#general

probably sounds silly but i put it on a laptop

i got a cheap notebook just for that

Nothing wrong with that if you’re using it as intended indeed

Congrats on finishing the networking, that was fast 🤔

I can’t tell you how often I used to get questions back in a Linux discord about “how 2 install steam on Kali”… wait no no, please don’t do that

I'm pretty sure it will take me more than 60 seconds to understand Arch

or I saw some absolute horror stories

steam probably wouldn't fit anyway lol

imma do this now

like what

“my friend helped me install kali on Arch, but it’s broke now please help.” Um what does that even mean “oh he installed apt and used a script to install all the kali tools”

it didnt feel fast, i didn't understand a single thing so went and read a bunch of other stuff, still struggling to keep info in my head. So now I'm just making sure I go over the notes constantly

Nvm he explained it pretty well

that's what i was wondering when i read the first sentence lol

After completing cryptography, do a revision of everything you have done so far

Yeah that was an absolutely borked Arch install after that lol, unsurprisingly

definitely needed, idk why but 40% of the networking stuff its just white noise to me.

sad it’s insanely interesting but fair enough

Guyz whats the most evil thing you have done

The stuff I do on THM, I repeat it on HTB after a week or so, it helps me remember

I've yet to even look at HTB yet, think its worth jumping into early?

how is htb compared to thm

Erm maybe not the best conversation to have in this channel lol. Unless you’re specifying completely legal means on your own systems

Not worth paying this early but worth it if you just explore the free content

Ya

you might love a channel more focused on the philosophical study of moral phenomena

THM people, good morning

HTB is very CTF focused but they do have a supplemental University feature which is learning focused like THM. Realistically, it’s best to just stick to THM until you’re ready for the easy CTF challenges at HTB

plus, erm, the community is not anywhere near as welcoming if I’ll be frank

He is talking about Academy, since labs and academy are separated there

makes sense

Even then

That's what I was thinking, I'm no where close to being able to do any CTFs properly without someone holding my hand

and my bad if it’s Academy instead of Univiserity lol

And requires separate payment 🙃

any opinions on blackarch? Feel like playing around with it since I haven't yet

But yeah even with these concerns, just do the HTB Academy stuff that’s not covered on THM. You’re already kind of set with THM for the learning portion

meh

If you like arch and want a pentesting system, just roll your own? It’s trivial if like me you just want a headless server

I haven't touched Arch lol

If you need a pentesting toolkit out of the box, probably best to look elsewhere

hmmm my favorite thm things to learn are networks and web exploitation 🙃

Normally just use Kali for everything Pentest related. Not a big fan of Parrot.

youre making me want to install arch again but i want to focus on this one thing for a while

isn’t Parrot… fair enough

i have young kids too so it don't have a ton of time for a lot of different things

XSS?

rn im focusing on sqli

me and sqli started off enemies but now we are enemies with benefits

We’re still enemies

XSS seems interesting but im just a newbie at it

there is a fun THM room on that 🙂

which one

Cool thing is sqli is not dead

for me network exploitation >>> web exploits but I’m kind of old school and stuck in my ways. I’m decent with web exploitation but I do need to get better

i'm during sql injection lab rn, they definitely lied about it being a 45 min room 🤣

I like network architecture

It absolutely should be, we know how to fix it and half the time it's easier to do it safely... But devs still make the mistakes

They often do

It depends on the person

the times can really vary for each of us afaik

Kinda sleepy

is there anywhere that has labs with a lot of hosts that resembles a whole office or some kind of organization

James, you happen to know what time the announcement will be made for the certification?

The TryHackMe Networks

interesting

maybe i can try that soon

that and or spinning up your own labs (often prebuilt) on a VM host

where do you get prebuilt labs

GOAD if you want an AD network

I can’t remember the prebuilt labs off the top of my head but they more than exist

i will remember that

but yeah eaiser to just quality for an do the THM ones

hmm okay

I'm not THM staff

lol everyone’s way too excited for a certificate which will realistically mean nothing

Hey that’s mean

I know about I was hoping you would have some secret knowledge

If it was secret...

I am always happy to see new THM content, moving forward with new things regardless

lol there’s a reason I don’t answer “do you have any certs” by listing all my THM certs as nice of a concept as they are

nah bro presecurity cert is going to get me a red teamer job just watch

I thought they were aiming to give the new certification some use

Mashallah

the only red team im ever joining is the ready to get unemployed team

I mean you’ll have to take that up with HR managers world wide if they’ll recognize it as such lol

I read somewhere that they were talking to some people

Idk tho

Preach

As an Arch user, I'd rather use Kali or parrot

I believe red teaming teaches a lot towards understanding risk

Eh I wouldn't say that

no? how would you say it?

Agreed, otherwise just like roll your own as I mentioned

I'd say reaching the stage in your career where you're doing actual red teaming means you need to be able to talk risk

The red teaming itself isn't really risk related

same kind of vibe with arch in general, I like to know why I need a specific tool instead of just “oh I guess this already came with this” when doing this in a learning capacity

interesting way to say that

and going out to install that tool is a bit more effective than just “oh it’s already hre”

hi guys, i wanted to ask for a advice

is raspberry pi 5 worth it?

Although, I would say throw blackarch on a VM or USB and test it out, I encourage ppl to try diff distros and such, get a lay of the land, make your own mind up

Red teaming is generally a senior or beyond role.
Pentesters should learn risk and the business context of how they fit in, especially as they progress through their career.
It helps them deliver better advice and build a holistic view of security

As a fun project for two weeks before collecting dust? Sure. As a server for small services you want? Sure. As a desktop environment, just barely. Really depends on what you want to do with it

oh, okay thanks for advice

Gave +1 Rep to @sinful moon (current: #32 - 287)

What services would you host on it

I use mine for DNS

No problem. I can’t help myself from buying them but I mostly fall into the first catagory of “fun project” that collects dust.

sup guys

I have a big iron server for selfhosting and homelab

i want to run scripts and probably try to make a server and all and play with it

thats one of my next project, self-hosted DNS tiny server

Then sure, why not, they’re cheap and you’ll get what you paid for even if you don’t use it long term

I'm only using it as such for now as I have 2 servers and all my networking devices sitting next to the rack. Nothing is currently setup q-q

meanwhile I have this beast

https://media.discordapp.net/attachments/680459914828972076/1290479311358398514/dell-pet-430v4.png?ex=67be6883&is=67bd1703&hm=a8c9a6d215312e44b7ef446edd2e8550560be672b77c0a3d142ccadc95633439&

jealousy rating 10/10

lol if it helps it’s about a decade old now

My one server is quite bright

still can’t complain with dual Xeon CPUs, 256GB of ECC DDR4 RAM, 64TB storage, etc

not my photo but this is what my bright server looks like

every one of my ~3dz computers is about a decade or older except 2 lol

lol those rebranded PowerEdges are wild

true but I love it

mhmm. I’ve got PowerEdge T430 above

do you got dat iDRAC in it?

yeee

awesome! yeah that’s a large reason why I went this way

I don't know why but that makes me want to eat Cheerios cereal now 😄

For everyone else, it’s a lights out management computer that stays on even when the server is off, provides remote administration and console access and more

like ipmi lol

yes literally

iDRAC is just the Dell proprietary solution

And they’re cute little guys

tiny

awww

It has a good personality

one thing I enjoy is the SD card you insert can be the virtual disc image you use to install the OS and more

that's a nice feature

upload the ISO via the iDRAC web UI and you’re set, launch the console and install without even touching the server

need a recovery image? Well that ISO is always there lol

3.93.13.100 im very new to CTF and Im trying to figure out these basic problems can anyone help

there is a room-help channel

it's not a room

If it’s not on THM then you’ll have to state what this is for, for us to determine if we are even able to help you

it’s best to use the resources for that specific service or academic learning

oh that's an ip

yeah which is generally inadvisable but whatever

best way to initially get help here is to register your discord

with THM etc.

That is an AWS server in Ashburn Virgina if anyone is curious lol

so yep, not THM or HTB

I was curious and got the same result lol

Anyways sounds like this is potentially academic which we can’t help with or some third party CTF which we can only struggle to help with. Best to ask in the communities and review the resources designed for this challenge

If you don’t know even to even start a CTF, then let me recommend a service called TryHackMe where you can learn that info c:

that is a great reminder for me as I drink diuretic coffee ☕

Um coffee already is one?

yes exactly

fair enough

I try to drink water to stay hydrated

Ahh caffeine, must be calling my name gonna go get a poor mans Jolt

Energy drink and iced water for me

I’m a tea and water drinker

what kind of tea do you enjoy?

hot or cold tea

beer and water drinker myself

Any tea but my favorite type of tea is chamomile

Lavender tea is good too

I love Arizona tea

Oooh ooh and I love green tea

Ice cold peach flavor

diabetes in a can

Idc

diabeetus

https://youtu.be/Lg6tWLPl5Z0

goold 'ol Wilfred

the most suspicious payment invoice ever sent by tryhackme themselves

Wilford apparently

I spy a Gmail account, get gud

I half kid

narrows it down to platform

AWS branded server? 😮

Currently Proton Mail is my provider and I use Thunderbird as my client. Which yes, a dedicated desktop mail client is still useful

What? It was just the ASN for the IP

i use tuta

That sounds like a hassle

Oh, just in uni doing cloud and stuff

oh i thought you were saying you saw/found a listing lmao my bad

ASN 14618 AMAZON-AES, US

privacy oriented email providers 🙂

How are you KGB?

Who is cloud

You're taking it too far my friend, deal in 30.

dafuq you mean who

Depends on how much you enjoy Google controlling and monitoring your email and your life

and reselling that data to ad partners

that's why i stopped using them

they are too creepy

22m yay

Idc much

You really wanna know?

https://tenor.com/view/cloud-gif-19479771

cloud is just another companies computer

Why are you doing him

well that too

Nice, I remember struggling with cloud vs general IT stuff, I gotta eventually focus up on it one of these months.

i have an android so they probably know everything about me anyway

who said "him"?

i don't knwo if turning location off does any good

That’s cloud

sadly, most likely

You can de-google yourself pretty effectively on Android depending on how far you want to go

Oh it's just uni stuff, I'm prepping for Sec+

They gotta do cloud before trygoonme server can

Heya Eliz

Heya

GrapheneOS?

It's not "Him".

proton

yuck

Sure or Lineage

Goonthebox

How are you?

I regret reading this

What’s your choice? And is your decision regarding their recent GOP support because lol every tech company is doing so to avoid the wrath of this current administration

Good luck with it. I got another interview lined up, so hopefully that does well.

GoonerOne

gov managed

it’s not

it id

is

I'm not gonna say anymore,
command failed: server down this script will be reported to the valid authorities

• i do email routing

They’re literally hosted in a country where they routinely refuse government requests

All the best! Ace it well

https://tenor.com/view/ace-ace-one-piece-one-piece-ace-one-piece-one-piece-wano-gif-24525860

We know how that ended

I would not be too worried about a host in Switzerland compared to the US these days lol

and they are far from a Swiss goverment run org

Shh, they're gonna be saved by Sabo! And before you say, it's my headcanon.

some companies have a lot of GDPR fines 😮

Who’s gonna be saved?

🍪

Related how? You can get your GDPR data dump from Proton fine

Why am I feeling so tired at 2 am

I’ve grown weak

are you a tech startup in northern europe, bc you got fine written all over you

Bro, just let them have their interview, or I'll stuff you with cookies.

https://en.wikipedia.org/wiki/GDPR_fines_and_notices

Just stop.

🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪 🍪

Leveled up in thm but my new tier name is looking a bit weird, is this normal

MrGooner

How many cookies?

Good morning

🐔 👍

weird.

I’m familiar with the GDPR, but what are you trying to say about Proton?

Don’t threaten me with a good time

cookie overdose

Ctrl+F brings up nothing for “Proton”

64

Cross site gooning

lo

that they are privacy oriented, and not on that list

https://tenor.com/view/tyler-hynes-hynies-always-amore-i-absolutely-will-oh-i-will-gif-25294894

Cheat Day!!!

Yes so good stuff, they follow the law, which is consumer data disclosure, not government

This is what i tell myself every day before eating 700g of sugar

Sandwich!

I ate a potato sandwich today!

You rawdog it?

So to bring this all around, what part of Proton is managed by any government?

Bro I’m an emerald edger in thm not a ruby rawdogger

White chocolate macadamia nut is my favorite cookie. How about yahs

Now you're promoted to Ruby Rawdogger, rawdog it to the core now.

that's a good cookie

I just imagine what I want

mornin

Hey T1MOO

anyway I’m going to sneak in one more thm room before I go to bed

Damn

I gotta do "blitzfire"

proton has many times said they comply whenever confronted with a legitimate warrant

Cookie stonks on the rise

I am watching the Zero day serie on netflix , cool show

NO CHEAT

Imagine sleeping

Very unrealistic

Is zero day like a hacking show or smth

https://proton.me/legal/law-enforcement

How many firewalls did they launch cyber nukes at

Past Trauma? Yum yum yum?

did u guys see the 1.3b heist this month

Lazarus group did it apparently

It’s clear you have not actually done research on them actually bending to these requests nor about law enforcement in Switzerland

this? https://www.reuters.com/technology/cybersecurity/cryptos-biggest-hacks-heists-after-15-billion-theft-bybit-2025-02-24/

But also like, even if they just blindly answered every government request, who would you rather have as a country to administrate this?

It does not protect people from breaking the law and they are obliged to obey court orders from Swiss authorities. Every provider, whether protonmail, tuta, mailbox, etc., must comply with the law. They won't risk closing down the entire company for one random guy on the internet who broke the law.

While this is true, see the above, and realistically what are you expecting?

Proton provides privacy but not anonymity

Then I guess just never use email? lol

What is your provider if you’re 100% against this?

i route my emails

aka you’re self hosting and using an SMTP relay or something? Seems less secure

like just explain further what you mean lol

i said i route it

its encrypted

and only i have the secret key to decrypt it

What encryption do you use

From what I remember this is encrypted at rest as well

DES

aes256

can you tell me your secret key i pinky promise i wont do anything sus with it 😍

Nice

even to use a third party client you need to use a bridge application to decrypt it

#social engineering

proton?

for the in transit encryption

yes

Go to sleep, car

@cloud quiver got any more recommendations once im done with vulnversity?

recovery email, phone number, ip address, recipient and sender

I would of said "Wow that's really cool mister ;3 can we dm and stuff? I'd love to know how this really works.."

its always the DM mfs

It's always "what's the name of your first pet" and never "how are you doing" 😞😞

Sure but that’s far better than Google using my emails for ad revenue. I am not doing anything illegal. If I were my opsec would be better than this

so idk what you’re on about

Yooo it’s Oong

if anyone else also have any recommendation feel free to share
just know that i have only done cybersecurity101 like 70% and don't know much about anything else
so please keep the recommendations in par with my current skill level

What is the seventh letter of your third-grade friend's middle name

Close enough, give him CISSP

I'm curious at what point does it become encrypted because isn't it sent unencrypted by the companies you use, like THM for example. So there would be a trail. THM to mailbox1, mailbox1 encrypts then sends to mailbox2. Also to send to your mailbox wouldn't you have a public facing domain name for your web server. So the domain name is linked to you. I believe this still doesn't give you anonymity.

It get harder to trust email providers

But like even then Proton regularly fights the swiss goverment telling them we can’t hand over this info

that has a great story regarding differential cryptanalysis 🤓

des what

DES-awfully insecure you could say

awful joke, I tried

des nuts

What are you looking for 🙂 ?

Fascinating topic

i enjoyed all the previous rooms you recommended
so whichever challange room you wanna recommend, as long as its in par with my noob skill level

Does it have to be free ?

Anyways I still remain unconvinced, the initial premise was Gmail vs Proton which is already an order of magnitude better before going full on paranoid as bitey is

nah
i got subscription

Oh no the Swiss government could ask them to give up account details, but lol Proton usually fights these requests

@cloud quiver

also lol there’s a reason “Swiss bank account” goes hand in hand with I registered by business in the Camen Islands

proton offers a free vpn with no bandwidth limit

that kind of seems weird to me
because that's no business model

I’m sure its to sell you on their full suite

opening one in a few years

Proton VPN while being a decently large player doesn’t have the brand recognition of all the YT sponsor spammed ones

This one's good 🙂
https://tryhackme.com/room/silverplatter

If they can even sell you on just Proton Mail then they have made their money back

They literally advertise NordVpn as a magic wall that defends you against hackers

9/10th of all VPN ads are NordVPN ads

Yeah lol, and most show off legally grey ares of using VPNs to bypass GeoIP restrictions

It’s all NordVPN or Surfshark from what I’ve seen

I've seen Surfshark a few times here and there as well

quite a bit in my channels in the past two years but yeah

Like they say, marketing is 80% of a business

best option: roll your own vpn

Mhmm

VPS are cheap

But also this is a good way to scare customers like me who actually know something, away

monitor your own traffic

In my case it is surfshark

🤣

yeah my VPS tunnel is basically a VPN at this point. But I should get around to properly making that Wireguard eventually

Idk enough to do that

Everytime I see anything about NordVPN it's usually something with hacked accounts.

and hey neat thing, my new Unifi Gateway actually can be a Wireguard server/client natively

Idk what that means

thanks

Gave +1 Rep to @cloud quiver (current: #1 - 3493)

Wireguard is a newer VPN protocol which is significantly more lightweight and performant compared to OpenVPN

New Nothing phone design is very....unique

Since i hosted my own openvpn server , i don't trust any vpn provider

Just buy a fairphone, transparent version isn't faked etc

something something it’s just a mutated OnePlus device lol

but fair Nothing’s design is top notch

Oh I see. Thanks for the info

Gave +1 Rep to @sinful moon (current: #32 - 288)

Is this an actual phone brand?

Yes

#announcements message

has this been released yet?

Bit too expensive for me personally

I do like the idea though

And a nothing phone isn't?

Yeah Nothing phone is significantly more affordable

Cost of slave labour in the supply chain...

It's more cheaper to buy

british phone brand

even i had to google

hi gooper

Going to have to work extremely hard to find something that wasn’t manufactured in China or the far east unfortunately

So fair if you want an open source phone and pay the premium for the privilege, yes you may just have that

Ahhh was about to say I only know Galaxies, iPhones and Moto lol. Also obsidian phones.

It's still manufactured in China, but without Foxxcon grade living conditions

Obsidian phones?

Sup bud, how's your journey going?

not too shabby. youself?

Yee it's some stripped phone that's stupidly expensive. Lemme find their brand name

obsidian phones?

lol as expected, all results are the app

It's probably released in a couple of hours, it's early morning in the UK

Pixel obsidian?

I don’t know if I could say that is without issue without a full review of the supply chain however, if I’m being honest

They publish that information

Because they're confident

Good because yeah China is infamous about exploiting that western minority group and it’s awful

Fair enough

Besides, don't let perfect be the enemy of good. "Better than the others" is still major progress in a race to the bottom system

I want some one have experience in video animation

I wish to be able to move the batterie of my phone again ^^

yeah not even 9am yet, wondering if it'll be a soc cert or a pen cert

It's a blue team cert

You’re not wrong, but “voting with your wallet” realistically has a very minute impact despite what some would like to think about net benefits

I'm excited but it's def gonna be like soc 3 lol

this is their first cert right?

Yes

which do you guys prefer htb or thm

Might be something like left field like Certified AWS Analyst

I don't care, learning is learning

Haven't tried HTB lol

They should be reviewed on their own merits

that too (what kyooty said)

I might have learnt too much and fried my brain

I used to just go with thm only, but since I've been trying HTB I really enjoy it, I will say it less CTFy

I remember it now, it was called the "Obelisk One" made or atleast sold by Obsidian intelligence group

intelligence group?

I'm alright just kicking rocks at work

thats a scary name for a smartphone company innit

HTB is all CTFs unless you mean the separate HTB Academy program

i would disagree with this statement

Just look it up lol it's an expensive ass phone

sending excitement and non boring vibes

when I mean CTFy I'm meaning that I believe THM has more rabbit hole style challenges and HTB has a more realistic approach

obviously they are both CTFs

Tyler Ramsey says the same

DoD partner making an expensive secure phone

interesting to say the least

yeah because it's true lol

That's a good comparison, whichever style you prefer and can learn better would perhaps be the best choice

THM primarily has educational guided experiences but also features CTFs which are off the beaten path, where as HTB is all CTFs where the learning material is off the beaten path I’d say

Yeah best to do both when you are ready

it’s not a one or the other

Yeah idk how reliable it is, but I remember hearing about it.

I personally hate cryptography challenges, but ik some people love them so that's where THM shines in that area

what do mean by rabbit hole style

Yeah I heard THM is better overall for total beginner zero-to-hero learning

I just find most people have experience starting with THM and then getting into HTB when they’re ready

that’s the approach I took and no regrets there. I’m a sub to both

type of stuff where you gotta decode an image to get a hash that you then have to brute force against rockyou.txt to then convert into base 64 for a flag

At the end of the day THM is meant for beginners and newbies. HTB is medium to Intermediate level.

obviously thats a joke but that kind of style

Yup, I'm doing their academy as of now and got with my group through HTB. But started off with THM

unfortuanatly i found hackthebox first and tought that i wouldsuck forever. then i found tryhackme. which breaks things down into byte sized peices.

I think I had to do this exact same thing on some platform

They're teaching you to think like a hacker, it is very challenging at times

yeah but it's completely unrealistic

and at times it feels guessy

self research is a key component of just about any infosec job

You'll get that often with many CTFs

I mean that applies to HTB CTFs on a easy to medium level in general. They basically spell out how to exploit this just with common knowledge

do whatever as long as you enjoy doing it and getting something out of it

THM is much better for beginners though

has a better price plan

Over time your intuition will get better and it will be easier to know whether you're on the right track or not

Guys. Hello. I have a little questiong about the XSS and payloads in Burp Suite. In which tab I can make a discussion?

easy CTFs are like nmap > expoitDB > profit???

> gtfobins

a few are like that won't argue with that

If it’s TryHackMe related we have #room-help just for that!

If you have an active student email, use it on HTB. Insane value

thx a lot

Gave +1 Rep to @sinful moon (current: #32 - 289)

I'm waiting for the cert today

They better not lie

lol idk why everyone is so excited

the pen tester path way is amazing

Gonna go focus on a room or 2, have a hacktastic day all!

THM Certified "Fell For It" Analyst

And why shouldn't we be?

Try telling the HR manager of another company how important and industry recognized this new cert is

Don't you worry

while you’re being hired based on certs they have no idea about

be excited for 5 years when the cert is recognized

fr

I mean sure it's not going to recognized for now. But it's still a huge stepping stone for THM, I'm interested to see what they do with it and how future certs will be

I’ll believe it when I see it which doesn’t help with THM polluting the water with “nothing” certs that nobody recognizes as it is

I mean I realistically just like the ecosystem and the company and I'm hoping this is relatively well priced compared to sec+

Or others

Just to learn off

lol I must have missed this communication from them but realistically we shall see

Im curious on how well the material will be and how they present it.

I wonder if this will be a soc cert to pair with their new soc sim

Yeah my latest THM email doesn’t say anything about a cert

I believe it is a soc cert, just search through the owners message logs.

MartaS was talking about it a few weeks ago and they made a post on a social media platform but I dont remember which

This looks fun

https://wargames.ret2.systems/deusx64

does this mean there will be more scenarios? for the soc sim

Where's the cert guys? 👀

its a blue team cert

i see

will be related or use the new soc simulator most likely

^

Btw, has anyone working as an analyst tried the sim? How does it compare to your real workflow?

which iirc comes at a premium already

When will be the cert released btw?

psh, what do I need with an SOC simulator when I’m the SOC manager :p

was not 25 the date?

I only half kid, I just manage our… managed SOC

95% of the time I have to reverse their decisions lol

Well if it's releasing today it'll be at a set time

hmm makes sense..........let's wait and watch...........

That sounds painful

I’m sorry Sid Meier’s Civilization III is not a True Positive

lol one head of a company likes his strategy games

Morning 🙂

morning

Got another one for Anno 1800 the other day for the same user

they like their strat games 🙂

come on SOC, it’s launched from common Steam directories, signed by Ubisoft and more

mhmm

https://www.bleepingcomputer.com/news/security/piratefi-game-on-steam-caught-installing-password-stealing-malware/

lol as a gamer myself, I understand his plight and I resolve the issues

yes we have heard

I would not unquarantine and allow a random ass game like that lol

Time to make a game where I give the users my password and they go on a scavenger hunt to find which accounts they belong to.

to be fair this game isn't sign by a triple AAA video game publisher so it is more likely to be accepted as a false positive imo

erm “more likely” but yes

however the issue this topic raises is what if they are using mods as mods have been used for malicious purposes time and time again

Yeah I just specifically know the person I’m dealing with detection wise and he only plays AAA strat games that don’t have risky mods

sorry i decided to switch my sentence wording up at the end and didnt correct it

Yup especially when that mod is thrown into a mod pack and it gets spread further

lol no worries

But yeah when you have your name in the firm’s company name, yes you deserve to play games on your work computer if you wish lol. I wouldn’t recommend that otherwise. But yeah I quickly allow list them because it kinda sucks if you paid for a game and randomly can’t play it

Just a client of ours who works in the financial sector

Well that's nice of you

but yeah also an odd MSP vs client relationship lol. We can’t tell the CEO of a company “don’t play games on your work computer”, which besides he’s doing it right just with legal purchases on Steam

I wonder how much single vs multiplayer gaming they do

with the strat games

I think by and large it’s single player from what I’ve seen

Certs up

SAL1

I’ll check it out later today, I’m in no rush unlike everyone else here lol

but fair I am gainfully employed in infosec atm

Entry level SOC cert looks like

damn

the blog has been up for a minute I just hadn't taken the time to click on it and see that was what it was lmao

did u guys know among us 3d is now out

why is cryptography such a pain in the ass

Back in my day we had 3D among us, it was called Trouble in Terrorist Town and we loved it lol

Yea ttt was amazing

murder mystery too

skill issue, get good fam. But I kid, yes there’s a lot to learn but once you have that learning down it’s no problem

Link for cert https://tryhackme.com/certification/security-analyst-level-1?ref=blog.tryhackme.com for those interested

Shout-out that one Minecraft map with the lighthouse that every TTT server was hard stuck on

Yee im in that phase now

base64 should be trivial to just recognize by sight tbh, and more

It is a skill issue. For now...

fair enough

CyberChef and friends are, um, your friends lol

Who's cyberchef

my dad

You’re not even kidding are you

Nah I'm not I'm really new to all this

https://gchq.github.io/CyberChef/

DAD

This is the GCHQ’s… nah they beat me to it

£255

?

But yeah with CyberChef you can encrypt/decrypt so so so much

it's pretty standard price

compared HTBs certs

just know that CyberChef is open source so you don’t have to use the GCHQ’s instance if you don’t trust that understandably

i love cyberchef. cyberchef is love cyber chef is life

That part I can get done but I'm trying to understand different algorithms at a fundamental level

This part is a pain in the ass

Then yep, that’s more just raw studying

Note taking helps, but don’t go overboard

imho notes are best kept to just what you need to spark your memory

instead of writing articles

Honestly just the act of taking notes helps me remember things much better

mhmm for sure

the one thing i wish cyberchef had was translation between languages

physical notes is the shit

Obsidian is what I use myself and what many others here uses for note taking

Damn and here I am with pen and paper

but software choice much like note taking methodology high varies

I'll look into that

bro. your cooking rn holy

@sinful moon by any chance you use LUKS for main os or so ?

I have used it in the past but I am not extremely experienced it with it, why?

I only want it as I'm constantly swapping back and forth between google translate and cyberchef while working

Why?

i work with content with a ton of foreign language that i cannot read

Ahh ok

Sounds fun

oh. well. yesterday in morning luks was ok. later that day it wont accept password. even ubuntu live wont decrypt with guy and with cryptsetup open won't

I mean there’s also PhishTool which is a great help for email specifically, won’t help with translation tho

i was curious but didnt ask lol so im glad they did

hashDump show keyslot there

that is used as well

and ofc i can't add or so key =/

uh that’s fricked. I’ve never experienced that

just assume that the foreign emails are bad

reduces work

yea... fracking hell heh

sorry Alexander, I unfortunately don’t think I can support you there

it always just werked for me, and I have too small of a sample size (1) to say otherwise

yea. well ill just cry in silent then eheheh

lol yeah just continue with your searching, I’m sure you will come across something

Just never heard of this straight up refusing to accept your key

i found some. but they are able to decrypt in with live usb. for me not so much

Yeah and that part is very odd to me

so what i understand is that you have an encrypted drive with currently no way to decrypt it?

💀

correct, with LUKS encryption

ludksdump show key be there. ubunu live wont decrypt. even with gui with show password field. and is 100% correct one i use

hello everyone, i have a question for the more experienced of you:

recently, i have been contacted by a top tier bug bounty hunter on hackerone on youtube because he saw a stream of mine playing that wargame stuff online. he told me to quit it and directly join hackerone and if needed, fill my lack of knowledge by using chatGPT. he said that multiple times on my stream to the point of even annoying me slightly.

after waking up today i decided to join however i'm still a little overwhelmed by the stuff hosted on the page there. what's your take on this and what would be your recommendations using tryhackme or hackthebox to get to a point where i can reliably make some decent amount of bucks on the site?

oh dear. ChatGPT does not a bug bounty hunter make. You do need practical experience and knowledge, even if just to check behind what ChatGPT is saying, not the least of which is ChatGPT will refuse to answer many of your offensive infosec questions.

Realistically fill your lack of knowledge with idk actual human curated knowledge with TryHackMe for which yeah we do have a website for as you know. TryHackMe starts at the very very basics so that anyone can get up to speed

I'm interested in learning what this wargame thing is.

overthewire[.]org

ahh i know of this already

thanks!

Gave +1 Rep to @sinful moon (current: #32 - 290)

To continue on that since you asked about HTB, that’s a great service too, but imho it’s best to use in combination with THM once you get the basics down enough to do easy CTF challenges.

found it

will do!

Yea I tried HTB and found it a bit too much. Now that I've been doing THM for a little while, when going back to those same HTB modules I find that I understand them way more on a fundamental level

HTB just expects you to get it 💀

Fun Fact: An ostrich eye is bigger than it's brain!

me asf

Explains the name of one of my friends

To be honest, it's useful for validation purposes

Yes but not if you don’t know how to check behind the output for your own sanity checks

Like it'd be stupid to ask it "here's https://target.com, go find something in it", but it's helpful when you ask it things like "I found x, how can this be escalated further, can it be remediated by fixing x function", etc

You need to know at least enough to know when it’s feeding you bs

Yeah this is true lol

guys i need a motivational quote so i can get done with active directory.

“Learn Active Directory so you can better apply Group Policy to your org” - Plato 422 BC

i rly do not get how luks can change its behavior for no reason =/

damn bc? plato wilden

Privilege escalation, rights to exploit,
Kerberos, Bloodhound - own the AD joint!

(cheerleader cheer )

Also yeah if you do have an AD enviroment, just run PingCastle on it and whew you’ll find things wrong with even default configs

that will help with learning concepts a good bit

how do i make my sideloads last longer

On iOS? You don’t, you need to check in once every 7 days

can someone help with the tasks in the tryhackme site

it's our activity

#room-help

now if you can give me some general motivation

https://tenor.com/view/daddy-noel-sus-caught-in4k-meme-gif-25951399

How is that motivating?

Their pictures are being clicked because they're popular

How is that motivating? Because we’re aiming to be popular? lol

May be in the wrong field for that lol

Let me think

lol

lmao

I’m mostly just being difficult since I hate gif replies

You can die at any moment

especially rando ones

I got that lol

To me gif replies mean boomer or gen-xer has entered the chat.. But I’m not one to talk when my Millenial gen spams them tons too

It's good to be aware... and self aware(?) lol

lol I never use them but yes fair enough

This too shall pass soon

ah no

I’m more apt to use text mode emoji than I am similar millennial tropes

"The secret of getting ahead is getting started." — Mark Twain

c:

Teach me your ways sensei

oh here’s the real deal

= ^ . ^ =

whew

(╯°□°)╯︵ ┻━┻

I need More

to be clear we didn’t use Japanese character sets back then lol

this is a classic and I appreciate seeing it

(* _ *)

let me do the dreaded one

:3

Tableflip is Japanese?

yes

it requires Japanese characters to function

you forgot to add raWr xD

lol

raWr

rofl

yeah I remember some of them

well eliz i thing i need do install again =/

good to know, damn

Sorry to hear that :/

Backups hopefully?

:?

What am I doing

I was preparing sec+

i have that. just not so latest. last one was in last monday. but not so much changed

Yeah honestly that’s not doing bad at all

so meh, you learn and grow and move on then

I just uh, have no idea why your LUKS randomly failed which is quite unusual

typically it’s as solid as Bitlocker

Coding in solitude is confusing

what do you mean, you have all of StackExchange helping lol

the only i can think of is that i tottaly forget pass, but i have it in my hands and written it down for sure

yeah really weird

We had a test today, a surprise one, barely made it today

As I'm not focusing on that currently, but knew enough to do it

mhmm sometimes you will have to code for yourself

lol

Lmao

it's not that I can't, I know the learning curve of coding haha

but yeah those examples on StackExhange and etc should at least be helping you grow and learn instead of the copy paste

Make Function
loop
function
loop
function
...```

lol there you go

I don't like copy pasting, I want to understand how it works, the "How" is what motivates me

mhmm

That's basically coding in a nutshell, until you're advanced level

But I guess it helps being jack of all trades in coding for cybersec

You never know though, sometimes you need the StackExchange keyboard lol

https://cdn.stackoverflow.co/images/jo7n4k8s/production/e53da7968091b70a882a23fb4a711aeaa72eeed2-1200x630.png?w=1200&h=630&auto=format&dpr=2

Did they change the name? I remember it being stackoverflow

indeed but realistically, depending on how you specialize, just enough python to get you by will often save the day

I’m confusing their 100+ sub sites is why

Majority of them are formatted as SubjectMatterExchange

I'm having too many sources lately, Python, Sec+, THM and gotta start HTB and Portswigger, but yeah I get what you mean, I'll be sure to tame python

Hi

Mhmm good stuff. Black Hat Python is also a great resource but needs some updating which anyone with decent Python knolwedge can do themselves

Damn, they're bigger than I thought

Welcome @neat python

Yeah there’s like UnixExchange and much more

@sinful moon yeah

What’s up?

Ah I see, didn't know, but imagine how advanced you must have to be to search out that many lol

I mean not imagine, only I have to imagine

eh they just come up naturally in search results when you get into those other subject matters

Morning

I've been told to learn from the "How to automate boring stuff with python" book, not sure how good it is, python community suggested that, this one suggested something else

@sinful moon actually I am hunting on a big target and this is my coffee time so I saw this group and connecting with techies

🤗

You have to be experienced enough to search those subject matters, yes?

Depends on how much Python you already know I guess, or just scripting languages in general, Python is kind of easy but advanced topics can get wild

uh no, just like search some random question and yeah there’s usually something that comes up. Linux and *nix stuff is a good example

I just know everything till functions in python, have to progress more but the learning curve is hard for me to adapt as I'm either on THM the whole day, portswigger or mathematics just to get my brain engines running

idk I just run into offshoots of StackEchange all the time

What question to do have about how functions work in Python? It’s just a predefined bit of code that you specify what the function returns values for

Nice congrats. Are you new to TryHackMe?

Gotcha, they may have come up when i was in crysis related to linux too lol, didn't pay much mind as I was always going to reddit, still sad by the fact that they killed Reddit

@sinful moon yes in this group I am new

Awesome, well welcome again. Do keep in mind we’re the community for the infosec learning site tryhackme.com but yep we welcome all

I do it when I'm doing python, I'm almost always encountering errors because I type it in from my memory and bash script runs through the brain most of the times lol

I appreciate it

yeah lol gotta keep those different scripting languages somewhat segmented in your mind lol

with facts like… shutters Lua arrays start at 1….

Let's pick up python again, there are byte sized videos out there I'll just do them, reach intermediate level and then be comfortable with it, I need to do it

lol I have never ever wanted to seek out a video to teach me a purely text based programming language

but to each their own

Some random added me

I didn't even learn bash, it just started forming up synapses in my brain from when I used to be active on github, google shutting down my old account sucked big time

Member since jan

lol happens to me all the time

Ofc

if you have the logic there then you can learn a new langauge in a few weeks, just the syntax really that needs learning

I'll learn from book, already doing maths from videos

So annoying, it’s always a new account

And someone I’ve not spoken to

the internet for you it's full of creeps.

lol new or old, people will randomly add me from any server I’m in because female sounding username lol

which yes I am a girl but that’s besides the point lol

LMao

Mines gender neutral though 🥲

There are no girls on the internet!

I guess they just really wanted some of that Sweet and Salty

😅

How does mine sound?

Fr

https://tenor.com/view/cookies-gif-5819392349926461652

my dude we have moved on from this 00s era meme, I hate to break it to you

I read that on “Rules of the internet”

We need an update on rules of the internet

Hi , can somoane tell me how i can get access to my social media accounts without password. Pls i need help

?

click forgotten password and go through the procedure

nop.

hidden achievement: Nom Nom Nom Unlocked!

Contact the actual company who is hosting these servers and go though the account recovery process as anyone would normally

Little do they know, they’ll only get the salt

Nah, ive tried all these

Are you going to cry?