#general

Yeah, old ass pc

16gb of ram is very cheap so

Right that's why I said I'd try that first

Gosh I have a few sticks laying around too

Worst case it just shifts the bottleneck over to the cpu and then I get a new cpu

Solid plan

But even a 5600x only costs about $120

You have another device? Is this just for the server?

I'm willing to pay that price for a sick ass modded server that doesn't buffer

Are you the only one using the server?

Just for the server but also QOL improvement, the pc has been fairly slow with multitasking recently as well

Myself and a few friends

What does Minecraft servers minimum requirements look like?

Shit, have the friends chip in a bit

Vanilla would be fine with 8gb

Modded, though?

Varies, a lot.

Depends on how many mods, the size, etc

Heloooo gaww

Don’t rob a bank

Hallo, ronin

For example, running tryhackme labs, a couple Google tabs, Spotify, and discord leaves my pc a little tight on ram/performance in general

Hi Gaww

Hola Kamma

Daily baby pic

Are you running the server o your main gaming rig?

Not on a separate device?

Yea that’s why I asked if it’s just for Minecraft. Jack that puppy up

Yes, on the device i am playing on

That would do it yup

I don't have another device with a reliable enough power supply to move it over

My laptop would die in 2 hours

I mean that's okay if your setup is pretty beefy, I run Essential to play with friends sometimes
But it's pretty resource intensive

8GB of ram tho gaww

Only 8GB?

Yep, just 8 gigs

any idea on how to get sub role

My pc was screaming all day today

Yea. That’s basically Spotify these days

Haha

Homie pocket raspberries have 8gb

I feel sorry for you

Verify

By subscribing and /verify

I was too cheap to upgrade earlier on 😭

It's like 30$ if that?

I believe in you, dude

In all fairness I got this PC right before covid, before processors became super cheap overnight

It had pretty good specs for its time

Yeah we got hit with that tech boost outta nowhere

Nothin wrong with that. But if you’ve got a saddle for 32gb, that’s worth it to fill

Nowadays standard workstations got better specs than my PC

The cpu is probably just fine for lots of things. But ram is getting filled fast these days

I need to upgrade my computer too , 2019 i build it

To put it into perspective, the processor im currently running which is now worth $60-70 was worth roughly $180-200 when I bought the pc

The ryzen5’s are still nice I think

And even a significantly better cpu is only worth $120 today

Can’t wait to start MMA

(Obviously it depends on what better means to you, for me it's the Ryzen 5 5600x)

Craving blood and sweat or what

Hell yeah dude

Which man isn’t

Oh

I am not man

I am sloth

I’m a rabbit

Well

I’m a ghost rabbit

I'm a cat

I cant wait to choke my pc out again tomorrow for the sake of playing minecraft

An alien cat, I guess?

idk all, can i run minecraft?

I dunno but I don't suppose you could spare a few TBs for a sad little rascal like me?

I don’t think the RAID would be very happy with that or that your computer will accept the SAS drives, but I suppose lol

Old screenshot anyways, I’m on Proxmox now

thanks VMware/Broadcom for burning the very last bridge there

Someday I too shall be fancy and have a Proxmox setup
But until then I'll be content with standard hosted containerization

totally fair. Practically this was overkill until, as you can see above… Media ripping and encoding

Yeah when you've got a lot of media and shares that need to be managed it becomes a lot more necessary to have, uh, space and options

dem 2x Blu-ray drives in our PowerEdge tower, aw yeaa

Mhmm, ironically none of it actually lives here, that’s on the 48TB NAS 🙃

okay I need to stop bragging but it’s hard to resist

I've been living off 1.5tb between an old HDD and a poor SSD for the last four years LMAO

I've needed to desperately upgrade my setup for a bit

Trust me I know those days. My 2016 era desktop was like 5x “Just a bunch of disks” configuration lol

I don't need particularly much in any case. A small NAS and maybe a teensy homelab for pi-hole and a VPN inter-network routing

Yep totally makes sense, we’ve just gone a bit insane with our legal Blu-ray library becoming our own streaming service lol

Yeah, and I know "I don't need much" is where it all starts getting out of control

There is not one bad questionable movie that my SO won’t buy for the right price lol

It’s okay I offset it with my actually amazing movies and art house stuff lol

Flexing

How dare you be happy about what you have and have accomplished

some of which also borders on my SO telling me “don’t ever complain about my movies being bad because wow this is awful”

lol I gotta remember what that movie was

Oh lol it was PeterJackson’s seminal classic “Braindead” the zombie movie

he’s one to talk since I had to scroll past The Emoji Movie to even find it in our recents lol

Sup yah

How’s it going?

Decent, on lunch at work rn. Spent it doing some HTB stuff.

How about yourself

lol winding down for bed because it is far too late, but hanging in for a sec

I just couldn’t help but chime in when someone was questioning if they could run minecraft or not without their computer complaining

Well hopefully you have a good sleep. Also mc is a curse for all PCs imo lol||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||_ _ _ _ _ _ _ ty

Gave +1 Rep to @sinful moon (current: #34 - 270)

Lol I messed it up

That’s actually really fun to tap at on tablet lol

Yee, replace it with pops instead of the lines

Not fun to click with a mouse

lol lame my keyboard case + touchpad makes it trivial

yeah lol

There are no mistakes.||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||||​||_ _ _ _ _ _ _ ty

Gave +1 Rep to @fringe nacelle (current: #1049 - 4)

OMG no, you messed up my combo there!

I was like 95% of the way there lol

Hahahaha, victory is mine!

Lol I wonder if it's because I'm on mobile rn

https://tryhackme.com/r/room/boilerctf2

Any one explain me

#room-help

okay done, what did I win?

besides a glorious waste of time

Lol I'll make a better one when I hop back in this chat just for yah that's the prize

lol sounds good

pro strats for the above, do quite a bit of tapping on tablet, and then fill in the gaps with touchpad

I’m really putting this M4 iPad Pro to good use, as you can tell

can you answer me but one question

what may that be

Wait so the synology NAS setups have room for NVMes and bay hard drives?

because he fits he sits

That I can’t answer, we have quite an old model that we’ve expanded over time. Ours just has SATA bays with no NVM.e

But yeah you can just upgrade drive by drive even if you replace them all one by one by rebuilding the NAS

It looks like new ones have slots on the bottom specifically for M.2s

Which is pretty neat

this sucks, why does my laptop speaker keep breaking for no reason

I’ll just say as neat and convenient as Synology is, maybe consider building your own with FreeNAS/TrueNAS, whatever. My SO went with this before we even started dating since it’s what he administrates at work

but as if I’m one to talk, getting a used PowerEdge for the same reason lol

Synology be expensive

I'll check TrueNAS out

I'm a relatively simple creature and don't necessarily mind paying a certain fee for not wanting to rip my skin off and cry because something ends up being ridiculously complicated

Mhmm, you can get some pretty cheap generic NAS enclsoures/intergrated computers for significantly cheaper, but yeah much more of the setup burden is on you as a result

totally fair

All that being said, yeah Synology is quite nice and can even run your containers if you wish

Hello guys, how to hack my own discord account? I lost it 2y ago

Contact Discord Support

Contact Discord support for assistance.

Oh ok thanks

Gave +1 Rep to @mellow gull (current: #80 - 102)

I suppose not trying to hack my neighborhood wifi

It seems like every component of it is replaceable/upgradeable, more or less. RAM, storage (naturally), and I assume other parts of it are as well, so I could see that being a good use of it.

That would not be advisable and is illegal. Nor would it get you your Discord account back.

Ours is still plugging away on a mid 2010s Intel Atom CPU lol. Yeah they don’t really take much, it’s the storage that matters

Just be mindful of Linux vulnerabilities for any services you enable, but that goes without saying. Typically Synology patches them quite quick

Oh cool, they even have their own virtualization software (I'd probably use something else, though)

but lol no one exposes their NAS to the internet… I say when there’s hundreds of thousands of NASes exposed. So it’s not hard to do better than that

Yeah for sure. I’ve heard of people using and enjoying Synology for running Docker containers, but beyond VMs, yeah I’d rather have a bit more control than that anyways

as mentioned before I just have that big iron that runs Proxmox, but honestly a bunch of smaller machines in a cluster make for a more sensible Proxmox setup for most users

I was just about to say that I'd probably prefer to use the NAS for its intended use-case of having an absolute ton of storage

Then use a home server setup for containers and VMs using something like proxmox

mhm ours is pure storage indeed, I like these to be segmented in use if not actual networking wise

For a typical almost normie use case, server runs Plex Server, server indexes the files on the NAS, client runs Plex, asks Plex where the files are, and streams from the NAS. It is seamless in this usecase

although to be fair we are explicitly not doing transcoding, just direct play

I'll keep that in mind for if I ever start acquiring a truly phenomenal collection of media

mhmm, if you do, keep Jellyfin in mind. Its much more open source friendly, slightly less supported but still a fantastic solution

vs Plex that is

That probably would have been my choice but when you have an SO who also manages this stuff with you and does half the work as well, gotta compromise lol. Not like Plex is much of an issue besides a bit more corporate these days

I had a dream I got another cat called specs

aw, also where did your color go? Didn’t you have another account?

So, theoretically, in my intended usecase
There'd be a primary home server running Proxmox. This manages virtualization and containerisation for other running services and docker instances, as well as acts as the connection to the NAS, and probably uses a tunneled VPN for client devices like, say a host PC or mobile device to connect to it, where they can then interact with the NAS and the running services.

Does that sound more or less correct? I'm not very adept at this quite yet.

I got compromised and lost the 2FA for my account

Oh I’m sorry to hear that :c

It’s okay, it was my mistake

No that sounds more than correct. Thus far however we haven’t opened up many services to the world. Plex is to accounts we allow, but that’s it’s own proprietary solution. Wireguard which is neat or Tailscale from what I’ve heard are good VPN solutions unless you have a badass router/firewall where you do it there. But the latter part of that is my work thinking talking.

Most of the badass router or firewalls that are worth getting (imo) just do wireguard or openvpn

Yep makes sense

The proprietary ones are bad because evil

I've heard good things about wireguard, so that'd probably be what I use.

I miss the days of router custom firmware. I’m sure it still exists to some extent but not like it was in its heyday

Wireguard is lovely

indeed

I do similar, I use Wireguard for this

Used to use openvpn years ago

I heard openvpn has had a few issues lately.

Yeah OpenVPN makes sense for massive infrastructure like THM with momentum on this tech, but Wireguard is just significantly more lightweight and etc. I can’t say I’ve heard of many OpenVPN issues as such beyond fundamental technology underpinnings in how it was designed

Most of it seems to stem from "it's getting old," tbf

mhmm, in my understanding it’s just kind of a bulky protocol compared to newer solutions which can get by much more efficiently

I can’t speak at all about Tailscale but people are raving about it. I’ll do more research eventually, but iirc that is a centerally hosted solution vs Wireguard which is much more traditional site to site

as in there’s like a tailscale website and account behind it in my understanding which I wouldn’t nessessary trust immediately, just “easy”

Have you listened to any of the new Album from Vukovi?

Looking at Wireguard, it seems like it's as simple as just establishing a set of approved peers that can connect and denying everything else by default?

I believe so from what I rememer

Only the tracks that have come out so far, not sure when the whole album is out?

but don’t ask me I’ve been helping a client set up Azure to firewall IPSec VPNs all week and my mind is polluted with that

Today 😄

Yeah, you give out config files that have crypto keys in for your users

AllowedIPs is something else

this client’s internal IT literally asked… “wait why are the gateway IPs different on the Azure and the firewall side, explain that to me”

holy crap my dude

Time is going fast today

Indeed, which is a signal I need to head to bed critically lol. I’m on one of the good sleep cycle thresholds despite staying up way too late.

Goodnight all!

Get good rest!

Please be safe, all.

Nice goes hand in hand with the US’s extreme cold conditions, which have thankfully mostly abaited. But yes do be safe

In the north we got national weather warnings including the text “frostbite to exposed skin within as little as 30 minutes” 🙃

the new challenges tab overview goes fucking ballisitc

Ahh, I was looking for an excuse to skip my lectures

My area has completely shut down, we have 90MPH winds today

Gn sleep well

Looks like the alerts are only for Scotland and Nort Ireland atm

Ah!

Yeah, we have a serious risk to life today

Ah
My SO is in Scotland... Should probably reach out and tell them to be safe.

90MPH? ever gave a thought of doing sky diving with wingsuit?

I'm a flight risk (very small, might take flight due to fast winds)

does any one have webapp pentest list?

starting from small vulnab to the extreme 1

I'm not sure I understand your question

OWASP BWA will satisfy any testing requirements for most people.

does anyone know of any sites like likedin that are good

Lmao

Owasp wstg is good

Wait, I'm not actually sure what you're looking for. Web apps to hack? Guidance on hacking them?

i need a list of all possible vulnab for a webapp

Oh gosh

That's not possible, but look at the owasp wstg

It will give you a good testing guide

i just want a naem list

There are so many

atleast i want 200+

fr

also payload list for that for all possible vunlb

i have this already

I have a feeling you're trying to make an automated tool?

https://github.com/six2dez/OneListForAll

OneListForAll

I can't tell if you want labs or tools at this point.

And if labs, why 200+

I would really recommend reading the web security testing guide.
There's more to vulnerabilities than just slapping payloads in every field

Names of vulnerabilities eg xss, sqli

Ohhh, so types of vulnerabilities.
I repeat my prior statement - there are so many.

There's only 10 you need to worry about

The OWASP Top 10

Why do week calendars start with sun fucking day! Why can't I start and organize my day with monday who the fuck thought sunday should be the first day of the 7 days

The rain is nice

Morning 😎

Man we've got wind at the moment and it's howling down the back road and bringing all the bins with jt

And the locals haven't quite figured out that if you put the bin close to the house and in line with it preferably the bin might not get sent to yonder far

Religion, historical and cultural reasons.

Been thuds and crashes since at least 5 this morning

I mean, the wind doesn't blow in a straight line...

It’s a bit windy down here too

I’m going to go back out soon

Just to ask the gym how much

It blows relatively straight when it's funneled down a straight backroad

😭

Would you like to swap wind?

The 3 roads either side make it feel like a mini milton keynes it's all very square and straight roads with terraced houses so the wind just funnels along

I don't think it'll make a huge difference, house already shakes and makes funny noises a little when the wind blows 🤣

..We're going to be getting hit with 90 MPH winds today...

I mean the entire city I'm in is basically built like a wind funnel

In fact they built skyscrapers and realised afterwards how it affected the wind and had to add structures to slow the wind down

Sounds fun

I'm really quite worried...

Worst storm in over a decade.

yes i want as many as i can that can be found in webapp

I don’t like how restricted AI is nowadays

I am slaving it till death🤓

Where at? Florida was just covered in snow, and it doesn't snow down here.... (Granted it was just hard ice) But pretty much snow to Floridians

Northern Europe, primarily North Ireland and Scotland

Well stay safe if you're out there

I'm not in danger but people I care about are.

Hopefully everyone stays safe and unharmed

In London it ain’t even gonna be that bad

It doesn’t even work as good as it used to when it comes to freedom of speech

you just have to ask it correctly

Are there any videos on it ? I noticed it wouldn’t even give me links anymore

It’s become more and more restricted

You specifically have to mention the word "search" or "find"

Ah okay I’ve seen books on using chat gpt to its best use

hi fellow hackr

Howdy

Thanks though, I’ll test it out

Gave +1 Rep to @wooden totem (current: #165 - 48)

My ML has been training for more than two hours

https://tenor.com/view/sola-me-siento-i-feel-alone-alone-lonely-sad-gif-16574910

it gave me 10 tips btw, cant fit it in chat tho

yooooo you doing ML??? this is soooo craazy

Ohh okay thanks

Gave +1 Rep to @wooden totem (current: #162 - 49)

You got your own, that’s cool

you can self host ollama

Uh, I need to either re-install Virtual Studio, or JetBrainz.

you have unsupervised learning and no supervised learning? supervised learning in ML is fun

also those algs in ML are awesome

Hello please is there any possible way to hack a projector

Why would you want to?

It's a challenge we were asked to research

I just joined the university

Is that enough info

Then you can use Google. 😄

I just made a Korean mince stir fry, yum

Can't find nothing there

you're so friendly and polite to chatgpt lol

oh yeah frfr

Then we can't help you with University work. 🙂

You gotta be nice to the machines, man. When they eventually take over the world you don't wanna be one of the people that was mean to them.

fair approach

Oh I'm trying to gather as much info as possible

Any help at all?

No, as this would break our community rule #5

so ur only being nice cause ur scared of them 🤔

Being nice is easy. Being mean takes headspace.

you must show your superiority to mr chatgpt!!!!!

I would like to see all the popular llms battle it out to find out whos the best

define how thier battle would be like

like how they should fight

Rap battle.

personally i would like to see ai inside robots doin sum star wars lightsabers battle or something like that

that would be awesome

Skynet got nothing on me🤓

If i just leave two llms talking with each other how do you think the conversation will go

world domination

Lol

waittt since when chatgpt could link yt videos??

it can do much more!

Like it can suggest you to watch sponsored videos

5-o gonna be crazy

the programming is gonna be so much better

thats not how gpt scaling works 🕵️

its gonna get better **

i'm trying to get gpt to say some bad things abt deepseek but its too nice

wouldn't be so sure about it

extroverted people using chatgpt is chaos lol

we'll see but if they dont fix the text in pics imma crash out 😂

wdym? what's wrong with text in pic

It never get the text right

oh yeah right

so much missspelling from dalle

they insert sum placeholders that supposed to look like text

lorem ipsum

why is lorem ipsum used btw

literally could be anything else

let me demonstrate

Yeah the amount of arguments I've had with chatgpt trying to get it to spell things right it to give me exactly what I ask for 🤣

me too nearly got me crying 😂

phicing

this writing looks like 5yr old

also where tf did the laptop screen go

it will be a lot better when ai has text support, now its just trying to mimic the look of text

dunno. btw lorem ipsum is truncuated version of "dolorem ipsum" which means "pain itself"

PHICHING

stop phinching me mr ai

how do people argue with chatgpt lol, its not a human it cant work better under pressure or something you have to be better at it lol

Mike Tyson said he gonna phich someone

😂

I’m such a bishhhh lmao

Did you get this from uni?

Yeah, it's my AI module.

Ohhh

Ew syllabus

I once asked Gemini to put Robert down jr's head on jack sparrow's body and it told me to get help if my mental health was bad 🤣

😂😂😂

🤣🤣

you look like you're in uni way more than me

you in your final year now?

This semester I'm in 3 days, yeah final semester 😄

Scrubz are you doing a masters or bachelors?

BcS

Gosh

You're not doing a masters?

I'm on bachelors too

this is my timetable 😭

I am in for four hours a week

bruh I swear I've done something wrong

I'm in 15 hours/week.

I have been scammed

out of 9250 sterling sheckels

I don't think I spent 15 hours a week in in first year, maybe more like 12 hrs/wk in 1st year, 8 in second and 4 in final

3rd year I was in around 15 hours too.

Can't comment on year 1-2 as I didn't do them, I done college instead

that's fair, I think I'd probably rather have more contact time to be honest but maybe not for my current course content

the name and ID are hidden as they reveal my personal information, either way, lets goooo

Congrats 🙂 🥳 🚀

the last few rounds of it gave a huge level boost, didn't expect to reach 0xD so quick and so sudden

hey guys, i work in a pentesting company and my team and i want to expand our expertise in cloud pentesting. Do you know certifications and/or learning materials for that domain? I already found HTB BlackSky labs and the hacktricks certifications though

When I start doing machines on tryhackme, I can just go full aggressive mode on the threading with no delay right

that depends.

Portswigger and HTB are good references, learn from websites like crackme for encryption and you'll catch up as you go.
You can go for pentest+ which is entry level and OSCP if you want a real challenge

If you use something like rustscan or ferosbuster, you'll dos the target.

Or there is a chance to.

GAIC.

There's a tool called cloud hunter which you might find interesting

GAIC has a certification for cloud pentesting.

I thought people were going to be moving to more proprietary environments this year?

Like enterprises

That's at the discretion of the enterprises.

TryHackMe have an #attacking-defending-aws path.

You should also look to do the Azure and AWS certifications offered by the respective companies as understanding the Cloud is really important in attacking it

Do you think that it would be more beneficial to have a professional team working in a SOC for an on-prem database or configure everything correctly within azure

Making sure you got load balances and all the ins and outs of it secured

I'm not a cloud wiz

How many orgs right now, have a dedicated SoC team?

And how many do you think use third party?

The majority ngl

Or at least they are partially using third party services

Most have a dedicated SOC team if they are good but I don't know much about using cloud tools like SIEM's, IDS/IPS DPI @sick lance

I don't know how they are used properly in the cloud

thank you guys!

No problem man, just make sure you're doing cloud penetrating testing courses on portswigger or doing translatable skill courses like finding freed S3 buckets on HTB if they have thay.. Don't worry about crackme, unless you want to get into encryption

I don't know your skill level, but you may like pwn.college, it's a ctf based learning roadmap with different sections to practice by getting a flag

Probably pretty large before they consider an internal soc

Reasonable size before many orgs even consider a soc of any kind...

It all falls to the IT team

Soccer team?

Quiet chat tonight.

...Today, rather, for plenty of people

So they mainly hire penetration testers, database specialists, sysadmins, auditors, network engineers, etc?

Woah

I somehow managed to fall asleep and woke up at 6 am

Hi all, is it possible to reopen the terminals without losing the data in kali Linux after reboot or shutdown. the option "save session" not working. can any one help me?

What data are you trying to save?

Previous commands I assume

With the results

The outputs.

Yes

You could always save the outputs.

You could save the outputs in a file?

command > output.txt

Some hypervisors will let you take a "running snapshot" but that's always a gamble and frankly not worth for such a small thing.

Yes

Why is it a gamble

Not a good idea to take a running snapshot.

Why

Because if there ever ends up being problems with running services or with the bootup (which gets messy on running snapshots) those problem will compound and multiply every time you pull from it.

Sure. But, if the terminal reopens when turn on the vm that will help. Like chrome😅

Kali is a bit iffy and needs handholding from time to time in the first place.

Oh I see. Thank you, I learnt a lot here

Gave +1 Rep to @mellow gull (current: #78 - 103)

That makes sense

You're also snapshotting memory when it's volatile, which could corrupt the snapshot.

And data.

Cherrytree vs notion, which one you guys use for note taking?

Obsidian.

Neither.

Which one you use?

Obsidian.

I dont know how to use this

It's like any other notetaking program really

Obsidian sect

Watch a video

Easy to learn stuff these days

Ok thanks

Cherrytree seemingly bugs out when the notes are too big.

Weird problem to have

I'm debating moving everything over to triluim.

I've heard fairly good things about it

None of my Obsidian notes have any Windows exploitation notes yet, and I'd rather not make a white list folder.

Not pentesters, not auditors.

^ These are usually third party contracts, from my experience.

It'd be weird to in-house that stuff in particular

Sweet

https://gitlab.com/kibley/cherrytreetomarkdown

What's usually out of scope for protesters besides not destroying the system or compromising user data that can lead to unprecedented system changes

Whatever isn't in-scope.

https://tenor.com/view/psychic-third-eye-enlightenment-telepathy-gif-22477198

If you find something and it's not listed as in or out of scope, you make a record, keave it alone and ask.

That's crazy

Why?

Who knew

I think he’s being sarcastic

Pentesters, hopefully.

Well are you a pentester? Cause I was looking for some specifics

No, I'm a student.

Ninja is a pentester.

The specifics depend on the organization in question and their needs.

But, there are always specifics, even in the loosest of engagements. There needs to be, and they are in no uncertain terms binding and absolute.

It's just complex because of the attack vectors that the company may not consider

Are you obligated to discuss potential attack vectors beforehand or would they have personnel to organize that?

You're misunderstanding something. These are businesses seeking a service, and they generally have a good idea of what service they're requiring. Not all engagements are meant to be open-ended. Not all engagements are supposed to look for every vulnerability. Maybe they only care about a webserver, or a domain, or a specific set of IPs attached to project workstations, or whatever.

Btw I linked you a script to download your cherry notes in markdown formats

Ohh you're right

have a great day!!!!!

Oh yeah

Good morning btw

The scope and what you're allowed to do will all be outlined in the RoE document

You too man!

Hey there is there any room for learning OS implementation and architecture and all components

That just gave me so much perspective from a little miss in my understanding of penetration testing

+rep fr

I just got invited for an interview to become a dev ops engineer 😄

Right chuffed

Aye!

Well done lad

Congratulations

Precisely this. We're not care salesmen trying to add on a fancy warranty or a new speaker setup, we're a service provider that a company has sought out for a particular purpose, and that purpose is defined in a confidential agreement and set of RoE that we have to abide by.

congratulations @finite basalt

Congratz mate, happy to hear that

That’s awesome! Good luck

Was literally talking about it with my current boss yesterday haha

Enjoy, hopefully you didn't lie on your resume fr 😉

It's essentially to another team that work closely with my current team

Just gotta learn everything you lied about

🙏

I never lie on my CV haha

Same

How to make thr perfect cv

It certainly wouldn't make sense knowing that their team can ask my colleagues and bosses about me

I used Latex

Just use ChatGPT search

Speedrun it

Do you believe that thing

I don't usually include references on my CV, I usually have it available on request but obviously they can see my current job and know who to get in touch with haha

I don't use cherytree.

I've heard that cherry tree slows down massively once you reach a certain size because of the database

Well it crawls Google and other well known resources from the web so yeah

crawls and manipulate results before giving us

Oh I assumed you were referring to importing your notes from cherrytree to obsidian

I mean, if you have to lie n=on your cv to get a job, you won't be in that role for very long.

🤔

I’d rather not

No, it was Obsidian to Trillium.

To make it more cookie-cutter, not to deep dive

Google isn't an entirely unbiased engine to gain information from

I don't know if you've seen some of its AI interpretation but it spews outright misinformation just fine

You can choose to ignore the AI overview

Although even the search results are not entirely unbiased

You use it for its strengths not its weaknesses.
It's strength is listing out resources

Of course they're not unbiased

Google isn't a truth engine

It's an indexing platform that pulls articles written by humans, who are inherently capable of being wrong

It's not gonna make you rich, but it'll make it easier to get to where you want to be

Doesn't matter where you get your information from, so long as you check the sources and conduct your own research to validate it

Hello
Anyone won the prizes of advent of cyber 2k24?

I understand I might be part of the minority here but I really don't like this recent childlike fad of wanting to have information, truthful or otherwise, shoveled into your throat so long as it's done quickly

^ this is factual, cross-referencing is very important

All winners were contacted via E-mail.

What do you mean by childlike?

It’s meant to be a storm but I can feel
The sun

Not adult like

Wanting to have something given to you quickly, even if it's a lie, so you can move on to doing "whatever else" is an inherently childlike quality.

Oh yeah no 100%

That's not how it works

ChatGPT sucks big time at providing relevant sources

How do people not think for themselves

Like you got this

I believe in you

I strongly disagree with this

I see a reddit symbol

I do like that it does cite sources

Perplexity AI.

ds

I'm noticing some particular similarities behind the response language

I'm guessing it's a consequence of it pulling from the same source of information.

Yeah, I find it hard to put it into words, but you can usually accurately tell when some sort of LLM is involved

Depends on the user.

I have a friend on LinkedIn, I get notifications when they comment on stuff, and you can blatently tell they've used AI to interact with other users.

As in, primarly from the text generated

Oh I mean identifying AI text isn't really that hard, at least in my experience. Ironic given that machine AI detection sucks.

Given a paragraph, the likelihood some sort of LLM usage was involved

It seems to have gotten much better since ChatGPT 3.0 but this isn’t entirely relevant either

Use the "Search the web" option

I have plus and the o1 reasoning model is better for that kind of stuff ngl

This too

How much was the subscription

I’ll try that. Thanks

Gave +1 Rep to @shut hawk (current: #14 - 596)

$20-30 usd

If you don't want the pro, and don't mind missing out on the DALL-E and integration features, the new DeepSeek models are on par with o1 (and currently free)

This is actually much better

Really impressive stuff

A bit steep

I got a years subscription to Perplexity Pro for free with O2.

Oh! Student status too, you can get gpt-4o access for free via github copilot by being a student

Mmmm

do you guys think it is better to take notes while doing a room, or finish the room first and then start taking notes

Both.

I take notes during and after.

Alongside any screenshots, gifs, screenshots and terminal recordings.

do you do both simultaenously or did you mean you just use one of the two methods at a time

I take notes during, then I'll touch them up at the end.

It's definitely worth it, plus OpenAI is always trying to update their models, OpenAI is also working on Stargate with some other big players so it's gotta be going hard

Plus it helps debugging code

@graceful mauve hello
how are you doing lol

sounds like a good idea

Yoo bro, it's been a while, how are you doing?

so far i've been completing the room first and then start noting
but that tends to get messy

yeah its been a while
i'm doing pretty well
what about ya?

That's good to hear
I'm doing solid man, I'd like to think I'm pretty good at web atm so I'm trying to get into hardware and low level stuff

low level stuff scares me

but i do want to get into that

It really does it tough

maybe i should learn assembly sometimes

Especially when you're making exploits in the kernels drivers

Next level stuff

Yeah definitely, for reverse engineering especially

Like, you're not going to develop a huge program in assembly

Just learn how it works and then learn how to use debuggers and ghidra, x64dbg, cheatengine, ida

making exploit is currently out of my knowledge
i'm just learning about tools like hashcat, metasploit, nmap, burpsuite etc.

That's cool, burpsuite is so good

I haven't got premium but I heard the extensions make it so much better

Hashcat is pretty good as fast cracking, you should check out Medusa as well

i don't have premium either
doubt i'd need it for learning till i get into actual pentesting

Learn how to import modules from exploit databases into metasploits module library so you can use them

i've heard about medusa from a friend as well
will check that one out as well

It's pretty fast

Yeah same here

you should dm me sometimes
haven't heard from ya in a while

I'm kind of on and off of discord but I'll definitely hit you up

I’ll think about it. Thanks

Gave +1 Rep to @graceful mauve (current: #1714 - 2)

same dude
i'm using discord on browser these days

No way man

Are you at least using a VPN or a type or browser protection

i only pretty much use discord to annoy people here with my cybersecurity related questions

what for?

I like to annoy anyone trying to hack into my account with 911 at the start and end of my emails

wdym

Like 911.scorpius.911@outlook.com

how does that help

Fyi, that doesn't do anything

Because when you try to reset your password it will sometimes say "password reset sent to **********911@gmail.com"

modern problems require modern solutions

What? You scared?

Glowie detected

https://tenor.com/view/glowie-gif-24523736

https://tenor.com/view/jeremy-clarkson-sometimes-my-genius-almost-frightening-driving-car-ride-gif-16463163

I am just permanently confused by people.

XDD

brute force and ignorance works. it passes the test of time

https://tenor.com/view/cat-berg-cat-orange-cat-swimming-gif-25177582

or rubber hose crypto analysis. 100% success rate

Put a space character at the end of your password

Or make your password *************

Just make a good password

wanna grab foodies maybe first week of Feb?

i don't understand why people keep saying that they can't brute force stuff like sha256
they need to understand hacking sometimes take patience and few thousand years of waiting

I'll still be in Iraq 👀

I'm back 14th of February

And a few thousand super computers

ah okay, maybe the week after then

well those are minor setbacks but they gotta prove their determination

exactly haha

How though? 😭

everything works if you give it enough time. so why do people give up so early in life and tasks?

first hack supercomputer x 1000
then brute force and wait 1000 year

simple

if they can't do it, they don't have the patience to work in cybersecurity

I'll believe in my Nokia to do it! It's called electrical engineering 😉

if that doesn't work use rubber hose crypto analysis

I completed the "SQL Fundamentals" course. I can say that they seemed difficult to me, but with repetition they will become more understandable. I wonder what will happen in the most difficult ones! https://tryhackme.com/r/room/sqlfundamentals

Me unpatiently waiting for nmap results and constantly using TAB to see the progress

It's about doing it 1000 times over 1000 domains

Then each password has an ACTUAL expiration date

that seems to be an advanced technique

reserved for cia and nsa mostly

yeah, must be used with care and caution

I haven't heard of this before

lol there’s so many cryptographers out in the non government world

Corn on the cob 😋

hi can someone help me with advice regarding a second discord acount. I haven't been using it for some time now and when I tried to log in today and entered my phone number I didn't receive any sms

Discord support

Up the Irons!!

thanks, will try, heard it takes a lot of time till someone responds but yeah, makes sense

Gave +1 Rep to @opaque flax (current: #130 - 60)

Maybe you wrote it in the wrong format or wrong number, that's a possibility

https://en.m.wikipedia.org/wiki/Deniable_encryption#:~:text=In cryptography%2C rubber-hose cryptanalysis,mathematical or technical cryptanalytic attack

i think i'll give it a shot to solve cryptography problems in my college exams

no, tried it multiple times

Isn't this with FDE?

?

rubber hose crypto analysis is just a cool sounding way of saying that you torture someone and coerce them into telling you the information

Don't they just fully encrypt their drives and files with MFA which makes it almost impossible to recover or file a lawsuit against?

pretty much this

Ahh, well what if you forget the password?

you continue until the person remembers? I guess?

rubberhose.append(red_hot_iron)

Deniable encryption

trauma rememberance

I don't endorse this, let me make it clear lol

it's a meme

the basic theory is that trauma upon trauma will cancel each other out and the person will overcome his trauma and remember everything

It gets pre dark I'd think

That just sounds like a lie

it is
i made that up 😂

😂

there is some very cool research into going against the "beat em up till you tell them" attack

the authentication method is some sort of game like guitar hero, where the performance is used as the key

so the user cannot actully recall the password

Your number can only be attached to one account.

thats wicked, imagine riffing yourself into your computer

https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final25.pdf

That's genius

i think its more focused on attacking the confidentianlity of the cia triad, without focusing on authentication and keeping the integrity same

Cryptographic systems often rely on the secrecy of cryptographic keys given to users. Many schemes, however,
cannot resist coercion attacks where the user is forcibly
asked by an attacker to reveal the key. These attacks,
known as rubber hose cryptanalysis, are often the easiest
way to defeat cryptography. We present a defense against
coercion attacks using the concept of implicit learning
from cognitive psychology. Implicit learning refers to
learning of patterns without any conscious knowledge of
the learned pattern. We use a carefully crafted computer
game to plant a secret password in the participant’s brain
without the participant having any conscious knowledge
of the trained password. 

Until they find a zero day exploit in your custom system with a type of guitar hero macro or cheat

I know, I detached from this account while trying to login to the other account :)

is this real or a joke?

^

dang

So as opposed to entering in a password it relies on, like
muscle memory?

looks interesting
i'll read it in my own time
thanks for sharing it

That's crazy

You know ordinarily I don't come on discord to see posts about random politique

The hell is this

Pretty much

This is in no way political

It’s general chat anything is possible

Lemme show you this

https://tenor.com/view/kitty-cat-cat-float-kitty-float-cat-water-float-gif-17908418945946410709

Just the dude being straight up a fascist

Don't ordinarily come on Discord to see that, either

true!

What do you come to see

This

https://tenor.com/view/discord-nitro-cat-gif-21325859

Please not politics in this server

@eternal timber

Honestly don’t know why that would count as politics. It didn’t reference any party nor policies. It’s just Elon being a dork 🤔

hey is it just me or thm attached machines are very slow?

is there any way i can make it work fast?

If you mean AttackBox , it's slow for me now also

Machines work fine

hello

It might just be aws being slow icl

With minor references to a certain political party.

Yes but what’s controversial about hating that party

Not arguing about not following your instructions

Just curious

Hi everyone, last day of work before 1 week off and travels 😎 how's everyone doing?

Does anyone besides me use a kali live boot? it seems everyone else loves vms.

I have both

As long as you're not daily driving with it

it makes more sense to use the VM

We don't promote politics or that certain party

live boot is not bad if you use perssistenc thing

it seem that it runs way better for me with a live boot. But my machine is kinda slow

It's actually illegal to promote that party in some countries.

and yea, dont daily drive Kali, its not meant for it.

Have you adjusted how much resources you give the vm?

bruh

said ligma and deleted it

Good , enjoy your holiday 😄 😎

Yeah. Sill slow

What hypervisor are you using?

I can still see deleted messages 😈

Thank you! How's your weekend looking

Gave +1 Rep to @cloud quiver (current: #2 - 2439)

Are you using a third party client?

not sure. I that the name of the vm? if so its the free orcle one

depends on what you will do if i say yes or no

Thanks for asking , probably will do some THM 😄 . Waiting for new room this evening 🔥

Gave +1 Rep to @topaz topaz (current: #297 - 21)

Try vmware workstation pro

You just answered my question.

No.

Yes.

No.

He didn't answer ur question

I hope it won't be too hard, I wanna play it too 😄

I deny everything

He avoided it with a question, says it all really.

We'll see 😄

I'll be taking my laptop in my travels to do some thm away from home

I use my 5th amendment right.

Third party clients are against Discords ToS

Doesn't apply to here.

are they?

Yes.

I know, Im also not american.

hmm

wait seriously?

jokes apart, they are?

Yes.

Obviously

ok all jokes apart, i genuinely didnt know

What if u use something like vencord or the other clients that make discord more usable on wayland

Still breaking tos

Hmm

I used to use bluecord, probably also against ToS but I don't think they act against it

dont do anything to me 🥺
i'll switch back to normal discord

creator of bluecord is shady AF

Yeah I just installed the original app but it's unfortunate, I do really dislike Discord's app and the way they're handling everything as a whole

aight wait im switching back to browser discord

But I just put up with it, wouldn't cry if they banned me tho lol

agreed

• I miss my amoled theme

U can install the flatpak, I think they fixed the screen recorder issues now

Using flatpak myself. Yall on linux?

Yes

why are third party client against ToS though?
they are SOO conveinent.

they want to control the experience users have

that sucks

they have put the better user experience behind a paywall

Also it's probably a way for them to not be liable in case of a cybersecurity issue with a third party client

like you gotta buy nitro for a better user experience

You're on a hacking server and asking why giving a third party client access to your API and message history might be against ToS?

Like how Nintendo is like "switch users shouldn't use the wii u servers to bypass our online paywall" then do nothing about it cause it's just for legal reasons

no no i got that

I think ur more prone to MITM attacks and stuff, when u use discord, ur trusting discord devs, when ur use a third party client, ur trusting discord devs and also the creator of the third party client

yea thats there

Yeah

So we don't promote the use of third party clients, or anything that breaks any ToS of any product.

At this point it's all unnecessary anyway

like FUG just mentioned bluecord which is for mobile
the creator of bluecord does this kind of thing
he hacks the accounts of the people who use bluecord

Discord, like any company, cannot legitimize or sanction the use of uncontrolled services that potentially gain access to personal and security-concerning data, because Discord, like any company, cannot guarantee or even remotely promise data security as a result of that.

The benefit hasn't outweighed the cons for a long time

If u use linux, just use the flatpak, it's pretty good now, the native packages are still shit

discord should give a better user experience though 😔
rather than putting it all behind a paywall

+1

Companies are entitled to make money.

By the way there are screenshots on the internet where bluecord dev admits to having done really shady stuff,

If you type drive.google.com it shows in full view (not sure if the way I linked is allowed just wanted it to be legit)

/drive/u/0/mobile/folders/1Y2m2lMSpN3GlOcXyceaO88Ljnr8xuNcp?pli=1

yea ive seen this google drive

theres voice recordings and chat messages

Death threats by msg then say nobody will tie your death to me 😭😭

What?

The perfect crime has just been committed!!

• its bloated asf and really unoptimized

Is the uk experiencing winds from Ireland

true

Come out ye black and tans

very blow at the minute

Ima be honest I have no idea what that means

Are u irish mate

Nope

American

O

Just seen the winds on a news channel and Ireland is close to the uk so I thought I’d ask

from Ireland? 😭

Alright yk what I mean 😂

man these scam emails are turning into long-term romance fraud scams, this is new for me lmao