#general

proton isn't privacy focused

never was

Surf, Proton I think

How can a VPN even be security focused?

surf, probably not

Not very fluent in VPNs

Hello guys

I'm new here what's up

I'm assuming he meant with user security & privacy in mind

if so, mullvad.

@rapid merlin really?

Yeah Mullvad seems to be consistent

"dont touch my data pls"
-"alright"

Proton has been exposed, and laughed at by every single person for being a horrid service

I still have doubts about data collection but in terms of tying it to an identity mullvad seems better

Bro hasnt unlocked replying in his skill tree yet

oh ok thnks

Is the site working for everyone rn or is it just me thats broken?

broken rn

Although Mullvad does fall under 14 Eyes

yeah, mullvad is consistent and reliable, rarely ever down; support is also quick and competent

doesn't matter

@gritty fern yea, I'm new here and I just started chatting

they've been raided before, no logs or anything was found

Hover over a message and on the right it will have a reply button

Jarvis, fact check on Reddit, sort by updoots and summarize the whole story from that one linked blog

@rapid merlin yea that's clear

is the site acting up for anyone else?

For anybody coming, yes the site is down, staff are aware and are working on a resolution, thanks.

Ever tried IVPN? Looks semi trustworthy

no

I was put onto mullvad by a friend in 2021

never looked back

Nope

for the sake of ease I just use protonvpn personally

not proton sorry

this guy is getting paid to recommend mullvad

nordvpn*

yeah i can't finish my room as of 10 mins

I have been running tails + mullvad + tor and have not found any leaks

Nord?

lmfao

I've heard good things about mullvad but personally don't care too much about security of it as much as speed

It has good speed

yeah, you might have to swap servers a few times though

@obsidian helm i dont accept random friend requests

On mullvad you can't do more than a double bound?

@gritty fern I understand... Kinda seem strange, but gte to know each other at least I have no friends here

I saw surfshark being rated better than nord

I would answer question but once I hit submit nothing happens

what? I am using it right now, it's slow but it's working =O
Guess I should log off just in case.

I would need to open a new tab then it would be complete. I lost 2 tickets completing the room

something going on with the site?

I feel like nord is bloatware

yes

same, we just have to wait i guess

Surfshark, express & nord advertise through grifting yters

It's back

o/ ryan

I personally love mullvad

how much are you getting paid

good work on the peoples call centre with pierogi lmaoo

Thank you

Gave +1 Rep to @wanton ridge (current: #2338 - 1)

I'm being held in their server room, please help me

Of course, nothing I enjoy more than watching them rage unbelieveably

safe and trusted review, I believe it now

anyway to see if I got the tickets from the room I completed? I wasnt able to see if I received them

I mean, if you want privacy and secure connections mullvad is top 1 cause it's ram only infrastructure

Wowv

Oday

Hi

@rapid merlin you gotta advertise like this to be more effective

Outside of reading actual auditing reports its actually hard to find a non grifting list of good vpns for privacy and user security

Nice to meet you 🙂

How you doing Ryan?

Nice to meet you too 👋

deam im ur fan bro

ryans discord getting lit up rn

yo friends

I think this 0day fella is a celebrity here

its normal, he is top 1 right now lol

About to get some Chick Filet, hope you all have a great day and thanks for the kind words ❤️

0day!!

what VPN does this 0day guy recommend?

Chick filet is fire

Mullvad

Can you get me dinner? 👉👈

woah is that really who I think it is?

thank you sir

Gave +1 Rep to @hasty sand (current: #49 - 167)

mullvad its a real god vpn for not beeind rastred

they dont know who paid his service 💀

What’s your favourite food ?

I like this photo a lot

#site-support plz

Sushi!

Oh man that’s my favourite too

Srry bby ❤️

http://printer.discord.com/

What type of sushi you into ?

https://tenor.com/view/holy-cow-holy-cow-gif-25938150

The real "computer man" @quartz osprey

I love these silly subdomains

if you click that your printer explodes

No it prints all of discord

You might run out of paper

Rick is my business partner, make sure to DM him and ask if he is the "Computer Man" (he's in the office next to me)

Sashimi is quite nice, I usually get those from a Japanese supermarket. And regular "american rolls" like California is alright, but I more like the specialty rolls

https://www.thewebsiteisdown.com/

Won't he get annoyed by DM?

I read that as spaghetti rolls. Where’s my glasses 😆 I’ll get you some sushi if you ever come down

I will lol

I will too 🙂

https://tenor.com/view/wheelie-rollin-they-see-me-rollin-jeep-kid-gif-21057802

I NEED ATTENTION

finished two rooms with 500 status code 😦 dont know if i got tickets or not rip

WHY NO?

@hasty sand when will we get a 0day joindeleteme discount?

https://tenor.com/view/pay-attention-to-me-give-princess-attention-princess-wants-attention-slide-gif-15215153

Because no

beep

He loves DM’s

That’s you caught in 4K

🥲

Hey all

I own Pentester.com so nope on that!

Okay, I'll dm 🙂

btw, i m not the princess, just prince

Damn

If i asked really nicely could i have pentester.com?

I’ll make a THM discount if you guys want one.

Done 🙂

I was waiting for our international removals to be complete before I announced it here and on socials.

lol! Thanks

Gave +1 Rep to @void zodiac (current: #377 - 14)

ya need

I wonder how much it costs now

https://tenor.com/view/you-have-mail-mailbox-gif-11623462

Oh, "You've got mail"

Amazing movie

Sounds good

WHO NEEDS A INBOX MESSAGE, I CAN PROVIDE INBOX MESSAGES

I want a DM 🙂

Btw what was the reason of the recent crypto wallet popup ? Was it an xss vulnerability?

Supply chain attack. Nothing THM could have done :/

DONE ❤️

When I was a kid I used to wish I would get mail, biggest disappointment as an adult 🤣

Ah i see, understandable ty 🙂

Gave +1 Rep to @hasty sand (current: #49 - 168)

i NEED AN EXPLANATION FOR SUPPLY CHAIN ATTACK

you need turn off caps

Somebody modified the code of a JavaScript library, and when that code updated, they reflected on all sites they used it. Using voice to text sorry if there’s errors.

https://tenor.com/view/cat-bills-bill-confused-cute-gif-9327192660005731683

thanks !

Gave +1 Rep to @hasty sand (current: #49 - 169)

You've got bills!

That’s all they are

For real

I also got army recruitment in the mail

Oh no

I would rather a bill

OH MY GOSH, KHALIFA IS TYPING

HARD

hi guys, i have a problem that i cant get in touch with machines through VPN.

Dude

Why

🤣

it was just a question "HEY unemployed person! Wanna do something?"

Obsessed..

I would have been like, nah I’m good doing nothing 😌

More cringe content

r/masterhacker

Shhh

:(

Shhh

Which platform is this 😂 ? Where're you finding these things ?

OH MY GOSH, LOOKS LIKE HE DON'T KNOW WHAT DDOS IS...... HE CAN PERFORM DOS ATTACKS WITH HIS 5 DEVICES

Reddit

hmmm i read DDOS

humor me

🥲

https://tenor.com/view/sad-sigh-monkey-gif-2049020038486032791

https://youtube.com/shorts/OqIm4IuOqEU?si=XuIy9hsuqhwVllx-

what he is doing

IF ANYONE KNOW TROUBLESHOOTING, TELL ME "why my both laptop and pc disconnecting usb connected devices like mouse and keyboard".... It's annoying now..... At least laptop has a touchpad,,, so i can use it.....

Is it a malware problem or a hardware related problem?

I also get an error message like "mscp.cfg not found" when starting windows in both devices since i got my usb disconnecting problem......

https://www.nexusmods.com/skyrimspecialedition/mods/124947

It's a real mod

https://tenor.com/view/confuses-handsup-dontknow-hands-up-gif-24764458

──(kali㉿kali)-[~]
└─$ subfinder -d example.com | httpx -title -ports 443,8443

           __    _____           __         

_______ / / / () / / _____
/ / / / / __ / // / __ / __ / _ / /
( ) // / // / __/ / / / / // / __/ /
//_,/.// /// //_,/___//

            projectdiscovery.io

Usage: httpx [OPTIONS] URL

Error: No such option: -t
[INF] Current subfinder version v2.6.0 (outdated)
[INF] Loading provider config from /home/kali/.config/subfinder/provider-config.yaml
[INF] Enumerating subdomains for example.com
guys i have tried everything but this is not owrking

what can i do ? to fix this error

http://example.com ??

update subfinder and retry

also

yeah i just replaced it with actual site

it says already newest version

Hello

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

I think you scrolled past 1380 inappropriate mods to find this

Is this for a THM room?

Nah, bout 124,946 inappropriate mods

If so, #room-help

https://media.tenor.com/Uzuoa5jweoAAAAAj/among-us.gif

I did google

no

What's it for then?

i m trying to learn recon

im just finding out the actual 0day is a mod here

so i was just doin it in virtual machine

What is example.com ?

What were you doing reconnaissance on? You said you changed it to example.com

https://tenor.com/view/no-family-guy-bad-dog-newspaper-peter-gif-8108196576766934699

Oh, hi scrubz

:wave;👋

yeah i was doin it on actual domain which is allowed in program

Try reinstalling your drivers through device manager for the USB devices

Not a mod

Senior mod

Get it right

Which program?

bug bounty its really famous company , video i was learning from was also using same domain

I tried, looks like a dumb thing for me..... May have to format windows and try again

Can my damn 20 ft power cables arrive any slower?

Can you share the scope?

yeah wait

wth, is your english

😹 srry

it sspotify program i was doin on @sick lance

──(kali㉿kali)-[~]
└─$ go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest~
go: github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest~: github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest~: invalid version: unknown revision latest~

what do i do now

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@v2.6.7

replace version in the last like it

So where is the scope?

https://hackerone.com/spotify

https://hackerone.com/spotify/policy_scopes

What’s the difference

@sick lance

after this i tried to run the same command , its still not working

Choccy milk making everything better

what do i do now ?

Have you checked the out of scope stuff, RE subdomain?

yes its not that i wasnt using example.com

nd i was just following the tutorial

Pizzburgers

wow

Which tutorial?

youtube video on recon

Does the video do it on Spotify?

yes

so how cna i make this command work i tried to save it in txt file but still not working ? 🥲

may try to update with apt-get install subfinder

it is showing same results

The title

@sick lance What's the difference between mod and senior mod?

Was going to ping James, but since you're here, you might know.

looks like it is not a problem with subfinder

then

u shuld use double hypens in httpx options

Yes, now they are not displayed as they were before, which is very sad.
Either it was removed altogether, or there is a clever way to do this, which I do not know about.

This kind of view looks much cooler than just displaying icons.

it says no such options

Er...

Colour?

Senior mod can right click ban.

Ooh, fancier punishments!

milk noises

https://tenor.com/view/world-milk-day-dairy-milk-calcium-got-milk-gif-11940914203467054069

how can i verify my acc, thanks ❤️

?

coffee coffee COFFEE

https://tenor.com/view/hacker-hackerman-hacking-keyboard-typing-gif-12765516119677733425

That's bavaria

No, this is Patrick!

beerrise name is patrick????

https://tenor.com/view/lawyer-mike-i-invoke-the-fifth-5th-i-want-to-talk-to-a-lawyer-gif-24149446

shadow pleads the third

pleads the third in third person, Shadow pleads the Ninth?

hmmmmm

You can still view it that way

so you telling shadow shadow pleads things that are not included in the constitution but ought to be???

like right to privacy

or right to love whoever

or right of indigenous people

I think all those things certainly should be protected, yes.

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

for those wondering what the 9th entails

From what I have read Shadow appears to have those ideals, I apologize if I am mistaken?

I was certainly not trying to upset Shadow.

oh sure but the american amendments have a hard time applying to shadow as a swedish citizen

Understood lol

right to privacy is very deeply ingrained in shadow

Got him

https://tenor.com/view/cats-love-puss-in-boots-big-eyes-wide-eyes-gif-12148910539632984319

you just did

There was no question mark

Don't ask to ask, just ask.

It's £500 for three questions.

Damn!

It's only one so its free?

That doesn't even make sense Scrubz, 200, 200 and 100? 250, 250, and 1 free?

First is free trial

lol

Yes, now what's your third question?

Gottem.

HA!

Confirmed, Scrubz is an evil Genie.

Nah. It's been established that Scrubz is a guy who won't get no love from me, when he's in the passenger side of his best friends ride, trying to holler at me.

lol, not many gifs that are 'pg13' for that...

https://tenor.com/view/tlc-no-scrubs-90s-music-i-dont-want-dancing-gif-17860658

Finally friday! This week has both flown by and dragged on. such a weird dissonance

o/ people

Hey constant, how are you?

Right I can't even form my question

It's cos it's friday, Mohamed.

@delicate kite https://tenor.com/view/im-in-your-head-you-cant-win-gif-8159346

^ Scrubz

It is hell outside

You subconciously want to chill, so your brain is rebelling

No, I can't, - I give these screenshots as an example, which I saved for myself earlier.

I made it from pre security path up to red teaming path, and I feel like I stopped learning. If the room has no info or hints I don't think I can complete it, although from how much I have done I should be able to complete an easy rated room like "whiterose" or "ignite"? Any suggestions on what I should do, maybe I just need a break or something. I know the question is discombobulated, my mind can't form a proper question right now.

Go to your profile, and choose "share room badges", that's what you're looking for

@delicate kiteOooh, friend, this is what I need!
Damn, I was sure that this button does completely different things, which I didn't even click on. (thank you)

ey tone i've been gettin into computers lately. cyber security. ton of bucks in that industry

https://tenor.com/view/sopranos-fiber-optic-cable-high-speed-internet-access-chrissy-sopranos-fiber-gif-18211585564397229690

https://tenor.com/view/operornas-opera-italiensk-verdi-bellini-gif-14792838

At a certain point breaks are necessary. I just took a week off from doing any security stuff. I needed it to clear my head and get back to learning.

No worries!

https://tryhackme.com/r/hacktivities/practice

try the practice tab

with the based on your experience

I understand what you are writing about, it is necessary to alternate theory with practice (otherwise you will be an "eternal student").
I personally switch to hacking machines on other platforms. Make sure to pause in order to unload your brain from an overabundance of information, otherwise it will be "overloaded".

I need to practice, but im not sure at what point I can practice with my skill level

Yo

The link Shadow posted above will give suggestions based on that.

omg im so dumb xD thank you
shows what I can do based on my experience

Gave +1 Rep to @pearl raven (current: #78 - 88)

I am trying host Kali on my USB but I can't find it in bios I am using and hp computer

Not dumb.

Anyone here can help ?

is the image file burned to the usb stick as a bootable?

The song is gonna be stuck in my head now

Now I’ve seen it, I can hear it

💃

Do i get anything if i boost the server?

Yeah that's where I got the "ignite" ctf from my question, which I can't do without having a little hint from walkthrough...

You get to ask for a gif to be added

Huh?

My dumbass was looking for my phone... panicking where it was...

It was in my hands... watching YouTube

https://tenor.com/view/homer-simpson-gif-3418239

guys how do you get the roles thing?

I have done that, I have even turned the flash on my phone to help me see in corners to see where my phone is which is already in my hand

like yk, subscriber and THM level

ohhhh do i verify in the discord or on my thm account?

okay tyty🙏 🙏

ah very cool, my roles are set to me automatically

If someone has a domain, can they sell or disable it fast. The reason why I’m asking is because I’m analyzing a usps smishing scam I got. I put the link into url scan and it has a picture of the fake page. I wanted a more in depth picture so I tried to put the url into hybrid analysis but it says the domain doesn’t exist. The actual text said you have 12 hours to confirm your address(it’s fake) but I’m thinking, is it possible whoever is behind it sold or disabled the domain once that 12 hours was up?

whats the cyber crusader role about?

When I was younger, I once called my mom. Asking her if she has seen my phone

I called her with my phone....

or it was taken down by the registrar

regardless, I like Any.run as a free sandbox to visit URLs and detonate malware

you will have to use a business email though (a school email also works)

That actually could be the case

also, there was a cool talk at DEF CON about these USPS smishing scams
https://youtu.be/gLOv67LlIQs?si=zJCBYevULzKxGs3n

If it is that’s good but a bummer cus I wanted to see it in a sandbox environment

Aye

Bet

yeah, the speaker basically did your work for you lol

but as always, there’s more work to be done stopping these guys

it has become whack a mole at this point

This is my biggest gripe with it

Today, I got a smishing scam that when embedded, has a redirect to the real gov uk site but when you set the User-Agent to a mobile device, it will go to a malicious site

lol

It's weird

Ooo

It's to stop you digging on a PC

Yoo that actually might be the thing

No it isn't might. It is. Harder to analyse anything on mobile

Given your target is SMS too

Most web browsing is on mobile devices now

Hm is there a sms sandbox environment?

If that’s even a thing

You can honeypot using SMS. Just make a phone number and get it out there.

But you can't "sandbox" SMS as you are thinking

Yeah, when I send the request in burp, I can intercept it on my mobile and somehow I still get redirected even when I use the same user agent and sec-ch-ua headers

Looking at it through url scan, it shows the redirect and it’s to the official usps site

Damn criminals have to be smart

Yeah, it was a link shortener too and unshorten.it even said it was the real gov.uk site

Because it gets a 302 to the real site

Burp is detectable

how to unlock Linux Fundamentals Part 2

What's a better way than to use Burp do you think then?

Thats interesting

Ima think over this

Do I have to make an emulator or something?

without subcription is this possibile??

Well it depends on how well they are at trying to detect Burp. There's ways to detect it and fuck with burp users.

anyone help me plzzzzz

Yes

If it's a subscriber only room, you will need to subscribe to access the content

Be patient come on now.

Proxy and repeater is free without a subscription

They wasn't asking about burp 😅

Oh

They replied to my msg 🤣

I know

i am new on tryhackme right now i dont want to pay for that now what should i do for learn about it

Try other free rooms.

There are tons of free rooms

how?

Wait, so what would you recommend instead of burp?

Sorry, I thought you were asking whether burp is free

Burp is good. Your Sec-Cha-UA is obvious

what should i do for learn more about this

We told you

Try other rooms or subscribe.

learn step by step

You have to have a subscription to do Linux Fundamentals 2

Also there are some YouTube channels and websites that talk about Linux

one step at a time 🤝

can you suggest some room

The Linux fundamentals are basically the bare basics of Linux

Ah ok, thanks :)

Gave +1 Rep to @silver sky (current: #43 - 199)

A lot of it is online

try the new room

I'm surprised I haven't received any sms scams/phish in years, cus I think I remember I used my same phone number and "used" it on some Spawn free gtaV money site

Lmao

cybersecurity 101

Once you get a new phone number that’s how I got tons of scams

thank you all for your suggetion

why would that be specific

If you respond to any scammer, they save your number in a database and sell it to other scammers I believe

mmmmm modded noita is fun

I guess I never responded, I only got 3 contacts and ignore everything else

Why am I so happy about that...? idk

Hold on I gotta learn burp suite now

Burp is op

it just sucks that the Pro version costs around 45 plates at Panda Express

hey you do radio stuff right?

Decent amount yea

2.4ghz or mostly subghz?

Got some 2.4ghz non wifi stuff in the works atm

looking at some 2.4ghz stuff for a project, bluetooth/wifi ranges but protocols are handled

currently, need to do some direction finding work and having a real hard time finding anyone doing anything similar

without BT5.1 CTE and phased arrays

I had a similar thought recently

I want to see some 2.4G DF stuff

i'm about 10 seconds from just gluing some directionals together into an array and using RSSI

because i cant find anything useful in this space

Hi gain, so highly directive, antennas are available

right, i've used them before for... stuff

just cant believe there's not even a directional sweep DF setup

I'm mostly looking at satcom at the moment so I need stupid high gain as 2.4ghz power is expensive

i'm also looking at satcom equipment

but for terrestrial use

because satcom is the only time you find mobile-ish antennas apparently

winegard dishes and such

Yep and usually hi gain

exactly

The mobile TV sat dishes are all gonna be 10gig, I think S band TV is pretty much dead

Gain for a given dish is a lot less at 2.4 compared to 10

I'd probably look at a patch, there's a ham with some good 2.4g patch arrays

oh yeah, but a retro fit with some directional 2.4 feed means i can spin and sweep and hopefully get power/rssi related vectors

Holy shit

i dont need trilateration or anything

Chickenman

just vectors

Ur cool af

🫡

haha

Spin sounds difficult compared to sweep but I'd like to see it

i mean, it cant be that bad can it?

use an omni for channel select

then spin a channel specific feed until i get frames and measure angle and power

and repeat until decent confidence in direction

could probably coerce frames from the omni

to get repeated vectors faster

i dont need AoA or anything precise, just rough directions

2D

honestly i'm surprised at the lack of commercial availability for this

If I remember, I can talk to my boss who's really big in the microwave bands

it doesnt seem that hard

but even the drone defense work is mostly around parsing packets for GPS info and not just straight direction finding

ToA would be difficult, comparatively, but RSSI seems easy

right

good watch. i can't believe they setup websockets to read any file on the host

I'd get a patch or panel etc with a sharp null in the middle and tune to that I suppose

FROM the victim

SiLabs has some AoA/AoD stuff using a phase array for BT5.1, but it relies on the 5.1 CTE spec for phase analysis

this thing

it seems to work relatively well, but without the client device doing CTE it doesnt really work at all apparently

which seems kinda surprising to me

i'd think at some point someone could slap together some coherent receivers and do ToA or at least a handful of directionals in an array to use RSSI

but i cant seem to find any good examples of it for this

most people seem to be under the impression that the "noise" on those channels defeats this

but i'm looking specifically for a usecase where noise is not an issue, very few if any clients powered on in range

https://en.wikipedia.org/wiki/Direction_finding#Two-channel_DF

That's what I'd go with, two channel

yeah, that's going to be tougher

the whiterose room honestly shouldn't be rated as easy so don't be yourself up over that. Should be a medium difficulty at least

i'm trying to keep this within the span of man portable or perhaps vehicle based

so my distance between antennas will be quite small

looks like there's very few commercial options

if any

even the defense oriented ones appear to be sub 2GHz most of the time

https://www.morcom.com/direction-finding-systems

this one claims <2GHz with one model being "expandable" to 3.5

i'm wondering if it's just because of the hardware or if there's an RF reason why this gets so hard above 2

So I've been reading about defense comms recently

For... reasons

of course

(they released a nice pdf)

Battlefield comms tend to be much much lower, not a lot above L band most of the time

yeah, of course

Above a gig, it's hard to do stuff that isn't line of sight

So not a lot of point DFing a beam that goes practically upwards

which is crazy to me because modern battlefield comms Do use channels up there

The ew sections in that doc I tagged you with are worth a read

they just dont seem to be talked about a lot

hmm cant reply in thread

Might ahve to join?

not sure tbh

but as far as modern battlefield comms go

https://www.persistentsystems.com/radio-modules/

there's quite a bit above L band now

Hey James and chicken

👋

Yep, but where's it's sat all the energy is directed up

How ya doing?

So hard to DF something that you can't see

this P2P meshnet stuff

Alright, busy week

man portable

https://www.persistentsystems.com/mpu5/

for the crowd favorite, the MPU5

this is how you would run the network backing your ATAK

adhoc mesh, somewhat often in C band apparently

even the "poor man" designs for doing this without spending 30k$ for a radio are all 5ghz based

common way to achieve that seems to be a custom firmware for UBNT Rocket M5 nodes

give it a paint job and some antennas and you get away with a cheap alternative to an MPU5

https://docs.google.com/document/d/e/2PACX-1vQ-CQPKQoxwUs22BxCVVWEgoi6T5WjK5gj4A6dTuFdoL3xQOzWndhEsBhI49IOAK_8EMrfJ6XgIs75I/pub

Any new fun projects being done?

Chipping away at the same old

*Plugs in my computer*
Me: Haha imagine if it doesn’t start

My PC:

(Didn’t plug the power cable in)

It’s not my fault, all the cables behind the PC were plugged in 😭

The power cable wasn’t behind the PC 😂

lul

they are quite popular these days

apparently

sweet

lol

Whilst you're here.

I've tried searching everywhre, do you know a hypervisor where I can use VT-x passthrough, Hyper-V and Virtualbox claim my CPU doesn't have VT-X, however I know I do, I can run android studio on my host and emulate a phone, I can't do it in Virtualbox/Hyper-V

is it enabled in bios?

For some reason it VT-X won't work via a hypervisor, and I also checked if I can WSL the stuff I need, but seemingly it won't see the ADB.

Yes, as I can run VM's 😅

hmm

And Android Studio uses it on my host for the emulation.

maybe it's not VT-x but something else?

like SR-IOV

and the error is being unhelpful?

There is another error, I'll pull it up

Just need to boot it

ok

You mean the HTC crypto phone? Lol

https://www.htcexodus.com/us/cryptophone/

SVM mode enabled in BIOS too?

Yup, like I said, I can run this on my host.

But in the VM it's telling me I can't.

weird

oh two layers of virtualization?

On vbox, in the settings -> system -> processor is the nested vt-x... enabled?

Greyed out is a bad sign IMO

It's because it's booted on.

What's your CPU?

Unlocks when it's turned off

11th Gen Intel(R) Core(TM) i7-1165G7

oh wait

do you have hyper-v and virtualbox both enabled?

hello can anyone tell me for pcap challenegs can i access the machine to my ovpn kali vm ?

cause i m asked to use tryhackme machine only

which is is very laggy on browser

No, Hyoer-V is disbaled.

Anyone here good with Assembly programming cause Im currently losing my sanity

That's totally normal when writing assembly

i wanna cry 🤣

You should cry

Pwncat hasn’t been updated in years. Obviously still functional just wondered if there’s any alternative that’s maintained

What ya doing?

Uni project and I'm getting integer overflow when tryna divide

We can't help with University work, it's against our community rules.

Fair enough, Im just slowly losing my sanity as apart from this one bug its fine.

look look im light green !!!

Nice!

Napping helps

Honestly maybe there’s room for a fork 👀

Shoot ur program

Nvm I think metasploit has everything u could want

welp it is time for the sleepy sloopy to the beepity boopity for the meepoity moopeity

just hit lvl 3💪

😔

i'll do it now😔 🙏

there we go

thank you! I'm gonna be learning about packets and frames now💪 💪

https://www.flickr.com/photos/kevinkelly/albums/72157613562011932/

I thought this was an interesting site. I found it in the book I am studying. "Networking basics" an older book but still has some useful stuff in. All labs for networking.

Finished the Cyver Security 101 path. Got 2/3 for all the big prizes maybe next time

cool

Elo

WhiteRose done😄🙂

i have ~20% to go and everywhere 2/3 beside rank & streak freeze

but i dont think i will win something

Not with that attitude you won't. gotta be in it to win it, and theres no point in admitting failure befre you've tried your very best

Hey guys
Does anyone know a bug bounty hunter or a web assessment specialist ?
I am trying to decide if I should focus on web hacking and master it instead of being average at all stuff

We see a lot of young folk come in here thinking that Bug Bounty is their key to getting rich quick - This is rarely the case. The most logical plan would be to 'git gud' (as the kids say) before expecting any returns on bounties. That being said, Nothing stopping you from signing up and seeing how they are structured and what is expected etc.

But can u viably only hack web as a career ?

Or do employers not look for specifically web hackers ?

you can find a job doing that, sure ---- it's not normally people's first job though

Depends on the employer. However, remember, you want to make yourself a desirable person to work for them

Hey, Productivity 🙂

many people internal transfer into it or move laterally into it from software or whatever non-dast 'else'

hola friend

We ❤️ gambling

Russian roulette?

Naah
I think i will master the rooms
Thats only a thing of time but the last 10 rooms or more i only got bad tickets 😄

Have you learned anything from the rooms you did?

90% of gamblers give up before they hit big

86% of stats are made up

https://tenor.com/view/gamba-xqc-gambling-addict-777-gif-25803752

many rooms i did before and i reset them
All SOC related Rooms a new for me but relativly easy

Ye, that’s how you usually complete the rooms

Well, if you learned anything, Then, in a way, you have won 😄

guys can you help me out please

currently steaming all my clothes

am i allowed to ask for help?

I need to steam mine

Of course

of course

They’re all wrinkly

i'm stuck on a question but its not for school work or anything

just the course thing

yeah for sure
i never I have never been at the point where I can do things so easily.
Now I just don't stop again for half a year 😄

Nah, At the very least you'll be back for the Advent of Cyber event 😄

#room-help

thank you🙏

i write u private
Maybe i can help you

sure

never that's illegal

immediate jail time

not even a trial

plus we cut ya noogies off!!

Does try hack me use guacamole to set up the clientless connection to the attack box

Yes

So it allows them to access directly through browser

Oh sorry for asking😔

I think is pico de gallo

I’ve had that before at a friends very nice.

Nah i was just asking because my dumb self accidentally joined the mf hackthebox server instead of tryhackme discord at first so I accidentally made a hackthebox account

And in hackthebox rules oyu cant ask for help or smth idk i think i js read it wrong

What course?

Pre security - network fundamentals - firewalls 101

Yeah, for THM questions, #room-help is the best place to receive assistance

Yupyup i got help hella fast

By the way, can I ask for help for retired CTFs on tryhackme that aren't public?

I'm going to assume no, but I'll ask a mod for determination

Ah ok, thanks :)

Because I have done the CyberFirst CTF and there's this one IoT module that confuses me lol

man im exhausted.. been doing rooms for the last 9 hours

At least you can access the rooms 😃

I haven't had access to any of the tryhackme rooms for like a week

It keeps saying "User not in room"

did you click the Join Room button

I can't do any rooms on the platform whatsoever

The rooms that I have tried don't require joining

clear your cachce/cookies/dns?

Was this TryHackMe's CTF?

It was, yes

Ah, probably not, as I don't know if THM wish to make it public.

ah ok

wasnt it HTB's

It was one for schools I believe

So it's probably a different one

It was hosted on THM just over a week ago

Anyone ever got this error?

Try run the program as administrator

I convinced a scammer to click a grabbify link and it pointed to Nigeria, I can't resolve the IP though does anyone have any advice what I can do with the information provided by grabify

This is illegal and against out community rules.

I would suggest that you not attempt to ‘hack’ people when you are clearly untrained. This can also disrupt ongoing investigations being conducted by police. Report them to phishing/ scamming forms and move on :)

😮

Ah I see, my apologies

So how do people like scambaiter etc make videos about these kinds of things if its illegal (I guess it would depend on what country you're in also(Note I'm refering to law not community rules, which I respect)

They're fake

I love being woken up by phone calls when I’ve already told someone not call but knock because I’ll be ✨asleep✨

Or, in some cases, done in conjunction with Law Enforcement

Makes sense, damn

Still so many people irl getting scammed it's so sad to see

when you are clearly untrained
burned

ikr..

The most you can do is user education. It goes a long way

Then tell the users they're untrained

or just don’t do it lol

unless your name is the FBI or CIA, then “hack back” is illegal

depends on your countries laws I guess

tell the NSA that

I'd need to read their charters, but offensive operations are tightly restricted. FBI is also inward facing, so warrants are a must

I don’t follow content creator “hackers” much but one who does illegally hack people is Jim browning although he is kind of an activist so I don’t really have any objections to what he is doing.

Offensive cyber operations are technically acts of war

But I wouldn’t recommend it

sure sure, I truly believe the FBI is doing what they say they’re doing /s

it's also illegal for them 😄

If you have evidence that they are stepping out of bounds, you can report it to the multitude of watchdog agencies or the Office of the Inspector General as a whistleblower

I'm reporting to the only relevant authority in my jurisdiction

I imagine lots will get done >.>

Yeah Governments do lie, but mostly when trying to protect citizens and operatives apart from some clear (historical cases) that are evidently wrong.

History is messy

So how about all that nonesense from 'CIA' officials about how hackers have the green light against ISIS.. Is that BS also?

'proposed' US military operation

nothing official yet

wait I read further

I just realised all we can do as hackers 'legally' is educate other people to educate other people until we're employed anyway

hacking = pyramid scheme perhaps lol

depression is real

True could develop tools though maybe a RustMap or RustJohn

Farm those GitHub stars

The DoJ in the US said that they won't charge you anymore for attacking stuff if they can't prove you weren't doing it in good faith security research

but I mean that's risky so

prolly don't

Although most stuff is like that, you can become a mathematician and then do math in your room but you won’t make any money unless your employed, but teaching will earn you internet “respect” and maybe some money if you have a donation scheme or are employed to teach (content creator). And as long as you know something that someone else doesn’t no matter how simple you can teach(as long as it’s correct :))

Do u guys use docker or vm?

Both

But for what specifically

Yeah Governments do lie
~~ what?! no, never, they would never do that, not my government ~~

Im having problems with kali bc it's always breaking, stuffy24 told me to use docker to spin it up and down real quick. Idk what it means

Yes

“hello I’m from the government and I’m here to help”

who here plays D&D

Like my main problem is that I spend so much fucking time downloading new Kali images bc it's always fucking breaking

dockerized kali sounds annoying and near useless
vm for kali, easy choice

I just use it on my system live

It's always breaking

we should have a THM D&D campaign

Burn the USB 🔥

exactly the words i was hoping to hear!

Is there any way to go around the problem?

would need more details. hypervisor, host, resource usage + allocation, error messages.....

Actually Sophos just disclosed that they implanted back doors into their devices to identify Chinese APTs. Called Operation Pacific Rim. https://www.bleepingcomputer.com/news/security/sophos-reveals-5-year-battle-with-chinese-hackers-attacking-network-devices/

Uhhh it's usually not a resource problem. It's that sometimes shit doesn't work and idk what to do to make it work so I delete the Kali image and I download a new one

And then the problem is usually solved

But it takes so much fucking time

Idk why he recommended docker for this

that um -- that both answers little and raises more

you shouldn't have to redownload any new isos, the disk image remains unchanged

also can't say why things are breaking without knowing what's breaking or what's being done leading up to 🤷‍♂️
but when it does break, you should be able to rebuild with the same iso. but when it does break x2, you should be using snapshots to avoid needing a rebuild in the first place

well, assuming your hypervisor supports snapshots

Lemme google it

(but yeah, docker is quite a bit different)

So a snapshot is like freezing the os so that it always stays like you left it?

pretty much

a snapshot in time

Mh nice

I can use that just after downloading Kali image

So it's always fresh

I'll try now thx

I typically take three snapshots on a new build --- one immediately after install ('genesis'), one immediately after updating ('updated to...'), and one with the base required tweaks for my normal use ('with tweaks' + a desc)

(overboard for most, useful for myself)

But that depends on the severity of the operation no? Like if a nation states starts causing power plant meltdowns that’s when it’s a act of war, but large scale spying via cybersecurity attacks happens all the time and nothing is really said about tensions rising because of spying. Or is the reason for that because it’s hard to pinpoint exactly where that attack is coming from. What’s your opinion on that

i'm free ! finally cleared my github notifications
pages and pages of hacktoberfest spam PRs and issues

I don't think my laptop supports snapshots @molten sky

I'm not seeing anything that I see in the tutorials

Like I have much fewer options

your hardware shouldn't make a difference, it depends on the hypervisor

i.e. vmware vbox hyperv qemu etc

Do you do bugBounty/Ctfs while listening to music

of course

What genre.?

Or just whatever?

Hihi

$130 for the setup I want for monitoring both my main and my VLANed network.....

Reee

damn

woah

OSCP is removing bonus points

interesting

and we're getting an expiring oscp+ alongside now as well --- 8570.01 compliance incoming?

for real?

seems to be [ref]

maybe oscp+ but oscp stays indefinite right

right

yeah you earn both

perf

my guess is they want to become compliant with 8570 for the sake of getting that clearance moneys but also let people keep earning lifetime certs

prob

i wonder how long til they do the same thing for their other certs

can't imagine them stopping with the one

let's see

looks like 140 CPE credits over three years to maintain, with $135 AMF

wah

so 140 edu credits and $405 every 3 years to maintain

that's why i love thm

you’re about 2 months late to this news lol

wait until you find out OffSec got bought by a private equity firm a few weeks ago

?!

eh if it's not immediately relevant to work than i don't pay much attention often times
if not working i'd rather be away from my desk and technology as a whole tbh