#general

Also is it one of those ones where after some time you would have to redo it

this is true, looking at the 101 content there is a decent bit iv not covered yet, so ill go down this track. Also as i see its part of the new SAL1 cert might aswell 😛

Though I feel it would be a bit better to reword this to say "Other certifications" instead of mentioning the specific names

could be controversial

Man I know that's why I'm seriously thinking of doing it, is there any time limit to try it after I bought it ?

that's just my take on it though

It's damn cheap for a certification

@jagged yarrow there's something wrong here, BTL1 does give Job-ready SOC experience, as you do sit and get experience working in a SOC in their training and exam, I have taken the cert and it did give experience

I mean, CompTIA's certs cost around the same, so it puts SAL1 right up there with the amped up price vs quality worth certifications

I really liked the Soc simulator

They don't teach you in an actual SOC environment - we use the SOC Simulator to evaluate actual real-world skills. We sat with analysts at Accenture to replicate exactly what they do

Try out one of the scenarios if you want to see what its like!

A little bit more if im not wrong it should be around 400

Soc simulators are fun

I had issues with the SOC simulation. I don't know enough on that side to understand what I'm actually supposed to do. I know how to break shit, but don't know how to guard shit 😄

I really enjoyed the SOC simulator

Is there a way we can download from attackbox to our main system can anybody tell me

I think I mentioned above, you can use a local VM to do so. Using Kali as your guest VM would probably be most ideal

fair, I find their virtualized SOC training where you had to populate and then do SOC work with it to be proper experience, I will gladly take one of your scenarios to see the difference.

on a site not, the pic there is pounds where a bit lower it's in dollars, so people might get confused about the pricing if they don't see the currency sign

send via email? 😄

You're supposed to complete at least SOC 1 in the Learning Paths

Not working

@jagged yarrow What do you think about this?

I completed it, but that does not mean I understood it fully to the extent I should've. I guess I'll retake the lessons to get more in-depth understanding

Oh I misread their question anyways, but no not realistically, that’s what I said above when I said a local or even remote VMs you administrate would be better

I'd say that it could use a few more levels, starting with ensuring that you are able to tell the difference between malicious actors and non-malicious ones first. Like making it mega apparent.

Let's say that once you did a report, it analyzed it, gave you feedback based on your report (like if you flagged something that is not malicious as malicious) it would give you feedback related to the analysis.

you technically could via the target machine but that’s getting extreme and I was just thinking of silly ways

I don't like vm that why I shifted from windows to Kali Linux

Same if it was a correct call

lol hopefully not as your main OS

but if you already have a Kali install, then there’s no reason not to be using that

SAL1 implies the existence of a SAL2 👀

As a main os i use only one os

Well... I might have a few Kali machines running as my main computers 😄

There’s nothing “blessed” about the AttackBox other than it’s in the same VPN network. Just OpenVPN in via Kali and you’re set

I don't judge

baremetal??

just if you mean you run Kali Linux as your main OS, that’s highly insecure and inadvisable

Yeah, not virtualized

yeah thats not advisable like elizabeth said

nothing wrong with Kali bare metal mind you, just not as this guy may be doing above

Using it I don't don't give you access to worllists

However, they're in a separate network, and have no important logins

just make sure you harden it properly even otherwise

if someone gets in, they can pivot

I have twin layer protection

both AttackBox and Kali have wordlists, idk what you mean

It’s in the seclists

separate network makes it harder, but hey remove all the possibilities right

truetrue

For room like root me and password for room

if only you're using this, remove everyone else from sudoers and monitor running services is what I advise

then you download the wordlists they give you and use them? what do you even mean lol

And attackbox is for an only in q
day

Any tips on hardening your Kali?

97% of the time you can use a local or remote VMs with no issues instead of the split view

Sometime they expect you that you are using attackbox

Just got the cert email from THM

Even then if you’re stubborn and or know enough, you can keep going

But it's easy to have room all info

Blue cert released

speedrun

did the certificate just go live on the website

Yeah.

They always give you the files to download and more. But yes if you’re happy with AttackBox just stick with it

Kek

Its live 300 eyro

Not always

hi scrubling

Is the new sal1 proctored? Does it expire?

New certs just dropped

I would not suggest taking the malware etc

Yes

297 Euro its 1 Cert

Ya.

Yes to both?

how are you today guys?

Yeah I said like 95% for a reason lol

Both what?

300 euro for that?

$297 USD

Yeap

That it's proctored and expires?

Anyways respect, this does look like a more legit try for a cert than I expected

What are your thoughts on recently launched SAL1 certificate for blue team on tryhackme

Yeah I'll pass

I will actually check it out for real

https://www.antisyphontraining.com/ace-t-certification/

cert is here YAYYYY!

You need id, unsure if it expires

omg

Can skiddy stop @ing everyone holy shit

what is the new certification thing

not sure why it says "trusted by millions" when its just launched

SAL1 CERTIFICATE

You can turn off.

Reference to TryHackMe

If it does not expire, and it's proctored it may just be the best valued certification on the market, depending on the exam difficulty

it looks sexyy

SAL1 😍

So the SAL1 certificate isn't free for premium users?

No.

No

Let's goooooooo

Nothing is Free

Wait its paid?

I'm happy that it is a blue team cert

I can't wait to evaluate that cert. Looks good!

well its just launched either way so does not make sense. Tryhackme is trusted yes but the cert has just launched

What if we fail

Price keeps changing. Was there a reduced price for the first x signups?

$300 pretty much

Is the sal1 given at a discount for premium users, haha

Ohh thought u get this after finishing the path of soc analyst 1

but it seems good

more professional

Looks to be unproctored?

    Each section has its own timer, which starts counting down as soon as you begin that section. The timer runs continuously until time expires or you complete the section.
    The total exam duration is 6 hours within the 24-hour window. You must complete the sections in order: first the multiple-choice questions, followed by the two SOC Simulator scenarios.```

So its open book

Considering it was a blue cert, there's a possibility that red cert is getting baked too right?

https://youtu.be/9quML_OS6Uc?t=6704

Well, millions of people have blind trust!

No value

It is trying for real to be an actual industry cert and yep those cost money. This is significantly more respectable than I was anticipating so yep, honestly good stuff. I still have to read more about it though

Is this the first official tryhackme certification?

I'm not a fan of mcq, but good luck to anyone who does it

Yes

😅

yo

It's a mix

my diplay name seems to be okay here

No, not inherently. Being able to operate independently and find information for yourself is a critical skill for any cybersecurity professional

Why so

Yea

It was a joke

GIAC certs are open book, but they're still difficult for many individuals

Closed book in this decade is unrealistic.

Yea, it's unproctored

Because the open book is a way to check something, not look up everything, too much info

HTB sherlocks hard and insane is harder than giac certs

It depends on the cert exam lol

@jagged yarrow if you'll like, I would love to send you my thoughts when I have gone through the scenarios and can draw differences to BTL1 here later,
I have personally worked with SOC systems for the last 3 years and have a lot of experience in the area

Sherlock isn't as bad as people make out ml

Much like ghost.

But you still could with an effective index

That's how they tell you study. That's how I passed all of mine

There is proabably someone out there is already taking SAL1

I like the idea of the certification cause I love tryhackme's rooms, but I already paid for the OSDA, and the BTL1, I can't justify another cert if it's unprotored

Is sal1 really that good or is it just marketing

Well yeah 🤣

Please do! Can you do me a favour and read this before hand? https://tryhackme.com/resources/blog/creating-sal1

It's literally marketing, the material is from the creator

of course 😄
I'll throw you a DM with my thoughts

I might have missed it, but is there functionality to gift a certification attempt? I know we'd love to do a few giveaways with this

Let's force Elizabeth to do the Sal1

so the exam is 24 hours long or the content?

What do you mean?

I will say this the Soc tier 1, and tier 2 paths are some of the best in the industry, especially at the cost.

That would be insane

The blog post is from THM, the creator.
It is marketing material.

Ah I see.

"Gold Standard"?

It will take a while for the cert to get recognized by hiring managers

There's more to it than that, but the industry takeup will be the proof

I have a 1 year premium subscription of tryhackme. And currently pursuing SoC level 1 walkthrough

How long do you recon ?

I doubt it will really get recognised

BTL1 only started getting put on job posts after 1-2 years, so I would say around that ballpark. Suprisingly in the UK its sec+,CEH,BTL1 that are mainly on the job posts

Why do you think so ?

More mature certs still aren’t really recognised

I havs not seen many positions consider CeH ..

Yeah I think sec+ is pretty much the industry standard

Certs in many ways have been devauled, the same as college/uni. Because it's become another money grab

@jagged yarrow Have you considered aligning it with the UK cyber security council specialisms and standards? Gov work in the UK is all moving to those

Happily to be shown wrong if you can show them.

I have, and as bad as it is. Its frustrating to see that on a job post.

Almost every position i see mentions CEH

Incident response is a new specialism, not sure if soc fits into that

but adding to the vast sea of certs is certainly an odd move, esp for tryhackme.

The ones we post include it

BTL1&2, then SANS and experience is what I’ve seen for SOC roles if they are asking for certs

Just adding more dilemma to beginners

Tbf CEH and EC-Council have become a joke nowadays

The quiz is multiple choice, wow. (Also SOC Sim? Nice.)

Who does CEH?

Not wrong, but that's on the business side...

what do you mean ?

While EC-Council is a joke, and has demonstrated unethical behavoir themselves. THe marketing and most of the material for the cert is good

Oh that's who I was trying to think of. Didn't EC-Council get breached?

what's the argument behind this ?

Mostly India

It's the daddy of pentesting certs

The cert is absolutely useless as well, much like GRTP lmao. The SEC565 class was fantastic, the cert is just a multiple choice time crunch

Or maybe unethical stuff I was thinking of

In the UK?

Oh, I can't help with that 🙂

Yeah the company I mean not the country that uses it lol

I asked just above actually, with skidy giving a response

At this point that chart just has to be a marketing stint

Lots of people here do it yes

In fact, the teachers encourage students in the university to pursue it

And they do it with the students too sometimes

How good are CompTIA certs?

45 seconds a question for the mcq. I wonder how intense or simple the questions will be

Their "soc simulator" from the text I think

OpenUni in the UK include it on their source

It is

ayy found it ty

Gave +1 Rep to @chilly veldt (current: #8 - 966)

Damn, I see

Wow it takes 'ty' too

Noice

"Good" is relative. They're known to hiring managers and HR. Not entirely useless but you take them to establish that you have a rough baseline of knowledge

that blue team stuff isn't for my anyway 🥴
but it's cool THM is getting in the cert market with relatively affordable stuff

They don't teach you in an actual SOC environment - we use the SOC Simulator to evaluate actual real-world skills. We sat with analysts at Accenture to replicate exactly what they do. Try out one of the scenarios if you want to see what its like!

Red team cert next.

I really enjoyed the old CASP+, but SecurityX was a bit of a regression without the practical lab questions

hmmm, time to ask work if they can pay for this cert

I wish so

MCQ is the one thing. I found strange.

can do, if interested I can dm.

could be fun to be the first who has taken it, then I'll just take it tonight to see what it is 😛

Go for it, the first 100 get a special goody box

where you guyz found the answers of the labs ??

I was never a fan of BTLO challenges. They were not that realitic.

In the labs

Oh damn I better take it now for giggles

You got this ez pz

Gonna yolo it and see what happens 🤣

i also try many labs but always they say incorrect to my answers even a space exit in it

I think I am out qualified for it, so might be easy for me to get

I will be devouring that

When will it be releasing? Any tentative?

a level 1 cert might be too easy when you have 3 years of experience in SOC and built one 😄

Subtle flex

Gotta flex them muscles

OSCP still dominant a lot of the time, and CREST especially in the UK

Granted,.the MCQ only takes 20%.

But still.

Definitely, but a refresher never hurts and then you can more effectively recommend it to others!

Who's next after CompTIA?

yeah, plan is that if this is a good one, we might push it to the new employees in the SOC

Just get any/every cert at this point

And call yourself a cyber security 'expert'

I know a guy that 20+ certs and he was useless

Pffttttt

I got the THM JR. Penetration Tester Certification, that proves beyond any doubt I am a master hacker, no?

haxxter

I hope that they come up with a new ethical OFFENSIVE red team cert

I am curious why is there a multiple choice section when it’s unproctored and open book? Seems somewhat of a moot point?

Elite haxxer (However you write that in scriptkiddie)

el1t3 h4xx0r

They will teach you how to say, "Blue team sucks"

How about the Web Hacking module? Can hack Facebook now 😎

Coz it's... offensive... get it...

I'll see myself out

https://tenor.com/view/hacker-pc-meme-matrix-codes-gif-16730883

🤣

Ouch. But that is exactly my type of humor.

Is the exam proctored? What’s stopping someone from googling the multiple choice section?

Na Na its was funny

I have officially bagged a baddy

/j /s

It depends on what your goals are. Hands-on experience is always great. Cert-wise, if you can get an employer to pay for a SANS class and GIAC cert, they're generally really good. I've been a big fan of AntiSyphon's training lately

It only takes up 20%.

You won't pass with just the MCQ

my first server

:D

Is it seen as research skills?

Mainly security analyst. Sounds interesting and maybe even fun.

Now im doing the holo Network

Yessss welcome to the addiction of hardware lmfao

If research is GPT 🙂

Thanks xD

Gave +1 Rep to @idle mica (current: #380 - 16)

Soc sim scenarios are 40% each

This

Did you see that video i posted?

For MCQs, you answer 80 in 1 hour - so you can try and copy/paste to Google/ChatGPT, but the time pressure is there to limit this. Its only to evaluate foundations - the SOC SIM is a huge weighting for the exam, and not as easy to copy/paste - we also rotate scenarios and the MCQs are select from a huge bank based on a range of difficulty.

Grats on your first cert on THM skidy. Looking forward to seeing more whenever you finish making them

That's cool

Thanks! It was in development for a long long time

Gave +1 Rep to @fringe nacelle (current: #399 - 15)

Wild

@jagged yarrow Will there be plans to complete the SOC path with a L2 aligned cert?

welp, I should be able to get the go in a few, and then I'll be doing the exam this evening 😎

I was just finished studying for today and saw the announcement, really excited, would there be in the rooms and Soc Tier 1 section any practice rooms that would simulate what you would do exactly in those sim scenarios so you would feel comfortable taking the exam right after you are done with everything you can cover from these sections?

SAL2 coming this year

Good luck

Get really familiar with Windows and Active Directory. Build a home lab, maybe use GOAD, instrument it with Wazuh, follow a guide to execute the attacks, and see how they look in the SIEM. Otherwise, I hear the BTLO certs are good. The idea, in my opinion, is to get your foot in the door with an interview and then comfortably show that you know your stuff

thankz

Thanks for the info boss

Gave +1 Rep to @idle mica (current: #363 - 17)

Well thought out approach, Ty for the extra context

Gave +1 Rep to @jagged yarrow (current: #140 - 57)

Yeah! Check out the details page recommended learning - we suggest which scenarios you should do to practice

I actually plan to make my own honeypot for fun @idle mica Got any experience with that?

And don't be afraid to get there and talk to people. Meeting the right individuals can open up all kinds of doors. It's definitely a networking game as well

Thanks! We worked closely with a lot of people on this, including those at Accenture, SalesForce, JustEat, and our hugely talented product/engineering/content-engineering team

Have a look at the training roadmap

I'd highly recommend you read the post about how it came to be - it really shows you the level of care and detail we went through to get it right: https://tryhackme.com/resources/blog/creating-sal1

So, uh, has anyone actually been hired as a result of SAL1... which released 25 minutes ago? 😄

Yeah, I think I used t-pot a while back when I had a static block. I'd probably recommend running it on a VM through a cloud service provider, but it's really interesting to see what happens when you have a honeypot just sitting there exposed

Is there a room for learning proxychains

The SAL1 first 100 is the first to buy or pass? In which case, will there be a memo when the first 100 have been reached @jagged yarrow ?

We ran betas to test it with different analysts - there are already people from Accenture, SalesForce and others that are rightfully certified. I can say since 25m ago, we've not had anyone certified yet - but the exam is 24h haha - ask again tomorrow

W

Congrats! 😁

Sounds good! 😁

so can i buy the exam now and study for those 3 months basically and take it when i decide to? how does it work

There will be yes 👍

Hey everyone,
I'm looking to learn more about cloud security (AWS, Azure, GCP) and would love to chat with someone who has experience in the field.

If you know any good resources or can connect me with someone, that’d be awesome!

I'm mainly interested in understanding security challenges in cloud architectures.

Am I able to buy it and gift it others?

Yeah - you have 12 months to do the exam from buying it - but 3m of premium are included.

Is it first 100 to pass?

nice thank you!

Yes

Oh no. I don't mind windows but I hate active directory. Haven't done a home lab. Can I buy a cheap pc as a test? Still learning about SIEM stuff. Still learning IT stuff as a whole though. The trying to change career is taking longer than I wanted it to lol.

Appreciate it boss

Is there a room for learning proxychains?

can use a VM would be much easier ide assume

https://tryhackme.com/room/torforbeginners

Task 2

Thanks

Gave +1 Rep to @cloud quiver (current: #1 - 3501)

Yeah I've got a vm. Ubuntu and (everyone's love to hate) Kali

It's definitely a marathon and not a sprint, but you'll get there! Consistency and repetition is key and Active Directory is a critical component of many organizations. I didn't want to learn it either 🤣

Mainly use Ubuntu though

Yeah I definitely understand why active directory is necessary and I guess efficient too. It's just annoying to learn lol.

Active directory is strong but just annoying

Company roles and if you wanna call it hierarchy lol.

Microsoft gives you just enough rope to hang yourself when it comes to configurations and defaults. A poorly configured AD is a walk through the park to abuse your way to DA or EA

https://tenor.com/view/press-f-pay-respect-coffin-burial-gif-12855021

I even forget what EA is

Especially with ADCS. Lots of room for abuse there

Enterprise Admin

Aside from brEAd $ (EA Sports it's in the game)

it's just awaiting approval lmao

Wanna race? 🤣

I've gotta run to the DMV first in 20 minutes 😭

How much is the cert?

I have to wait for manager to approve the usage of company card

I'm guessing that's like ceo or CTO generally?

No it's a purely AD concept

No, it's like domain admin but forest-wide

Ohhh. That makes sense.

If I CEO had enterprise admin... 😭

I'd quit

just got my Jr Penetration tester certificate.

The red of 0xC now burns my eyes

Yeah nah not smart hahaha

Was it always like this?

My critical thinking is critically injuring me rn 🤣

Or lack thereof

Pfft not at all, you learned something new!

Yeah too true. AD is still very new. I've done a couple THM rooms on it. Very slowly.

Grats

I come here, hear people's successful stories, get motivation, do a couple rooms.

Guys I'm not understand that the first 100 candidate finish the class will get the certificate or it will give for anyone who complete the class guys? I'm not really clear about this

It does seem to be very red lol

Think first 100 gets limited edition THM swag

need to learn networking from basic . can anyone suggest me

oh so I think it's really hard to get T_T

But anyone who completes the cert gets it like any other cert

I need it, probably done by now

I know right

Check out the "Networking" section of the path "Cyber Security 101".

I think it's depend on people who want to be. Like you can learn what you think you like or you think it's easy to learn then you can explore what you want to do in cyber sercurity world like pentester or SOC personnel, etc

Nice

is it in this server

i dont get it

It's on https://tryhackme.com, which is the website this server belongs to.

It's not a normal Thm cert though. Industry recognised by the sounds of it.

https://tryhackme.com/paths

How about the admin panel? https://admin.tryhackme.com/

👍🏻

How hilarious.

But.

Whahahaha

Epic embed fail. ;D

Yeah pretty good

Yeah rekt myself 😎

You need to put <, then the link, then > in order to avoid the embed.

https://admin.tryhackme.com

https://shibes.xyz/

https://shibes.zyx

Please don't advertise here

So <link> to stop the embed?

Ok

Yep!

Jabba in full force 👀

Shibes link is cool BTW

@hardy juniper Hope you're having a good day!

It's a neat domain, I suppose?

there's too many TLDs now

1000s too many

You think so?
I personally like that you actually have a choice for those. ^_^

They just should not have the ones that are common file extensions like .zip, because those will just be abused.

Too many to be able to make scams/virus links lol

You don't need TLDs to make phishing domains.

Nah but some non tech people wouldn't know ig.

Unforunately I cannot make an example outside of the advanced channels, whahahaha.
But it is rather trivial to generate a valid looking domain name while ignoring the TLD altogether.

Won't go into it as I know it's not allowed but yeah they should've stuck with the normal TLDs

Of course you are correct in that having more TLDs technically enables some more variation in malicious domain names, but I don't think it matters too much when put into correlation with what is already possible through just the domain name itself.

Yeah I know you can change domain to make it look the same too but with "custom" TLDs I find you can make it look that much more convincing.

Plus, having a non-common TLD that is not .com, .org, .net, etc will already by pretty dang suspicious to a lot of non-tech people, I would believe.

Imagine you get a link from your bank and it say your-bank.xyz.

(Of course, someone will fall for that, but someone falls for everything.)

Yeah most people would see that and turn away I'd like to think but yeah as you say some would. I know people who click links without hovering to see where it's taking them.

@small remnant please don't advertise here.

Might change subject though cos I know at this time this chat gets all sorts of people out and about hahaha and this would be up their alley so to speak.

Sorta agree with you on that, but I also don't believe either of us said anything which is new to people in that field. xD
But yee, let's stop.

Every one will get a cert

Yeah haven't given trade secrets hahaha but yeah better be safe

Any goals for the week?

Nice thank you bro

Gave +1 Rep to @sick lance (current: #2 - 3423)

Lots of unverified people come on at this time spilling rubbish lol.

Is there a student discount to the cert?

No.

Dang it

Maybe next year then

You're #2 Scrubz. You were #1 what happened? #2 is rookie numbers.

Building a CTF for an official competition at a conference, I guess?
Apart from that it's just normal everyday work.

How about you?

Yeaaa....

I don't rep farm

Wait, who overtook, lmao?

I get my thanks for legit helping out. 😄

Oh nice that'd be cool as. What do you do for that? Make VMs and servers for people to use?

Maaan, good luck! Making challenges is such a tough beast sometimes

That's what they all say when they get overtaken 😉

Me when I lie

I mean, there's the proof?

¯_(ツ)_/¯

Huh lol

Thank you. ^_^
I have fun with being evil tho, so it's all good.

Gave +1 Rep to @idle mica (current: #343 - 18)

Who's kgbkp

User X welcomes new users by saying welcome.

The common reply is "Thank you"

Ez Pz rap farming.

KGB

Nah that's cheating fr

Ha, I love that LOL. If you ever wanna exchange challenge ideas, feel free to reach out!

Normally you'd make a docker container for web challenges, and provide just files for forensic or RE challenges.
Framework-wise it works pretty much identical to how HTB does challenges (not machines, tho).

Sure thing.
I obviously cannot share anything I am doing right now tho.

Is it banned to say hi to new users 🙂 ?

Oh definitely

Not really, it's just rep abuse. 😄

Oh yeah ( don't use htb, didn't like the interface 🤣)

I don't use HTB either, yet still get brought up in the server

Rent free and all that.

Sounds cool though good luck with it lol

Thanks. ^_^

How similar is it to Thm?

red teaming certification when

Yeah , I know buddy , you told me that multiple times by now 😄 . You can delete/reset my rep 🙂

The layout was confusing as

I can't, even if I could, I wouldn't.

Soon hopefully

Rep system is useless.

Least THM is neat and everything can be found easily

I so split, idk if I should choose red teaming or pentesting

Organised

Eh, in terms, not so much.

They just have different teaching methods.

HTB had stuff everywhere and doesn't help there's Labs and Academy lol idek the difference

I did try it to see what it was about

+rep @cloud quiver

Gave +1 Rep to @cloud quiver (current: #1 - 3502)

What's the problem then 🙂 ?

Alrighty, lets do this

Surprisingly different, in my opinion.
Learning content on THM is better, even tho HTB academy is pretty good as well (at a price, it's helly expensive).
I preferer the HTB machines tho, they have a more realisitic feel to them.
And for single more CTF-like challenges: there are good and bad ones on both platforms, HTB just as a lot more with higher difficulty.

People often say platform X is better than platform Y.

There is no problem I'm just pointing out the obvious.

I specifically want to not say that.

Do I need to call your manager? 🤣

Best of luck! I believe in you brother

People will do it all the time with everything.

I find the THM CTFs alright. HTB just throws you in it I guess.

he's busy busy
and I am working from home, so it's just waiting for him to answer my message, think he's in a meeting

Well, HTB Labs is something different then HTB Academy is somehing different then HTB CTF.

I don't like HTB CTFs because they aren't that streamer friendly

damnit lol

Ok but you're pointing that out every 2nd day 🙂 . I got your point like 2 months ago 😄 . If it is against the rules then take some action if it isn't , what's the problem then ?

I've done less THM these days, only rooms I do are the ones we get to test.

Labs just gives you access to challenges (and some writeups).
Academy has few proper challenges and mostly learning content.

indeed 😦

What?

I brought it up because somebody asked me.

HTB has 3 different things? I only saw the 2

And CTF is just a platform for companies and orgs to host their CTFs on HTB infrastructure.

I didn't bring it up for no reason...

If you're going to read a conversation, read all of it, not half.

Yeah , you do , like every few days , you're mentioning how i abuse something 🙂

I've mentioned it twice in conversation.

I haven't raised it before that, that's how conversations work.

academy, labs and ctf

Even if it was a greater problem than it is, I'd address it with admin, not general chat. 🙂

uhhhh

I thought ctf would've fallen under labs lol

I brought that up as a bug a few days back because I can't read either, read the actual task. ;D

im grinding my streak rn

The new cert looks so good

Anyone here interested in BCI Technology?

But what's point of having #intros channel if not to welcome new users and point them somewhere if they have some question ?

nope

but they have regular ctfs and prolabs under labs

@cloud quiver @sick lance I love the fact that new users, old users, anyone are welcomed. Postive vibes. More off it please

Naa, see my previous messages.

Or, well, just go visit the platform, whahaha.

i was confused on this one too

HTB sometimes hosts some pretty cool stuff on there themselves!

Didn't read all of the task?

Helloo

Hi.

hi

He wasn't have a go at you lol. I was having some friendly banter with him and he brought up the welcome stuff to tell me about the reps.

Welcome to chat!

Thank yall

this just keeps staring me in the face @idle mica 😦

Then close it. 😄

Wait

How many tries do we have on the exam

well, I am waiting for my manager to approve so I just can plug in the details and get going

I free retake

I wanted to say something smart but don't want it to be taken serious lol so better not

Awesome

It's also cheap

That's devious LOL. I wish they could reimburse you

oh wait im with stupid

alright then

well they can, I just don't have enough on my personal account lmao

i finished tho

time to grind some on portswigger

and yall get the daily screenshot

Offt okay

double damn :(

big time

What’s the exam like?

Do we have to be on cam

I had that once

Everyone busy doing the SAL1 exam? 🥳 🙌

Better not say it lol 😬

I am waiting for my manager to approve the usage of the company account to buy it xD

I'm about to start it and just record my time lol

No, not proctored.

It's too enticing

Which I find off as they ask for ID.

Is it timed ?

don't wait for me

24 hours.

Oh wow

Please let me know when you have taken it. Would like to hear your experience. 🙂

aight, say less, Tuesday just got a hell of a lot more fun

20% MCQ
40% for both soc sims.

of course, give me this evening and it should be done together with @idle mica

How long would it take average?

Hard to say really.

Depends on how fast/long you work.

That’s long, we got a path for prep ?

SOC level 1

There is a training roadmap.

bella speedruning the cert 🔥

Ohhh okay, that’s cool.

^

Is each one different for when people take it? Different "scenario"?

I don't know much about it, tbh.

It's been all hushed hushed,

I suspect if it's a sim, it may vary on how alerts pop up etc

I should grab some snacks and stuff before I start it

Awesome. Are you gunning for that Certificate 0001 spot? 😄

Makes sense I guess being a real world cert

At this rate, you know it! Sorry if it trips some alarm bells LOL

I’ve done some of those already. Today I was studying geofencing

I'm really enjoying the question bank so far, though

Lots of good stuff for that tier 1 position to know

don't be, only reason I am taking it is to give feedback, I am already out qualified for the cert 😛

Day 25

Wondering if I should pivot to SAL1 then pick back up CCD after

i still have no clear way to pay for the next month, hopefully i'll figure it out

i got a tech job (unlock an ic locked 13 pro) and the guy hasnt paid up yet

There's a lot of free rooms BTW

One bit of feedback, I know there is the bookmark system, but it'd be handy to see the questions in the "See All Questions" popup because my ADHD brain does not remember numbers. Though, I'm not sure if that'd impact exam integrity

Being able to backtrack on questions shouldn't do.

It's open book anyway.

Yeah, like with ISC2. Later questions can inform answers for previous ones and all of that

I love that its at a highly affordable price, as compared to stuff like CEH, where the price vs quality doesn't check out

I can't take SAL1 rn, but maybe in later years. I'm looking forward to trying out the soc sims on the website though

what cost do you see in dollars
because its kinda hard for me to compare prices in my currency

Noting that one down, thank you. 🙂

Gave +1 Rep to @idle mica (current: #332 - 19)

297 US

Like, 300 dollars approximately

isn't that close to pentest+ and those certs

Curious to see how long before it gets taken

Yeah CompTIA certs are in the same range

Pretty sure that is 404 USD

Idk if it varies based on country

Pentest+ cost here differs from SAL1 by ~$35

error 404

BTL1 is way more expensive as compared to this

like, more than 2x the cost

Cert Not Found

Fairly quickly. 🙏 🥳

has anyone gotten their pentest+

can't get above a 76% on the Dions - and dion wants a 90% to pass

76 is still pretty good though, keep trying

it's really post-exploitation that's holding me back. certain mimikatz commands, certain exploits . i'm just going through the THM rooms and trying to get the commands in my fingers

If you’re looking for commands, this is a great book

oh that looks fun

It’s got red and blue commands and it tells you which team it’s for and what it’s used for

It’s nice

i'll have to take a looky loo

im currently a beginner wanting to get into red teaming. im learning all of linux fundamentals first right now but does anyone know of any networking books i can read while im getting a basic understanding of linux?

My recommendation: don't buy books on this stuff. Many, many platforms including THM, YouTube and more offer really good, up to date content on this stuff, often for free or at least for cheaper then a book.

basic networking is covered in THM rooms

yeah thats up next, i just got a tip from someone to read up on a book

THM and HackTheBox also offer practical tasks alongside the content, which you won't get from a book without setting up your own environment.

Let's see how the new cert is knuckle cracking sounds

Nah, I would say that its better to do the THM networking rooms

better than books, and you learn everything you need for red teaming

ahh i see, now am i taking the right path by learning linux completely first before getting into networking?

Yes!

yes

networking held me back for so long because i ignored it and went into pentesting

After which you can move onto Python, since in my opinion the 'big three' consists of Linux, networking and Python.

even got sec+ and a job - and felt like a loser because i didn't know how pakcets travelled

I want a networking book too

You can learn networking without that, but to actually do literally anything related to working with network, you will need knowledge about Linux and sometimes Windows.

cisco has the free ccna course with packet tracer if you are a visual learner like myself

they even make you set up the homeoffice network with drag and drop cables

i was studying python a bit before i switched to cybersec so i got that down a lil lol

now lastly do i really need the A+ or can i skip it over?

I did some of this

Again, I would only recommend buying a book if it is either on a big sale (humble bundles are pretty good sometimes), or if you collect books.
In my opinion, they are often not worth the price when compared to other types of text or video based resources.

I love physical books

you can find older versions of books in pdf form pretty easily online

You can skip it.
Of course, if you want it, you can still get it, extra certs will never hurt.

In that case: completely fair. Based opinion. xD
Got a whole bunch of red/blue teaming field manuals and even the physical NMap book on my shelf too. ;D

Another quick bit of feedback, should the countdown timer be running while reading the SOC Wiki and before hitting "start scenario"? Seems a bit odd, since one is potentially burning time while also waiting for the VMs to start

Ofc, im just hit with the never ending overload of thinking that i need to get a grasp of it all quickly. but getting into pentesting will take time huh

If I was to get a book on networking it would need to have diagrams

I really enjoyed the MCQs, too! Good stuff in there

It will take time.
You need to take notes on everything and also take as long as you need to understand the stuff you are learning.

I have been doing this for more then two years at this point, and I am okay-ish, still learning new stuff every day.

A+ is the basics of computer networking/operating systems, so it might be suitable for entry level jobs

Note that I haven't done A+ myself, I'm just speaking from the practice tests I've taken (which are from CompTIA)

im not a really good notetaker lol but ive been making flashcards on quizlet of linux commands n stuff

unfair 😦

Yeah ill probably get to it at a later point

That is a good start.
My recommendation is to set up a note collection that you can use to quickly look stuff up that you have learned about before.

It'll make it that much more fun! Buy him McDonalds or something, bring it to him, and slip him a "pls pls pls" note 🤣

You can use some tool like Obsidian or Trilium to manage the whoe thing and sync it onto Github or another cloud service so you can access them from any device, everywhere.

welp, I would then have to go to the office first

https://tenor.com/view/monkey-toy-story3-gif-25030026

me when the VMs start

ive been using obsidian but didnt know i could do that. great to know

me right now on the company cams seeing when my manager is at his desk
(this is a joke, we do not have cameras in the office and I would never spy on people like this)

I used to work for a place that wound up getting rid of the security guards because they made poor business decisions. Guess who was tasked with building security! That's right! The friggin NOC

Do all communications have to run through cloudflare or can I change that

huh?

I don’t know

😂

Ah just ignore me

communications in what way?

I’m just gonna look at the new cert

Look at the topics eg

Got a fresh haircut

Nice

I rarely ever get my hair cut

Sometimes I cut it myself

Saves money

Yeah also I’m not too fussed about my hair

Good book

Yeah it’s nice

Get linux for dummies

Ngl for a long time I could not see this tick here so I thought it was greyed out because I had not done it yet. Very difficult to see

I must be blind, where is the security analyst path

nvm

got my hopes up just for it to be a cert

what?

Yeah that’s hard to see, what is it a ✅

Yeah it’s supposed to be, is yours like that?

I’m not at computer, I’ll check when I get back.

$350 is too much for SAL1 😭.

350 thats not a lot

Cheaper than most cert exams

other are like $800+

certs are such pyramid schemes

Around 290 USD for premium users

brb my dogs unhooked all my speaker wire 😞

Who let the

https://tenor.com/view/baha-men-who-let-the-dogs-out-dogs-dog-music-video-gif-24347386

it was actually who let the dog in lol

You need a firewall rule for dogs

to filter incoming and outgoing dogs

no dogs

Block dogs

then my dad opens the dog and lets them in

I hate how effectively this cert exam simulates a real SOC queue. It's giving me 'nam flashbacks 🤣

must put dad in cage

I'm interested in knowing what the exclusive swag is. I doubt I'll be first 100 but I still wanna know what I'm about to miss out on

happy new year guys

im late ik

new year new me

happy new years

im giving you have a different tradition?

I'm new to tryhackme

Hello!

lmao nice, I am not able to take it today 😦

Welcome.

no answer from manager

Welcome

I'm doing the Jr penetration tester path. I wanna know what challenges and ctfs I can do while doing that path (?)

need begginer-friendly challenges

As I'm new to CTFs

Uh thanks?

Gave +1 Rep to @jaunty charm (current: #1766 - 2)

yoo

new year new (me)ntal illnes

and agin as i say college is still a pima

pain in my ass

oops sorry wrong person

Good morning. How do I obtain my token to verify my account with Discord?

Welcome

yo new cert just launched

suck it

heheheh

bye4

@sand remnant

wait how do i get roles in here?

Why I cannot share screen captures in THM channels 🙂

click on link above

i knew that

You need to verify first: https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

SAL1, interesting.

Did maybe anybody do something similar aranging data from ICMP tunneling Pcap

What’s up with light mode?

this is not a room, but THM CTF creating add-on, but I got this challange were its hard to find the flag

Does tryhackme ship to romania as well?

o i i a i o i i i a i

Its expensive

Linux a personality.

cool site man!

It really isn't

haha its not a site i made but thanks

Gave +1 Rep to @near sapphire (current: #188 - 42)

It's about 150$ per try

And that's way cheaper than anything else I have seen

Its 30k in rupees

Fuck it

I'm going level 9

I won't message before that

See ya everyone

Hello ,

Please avoid posting answers here, if you need help with a room #room-help would be your best bet 😄

oh thm finally came up with a cert, something to do for the next weeks then 😉

Is it mandatory to buy certs?

you can just learn

maybe when it's industry recognized, I get it.