#general

and maybe after that I could be a Cybersecurity Engineer

Can you DM me a screenshot, please?

yessir

Maybe by the interview you’ll be in a state of lucid dream and just nail that phone call

Hey guys

heyo, what's crackin

haha yeah I need to learn Splunk and Sentinel for the next 9 days

I am thinking of making an anonymous chat forem on dark web
As a project
What do you guys think

So are they gonna ask me basic questions or like crazy questions

like whats an Indexer in Splunk?

Basic

whats a forwarder

It's an internship

sounds interesting honestly. i wouldn't touch it with a ten-foot pole, but you do you

do you think they'll ask me what I should do if I see that theres data exfiltration happening in front of me

I don't think they would do that on a normal interview

okay

You sound like you need to blow off some steam and relax 😆

Take a breather for a minute, go drink some water and collect your thoughts.

yeah probably, I am cooked rn, I am just nervous and its not even a week away

That's alright

Let’s take this to the next level, do you have a coffee machine nearby?

That's actually an amazing point R0n1n

how would you keep it anonymous?

Avoid caffeine before the interview

Whatever for?

Start today, maybe

Nope no coffee machines in the vicinity

For anonymous chatting anonymously and dark

Idkk 😭😭
I will have to learn first how it works

.onion

they also said that I need to know French for one of the locations

my advice is to not change your routine at all for the interview

I dont know a lot of French, I am like A1 in it

What about a parfait? Parfaits have layers

Like peanut butter?

what about my mind. it also has layers

what do you mean?

CAKE! Everybody loves cake

I.. uh- don't

like, before the interview, don't do anything differently. if you normally eat breakfast, then eat breakfast. if you don't then don't. don't drink coffee if you're not a coffee drinker, etc. don't stop drinking coffee if you are...

https://tenor.com/view/shrek-of-course-gif-13889369771881069224

okay yeah that makes sense

keep everything the same to maximize your comfort

I think there can be value in reduction of certain beverages. Of course a full withdrawal is not ideal…

yeah but not right before an interview

imo

Unless someone is prone to anxiety…

I should learn to use the STAR Methodology

yeah, i mean, you do you...

ello 🙂

mother f

lol

Yes you have 9 days. If you aren’t a SOC analyst with 3 years experience by then. Everyone will likely die, including myself

Relax @jolly aspen @winged summit

I have 0 experience

fully relaxed lol

Not looking good for me I’m afraid

or eclairs and macarons 😂

culture 1000

+1

-1

I am currently a Masters student, Masters in Information Systems Security

lol

+5

i'm a bad boi lol

Man I want some dessert now @jolly aspen

@heavy gorge You will be muted if you continue. Please keep the environment respectful

Gottem!

sorry?

Time to go stuff my face with like 3 cupcakes

Best I can do is an onion

he's just spazzing out. don't trip ha

I don’t think he was talking to you?

nah, i was

ha

playfully lol

Man people gotta get some dessert and just chiiiiiilllll

hahaha

roger

Oh I see, he said “I said fkin hi” missed that bit. Wow

:mute: couragebforedth#0 has been muted.

:mute: 0x0mojia#0 has been muted.

🥷

I really dislike having to mute/ warn/ ban people, can we all just have a nice respectful time please 😄

Got extras?

Come on over

I don’t envy your job lol

cupcakes are a bit of a let down after talking about parfaits, eclairs and macarons 😂

Hahaha

There’s great dessert place by me. We can all go and get what we want

Yea, parfaits. Aptly named

I just picked the first thing that came to mind

Alright, cupcake

😐

don't get me wrong I like cupcakes, but they pale in comparison with the others

It sounds like you’ve probably got a much better base than a lot of folks applying for internships. You got this 💪

To be fair, it really depends on the cupcake

There are some absolute bangers out there

I’m just tryna share the dessert with you guys and this is the thanks I get

Thank you cupcakes

cupcakes are nice, but are more pedestrian, nothing beat the elegance of eclairs and macarons

cannoli are also great if you want to put it on the list

@opaque flax how is the ath7pineapple going?

Need to mess with it more

Turned my attention to this box after doing that

Box done

Need to hack my own WiFi

I got a couple AP’s from goodwill and went to town on em

I need to go back to the e-waste store

And see what I can find

It’s nice to use a network you aren’t actively using haha

I found a cheap sonicwall tz600 thereand now I’m mad I didn’t grab it

Oh nice, I think I just saw a new rce published in sonic wall

I keep finding sonic walls at work that need patches

that's why you should always regret the thing you did, and not the one you didn't do 😉 😂

We don’t seem to have patch management for it

Spend money always

Can always just make more

https://tenor.com/view/money-printer-gif-6699448061706491662

Okay Brb buying a car that costs more than my yearly income

That’s the spirit

not always about money. I have a few regrets in my life, but I bet it would have been bigger regrets if I haven't done some of the stuff 🙂

yeah this is my field, this is my domain, I am the guy for the job

Fair enough

I just need to make em see that

what really kills me it's the what's if

Yeah so far I have no regrets (not buying a sonicwall is not a real regret I can get one anywhere)

Luckily I haven't any what if 🙂

so far

I’ve had to make a major choice.

Good night, all and 🧁 🍨🎂🍮🥠

I have what if scenarios

But no regrets

Morning

Morning Bella

Morning. How was the proposal? any news?

It's in 8 hours

I hope everything goes great 🙂

Thankz

is there any tool or site where if isk him for something like a sheat sheet or wordlist n he ll give it to me

Like you are searching for a cheat sheet or wordlist?

What sort of tool are we talking here? What context? There's so many things, you need to specify a little.

I have some word lists I can give you later

both

for webapp pentest

yes please share if it is large will work

Are you using seclists?

You get downloadable lists when you do the coursera courses

Will have to be later though.

lol I literally make a symbolic link inside of ~ on my pentesting server to make my seclists install easier to access

I bought a couple new books

Nice nice, like what?

Deep dive and red team + osint+ blueteam

It’s two books on osint

you mean Red Team and Blue Team Field Manuals?

Ah okay

Nice but I’m not immediately familiar with them just from that naming

One is an operator handbook for blue and red team osint

Ooh sounds exciting

Physical books or e-books?

I tried to download kali on my Chromebook but even with a clean Chromebook there was no space

I like physical books

same too much eye strain with e-books

Gotta love that eMMC storage lol

I have a couple books that I really need to read

Not with a dedicated eink reader, but fair enough

Like put the damn phone down and read

I haven’t tried one of those tbh

They’re stunning irl

I have two I’m already reading 😂

I have where wizards stay up late and hackers

Plus powershell for sysadmins

Not as great for quick reference, but if you want long reading sessions, especially in the dark, eink is so easy on the eyes and crisp

I have Pegasus and ghost in the wires

Yeah the only thing that sucks about physical books is I can’t ctrl + f

Looooong battery life too <3

Ghost in the wires is on my list!

Where wizards stay up late I need to get to first

Nice

I want to do more physical cyber work

If you have any interest in retro computing, “The Cukoo’s Egg” is fantastic for infosec circa 1988 and “Hackers: Heroes of the Computer Revolution” is amazing for general retro computing history (not infosec related)

Morning all

I am an eBook victim, hands have nerve problems with holding objects (like a book) for too long

Also on my list as well!

Physical pen testing sounds like fun tbh

awesome, both books I rate quite highly, although The Cukoo’s Egg while amazing is somewhat drawn out by the guy describing his life which is fair

but still, he’s chasing an early nation state hacker in the late 80s

Hackers:heroes of the computer revolution is on my list I started reading it. Was wild to see names that I’ve heard about while being a defcon and hearing the stories

Just finished up writing what expectations and responsibilities i got vs what a typical apprentice in my education has

Sorry to hear that, my hands can cramp up from holding items but at the same time I can type at super speed for hours. I dunno what that’s about

I’m just obsessed with the history and lineage of computing and retro computing in general. Been watching the PBS show, The Computer Chronicles which dates from 1983-2003 heh

Fair enough

btw that show is all public domain and uploaded to the Internet Archive by the host of the show

I like learning about the giants whose shoulders we all stand on today

Typing isn't an issue for me either, it's just - items, or holding, I guess. Fingers and hand start cramping up and I get the dropsies sometimes. I sympathize with you

Oh damn, I do love the weird computers that did one thing really well but are just weird relics now

if you like that, there’s tons in these episodes

Elizabeth 😭😭

and Gary Killdal, the creator of CP/M is most often the co-host

This is a bulletpoint list for your self for job seeking?

Yep sounds about right lol

It’s a bulletpoint list for why i need a pay raise

sometimes you do have to get your foot in the door with those typical roles and then you can expand to do what you want

ah okay

obvs can’t present that as is to management but makes sense.

It's a "what I do, vs what a person in my apprenticeship does"

mhmm

Good luck

Agreed!

Thankfully at such a small company as mine, I was recognized quick, but yeah I’m adverse to bringing up pay raises unless it’s really nessssary

Yeah that’s the one. I also get nerve issues. I just ordered a back support. Every now and then I’ll give a zap up my foot, from my heel to my toes.

but I highy recommend for you to be your own advocate if the time is right

no one else will

You'd think in such an IT and network connected world, there wouldn't be much competition for jobs lol

Yeah I wouldn’t be able to ask either

Well, when they don't pay me enough to live for and expect me to do all that, then I had to pull into a salary meeting and say "hey, I know I'm on salary steps, but this shit isn't enough"

I’ll be screwed if I started working in the UK

My first pay raise was when I told the office manager that “OMG it’s my first anniversary” and she was like “alright let’s negotiate your raise”… um what

Couldn’t complain but took me aback lol

If I stay at my job for a year apparently we can negotiate pay raises

Damn, I didn't realise you have to present so many points for a salary raise 😭

ah maybe that’s more common than I thought

I think usually it's the 12 month stage that they bring up pay rises

Depends on location tho

In the UK if you work past 16 hours you no longer get the help you need as a parent. You would then have to pay full rent and bills eg

I was just legit excited about my first year there at the time with no ulterior motives lol

When you compare pay to living here it’s impossible. Even if I worked 30k I wouldn’t live with a child. We would be screwed

thankfully just when I was feeling like I had to say something, management did give us a raise to keep up with inflation which helped tons

yeah, retention bonuses I think, increases with the number of years you stay

Zagreus is now potato colored

Well I do, so I can pull in a 40% pay increase

Depends on the place of course. That’s another nice thing about government. I used to be on pay steps and get guaranteed raises and knew exactly when I was getting my raise and how much

I was also union so that helped too

Lol, yeah 🤣

Unions are a pretty big help with that sorta thing

Govermenet jobs tend to be cozy job security wise but have a poor technical reputation depending on the field

My situation is a lot different, cause I am trying to pull in a lot higher salary than a normal 8% salary increase

I was not in technical field when I worked for the gov

totally fair

But yeah job security and benefits are good in gov

Plus usually pay is lower

But you usually have a better set of steps

mhmm

Nice government lol. I think our govt jobs are either unpaid/low pay

I am extremely fortunate to be employed by the state and have more than suitable time to do my study
education sector too so I get discounts on a whole bunch of stuff

All are

There’s a trade off with gov and it’s usually lower pay than the private industry

Reminds me of when I worked in special education and home health care. Very critical government funded jobs but the pay was crap

when I started in IT I was salty that I was paid so much more to keep servers alive than I was to keep a human being alive, but that’s captilism for you

I actually took a pay cut to come to IT

But I know that in the long run I’ll make more than what I was

ah it was like a 3x increase for me

I halved my pay just about

but yeah gotta consider the work I was doing unfortunately, undervalued despite how critical it was

For sure

It'll be a 3x increase for me when I go full-time

And have finished my education

Either way, I’m putting feelers out job wise while my company goes through a transitionary period. I’d rather hedge my bets just in case and get myself out there

Always good to have a backup plan

unfortunately all those previous networking connections I had are now not hiring, so we’ll see

was offered a job twice by my friend, Incident Response Manager for a major org. But didn’t feel it was time yet. Lol now it’s time but rip, but there’s more out there

Right now I earn 2500-2600 USD a month before tax
Next month I no matter what increase to 3002 USD before tax
And I am going to ask for 4211 USD before tax if everything goes well
And my minimum asking price is 3647 USD before tax

The right opportunity will arrive when it's time.

mhmm we shall see. But yeah I will stress that networking is critical, but heck even here is a great place to get started there

Feel like it requires parantheses when we're talking about jobs

Networking(IT) vs Networking(Job Connections)

lol indeed, I had hoped context would make it clear enough. But yeah silly we use the same terms, but understandably so

how to verify discord ?

Both are crucial! 1 just depends on what you wanna do

They don't look a day over 37

H a h

thanks

gah beat me to it

I failed 🙂

They don't look a day over 37

Forgot to add text with pic 😎

Victory is mine, the early bird watches the rabbit lose the worm

lolol

What’s a good amount of storage to have on a laptop and what’s the top two brands

😦

Binary joke BTW

Rabbit loses the worm

t

Samsung and idk like 2TB

That depends highly on your needs, Stealth. 512GB min, up to 2TB+ if you play a lot of games

What're we using the laptop for

Depends on what you’re using the laptop for ig

and yeah Samsung m.2 NVMe drives are great

I got my M4 Mac Mini with only 512GB storage, but it’s just a side machine for work. I got a 512GB OLED Steam Deck but that’s only for gaming and easily expanded via SD Cards (suprisingly fast with the right spec)

for laptops I try to go 2TB or higher

Based on the work you mentioned you do, it definitely needs to be a lot more lol

I'm a little ashamed to admit it (I'm just very poor) but I've been surviving with a 515gb (more like 450) SSD with a 1TB HDD for the last several years on my main machine

Funny to think my next device, probably a laptop, will eclipse it

Storage is pretty cheap nowadays isn't it?

Yes

Yeah and getting cheaper all the time

Hell yeah, always good

It is yes

it’s insane how cheap even m.2 NVMe drives are getting

I got my 256gb ssd for 26$ to my house's door

That's wild

Not for games, running VMS and doing tech stuff

For VMs and tech stuff I’d say 1TB minimum

i have four Google accounts and two Microsoft accounts, so that's 80 gb of cloud storage right there

you can make 512GB work but idk how many VMs and more

Yh every n

Very vm*

Needs like 50gb

My machine disk storage is 500 something gb I think

But I’m very media heavy myself besides my tech uses

Okay thank you

Gave +1 Rep to @sinful moon (current: #34 - 265)

I've got about~ 10 VMs running on about 250gb

But we also have like 48TB in the NAS and 64TB in the server so shhh

Ny setup is a bit different

Ive real machines connected to a real router

Elizabeth out here flexing any time she can

Wow, unc (this is humor)

😄

I mean 1,300 blu-ray backups is a non-trivial amount of space lol

I tried to run a VM thing on my mums computer

And my god does it lag

which I guess is a flex in and of itself, oh well

Yo im so confused on my first think

thing

Fr im using ubuntu on my main laptop, and cheap desktops running windows

Memes incoming lol no text wall don't worry

“If won the lottery I wouldn’t tell people but there would be signs”

-zettabyte server appears in my house

lol

VMs run mostly on virtual memory/RAM. If the tech is old/poorly configured/low amount, it isn't gonna run well.

It was pretty bad

It would crash

I had to close it

Resisting the urge to mention the 256GB of RAM in my server… I need to stop lol

How much RAM did it have?

but yeah RAM is most critical

Add ppa:respawn to sources.list

Oh my lord

My main desktop uses modern DDR4 and it works well enough with VMs, I imagine the new stuff is even better for it

Ironically a lot of my interest is in retro OSes which take up trivial amounts of RAM, but infosec labs can take up a good bit with all the modern VMs you need

I guess it's the same with storage right? Memory will just get better and better as time goes on

Bro has more ram than my ssd 💀

I will also mention my remote infosec server runs on 4GB of RAM (no gui) and is overkill

As opposed to legacy ddr4

I cant type well i just woke up

can easily get away with 2GB or less for a tty only pentesting server

Naturally

Ddr4 is legacy now right?

Right?

Okay so look for ram and memory

I mean that’s the same thing but sure

Yeah if you're using DDR4 you may as well just throw away the whole machine

what 😭

Many older laptops can actually be upgraded via SO-DIMM sized RAM

just check first

Me using a server that has ddr3 still

guys, lets say I wanna see a scanning attempt in Splunk, how do I go about doing that? what am i looking for exactly

It really depends tbh

On a lot

But ig user agent would be a good one. Nmap afaik has its own user agent

I can’t even say I’ve just woken up

😭

lol meanwhile it’s past bedtime for me but chatting with you all is too enticing

We are still in a startup company, and the fulltime devs we have get 4800 USD before tax
I am gone a couple of months a year, due to going back to school, therefore I have to 1.5x my salary to see from their shoes my "worth"

That’s cute ☺️

Okay so what’s the minimum ram I should get

16

Tomorrow is mainly server reboots for me for a single client and coordinating sofware update with my coworker so should be pretty laid back though

Good luck!

Depending on the architecture you want to run, 32gb at minimum is my bet

Thanks, I never look foward to patching servers the day after Patch Tuesday so we shall see

Vulnerability management is such a pain

I will for sure be reading /r/sysadmin Patch Tuesday thread and more as always

Lmao nice. I know Patchapalooza is okay for a high level for any management that want to know what's going on for whatever reason

It uesd to be we patched two client’s servers every Wednesday but thankfully that’s now once a month. Just meant I more than got in the habbit of reading everything about Patch Tuesday since Microsoft loves to break things

For consumers, who cares, but for business “whoops we broke RD Gateway this month” is a big deal lol

MSP life just means I need to hope and pray that the engineering teams do their job

haha yeah, MSP here as well

It can definitely be fun

But yeah patching is just a whole beast

Yeah I get to wear “all the hats” which is both a blessing and a curse lol

upon entering the query status = "404" I get the scanner, uh why?

can someone explain?

But will look amazing on a resmue

Getting my first SOC job at an MSP has definitely given me experience in every field before I decide what path I wanna go down

Helpdesk > SOC Hell yeah

Without more information not really

Meanwhile our org is small enough that we outsource the SOC so… I’m the SOC manager lol

hi, does anyonw know how can I link my existing tryhackme account to my new discord account?

If it’s already linked to a previous Discord account you’ll need to interact with the moderators or staff here

If it’s never been linked before, then yeah see the above

I had to transfer yeah, just as a mod. Ezpz

yea, I think the above doc worked, thanks.
I was stupid and in panic mode over my lost discord account with so many nice servers in there, and now I have to run my brains on what discord servers was I a part of. I had this documentation page opened but never bothered to read in between the details.

No worries, glad you got it going here at least

I’m up to like 75+ servers which should probably use some pruning, lol. It’s too much for anyone to keep up with, but at the same time, so many of my servers are info about a specific project or similar

I will say it’s somewhat unfortunate that what once was hosted on forums and similar are now exclusive to Discords you have to join, but thats just modern tech for you

yea, similar situation. I had collabs with 10ish groups on different topics, but all is lost and it will take a good amount of time to get up to speed.

If really needed, you may be able to work with Discord staff to recover your account if you weren’t able to do so by the normal means.

But lost MFA and recovery codes is the only way that makes any sense to me

discord staff says I need access to the email account (even though I do have the valid phone and the backup/recovery codes associated with that account).

If you lost access to that email as well, then I don’t blame them since that’s getting a bit more sus sounding from their perspective

but that's the whole point, I lost access to the email account long back since that was my university account(childish mindset back then, couldn't foresee this day coming my way). but what's troubling is, even though I do have phone, backup/recovery codes, 2FA settings, I can't really get back my account. 😦

I’ll just say, use a Password manager and a MFA solution which allows for easy phone transfers

that's what I started now. 1Password is what I'm using now.

Bitwarden as a password manager and Authy for MFA are two open source friendly and free solutions I can can recommend

and google authenticator.

Cool 1Password is also great. Google Auth is a bit encumbered but nbd

yea, using authy too. I'll explore bitwarden.

nah 1Password is solid. I love Bitwarden but no issues there

but yeah Google Auth while it does have phone transfer just has Google baggage, that’s my only complaint so you’re not far off from a great setup already

even having these two at all puts you ahead of like 90% of the population lol

yea, makes sense. learnt it the hard way xD

Thanks for this, and glad to be back to atleast the servers that I can remember. 🙂

Thankfully, this wasn't a hassle.

totally fair, it happens to us all eventually

mhmm no worries

Just remember with Google Auth, you must have the old phone to provide the QR code for your new phone. They don’t have a provision for lost phone or cloud sync ironically

I believe Authy is a bit more sane since I’ve transferred it from Android to iOS even

Almost all the laptops are HP

I’m so sorry

lol vast majority of my friends and family tech support is on HP laptops and they’re awful to work on and often have issues with thermal throttling or battery bulging

I’d recommend Asus, Dell, and Lenovo probably in that order laptop wise but it depends on what you’re looking for highly

this was helpful. didn't know. I'll migrate to authy too. don't want to see myself in a similar situation again.

Ah okay thanks

Gave +1 Rep to @sinful moon (current: #34 - 266)

Yeah totally fair, about my only complaint is they don’t have a dark mode on mobile but lol… you’re in your MFA app for like 30 seconds most anyways

No problem! Asus == Gaming++/Productivity, Dell == Work++/Productivty+, Lenovo == Gaming+/Work+

idk what kinda grades those are but lol shh it’s late

I guess I split work out from productivity in that which are better for the actual workplace

Your so sigma for sending this

Wild thing to say

lol I think that’s a compliment in modern parlance, so thank you?

All the dells I've seen the battery doesn't work, nevermind bulging.

We are a Dell Partner but fair, we’ve seen some duds, just not often

Woth most things, it's really dependent on the exact model you have, if you experience the common issues

That kinda goes for all OEMS but sure

I usually just keep a laptop plugged in at all times. I know the batteries are all fried on my laptops

I realized something, even when I push myself outside the home to socialize - I'm becoming better at socializing, though really at this point I think for me social media for me is pointless as I don't really get following or views overall, it doesn't benefit me at all.

Dell Precision 7770 iirc is the hellish ones we sold

do not recommend

https://youtu.be/68rCeK3l0Os

They can’t all be winners but holy crap Dell

these Precision laptops are supposed to be workstation replacement grade

but they fricked up the power delivery and they always be thermal throttling

Lmao, everyone makes mistakes ig

mhmm, typically though we can’t complain much with Dell for business

and I still have 1999 and 2002 Dell desktops running for myself personally

and yes lol that 2016 Dell PowerEdge T430 server I love as well

Elite people, doing elite things.

I think we partner with HP, though I don't do any sort of procurement or delivery

Leave that to the higher ups, let me look at logs!

Mind you HP != HP Enterprise

HP Enterprise is freaking rad

Managed to reclaim #1 in my country for this month, only 16 days to go

HP consumer grade I just think is garbo tho

I always remember their hinges being weird

Hey, what's everyone up to?

Maybe that was in 2016, but anyone I know who had HP laptops would always complain they snapped too easy

Yeah never had anything but bad luck from HP consumer grade stuff

Lmao, I'll steer clear

can’t tell you how many I’ve needed to fix just in my personal life alone, very little professionally since we don’t recommend them either

I have never seen HP used in enterprise environments

I may have not seen em all though

Actually, now that I think about it about half of our fleet is HP. The hinges seem to be okay so far

HP Enterprise is used a good bit in servers, thin clients, and their business grade computers

I'm stuck in the past, but good to know HP being doodoo isn't just a bias I had

Yeah first hand experience for their consumer gear, but yeah it stops there

Wait I was thinking the actual HP computers 😂

“Lets clean the fans to fix thermal throttling” often involves complete dissessambing the laptop including keyboard and top parts too

I have some EliteDesk's sat in a bag. I was going to get them running WireGuard or something but I might just get another small form factor thing

Don't really want to deal with HP stuff if they're that bad

Apparently HP makes enterprise printers

and on the topic of hinges, had a sister who’s HP had ribbon cable failure due to the hinges lol

That is actually insane

Did it run through the hinge???

I don't even want to look at what else they offer

mhmm it only had two hinges as the only connections between the two halfs

her failure made the LCD fail in weird ways depending on position

normal use

I'm only now thinking about how that's the only connection between the screen and the MOBO yeah

mhmm

Never even thought about that lol

Listen, I don't do much hardware stuff

it’s okie, I’m much more a software kinda gal beyond retro hardware but yeah I do have to fix friends and family hardware from time to time

They may have good tape libraries or tape carriages though

although lol I did buy this PowerEdge server so I could do hardware on the same things I administrated remotely at work

brb

An HP tape would go hard

That's taking homelabbing to the next level

I still need to set one up lmao

It’s massive overkill for most, but if my SO wants to run three video encoding VMs at the same time, it can handle it lol

That's awesome

I just wanna run Jellyfin and Wireguard (so I can use the Jellyfin remotely) and my crappy old Gigabyte laptop does the trick

Here’s average load back when it was on ESXi/vSphere:

It’s a Proxmox server now

147 GB used the dream

dual Xeon CPUs

haha yeah, pretty insane

I need to learn Proxmox

but my SO insists to use GUIs on all his VMs so that’s part of it

I've not set it up before but I've used it at least 🙃

he hasn’t learned the art of actually creating a proper “server” so to speak lol

Any good resources outside of just jumping in and doing it?

Hands on is usually my approach to learning something new

If you have experience with virt-manager on Linux or UTM on macOS/iOS then you basically already have Proxmox experience. It’s just qemu/kvm built out into a full vSphere like solution

Ah cool

I don't have experience with either 😶‍🌫️
Just VirtualBox, but I know I gotta expand what I'm able to set up by myself

if you have any qemu/kvm knowledge, it will directly transfer, but yeah, not quite as easy as ESXi but sure is more cost effective

VirtualBox == Oracle 🤢

Plus I had a terrible time with it in the past lol

Part of the reason I wanted to get into ProxMox-ing it all

Totally fair!

Much prefer FOSS stuff, but yeah I'll take a looksee at virt-manager first

Then get my hands dirty with Proxmox

Yeah virt-manager if you are on Linux is the perfect intro

Beaut, thanks!

same exact systems but on a more local desktop scope

mhmm, no problem!

Just yeah this has virtio drivers for Windows, while these are built into Linux natively. It’s the same sorta thing as VMware tools vs open-vm-tools on Linux and whatever the heck Oracle uses

But yeah follow some guides online for your first couple, which will give you some best practices

Cool cool, might finally get my homelab set up when I move

Nice nice!

What was the big VM thing recently

Like last year

VMware going bust lol

Someone bought Vmware right?

Yeahhh

Yeah Broadcom

They completely screwed the country I'm in with their licensing

it’s gotten so bad they pushed me as a homelab user who was paying them $200 a year for the privilage out too

I now have to take one of two certificates to get those licenses again

Broadcom has caused me nothing but pain

yeah not happing

We're too small to have our own resellers, so we need to talk to the next country over to get anything iirc

(Again I'm not in procurement or anything so I just heard people yelling angrily about Broadcom)

It is sad, because once upon a time $200 for every VMware product license they have was a pretty good deal

but they burned just about every bridge they could, including home lab which is wild

SaaS lifecycle innit

how do people prepare for the certs to get the licenses without the licenses to the software?

I mean I could with what I know now but frick that

Nessus has a similar sort of deal I think? I believe it's a bit more reasonable

iirc it’s not a good deal and I did not consider it for home use

I deployed OpenVAS myself professionally even

Nice

Yee just using the Greenbone Community Containers and a VPS host

I always like seeing a FOSS product being used at the enterprise level, feels less like they're thinking "we paid a lot of money, it must be good!" when they make decisions

It’s enough for us to do quarterly external IP scanning for all clients which is a great check

Very nice

I keep pushing for internal scans too but I need to make more noise to actually have that happen when I’m 800 miles away

Meanwhile I did get Bitwarden deployed and feels good. I’m a loyal user myself, but yeah always going to be some users who struggle

We used to use Nessus for internal scans, it was the type of product where one person had to commit their job to it because it was so confusing for the rest of us

Just better than the non-centralized LastPass we had before lolol

At least it's getting used

Mhmm

We can push password managers as hard as we can, but it comes down to management

Like everything seems to

Yay

Yeah selling to management is always the hardest, took me three years to get the RMM and Email Security products he asked me to research approved

and what do you know, both work phenominically better than our old 2000-2010 era tech there previously

What!!!!

Crazy that when you listen to someone, things actually get done

Our new email security product sees a 10x reduction in spam and phishing email remediation for clients

same product I’ve been asking for for years, and glad it’s worked out so well

Can I ask what it is?

Literally on the order of 30 requests to 3 requests in a two week period

Eh I try to be cagey with this stuff but sure

No worries

We used dedicated Barracuda Email Gateway servers and moved to Avanan (Now Checkpoint Harmony Email & Collaboration). Although to be fair, not everyone was moved over to O365 when we were considering options which is a key factor for Avanan which is completely API based

Ah checkpoint yeah, I've had a bit of experience with it.

I can’t speak for the rest of their product line what so ever, but they acquired this company and it is still great

I see a lot of email security products flaunting their AI integration now. I'm not too sure how well that's going to go but if the spam has a visible reduction that's always a win

They basically invented the API driven anti-phishing model back in 2015

so this just works with the Microsoft Defender ERP or whatever and checks behind it for what is False Positive or what Microsoft misses completely

Sounds nice

Yeah this does have “AI features” but mostly it just shows you its reasoning in the natural text recognition for why something was flagged as possible credential stealing and etc

It's nice when 'AI Driven' isn't their main selling point

also unlike our old solution…. this shows us headers!!!

But ofc that's where a lot of money is atm

Woah, maybe I'll start requesting it

I do love seeing some headers

That's cool and all but I feel like people knowing that "ai is checking for them" will let their guard down

Outside of just checking the .eml myself

Yeah there are times when I still need to download and check in PhishTool for better formatting, but most of the time, the built in stuff is fine… but also I mean it least us download the email natively as well, also a new feature to us

vs getting into their account via OWA or whatever and saving the email or headers ourselves

Oh my lord

Haha indeed

Hell o

"Hey this is Silas, yeah real quick what's your password so I can check that email? Haha k thx bye"

Ominous

Hello

And absolutely, but ultimately this has helped literally by an order of magnitude as I mentioned

If it works, it works

30 phishing tickets every two weeks has become 3 tickets at times

That's a great selling point. We have quite a few clients so the phishing/spam is like... 33% of tickets some days

If some big campaign comes in

Sounds about right, and yeah as the sole infosec person I just accidentally made phishing my job, so it’s a huge relief to me

Need a Gone Phishing hat then

lol ugh

Yo

Ello ello

I am on Thm

Greets

It was really annoying when they’d report our simulated phishing campaigns to us and not use the buttons we gave the to do so

at walking an application

we’ve um, largely stopped doing that

You're preaching to the choir lol. At the moment the phishing simulation is getting picked up by the brand new email security some of the clients have. It's a pain.

Good luck

if you have a question about the room you should try out #room-help

hah, at least our solution was smart enough to know it’s simuated phishing via the same headers I check and just knew what’s up, with some rare exceptions

I gotta fix that, huh

but lol it easily got to the point I could spot them without even looking at headers. I still always checked to be sure though

Same, depending on the service you use for the simulated emails, some of them stand out so easily once you're used to it

our solution always had the tracking pixel at bottom left, blocked by our email settings

Nice

Mhmm it was just for the “Email was Opened” tracking for our campaigns

although it was always ouch to see the users who checked every box and fell for the fake phishing

We've had issues with links being 'clicked' by the security solutions for ages. Might ask if I can have a shot at it and just check for the very obvious "This is a simulated email" header to add as an exception

Oh that’s wild, yeah our solution as soon as it saw the headers for this knew it was simulated phishing and didn’t even bother, even when Microsoft flagged it

Whoever set it up just didn't configure it I reckon

And no one has bothered to do it. Might step up and suggest I give it a shot, should be easy enough

at least for Checkpoint/Avanan it was just working natively, but fair we did have to do some fiddling to ensure this solution always overrode Microsoft

That's part of the fun ig

Just have to have the Mail Transport rules in the right order

Yeah Microsoft giveth and it taketh away, pain in the butt to deal with overriding what they have to say

I do not envy anyone who just uses native MS Defender for their email

It's... fine?

I guess

lol ouch

But yeah just defender isn't enough imo

I just see how often our system slaps Microsoft’s hands and says no this is a False Positive, or the opposite, that it’s funny

Sorry I didn't mean for that to come off as rude 😅 I was just thinking about the clients that only use defender

Nah you’re more than fine lol

I love complaining about MSP level tech lol

how are there so many phishing emails

Because of “About Us” sections on business websites and more

Once I get everyone onto the same email security provider... And onto exchange, I'll feel like I can make a start

Phishing kits are easy to buy, and once you compromise one account you can jump from there and keep going

I guess

Yeah gotta get that consistant stack or else it’s a bit of a nightmare

and yep that too

Hello all

Ello 👋

lol I loved that Twitter post over the weekend complaining about Evilginx

I'm looking to grab a duds ip can anyone help?

Nope

What was the post lol. Evilginx is great!

hilarious

Yo what's up guys

Wait till ol' Tom finds out about metasploit

lol indeed

Any good hacking tools?

Hahahahaha this is hilarious

I’ve seen some parody posts where people say the same to joke about ROT-26 libraries

We ain't helping you 'grab a dude's IP' lol

Fine

That would be illegal.

And against our community rules

What if that dude bullied my sister to the point she comited suicide? I just need you to show me how

Oh

Can we ping mods, instead of interacting please. 🙂

The police would be your first port of call.

Was tempted as heck to say the same, thanks

Yea good point but jail isnt enough i judge them myself

Then you're doing illegal stuff.

Two wrongs don't make it right. 🙂

But two rights do make a left

A surprising number of people misunderstand what exactly GitHub is

Evilginx though, love the name, such a fun convention like evil-winrm and the other cute ones

That would be three.

Ok thanks for even responding to me bye guys

2 rights would be 180°

shh I was close enough Scrubz lol

it’s like 4am :p

Two rights make a U

It's like that wee tiktok trend where everyone did a 360, not a 180

Really ground my gears I tell you what

I love those posts about “just give me the download, I can’t be asked to figure out how to compile”… when there’s the Releases section right there

They get like awfully pissed, it’s funny

People losing their minds over having to enter more than one command into the terminal to make a thing happen

"I just want a solution I don't want to do any work" type beat

can you please tell me why I’m connected to openvpn but I can’t access machines ?

What do you mean it's not all sudo apt get?

it was sudo apt get all along

Can you ping 10.10.10.10? If not please consult #site-support

yes I can

Then youre connected to THM

What are you having issues with?

I’m connected but when I’m trying to start a machine it wont and when I click on Access machines I’m disconnected

Access machine page is broken for some users.

Not all machine boot up a split screen

is there specifics to "some users"

If you're uncertain whether or not a machine is loaded you can check the top of the room page you tried to activate it in to see if there's a machine IP.

User A might see a connection successful, User B might.

C not
D not
E yes
D nor

yeah but like why

Oh Broadcom strikes again

¯_(ツ)_/¯

ok thanks I’m connected!!

You need to make an account on broadcom

Yes it’s as Gaww says and Broadcom is the new owners of VMware

Yes, you'll need to set up credentials on Broadcom to access VMWare as far as I know

yes as Scrubz says

or both rather lol

Unfortunately not

Yep no worries

we wish it wasn’t the case but it is lol

I've never had more trouble with any web interface than I've had with broadcom

My VMware ESXi/vSphere server is now a Proxmox server thanks to their changes

Fun fact.

Old installers for VMware pro can be upgraded to the latest VMware

https://tenor.com/view/anakin-skywalker-i-hate-them-star-wars-no-nope-gif-12872946

im looking for a php file upload code

Can you elaborate?

What ya doing?

web pentest

Like..

Where?

Can't just ask for PHP file upload code and not give us what you're attacking

on a website which im workin on

Is this work?

(plus THM actually teaches you about this)

vmware is stupppiddd

the best is virtualboxxx

gross lol

vmware

i use

bad take even after Broadcom, Oracle is objectively worse, but it’s sad both are now in the pits

Oh boy.

You'd think Oracle would take advantage of that....

Instead of going the other way.

Race to the bottom

They couldn’t if their life depended on it, especially experiencing their actual professional grade software in line of business

Is there a good alternative to them by the way?

to either you mean?

Or is it a choice between two piles of garbage

Yeah for hypervisor

qemu/kvm all the way

aka Proxmox or virt-manager or UTM on macOS/iOS

so many interfaces for this same tech stack

either emulation or full virtualization

I'll look into it. All my stuff is written using VB as primary hypervisor but if Qemu is more approachable I'll switch over

ive sent great guide for setting up qemu somewhere here

yeah it’s great as long as it’s Win XP and up basically

I've been converted to proxmox tonight, big ups

i have interupted sleep

I assume it can do custom internalized networks and blah blah all the fun stuff for lab setup

just need the virtio drivers for Windows from Red Hat basically

check this @mellow gull

Try not thinking

🎉 Gaww for being blue

mhmm you can with all, with varying levels of difficulty

hmm, tried

Well if you tried you failed

Proxmox will be easiest, but some existing level of qemu/kvm basics and Linux networking helps tons

Gotta watch the tv that is your brain

Thanks, will bookmark for later. I'll finish my current track with VB then do some conversion for Qemu alternatives when I switch over in the future.

Gave +1 Rep to @rugged kayak (current: #325 - 18)

If you’re on Linux dekstop virt-manager is the easiest way to get started

https://tenor.com/view/vmware-virtualbox-vs-gif-23531880

no

vbox my beloved

I can count on 0 hands how many times I’ve been asked to use Virtualbox professionally

It'll probably be windows OS for bare metal main host just for ease of use

Big pigeon

compared to administrating 11 VMware ESXi servers for my job

pimgeon!!!!

but one quick not if you are on laptop you will not be able to setup bridge network

Really? Any reason why?

Had to edit because one was a vSphere cluster lol

I would not recommend anyone get deep into VMware now, but it’s still much more valuable knowledge. but for homelab, go qemu/kvm based solutions all day

Is the WNA on a laptop inherently different from one on a - ahhh it's wireless in general

Proxmox is good?

Yes I run it on an enterprise grade server after migrating from ESXi

we even saw a performance increase on the VMs

Well there are very few reasons to use bridged for most of my use cases anyways so it's not a big deal.

I am working with some student in IT infrastructure , to build A VDI cloud provider 🙂 we been thinking on using ESXI , or proxmox

If it’s for education especially, you can’t beat free with Proxmox

ESXi’s free licenses are very much jumping through hoops and being limited on how many vCPUs and other resources you can assign, if the free version even still exists

i think proxmox good

Free don't exist anymore

yeah not suprised

The Broadcom deal was a disaster

If you want to post embedded links you need to verify.

You obviously did not.

Or else you’d have a pretty color like us

/ verify with discord token from site

but do it in bot commands not to leak token here

Yeah i guess we will stick to implement proxmox , as Vmware ESXI can cost up to 500$ with all the extra licence needed

Mhmm, if you asked me two to three years ago I would have been all about ESXi and told you how to get cheaper licenses than that, but no they burned both business and homelab users and everyone is moving on. Proxmox and similar are the way foward

That's not verification.

Please read the link we posted.

#bot-commands

Thanks 🙏

Gave +1 Rep to @sinful moon (current: #34 - 267)

I was paying $200 a year for VMware User Group Advantage, but nope, Broadcom decided you had to get one of two VMware Certs to even qualify for the licenses you’re paying for

Alternatively you can DM the bot the command.

Has anyone here applied for the YouTube content creator job ?

I'm sure people have.

Alright I’m headed to bed, goodnight everyone!

Doesn't have to be in #bot-commands

Good night Eliza

Why you pingin' me, I wasn't the one who said it had to be there

Verified email?

Oh, this might be something I dealt with

Broadcom has two different login domains

Although I'm pretty sure that's the right one

https://www.virtualbox.org/wiki/Downloads

hehe

Yeah it kinda sucks.
You can try using your email as your username, that ended up being what I had to do

@chilly cobalt ^

thank you

I wonder

What the best nmap flags are

For CTFs

(easy/medium CTFs)

nmap -Pn -sV <ip> -min-rate 50000

that's my goto

I currently do rustscan -a $tip --ulimit 15000 -- -sCV -A -O -oN rustscan_proper

I export tip

I never use rustscan as it can break some machines

interesting

Yet to happen to me

Rustscan and Feroxbuster

500000 is insane

as min rate?

not really

i dont go over 10000

500k packets per second can dos some machines

ah, one 0 too many, my eyes are tired, I read it as 50k

50k okay but 500k

lmao

It's not a real machine, it doesn't have feelings

Search VMware workstation pro and download it

I don't remember it perfectly. You should have a GUI where you can do a product search, look up what Scrubz just said

The page is... Wonky, but straightforward

Get the personal one.

Morning everyone, hope you're all doing well

That one.

Good morning 👋

Morn

That's the two I use lmao

2018 ahh video💔💔🕊️🕊️

Yeah, the can know CTF boxes offline for a bit

This one

This one

I keep getting my brackets mixed up >:-|

I used to do this too, idk how I rem them now

What's up with wpscan btw
Since when was No WPScan API Token give, as a result vulnerability data has not bee output. a thing

If you can't sign in, you can't download it?

Yeah, that's how it is.

Once more, your username is your email

Use email

+rep @sick lance

Gave +1 Rep to @sick lance (current: #1 - 3252)

Search yt there’s vids showing how to sign up, sign in, download, and install.

No now that they're signed in they can just click the link Scrubz embedded

It'll go to the right page

Yepp

Such a pain compared to how you used to get it

I usually just use one of wayback machine and then have it auto update

Yes, the top one is fine.

Most recent release is fine

Knew it was coming

Yes

Lol, you called it

Yup

Should delete that, just doxed your email

Yeah broadcom sucks

what a hassle is this

it is a right PITA

Broadcom policy

How do you organize your own "cheat sheet" of commands and wordlists for tools, do you have one long txt with everything, or is it divided into tools/technologies/targets? Im trying to get a bit more oranized

Look forward to it doing weird things to your network interface configuration when you set up vmnet too

Ok this bricks CTF is testing me

One cheatsheet per tool

bread is so glutenous

Everyone's gonna give you a different answer. I break things down into the different phases of the cyber kill chain like recon, scanning, enumeration, post-exploitation, whatever, and have subfolders, resources, and cheat sheets/guides for different tools as they relate to those parts of the process.

There's also gluten-free bread

Unless it isn't sold near you

You implying the general reader

What do you mean. Like, other hypervisors?

🕊️🕊️

Did i kill chat 🥺🥺

Oracle/VirtualBox, Qemu, Hyper-V... There's a couple others.

Apparently people here really like Qemu

my preference is KVM

virtualbox