#general
blazing granite
grizzled wing
๐ก
wooden totem
Get out
grizzled wing
that is a movie
unreal garnet
good afternoon
grizzled wing
๐ฟ๏ธ
mellow gull
Greetings
keen quail
is there any hope for winning anything on advent of cyber this time
grizzled wing
there is hope of 1%
mellow gull
I did the statistical analysis on this a while ago.
Even the worst possible odds are like 1.5%
grizzled wing
the real prize is the learning along the way
mellow gull
The learning has actually unironically been really great, they've definitely hit more than they missed with the rooms
grizzled wing
last year's game AoC was buffer overflow, i enjoyed that
it was cool to understand what that means
crude stump
I told my self I will do AoC. Havenโt even done one ๐
cloud quiver
I told my self I will do AoC. Havenโt even done one ๐
Today is a great time to start ๐
grizzled wing
some days are super simpl while others take time
mellow gull
The only overflow I knew about before this was integer overflow, which is also amusing
crude stump
Nah I tried. Itโs not my style, I donโt like how the information is spoon fed to you. Itโs not a challenge which I like
grizzled wing
side quest
mellow gull
You don't have to read the guide
I don't disagree that some of the rooms are legit, like, railroaded for you
But some of them are pretty open pasture too
grizzled wing
what is albert_c137 typing?
mellow gull
I'm really curious too
grizzled wing
like a book?
mellow gull
grizzled wing
maybe a letter left in the text space
mellow gull
I'm a fae creature Albert I'm not allowed to look away until you're done
grizzled wing
just hit enter already albert
mellow gull
Show us the WIP
grizzled wing
edit after
jolly hill
Hi guys. So a friend of mine from China told me that he can use proxy to access THM but always fail to use openvpn to connect the VM in THM. Iโm guessing maybe itโs because the great firewall (operated by the Chinese government) block the ip or something. Iโm just learning hacking so Iโm not sure. What can he do?
grizzled wing
finally!
quasi hedge
Is there any way to generate a pdf transcript for tryhackme?
mellow gull
Oh, that's not what I was expecting
grizzled wing
that took so long to type a paragraph
mellow gull
Uh, anyways, yeah, there's nothing we can do when a country prohibits the usage of non-sanctioned VPNs
grizzled wing
were you using google translate?
mellow gull
Or at least nothing we can recommend for you here.
grizzled wing
#site-support is my guess where you want to ask
maybe @silver sky is around to help
jolly hill
were you using google translate?
Nah I write myself.
grizzled wing
ok , just curious , no issue either way
jolly hill
maybe <@106802244329955328> is around to help
Ok thank you so much.
twin ridgeBOT
Gave +1 Rep to @grizzled wing (current: #81 - 94)
silver sky
Hi guys. So a friend of mine from China told me that he can use proxy to access ...
Nothing. We cannot provide support bypassing content or VPN restrictions as this would be unethical and illegal (as per your friends countries rules)
jolly hill
Well ok then. Thanks anyway โบ๏ธ
alpine lintel
yall be using burp suit, caido or owasp zap?
grizzled wing
burp suite i like
cloud quiver
yall be using burp suit, caido or owasp zap?
I prefer Burp ๐
mellow gull
Burp is fine.
rapid merlin
Burping is burpin n slurpin
mellow gull
I'm still internally a child so the name makes me laugh but it's genuinely preferable amongst the options
grizzled wing
one day i will use caido
alpine lintel
im trying to find new tools to break out of the ordinary and shi, any particular yall recommend? Been using rustscan for a while instead of pure nmap now
grizzled wing
I'm still internally a child so the name makes me laugh but it's genuinely prefe...
so many hacking tools have weird funny names
rapid merlin
im trying to find new tools to break out of the ordinary and shi, any particular...
Using "ordinary shi" isn't always a bad thing
alpine lintel
Using "ordinary shi" isn't always a bad thing
ik, I will keep using the same things, just want to broad my horizons
rapid merlin
Finding new tools is always good, but using them just because they're not ordinary is rather silly
mellow gull
so many hacking tools have weird funny names
I have a legitimately difficult time talking to my father about what I'm learning cause half the terms are borderline incomprehensible garbage or silly nonsense
grizzled wing
try caido, if you like rustscan then caido is written in rust
grizzled wing
I have a legitimately difficult time talking to my father about what I'm learnin...
yes, whenever you talk to regular people and have to define all of these terms and worse makes us sound crazy. " i was using ffuf"
mellow gull
Even the more innocuous stuff
Yeah so I wrote a script in ducky and used it for parsing with my pineapple
mellow gull
I only have a few bits and bobs that I've been experimenting with
Been luckily avoiding the more expensive/questionable articles
silver sky
I'm still internally a child so the name makes me laugh but it's genuinely prefe...
Listen my first tool I wrote was originally called RouterFuck.
We are all childish at heart
silver sky
There were no arguments it just displayed a screen saying searching for routers to fuck.
mellow gull
Hahahaha
rapid merlin
Listen my first tool I wrote was originally called RouterFuck.
We are all chil...
Reminds me of this clip from the blacklist: https://www.youtube.com/watch?v=MQKoBNv-pNM&pp=ygUyaSB0aGluayBpdHMgY2hpbGRpc2ggYW5kIGNvbXBsZXRlbHkgdW5wcm9mZXNzaW9uYWw%3D
quasi hedge
yes, whenever you talk to regular people and have to define all of these terms a...
Hey I was using Burp Suite to test this website for SQL Injection
grizzled wing
Reminds me of this clip from the blacklist: https://www.youtube.com/watch?v=MQK...
that is one long url
rapid merlin
blame yt
mellow gull
There were no arguments it just displayed a screen saying searching for routers ...
Reminds me of something called MILFMap from forever ago, basically the same silliness
grizzled wing
Daniel
grizzled wing
know of any immature named hacking tools?
winged summit
immature?... hmm... what do you mean? lol
oh
haha
hmm
let me think
fuzz faster you fool?
(ffuf)?
i mean, i like the name, but yeah
grizzled wing
ha
mellow gull
Aha, it appears
grizzled wing
fartercap
winged summit
oh, ffuf? ha
grizzled wing
no idea
jolly peak
Hello EVERYONE
winged summit
hello
grizzled wing
posh spice is here
jolly peak
whats posh spice..
wooden totem
blame yt
You can manually copy url or just remove everything after second = (? on other sites)
winged summit
haha
jolly peak
guys im FRESHLY new to this
silver sky
Ok
grizzled wing
so fresh?
jolly peak
really really fresh
grizzled wing
welcome
winged summit
guys im FRESHLY new to this
kindly confirm that you are fresh
jolly peak
just started aboutttt an hour ago
grizzled wing
nice
winged summit
respect
mellow gull
Hello Fresh
wooden totem
I'm surprised I didn't throw up after yesterday's huge burger, that thing was taller than my phone
grizzled wing
next step is to learn l33tc0d3
silver sky
next step is to learn l33tc0d3
Nah brainfuck
jolly peak
not what i meant but hello.
mellow gull
I'm so happy at least one person got the joke
grizzled wing
Nah brainfuck
no Santa, the new posh spice
jolly peak
im just barely on "what is networking?" someone end it
grizzled wing
I'm so happy at least one person got the joke
i got it
silver sky
no Santa, the new posh spice
I didn't realise we needed a new one
grizzled wing
im just barely on "what is networking?" someone end it
your computer says SYN then server say ACK
winged summit
my brain must be slow tonight
rapid merlin
You can manually copy url or just remove everything after second = (? on other s...
Did not know that, thansk
winged summit
SYN-ACK
grizzled wing
Did not know that, thansk
i wrote a python link stripper that cleans the url from youtube
mellow gull
ACK
grizzled wing
FIN
jolly peak
your computer says SYN then server say ACK
im going through and answering all the questions at the moment
silver sky
PACKETS LOST = 4
grizzled wing
im going through and answering all the questions at the moment
all of the SYN / ACK will become fun soon
winged summit
+_+
pulsar jacinth
Hi all, I'm trying to proxy traffic through my VM to my main computer. I got some help on how to use ssh -D 8089 user@ip . I have the VM connected to THM vpn. I set up burpsuite in foxyproxy but for some reason when I enable the SOCKS proxy in burpsuite I can't get to any websites anymore, I just get connection refused. Is anyone else doing this by chance?
jolly peak
all of the SYN / ACK will become fun soon
honestly i tried to dive into THM a while ago but it seemed boring
all of a sudden i gained interest
winged summit
Hi all, I'm trying to proxy traffic through my VM to my main computer. I got so...
yeah, it's because if you're proxying through burp, and burp has socks enabled, those websites are not found in the socks tunnel you have setup
mellow gull
all of a sudden i gained interest
One becometh possessed by an unnatural muse from time to time.
winged summit
turn off burp proxy or use another window to browse the web
wooden totem
Swiper no swiping
jolly peak
One becometh possessed by an unnatural muse from time to time.
this is what speaking smart looks like
wooden totem
Looks like?
pulsar jacinth
So how can I access the sites that only the VM has access to from my normal web browser? Or is that not possible. I thought that's what I was enabling.
jolly peak
Looks like?
iykwim
grizzled wing
So how can I access the sites that only the VM has access to from my normal web ...
openvpn
wooden totem
iykwim
What are these hieroglyphics or modern are, supposed to decipher each word out of this
mellow gull
THM seemed boring until I was staring at a terminal screaming about how my listener isn't listening
grizzled wing
when you get your first rev shell, โค๏ธ
sick lance
So how can I access the sites that only the VM has access to from my normal web ...
That more than likely won't be possible.
Ideally you'd want to keep your host away from the thm network as much as possible
jolly peak
What are these hieroglyphics or modern are, supposed to decipher each word out o...
sorry man i cant help it
winged summit
So how can I access the sites that only the VM has access to from my normal web ...
that's a very interesting question. i've never thought about that setup... hmm...
wooden totem
Scrubz jumpscare
grizzled wing
ah. i agree with scrubz
pulsar jacinth
Hmm, maybe I misunderstood what someone told me the other day then
sick lance
Hmm, maybe I misunderstood what someone told me the other day then
What did they tell you?
grizzled wing
you want to stay inside your VM and stay safe using it
winged summit
@pulsar jacinth so if you have host_computer > foxyproxy > ssh socks tunnel > vm_host... hmmm... how to get from vm_host to websites... it depends on the websites. if you're just targeting the thm boxes over the VPN, then you could setup a local forward from the vm_host to the thm_target. then, access the local forward through the socks tunnel maybe.
sick lance
Help us, to help you.
pulsar jacinth
I thought I could forward traffic from the VM to my actual computer
mellow gull
Why would you want to do that?..
wooden totem
Why would you want to do that?..
More immersive
sick lance
I thought I could forward traffic from the VM to my actual computer
To be honest, all the hoops you'd need to jump though, you may just want to use the vm
It's too much effort just to use a browser.
winged summit
@pulsar jacinth also, check your dns. depending on what you're trying to do, if your host os processes the dns before it gets to the vm, the connection might just try to go straight to the internet and bypass the socks tunnel
@pulsar jacinth try setting the thm target ip in your vm /etc/hosts file, then try to access the thm target by the dns name in your host os browser assuming 80 or 443 is open. curious what happens.
anyway, yeah. that's a pretty complex setup. have fun lol
winged summit
one more thing. foxyproxy allows you toggle whether you want to proxy dns through as well. so if you ensure that's ticked, then you know your dns is hitting the vm host.
winged summit
This is not in my knowledge box
all good. what you're trying to do is very complicated
even for me, and i'm pretty advanced
what's your ultimate goal?
and why?
oh shit
mellow gull
I am not smoochii
grizzled wing
Gaww has knowledge
grizzled wing
in a busy chat
grizzled wing
@jolly peak have you set up a place to write your notes?
jolly peak
<@1188732637729280112> have you set up a place to write your notes?
mm no
wooden totem
you can be "posh spice" i can be gaww
You CAN'T handle the raw power of gaww, you will go insane, you will hurt people
jolly peak
havent set anything up as of now
jolly peak
You CAN'T handle the raw power of gaww, you will go insane, you will hurt people
youre right i just started my brain would fry instantly
pulsar jacinth
I basically just want to be able to access the machines on THM VPN from my normal web browser but through my VM which is connected via VPN
jolly peak
highly recommend you take notes right away
will do
pulsar jacinth
I can SSH into my box just fine and reach the machines
mellow gull
I've always been a little curious to trade minds with someone
But I'm confident I'd go crazy. Or drive the person who traded with me crazy. My mind is a labyrinth to madness and a temple to lunacy.
winged summit
I basically just want to be able to access the machines on THM VPN from my norma...
gotcha.... yeah. that's gonna take some work. it it just like a UI thing? like you like the ease of your native os browser? i know that VMs kinda suck, but man... that is some hoops you're jumping through for sure
normal fable
veggies out here still giving green bell peppers to people. ๐ moo 
grizzled wing
I've always been a little curious to trade minds with someone
But I'm confiden...
that was fun in philosophy class to think about your identity outside of your body etc
jolly peak
I've always been a little curious to trade minds with someone
But I'm confiden...
lets get the process started !
pulsar jacinth
gotcha.... yeah. that's gonna take some work. it it just like a UI thing? like y...
Ya, pretty much. I just hate using the browser remotely. If I get it figured out, I'll let you know lol
winged summit
I've always been a little curious to trade minds with someone
But I'm confiden...
"labyrinth to madness and a temple to lunacy" i'm stealing that lol
mellow gull
that was fun in philosophy class to think about your identity outside of your bo...
I'm a firm believer that if anyone underwent a sudden shift in perceived experience and mindset there'd be irreparable damage. It'd be like stepping into an alien world.
grizzled wing
serentity now! madness later
winged summit
serentity now! _madness later_
hahaha, omg, i saw a funny seinfeld clip recently that cracked me up. i never saw that episode, but my friend showed me clips lol
grizzled wing
hahaha, omg, i saw a funny seinfeld clip recently that cracked me up. i never sa...
that show lives on , always funny
winged summit
ok, i'm convinved my roommate has taken out all the pots and pans, is clapping them together and just shuffling them around to drive me insane lol
haha
omg
i'm simultaneously developing an ulcer and a headache haha
lol, this is literally madness.... lol
mellow gull
"labyrinth to madness and a temple to lunacy" i'm stealing that lol
You may take of my whims as you willโ
Madness?
grizzled wing
roomates is a ๐งต
winged summit
LOL
haha
if sparta was more passive aggressive and tyrannical, then yes. you are correct LOL
winged summit
indeed. dude is jacked in that movie ha
mellow gull
Sparta was hilariously passive aggressive historically
The "if" callout response is proof of that
grizzled wing
everyone had six pack abs
winged summit
The "if" callout response is proof of that
i think i vaguely remember what you're talking about
but yeah. i wish my roommate would just tell me to my face, "i hate you and want you to suffer. please be miserable" rather than actually just make me feel miserable by constantly demanding attention lol
mellow gull
TLDR a city state said that "if they were to wage war" on Sparta it'd be ruinous
winged summit
TLDR a city state said that "if they were to wage war" on Sparta it'd be ruinous
ahhh haha
mellow gull
Sparta responded by sending a letter that was only inscribed with "if"
pulsar jacinth
@winged summit I got it to work ๐
winged summit
<@782436936128266260> I got it to work ๐
nice. how?
pulsar jacinth
I don't know if it's safe but it works rofl
So I did ssh -D 8089 user@myattackbox This opens a SOCKS proxy on 8089. I then set up foxyproxy to proxy on 127.0.0.1 for burpsuite. Then in burpsuite I set up the SOCKS proxy under network connections to be my attackbox with port 8089. Now I can access both regular websites and 10.10.10.10 and I get traffic from both in burpsuite.
winged summit
So I did `ssh -D 8089 user@myattackbox` This opens a SOCKS proxy on 8089. I the...
lol, i thought you already did that?
ohhh, maybe the socks in burp wasn't setup?
i mean, you said it was, but in any case
it's working, that's awesome ha
pulsar jacinth
Well that was the goal but it wasn't working. Now it is
winged summit
gotcha gotcha
mellow gull
winged summit
nice! ๐ good job
ohhhh. let me guess. previously, the burp socks proxy ip was 127.0.0.1? haha
err wait
that has to be because ssd -D
ssh -D
arg
nvm
pulsar jacinth
Ah it was because I had the SOCKS proxy set to my attack box IP but it has to be 127.0.0.1:8089
Ya, that
winged summit
so the exact opposite! haha nice. that actually makes total sense
haha
we shared the same erroneous thought lol
(at some point)
pulsar jacinth
we shared the same erroneous thought lol
You actually understand what's going on though, I still don't haha
winged summit
You actually understand what's going on though, I still don't haha
host os browser > foxyproxy (with dns tunneled) > local socks proxy setup via ssh -D > gets tunneled to VM host, where it has access to whatever network resources can be reached by that host > dns/route specifies vpn network for thm target > accesses thm target... travels back through same path with responses.
that's the tldr. but yeah. there's a lot happening there lol
mellow gull
Lots of condensed Neat
pulsar jacinth
So the real question, is this safe? Can people on the VPN access my actual computer?
winged summit
So the real question, is this safe? Can people on the VPN access my actual compu...
they can probably reach you, but i imagine it'd be a pain, and thm generally protects against that sort of thing. but there are no guarantees
mellow gull
There seems to be a couple layers of access that'd need to be enumerated there.
To the point of being extremely inconvenient.
winged summit
exactly
sick lance
I mean, if you're paranoid about your host, why open. Socks tunnel?
winged summit
i presume they'd have to pop the vm to get access to the ssh socks tunnel
but if they compromise the web target then that's piped directly into your host os
@pulsar jacinth if you're doing thm on your regular host os btw, make sure you backup all your data. the likelihood of something bad happening is low, but the impact is potentially high. always good to backup data if you're homelabbing on your host... malware analysis, etc.
mellow gull
That's a risk that'll always be there with trying to pipe directly to your host though, no? You're ultimately still giving a straight path with a few extra roadblocks in the way.
winged summit
That's a risk that'll always be there with trying to pipe directly to your host ...
yeah. i mean, if you're in a vm just on the vpn, then they'll just pop your vm
like browser in vm versus browser in host os
pulsar jacinth
My wife is yelling at me to sleep but I'll read all of this in the morning. Thanks all!
mellow gull
Of course, the VM just gives you the benefit of waay more warning if you're paying attention
Have a good night
winged summit
yeah, and if you accidentally run some malware as part of a room, it should just wipe the vm etc. versus contaminating or deleting data on your host os.... unless you have shared folders setup to access your host os through the vm, etc.
fortunately there's no ransomware worm analysis as far as i know, haha. talk about total nightmare scenario lol
sick lance
If you're doing malware analysis on THM, it's best to leave the malware on the dedicated VM.
Not transfer it to your own environment.
pulsar jacinth
Oh one more question if my vm is on proxmox with the rest of my home lab, is any of that at risk? I donโt think this has to do anything with the socks stuff, just generally curious.
winged summit
Oh one more question if my vm is on proxmox with the rest of my home lab, is any...
not too familiar with proxmox, sorry. but i hear it's really cool and i do want to try it someday, haha. from what i understand it's a baremetal hypervisor. they probably handle security pretty well. i'd be more worried about any access you grant the specific vm in proxmox
mellow gull
This is why I've heard flash/disk boot and ram processing is a safe bet if you're doing frequent analysis, since there's no permanent data that can get dusted.
winged summit
This is why I've heard flash/disk boot and ram processing is a safe bet if you'r...
interesting... i haven't thought of that angle. very cool.
split plover
Oh one more question if my vm is on proxmox with the rest of my home lab, is any...
Brother, what OS you use for malware analysis?
winged summit
Brother, what OS you use for malware analysis?
i don't think he's doing malware stuff, i just mentioned it in passing to talk about security scenarios. from what i recall he was just doing web challenges on thm
mellow gull
interesting... i haven't thought of that angle. very cool.
RAM forgets all information on shutdown, and a USB boot with a tails setup has the same hallmark. If you don't have a permanent hard-drive there's no (or very minimal) danger. I know some data forensic guys that do things that way and it's always seemed very interesting.
winged summit
RAM forgets all information on shutdown, and a USB boot with a tails setup has t...
nice. for sure. i knew that about ram, but you got me thinking about how if something is not overwritten in memory, that it could potentially be triggered again by something before a reboot
i remember tails too! haha. i used that back in the day as an experiment. back when they had a CD ๐
mellow gull
Well in their environment it's usually part of malware analysis so they have a bit of a sacrificial lamb drive most of the time
Maybe if it could be triggered directly from BIOS?..
winged summit
hmm... yeah. not sure. i mean. i was thinking more just by software in the host os. but even then, windows has protections against accessing memory out of bounds, so probably not a scenario worth much consideration
mellow gull
It'd be niche for sure, but fun (and spooky) to think about. Sky's the limit
winged summit
exactly haha
sick lance
Brother, what OS you use for malware analysis?
Malware analysis discussions are kept for out advanced channels.
sharp citrusBOT
mellow gull
winged summit
It'd be niche for sure, but fun (and spooky) to think about. Sky's the limit
but now that you mentioned BIOS, that's my tin-foil hat jam right there, haha. persistent firmware rootkits lol.... that's the cool stuff.... but so niche that i know nothing about it. i remember at one point when i learned about the IntelME, i also learned about how previous versions contained a cellular modem, and i was like, "oh, interesting, it could just communicate via LTE and bypass the OS" lol
split plover
i don't think he's doing malware stuff, i just mentioned it in passing to talk a...
Oh ok
winged summit
bought a rtl-sdr kit to measure stuff, but didn't think it all the way through. a cell modem needs a SIM card. in addition, a beacon probably wouldn't be sent out for something that advanced unless i was actually a target lol
split plover
Malware analysis discussions are kept for out advanced channels.
Yeah my bad
mellow gull
Well there used to be old worms that could do stuff like that. Some older drives used to keep separate memory for boot that could be taken advantage of, but I don't think that's been a problem for a long time
winged summit
Well there used to be old worms that could do stuff like that. Some older drives...
nice. that's wild. i mean, not nice, but cool. very interesting
ha
anyway, i gotta get back to portswigger. 20 more challenges to go before i sleep... we'll see lol
it was nice chatting @mellow gull ๐
i'll let you get back to your MILFfinder tool
lol
mellow gull
Have a good one, see you when I see you
jolly peak
i wonder what alex is typing for so long
split plover
Guys, I can't do multiple things at a time such as learning. As being in cyber you need to have vast knowledge about web, programming, malwares, forensics and other security measures to combat against attacks. The problem is that suppose I have 8 hours for studying I'd divide them among the topics I wanna learn for exp: web and programming. However, I'd like to study only one topic deeply first then move to another one but then I think I'd lack in other things. So, any idea what to do?
mellow gull
Guys, I can't do multiple things at a time such as learning. As being in cyber y...
Do you know what path, if any, you want to pursue in the cyber security world?
split plover
The one we can't talk here ๐ฅฒ
Malware
Forensics as well
I mean they relate ig
mellow gull
Well, what I can suggest is that if you can only focus on a single subject at a time, then it might be best for you to focus on a single tool at a time, and then expand your repertoire once you've mastered it.
Like people in SOC will learn the ins and outs of SIEM tools like Azure or ELK.
Maybe something like EnCase or TSK or Ghidra
normal fable
I'm about to go sideways so I should probably just say goodnight THM. Moo.. moo moo moo..
mellow gull
Rest well
lucid hound
hello everyone
weary veldt
languid crag
Is there any specific path for the Bug Bounty?
I've done cyber security 101 path.
azure hill
Is there any specific path for the Bug Bounty?
I've done cyber security 101 path...
I'd go jr pentest path next the web app penetration I think it's called
silk walrus
Hello
lament tendon
Hello. ^_^
surreal void
Hello
severe coyote
Hi, Is Veracrypt still good for external hard drive encryption? Which software do you guys prefer.
lament tendon
Verycrypt's still good as far as I know.
severe coyote
Verycrypt's still good as far as I know.
heard they stop the support. Which is the best one among all?
lament tendon
If you're on Windows, you could also use TrueCrypt.
severe coyote
i use both windows and mac
lament tendon
heard they stop the support. Which is the best one among all?
IDK.
Worst case you just generate a sufficiently long AES key and encrypt the data manually, lel.
severe coyote
yeah
lament tendon
heard they stop the support. Which is the best one among all?
Their last release was September 2nd, 2024.
severe coyote
which one for vera? or true?
lament tendon
For Veracrypt.
severe coyote
ok cool/ so that means someone is still updating it. thanks man. \
did you had a look on github?
lament tendon
Nope. https[://]veracrypt.eu/en/Release Notes.html
But you can check the github here as well: https[://]github.com/veracrypt/VeraCrypt
Last commit was 3 weeks ago.
lament tendon
They both do their job.
severe coyote
bitlocker is also good but it works with only windows will have issues with using the drive on mac
severe coyote
They both do their job.
yeah true
lament tendon
But I'd prefer VeraCrypt, because open source.
severe coyote
But I'd prefer VeraCrypt, because open source.
yeah.
lament tendon
Not 100% sure about TrueCrypt in this case.
Well, it is officially a "source-available freeware", which means people can at least read the source code publicly.
jolly parcel
any channels here to correct an instruction?
late stag
IDK.
Worst case you just generate a sufficiently long AES key and encrypt the da...
You cannot do that. AES keys are of arbitrary length - 128, 192 or 256 bit.
cloud quiver
any channels here to correct an instruction?
Wdym by that ๐ ?
jolly parcel
Wdym by that ๐ ?
nvm i pasted the wrong instruction at #room-bugs
lament tendon
You cannot do that. AES keys are of arbitrary length - 128, 192 or 256 bit.
AES-CBC?
Or do you mean the "sufficiently long" part because the keys are fixed sizes?
lament tendon
I did mean the passphrase you use to generate the key, that was poorly formulated by me. ^_^
But yea, in that case you are correct.
late stag
Itโs not a good idea to use a key derived from the passphrase directly for encryption. Itโs better to use it to wrap/unwrap a randomly generated key that will be used for the actual data encryption.
There are multiple reasons for that, but for starters, key wrapping approach allows to change the passphrase without re-encrypting all the data.
shell nova
usually not at 2 am, sorry
sick lance
I don't have unban perms.
That's Jabba/admin only.
shell nova
Itโs not a good idea to use a key derived from the passphrase directly for encry...
you have the Key Encryption Key which encrypts the Data Encryption Key. Naturally, you vault these in different places
shell nova
I don't have unban perms.
That's Jabba/admin only.
morning @sick lance
sick lance
morning <@958383130102870026>
๐
shell nova
you have the Key Encryption Key which encrypts the Data Encryption Key. Naturall...
of course this all depends on the confidentiality of the data you wish to encrypt. Sometimes a proper KDF is sufficient
there should be an OWASP Cheat Sheet on the subject
shell nova
AES-CBC?
CBC is technically vulnerable to attack, prefer GCM
or CCM
these are authenticated modes which help guarantee the integrity of the data
shell nova
I did mean the passphrase you use to generate the key, that was poorly formulate...
passphrases should follow the standard reccomendations, aka use a password manager ๐
chilly veldt
CBC is technically vulnerable to attack, prefer GCM
war flashbacks to every crypto CTF challenges
warped grail
hallo
wooden totem
Idk what to eat for lunch, there's so many options and like none of them stand out
chilly veldt
Idk what to eat for lunch, there's so many options and like none of them stand o...
What are the options?
wooden totem
What are the options?
half the food on the planet
steady tinsel
Anyone able to hack coinstat account
tidal urchin
How do I utilise the $10 voucher of swag shop ?
finite tulip
How do I utilise the $10 voucher of swag shop ?
You add the code at checkout
tidal urchin
where is the code thats what i wanted to ask
languid crag
I'd go jr pentest path next the web app penetration I think it's called
Okay, thanks
twin ridgeBOT
Gave +1 Rep to @azure hill (current: #854 - 5)
tidal urchin
tidal urchin
where is the code
cloud quiver
It should arrtive on your email ๐
tidal urchin
It should arrtive on your email ๐
Sorry havent received any, i checked all mails from TryHackme, is it possible to to sedn it again,
cloud quiver
Sorry havent received any, i checked all mails from TryHackme, is it possible to...
Try to reach out to support ๐
sharp citrusBOT
TryHackMe Socials
tidal urchin
ok
sick lance
Anyone able to hack coinstat account
This is illegal, and against our community rules, please stop asking.
steady tinsel
Ok my bad
plain flint
So i need YOUR halp
chilly veldt
Wassup
plain flint
How are you liking the platform so far?
Yeah fine
chilly veldt
Learn about cyber security hack
what specifically do you need help with?
plain flint
Yeah sure
frosty perch
also looking for some help
azure hill
How can we help
rapid merlin
I spent almost 4 hours just enumerating the thing, and found all the usernames I need and something else
to get me into
frosty perch
if i need any assistance ill come right over, when i get that far, just in the first steps of offensive learning
weak nest
do I need to connect to the thm vpn to interact with challenge machines and AoC domains?
tidal urchin
Current day AOC VM is frustratingly slow when I open vscode
naive violet
do I need to connect to the thm vpn to interact with challenge machines and AoC ...
Often, yes
Some may be in-browser access, or a thmlabs url that lets you access it over the internet
naive violet
No
naive violet
If the VPN is blocked or illegal in your country, we cannot help you circumvent that block. That'd be illegal, and we have a zero tolerance policy on illegal activity here.
You can use the attackbox but that's likely the only way around.
naive violet
any idea how they even enforce that in the first place?
Deep Packet Inspection
naive violet
Iirc BlueCoat, a network firewall/appliance vendor, got caught selling to embargo'd governments
weak nest
do they perhaps have some db or cache with known vpn ips and check against it
tidal urchin
the game window is not letting me resize, so unabale to see the converstaion
naive violet
like I can send/recv udp just fine but when It's a vpn it doesn't work
Yep, that's DPI where it analyses the content/structure of the packet
weak nest
naive violet
With a conventional firewall it's very easy to say "no UDP traffic to this port to any IP" without doing DPI etc.
DPI needs a lot of CPU power
weak nest
ofc
well I can imagine
but I would've thought it'd significantly slow down internet speeds
naive violet
Yeah if you can't keep up
weak nest
naive violet
@fair lava Do not discuss illegal activities here.
Do not promote circumventing legal blocks.
fair lava
<@907657414776598589> Do not discuss illegal activities here.
Do not promote cir...
Alright, you can maybe get outside a little, you were here all day yesterday and now....Sun won't kill you
No need to cry about it
grim sparrowBOT
:mute: 3usk#0 has been muted.
grim sparrowBOT
:mute: 3usk#0 has been muted.
[MUTE] I cannot DM that user.
naive violet
Alright, you can maybe get outside a little, you were here all day yesterday and...
If you're trying to stalk me to that extent, I think you got me mixed up with someone else.
I was in an exam yesterday ๐
rapid merlin
This kitten trying to fight my shoes 24/7 ๐คฃ
naive violet
Your poor laces...
weak nest
mine has voices in its head 
rapid merlin
I love how heโs constantly fighting his own tail too when it spooks him
Heโs still staying by me, hoping heโll want to explore soon
rapid merlin
mine has voices in its head <:skully:1307777128108130325>
Awwh
devout palm
Hey folks, just a question. How would you spend your time if it was your last week?
finite latch
Hey folks, just a question. How would you spend your time if it was your last we...
Solving side questssssss
shell nova
*war flashbacks to every crypto CTF challenges*
while technically vulnerable it's still a pain in the arse
naive violet
Oh gods, padding oracles?
chilly veldt
while technically vulnerable it's still a pain in the arse
all the AES-CBC challenges I have done ๐ญ
pliant cairn
Hey folks, just a question. How would you spend your time if it was your last we...
Spend time with fam and then possibly just drive to random places. Just drive tbh.
pliant cairn
Hey folks, just a question. How would you spend your time if it was your last we...
Real answer - do thm
devout palm
Spend time with fam and then possibly just drive to random places. Just drive tb...
Yeah i like driving
I would do it as well
shell nova
all the AES-CBC challenges I have done ๐ญ
yeah, pain.
chilly veldt
big time
devout palm
yeah, pain.
You have not seen the real pain. ECC (elliptic curve) exploiting.
devout palm
My back is killing me
pliant cairn
Have never done elliptic curve exp. Nore anything with aes. Any suggestions where to start?
devout palm
shell nova
You have not seen the real pain. ECC (elliptic curve) exploiting.
ECC is great, but avoid ECDSA
I can lead you to Certain Doom to find out why ๐
devout palm
The walking dead?
shell nova
Also there are suspicions that that curve is backdoored by the NSA
devout palm
Also there are suspicions that that curve is backdoored by the NSA
Lmao really?
shell nova
The walking dead?
nah, Java was a bit broken
shell nova
Lmao really?
can't remember if it was that one or another, but one of the standard curves was thought to be
devout palm
fair lava
do they perhaps have some db or cache with known vpn ips and check against it
Ask him what color are meadows beyond his mud puddle rather than listening to that nonsense
rapid merlin
I need one of those grabby things
The extended pincher
Arm claw thing
So I donโt have to bend my back to pick things up
naive violet
Ask him what color are meadows beyond his mud puddle rather than listening to th...
Kindly, if you have something positive or even just informative to contribute then do so.
If you dislike or disagree with the rules here, you're more than welcome to leave.
weak nest
I need one of those grabby things
rapid merlin
https://tenor.com/view/family-guy-back-scratcher-gif-3477036
But with the pincher
wtf
I didnโt click that
Lmao what
I canโt anymore with this bloody phone
cold vine
rapid merlin
I put grabber in GIF and IP grabbers come up
crimson scaffold
hey there guys, im new learner in cybersecurity and i geniungly dont know where to start, what to start
can anyone guide me through?
would mean a lot and will also help immensly through
Thanks
cloud quiver
hey there guys, im new learner in cybersecurity and i geniungly dont know where ...
You can start with this pathway ๐
devout palm
You can first #start-here and sign up on the site. There are recommended paths to follow (You don't have to) here: #general message
cloud quiver
crimson scaffold
You can start with this pathway ๐
okie let me see
Thank youuuu so muchh
twin ridgeBOT
Gave +1 Rep to @cloud quiver (current: #5 - 1425)
worn turret
Thanks man
twin ridgeBOT
Gave +1 Rep to @severe coyote (current: #1238 - 3)
crimson scaffold
You can first <#806554132117979143> and sign up on the site. There are recommend...
man this is amazing
Thank You man๐ซธ ๐ซท
high kindle
I dowoad kali from the Microsoft store how do I connect to htb or tryhackme vpn
shut hawk
sudo openvpn xyz.conf
pallid lotus
Please use a VM rather than WSL...
shut hawk
they say 
pallid lotus
The other guys said that ovpn doesnt work well in wsl
It should work fine in WSL2 iirc
Doesn't mean it's a good idea 
gray pine
Indeed
high kindle
`sudo openvpn xyz.conf`
Hey will it work on kali or ubanto and Is it even real
shut hawk
real? what's real?
shut hawk
it'll work on both
pallid lotus
We're all just a fantasy
shut hawk
fantasy is a stretch 
high kindle
real? what's real?
The command
gray pine
@high kindle just google โhow to connect to tryhackme vpnโ
Youll get all the things you need
pallid lotus
<@1281985037985779768> just google โhow to connect to tryhackme vpnโ
I stg if someone wrote a bloody guide...
shut hawk
- Install openvpn <- installed by default anyway
sudo openvpn xyz.conf
there's the guide
gray pine
Jay you forgot that he needs to download his package
pallid lotus
I remember when there was no attack box, and definitely no setup guide. You had to find the access page and figure out how to connect to one of the 30 odd rooms on the site.
A different era
pallid lotus
Which package?
Think he meant the config
gray pine
The ovpn package with his username in tryhackme so he can connect
shut hawk
Ah right
gray pine
A different era
It was fun tho
pallid lotus
HackBack2. Good times
naive violet
I remember when there was no attack box, and definitely no setup guide. You had ...
Hey they had a Kali
I remember the Kali room even if you don't
pallid lotus
I remember the Kali room even if you don't
I remember it
Wasn't quite the same though
gray pine
The kali room was my first room ever
shut hawk
@high kindle So, to summarise, instead of downloading Kali from the Microsoft store, we'd highly recommend you use a VM instead. Check out either "VMware" or "Virtual Box" and use the one you find easiest; there are plenty of tutorials on both.
pallid lotus
๐คฎ
rapid merlin
<:virtualbox:678318382239449138> ๐คฎ
๐ถ
pallid lotus
Yes yes yes, that can be taken two ways, I know
mossy river
W virtualbox
shut hawk
The only reason I have vbox installed is for genymotion
rapid merlin
Yes yes yes, that can be taken two ways, I know <:kekw:658061932577816606>
lol its only two ways
naive violet
<:virtualbox:678318382239449138> ๐คฎ
Have you tried it recently? They did improve it substantially
UI/UX is nicer
pallid lotus
Not for a couple of months
rapid merlin
vbox is for opening the werid sites
pallid lotus
It's the networking and peripherals which used to annoy the hell out of me though
I switched to workstation years ago
mossy river
VMware has been causing me too many issues recently
pallid lotus
VMware has been causing me too many issues recently
Welcome to Broadcom
rapid merlin
I switched to workstation years ago
i mean what is your main reason to shift from vbox
pallid lotus
I'm trying to get permission to deploy Proxmox at work
shut hawk
hey jabba are all your assessments open book or is it just a first year thing
pallid lotus
i mean what is your main reason to shift from vbox
Networking and peripherals mainly. It was significantly less polished than VMware overall. Things just worked in VMware, but took ages to get working in VBox.
If James says it's better now than it used to be, I trust him though.
USB passthrough being one of the big ones which just didn't work half the time.
rapid merlin
Networking and peripherals mainly. It was significantly less polished than VMwar...
who is james ???
pallid lotus
This was years ago now though, mind.
naive violet
USB passthrough being one of the big ones which just didn't work half the time.
I've had equal amounts of problems on both lmao
IDK if they actually fixed stuff under-the-hood
pallid lotus
Really? I've had a few guest additions problems on workstation, but nothing like the crap VBox was pulling
naive violet
Only networking "problem" I've seen is the "NAT" and "NAT Network"
naive violet
tails.net
is good
what you say ?
...but why?
pallid lotus
The limitations in their network editor was annoying af too
naive violet
What is your use case? Tails won't be right for 99% of cases
pallid lotus
Although granted, the workstation networking is still fairly limited
rapid merlin
What is your use case? Tails won't be right for 99% of cases
why ?
torproject reccomended the tails
pallid lotus
Again, what is your use case for Tor?
naive violet
why ?
torproject reccomended the tails
You need to understand that choosing the appropriate tool for the job is what makes something the "best" or even just "good"
You use different operating systems and software for different uses
rapid merlin
yep boss
rose tusk
help. I don't know how to exit vim
shut hawk
rip you're stuck there for eternity now
naive violet
help. I don't know how to exit vim
Power cycle
wooden totem
:q! ๐ฃ๏ธ
rose tusk
Power cycle
didn't work, I've put it in rice too
wooden totem
didn't work, I've put it in rice too
:helpclose will bless you
late stag
help. I don't know how to exit vim
<Esc> then :q! <Enter>
hushed knoll
Yo, I've just noticed that I have a "Legend" tag right after my nickname. Is that tag permanent? Why I even got it?
naive violet
0xD God was renamed to 0xD Legend
devout palm
Nice pfp Muiri
tawny imp
hi everyone
are you able to make an educated guess on weather my acc is hacked? fb and insta. im worried for my safety no joke
i have screenshots of recent logins
naive violet
Change the password and activate two factor authentication
Do not reuse passwords between different accounts
tawny imp
i did that two factor was always on
there was a pc login a week ago, i dont own a oc
and 7 more, iphones, iphone 16s and ipads
all in where i am from
naive violet
If you have two factor on and they're all from where you are, they're probably all you
tawny imp
so two factor would mean i would have to accept the login from my own device? always?
naive violet
Two factor means you would have to provide a second factor of authentication. Usually more than just a password
This can take many forms.
tawny imp
but i doesnโt necessarily mean it would show up on my phone right
naive violet
It depends what second factor you configured.
tawny imp
authentication app
naive violet
So you'd have to enter the code if that's what you configured.
tawny imp
so if someone would log into my account else where they would need my phone to get in?
naive violet
That's the idea of two factor authentication yes
high kindle
I use the sudo apt install openvpn
And it's say he is unable to locate the package
naive violet
They would need to get that code
tawny imp
17 logins in the span of a week is concerning
naive violet
I use the sudo apt install openvpn
And it's say he is unable to locate the packa...
Apt update first.
tawny imp
i dont download apps or anything
naive violet
17 logins in the span of a week is concerning
Not with two factor and a good password.
All from your location.
high kindle
I use kali linux from the Microsoft store
naive violet
I use kali linux from the Microsoft store
Still applies.
high kindle
K
naive violet
are you able to make an educated guess on weather my acc is hacked? fb and insta...
You asked us for this.
tawny imp
i dont get it
is there an app i can download to see if my device is being tracked or tapped into? ive been going para for a week straight
naive violet
By whom?
tawny imp
an old enemy who has connects is the whole country and everywhere else
naive violet
Unlikely.
tawny imp
its very likely trust me
naive violet
Go to the police then.
tawny imp
the phone seems fine no lag battery loss
no weird apps
i assume you guys dont provide any services here
naive violet
No. Go to the police if you suspect you're the victim of a crime.
Don't get conned by someone selling charlatan services.
wooden totem
They would need to get that code
Couldn't the attacker steal 1 valid code to then replicate the authenticator pattern later
naive violet
Not with one, no.
You'd need 2 and the times they're from, accurate to 30s for default TOTP.
There's more than just default totp out there
Extended physical access to the phone is kinda... not the threat model it's for
half badge
I love her curves but what's more preferred is the way she articulates words
wooden totem
You'd need 2 and the times they're from, accurate to 30s for default TOTP.
There...
Right, thanks for correction
tawny imp
its very weird like i say all in my city, pc, ipads iphones i know he uses ipads. 18 different logins on both instagram and facebook, instagram password changed all in one week
twin ridgeBOT
Gave +1 Rep to @naive violet (current: #2 - 2225)
half badge
Winter break here. CYBER SECURITY AND MATHS TIME. yay
naive violet
its very weird like i say all in my city, pc, ipads iphones i know he uses ipads...
Go to the police. Hacking accounts is a crime.
tawny imp
ok. thanks for the help anyway
wooden totem
Winter break here. CYBER SECURITY AND MATHS TIME. yay
Plural of math is math
In most cases
half badge
In most cases
Ty. I'm greek. I know it is mathematics. Not mathematic. Ty for helping out
twin ridgeBOT
Gave +1 Rep to @wooden totem (current: #219 - 31)
naive violet
It's maths, don't let those who speak American English get to you
half badge
I mean what I said makes perfect sense I believe
Idk
It's an abbreviation for mathematics in my eyes. Idk abt grammar
wooden totem
Damn I was 1 sentence away from that, didn't read all the way through (I looked it up and first thing that came up was math is plural in all cases)
lament tendon
Yo No one.
How's life?
half badge
Yo No one.
How's life?
Uh idk. Hbu?
lament tendon
Decent, decent, thanks for asking.
A bit tired but also really motivated to build some stuff.
No idea what to make yet, but something.
half badge
Damn I was 1 sentence away from that, didn't read all the way through (I looked ...
Again. I don't disregard your knowledge cause I don't claim I know English grammar all that well. It's just that w my logic I explained it makes perfect sense lmao
half badge
Decent, decent, thanks for asking.
A bit tired but also really motivated to buil...
Wow!
naive violet
Decent, decent, thanks for asking.
A bit tired but also really motivated to buil...
In the last phases of building something here, just deciding on a box to put it all in
wooden totem
The British way does indeed make more sense
half badge
No idea what to make yet, but *something*.
I mean, built software? Robotics? What!!
lament tendon
Software-ish.
Got a certain cool domain that I currently have an empty website on and I want to do something with it.
Just got no amazing idea yet.
gleaming bear
fluid lake
Is day 19 the last day of the advent of cyber?
cloud quiver
Is day 19 the last day of the advent of cyber?
No ๐
Event lasts until Dec 24th ๐
fluid lake
Got it thanks!
little siren
is anyone elses vpn acting weird?
dark frost
Software-ish.
Got a certain cool domain that I currently have an empty website o...
Do a blog with write up of challenges,
little siren
Do a blog with write up of challenges,
saturated
there are 1000s of different writeups on medium
gray pine
Well no writeup is ever the same
If you build online audience using social media you can funnel it to your blog
Smoothie done lets get the day started๐ฃ๏ธ๐ฃ๏ธ๐ฃ๏ธ๐ฃ๏ธ๐ฃ๏ธ
stable comet
i want one too
can anyone provide me a free tryhackme voucher
i am really poor and want to make a career in cyber security
little siren
U can complete the AoC for a chance to win a voucher
stable comet
where is it
gray pine
Bro google
fathom aspen
where is it
gray pine
Dont wanna be rude but just google things
fathom aspen
ok
You can learn quite a lot just from free access, premium just gives better speeds and connections and opens a few more premium rooms
stable comet
You can learn quite a lot just from free access, premium just gives better speed...
oh i gotta learn a lot from the free resources
boreal scarab
Pog, new HBA for my server has been ordered 
stable comet
ig it gonna take me months to win that
fathom aspen
ig it gonna take me months to win that
There's lessons along the way and then you get to hack-along with the lesson, if you get stuck then #1305926862114914325 is there to help
stable comet
There's lessons along the way and then you get to hack-along with the lesson, if...
okkk thanks for the help
twin ridgeBOT
Gave +1 Rep to @fathom aspen (current: #1658 - 2)
fathom aspen
okkk thanks for the help
No problem, happy hacking
boreal scarab
queen forum
drifting mural
https://tenor.com/view/5-days-left-christmas-5-days-until-christmas-xmas-christm...
christmass?!?!?
boreal scarab
christmass?!?!?
Christmas
wooden totem
wild zealot
Im gonna use thm to teach to a class
Just curious how do i make my own lab for students to join
Cloud or vpn?
boreal scarab
Just curious how do i make my own lab for students to join
@near hawk I believe this is your domain.
boreal scarab
I was just going to ceh modules
Wait, before you do that. Are you in India?
wild zealot
Yup
boreal scarab
Ok, carry on then lol. Was going to say, CEH isn't really used outside of India
boreal scarab
Im gonna use thm to teach to a class
@cosmic pendant Can maybe weight in here too? Toast, it's Info sec class related.
cosmic pendant
Teach CEH?
drifting mural
Teach CEH?
Hey, Toasty
cosmic pendant
HI
drifting mural
how is your day going?
cosmic pendant
Good, how is yours? Why did I get a FR?
drifting mural
I'm good
drifting mural
Good, how is yours? Why did I get a FR?
I wanna ask about pursuing PhD
sick lance
Just curious how do i make my own lab for students to join
You can create your own VM, upload it and then they can use the VPN to connect to it.
loud marlin
idk what i look at. don't have instagram shit for a start ๐
boreal scarab
idk what i look at. don't have instagram shit for a start ๐
Don't mneed to be signed in
loud marlin
poor kid
fathom aspen
<@957472407508123678> https://www.instagram.com/reel/DDP1s8ByWNS/?igsh=Nm8xODk3b...
Apparently there is a H2D coming out in the new year ๐
boreal scarab
Apparently there is a H2D coming out in the new year ๐
More printers? JESUS
quiet pulsar
Beans
high kindle
I can't download packages in wsl kali linux pls help
naive violet
Did you apt update?
naive violet
I can't download packages in wsl kali linux pls help
Can you show us what happens when you try to?
worn thorn
More printers? JESUS
print the world !!
got my hand on a prusa mini and it fits too well in it's designated place.
loud marlin
@boreal scarab ill dm you smth ๐
fair lava
I can't download packages in wsl kali linux pls help
You don't need to update anything, do ping -c 4 google.com first and see if it fails
sick lance
You don't need to update anything, do `ping -c 4 google.com` first and see if it...
Apt update will update the list Kali pulls everything from.
sick lance
The list may be broken, and needs updated.
Pinging Google won't solve broken installs.
fair lava
The list may be broken, and needs updated.
Pinging Google won't solve broken in...
How do you know? Did he tell you that?
high kindle
Can you show us what happens when you try to?
It's says unable to locate package nmap
sick lance
How do you know? Did he tell you that?
It's a common issue to not be able to install or update, whilst having an internet connection.
It could be their AV that is potentially blocking it
naive violet
It's says unable to locate package nmap
I'd recommend a screenshot so that we have the full context
sick lance
You can have an internet conn and still not be able to update and/or install.
naive violet
I also can't install or upgrade or update or apt full update and more
Please can you take a screenshot that shows us the error(s)?
sick lance
If you add screenshots we can help better, pictures are easier to help.
naive violet
Without that, it's difficult to help
high kindle
I can't but I can send what it says
naive violet
Copy/paste? The full text is the most useful thing for diagnosing the issue
high kindle
Wait a min
'http.kali.org'
Warning: Some index files failed to download. They have been ignored, or old ones used instead.
I can't send the whole it's too long for non discord nitro
boreal scarab
<@214547132231843840> ill dm you smth ๐
Wonderful!
Sorry, had games in my messages beforehand lol
naive violet
I can't send the whole it's too long for non discord nitro
Put it into a text file and attach it, should let you get around it that way
Also you should be able to screenshot it?
boreal scarab
worn thorn
what was the other one about?
high kindle
Also you should be able to screenshot it?
No I don't got discord in my pc can someone help it's says he can't connect to http://http.kali.org/kali
It's in wsl
fair lava
No I don't got discord in my pc can someone help it's says he can't connect to h...
If you're gonna listen to him you'll never fix anything XDD, just add me
naive violet
This guy...
naive violet
No I don't got discord in my pc can someone help it's says he can't connect to h...
Are you using a school or work computer by any chance?
high kindle
No I'm using a old pc I want to use it as a ai server or homework and maybe just do tryhackme missions
boreal scarab
what was the other one about?
That I linked?
worn thorn
yea
naive violet
If you're gonna listen to him you'll never fix anything XDD, just add me
Seeing as you're apparently a dev, you should have learned effective troubleshooting and how to read error messages.
Being hostile to all those around you provides precisely zero help, and additionally makes people dislike you.
shut hawk
If you try to navigate to http.kali.org/kali/ on your windows machine, what happens?
naive violet
I believe by default it's plain HTTP but yep good step
high kindle
If you try to navigate to http.kali.org/kali/ on your windows machine, what happ...
I found yt toutrial from networkchuch but still thanks
twin ridgeBOT
Gave +1 Rep to @shut hawk (current: #14 - 587)
polar wraith
completed my ctf 
worn thorn
Believe it was <https://store.steampowered.com/app/2286390/Tunnet/>
OR
<https://...
both look well made. Though the Network Engineer might be worth it.
boreal scarab
both look well made. Though the Network Engineer might be worth it.
Sadly, that one isn't released yet. But Network Engineer is in my wishlist
sick lance
I found yt toutrial from networkchuch but still thanks
I'm sure you could do worse for a source.
Does your pc have any issues connecting to anything?
fair lava
Seeing as you're apparently a dev, you should have learned effective troubleshoo...
What do you mean hostile? I even let you talk and I didn't say anything, let's see how will you fix it
worn thorn
Sadly, that one isn't released yet. But Network Engineer is in my wishlist
gonna enjoy the pain of an engineer for fun
boreal scarab
gonna enjoy the pain of an engineer for fun <:blobfingerguns:658062473617866753...
cough Sysops Saga
knotty pendant
fair lava
@high kindle Do sudo apt update if you didn't know already how to do it
knotty pendant
*cough* Sysops Saga
whats this
boreal scarab
whats this
One review.....
"- Tedious tasks - roll out security updates to all nodes while maintaining uptime. Great setup, but given how this needs to be done, there is a lot of clicking involved for a simple task."
Anyone wanna tell them?
shut hawk
I also can't install or upgrade or update or apt full update and more
@fair lava They can't, that's the issue we're trying to solve here
fair lava
Apt update will update the list Kali pulls everything from.
Really?
naive violet
It's also the first thing I suggested lmao
naive violet
Really?
Yes. Current state of what's available in the repos
Also any IP changes etc of repos, often they go stale
fair lava
Can you teach me more about it
rapid merlin
https://tenor.com/view/spongebob-squarepants-cute-smile-happy-blush-gif-17827539
phew
sick lance
Hopefully 17.6.2 corrects my CLI issue.
dark frost
New linux update?
lyric forum
<@1301967510274441258> ๐
hello
lyric forum
I had questions, but in the end, I was answered, sorry.
small badge
how does one even accomplish getting vmware workstation pro everytime i try to download it i get stuck at broadcom login
sick lance
It's ok, next time can I ask you ping and ask furst
sick lance
how does one even accomplish getting vmware workstation pro everytime i try to d...
Do you have a broadcom account?
small badge
no
sick lance
You'll need to create one.
small badge
i tried to register for one and something always covers the submit button even using tab doesnt woerk
sick lance
Tried a different browser?
small badge
ahh
primal kestrel
last day of work for two weeks
Yippeee
they're calling it the least productive day of the year
celest dirge
*cough* Sysops Saga
Was thinking about getting game, is it worth playing?
sick lance
An announcement will be made shortly.
grim sparrowBOT
:hammer: 3usk#0 has been banned.
umbral bay
๐ ๐ฅณ 
Advent of Cyber 2024 DAY 20 Let's Go! ๐ฅณ ๐
shell nova
An announcement will be made shortly.
did we get demoted?
ebon herald
why NaN showing?
worn thorn
it's still starting
boreal scarab
Played the sysops game..... my head hurts now
boreal scarab
Was thinking about getting game, is it worth playing?
^ Read above lol
ebon herald
ya...but recently showing like this...I think they update something...thats a little bug
rapid merlin
hey
chilly veldt
Non applicable number
boreal scarab
It's VERY thought intensive. Just got introduced to testing environment with 2 new software to get networking to. But the layout.... it's jank. Still have to figure that out. So far, it's good
@celest dirge
primal kestrel
just wrote a natty python list comprehension
labeler_data = [
(
model,
os.path.splitext(image)[0],
os.path.join(labels_path, labeler, model, subdir, image),
raw_image_dict[os.path.splitext(image)[0]],
)
for labeler in os.listdir(labels_path)
for model in os.listdir(os.path.join(labels_path, labeler))
for subdir in os.listdir(os.path.join(labels_path, labeler, model))
for image in os.listdir(os.path.join(labels_path, labeler, model, subdir))
if image.endswith(".png") and os.path.splitext(image)[0] in raw_image_dict
]
it's crazy these are like 1,000,000,000x faster than for loops
celest dirge
<@601312347063058433>
Alright, thanks. Imma check it out.
twin ridgeBOT
Gave +1 Rep to @boreal scarab (current: #30 - 321)
boreal scarab
Alright, thanks. Imma check it out.
Welcome!
sick lance
For those who need to support older keys for legacy systems, the new build includes the SSH1 client, which the Kali team says is an SSH client frozen at version 7.5.
That's good, SSH1 will stop the need for using oHostKeyAlgorithms and oKexAlgorithms on the some of the older THM rooms.
boreal scarab
@celest dirge This is only Stage 3, oh, and you have a dev to determine if there's a bug in a software, then you have server resources, logs, etc
celest dirge
ooo interesting
grizzled wing
no email today
sick lance
No news is good news.
knotty pendant
Christmas break is today๐ค
grizzled wing
i went to Kali's blog
https://www.kali.org/blog/
knotty pendant
Should i make a networking game
sick lance
Yeah, there is some near changes in the past Kali of 2024.
grizzled wing
" Kali Linux, deprecates DSA keys for good" DSA ๐ -> ๐๏ธ
GNOME 47 and accent color customization !
new tools look cool
linkedin2username
somber minnow
could anyone help me find an iot camera/similar device that I could use to conduct a pentest for a university project? ive had a look and im struggling to find one where the firmware versions are correct.
sick lance
could anyone help me find an iot camera/similar device that I could use to condu...
We can't assist you with your project, can you please seek advice from peers of lecturer.
somber minnow
We can't assist you with your project, can you please seek advice from peers of ...
no worries, cheers
rapid merlin
new tools look cool
this is a bit unrelated but you showed me the books from Humble a few days ago- bought all 18 today; gonna start on Foundations of Information Security now. Thanks for your recomendation again
twin ridgeBOT
Gave +1 Rep to @grizzled wing (current: #79 - 95)
polar holly
Guys... Imagine doing THM in a restaurant, due to the awesome wifi, and somebody asks you to teach them the fundamentals... Like dude I don't even know that much, but okay I'll try my best...
rapid merlin
Guys... Imagine doing THM in a restaurant, due to the awesome wifi, and somebody...
ha! have fun teaching them - teaching what you have learnt is great for revising and it let's you know if you really understand the topics yourself
polar holly
I gave them a crash course in IP, DNS and http. Just so they can start looking at websites in a different light.
grizzled wing
this is a bit unrelated but you showed me the books from Humble a few days ago- ...
yay ๐ happy learning !
grizzled wing
Guys... Imagine doing THM in a restaurant, due to the awesome wifi, and somebody...
you can show them the sensionalized network chuck video about wifi hacking in a coffee shop
polar holly
ha! have fun teaching them - teaching what you have learnt is great for revising...
Thank you. I will have fun tomorrow, because we set up a follow up for tomorrow when I can actually focus on more things.
twin ridgeBOT
Gave +1 Rep to @floral charm (current: #421 - 13)
rapid merlin
yay ๐ happy learning !
it already so confusion, but im gonna use this as an opportunity just gain a faint memory when i actually learn the topics on a later date
umbral bay
๐
rapid merlin
you can show them the sensionalized network chuck video about wifi hacking in a ...
omd i've seen that video tooo
grizzled wing
๐
sick lance
I want to hack, but Kali be like
small badge
I want to hack, but Kali be like
is that a vm?
rapid merlin
Thank you. I will have fun tomorrow, because we set up a follow up for tomorrow ...
bit cringe but they lucky to have found ya, someone so willing to teach
sick lance
is that a vm?
Of course ๐
umbral bay
the reindeer ate the email
Rollback email. ๐
grizzled wing
2 more days of AoC right?
sick lance
rapid merlin
21, 22, 23, 24 (i think)
sick lance
It was 24?
grizzled wing
hmm, oh well
sick lance
It's always been 24 + 1 questionnaire.
rapid merlin
only 22? i coulnt have known anyways cus i only joined halfway this year
mellow gull
I saw a mod say that the 24th was the last day. Do they post new tasks on the weekend?
grizzled wing
Gaww is typing awwww
sick lance
I saw a mod say that the 24th was the last day. Do they post new tasks on the we...
New rooms come on a Tuesday and Friday after the event ends.
mellow gull
sick lance
And sometimes random days in between.
mellow gull
Interesting!
mellow gull
I only have two more tasks to be fully caught up. I'm sick at home so I'll probably finish them today.
sick lance
Interesting!
Tuesday is an in-house dev room.
Friday splits between either an in house challenge room, or a community created challenge room,
calm briar
Hellooo lovely earthlings - worked abroad for 8 months and left computers behind to save up enough to be able to now study in sincerity . Spent the last two months studying / passing the network +. Getting back on THM - Iโm getting ready for the pentest+ but I have previously complete the jr pentesting path. Any suggestions on rooms , paths , boxes ?
rapid merlin
October is fun event too <@456226577798135808>
omd i missed that, only fully locked in mid november. hyped for next year's halloween event then (2nd fav holiday)
calm briar
I wanna get nasty at report writing . Thinking of just cruising vulnhub for a bit
grizzled wing
I wanna get nasty at report writing . Thinking of just cruising vulnhub for a bi...
there are report templates on github so you can practice writing reports of your pentesting -- ๐ง smart move
rapid merlin
Hellooo lovely earthlings - worked abroad for 8 months and left computers behind...
I'd do PJPT over Pentest+
shut hawk
https://developers.google.com/tech-writing/one
Is fantastic for techical writing
rapid merlin
https://developers.google.com/tech-writing/one
Is fantastic for techical writing
im bookmarking that for sure, thanks for sharing
twin ridgeBOT
Gave +1 Rep to @shut hawk (current: #14 - 588)
grizzled wing
would be funny if their AI wrote their technical writing
calm briar
I'd do PJPT over Pentest+
I was mainly doing it to stack my other compitas . I got the ejpt a few years ago . Already got sec+
grizzled wing
Fomori with the wins
rapid merlin
would be funny if their AI wrote their technical writing
do people do that in real engagement so to save time at the end
rapid merlin
I was mainly doing it to stack my other compitas . I got the ejpt a few years ag...
After Pentest+, I'd do PJPT & PNPT by tcm-sec
rapid merlin
After Pentest+, I'd do PJPT & PNPT by tcm-sec
how good/ recognised are the TCM certificates?
grizzled wing
do people do that in real engagement so to save time at the end
based on my understanding that you have your template and standardization and then make changes for the target you are dealing with
mellow gull
I have a coworker that's absolutely obsessed with using AI assistance for just about all of their filing and reports.
rapid merlin
based on my understanding that you have your template and standardization and th...
ohh that makes sense, it would be hell to start from the beginning for every one
abstract adder
how good/ recognised are the TCM certificates?
Not popular or accepting yet, but it is really good
grizzled wing
i use AI , i like it, overall neutral
calm briar
Yeah Iโm sure the tests / prep would but fun and difficult . But does HR know about heath and his punisher tattoo ?
mellow gull
i use AI , i like it, overall neutral
I don't mind it, but I want to make sure I'm capable of performing a task on my own without it.
grizzled wing
๐ got THM email ๐ง
rapid merlin
Not popular or accepting yet, but it is really good
True, however tcm-sec is ran by good people (am biased since I'm friends with a few of the support staff)
rapid merlin
Not popular or accepting yet, but it is really good
ohh, would you say HTB or TCM after i complete most of Tryhackme?
and teh exams are actually affordable
not unless some companies
calm briar
The pentest+ also adds life to my sec+. The comptia are only good for 3 years and if you get the next in line it adds time to the previous
rapid merlin
i like the main TCM guys video, haven't watched one in ages
grizzled wing
TCM HTB THM certs all help breakdown the paywall garden the OFFSEC have, that is what John Strand is saying
Mayor Malware is typing malware
calm briar
I mean the brass ring is still the OSCP no ?
mellow gull
A New Challenger Has Appeared
abstract adder
True, however tcm-sec is ran by good people (am biased since I'm friends with a ...
But the industry's point of view is still with those old certification standards.... the people who are hiring you might not know or be exposed to the contents and the trainigin meterials, they just follow what has been followed from years
grizzled wing
Die Hard watching is soon upon us
mellow gull
Best christmas movie ever
abstract adder
ohh, would you say HTB or TCM after i complete most of Tryhackme?
I am not sure, I mean both are at the equal level in my eyes.....
grizzled wing
Best christmas movie ever
have a few laughs
abstract adder
i like the main TCM guys video, haven't watched one in ages
I feel it funny reading it ๐
grizzled wing
const gr33ting$ = "hello"