I do what I can citizen.
#general
jade wing
jolly aspen
yea thats what i was wondering, payload sizes are shown when they are sending the stage etc
jade wing
Basically add the payload to the overall shell size. By the time it attaches to a process unless someone’s paying attention the footprint is very small tacked on to that processes usage. They are very hard to detect if you don’t know what you’re looking for but like anything definitely can and can trigger baselines when they go anomalous
crisp hill
guys i had this email in my inbox for a couple days, just saw it, not sure what to make of this
i cant seem to be able to paste images
"Congratulations!
You have won:
a 6-Month TryHackMe Subscription
Please allow 7 days for us to reach out with more information on claiming your prize. In the meantime, you may wish to check out the prize terms & conditions below!
"
south badge
guys i had this email in my inbox for a couple days, just saw it, not sure what ...
scam
sick lance
guys i had this email in my inbox for a couple days, just saw it, not sure what ...
Emails was sent today
crisp hill
from TryHackMe Prizes prizes@tryhackme.com
knotty cargo
Dang
jade wing
guys i had this email in my inbox for a couple days, just saw it, not sure what ...
Did you participate in the AOC? Is it from THM? Just apply typically logic. Were you expecting this?
Etc etc
jolly aspen
Basically add the payload to the overall shell size. By the time it attaches to ...
yea, this was the base of my thinking. that if it attatched to a process then the spike could be monitored, but it being so small makes it a bit less anomolous
crisp hill
i did do a couple tasks but i wouldn't give me that prize
knotty cargo
Domain seems legit for average person
sick lance
i did do a couple tasks but i wouldn't give me that prize
It's a raffle.
jolly aspen
my mind went to detection ideas, cool tool.
jade wing
yea, this was the base of my thinking. that if it attatched to a process then th...
This is correct. Typically when you are at that stage in a pen test you have essentially completed your goal anyways to be fair.
sick lance
So you could answer all questions and not get anything.
Answer one and get something
jade wing
Yes you are hoping they catch it, great but even if they don’t, also great.
crisp hill
It's a raffle.
yea thats why i'm a bit tempted lol
jade wing
yea thats why i'm a bit tempted lol
Review the headers etc. if you did legit win something congrats.
knotty cargo
Basically add the payload to the overall shell size. By the time it attaches to ...
What if it was a process that isnt supposed to make connections ?
crisp hill
So you could answer all questions and not get anything.
Answer one and get som...
i believe there is a filteration before the raffle idk
jade wing
What if it was a process that isnt supposed to make connections ?
Then you have chosen poorly on what you have attached to
blazing granite
you smell and touch the cork to check its health and subsequently the wine, if the cork is dry probably contracted and let passed more oxygen the it should that could affect the wine, maybe the cork had tca, etc
knotty cargo
Then you have chosen poorly on what you have attached to
Thats a good point, attach it to a process that mimics the closest behavior
jade wing
Thats a good point, attach it to a process that mimics the closest behavior
It also just depends on the scope and rules of engagement if your goal was to take it as far as possible remaining as stealth as possible is key so you can remain in and pivot and see what else you can do. If the goal was to get to the point of executing an exploit based on a vulnerability you are tracking in their system then stop. Then you don’t even attach it at that point. You stop, log the results and methods used and that’s it.
Often times that’s the case. You say look I was able to shell you here is how and why.
That’s often more than enough for a report.
jade wing
Most companies when running a pen test will have you very specifically scoped in for a line of business application as an example and the rest of the infrastructure is off limits. They will give you specific ranges and a singular app or a maybe a couple to test. It typically comes down to time, money, and what their goal is. Many times the pen test is to help certify them in various compliances and is a step in that direction. A full pen test like full on wild, go crazy pen test is absurdly rare in the business world.
lime belfry
give it to me
knotty cargo
Most companies when running a pen test will have you very specifically scoped in...
Wow
blazing granite
https://tenor.com/view/confused-unga-bunga-loading-uga-gif-23786525
farther explorations in the dm?
jolly aspen
so strategically speaking, its a temporary shell. used for the utilities it provides like hashdumping, and placing a more stable shell somewhere for persistence or immediate offload of data/hashes etc?
jade wing
so strategically speaking, its a temporary shell. used for the utilities it prov...
This is for the most part true. Most pen tests will not have you perform a hash dump as an example. You will stop at “I could have”
knotty cargo
Is the single or couple of application testing also under the black box term ?
So when a company asks for a black box pentester for example
I think i saw one sometime then
jade wing
So when a company asks for a black box pentester for example
So black box tests are usually external, they are to test typically APIs etc for an application.
Sometimes it’s a test of networking infrastructure
A white box is almost always internal.
sick lance
yea thats why i'm a bit tempted lol
If in doubt, wait the 7 days, THM will give you a code.
jade wing
Sometimes you get a white box for a company that’s both external and internal
sick lance
Black box can be (n).
clear jackal
i believe there is a filteration before the raffle idk
What do you mean by filtration?
sick lance
As can white box.
jade wing
If you maybe are wondering why then learn some of the offensive skills you are, it’s because of two areas. One is working for example in an org they deploys advanced offensive techniques. They do exist typically are government backed. The other is so you aware of the techniques which helps you defend against them.
Pen tests for orgs are often far less exciting than your experiences in CTFs
But that’s ok you get paid well and remain knowledgeable
oak yoke
are there still legal agreements that go with those rare go crazy attakcs . @jade wing ? ive barley begun to delve my feet into this world but im aware breaching legal agreements is a huge no no (in my country)
boreal scarab
1 hour and 3 minutes in.... still encrypting
jade wing
are there still legal agreements that go with those rare go crazy attakcs . <@19...
It’s a massive no no to go out of scope and breach an agreement. It can cause legal issues for you and your company and bring lawsuits as well.
Not to mention likely get you fired from the company you are working with.
knotty cargo
If you maybe are wondering why then learn some of the offensive skills you are, ...
Im too far away from doing this lol
jade wing
Those agreements are no joke.
knotty cargo
But that’s ok you get paid well and remain knowledgeable
Sometimes its just fun to learn
jade wing
Sometimes its just fun to learn
Oh yea absolutely they are a blast to do. I learn all the time from them.
It’s all about keeping your skills fresh and having fun man.
It just gets a lot more policy based and progressional in the real world is all.
oak yoke
Those agreements are no joke.
they have made this clear.
however say I as an individual i discover a bug on a site or service with no open bounties . how would I approach this as i dont think companies would react to kindly to an email i found stating i found a theoretical weakness in said system
jade wing
To scratch the itch of wanting to go wild you do ctf events like Bella and get on teams for it. They are a blast to do.
oak yoke
To scratch the itch of wanting to go wild you do ctf events like Bella and get o...
I have no intention to . I just keep seeing alot of that stuff get brought up for my exams
jade wing
they have made this clear.
however say I as an individual i discover a bug on...
If you are in a professional setting of a pen test you notify and let them know it was not executed on but was identified just out of scope.
mellow gull
You typically shouldn't be seeking out problems with random webservers that don't have a bug bounty/arbitration program anyways imo?
oak yoke
this is all out of my current abilities mind you but you were providing such good info so i had to ask .
oak yoke
You typically shouldn't be seeking out problems with random webservers that don'...
really?
jade wing
If you are doing a bug bounty and they don’t have a bug bounty in place or are out of scope of that bug bounty you simply don’t.
It’s an ethical dilemma at that point if you notify. If it’s discovered but not acted on by you but you notify anyways the typical ethical guidelines dictate you follow up a few times and give it a timespan of 6-12m before releasing a write up.
When you do you never give the code directly for others to exploit it. This often times motivates that entity to fix it.
mellow gull
If you're doing anything more complicated than using inspect on a webpage you're treading a dangerous line when interacting with a service that you do not have express permission to investigate.
knotty cargo
Also sometimes scans can go aganist law
jade wing
Some people do that for fun, I steer clear of that because there is no money in it for me.
I ain’t running a charity over here.
clear jackal
they have made this clear.
however say I as an individual i discover a bug on...
Why are you testing a site/service that has no bounty? That would be the first question.
oak yoke
Why are you testing a site/service that has no bounty? That would be the first q...
i am not . like i said this is out of my ability. I asked the question to make sure i dont get in trouble
jade wing
You typically shouldn't be seeking out problems with random webservers that don'...
This is correct, I don’t do this at all. It invites trouble in many forms.
clear jackal
i am not . like i said this is out of my ability. I asked the question to make s...
I'm not saying you were, it's just the response to your hypothetical.
oak yoke
If you are doing a bug bounty and they don’t have a bug bounty in place or are o...
this is the response i was looking for . thank you .
i do homelabs now but no way i get hired to pentest anytime soon
twin ridgeBOT
Gave +1 Rep to @jade wing (current: #297 - 20)
clear jackal
If you're using the site as intended, and a bug occurs, just email them.
oak yoke
i want real hands on expierience is all but i am avoiding trouble hence why i got a subscription and what not
jade wing
I'm not saying you were, it's just the response to your hypothetical.
This is also highly relevant as a question in the exams. They are asking you to think logically. If they ask a question like that it’s testing your ethics. Choose the answer wisely and put yourself in a professional mindset. Hypothetically indeed you wouldn’t be in that situation.
oak yoke
thank you guys all for the feedback
mellow gull
i want real hands on expierience is all but i am avoiding trouble hence why i go...
This is why we use labs and virtualization to test these sorts of things out. It gives us the ability, time, and resources needed to practice these skills in an ethical and safe manner.
There are lots of tools available for this.
clear jackal
This is also highly relevant as a question in the exams. They are asking you to ...
Critical thinking is important
oak yoke
of course . im just hungry for the real thing is all . i do appreciate any and all feedback
jade wing
This is why we use labs and virtualization to test these sorts of things out. It...
Yup keyword is always going to be “ethical” and “ethics” you will get black listed so to speak professional really quickly for stepping out of line in these regards. You will even lose licensure and certifications.
jade wing
Yup keyword is always going to be “ethical” and “ethics” you will get black list...
Many of the certs you will go after have you agree to a code of ethics and if you are found in breach of them your stuff gets revoked.
clear jackal
Critical thinking is important
From personal experience, we had someone try to nessus a /8 in a mock engagement on a public address space
jade wing
It can completely kill your career. Also land you in a cell. So just have fun ethically in labs and sims and ctfs l good.
naive violet
From personal experience, we had someone try to nessus a /8 in a mock engagement...
Lmao
mellow gull
of course . im just hungry for the real thing is all . i do appreciate any and a...
There's countless ISOs that allow you to host virtualized webservers that let you test things like XSS and other things you might be looking for in a bug bounty. OWASP BWA is a popular one for getting started and it's very easy to set up.
naive violet
From personal experience, we had someone try to nessus a /8 in a mock engagement...
We've had clients give us addresses they don't own too...
clear jackal
We've had clients give us addresses they don't own too...
Yeah, the engagement was in RFC 1819 space...
naive violet
Due diligence etc on public ranges especially
oak yoke
There's countless ISOs that allow you to host virtualized webservers that let yo...
cool . ill check this out . is it very resource hungry on the computer?
rose tusk
We've had clients give us addresses they don't own too...
i had people giving me 192.168 addresses for external scanning 😄
mellow gull
cool . ill check this out . is it very resource hungry on the computer?
Takes like 2 gigs of RAM dedicated tops, and only while you're running it.
rose tusk
i had a proeminent pentest org scoping an external pentest for a 10.x /16 network address recently
clear jackal
You can run a networking lab with a quad core processor and 6 GB of RAM just to be safe
rose tusk
everything is possible, welcome to fill in this spreadsheet to give pricing to customer
oak yoke
Takes like 2 gigs of RAM dedicated tops, and only while you're running it.
awesome . ill check it out . also begun the portswigger labs alongside thm if you guys have any additional resources lmk . thanks
twin ridgeBOT
Gave +1 Rep to @mellow gull (current: #205 - 35)
knotty cargo
i had people giving me 192.168 addresses for external scanning 😄
"Pls keep it between us and dont share it"
rose tusk
"Pls keep it between us and dont share it"
nah, i've asked them, could you please confirm with your networks department as this information might be incorrect
good to know that next time they provided me with their MPLS range which is fully internal 
tame bane
if someone can, please thank Bubbles on the THM support staff for me
clear jackal
Have Debian with a GUI and then run headless VMs through QEMU-KVM/Virt-Manager
jade wing
So personal experience from a while ago with dark trace (I know I know) I humored them and let them run a demo for us and we specifically scoped them in specific infrastructure and ranges. They came back to us 2 weeks later with an eager engineer and presented the data and had scraped well past the scope of the engagement. I was not kind nor pleasant to them. They almost got sued into the ground. The meeting was recorded and we had them dead to rights. They had to formally apologize, purge data from their systems and send us an official certificate of destruction of our data. AND they obviously didn’t get my companies business and I told everybody in my sphere to avoid them like the plague. These are the consequences when you go out of bounds.
knotty cargo
So personal experience from a while ago with dark trace (I know I know) I humore...
I wouldnt have that much patience
jade wing
I wouldnt have that much patience <:kekw:658061932577816606>
I was livid.
rose tusk
they dark traced their way out
boreal scarab
Who wants my password?
exotic vector
theres some interesting stuff in this amd ces conference
boreal scarab
Only 3,840,000 characters. No big deal.
mellow gull
So personal experience from a while ago with dark trace (I know I know) I humore...
It's not that hard to confirm the owners of IP/DNS ranges, too
It takes a pretty distinct mess up
jolly aspen
Who wants my password?
crashing every service you use
exotic vector
Only 3,840,000 characters. No big deal.
how long did it take to finish?
boreal scarab
how long did it take to finish?
Oh it's still going
1 hour and 20 minutes in, Keepassxc is still encrypting
exotic vector
Oh it's still going
oh no xD
mellow gull
jolly aspen
can a clipboard even hold that much?
boreal scarab
can a clipboard even hold that much?
Surprisngly, yes
jade wing
It's *not* that hard to confirm the owners of IP/DNS ranges, too
It takes a pret...
It was most certainly an over eager engineer expecting to scare an executive into purchasing their service they didn’t realize I was also a very skilled engineer and not born into leadership and clawed my way up and was savvy. They thought they would get one over on a boomer ciso who would be impressed. The sheer scummy tactics displayed enraged me to no end.
knotty pendant
boreal scarab
Now Libreoffice Writer on the other hand.... it wants to commit suicide.
knotty cargo
can a clipboard even hold that much?
It can do images so yeah technicially not big deal
jolly aspen
"oh, password character min? let me introduce you to my password"
boreal scarab
Hmmmmm could make it 7,680,000... OR EVEN 15,360,000 CHARACTERS
jade wing
"oh, password character min? let me introduce you to my password"
I try not to use passwords at all when available
jolly aspen
oh I see, I copied it and discord was like, nope, thats a txt file now
boreal scarab
Fuck it, lets make it 122,880,000 characters
mellow gull
It was most certainly an over eager engineer expecting to scare an executive int...
It's crazy because this exact problem you're mentioning is usually talked about in the first ten pages of just about any and every book you read on this subject. Whether it's on ethics or use case, you always stick exactly to the precisely defined limits of your task and you always double and triple check to make sure the ranges are owned by the organization in question.
blazing granite
I was livid.
chilly veldt
Gotta love USB-C technology
mellow gull
Bnuuy
wary ocean
guys i need a new setup layout so bad, i nearly knocked my laptop down 3 times 😭
exotic vector
how? xD what is your set up?
jade wing
It's crazy because this *exact problem* you're mentioning is usually talked abou...
Yea it was a rookie mistake to say the least but the thing is like I said I think it was intentional. I think they were intending to use the mass amount of information they had to scare someone who didn’t know better. These dudes went into r&d systems and dev networks that we were fully aware were not secure. They were not available externally at all with the internal access they had and tried to use those out of scope areas as example of the security holes we had.
mellow gull
awesome . ill check it out . also begun the portswigger labs alongside thm if yo...
Also panic moment. I'm obligated to mention that when you set up intentionally vulnerable VMs make certain it is not available to the open internet. Make an internalized network all the time, every time.
jade wing
What’s sad is I liked their platform but the price was already an issue and the sheer fact they did what they did ruined any potential partnership
wary ocean
how? xD what is your set up?
i have my laptop on a stand and my keyboard under it and i keep knocking it off
knotty cargo
guys i need a new setup layout so bad, i nearly knocked my laptop down 3 times �...
Check out this 200$> setup
wary ocean
saving up for a whole new setup tho
jolly aspen
Also panic moment. I'm obligated to mention that when you set up intentionally v...
unless you like excitement and sadness
wary ocean
Check out this 200$> setup
i dont have room, my desk is way too small 😂
knotty cargo
Check out this 200$> setup
Ik its nonsense i just wanted open tabs to send to my friend to scare him
jade wing
Also panic moment. I'm obligated to mention that when you set up intentionally v...
lol indeed
mellow gull
What’s sad is I liked their platform but the price was already an issue and the ...
It happens. All it takes is one person being a little too zealous to ruin it for everyone. This isn't the kind of job where you intentionally go above and beyond LMAO
loud marlin
Gotta love USB-C technology
dear lord 🙂
chilly veldt
My setup
chilly veldt
dear lord 🙂
ALL THE PINK
wary ocean
wait hol up how do i send pictures
loud marlin
ALL THE PINK
i noticed yea 🙂
sharp citrusBOT
chilly veldt
you have to verify
chilly veldt
i noticed yea 🙂
needed to find a color that is good for detecting if I haven't drawn properly
mellow gull
Three monitors is already pushing it for me
rapid merlin
Hello world
chilly veldt
I need one more tbh
exotic vector
I have the one monitor
chilly veldt
Why u in the dark
old pic
knotty cargo
I have the one monitor
One little, 100 inch monitor 😅
cloud quiver
Hello world
Hello , welcome 😄
blazing granite
ALL THE PINK
bella pink 😂
oak yoke
Also panic moment. I'm obligated to mention that when you set up intentionally v...
Hey i appreciate that alot actually cause that can be super dangerous. I have an old craptop completely segregated i run malware on so im gonna use those. Ive just never heard off intentionally vulnerable. Vms being a thing.
chilly veldt
(but I am still in the dark, cause then I get to see the colors better)
rapid merlin
Hello , welcome 😄
Just subscribed to premium, its a very nice learning platform
wooden totem
(but I am still in the dark, cause then I get to see the colors better)
Eye strain simulator
cloud quiver
Just subscribed to premium, its a very nice learning platform
Glad to hear that you're enjoying here 🙂
Keep up the good work 😄
knotty cargo
Ive delt with severe eye dryness for 4 months
rapid merlin
Keep up the good work 😄
Kinda hard learning technic english but I’m holding on
knotty cargo
It was the worst experience ever
chilly veldt
Eye strain simulator
indeed
blazing granite
Eye strain simulator
no simulation my eyes hurt after 30 seconds of seen that pic 😂😛
cloud quiver
Kinda hard learning technic english but I’m holding on
Feel free to ask and reach out here whenever you need help 😄
rapid merlin
Feel free to ask and reach out here whenever you need help 😄
Thanks !
twin ridgeBOT
Gave +1 Rep to @cloud quiver (current: #4 - 1850)
mellow gull
Yeah you see all sorts of cool setups. I run metasploitable 2 & 3, OWASP BWA, an internalized AD network, and some other stuff. Other people have their own thing going on. But it's essentially how we cultivate our abilities in a manner that doesn't endanger ourselves or anyone else.
boreal scarab
@exotic vector 1 hour, and 30 minutes, and it's finished.
mellow gull
Hey i appreciate that alot actually cause that can be super dangerous. I have an...
Woops
chilly veldt
though the electricity bill is so high that I can only affort to either have lights on or my pc turned on
opaque flax
It was most certainly an over eager engineer expecting to scare an executive int...
I’ve heard their model is to try to scare people into buying their product. I’ve heard nothing but bad reviews of dark trace
chilly veldt
so battle of the power
boreal scarab
<@217975408287678464> 1 hour, and 30 minutes, and it's finished.
@sand trench
blazing granite
<@217975408287678464> 1 hour, and 30 minutes, and it's finished.
wooden totem
though the electricity bill is so high that I can only affort to either have lig...
You literally have 4 monitors on at all times
sand trench
lmao
knotty cargo
Not a big deal tho
wooden totem
That's paying for room heating
wary ocean
i think i did it
wooden totem
Inefficient room heating
wary ocean
yay
knotty cargo
A solar panel and buck converter, and get a second charger and cut the head
naive violet
Boost converter?
ripe charm
@cloud quiver r u a bot 👀
naive violet
Yeah there's like 3 types. Buck, boost, buckboost
chilly veldt
Inefficient room heating
I am actually joking, I use typically 50% less power than a normal appartment of my size
wooden totem
I have 2 monitors and I have my second one off at all times that I'm not using it, plus I have power saving mode on my main one
wary ocean
To the previous convo, this is what I'm rocking atm
knotty cargo
Idk i think its buck
rapid merlin
rockyou.txt
jade wing
To the previous convo, this is what I'm rocking atm
Hey nothing wrong with that.
knotty cargo
Although increases 1% eveey 15 minutes lol
naive violet
Idk i think its buck
Boost if the voltage goes up
mellow gull
To the previous convo, this is what I'm rocking atm
If it works it works, brother
knotty cargo
But keeps the laptop on
wary ocean
i keep hitting the laptop and nearly knocking it off
knotty cargo
Boost if the voltage goes up
Ah yes then its boost
chilly veldt
my awerage daily usage of power is 2.65 kWh
cloud quiver
<@719261261665402921> r u a bot 👀
I should be real 😄
mellow gull
i keep hitting the laptop and nearly knocking it off
Superglue (This is not legitimate advise)
ripe charm
I should be real 😄
U r active every time ⌚, no sleep
knotty cargo
I call buck for them all
wary ocean
Superglue (This is not legitimate advise)
i was thinking about ziptieing it to the stand tbh
chilly veldt
I use like 70-85 kWh a month
wooden totem
I am actually joking, I use typically 50% less power than a normal appartment of...
I was told pc wastes a ton of electricity so I had to pick one that is the most efficient
jade wing
To the previous convo, this is what I'm rocking atm
When I was younger had a similar setup, I used an external display and my laptop off to the side though. If you can, I would recommend it.
wooden totem
Actually never checked, what percentage of electricity bill is just the pc
knotty cargo
I use like 70-85 kWh a month
U mean the house right 😭
wooden totem
I could honestly live with 1 outlet
mellow gull
U mean the house right 😭
Kyooty subsists directly off of electricity, didn't you know?
wary ocean
When I was younger had a similar setup, I used an external display and my laptop...
i seen a pegboard with a sliding bar with 2 monitor arms, i was gonna get a laptop tray mount and another monitor and put it on the back of a new desk
chilly veldt
U mean the house right 😭
no, I use it to power my tools
naive violet
I call buck for them all
Don't, it is wrong and will confuse people who know electronics
jade wing
Actually never checked, what percentage of electricity bill is just the pc
I know when I fire up my server cabinet at full load if I leave them on it can easily add like 100-200 dollars on top of my bill.
knotty cargo
Actually never checked, what percentage of electricity bill is just the pc
Ur pc probably consumes 200-400w so running it 12 hours a day, youre looking at 3.6kwh daily, which translates to 108kwh monthly
Multiply it by the cost of 1 kwh in ur country
naive violet
Ur pc probably consumes 200-400w so running it 12 hours a day, youre looking at ...
Under heavy load maybe
wooden totem
I'm pretty sure there's a lot of factors
chilly veldt
what
naive violet
At idle it's way below 100w
hollow pivot
We've had clients give us addresses they don't own too...
Reminds of one of the Darknet Diaries episodes
knotty cargo
Don't, it is wrong and will confuse people who know electronics
We speak arabic here so i use different terms, unless im on the internet like now
worthy plaza
Is there anyone who wins any prize of the Advent of Cyber 2024???
We will love to hear from you.
knotty cargo
Under heavy load maybe
Yeah i dont believe it will run at more than 400w unless doing hashing or gaming maybe
chilly veldt
I was about to say, my pc with 4 monitors run me approx 0.26kWh per hour
wooden totem
Yo wtf, electricity cost literally doubled in my country since last year
knotty cargo
In my country, kwh price increases with the consumed amount
chilly veldt
that's called supply and demand
knotty cargo
Should'nt it be the opposite ?
wooden totem
0.11 last year, 0.22 this year
knotty cargo
Dang thats too expensive
winter dove
@worthy plaza I won a prize from advent
wary ocean
first time? 😂
boreal scarab
first time? 😂
I asked it how many years it'd take to break a 3,840,000 character password.
It's just loading...
wary ocean
at least its thinking
boreal scarab
JUST finoished
knotty cargo
Its like ahh man how do these humans live
boreal scarab
94^3,840,000
It says: trillions upon trillions of years
chilly veldt
I pay 96 euros for 3 months of electricity
wary ocean
i asked it to make me a whole rant abt why sharp cheese taste so weird as if it was coming from trevor phillips and it did 😂
granted i got timed out cuz i think i bypassed filters
wooden totem
It's just loading...
It's a new feature, it's searching the internet in real time
knotty cargo
94^3,840,000
It says: trillions upon trillions of years
It found out that it should stop calculating and just give a big number
wooden totem
That wasn't a joke
worthy plaza
<@916356149551448094> I won a prize from advent
knotty cargo
Tell it how much time exactly
sick lance
To the previous convo, this is what I'm rocking atm
Only one monitor?
How do you cope?
boreal scarab
94^3,840,000
It says: trillions upon trillions of years
That 1 followed by 7,576,810 zeros
Jesus
wary ocean
Only one monitor?
How do you cope?
i dont have room for another one atm
wooden totem
That 1 followed by 7,576,810 zeros
Relatively small number
boreal scarab
Only one monitor?
How do you cope?
I only rock 1 monitor, my laptop... Desktop has 3
hidden glade
.-. it can't see it in my badges why
worthy plaza
<@916356149551448094> I won a prize from advent
What is the prize...???
sand trench
.-. it can't see it in my badges why
think that badge has got deprecated but who knows
boreal scarab
Ahh there we go
sand trench
shadow never got a chance to get this badge
winter dove
What is the prize...???
I won a gift card to the swag shop.
wooden totem
Mobile discord sucks ass question mark
wary ocean
i tried copying all of that and discord restarted
boreal scarab
i tried copying all of that and discord restarted
Wait, lemme add to something...
errant fossil
HOLY 8MB txt file
boreal scarab
i tried copying all of that and discord restarted
My Resume now:
Windows 10: 70+
Windows 11: 3
Windows 7: 3
CentOS: 2
Kali: 3
Arch: 3
Mint: 2
Jabba's Spotify: 1
Mage's Discord: 1
hidden glade
think that badge has got deprecated but who knows
"-" oh sh*t
worthy plaza
I won a gift card to the swag shop.
Enjoy 🎁
wooden totem
HOLY 8MB txt file<:johnwow:1031584263499436042>
1MB is aprox million characters
sand trench
My Resume now:
Windows 10: 70+
Windows 11: 3
Windows 7: 3
CentOS: 2
Kali: 3
Ar...
add shadows dragonbox pyra
nocturne sinew
1MB is aprox million characters
ascii.
I'd expect it to be less if it was utf-8 or utf-16
wary ocean
idk how many of yall know who this is but jt music has hats and i lowkey kinda wanna get one cuz they look comfy
boreal scarab
I could THEORETICALLY have 1,112,064 different characters in a password
mellow gull
idk how many of yall know who this is but jt music has hats and i lowkey kinda w...
JT music is pretty good
chilly veldt
And all i have done is draw bunnies
boreal scarab
add shadows dragonbox pyra
My Resume now:
Windows 10: 70+
Windows 11: 3
Windows 7: 3
CentOS: 2
Kali: 3
Arch: 3
Mint: 2
Jabba's Spotify: 1
Mage's Discord: 1
Shadow's Dragonbox Pyra: 1
wooden totem
I could THEORETICALLY have 1,112,064 different characters in a password
That's just bit combination at this point
nocturne sinew
I could THEORETICALLY have 1,112,064 different characters in a password
find a site you can break by setting non-printing ascii characters in your password.
boreal scarab
That's just bit combination at this point
unicode WOOOOOOOOOOOO
errant fossil
1MB is aprox million characters
DAMNN 8 million characters
chilly veldt
https://www.xkcd.com/2700/
\00
sand trench
shadow will continue to claim that xkcd is a gold mine of fun stuffs
wooden totem
https://www.xkcd.com/2700/
If that's a normal problem, what's the odd one
wooden totem
shadow will continue to claim that xkcd is a gold mine of fun stuffs
Oh you're a fan of xkcd? Name every comic
sand trench
Oh you're a fan of xkcd? Name every comic
could do that but shadow would get banned
boreal scarab
hehehehehehehehe. I could use python to generate every single unicode character in a password.
wary ocean
this may be a stupid question, if a website use to allow < into their passwords and now they dont, but youre password was made before and contained a < will it kick it out or allow
boreal scarab
sand trench
sorry that was the wrong keyboard issues one: https://www.xkcd.com/1586/
wooden totem
this may be a stupid question, if a website use to allow < into their passwords ...
"Before logging in, change your password"
sand trench
"Before logging in, change your password"
would not work mostly as passwords are hashed
so they would have 0 chance to know there is a < in the password
wooden totem
You can type the password and it would tell you nuh uh
clear jackal
this may be a stupid question, if a website use to allow < into their passwords ...
It depends on how they've configured their backend?
devout palm
Are you folks using keepass?
nocturne sinew
Are you folks using keepass?
1password here
clear jackal
Bitwarden, personally
devout palm
So i want to sync my passwords with my phone and laptop
wooden totem
UwUPasswordz here
boreal scarab
Are you folks using keepass?
I made Keepass stupid....
boreal scarab
1800 transforms, took it 1 hour and 30 minutes to complete encryption
wary ocean
honestly best way to keep passwords safe is to just remember them imo
clear jackal
So i want to sync my passwords with my phone and laptop
I would probably look at official documentation to see if it's possible
wooden totem
Bitwarden lowkey?
clear jackal
honestly best way to keep passwords safe is to just remember them imo
This leads to password reuse
devout palm
honestly best way to keep passwords safe is to just remember them imo
But then you need to use same password for every other website
boreal scarab
LastPass
eternal timber
Are you folks using keepass?
Is that a password manager
boreal scarab
devout palm
But then you need to use same password for every other website
Or a variant of them, which is a bad practice
sand trench
which also leads to a problem if places force you to change password to often
wooden totem
So i want to sync my passwords with my phone and laptop
Doesn't every password manager do this
sand trench
as then you will start using predicatble patterns
nocturne sinew
I have a fun story from a month or so ago:
I received an email from a magazine i subscribe to, that also has a digital component.
We have implemented our new password policy to improve account security.
This means when you try to log in, you will be prompted to reset your password if it does not already meet the new criteria.
Don’t worry, your account is still safe, and you can reset your password at any time.
There's something they implied here, that they absolutely wouldn't confirm by email. I sent them a couple of emails over the last month or two, but still haven't received an adequate response for my security brain.
clear jackal
Doesn't every password manager do this
Keepass is self hosted
wild rose
Found out that our dog likes the snow, but only when it's taller than her. lol
wooden totem
Account based ones ig
wooden totem
Found out that our dog likes the snow, but only when it's taller than her. lol
You do too
Or would I guess
opaque flax
What’s your guys opinion on setting up WINS servers in 2025?
devout palm
Can i do something like
Server gets the public key, generates and stores passwords
Both my PC and phone have the private key, only these two can decrypt.
wild rose
lol it's about 8 inches of snow so far with more to come.
nocturne sinew
What’s your guys opinion on setting up WINS servers in 2025?
Ugh. Really?
opaque flax
Ugh. Really?
Reason I ask is cause I have a sysadmin at work that always says we gotta setup a wins server yet MSFT say it deprecated so I wanted other opinions
rose tusk
hehehehehehehehe. I could use python to generate every single unicode character ...
just use this in your password and you'll confuse everyone
So like if you lose access to both phone and pc you lose access to passwords?
devout palm
just use this in your password and you'll confuse everyone
``` “;” (U037E)
```
You can use * or space " "
xd
rose tusk
the greek question mark; the bane of C#
nocturne sinew
Can i do something like
Server gets the public key, generates and stores passwo...
please don't say you're thinking of making your own password manager.
devout palm
please don't say you're thinking of making your own password manager.
I am
nocturne sinew
please don't.
wary ocean
write the passwords on a piece of paper, put it behind your phone case
sand trench
the greek question mark; the bane of C#
nowadays most sane compilers handle the greek question mark in the same way as a semicolon
devout palm
please don't.
Why? Too many things to consider?
loud marlin
let me try my luck... chicken man i have some question about hash from 7z2john...
rose tusk
nowadays most sane compilers handle the greek question mark in the same way as a...
i code in notepad
sand trench
i code in notepad
you don't compile with notepad do you???
sick lance
i code in notepad
Microsoft word.
fallen silo
I don't think it is completely worked out-- I'm getting the PARSING_ERROR
sick lance
I don't think it is completely worked out-- I'm getting the PARSING_ERROR
Ctrl and F5.
rose tusk
you don't compile with notepad do you???
no, i build everything in paint
nocturne sinew
Why? Too many things to consider?
crypto is hard. software development is hard. The combination of the two is just fraught with pain and misconfigurations.
sand trench
Microsoft word.
nocturne sinew
https://xkcd.com/2298/
My undergrad degree was Bioinformatics. Can confirm.
sand trench
fallen silo
Ctrl and F5.
cleared cache already... not working.
Issue resolved.
wooden totem
I think he's linking in
opaque flax
Like…Linkedin ?!?
wooden totem
laugh track plays
devout palm
Linkin park
nocturne sinew
linkedin bark. It's how good doggos find new jobbos
devout palm
Experience:
- CTF Player @ TryHackMe
eternal timber
Feeling chilly
wary ocean
me when making soup
untold zephyr
can you learn more than basic networking on thm if u purchase a subscription?
opaque flax
can you learn more than basic networking on thm if u purchase a subscription?
There’s a whole free roadmap
Unless you’re talking specifically networking
untold zephyr
There’s a whole free roadmap
IG to know enough networking to be comfortable in the other rooms etc?
eternal timber
There’s a whole free roadmap
The question doesn’t make sense unless they mean “if don’t purchase a subscription”
But yes
opaque flax
The question doesn’t make sense unless they mean “if don’t purchase a subscripti...
Yeah but I got the gist
opaque flax
IG to know enough networking to be comfortable in the other rooms etc?
Mostly yeah
There’s some networking concepts you may have to Google
But that’s part of the learning process
untold zephyr
That's fair enough, but is premium worth it?
eternal timber
Well yeah
slow bolt
Curious if anyone can recommend any trusted secrets scanning scripts for websites. I will not use unless I understand the code of course but will save some reading if I can get some common suggestions.
if not would there be a list to include in things to scan for I could unclude in my checklist while writing my own script?
The issue is takeover of legacy code with hardcoded secrets
nocturne sinew
That's fair enough, but is premium worth it?
for the better attackbox policies, totally.
eternal timber
Worth the annual price of 95 usd on discount? xd
If you’re serious about learning then yeah it’s worth it
wooden totem
@hollow rapids #general message
wary ocean
Worth the annual price of 95 usd on discount? xd
95 is cheap for the stuff you learn if you utilize it correctly
untold zephyr
I am a total noob, but for example - the networking fundamental is premium, when I try to enter some of the rooms
wary ocean
i recommend it, just for the rooms, challenges and the attackboxes
or the avent code still should be valid i think
exotic vector
whew might have to install graphene on my phone, got a "fun" email from google about an update they're gonna push to my pixel 4a
untold zephyr
But how in-depth does THM go in terms of knowledge on the topic. I know they can't cover everything, but do they entice research in the specific topics?
nocturne sinew
But how in-depth does THM go in terms of knowledge on the topic. I know they can...
it's like anything educational; you're always free to do more research yourself...
exotic vector
But how in-depth does THM go in terms of knowledge on the topic. I know they can...
yeah you're suppose to be doing extra research and reading outside of thm
eternal timber
It gives you a solid foundation and path
wary ocean
But how in-depth does THM go in terms of knowledge on the topic. I know they can...
you can click on the path and itll tell you what rooms are connected to it
untold zephyr
Thanks guys 🙂
hollow rapids
<@1307701703034011672> https://discord.com/channels/521382216299839518/680459914...
🙏
wary ocean
Thanks guys 🙂
AOC2024 should still be valid for a promo code to in order to get 30% off
loud marlin
@polar spoke if you find you self here. got Q about some hash thing 🙂
sick lance
<@254841398103113728> if you find you self here. got Q about some hash thing 🙂
At this point, why not just add him as a friend and DM him
loud marlin
ehhehe
fair yes... nah i do things so far so great. just stuck from time to time. and i have weeeeery long hash that idk how to
sand trench
YAY MARVEL RIVALS BEING NICE TO MAC AND LINUX PLAYERS
polar shale
YAY MARVEL RIVALS BEING NICE TO MAC AND LINUX PLAYERS
Power move
boreal scarab
do they email
They send a pigeon
polar shale
Lol
wary ocean
They send a pigeon
time to bird hunt
wary ocean
will the bird display a holographic message from its eyes
since we all know birds are robots
boreal scarab
will the bird display a holographic message from its eyes
Yes, cause birds aren't real.
crystal mauve
anybody win anything?
mellow gull
Yes, every winner has received their emails.
wild rose
we finally made the bald eagle the official bird of America, cuz they were able to fit a robot in one.
crystal mauve
nope but i got a mens warehouse email for prom tuxes
its a sign
crystal mauve
date with your english teacher
wary ocean
he retired
crystal mauve
add him on fb
boreal scarab
blazing granite
where am i gonna wear a prom tux to?
To a wedding or a formal event 🙂
crystal mauve
or a gay speed dating event
wary ocean
i should dm someone ik that still goes to my hs to piss my ex off and go to their senior prom
sand trench
https://tenor.com/view/captcha-thug-robot-i-see-what-you-did-there-thuglife-gif-...
recaptcha is for tracking real life people
not for stopping bots
anyone that think it stops bots needs to do some research
blazing granite
https://tenor.com/view/captcha-thug-robot-i-see-what-you-did-there-thuglife-gif-...
clear jackal
i should dm someone ik that still goes to my hs to piss my ex off and go to thei...
That's a bit weird
crystal mauve
i didnt even win a congratulations email
boreal scarab
recaptcha is for tracking real life people
not for stopping bots
But but but but but... it says "I'm not a robot"
sand trench
But but but but but... it says "I'm not a robot"
when was the last time you noticed google lying to you???
boreal scarab
when was the last time you noticed google lying to you???
1 nano second ago
karmic hemlock
Every day
sand trench
1 nano second ago
just for your info recaptcha is mostly made by google
boreal scarab
just for your info recaptcha is mostly made by google
At this point, what isn't
sand trench
At this point, what isn't <:NotLikeThis:689847725969244171>
cloudflare
karmic hemlock
At this point, what isn't <:NotLikeThis:689847725969244171>
Cereal (probably)
blazing granite
That's a bit weird
I think a visit to a psychologist would be more productive 😂
sand trench
also
hate your facebook is not made by google
sinful pine
I hate that FB isn't owned by Elon!
obsidian iris
google wants to buy brazil #fakenews
crystal mauve
were e-mails sent to all participants by chance, to let them know they were involved in the raffle?
obsidian iris
if you don't get an email, it simply means you won nothing
sinful pine
I'm also a little disappointed I won NOTHING from the cyber event. 😦
obsidian iris
actually, you won 24 days of free training
karmic hemlock
I won knowledge so I'm chillin
karmic hemlock
actually, you won 24 days of free training
Fr
blazing granite
I hate that FB isn't owned by Elon!
so he can destroy that platform too? 😉 😂
finite tulip
Well, it was most likely that you would not get anything
sinful pine
lol if that's what you think.... sure
obsidian iris
I hate that FB isn't owned by Elon!
the attention on twitter wasn't enough for the free-speech absolutist
blazing granite
I'm also a little disappointed I won NOTHING from the cyber event. 😦
better luck next time 🙂
sand trench
obsidian iris
imma start my captcha business
karmic hemlock
https://www.youtube.com/watch?v=VTsBP21-XpI
This but replace recaptcha with everything
sinful pine
better luck next time 🙂
Thanks. I found that the last contest before that one, I had JUST STARTED and I didn't get an email or anything but I had won a hat and shirt but... they wouldn't let me claim them anymore by the time I saw I had won something. 😦 so I was really hoping this time....
twin ridgeBOT
Gave +1 Rep to @blazing granite (current: #60 - 136)
sand trench
This but replace recaptcha with everything
well not everything is spyware
but yeah there is a decent bit of the big tech websites being bad
karmic hemlock
My microwave probably listening rn fr
crystal mauve
https://www.youtube.com/watch?v=VTsBP21-XpI
that's some dark ninjutsu shiet
sinful pine
and was REALLY Crossing my fingers for DefCon!! lol
mellow gull
If your fridge requires a wifi connection to run properly and your toaster has bluetooth, you know what kind of consumer you are.
finite tulip
lol if that's what you think.... sure
140k in the room, 2k prizes
while not just "divide 140 by 2" since your chances depend on how many questions you answered, it was still low chance of getting rewards
obsidian iris
i ran into a website, which shouldn't have told me who's going to collect my data (and there was a list of over 150 companies by names 💀)
sand trench
the only technology shadow trusts is the ones shadow has fiddled with a lot
sinful pine
I even answered EVERYTHING! lol
sand trench
hence vial-qmk keyboard and mouse
and ploopy headphones
mellow gull
I even answered EVERYTHING! lol
Even under the most optimal conditions it was like a 5% chance.
karmic hemlock
Imagine someone answered 1 question and got a prize lol
wild rose
It's snowing again
finite tulip
I even answered EVERYTHING! lol
Same even a bit of the side quest, no prize here either
crystal mauve
wait so am i really a robot -_-a
sand trench
Imagine someone answered 1 question and got a prize lol
could have happened even though unlikely
sinful pine
ya. I guess with only 2000 prizes.... lol slim chance.
obsidian iris
Even under the most optimal conditions it was like a 5% chance.
your pfp makes me smile internally
mellow gull
your pfp makes me smile internally
Smile externally, too.
finite tulip
@sand trench did you win anything?
obsidian iris
Smile externally, too.
felt better, thank you
twin ridgeBOT
Gave +1 Rep to @mellow gull (current: #201 - 36)
crystal mauve
did any of u win ? -_-
finite tulip
did any of u win ? -_-
not me :/ didn't expect to win either
errant fossil
winning was the friends along the way😁
obsidian iris
did any of u win ? -_-
guess i'll pay that month out of pocket
mellow gull
felt better, thank you
Good, you deserve at least a little joy.
wild rose
nope but that's ok. The things we learned along the way.
sinful pine
question..... ??? My 2024 stats thing says that I was in the top 95% of people in the USA. What exactly does that mean?? Does that mean that of all the USA people I'm in the top 95%? Like... there aren't very many in the USA doing this??
tame bane
you get a stats thing?? 0.0
mellow gull
The bonds we formed, the things we learned, and the people we met.
At the end of each year yeah.
sick lance
question..... ??? My 2024 stats thing says that I was in the top 95% of people i...
Top 95% of the US would be a large number.
obsidian iris
is it measured based on country or globally?
sinful pine
you get a stats thing?? 0.0
Yep. It was at the top of the dashboard. Might be there yet?
mellow gull
It's gone now surprisingly. It was up for like three days.
Wonder if there was an issue?
sinful pine
IDK but mine was up for weeks
sand trench
<@228199546050707456> did you win anything?
a badge and the certificate of completion
polar spoke
tame bane
I guess I missed it 😛
sand trench
please dont mine bitcoin on paper
finite tulip
a badge and the certificate of completion
"Winning was the friend we made along the way" or something
Well, good luck next year/event
mellow gull
Mine bitcoin in the mines like the rest of us.
blazing granite
question..... ??? My 2024 stats thing says that I was in the top 95% of people i...
you're 5% from the bottom 😂
quiet wave
Damm, can't believe I didn't win anything in the AOC. did every regular task
mellow gull
Damm, can't believe I didn't win anything in the AOC. did every regular task
There's plenty of us right there with you.
obsidian iris
doing tasks only increases your chances by some 0.01% maybe
crystal mauve
haha
obsidian iris
i thought of doing the side-quest, but gave up without a second thought
barely familiar with linux, and it expects me to hack a firewall and VM
it was already 2 days before the end of december
boreal scarab
cloudflare
touche
finite tulip
i thought of doing the side-quest, but gave up without a second thought
I started but got busy, got some time and managed to complete Q1 and Q2
boreal scarab
Cereal (probably)
They probably got a hold in there too
blazing granite
Damm, can't believe I didn't win anything in the AOC. did every regular task
AFAIK everybody that finish it goes to a pool and from there randomly people are chosen, so don't worry about it, it's not a reflex on your skills, and better luck next time
crystal mauve
im the #1 user in san marino
finite tulip
im the #1 user in san marino
Monthly?
crystal mauve
its just 2 of us XD lol
obsidian iris
I started but got busy, got some time and managed to complete Q1 and Q2
impressive, how much of an experience is usually required for these kind of difficulties?
I started few months ago studying networking and operating systems
the only red/blue activities i did were the ones on AOC
finite tulip
impressive, how much of an experience is usually required for these kind of diff...
Well, most of my cyber security learning is from THM and I've only been going for 139 days straight so not that much
I also didn't get that far
wary ocean
not that much, been doing it for nearly half a year
obsidian iris
I'll see if i could complete it by the end of this year
finite tulip
I also didn't get that far <:kekw:658061932577816606>
Maybe if I had more time but that's mostly an excuse
crystal mauve
ive been trying to figure out what i can study while i'm doing my full time job, port #s is a great one, any other suggestions?
finite tulip
it was already 2 days before the end of december
You can still try to complete SQs, just now if you get stuck you can look at a walkthrough for that part
obsidian iris
the baby steps 👶
finite tulip
Yeah, a lil more than that I would recommend
I am done with Pre Security, Introduction to Cyber Security (maybe 101 is equivalent) and Web Fundamentals
Currently 50% Jr Pen Tester
That being said you don't need to have that much but it can definitely help
quiet wave
im the #1 user in san marino
Where can you see stats by country?
crystal mauve
woaahhh what is thatttttttttt
crystal mauve
Where can you see stats by country?
finite tulip
woaahhh what is thatttttttttt
most of them require a Business account but there is at least one that doesn't need Business
shut hawk
@glass nest
finite tulip
The darned "fake png"
silent sable
there must be some mistake i did not receive an email letting me know i won a prize in AoC
remote acorn
Can we see the winners list somewhere?
keen light
hidden glade
most of them require a Business account but there is at least one that doesn't n...
"-" so ok I need a job first
karmic hemlock
Can we see the winners list somewhere?
Winners lists are not public, the emails were already sent out privately to all the winners
opaque flax
most of them require a Business account but there is at least one that doesn't n...
The question is what counts as a business account
Is it a custom domain
Or do you have to talk to a salesperson
karmic hemlock
an account you do business on I suppose
opaque flax
an account you do business on I suppose
Damn why didn’t I think of that
karmic hemlock
remote acorn
Winners lists are not public, the emails were already sent out privately to all ...
ok, thank you
twin ridgeBOT
Gave +1 Rep to @karmic hemlock (current: #1021 - 4)
hidden glade
The question is what counts as a business account
SOC Simulator
opaque flax
SOC Simulator
Yes indeed. SOC simulator
hidden glade
yep "-" available for business accounts
tame bane
if we find the minimum amount of $ for a business account then pool the right amount of people to pitch in, could we make a not for profit then give timeshares to payers-in: THM wins & we win
hidden glade
company buy the business plan instead of premium
opaque flax
We could make a thm business account called thm discord
crystal mauve
business accounts are more expensivo?
tame bane
gotta assume but youre right, maybe theyre cheaper
opaque flax
I can request a free trial
hidden glade
business accounts are more expensivo?
like 500$ and more like I remember
opaque flax
I’m pretty sure anything business is more expensive anywhere
crystal mauve
like 500$ and more like I remember
multiple user access tho?
hidden glade
budget of company
hidden glade
multiple user access tho?
yeah
hidden glade
multiple user access tho?
the company training their employee there and made special plan for them ...etc
hidden glade
500$ a year for personal sounds like a good deal then
"-" I'm broken dude 🤣 it's not
opaque flax
Pretty sure the business account comes with a lot more customization
hidden glade
yeah 
opaque flax
Plus you can make custom rooms and they don’t get reviewed or anything. But they’re private obvi
crystal mauve
so if 5 us got together and created a biz account we'd get a discount on a yearly sub?
pallid lotus
Plus you can make custom rooms and they don’t get reviewed or anything. But they...
You can do that with a free account
sand trench
❯ ghostty +list-keybinds
ctrl + shift + comma reload_config
ctrl + shift + v paste_from_clipboard
ctrl + shift + c copy_to_clipboard
ctrl + shift + i inspector:toggle
shift + insert paste_from_selection
YAY filtered away all the conflicting keybinds
crude stump
why does chrome block some tast files
crude stump
task
sand trench
now the tui apps and tmux can handle all the keybinds
sand trench
so if 5 us got together and created a biz account we'd get a discount on a yearl...
technically yes
sand trench
¯_(ツ)_/¯
hidden glade
now the tui apps and tmux can handle all the keybinds
"-" tumx is good but need some practicing and more customizing the shortcut
sand trench
"-" tumx is good but need some practicing and more customizing the shortcut
you can customise the shortcuts/keybinds in tmux config file easily enough
but yeah practice makes perfect there
karmic hemlock
New goal yall, I wanna be in the top 100k by the end of the month
crystal mauve
In a TryHackMe business account, the number of accessible accounts corresponds to the number of licenses your organization purchases. Each license grants access to one user, and administrators can manage these licenses through the management dashboard. This setup allows for flexible seating, enabling you to reassign licenses to different users as needed without limitations on how often you can make these changes.
karmic hemlock
Rn I'm chilling around 138k
errant fossil
New goal yall, I wanna be in the top 100k by the end of the month
Great goal, Best of luck to it.
hidden glade
In a TryHackMe business account, the number of accessible accounts corresponds t...
"-" so the licenses from where
mellow gull
Shadow is the ultimate business person
karmic hemlock
Great goal, Best of luck to it.<a:happyCat:823720535221075979>
Thanks dude! Wishing you success as well
twin ridgeBOT
Gave +1 Rep to @errant fossil (current: #229 - 30)
hidden glade
where is shadow "0"
crystal mauve
Great goal, Best of luck to it.<a:happyCat:823720535221075979>
i dunno if it's worth it tbh, theres peepl who work the system to get high rank
mellow gull
Top 100k isn't that difficult.
crystal mauve
prob like 50% of the people who completed aoc
sand trench
mellow gull
It's certainly not something that's, like...
sand trench
music makes shadow wanna rewatch even more
karmic hemlock
Is working the leader board a common issue?
hidden glade
Great goal, Best of luck to it.<a:happyCat:823720535221075979>
"-" so yeah can I know who is Fluff I didn't understand what is it
mellow gull
Top 100k overall isn't too big of an ask either.
errant fossil
i dunno if it's worth it tbh, theres peepl who work the system to get high rank
It is a great checkpoint towards a bigger goal, and also will be a big motivation for higher goals
crystal mauve
you're right top 100k is in sights bebe
mellow gull
I'm only barely at 0x9 and I'm at 78,000
karmic hemlock
I'm only barely at 0x9 and I'm at 78,000
I'll be there soon 😁
hidden glade
oh monthly u are correct
.-. how you are in lvl 8
sand trench
shadow is in the top 3k users on tryhackme
karmic hemlock
I think the path I'm on right now should be enough to push me up there, I'm only 38% done with it
crystal mauve
maybe cause i dont do rooms? just the pathing
hidden glade
shadow is in the top 3k users on tryhackme
"0" 0xD is very far
karmic hemlock
I'm gonna be sitting in 0xD eventually if I keep up at the rate I'm going
cerulean nest
when will winners be announced?
mellow gull
If you pursue the path consistently you'll get there. :)
errant fossil
"-" so yeah can I know who is Fluff I didn't understand what is it
FluffMe was a mod in the server, this message summarizes it better- #general message
mellow gull
when will winners be announced?
Already announced, check emails.
karmic hemlock
when will winners be announced?
They've already been announced, emails were sent out privately
cerulean nest
ohhh k thanks
sand trench
where is shadow clan???
mellow gull
Is there a shadow clan?
sand trench
¯_(ツ)_/¯
hidden glade
I think the path I'm on right now should be enough to push me up there, I'm only...
"-" like one month and half to get this rank it's easy if u have already strong background in the programming and network
errant fossil
INITIATE SHADOW CLAN
mellow gull
Found the Shadow Clan
dapper token
Hello, dont know if this question belongs here. I just started tryhackme a week ago, did some beginner learning rooms and now started the AOC. I'm currently doing Day 4 but man I feel a bit lost. I'm doing this day with the video on my second monitor but without it I would feel a bit lost.
So my question is, am I jumping in this too soon ? Should I have done a lot more other rooms before doing the AOC ?
karmic hemlock
"-" like one month and half to get this rank it's easy if u have already strong ...
I would say i have a fairly strong background in it. I've competed before and I'm in a club at my school so I've just been blowing through the introductory stuff making notes on it
I would like to get more technically knowledgeable though at some point
errant fossil
Hello, dont know if this question belongs here. I just started tryhackme a week ...
Most people feel like it at the start, For me i looked up other videos on youtube about the topic and got a better understanding. Taking a Break also helps a ton, Its a marathon not a sprint.
dapper token
Most people feel like it at the start, For me i looked up other videos on youtub...
Yep Im not rushing at all. I'm trying to do one room per day
crystal mauve
Hello, dont know if this question belongs here. I just started tryhackme a week ...
u can follow along through walkthroughs on youtube on anything u get stuck on
im watching owasp unrelated tryhackme stuff before i do the modules rn
hidden glade
FluffMe was a mod in the server, this message summarizes it better- https://disc...
"-" oh this look good
sand trench
Hello, dont know if this question belongs here. I just started tryhackme a week ...
nah the videos and task text is there for you to learn in aoc.... it is the most beginner friendly content on tryhackme by far
take a look at the last few years of advent of cyber
errant fossil
Yep Im not rushing at all. I'm trying to do one room per day
Thats a great way to go about it at the start, it will get hard later and having a clear understanding of the basics will help a ton.
dapper token
nah the videos and task text is there for you to learn in aoc.... it is the most...
So following along the video while doing the room IS a good way to learn ?
crystal mauve
heck yea
sand trench
So following along the video while doing the room IS a good way to learn ?
yeah no shame in it as long as you learn from it
every way that makes your knowledge grow that is not illegal or unethical is good
rapid merlin
So following along the video while doing the room IS a good way to learn ?
if you are new, following along is an awesome way to learn
crystal mauve
wen your new just building the habit of studying the material is a huge step
anybody listen at stupid speeds lol
dapper token
Thanks a lot guys for your feedback
opaque flax
anybody listen at stupid speeds lol
Depends on the content
tame bane
yeah I could not solve any CTFs and didnt want to do they since I couldnt solve then I followed now I can solve without following if I am lucky
hidden glade
I would say i have a fairly strong background in it. I've competed before and I'...
"-" yeah good I'm web dev and computer science graduated I'm already start learning cyber like 3 months :"))) I feel like I'm in very late point
crystal mauve
Thanks a lot guys for your feedback
the aoc vids are cool to watch too since ull get your favorite content creators and then branch more into their stuff
its nice wen u see a module, look it up on youtube n yer like oh wow tiberius has a youtube on this
u know exactly what kinda style ull get
karmic hemlock
"-" yeah good I'm web dev and computer science graduated I'm already start learn...
Never too late to learn something new! I'm in Computer Science as well and looking for my first internship
hidden glade
Never too late to learn something new! I'm in Computer Science as well and looki...
tryhackme is good for the company want entry lvl ppl
I tried it
sinful moon
Ugh Covid succckkkksssss. Thankfully this is much more mild than the early days, plus we had shots and boosters in previous years. I'm on about day 5 of this
And yeah TryHackMe is fantastic and was exactly what I needed to refresh my infosec knowledge when landing a role professionally
hidden glade
useful but I think this need reading books "-" the books always move deeper in the concepts
sinful moon
Sure, but also sometimes harder to keep up with the very rapid pace of infosec developments
hidden glade
Ugh Covid succckkkksssss. Thankfully this is much more mild than the early days,...
bless you
sinful moon
heck even one of my fave infosec books, Black Hat Python, or whatever it's called, needs quite a few revisions made by yourself to keep the syntax relevant to modern Python 3
although I won't lie, that was part of the fun for me, updating the code for any issues
crude stump
heck even one of my fave infosec books, Black Hat Python, or whatever it's calle...
ah i just got that book
sinful moon
Fantastic book, but yeah expect some issues if you do it 1:1
but it'll make you better at Python either way
crude stump
thats the main reason why i wanted to get it. to learn how to make my own tools
sinful moon
mhmm great reason and great book to do so with. There's a reason most infosec POCs are Python
chilly veldt
Bunny
hidden glade
Sure, but also sometimes harder to keep up with the very rapid pace of infosec d...
yeah this is the point by when I said late "-" the cyber security in the time need more learning it's not that easy as 90's or before 2014
sinful moon
Nah I'd actually argue the opposite, this is by far the easiest time to get into infosec
opaque flax
yeah I could not solve any CTFs and didnt want to do they since I couldnt solve ...
When I solve one I ways like to look up a walkthrough see if people took any different routes
sinful moon
I got into infosec as a teen in the 2000s and while there were some resources, it's nothing like the abundance of resources and sites like THM we have today
Also as a teen in the 2000s there was no clear carreer path into infosec unlike today which was a major contributing factor in why I didn't persue it much further, just kept my eye on developments until I had to do it professionally
back in the 00s I resigned myself to graphic design (didn't pan out even though I'm good at it) and IT (did pan out but took me another decade lol)
Vast majority of infosec resources we have these days are significantly newer than the 00s or 90s
crude stump
very well said
sinful moon
thanks, lol c:
hidden glade
hmmmm idk I have like a lot of dark things in my mind ,but this is so interesting "-" a lot of work
sinful moon
what even is the "-" that you keep using lol
crude stump
think its a face
crystal mauve
-.-
crude stump
hmmmm idk I have like a lot of dark things in my mind ,but this is so interestin...
dark things?
sinful moon
Also while infosec and similar can be used for darker purposes, I will remind you that's not why we're here. We do use this knowledge for good and the betterment of IT and our infastructure and not causing havok
hidden glade
what even is the "-" that you keep using lol
🤣 just reaction I used to use it
sinful moon
lol is it supposed to be a smiley/text emoji? I'd probably do an underscore instead if that was the case
crude stump
i just dont get what you mean by dark things
sinful moon
It's obvious and why i said the above
cinder sparrow
Has anyone in here participated in CCDC before? I have a couple questions if so
hidden glade
dark things?
"-" I mean like a young man you have scary about the future and something like that sorry my English is bad I'm just talking with words that I have :"))
crude stump
ah gotchu
sinful moon
Fair enough, you're doing fine
chilly veldt
We like?
blazing granite
@sinful moon 👋 how are you? feeling better?
hidden glade
lol is it supposed to be a smiley/text emoji? I'd probably do an underscore inst...
I think he expresses surprise but silently maybe
blazing granite
We like?
too pink for my taste, but I bet you love it, so that's the important thing 🙂
sinful moon
shh same difference
chilly veldt
the bike is called "Pink Bunny"
opaque flax
It looks great
sinful moon
Is it yours?
chilly veldt
it's going to be, I am currently designing the look for it, so I can wrap my bike
sinful moon
Totally fair, very nice
I love Japanese motorcycles in games very much but I don't think I could ever bring myself to ride one irl
JDM cars and domestic imports however I am very much all about however
boreal scarab
@sinful moon @blazing granite @rapid merlin Music sesh again tonight?
sinful moon
I have on-call server reboot at 8 PM EST and then potentially Halo MCC coop with a friend at 9 PM EST, so probably not unless it's later than that
but I do have to drag myself into work tomorrow for time entry despite still being quite sick or elsse I'm not getting paid so can't stay up too late
opaque flax
I have on-call server reboot at 8 PM EST and then potentially Halo MCC coop with...
What’re you rebooting
sinful moon
Three virtual servers for an estate planning org
sinful moon
yeah it's no big deal and I automated the updates, I just need to manually supervise the reboots and ensure everything comes back up as expected
ah nice
for Linux that's freaking easy af
opaque flax
Yeah the only hiccup is the update will reset the certs on the web server
sinful moon
ouch
opaque flax
They’ll point to the self signed certs instead of the let’s encrypt certs
sinful moon
why though
opaque flax
The vendor
sinful moon
oh self signed certs and lets encrypt nevermind
idk why I misread that the first time
opaque flax
I mentioned it to them and they said they’ll fix the config soon or note it down
So it doesn’t reset the certs it looks for
sinful moon
Yeah normally Let's Encrypt bot or whatever just does the thing
opaque flax
Yeah this web server config gets reset whenever you update the vendors software
Cause reasons
sinful moon
thankfully for my web hosting server, I use Nginix Proxy Manager handle the Let's Encrypt certs for all three I'm hosting at work
chilly veldt
Totally fair, very nice
Yeah, not a picture of my bike I am using as reference, forgot to take pictures of my own before it looked like... This
sinful moon
again I'd recommend Traffik instead of Nginx Proxy Manager but that's still decent
blazing granite
Yeah this web server config gets reset whenever you update the vendors software
that's a pain in the a 😂
sinful moon
I just didn't know as much at the time when setting this up
opaque flax
that's a pain in the a 😂
Yeah it was a pain when I did it for the first time with no documentation and had to go searching for the certs and didn’t know where they were
So now I’m teaching someone to do it “in case I move to a different team” as my boss said in the meeting
sinful moon
why didn't you make it Docker/containerized as I did? Then again who knows how vendor specific this actually is
opaque flax
why didn't you make it Docker/containerized as I did? Then again who knows how v...
I didn’t configure the system
I just maintain it
The engineer who made it got fired 🙂
sinful moon
I just kinda rolled my own solution but the ask given to me was "host three web servers on a single host" so many ways to attack that issue
lolol fair enough
opaque flax
The weekend after the engineer got fired some networks went down
Suspiciously enough
sinful moon
I mean I should hope that all access was revoked when he was fired
blazing granite
The engineer who made it got fired 🙂
ouch, I bet that the system wasn't well documented 😂 so in the dark with somebody else system that's fun 😉 😛
opaque flax
But I won’t get into it
sinful moon
I've even helped the boss with "did you remember x, y and z" when he offborded a former employee
opaque flax
ouch, I bet that the system wasn't well documented 😂 so in the dark with someb...
I had an SA write over the private key passwords in our documentation
sinful moon
so it's conceviable that smething was missed
opaque flax
So I have to roll the documentation back
And I have to go write a bunch of docs on how to maintain this server
sinful moon
but also that's what password managers are for
petitioned for years for us to adopt one and I'm so glad we did
opaque flax
but also that's what password managers are for
So we use ITglue which has a password management section
sinful moon
Yep that's solid, and solid documentation management
opaque flax
But an SA updated the pw in itglue
sinful moon
mhmm good revision management helps as you mentioned
opaque flax
So when I had to login to the server last week to fix and issue it took me minute to figure out why I couldn’t ssh in
sinful moon
I tried to get mangement into IT Glue but he wasn't having it for some reason
opaque flax
Then I realized he overwrote the password
It’s prettt great tbh
It consolidates everything helps organize it
sinful moon
Oh right, because Kaseya bought them up
that is actually a decision I agree with lol
opaque flax
Only if you keep up of course. My team and I have spent so much time fixing shit documents
I think we moved away from anything Kaseya except for itglue
sinful moon
They also bought up Datto who handles our ticketing system, Autotask and my boss was furious lol
opaque flax
Idk if I prefer ancient or day to
Datto
Axcient
God autocorrect
We use the connect wise suite for RMM
sinful moon
lol Axcient the backup system? We may or may not use that
opaque flax
yeah
We use both
I love recovering files when people are careless with them
And delete them off the shared drive
sinful moon
Axcient is signficantly better than Arcserve/StorageCraft that we used to use
restoring files with Axcient is just trivial in comparison to StorageCraft where you'd have to mount a backup drive on a server and jump through a bunch of hoops
opaque flax
restoring files with Axcient is just trivial in comparison to StorageCraft where...
Yeah I do like just being able to sftp
sinful moon
with Axcient you just mount the backed up volume in the cloud and... download the file you need
so much easier
that too
sinful moon
Yeah I like Axcient a good bit, I'm kind of the secondary backup manager in our org
solid pollen
When to be announced winners?
opaque flax
We don’t have a backup manager
opaque flax
When to be announced winners?
Already announced
You would have gotten an email if you won
mossy river
When to be announced winners?
sinful moon
Arcserve/StorageCraft was a mess in comparison, and only getting worse. Good reason we moved away from them
opaque flax
We use 3 different EDRs which is a pain in the ass
sinful moon
They used to be one of the name brand backup solutions in the MSP space before Arcserve bought them up and started discontinuing their products and firing people
sinful moon
We use 3 different EDRs which is a pain in the ass
whattttttt
opaque flax
Actually 4 if you count ms defender
opaque flax
They used to be one of the name brand backup solutions in the MSP space before A...
Oh Broadcom!
sinful moon
We moved from a more traditional Entepirse AV to our current EDR which is one I was championing
don't get me started with Broadcom lol
I was a champion of VMware even in my personal life until Broadcom ran them into the ground
opaque flax
We use huntress, sentinel one, crowdstrike, and or Ms defender
And have threat locker in our stack too
opaque flax
They are not at the same time
sinful moon
We're a S1 org I will say though
sinful moon
lol Threat Locker keeps trying to cold call us
opaque flax
It’s a pain in the ass dude. I think we don’t configure it right
sinful moon
always gets past Dispatch who asks me "uh Threat Locker wants to talk to our cyber security person, do you wanna take it"
No
opaque flax
It constantly locks shit up that we’ve previously let through
sinful moon
lolol
opaque flax
And I don’t have access to it so I have to ask an SA to unlock it so I can install the software
sinful moon
but those threats have indeed been locked
opaque flax
And sit awkwardly on the phone with the client while waiting for a response
sinful moon
Thanks for confirming my suspicions though, yeah Threat Locker is not a solution I want
sand trench
well the trailer is out but the movie is not
opaque flax
It could be like I said, my company doesn’t configure it
sinful moon
Very very happy with S1 though, we used an outsourced SOC that I manage and it works out well
opaque flax
They only use like 1 of the features according to my SAs who gossip
sinful moon
I just check behind the SOC's decisions and reverse them when needed
mellow gull
well the trailer is out but the movie is not
Ufotable going unnecessarily hard as always
sinful moon
lol again, I probably sound awesome but I work in a pool of like 6 techs total
sand trench
Ufotable going unnecessarily hard as always
yuups
sinful moon
so people just kinda gravitate to the roles they are apt at
opaque flax
My company is like 150
sand trench
same team that made the kara no kyoukai movies and probably why shadow got recommended that trailer
opaque flax
Somehow I feel like I also wear many hats
sinful moon
So it can get to be a bit much at times
opaque flax
Probably cause I forced myself into those hats tho
sinful moon
Yeah just don’t take on more than you can handle as tempting as it is sounds
mellow gull
same team that made the kara no kyoukai movies and probably why shadow got recom...
They also did Kimetsu no Yaiba, Toriko, all the good Fate stuff, oh and Katsugeki! Didn't expect Shadow to be a Nasuverse enjoyer
opaque flax
I’m just trying to show them why they should promote me or move me to infosec
sinful moon
None are anime I know of or were excited for
sand trench
They also did Kimetsu no Yaiba, Toriko, all the good Fate stuff, oh and Katsugek...
to be honest only one shadow recognise from that list is the fate stuff
sinful moon
But I'm not a typical shonen anime enjoyer lol
mellow gull
to be honest only one shadow recognise from that list is the fate stuff
Probably what they're most well known for so not too much of a surprise :)
sinful moon
I prefer my anime to be a bit more thought provking and stylish
sand trench
shadow mostly know them from kara no kyoukai
which deals with life and death and morality
sand trench
kara no kyoukai released in 2007 :D
sand trench
fair
sand trench
it has been shadows favourite anime for ages
mellow gull
Souren my beloved
sand trench
even though shadow has not watched it since 2016
sinful moon
Not sure it sounds like my jam after reading Wikipedia but I'll keep it in mind
sand trench
kara no kyoukai is plenty thought provoking
while looking extremely polished for its release year
mellow gull
If you like series that deal with morality, a lesser known one that I recommend to everyone is Nurarihyon No Mago
Oh, and a good slowburn one is Kekkaishi
sand trench
sad it is not in 4k but that was not a thingy back then
sinful moon
NGE, Ghost in the Shell, Cowboy Bebop, Madoka Magika, Lupin III, Serial Experiments Lain, are a bit more my speed
sinful moon
and classics like Space Battleship Yamato
sand trench
NGE, Ghost in the Shell, Cowboy Bebop, Madoka Magika, Lupin III, Serial Experime...
the anime series or the movie series of ghost in the shell???
and if the movie series the cgi or the hand animated ones???
sinful moon
both, and no CGI lol
Ghost in the Shell 2.0 is a travesty and will not be discussed lol
sand trench
:P
mellow gull
The sequels are never as good... v-v
sand trench
that is not a sequel
sinful moon
2007 Japan be like, "let's replace amazing hand drawn animation with awful CG"
sand trench
that is a remake of the first ghost in the shell movie using a lot of cgi
and it did not hold up ot the test of time
sinful moon
yeah the OG stands up so much better
I think I have the original on UHD physicially, or if not that then I at least have the blu-ray
we just rip the discs and they go into our media server
glass nest
I think I have the original on UHD physicially, or if not that then I at least h...
*VHS
sand trench
shadow has all the ghost in the shell movies on steam.....
sand trench
yeah steam does videos
mellow gull
If steam started a streaming service that would be
interesting
sinful moon
odd choice but okay
sand trench
and no they no longer sell ghost in the shell movies on steam
sinful moon
I have a couple movies on Steam but they're mostly gaming documentaries
sand trench
shadow bought them when they were buyable
sinful moon
but yeah much rather own the discs
sand trench
they stream in 1080p so just fine
sinful moon
But yeah we're up to over 1,600 movies on UHD, Blu-ray or DVD
sand trench
kinda weird shadow did not buy ghost in the shell on blu rays but oh well
sinful moon
starting in mid 2023
we're so done with streaming, and rather own our movies in signifcinatly higher quality than streaming services put out
glass nest
The only DVD i own is of my graduation
sinful moon
and instead we are are own streaming service instead lol
we only go DVD when we have to lol
sand trench
we recently got rid of most of our vhs and dvd collection
sinful moon
you'll be kicking yourself when you see which of those DVD releases have never gotten blu-ray releases
glass nest
Discs.. Only a handful of games. most of which are old Final Fantasy games
sand trench
not really much worth keeping in there actually
sinful moon
should have ripped them at least
sand trench
eh there was nothing in there shadow had watched in the last 10+ years
sinful moon
fair enough
I've been told I can't get too much into this in this chat, but one word, MakeMKV
sand trench
well guess the bamse vhs and dvd could have been worth something :P
sinful moon
we literally have two blu-ray drives in our server to handle the ripping and etc lol
sand trench
so eli.... how do you handle region locked blu rays???
if that is even a thingy anymore
sinful moon
NAS handles the storage and server does the hosting and encoding work
For UHD Blu-ray region encoding is a thing of the past
for older, I can't get into that information in this channel
sand trench
fair
shadow is just hoping they did not shoot themselves in the foot by getting the kara no kyoukai blu ray box set
sinful moon
Needless to say though, we always try to get the actual region we live in so we can play them in consumer blu-ray players though
But also Blu-ray region wise, US and Japan are both Region A
sand trench
where does EU land???
sinful moon
the tricky bit is if they come with english subs for a Japanese release
UK is region B, I imagine EU is as well
glass nest
Can you not export the subs as an srt?
sinful moon
yes you can
sand trench
^ according to reviews and info on the listing they come with english subtitles..
sinful moon
just requires more work with MkvToolsNix-GUI
glass nest
I was gonna say, surely it's just a timestamped text file. no need to get more complicated than that
sinful moon
Depends on the release
some Japanese Region A Blu-rays do have English subtitles, some don't
crude stump
i hate when websites make it super difficult to find the settings because they want to be different.
sinful moon
I'd recommend checking blu-ray.com for info