#general

Just clear your cache

And refresh the page

24, is not 20

Also THM is a UK company. We have 20% here

I never had this price come up ever

Are you a student

No

last time it said 126

Then Greece added taxes

Whats wrong

U can't do something

Sounds like an email to support is in order

wait

BFR didnt work either so now i am stuck again

Go to my account

ill email bigfan

Subscription

Yo

What you guys talking about

and then try to activate auto renewal (at your own risk)

thanks everyone all good

ill email the experts

Ok

Nunya

?

We are talking about Nunya

Ah

🥲

https://tenor.com/view/haha-funny-laughing-hysterically-cracking-up-rofl-lol-gif-17384677

Yea

You got me

gen z speech xD

My mum

I guess so

I'm not gen z

He's definitely not gen z

No gen z has discord from 2015

https://fluentslang.com/nunya-meaning/ .. didnt say you are gen z, said its gen z speech 😉

ew pink

Yeah

Yeah

I asked politely

Actually we had that before you gen z lot took credit for it

We now charge VAT in all purchases

can someone help me with burp

im using burp chrom but im getting CA error when im trying to go an ip

Install local CA to firefox

yeah i could do that, but id like to use chromium that is build in the burp, i do not understand why, but im gtting error in that, which i shouldnt

Don't know about chromium

I wish there was a "show me more of this" button for social media algorithms, cus like I dont feel like watching interesting stuff rn but I want more options for next time

WHHY NOW?

What changed?

Anyway ill talk to Big fan about it

thank you

It costs money to sell in countries 🙂

Bluesky does in fact exist and has this

Interact with it, comment and likes.

wadduppp

@chilly veldt shadow is now gonna try buldak 2x spicy noodles.... the pot version as shadow had trouble with water contents last time... this time also followed the instructions on the box instead of making noodle soup

woooweee

that was tasty but near the limit for shadows spice tollerance

Can anyone tell me where to get good knowledge of basics of SQL, bash, python and whatever is needed for the start? 😄

have you gone through the learning paths on tryhackme???

for sql w3schools have some good quizes you can take where you answer common sql queries

I done pre security, complete beginner, most of soc lvl1 and some rooms in between (when the lesson tells me that prerequisities for it are other rooms i am just doing them)
w3schools seems to be too easy to be real 😄 If you tell that it is good for the starters I can continue it 😄

well shadow struggle with some of the queries to make in w3schools for sql

also do you mean python specifically for hacking or python programming in general???

 /| ､
(°､ ｡ 7
 |､  ~ヽ
 じしf_,)〳‎‎

Hm... I think I need at least basics of both to get anything from it. I assume i cannot only look at one side of a coin

Heiii, so i got a good question if i want to host an open-source mailing service for my company what would be the best possible ones up on the market right now , if anyone have any idea i will check the features i need if anyone got a recommendation but if anyone was wondering what features do i need ( End-users can reset their open password , MFA , active sync ,intergerationg with AD , Cal dev , con dev ) those would be the main ones i though to ask here since there is no better place to ask about tech other than an ethical hacking Channel XD

https://tryhackme.com/r/room/bashscripting
https://tryhackme.com/r/room/pythonbasics
https://tryhackme.com/r/room/pythonforcybersecurity

these 3 rooms on tryhackme will help for more hacking specific things

Saved

well good luck with that... "self" hosted email servers generally have trouble getting trusted and there for not being spam filtered by both outlook and gmail

yes i'm already facing this problem here on my current server ( using zimbra) but fixed it a couple of times , i just want to know if there is something better since zimbra now needs money to maintain

for more general python programming check the pinned messages in #programming

Oh! I never saw it before haahaha

Thanks!

no problem

Hi guys

Can I join a group to do the today's challenge

?

you mean advent of cyber???

Check out what's going on here https://discord.com/channels/521382216299839518/1305926862114914325 🙂

I didn't get a VAT charge

And why is my card saved in THM, i never clicked on a box to save it

anyone have any idea XD ?

Not all countries will be charged VAT on purchases, and some will have it included in the cost already

TryHackMe does not store payment details, we use a third party processor as per our ToS.

Roundcube, not sure if it does everything you want but I used it for my business for a while.

Although, I'd recommend you not host your own mail stuff if you don't know what you are doing

Thanks

Gave +1 Rep to @cloud quiver (current: #7 - 1317)

i currently work as an IT tech support , it's sort of a task my manager gave to me the company already hosts a self hosted webmail ( zimbra) soo i was deciding it with him and he turned it into a task for me

Ooooof, your not meant to ask for help with work stuff here

oh shit didnt know that

it's not work in a sense XD just a decent research

this group guided me alot in my field on the cayber and careers channel soo i though that i could ask

I want a work in tech area

I am working hard to find

Its handy you have certifications in linkedin?

Try to check out https://discord.com/channels/521382216299839518/775144008853749770 🙂

It's always a plus to have a certification

Good morning people

Good morning buddy 🙂

Post office time 😎

how to earn money im not good in programming

Learn programming 🙂

i have no certifications xd what so ever just some knowledge

i have the knowlege of some certifications like CCNA and so on

but i don't have the certification it self

i got unmuted lets gooo

hi there! question for professional pen-testers: while exploring metasploit i found that it has port scanning modules included. do any of you use those instead of plain nmap? or do you use both? any real-life advantages/disadvantages?

I'm not a pro pentester but I usually use nmap for port scanning 🙂

I'm semi professional and I use NMAP

I'm also santa

Santa endorses NMAP, you heard it here folks

santa has spoken. who am i disagree.

i dont do pentesting at all but i like nmap

I have genuinely never used metasploit for port discovery

im trying to use openvpn on my kali and solve some CTFs, but the browser is having trouble loading the ctf webpage.

i have tried 3 ctf, but only 1 works. (Ignite)
and the other two (Whiterose and Lookup), my browser is saying it cannot connect to the server.
It says check firefox permission to access the web.

does anybody have the same issue with me??

helo

Odd question but does anyone have a Sigma 6 Certification and if so, how has it helped you in your career?

Hello , welcome 😄

God this is taking ages

Not enough hours in the day today

what can i do when my vm is kinda slow

more cpu and ram?

be me
forget tryhackme this weekend
just realize it this morning
lost 60 day streak
fml

i dont like this lmao

you can ask for streaks back... send email to support with amount of lsot strikes, the date you lost it...

oh shit that reminds me

Dm let me guild you

how much resources you give to VM machine ?

2024MB and 2 CPU's. I want to give 4096MB and 4CPU's but I can't change it because its imported

and what config is you main pc ?

What exactly do you want to know?

cpu, gpu and ram

Any Numbers or the "Product" Name

or how many sockets and cores

just numbetr. how much ram and what cpu you have

for kali is ok to go with 2-3 gb ram and 2 cpu/cores. kali does not need more for basic usage.

32GB RAM, I7-9700k 1 Socket 8 Cores

then you can go 4-5 gb ram and 3 cpu/cores. no need for more

even if you downlaod vm pre made kali thing

you can change it for sure

yeah but you now browsers take up way to much lmao

i have 32gb of ram

and 2tb of storage

you need power off that machine then add more and run it again

its offline

hmm

is that VM or vBox ?

vBox

did you add guest addition plugin in vBox ?

means what?

and if you wish check the VM. pro version is free for home users thing

VMware is like vBox. just bit more profesional

so to say

yeah heard about it

you can use it for sure. have nice spec pc so it need to run smootha like ice

Hey ho

maybe i could clone the current machine and change the settings then

but i will try VM

alright thank you

Gave +1 Rep to @loud marlin (current: #26 - 374)

also if you use vBox. on the link you have
https://www.virtualbox.org/wiki/Downloads

so I know linux pretty well, but it's a drag searching for setup and then actually doing it

downlaod that pack and import in vBox

I had a question, is workstation pro better or vBox?

yes. kinda. they all do the work. VMware 17 and so pro version is free for home users

i need help in advance cyber 2024 related help

#1305926862114914325

you mean the VMware Workstation Pro right?

I have pro, now, I have to install the simple and sober linux right?
On a side note, If I wanna make a lab, I should just get a windows VM right?

yea

with VMware and/or vBox yopu can set home lab. no issue. all depend of you pc spec and/or you have more than one pc to run multiple VM os and so. and windows is to go with in VM as in homelab

Understood. In any case, to avoid more questioning, do you have a link to a guide for making a lab? I have the recommended specs, 16GB RAM, etc.

there is many guides. all depend of what kind of lab you build. min one windows is must. if wish to build windows AD lab and so. then 2 windows is needed and windows server to host AD. my advice is google things you wish to set.

some ppl build malware lab, some just windows test things...

some build blue team lab, some red team... all is up to you'r goals of what you wish to do

I always google these type of things first then if I still have confusion, I ask here, or any other community, so yeah.

I'll have to research on these setups, I think I'll be doing testing mostly

I see, thanks for the info!

Gave +1 Rep to @loud marlin (current: #26 - 375)

ppl get windows for sure in VM or so. if you have some spare laptop that you can use for just kali it is nice. so you have main pc to set lab and so. one windows for sure yea. since you test things on it.

I just got my landlord mad

Apparently I'm not allowed to have my motorcycle in my basement

on what flor you live, and do you have elevator to it ? 🙂

I'm not allowed to have it in the building

that is bullcrap...

Fire reasons

if something is not forbidden it is allowed...

Something something catch on fire, something something insurance

bullcrap. it is also if you go to mechanic workshop and says that is not ok to use welding machine due to fire hazard... it is dumb...

So I got until mid January to move it

Yeah, but he was chill, so we had a talk about it all and found a solution

if is reasonable mind/talk and fair play then is totally ok. and if solution is there then ok.

Solution was to move it to a garage

@loud marlin im now on vm, how much do i put in here then

already bumped up the storage

oooh. it is literally in basement... mea culpa... language barrier kinda... then garage is ok yea

this is fair

i also do that

Yeah, literally basement, right underneath our apartments

and since you have 32 gb. then 4 gb is fair of ram

i do understand now yea.

Sup Gs

I got snitched on by my neighbors cause of the smell of fuel

Nothing is wrong only a lil gas leak behind a BBQ

What can go wrong

i guess some old ppl. 🙂

Yeeee

https://tenor.com/view/fifth-element-milla-jovovich-leeloo-bada-boom-boom-gif-9053853716468720447

Prob

yea...

Only one laptop for now tho, let's see if I get an internship, then I can think of getting another, it'd be nice for a change since it has started dying after 4.5 years

YAY bella in chat

you can get some refurbished laptop for some cheap money. 8 gb of ram and ssd 256 gb is nice for kali only.

My laptop is so bad specs i had to setup an old pc and remote desktop to it to hopefully replicate a vm

I saw your ping

it was good

hey shadow how did u make the cheese ctf, like how did u "submit" it

just create a vm and submit the vm file or smth?

I'll have to same some, and then some, getting it is the easier part, dedicating myself to it is another since I can't seem to get over my distractions, sometimes I go overboard which sucks, then I study at night because I wasn't productive the whole day

Understandable

some ppl says: i need more focus, but no one thing to remove distraction from it self... when there is no distraction focus is present

I totally agree, so I've changed my routine, if I can't get rid of the distractions, I do them to my heart's content on weekends, but I still study 6+ hours if I'm not going outside

also have hobby. cooking, drawing, gym... it is needed if you wish not burn-out. and burn-out can effect a lot

I wanna shift to my hobbies, which I do frequently (couple weeks a month)
Then games enter and they seem tempting, the whole premise is messy if I get into that

hobbies outside pc is needed to "reset" brain

I hate that you're right, I go on a jog everyday and that refreshes me really well,
I might just need to slowly weed out the distractions, I'll do that, thanks!

Gave +1 Rep to @loud marlin (current: #25 - 376)

fair yea... and yea. time out from pc and so is needed. also take a brake is not smth to avoid...

if you check my bio. there is smth that my professor say to me waaay long time a go, and that is thing that snap me out of dumb things

ye np

Got some good news, i finally passed my degree in Cybersecurity 😄

@boreal scarab

That's amazing, congratulations!

which one ?

🥳

There is an option to make your room public, which will insert it to the QA queue

BSc (Honours) Cyber Security with Open University

If you do this, staff ask you don't give the room link out.

Congratulations!

Hey everybody

Thank you guys ❤️

Where as I dropped out of that one. BUT CONGRATS CHEVVY

I need help troubleshooting a motherboard

Thanks duuuuuuuuuuude, stay swollen

Gave +1 Rep to @silver sky (current: #42 - 216)

Earning money to spend on games later, seems like a good deal if I sacrifice them for now lmao
I might even forget about them late in the field

I may be getting thrown out of uni

you should join the open uni discord, it's actually really good fun

how come you dropped out tho?

But I'm not an OU student

Bad timing

heh. as i say... what you wish to change to get to point you wish to be...

i mean, i've been out of THM for the good part of 3 years almost lol

I now do Risk and Security Management BSc at The University of Portsmouth

that's good man

for now if Student Finance keep dicking me about

oh F, student finance for people from abroad is a mess lol

every year i had to send them a letter lol

heyo

qa?

All the bugs that you ever saw are most likely the stupid ones not meant to reproduce

Yeah, the QA department who test rooms and ensure they meet the quality and standard, and d to ensure rooms are both ethical and legal

oh aight

how long does it take

for a room to get accepted

Student fiance: the words send a shiver down every students spine

I can't say.

Fiance eh?

I applied with my british passport ffs but apparently they wanted my physical document as they could not verify my details

You know what I mean :)

ah alr alr

@loud marlin shapes dropped for remarkable

Well it's the opposite of a Fiance

that one ex

mother of lord... just when i try to get some money for some fancy keyboard...

https://tenor.com/view/soldier-ww2-traumatized-meme-eyes-gif-12257475272172704406

I've actually not seen that one before

Usually it just crashes anyway and restarts lol

I've never had that happen to me or the other employees before, first time seeing that message too

Gentlemen.
Is there any way to break into Google Drive without authorization?

https://tenor.com/view/no-let-me-think-nope-no-way-hmm-no-gif-22904160

Thank you..

yeah, just wait until you see how much goes out of my paycheck every month to those guys

good part is that it's before tax so i'm safe lol

👀

good thing that I get paid to study which is not a loan

Good thing I have 0 student loans whatsoever and am out of college.

No, that would be illegal.

We don't teach or discuss this, it's listed in our community guidelines

I can't wait

We're hazing AceS

yikes

a month?!

yeah

My degree is only £18k in total

pre-tax tho

if you're doing part time, 4 years in you need to start paying back or something like that

Naaaaah. How tf do they think people can live where all the work is, with like $3k a month shoe box, AND student loans?

(Talking about NYC, cause..... really only know about shoe box being expensive)

yeah, don't get me started with the crap taxes in UK, can imagine there's no better on the other side of the pond

cough
Want food? Taxed
Clothes? Taxed
Toys? Taxed
Income? Taxed
Investments? Taxed

Need I go on?

Breathe? Taxed

taxes? Taxed

I don’t get taxed on my income

yeah, you pay taxes on food that was already taxed

https://tenor.com/view/irs-taxes-warfare-suited-up-gif-26196595

makes sense whatsoever, haha

life is harder than wideboy's bench presses

anyone else not able to get on today? I did part of #8? I think I'm on, and i copied and pasted and now I can't connect to the webshell to input the info. has this been a common thing? I've retried several times and it just keeps disconnecting!

You forgot, Died? TAXES!

i just put everything in a notepad and downloaded from the vm if that helps

create a file with all the scripts > python3 webserver > download on the host, copy and paste from that

Think Saul Goodman quote sticks here...... "3 little letters, IRS, if they can get Capone, they can get you"

I'm too new- I don't even know what you're talking about. lol

Want more death certificates to prove they're dead? Give us money.

best would be to go into #1305926862114914325

welp, I just invited to join a motorcycle club 😅

10,000 USD 7 years and 20 court cases later, removed from social programs and not allowed to use any government funded services and im tax exempt. life is hard this route for sure... still not sure if it was worth it.

https://tenor.com/view/11-gif-18619320

Is there a room for that?

"There's a mod for that"
-Skyrim Mods

yes, the one i just linked 🙂

at least there's no back mark

but why?

I clicked it and it didn't go anywhere

why what?

why make yourself a person without country?

I still have a country lol. life is just a lot more difficult lol.

citizen vs civilian. not the same thing

@boreal scarab @glass nest lord... this is half of my table. and is not finish ...

https://tenor.com/view/atlantis-gif-26289860

but why did you decide to do it?

stargate my beloved

https://tenor.com/view/star-gif-16789607377123159596

i need re print building in middle. going glow in dark

I do not wish to get into any politics in a public discord. invite me to a more appropriate discord or DM me.

no worries, just was wondering your thoughts behind it 😄

Basically i believe my Body is my property, and therefore the energy which is also Material that i have being used to perform labor = mine and therefore no one is entitled to my labor. so logically void of emotional pleas, i dont believe in taxes.

anything furthur please resort to DMs

that's fair, I understand, was just intrigued by what you have done, sounds interesting and cool

my advice? no one should do it.

i almost filed paperwork wrong and could have been jailed.

yo am I the only one that cannot connect to VPN?

like ovpn prompts no errors but I cant even ping the machine

can you ping -c 3 10.10.10.10

yea i keep getting dced from it all morning

when on vpn ofc

just c might need be C

idk lol

Nothing is the problem tho, except making friends in different communities, but yeah, no excuses if I gotta get stuff done

if you wish to find cyber friends. that is easy. just put some hacking stickers on laptop and go to places eheh

is a gobuster command visible for the end side? or just the connection afterwards

because the gobuster command must check for a connection no?

all depend of how server is setup. but when you bruteforce smth it is visible

if you send 1000+ url request to site, yea it is visible

Hi everyone

hi hi

#rules

🎄 🥳 Advent of Cyber 2024 DAY 16 Let's Go! 🥳 🎄

so its probably just used for people from SOC and not for any vicious attacks?

They won't see the exact command, but they will see all the requests you send and usually it is pretty obvious what you are doing at that point. ;)

aside from homelab or doing bug bounty it is quite illegal. also you never know what can go wrong when you use on some target.

Hi , welcome 🙂

yeah i thought so too

yeah just want to recognize the structure better

My recommendation: Use docker to spawn a local nginx server on your computer, attack it with gobuster, and then look at the log files in /var/log/nginx/access.log!

Hi ralex, by the way.

How's life?

give me 40 minutes

Seens some atlantis print you are coloring right now.

Not everyone is this understanding unfortunately, there's competition and people think it's a hierarchy if you don't know something, so it's less probable that I'll find cybersec friends, it'd be good to have competition but I don't have it yet so... yeah

Wow

Wow?

I really understood that well

Want me to explain?

Nope

Then I won't.

Well yeah it was short and concise

You both have good chemistry

yep

Lmao.

Why did I come here again

ahh

Let's connect

Yeah I saw your request, I've accepted it

Okay

I'll go search for local cyber friends

What are you gonna do? Spread Watch Dogs propaganda?

https://tenor.com/view/dedsec-gif-20187478

yeah just get your laptop and get a big watch dogs sticker

how big?

instructions unclear, I've bought the size of the statue of liberty

do I need bigger?

💀

"epic fail"

Suppose if I got the stickers

my laptop doesn't have the same durability theirs seem to have

one fall and it's all done

learn to fail, fail to learn...

Break your current laptop now, get a thinkpad next.

I feel like I should take a cybersec test to see how under the water I am

I dont have stickers

I like the clean professional look

It's the Legion, better than thinkpad, although not as much as durable

Only got stickers on my thing that I got from events and stuff.

do you also use light mode on OS ?

https://tenor.com/view/slap-gif-25249881

I feel like I've seen you somewhere, but I can't pinpoint where tho, but it's good,
I also wanna attend events so bad

On Discord or at an event? 😅

I have no intention to misinform

This blinded me

On discord lol

Makes more sense, that could have happened.

I have been on here for a long time.

You seem dedicated, good luck on your journey

I know, I think I've seen you around 2022, before then I was just a lurker

I joined this server Oct 23, 2022.

I'm currently studying iss msc

Same

Did change my account binding to a throwaway account tho, because you were able to find peoples THM profiles from their DC profiles at some point and I didnt like that.

I joined around june, makes sense

You joined this server a month ago.

Wait, you could? damn, I think I'm glad I wasn't active around that time

Whahaha.

Yea.

You could get a link to someones profile by giving the bot the discord tag, but that was changed.

You now need to have the THM account name already, so it's not an issue anymore

That's a good change, I think I did something similar? Wait no, I did the token thing, but to log in you can just directly link it to discord now?

Hmm? Account linking still works the same.

Oh, I see, okay, I understand what you mean now, I was confused there for a sec haha

I changed my account

We talked earlier on this server

What's with everyone changing their accounts?

Mine was hacked

(I changed mine in 2020, my other account was lost which was from 2016)

Oh, I see.

What was your previous tag?

Uhh

how do i update my rank in discord when i leveled up? or do i just repeat the proccess with getting verified

it is automatic in around 24h. or re verify u self

It'll happen automatically iirc

perfect thank you guys

Id do it manually if you want it down sooner, rather than later.

I deleted at May 6, 2022, names S M U G

Hmm, yea no, I don't remember.

Has been quite a while.

Yeah me too

Were you a nitro user?

I've never bought a nitro

do we get to save the rooms from the advent of cyber and be able to redo them?

Figured, I joined in june, you're saying may, I might've seen someone with that name before

Because I've left and joined this server again and again

They won't be removed after the event ends.

All the previous AoC rooms are still up as well.

i want to start learn block chain, can some one give me a website recommendation

@wheat narwhal

Hello 👋

welp slightly regret eating buldak 2x spicy noodles now.... shadows tummy is aching

what language for hacking i want to learn idk how to start

mostly english

https://tenor.com/view/gatomirandomeme-gif-14777214025595338942

JS for web vulns 🙂

i hate that

so many sweats

every lang is valid tbh

Python.

https://tenor.com/view/blud-dog-meme-goofy-ahh-gif-6688052593586142752

yeyeyeyeye

Like, yea, every language is valid, but you can very very quickly throw together all sorts of stuff with Python and run it almost anywhere.
Wordlist generators, custom brute forcing tools, small Api clients and so on.

Other languages where you can do things with similar ease, e.g. JavaScript with nodejs have the issue that the interpreter is not installed on quite as many systems.

i only know html

just learn one, and then you can switch between languages as much as you only want

You did ask what language to learn, Python is my recommendation. ^_^

it's all about understanding concepts

You can set it up really easily, there's tons of tutorials on Youtube.

I more or less agree with this, indeed.

hmmm

also after understanding basics go and write code, don't jump from tutorial to tutorial

nope, cannot interact with the machine in any way shape or form

so when on thm vpn what you get when do that command. ofc in another terminal...

run a tcpdump and set the dev to tun0 and retry your ping command

Sure i do

Yea,got the irony

Is it that machine only or a general issue?

.

i've tried a coulpe boxes nun work

what are u concatenating

yo guys ive a tech question

Ive a windows pc on the same subnet with my linux laptop

When i nmap scan the whole subnet

The windows 10 doesnt show

When i turn off firewall

It shows with the open ports

are u doing ping scan

The question is

windows blocks icmp packets

Regular scan i guess icmp

The question is

I can do desktop remote to the pc with the firewall on

How did the remote desktop tool know that the rdp port is open ?

it doesnt

it assumes 3389 is open and tries connecting

if the port sends back syn/ack its open

Can i assume its open and try to connect with nmap too ?

Ah yes

The -Pn flag

It did show its open

I see now

Thanks mate

It also showed all open ports

Even while firewall is on

Hmm thats concerning

Firewall alone isnt enough

We need to manage ports too

Firewalls alone are never enough

But for home it’s fine

You shouldn’t be allowing any inbound connections from the outside unless you know what you’re doing

Good information

And rdp should never be open to the internet

U mean the port shouldnt be forwarded ?

I need to stop spend money on dumb things...

Because ports dont show when scanning the router public ip for ex

sus

Fr

Exactly

why would u willingly port forward

I was port forwarding WireGuard

But the port can be forwarded from router settings

I wont but just curious

Before my isp changed and I can’t port forward at all

And so I just switched to tailscale

Could use something like ngrok too

dear lord... this is awesome

❌️

Did you download a new configurations file? and make sure you dont have anything blocking traffic. a firewall or kill switch

Did you turn on ICMP pings via GPO?

Windows blocks them by default.

No

Then that could be why nmap won't find out Windows host.

Typical windows firewall will block ICMP packets Try one of the Nmap IDS evasion switches, such as the -sN or -sX

I was too lazy to go though the inbound rules to check the one blocking icmp echos so i just turned off the whole thing

and try pinging the Linux machine from Windows

Yeah -Pn worked and showed all ports that are open

It wont ping too while the firewall is on

Yeah '-Pn' skips the pinging of a host on scan. So it doesn't send ICMP packets

It goes straight to 'how r u doing' and skipping the 'hello there' part

Firewall is supposed to allow outbound traffic. Do you have a firewall on your Linux machine?

No i dont

Let me try

And more!

Nmap's host discovery is neat

Especially if you run it as root

shadow likes to use the icmp timestamp scan for nmap host discovery

yes that uses arp

And tcp, lots of stuff

last time shadow did that it showed the windows computers on shadows home network too

Can use ACK alone too

They should have made a switch for that

https://nmap.org/book/host-discovery-techniques.html

Head down to the default

Im gonna put that on the readlist

It's a quick read

is armitage still relevant in 2024?

arp-scan is good too.

Not maintained AFAIK.

Please not your host...

not armitage sorry that was scrapped in 2013 i think

cobaltstrike

Will give a try thanks!

Gave +1 Rep to @sick lance (current: #1 - 3111)

sudo arp-scan --interface= --localnet

Its an clean windows 10 installation computer

My 4gb and 120gb ssd laptop cant do VMs

Am i the only one here daily driving linux and using another windows pc for tests lol

https://youtube.com/shorts/35c7-J7Eje0?si=lDO2klrPMIPcKHaI

I need a Bri'ish translator

A bit different but similar case, Yes!

Depends on the linux.

I usually use my windows laptop for powershell script tests. besides gaming ofc.

lad's meself

That's a banger, made me hungry.

@sick lance Is there a chance that a firewall would be configured to allow inbound traffic from particular devices on the network and not others?

Yes

Look in to white lists.

I have that configured on my opnsense firewall

If so, would spoofing the IP address of the port scan be an efficient way to evade blacklists

So that certain things on other vlans can access my dns and dns only

It depends.

MAC address could also be used, and how routing works, it could make traffic go the spoofed IP, but not your device.

I acyually had to use ARP spoofing in an ICS network so I could MiTM the traffic with the modbus communications.

Guys... I'm literally 1k away from my set goal point. With that said, I'm officially an OMNI... Level 9 yay.... (clap clap clap clap)

Congrats buddy , keep going 🙂 🥳

What tool did you use for the arp spoof?

Thank you.

Gave +1 Rep to @cloud quiver (current: #7 - 1331)

You're making some real good progress 🙂

Actually I'm wrong I made my yearly target, now I'm aiming for the 50k mark.

Yeah... This is meant to just be a hobby, but I thought the leaderboard would motivate me to learn a bit more.

Discord is slow on updating me to OMNI... Should I try a few more rooms and see if it changes?

you either have to force it or wait 24 hours

I’m not gonna move for the rest of the night, someone send me a new spine

Doubt I'm Darth Vader, so can't force much my end... 🤣

@glass nest Time to get out the medical book again

Would a book spine work?

you can by reverifying

I wish

try some bot commands here

I am in agony

you have to verify again

Congrats

Ettercap

You'll be fine by the time it updates you can flex next rank xd

It's not that I'm really wanting to flex, more that I'm trying to stay motivated. I left THM last year in April because I lost motivation. Same happened in 2021/2022. I really wish I can just pull through this time and see if I can get certified in something. Not just the basics.

I dunno why am I being so confused rn.

it's overwhelming

So I forced it, guess I'm in the dark side now... 🤣🤣🍪

theres nothing wrong with flexing, just seeing my acc rank up several dozen thousand places after a few hours of study makes me AAAAAAAAAAAAA

Nice.

what is

I saw I'm top 10 in my country for the month. If I can get through one more room I'd be nr. 1 and then I need to start looking to see if I can make it to the list of all time. Then top 10 and finally I'd hopefully have reached the 50k mark. If not, then I'd be pretty close hopefully. If I do make it to the 25k mark or even the 10k mark, I would know I've made a good effort of bridging the gaps.

and here I am at a measle 97% top of spain i feel pathetic

the confusion, I've asked in cyber-and-careers channel tho

oh, yea I read through it after replying

I would say usually red teaming builds on blue teaming anyways so you can focus on red teaming. Unless you are planning to occupy some nieche position that requiers you to know stuff youd have to study usually knowing how to exploit will make it easier for you to pick up some tools and prevent exploitation, I dont think theres many careers in blue team anyways that start from technical skills all that different from red. Like say SOC Analyst, if you have some basic dev knowledge like i did and know some red teaming youre pretty much set, you just need to learn documentation about how things are defined and how to use tools to observe artifacts or whatever else and then just write a report, its a career you can pivot in from other paths at least in level 1 and 2 that is

So what would be the base? Dev, knowing 9/10 programming or Cybersec, knowing 9/10 your stuff? The rest 1/10 would be the bonus, it seems programming is the bonus as you said.

V8 ubuntu

does anyone have resources for EDR evasion they'd recommend?

you might get better response in #advanced-general

thank you!

last year i complained about the video from THM youtube channel walkthrough not zooming in for accessibility and i was obviously ignored. this year as yet again hard to read what the content was in the azure terminal.
finished the room using the solution , as my azure refused to work. anyway, i know a bit more on azure

sucks when accessibility is not taken seriously because everyone has 20/20 vision

anyway done chatting into /dev/null

deving is actually the main thing to know id say if you know how the hardware operates, network traffic like tcp udp and encryption, hashes, race conditions, etc, everything pretty much is self explanatory from there and youre just reading on how people DESCRIBE procedures and steps to do stuff

Yeah I know the A+ level stuff, a decent amount of networking and linux, just have to familiarize with one programming language which I'm thinking should be python, and as an extra skill Data Science/Analytics which will allow me to diversify my portfolio and allowing me to make flexible projects.

Stupid question..... does anyone know if we get an entry into the drawing also for the "questions" that aren't really questions? LOL The freebie ones ya know?

you do

why?

We can't help with this.

As per our community rules.

awww man

alright im sorry

??

yo guys i need help

well what do you need help with, hard to help without knowing

i want to get some books for christmas and I wanted to know which are good for learning to hack

I want to learn how to get into a pc

#bookclub has a lot of good resources

tysm

Ethically, right...

Right?

yes

ofc

no i want to do this as a job

later

im fascinated

by this area

Book club has good books.

Do you prefer PDF's or physical books?

physical books

i want to get a book for christmas

isn't it a bit late now?

ye

it is

im late

there are so many books which would u recommend

what do you want to work with?

ok

A book on what?

hacking

for getting into a system

Specifically or in general?

@sick lance

bro

Nahh

You cant do that

@fair nest Not approprite for this server.

Its forbidden

my message wasn't a book, but a question 😅

I was just texting randomly

🙏

I'd recommend Hacking: The Art of Exploitation by Jon Erickson

oohhh, ye its late i want a book for getting into windows system

ok ty

Gave +1 Rep to @silver sky (current: #41 - 217)

It's a good book for the fundimentals

And huge aswell

Ok

It is a big old book

im fine w that

bit old, but gives you some insights as well
https://www.amazon.com/Windows-Exploitation-Course-Stack-Overflows/dp/151946228X

– Program computers using C, assembly language, and shell scripts
– Corrupt system memory to run arbitrary code using buffer overflows and format strings
– Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
– Outsmart common security measures like nonexecutable stacks and intrusion detection systems
– Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
– Redirect network traffic, conceal open ports, and hijack TCP connections
– Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix```

ok thx yall. Youre all so kind

oh wide I don't know if you saw

but I got into an altercation with my landlord today

oh?

I am not allowed to have my motorcycle in my basement

my neighbours snitched cause the smelled fuel 😄

I mean, understandable

yeah, understandable, we had a talk about it, he just wants it gone before mid january

At least he's been reasonable and given you time!

If he let you use the basement,it should allow you to keep the moto in there aswell

yeah, he was quite impressed how I got it into a 1.5 x 2.5m basement

insurance and fire hazard reasons

Ahh

and the reason it smelled like fuel was because I removed the fuel tank and some of my fuel lines still had fuel fumes in them

Well thats some good reasons

and I mean, I don't complain, it's all reasonable, I was also caught red handed

as me and my friend was taking off all the covers of the bike while he walked down to the basements

maybe talk with a therapist and not a discord server

@sick lance

Errrrrrr

Moving on

so yeah, now I am looking for a garage/place to have my motorcycle while I work on it

Hi

already found some places, going to look at a motorcycle club who invited me on friday, otherwise I have a storage box facility which allows me to store my motorcycle

My last motorcycle I had got stolen :/

ooof

I am currently cleaning my motor to make it ready for next season where I am redesigning the look on it as well
my goal for next season is to drive non-profit trips on it with/for kids in families with struggles

Help! I'm on Day #11 on cyber advent and after I did the airodump on the screen.... it's been 16min. and it's STILLL going. The walkthrough's took 7 min. did I do something wrong? Do I just sit and wait longer??

#1305926862114914325

My first ever motorcycle was stolen

I haven’t bought another one since

One day maybe I’ll buy another

this is still my first

Invest in a GPS tracker, smart alarm and diamond rated locks

Aye. Only reason I'm bike-less is lack of space to store it

well I currently also have a lack of space to store it lmao

Yeah, but you are making it work

Like a bawss

well I got thrown out of my basement

By an epic explosion?

by the landlord saying it's a fire hazard

even though I have taken out all the burnable liquids

Bummer. i mean, fair. Still a bummer though

yeeee

1501 waves done... another 1500 left to do :D

Nomming on a sammich!

my friend invited himself over today to chill, so I decided we could take off the panels today, and while we were down there taking the panels off, the landlord came down cause my neighbour in my apartment complex complained about a smell of fuel

cause I took off the fuel tank and some of the lines still had fumes

Call up the Marshall, they'll set that landlord straight

So whats the plan? You got another place to put it?

searched around on maps and facebook, a local motorcycle club hit me up, talking with them on friday, and I have a storage space rental place which allows me to store my motorcycle as well

You enumerated!

Awesome!

yeah, got told that it has to be out before mid january

thats good of the landlord to give you some time.

yeah, always talk with respect and you get respect back

Bad of the landlord demanding that..

why? they don't have insurance for storing things that can catch on fire in the basement

It's understandable though.

ye

Not really

No man... Don't be. It's just that my country perhaps have very few people participating.

Im from spain too!

Tbh the rank is meaningless until u are around 10k or so

In just a couple of months u can be top % but know little

https://youtu.be/DCWcK4c-F8Q?si=2KW-o2FrPXp7F1-E

.

Sysadmin turned badass

waduuuup

hi

@glass nest @blazing granite I got the Job

what job

congratulations

IT support position at a decent company.

No more helping random idiots with their non issues, I am actually doing legitimate IT work now

https://tenor.com/view/cat-dance-dance-cat-cat-ai-cat-ai-cat-dance-gif-16943432931705998786

I actually want to watch that now

when does it come out🤔

yes, now youre gonna help random idiots with their yes issues 🤣 🤍

April 11

😔

Indeed 😊

#site-support please

yeah did everything, looks like it is a failed TLS handshake... I've matched with HTB VPN and THM does not work for that reason, altought I have no clue how to fix it

YIPPEE! WAHOO! YAHOO!

jumping in the air and clicking my heels rn

Good evening am having issue with my greenbone

 /| ､
(°､ ｡ 7
 |､  ~ヽ
 じしf_,)〳‎‎

I am OUT of this hellhole

Indeed, but like I mentioned earlier I'm mainly using it to motivate myself. And with so little representation, it's easy for me to give myself goals that seem attainable.

I can finally tell my bosses boss to eat my hair and stop messaging me hours before the shift

Well done @fossil merlin that's great news. Hope you enjoy it.

wdym 'failed TLS handshake'

Well

Do you understand TLS?

They love to shake hands to finalise business init

https://tenor.com/view/theoffice-michael-scott-jim-halpert-gif-27622036

I once told my tree friends that I wanted to see the logs for all their handshakes... Never again did they trust me with doing admin again... 🤣

I take it they wasn't sanitizing their hands

No they were sharing cookies... 😉🍪🤣

Oh dear

Yes, I do

Congrats 🥳🥳

Oh please ignore me, I've gone a bit senile in my old age, I thought you was the one with the issue

Ntss ntss ntss! Nice one man!

Nice work, detective

🕵️

@silver sky you need to get mayor malware in line man, why do you even have a guy with the name malware as a mayor?

because his hair is so dapper

This ^

And I heard he smells like the outdoors. Anyone knows you can always trust the outdoor types.

Anyways hey @glass nest Guess what?

You are sending some rare, exotic wood my way?

your sending shadow a cheese board???

https://tenor.com/view/cat-gif-22727788