local authority, or for public schools as well?

Expat teacher is kind of a weird job in China. You're literally hired because you are from UK / USA etc

Because I imagine the fee paying schools probably pay their teachers more

And then Chinese schools can charge parents more because "look a real foreigner"

lol right

• not sarcasm btw.

Ewwww

can you explain

lol fight me 😛

I mean, at least you're not wasting the dead pig I suppose

If you're a private international school which teaches bilingually in English and Chinese. having a few guys from USA or UK around just seems to legitimise your school and you can charge more. Kinda weird.

I can't think of another industry that works like that

true, I don't eat much bacon in the US, I find it rather meh

the black pudding though... can't find good stuff over here.

The only other thing might be how in dubai it's popular to have a guy from UK as your butler

Not really. Enterprise is very different from a lab. It's much bigger, the systems tend to be different (e.g., different OS, software, etc). You've got complex networking and hybrid environments to deal with.

Oh, and importantly, the maintainers of said systems aren't looking to implement vulnerabilities deliberately...

It's an extremely different feeling.
The only way to really understand that is by getting experience in that environment

then where to get the experience

Usually through a different aspect of IT

Helpdesk, sysadmin, developer, etc, etc

what about u

Cybersec is difficult because you're expected to know a vast number of topics. That's why it tends to not be entry level.

Even in my small network (52 people) things can get complicated very quickly (before I had proper documentation :O). Lab environments are designed to just work. You aren't inheriting servers switches and routers from 5 different people. Let alone an entire enterprise environment.

Never mind the FW configs... jeebus

I came into industry with several advanced certifications and a couple of internships.
I was not ready. At all. It took me ages to get to grips with it.
I was lucky to be in a team which supported that.

Exactly this.

what certs

It's awesome that you got to experience that. I feel that it would be an extremely beneficial thing. I generally just get yelled at when the WLC goes down, or my boss forgot his password 😛

E.g., I did a review of an API gateway today. The complexity of even the one service in scope was much higher than anything you would find in a lab. More boring, but infinitely more complex.

In chronological order:

• OSCP (offsec entry level)
• CRTO (technically senior level... Not sure why)
• OSEP (Offsec 300 level)
• OSWE (also Offsec 300 level)

Oh, and importantly, the maintainers of said systems aren't looking to implement vulnerabilities deliberately

Important one this one. I'm only up to Jr Pentester path on THM, but I feel a lot of the stuff they've taught so far is stuff that isn't going to work on any company in 2024. Is that right?

and this is how you got your first job?

like who hasn't patch against eternalblue in 2024?

So for context, I went in theoretically with specialisms in active directory / adversary emulation, as well as application security & source code review.

I say theoretically because, while the techniques translate, the experience most certainly does not.

Who doesn't sanitise user input on websites in 2024?

Lmao, you may be surprised.

I haven't done any THM in a while, but almost certainly, yeah.

Yeaaaaah, about that

The simple stuff will work sometimes

Sometimes you find an old system which is vulnerable to old vulns

But a lot of the time you don't. Client side frameworks generally make XSS in web apps much less likely, for example. That also introduces whole new ways for managing token storage and authn / authz

e.g., if you've got an SPA consuming a web API, chances are cookie auth isn't the way to go.

Heck, if you're using a REST API it's outright breaching the spec if you do.

In which case vulns like CSRF and potentially CORS misconfigurations become a thing of the past. No value in hijacking a user's browsing context if you can't do anything with it 🤷‍♂️

That's the other thing labs don't really teach. In the real world it's all about impact. If you can't demonstrate impact then no one cares.
In a lab the impact is generally dramatically severe (e.g., RCE... very rarely happens IRL). In real life you need to simultaneously care about the little things, and also acknowledge that they aren't necessarily impactful.

Yeah, labs teach concepts. Experience is key.

@fervent meteor hows your scripts you are making going along

Ain’t that with everything

For example, raising a TLS finding -- for example, Lucky13 affecting CBC cipher suites. It's technically an issue, but chances are the service will reach EoL before you can actually exploit it.

Didn't have labs for women? 😛

Doing well thanks, I'm between doing uni work and being nostalgic with friends over nightcore and 2009 youtube tutorial music haha

Gave +1 Rep to @pallid lotus (current: #9 - 789)

It should be fixed, yes, but it's far from a critical (no matter what shite Nessus spouts)

just failed over and over... lol

😂

Eh?

Bro pulled out the screenshot

...

In my defence, it's 0200

That is absolutely fair 😛

Not a clue on what that means

Speaking of which, I need to be up for work in a few hours. Bed time

It means it's two o'clock in the morning and I'm working tomorrow lmfao

... Today

Ffs

Oh

Night, and good luck today... 😛

Is that military time?

It's 24 hour time

Ah

Which is superior in every way 😛

Also: ISO8601 all the way

First time seeing someone use 24 hour time

agreed

I pulled this gem out in our soc discord while we were nostalgia-ing https://www.youtube.com/watch?v=TKfS5zVfGBc

Huh, LTT got threatened by CompTIA

Their video about the A+ exam was taken off YouTube and also their video distribution service, Floatplane

That’s good asf

Congrats

Who got number one?

Oh

Betchu it’s like a team from Harvard or some shit

https://cdn.discordapp.com/attachments/758763997297115238/1296281411581509682/VID_226380730_002531_652.mp4?ex=6711b7a4&is=67106624&hm=456e97e9ac5156393983d091adf262fb2d1c43babad2e65ecc6b48e8d6adc523& this clip never ceases to make me laugh

That's awesome congrats!

The camera zoom makes him look like he’s flying

I did my first 'real' ctf solo against teams, I took 375 out of 1500.

I was very down on myself about it until my BIL put it in perspective for me.

@pallid lotus you're back! what happened to your role?

( /s )

Of course

his bike sounds just send me each time, always makes me smile

Bros sleeping

Rurururu

it's the one where he lets off the accelerator 🤣

"rururururu ..... noom... rahahahahaha"

That sucks dude, I know you were prepping for it and trying to get ahead of it.

brb switching workstations.

Bruh you serious

Who joins a team and not practice

How did you know they didn’t practice. Did they straight up tell you they didn’t practice,

That’s good atleast

It's great practice for an actual leadership role, herding kittens 😛

To clarify, I have no idea of your current position and made an assumption. I apologize if I was off the mark, and meant no offense.

I used to pop in, still do but used to too

lmao

Just got done with one of your videos, thank you for the content.

Yup no complaints here, hope your well too

You mean I don't just get flag.txt and ask for money? 🥲

Yep, same with working as a teacher. Doesn't matter how many courses you've taken on childhood behavior and development. A child is in front of you right now screaming their head off and refusing to sit down, what do?

Writing your objectives on the board aint gonna do it.

Exactly

Same with flight simulators

First year teachers tend to get eaten alive by the kids tbh. Takes a few years for them to develop strictness and classroom management techniques.

Flight sims are like training wheels, they can get you so far. Sure they don't teach what to do in actual force feedback scenarios, but...

I did learn how to do a J turn in a simulator 😛

They don't teach how terrifying the feeling is when you stall a plane irl and you're now pointing at the ground

And that feeling in your stomach

Right!

I'm not so sure about that anymore, I've definitely thought I was going to die playing some horror games in vr

lol

or roller coaster sims

those make me slightly sick

crazy to get butterflies in your stomach when you know you aren't moving

usually okay with VR, but the older I get motion sickness / vertigo is a pain.

Yeah - I keep meaning to get a new headset its been years since I did anything in VR. Have the origianl oculus devkit

nice, I just have a regular one

once it sold to FB, i was out. Never tried any other

I've been very interested in the valve setup.

I've only tried it in the arcade. Super hot VR felt really good

I was legit flinching when I got shot unexpectedly

It's neat, unlike the VR of the 90s. I've taken several trips to place in the world I would otherwise likely not visit, Giza, Petra etc. Very cool.

superhot was also pretty neat.

beatsaber is fun too 🙂

any reason you'd go valve instead of bigscreen?

are there any tools i can use to resolve masked backend server ips? my ip can be visable for this, i dont think the lab detects attempts

if i'm honest the handsets.

Hey guys ! First time on the discord! Hope everyone's feel great !

No other reason.

Hello!

I say that from a place of ignorance, as I'm not sure how well the bigscreen headset reacts to hands, or if it has controllers.

it can use the valve controllers i believe

the form factor in bigscreen is certainly desireable.

was considering it, just because the weight of the index seems like a big con -- wasn't sure if the lower refresh rate fov was a big issue

What is this for?

Lol, I have a unique... neck, the weight isn't a concern for me 😛

but after a period of time for sure it would be a factor.

For me I can't use them long enough for it to matter. I'd need a break due to the motion sickness it occasionally causes me.

Giraffe confirmed

lol

I said unique, I did not state how 😛

Don't make me get my flight sticks...

I got a Honeycomb alpha and a Thrustmaster Warthog HOTAS, but using the throttle, not the stick

Saitek x52 pro.... I think you win lol

Also got a Logitech G27, with a semi high low switch and Jake break for the gear shifter... also got a sim panel from all my button needs!

Alr bois I'll move back home next week prob

GL!

The lectures are nice because the professors are nice and they joke with us but rn I just have a horribly inefficient schedule

Thank you brother

Gave +1 Rep to @pearl raven (current: #88 - 80)

I have a force feedback steering wheel, It's a logitech but I cannot remember the model currently.

And I also miss my cats and dogs

that sucks. Glad your profs are cool.

My G27 is FFB too

pedals look right

Gotta get the one with a clutch!

I learned not to drive with them on a wheeled seat pretty quickly :p

Yes yes they are nice and all but I go to one lecture and I'm tired all day and I didn't understand much

Hope it's not just bs in my head

Could be, take some time to relax and unwind

or if you are so inclined, bust your butt and work on stuff.

No no I don't need to relax I need to WORK lol

I figured, on that grind?

I have to give analysis 1 in February I don't know middle school math

Inshallah

If you try I believe that he does.

I can stay with my kitties and my grandma if I go home and I can smoke weed and eat real food

lol

I'm only eating frozen pizza now

Have you flown a real one? 🤔

better than chicken ramen!

Indeed

@boreal scarab r u a pilot

yeah

I have not

I can pilot windows machines into BSODing!

Try to get into a Saab J 35 Draken (Red Dragon) 😎 If you can pass the fitness test 😄

For the first time in my life I've struggled to find the link to the 802.11 standard, because IEEE has moved it

lmfao

Finally found it and had to reference that, absolutely awful to try and reference

but I technically wouldn't say that's correct because it was actually the LAN/WAN Standards Committee of the IEEE Computer Society within IEEE

but I don't fancy typing that when I want to cite them 🤣

I've driven an electrical scooter in the middle of Tel Aviv. Is that count? 😉 😛 😂

Going 2.5 G? 😄

skipping angry drivers, do you know how people drive there? 😂

Once I didn't realize and I entered a highway I can laugh now 😂 😛

Outrun Tel Aviv edition

Yeah...

Egypt is way worse but that's absolutely chaos 😂

lol, I have never been. Would love to see the treasures and sights/sites. (cant think of the correct word).

sorry.

Archaeological sites?

museums?

all of it tbh

Cairo Museum is great, Luxor, Karnak, Gizah, etc

Thank you, I will look into these suggestions!

Zumi I am dropping you a DM.

those are just a few there are so much to see there like The Pyramids of Dahshur and Saqqara, Abu Simbel, the Coptic museum, Alexandria library, etc. I visited many times, it's impossible to see all in one trip unless you stay there for a long time 🙂

I could talk for hours (which I won't do it, because I don't want to annoy people 😂 ) 😛

that's fair.

thank you for the feedback and info. it is truly appreciated.

Me? Fitness test? Hahaha.

lulz

No way I could pass the military fitness.... can't even go into the military, heath reasons WOOH

I get you, I can't even run to catch a bus 😂 😛

Run? Oh that thing I've not done in 18 years since leaving school.

first part of my dissertation proposal's done

That's a long boi.

it's only 1000 words

that thing that I haven't done ever 😂

I did that in about 2/3 hours taking my time to be honest

I can run, I can lift I could do manual labor, but haven't done bench presses in like... 10 years, cause, don't care, not in my todo

I took at least an hours break in the middle to talk about nightcore with someone

I don't have any health issue that forbid me to do it, but I can't be arse really 😛 😂

It's too low res I can't read it

That's fine, I didn't intend for you to read it 😄

It's explaining what my dissertation is roughly, what it aims to do, how and the risks associated with it

Amen

Assuming ethics goes fine and my supervisor doesn't try and steer my dissertation, it will be researching the behaviours and implementations of MAC address randomisation and if there's any ways to defeat it or any other potential data that could be used to fingerprint devices

Unfortunately the supervisor I have is objectively the worst in the university, in regards to his knowledge, interest in his students and helpfulness. I drew the shortest possible straw.

I too can go hard...

I thought I'd get some of it done because it needs doing in two weeks and I've got a meeting with my dis supervisor tomorrow so I can show him where I'm up to and it might answer some of his questions

that's what he said? 😂

woops..

lol

my first pentest report for college was 128 pages long,

a nice light read 😉 😛

very nice, I think the biggest I've done so far was actually an expert witness report for a mock trial and that was done as a group and was 40+ pages

lol\

right

Actually had a mock court session and all, got to dress up in a suit which was nice

it should be shorter for that

I'd have to check, gimme a min

by "technical report" was the majority.

I'm pretty sure the report was 40 pages

indeed, nobody is going to read 128 pages 😂

lol I'm sure you looked great.

No shot lol.

It was 43 pages in the end including a physical security assessment and network security assessment

with screenshots etc.

That's awesome, at my facility the last response I got was, why would anyone even try that. (lockpicking the server room)

The forensics one was 32 pages and it a bit naff but that's because only a quarter of the team did anything

you should have seen the team before us that were on the stand, funniest shit I've ever heard

Guess who lockpicked the server room.

lol

They described brute forcing passwords as "randomly stuffing in passwords and hoping it works"

How long did it take eternalblue to go from 0day to like scriptkiddie level. It's kinda crazy how easy it is to do now

the lawyer asked "is there any technical term for that" and he said yeah "stuffing passwords in"

password stuffing of course being a thing... is not the same thing lol

yeah of course

I should say credential stuffing.

but then he described bruteforcing a physical pin lock and said "bruteforce"

and the lawyer said "this bruteforcing technique, could that also apply to the one you mentioned earlier?"

lol

by the end the lawyer said "mr X is it safe to say that you have no clue what you're doing and you aren't qualified to be an expert witness"

the lad said "yes"

I think that is fair lmao

and a complete pwn.

another team apparently got on the stand and the first thing they said was "they're guilty!"

lol

no shit

the lawyers eyes lit up and he said "is that so? that's my job, you do yours and I'll stick to mine"

haha sounds right, it's a gotcha moment

Our team did alright given that the lad on the stand had been awol and not wrote any of the report so had no clue what was in it. Actually got through the cross examination with no issues other than that the report was missing one of my findings. (we helped the forensics side of our team because 3/4 of them weren't doing anything) so 1 person wrote the report and happened to miss the registry findings

oops

Honestly though I did really enjy that other than the fuckaround with some of the people

we made the unfortunate mistake of having 4 people focusing on the forensics (2 of them which failed the forensics modules)

hey

i need a lil help

my pictures got currepted how can i get them back they are in the .format file ig

did you google it?

you imaged the media containing the pictures? how'd they get corrupted?

Is the blue room a little old? It's asking how you convert a shell to a meterpreter shell. Which is something that's automatic

it's not always automatic, it depends on the payload for instance

It's not always.

lol. Thank you James.

I had to wear a suit for all my tests 🙂

Like you get a meterpreter shell by default after using a default payload on eternal blue exploit

Honestly love a good suit, unfortunately it's not the goto for me when I go to uni

When I go to uni I usually wear black jeans and some sort of black/grey t-shirt because greyscale all the way

Specially during oral, and practical test, always a suit, or you couldn't sit for the test. That's the way to get people used to it. I didn't need it I went to a private school (primary and secondary)

My go to even in my environment is a t-shirt (provided by the company) and shorts. Its humidity and environmentally controlled and is the same year round.

ahh fair enough

When I was in secondary school and sixth form we had to wear suits, in fact that would've been the same suit

I did however get another suit recently and I will say I looked fuckin sexy

Anyone else like using mindmap kind of visualization for notes 'n' stuff?

I would've asked me for my number when I was in that suit

hell yes

lmao

I prefer obsidian, however you should learn how to tag / link things in a fluid form for you

I've been screwing around with Edotor.

I have no knowledge of that and perhaps someone else will chime in.

this was the more recent one

went from 2 piece to 3 piece, still an older one but definitely like that suit and will absolutely be finding every chance to use it

I will say I got more compliments that night than I think I've had in my entire life haha

And as soon as I left the event I switched from dress shoes to vans so I looked like something out of dr who

You are the red guy right? 😛 Just kidding. You appear to be professional and fine, there is nothing offensive from that photo. It's a nice photo of you.

yeah it was a slightly more professional setting with pictures taken so I dressed up nice

Very cool

yes I did

When I normally go into the office I arrive wearing black jeans, t-shirt and a hoodie

Definitely a nice and relaxed office environment

lol that is valid.

I am so glad for that where I work, it keeps me there.

i used some crack software

occasionally I've walked in hood still up and earphones in 🤣 certainly had times where I felt the office was a little chilly so I threw my hoodie on and put my hood up to keep my ears toasty haha

so were they ransomwared or did the file just break your files when you put them through?

lol

were they deleted or are they still there

you need to give more information, recovery is not a one-way fixes all

if it's a corrupted file signature that's nice and simple, if it's corrupted data, you can try see if you've got past versions or autosaves, if you've got deleted data you can try fetch it back from the file slack but it all depends on how it was "corrupted". corrupted is too vague

verify

will someone do me a favor

depends, what's the favour?

so i was looking throguh i figured out how to find passwordfd

password

looking through what sorry?

inspect

Inspect what?

when your on computer

what do you want doing?

if I were to do this favour for you, what are you expecting me to do?

tbh if someone can find your password on your website using inspect element thats a fumble so bad you should be sued for malcious neglegince

inb4 "who can hack my exgfs instagram"

What do we get in return?

You'll have to ask the person above

see this

it is still but i cant open it

hey

anyone know how to play koth

its confusing for tme

A- what is happening?

Morning people

working for me...

Are people cheating on KOTH? I've seen binaries in /root named "koth", seems like an autopwner, they get to king.txt in a matter of seconds, then locks king.txt

Try copy it and remove .format from the name

i have the image

im not able to edit extension

that's not gonna help if the file's content are messed with

yes i did then i open the image and i get this error

Of course not but it's always worth a try

what should i do next

i also try some softwares online

but nothing works

I'd try put it in a hex editor and send the beginning and end bytes of the file

Try see if it's a damaged file signature

The actual file content may be fine other than the file signature

how to do this?

it just lots of numbers there

Yeah what numbers for the first six?

see

What about the numbers at the end??

here

h

why you doing this stuff on windows

It appears to be missing the end of file signature, now if it's lost data then you're looking at file recovery and likely need to image that drive and use autopsy to try get it out of file slack but otherwise you can try adding the bytes FFD9 And see if that fixes it

sorry what is the problem

IDK, for me personally it's easier to do it on linux since there are a bunch of tools you can use out of the box. But if it's comfortable for you then I guess it's fine.

Try add FFD9 to the end of the numbers and export the file and see if it works

im not use to it

sorry i didnt understand

All those numbers and letters

At the end of the ones on the left side add FF D9

It's the bit that tells a jpg that it's the end of the image

It might work assuming that the actual image data is intact

like this

weren't magic bytes at the beginning?

Yeah now try export that as a jpg and see if you can open it

JPEGs and some other files also have magic bytes to indicate the end of file

Or the end of a particular section etc.

That image name suggest the photo was taken with an IPhone?

So like PowerPoints and documents are OLE files and contain jpegs inside them so the magic byte at the end is important

It's magic bytes suggest it's got exif data so yes it's probably off a phone

Have you tried using an online converter? (Excuse me if this is repetitive, I just don‘t want to make any suggestions without knowing whats going on.)

Or a camera

Or open tho image with a browser.

Let's see if exporting and opening the image works first

As it's already done technically

Editing the hex just seems a bit, well, last-resort-like.

It's only the file signature which is currently damaged

If the datas intact it'll work

A converter likely won't fix the file signature

Aaah, so it‘s actually broken, I see.

I assumed that there were just some compatibility issues, because that happened to me in the past.

Nah it's missing the magic bytes at the end

there is nothing working for me

And potentially missing data but hopefully just the magic bytes

@cerulean aurora did it work?

That would be a bit more difficult to fox, indeed.

It's 20 past 8 am and I've not slept, I'm supposed to be up in four hours

Dude.

Get some rest. 😅

🥺 I'm just a techie

I can relate, but like…

I'm chronically sleep deprived but now that I'm helping someone I'm committing to the bit if you pardon the joke

lemme try

Hmm. That‘s insanely unhealthy, you know? I did sleep very little as well, then someone told me how much long term sleep deprivation boosts your chances of getting dementia when you‘re old and now I am too scared to not sleep. xD

Oh I know about the risks but I genuinely struggle with sleeping

wait why it doesn't work at brave?

It is really not up to me to tell you what to do anyways.

I also heard that recent studies found that caffeine can potentially reduce likelihood of dementia so at least I've got that going for me

Whahaha, then I‘d be fully immune.

I really did used to make some effort to try and sleep but it doesn't work

Same

Lore accurate

Actually tho.

In September on one of the days I'd had a gram of caffeine and slept like a baby

One day I drank two really cheap iced coffees from a supermarket only to notice that they had 400mg caffeine each.

Apparently I was visibly happier than normal but that was about it

But I lived. Somehow.

Oh, you get sleepy with caffeine?

I had a thermos full of coffee which had 350mg of caffeine per 170ml followed by 2 redbulls

It makes me more relaxed except when I'm getting on trains

Or you had a gram in all of September?

I had a gram in half a day in September

🤣

Oh.

I see. xD

But I stayed hydrated so my kidneys didn't give up

i have change the value

what now?

@finite basalt 👀 progrock is looking doable, might not even GPS lock it

I did have one time where all is drank over two days was 8 red bulls and my kidneys were not forgiving. I became jaundiced at work

Try and export it to jpg and see if it works

That‘s something I struggle with.
Hacking session for 10h only to notice that my glass of water has been empty for the last 6.

Oooh very nice, that's handy, is it accurate enough?

how do i do htat

that

I used to struggle and then I was one redbull away from death one morning so I started drinking water when I drank redbull

There's a 0.25ppm TCXO onboard apparently, on the 2
Will talk to my local expert and see what he reckons

Depends on the tool you use idk, it'll be on the website man

Pretty damn good that, fair enough

hey guys in few days i m going to have a school event of crytic hunt i wanan come first pls help me cook

My big advantage is that I just simply don‘t like how energy drinks taste, whahaha.

If that doesn't work @cerulean aurora you need to research forensics because I can't help you with it more, I gotta sleep

But yea, water important.

I used to drink them purely for taste

Who would have guessed.

But then I found that I had them when I got stressed because it made me feel less stressed

im doing it from a site

I don't think I'm that sensitive to caffeine in the first place, when I had that gram in half a day I didn't have jitters or anything

I noticed, you need to save/export it as a jpg and try and open it

Mmhmm, I see.

not working

As in you can't export it or as in the image is still broken?

I suppose you do develop some kind of tolerance at some point. Would be kind of abnormal if not.

the image is still broken

Then you need to look into if it's possible to forensically recover it

Well, I will leave you to foxing the image now.

I can't help you with that though as I have to sleep

See you guys around.

I don't think I've ever had jitters

Anyway take care man

guys i have a school event in fews days 😭 pls help me

What are you trying to open, and where from?

its a crytic hunt

No, we don't help with school work.

that a crytic hunt

We still don't help with school work, regardless of what it is.

then just call it a office

i have a event in the office 😭

I'm planning to start learning Linux and wanted to ask for your suggestions. Could you recommend any good YouTube channels or tutorials for beginners? Also, do you have any advice on which Linux distro would be best to start with?

Please read rule 5.

tl;dr, we are not helping you cheat in anyway, shape of form. 🙂

😭

Linux Journey is a good website to interactively learn the CLI and other stuff.

Even has a page on which Linux distro to use.

Thank you i will look into this

Gave +1 Rep to @sick lance (current: #1 - 2871)

@sick lancebtw its allowed to use any form of help in the event

so yk i can ask

I've been daily driving Linux for over a year now but I might give this a try still

@devout palm hi bro

Not in this server it isn't. 🙂

WHY broo 😭

it my picture which got corupted

How'd it get corrupted

Hi I need help in my lap

In your what?

So we don't assist cheating.

What's up with your laptop?

hello friends I am using gnome kali linux and after the update so
After sudo apt-get update command I ran sudo apt-get full-upgrade command and rebbotted and after that the logo of most of the programs on my computer became invisible and I cannot enter the terminal 😦
CAN ANYONE HELP ME PLEASE

Thanks but I don't need any help now the help-room helped me

Gave +1 Rep to @sick lance (current: #1 - 2872)

did you make a snapshot before upgrading?

Nope It's my main os

Is there a new version of gnome out or something

Yeah... best to not just update kali without backing up. It breaks constantly wth updates.

some things have changed after the update for example the lock screen background has changed

how can I do it

cuz Terminal doesn't open

Wait Kali is your main os?

yeap

Ctrl + alt + T doesn't open it?

Even the Kali devs kinda advise against running Kali as a main OS

no i tried but it didn;t work

What shell do you use?

my computer's bad. 😦

Yeah lol

Ya this happens after an update

Do u have an Idea sir 😄

I run Linux Mint on a pretty old computer and just put tools and wordlists on that.

For THM I just use the attackbox tho, which is ubuntu

I don't actually go near kali

Isn't it parrot?

Oop

nope but in htb yeap

I have a Kali box for CTFs/Labs and just use ovpn

Oop

Pretend I didn't say that lol

I dunno maybe I'm talking out my ass, I just thought I saw somewhere it was ubuntu

Might be, doesn't really matter

u

ure right thm attackbox os is ubuntu

where can I ask about openvpn connection?

https://discord.com/channels/521382216299839518/521771811768107008

Oopsies

I won't be able to process ctf this day cuz of terminal 😐

It the THM kalibox useful? I've never actually tried it

yeapp

Neither lol, just ovpn

it's better than htb

Does it have advantages over the ubuntu box?

apart from being for 1337 h4ckers because kali ofc

no it's best to download ovpn to your own machine and connect to it

I can't use openvpn due to reasons

what's up

Discussing why would be against the guidelines of this discord I think

got it

My problem is still not solved 😐

Re install a new image. 😄

Does your kali machine have much saved on it?

Yeah cause I was just about to suggest what Scrubz said

why does openvpn seem to connect, but doesn’t write the IP in the browser on 10.10.10.10 (2ip gives my regular IP address)

yeapp

I'm sorry to bother you but how can I overcome this problem @sick lance

What do you mean write the IP to the browser

that is, I can’t connect to the machine and in 2ip.ru it says my real ip

I don't think it's supposed to be a VPN in the same way say NordVPN is that hides your IP

It's just designed so you are networked with THM machines

In room page in the room page it says You are disconnected
To access target machines you need to either. While in tryhackme.com/r/access: Connection Connected

Correct^ the TryHackMe VPN only routes TryHackMe traffic to our servers, it does not route your public traffic through our network

Yeah try ping a local IP and you should see it

10.10.10.10? or 127.0.0.1?

Whatever the lab ip is

alright thanks

Gave +1 Rep to @naive violet (current: #2 - 2206)

Does anyone play the game together

Its successfuly ping but the site loads for a very long time or even endlessly and queries such as nmap or dirsearch give timeout

I feel like a dick explaining to my work colleagues that I don't answer anything work related at the weekend. But this isn't unreasonable right?

"Oh zcorp you're so hard to reach you never reply after work or at the weekend".
No I don't

Nope, work and private should be separated

are you sure your openvpn is connected?

Like the coporate group chat gets muted friday night and doesn't get reopeend until monday morning.

In page tryhackme.com/r/access "Connection: Connected you are ready to start hacking"

And ifconfig show tun0

does tun0 have an IP address assigned to it?

But in room page "access machine: You are disconnected"

which room is this?

Pickle rick

And everyone else rooms

Anyone I can DM about migrating the THM discord token?

Yes, It does

the "access machine" doesn't always show you if your connected or not. If you can ping the machine in the room then you should be good to go

the newest Dashboard UI layout looks sick

: (

I don’t either

Why would you add people on tryhackme, it there a chat service

probably to collab on CTF's

or just play CTF's in general

Oh I didn’t know you could collab

I may be mistaken though, I've never done it

I’ve never done one with anyone before

my dream is to have Scrubz as my friend

one day..

Scrubz helped me like a day ago

🫣

Or will steal my token and take credit as being a noob

woah the new dashboard looks awsome

Not anymore

Think the friends thing is just to compete over points

Bit of friendly competition

Ah okay

tryhackme making some real good changes. love it ❤️

looks refreshing

huhhh

New paintjob looking good

#site-support

i have a question

Offensive security focuses on one thing: breaking into systems. Breaking into systems might be achieved through exploiting bugs, abusing insecure setups, and taking advantage of unenforced access control policies, among other things. Red teams and penetration testers specialize in offensive security.

Defensive security is somewhat the opposite of offensive security, as it is concerned with two main tasks:

Preventing intrusions from occurring
Detecting intrusions when they occur and responding properly
Blue teams are part of the defensive security landscape.

Some of the tasks that are related to defensive security include:

User cyber security awareness: Training users about cyber security helps protect against various attacks that target their systems.
Documenting and managing assets: We need to know the types of systems and devices that we have to manage and protect properly.
Updating and patching systems: Ensuring that computers, servers, and network devices are correctly updated and patched against any known vulnerability (weakness).
Setting up preventative security devices: firewall and intrusion prevention systems (IPS) are critical components of preventative security. Firewalls control what network traffic can go inside and what can leave the system or network. IPS blocks any network traffic that matches present rules and attack signatures.
Setting up logging and monitoring devices: Without proper logging and monitoring of the network, it won’t be possible to detect malicious activities and intrusions. If a new unauthorized device appears on our network, we should be able to know.
There is much more to defensive security, and the list above only covers a few common topics.

In this room, we cover:

Security Operations Center (SOC)
Threat Intelligence
Digital Forensics and Incident Response (DFIR)
Malware Analysis
Answer the questions below
Which team focuses on defensive security?

for the course

isnt the anser blue team?

The new UI looks very nice

Are you just pasting a whole question lol

nono thats the question

ill show you

Which team focuses on defensive security? sounds like that's the question

how do i send a pic

DM if you want

snm

ive sent u it

Is there somewhere I can look at a playbook for firewall rules, if that is the right word 😅

Like common commands?

I usually just search "{firewall} cheatsheet" lol

"/verify"

want me?

it's alright, I was just messing around, thanks though

Gave +1 Rep to @karmic geyser (current: #536 - 9)

#room-help and please refer to which room you're pointing out, but shortly, yes, sounds like Blue Team

I don't know if you took that from THM or you're reading an article or something

Yoo @pallid sapphire

im doing a course

im new to cyber and im learning

yooo

whats up

I understand but it's best to ask room related questions into the appropriate channel -> #room-help

also, it's best to attach a screenshot along with your issue or give us a link to the room you're doing so we can check it out ourselves to properly help you

alright cool

Hey guys! glad to be here

welcome, friend

English lab😭

Boormax

Thanks mate!

Gave +1 Rep to @arctic cradle (current: #784 - 5)

Hi guy. How are you stopping this weird AI scrapers or crawlers on your websites ?

robots.txt

Not that anyone respects it

But hey ho

Hi everyone! I've been learning on THM for a couple of weeks and now joining the discord. Glad to join the community 🙂

Welcome!

I just have joined too

Welcome to you too

welcome, enjoy your stay here

🤝

Thank you everyone!

whatt>?

boormax?

what is it

Boormax yknow

idk

Idk either I'm just trying to fit in

what is it pls acknowledge me

Guys, someone got a job through learning on TryHackMe?

yes and i left it

Lmao

Why lol

You could use it on a CV to say you've done experience and have competed in CTFs, but likely need a bit more to get a job

Are you bounty hunter now?

np

its in diffenet country 😦

join us in vc

haha

I spent already about 2 month and completed 36 rooms and got 170057 rank. Its just beginning

Yeah, it's fine to keep learning and get experience

A lot of people jump into infosec wanting to do red teaming, but you probs won't get a job as a pentester right away

yes

i love to but my eng speaking skills are horrible haha. Im at B1 level but increasing

SOC stuff can seem boring but it's fun idk

then they realize its not red team good for them ... then got confuse with differnt paths in offsec

100%

hahha its ok we do understand everything mate 🙂

we are hackers haha

Yeah you're fine

I went from barely touching linux to doing my first eternalblue exploit in 28 days so THM is great for some basic knowledge

Lmao nice

You got your role back, nice one

thm is best out of market if u want to genuinely learn anything about offsec- infosec

yeah i dont like a lot of documentation in SOC, so pentesting more interesting

im not yet haha

It's more interesting yeah, but a lot of people get disillusioned by not being able to understand things and give up

I know that's not much, but without THM I wouldn't even know where to start or what eternalblue even was

its the best once u know how to do

rather than pen test

100%

exactly thm is friendly

I think understanding the fundamentals and slowly building up knowledge before choosing a path you want to go down is ez pz with THM

yes

Can't do that as like... A lawyer or something

yeah, true

silastic i think u seen many paths in google and end up here hahah

and like oh yea finally

You can't just decide one day to do Criminal law when you've been doing IP law the whole time

Maybe you can I'm not a lawyer

Yeah like if you wake up one day and think "I wanna learn some stuff about hacking" it would be very hard without platforms like THM

woahh

You'd have to set up your own lab stuff

i like to see all loving thm

🙂

Yeah you'd need to know it before you did it, which is a bit of a paradox

OverTheWire is great for general CLI stuff. Not as indepth as THM but it's pretty good too

There's just a lot of resources out there

its been years man to see this kind of Appreciation

Go out and learn my friends

i set my goal - 6 month before my 1st bounty hunting

Good luck? I've never done much bug bounty-ing before

also i got 5 Google certificates on Coursera

I've found a few CWE's but no one got back to me lol

me ?

ggoogle also have certs now

Anyone idk

ok 😦

how much time are you in infosec?

As a job?

from begging

Eh?

I've also heard that if your main goal is earning money go for blue teaming first then you can start with offsec. And it'd be great ig. As you'll be earning some money and can invest in yourself to build more solid knowledge.

let me rephrase when you start learning?

sounds like easiest way

I was a software developer before. I always had an interest in infosec. I was asked to change the password db from plaintext to hashed.
I had no clue what that meant so I did some digging and realized I loved infosec

Been employed a year, been learning on and off for about two years

What programming languages you guys know? And which one you use as your primary lang?

It seems like blue team is easier just based on salaries. Pentester jobs are offering 60k GBP while I've sen SOC 1 as low as 28k GBP

Damn! I dont have so much time haha

It suggests that Soc 1 is at a much lower level and easier to get into

Pretty much. Blue teaming also lets you learn offsec stuff, just without playing with it

Junior SOC roles can get even lower, it’s more entry than pentesting

hi how to have public info of an aws site please?

Could you elaborate, please?

yeah seems way more lower ranked.

what about foreign citizens? is it possible too?

All about a foot in the door

Depends if the org is willing to hire you

yeh thats good

Dependant on the employer. A lot of the companies I’m heading for are British citizens only

Due to clearance

Rip

Better become a british citizen first

I might do the same lol

i want when the site was started and if possible, account or pseudo of the person who own the site

Well even then you can’t be employed for clearance

But for me - blue team is borring

You need to be a citizen for x amount of time etc

I thought that too. It's not that bad