#general

Gave +1 Rep to @carmine tinsel (current: #666 - 8)

For challenge rooms, light involves simple sql injection and SQHell involves hair tearing sql injection

w8 wha'ts "hair tearing sql injection" never heard of it

No I mean like sqli that makes me wanna tear my hair out

I swear I didn’t invent a new type of sqli lol

I got like 2/5 flags before I started raging, will come back to it this week tho

🍪

hi cooooki

okay mb mb

lmao

Morning

Sqlimap

Super useful

Same with nosql map

lol yes I should probably do the sqlmap room instead of trying to do things manual

I just wanna fully understand the logic of how they work yk

No that’s a tool

And payload all the things has a great chat sheet

I see, gotta look at it

It will help a lot

It explains things too

I’m a portswigger cheat sheet user already so it will be a good addition 🙂

I love payload all the things

Hello is there a room for FUFF?

There is 🙂
https://tryhackme.com/room/ffuf

Thank you

Gave +1 Rep to @cloud quiver (current: #1 - 3678)

KGB is cookie color, nice!

Yooo fr

I just noticed

🍪 🙂

cookie eaters!

PHPSESSID=cookieeaters

Nah man fr congrats for the new role, and the color is looking good

A group of us are working to pass our pnpt. If you would like to join us. Dm me

Thank you 🙂

Gave +1 Rep to @sinful bobcat (current: #492 - 12)

Everybody uses cheat sheet, that's why we have 'em.

Can't be expected to remember everything.

Yayyyy, congratulations KGB! That's really impressive

Yessss!!!

Yo Steammmmmm

You sure it is good enough? I also want it for my small buisesses

And personal storage also

Practicing cybersec and system administratation too

@chilly veldt You getting Sal1 via BTL1?

Should be plenty, if you're not making proper money on it, a server server is way too expensive in power usage and makes too much noise tbh

Possibly, haven't reached out yet

will it be exactly like a server?

Also did u manage a server before?

Thank you 🙂

Gave +1 Rep to @sturdy pike (current: #117 - 68)

I think it is great idea if I wanted to practice but I also want it for buisness like hosting my site instead of paying a hosting company, making my own mail server, file share server ect

So maybe one with no noise will be great

Waiting on SecOnion installing is pain.

I need to find a ready made image.

I work as an infrastructure engineer, I manage servers daily 😅

You can do that with an old desktop as well, you can install a hypervisor on it too, just make sure to get extra harddisks, an old desktop doesn't use as much power, which also has a more silent psu/cooling

Feeling so lazy but I gotta clean up, I’m out of energy

Need elixir

Metasploit machine in task 6 is just for listening? Do I need to start attackbox for it?

The trader sells energy elixirs. Go see your local trader

Meatexploit is hard

Heya!

Hello!

How are you?

Hex! Hai :D

Those elixers are too strong for me wee heart

I’ll start body popping

No fr though I can’t drink them anymore.

Ironically my mum would moan a lot about them and then one day I had one and thought I was having a heart attack.

Have you tried the bean brewing method?

References going over my head, I'll just eat a cookie and black coffee instead.

Good morning

Good morning

Hey hey! I understand it now, metasploit is actually easy!

Yeah makes me feel kinda on edge

You know I used to drink coffee all day and it had no effect but now I can’t even have a sip

new day new me

welcome to powershell-empire '

Matcha is my fuel!

Matcha people don't exist

Same with mint ice cream

I feel like Matcha is more about the experience then the drink itself.

hello everyone

hey

hi guys

you're learning metasploit now?

I actually do like mint ice cream

hi sigma lord

That confirms that you aren't real

Mb I guess I’m a bot

Beep boop

Boop beep?

Bot confirmed

I do thm along with portswigger, want to do CPTS but i think I'll do Sec+ first, THM plus HTB academy will just get overwhelming

You would probably like the taste of metal shavings as well

I really do not

I go out of my way not to eat metal

I do love Asian cuisine

That is what a bot would say

A LLM

Agree

I’ve been programmed to weeb

I clearly hit a defense mechanism of the bot and now it redirected itself to appear more normal by mentioning asian cuisine

https://tenor.com/view/ichigo-bleach-hollow-shinigami-gif-22298807

Second anime I ever watched

Same lol

My first was Parasyte the Maxim

Mine was Naruto

ive only watched 1 anime, guess which one?

One piece?

nope

pokemon!

or naruto

Hi chat

Wassup

How is everyone?

I couldn't watch it, left it on S3, it got boring

heyloooo!

Hi hi, hru

But then I was told to skip fillers

Yer it was a lot

oh actully make that 2. i loved watching pokemon as a kid

yeah ur doing well , don't worry about it

Thief! Catch him!

Pokemon was great

the other was jojos bizzare adventures

Shit

https://tenor.com/view/let-me-borrow-gif-5425271752307681658

AYEEEEE pokemon for the win!!!

its easy and u can do it later whole CPTS

I'll pick it up later One piece was my 17th anime

And the latest I watched

i'm goood af thanks for asking homie!

Gave +1 Rep to @dark mason (current: #365 - 17)

One piece was too much for me

https://tenor.com/view/thanks-guys-i-got-it-from-here-brooklyn-nine-n-ine-cops-arrest-steal-gif-13813254

Watched a lot of fairy tail

After that I was burnt out for long anime’s

have you ever tried matcha tea/drink or mint chocolate chip ice cream?

Thanks!

Gave +1 Rep to @broken horizon (current: #1772 - 2)

When I get home I will do my math homework and start learning steganography

CPTS is easy? I was told its equivalent to OSCP

@whole gazelle may I ask you something?

Nope

I don't like ice cream that much

good for you, you're not missing out

sure go ahead!

Do you know binary exploitation? (Pwn)

I just don't get much time for now and as one piece is on a break along with bleach, I'll watch others after finishing them

i don't tbh, that's thing on my todo list for this year

Ah, alr

I wanna know if it is possible to learn the basics in 2 weeks

sounds doable imo

I am think I am going to skip crypto and pwn this year

so what u gonna do instead?

How can i ask to change my email on THM support

The bot doesn't give me the option.

THM support?

@sick lance Do you know how i can do it

You mean on your account?

Yeah

Yep

On my THM account

I cannot change it

Are you google

gmail.com

I want to change it to outlook

Cant you just change it

No

You should be able to change it via your profile

It doesn't want to

I remember it being pretty easy to change

I can't

The box is gre

grey

Email support then

Thanks

@silver sky

See?

Not really, I dunno what it normally looks like

Ah, because of how you created you THM account, you can't change it, I don't even know if support can do it.

I create it with an email

Google SSO is different from a normal account creation.

I don't remember

Ahhhhhh

Naa

I didn't create my account with GOOGLE SSO

Then what you've been told, doesn't change.

You'll need to contact support.

i asked support, they confirmed that even they are unable to change it for that case

but feel free to try, maybe something changed since I last asked

Hey guys im close to completing pre security now and im heading onto cyber security 101 and I was just wondering after that what's the best thing to get into I like protecting stuff and systems and want to work for the government doing that stuff but I also like messing with things and bypassing and breaking it aswell what would be best

Maybe soc1 and 2

Do they have a bit of both

They're focused on defense 🙂

Anything with a bit of both?

What do you recommend is best to get into

Then try to do a bit of jr.pentester path also 🙂

KGB the goat

i wanna try a new web browser... Arc or Zen ?

Was trying to attack a sandbox system and currently falling short. It's behind a red-Node and nothing I've tried worked so far. I found various pages linked to the main IP page.

what's the room tester role?

Community members who help test out the rooms after they reach UAT stage.

uat?

User Acceptance Testing.

This is the final phase of THM's QA department.

now what is qa department

i like arc

The Quality Assurance departmed of TryHackMe, in which timtaylor is the manager of.

✨ quality assurance ✨

What do you mean by this?

qa is to ensure it meets standards, stars are usually good standards

https://tenor.com/view/creed-the-office-quabity-gif-25033401

What do you guys do

Oh wow okie, I will do reaserch or that ty for so much for the idea!

Gave +1 Rep to @chilly veldt (current: #8 - 967)

I don't even know what to learn

hi

I made a road map to follow

What do you do tho

I mostly do web hacking

I also practice or things

You got a job?

What thm stuff have you done

idk

mostly web

Oh

You got a job?

not yet to young

Best review so far on SAL1, not biased but neutral: https://www.youtube.com/watch?v=bo1jRcLdUpY

👋 hello thm

hope we're all having a great day so far

should ruins 60% of my dad

day*

we can all but try right 😄

Day 32

hey ben

took a break from hacking and went coding instead today

you're welcome

nice nice 🙌 breaks are always good

what was your first learning path in port swigger?

got burnt out cause i've been grinding on a ctf challenge for 8 days non stop

what are yuo coding

a eccomerce simulation

nothing fancy really just basic oop

I cast: unconserves your angular momentum

https://tenor.com/view/physics-ia-physics-innovation-academy-ap-physics-conservation-of-momentum-gif-14015438521599767977

ooh

sql injection
id probably recommend server side vulnerabilities tho

yo u rockin kali as your main os?

respect

anyone know where windows ISO's could be found for use as a lab? evaluation copies are fine. i got the windows server iso running but can't get a user station running

https://cdn.discordapp.com/emojis/1328688384310251520.gif?quality=lossless&name=wave&size=48

i quadboot my system

arch+kali+win11+sequoia

thinkpad t480 my beloved

500gb for each os

Anyone know about IBM ? And the Cobol programming ?

D:

COBOL, wow that takes me back.

Are you a student?

You know cobol 👀?

What takes you back ? You in the twenties , you talk like an old man

y are u sad

Chat can yall review my small code

I'm not sad im just suprised

public class Rough                        {
public static void main(String[] args)    {
System.out.println("Hello, World!")       ;
                                          }
                                          }

Am I?

why "," in hello world

that's the most cursed java i have ever seen

That's the sweetest thing anyone has ever said to me

yoo this is sick!

That used to be my ideal config dream

Learning java i see

sorry to hear that

Why not

Am I doing a good job

A friend was also learning

His logic is incorrect though

Good start

that's some gui driven development

https://cdn.discordapp.com/emojis/1195849123606298634.gif?size=48&animated=true&name=OMEGADANCEBUTFAST

the school wifi is so laggy today 😭

Someone hacking

?

nah I think the band width is just horrible

hi

https://cdn.discordapp.com/attachments/227912785290330113/1298265337938055188/togif-12.gif

how do i change my email on tryhackme

I guess through support

On the website on your profile.

Unless you've used SSO

havent used sso

cant change it tho

hello guys

for somereason i can't access ssh while solving a machine

i tried multiple vpn files but it didn't work

what does it show

ssh just doesn't reach

also go #room-help

got it

are u on the vpn?

i am

this is the first meme i. seen today and i like lmfao

use ping command to see if you are connected with the machine

i did

what did it show ?

its just like a udp connection thus ssh dont connect

its pinging

is the ssh port open on the target ?

yea it is

it was working yaster day

im super confused why it is not working

does it show port unreachable?

it shows that something is unreachable in the vpn connection
lemme check

just to make sure I understand right When I but the SAL1 cert it doesn't come with premium or training I have to but it separately right?

didnt get you

u get premium with it

ok that is amazing thanks

Gave +1 Rep to @polar wraith (current: #277 - 25)

check the machine have ran out of time

i mean aren't we all students in this school called life? - no not a student. transitioning into a new career field

sorry my network connection lagged

any way it says this
2025-03-04 09:28:42 read UDPv4 [ENETUNREACH]: Network is unreachable (fd=3,code=101)

thats an openvpn problem

it is up

how to solve it then

use tcp

ok how 😅

what i do is downlaoding the vpn file and open it using openvpn

@polar wraith

open the ovpn file

in a text editor

what do u see next to "proto"?

tried it

but the vpn didn't work

i mean

open the vpn file

using a text editor

i did
i changed it to proto tcp is this what do you mean

nano <name>.ovpn

ah ok

didnt work?

no

idk then

whenevr ive ssh issues i switch to tcp

hello im having trouble adding my write up to a box:
tittle==>ColddBox-Easy THM Write-Up
link==>https://medium.com/@collinsswah/colddbox-easy-thm-write-up-873a40180554

why do i get an invalid URL error

thx

starts workin ¯_(ツ)_/¯

i will try again may it works this time

Telnet ☝🏼

HTB is better they make a file for each protocol

WHAT IS TLS RAAAHHHH 🦅 🦅 🇺🇸

Are you an academic student.

traider

no. not a student.

Ah, I was to say to can get them from Azure.

It's the @ the box doesn't like it.

THM VPN?

yeah i thought of that but can't. ive been using boxes from thm or thm but i was trying to make an offline

even if i could get some old windows boxes from vulnhub but havent been able to find anything that wasn't zany

Yeah, I'd imaghine they were all custom made.

you could try creating an Azure account, you may be able to download them from there, If not I'm sure Microsoft give 180 evaluation licenses.

what is this evaluvation licenses ?

A fancy way of saying trial.

that's worth a try. i was even trying to follow the john hammond AD videos just to gain basic keyboard skills for normal AD activity - and all the set up is now not working via windows evaluation vms

Last I think it was 2 weeks free, but I’m not sure if they changed it

Virtualiztion?

Which hypervisor?

i mainly use oracle but i'm ambidextrous

And in what way are they not working?

Fuck off Vbox

Like i was just getting a hanging black screen after a successful install and reboot of my system. why did the change the logo? it look's like a new jersey surf brand now

i didn't think it would've made that much of a difference - maybe i''d do the whole thing again in vmware

Vbox, sounds like there isn't enough resources assigned.

Vmware is better

"If you fail to activate this evaluation after installation, or if your evaluation period expires, the desktop background will turn black" is on the evaluation page - but i never had a chance to even activate it. so who knows. i'll do the whole thing again in vmware. i just wanna get the skills to pay the bills , and the lord is put obstacles infront of his toughest soldier

Oh, that's just WIndows being WIndows, you need to get a key.

yeah but i didnt even get to a place to fill in the key

@sick lance got a silly question, i think i already know the answer , but, doing the SOC 1 & 2 is best way to prepare for this SAL 1 ?

Yeah. 🙂

okay, cool 🫘

https://tryhackme.com/certification/security-analyst-level-1/details

Recommended learning tab.

good to know

guys ever heard of athena os ??

zues...athena..i'm sensing a theme

Hello, i just joined this great community. my name is ijego and i am a cyber security Analyst. I am excited to be part of this great community

there is a os named athena for pentesting

yes there is apparently, but its lightweight and has not much stuff preinstalled

Did anyone-by any chance- take the CI/CD security? Did that lab work for you at all?

Hello everyone

Hello there

i am going to use my daughters os for pentesting 😂

@sick lance you have many vms, how do i optimize windows vm a bit

do you debloat them

or how do you set windows vms up in general

Just set them up normally,

What do you mean optimise?

Can someone help me with something that is not exactly legal?

@sick lance @mossy river

No, that would be against our community #rules.

well i am bit scarce with resources, do you idk run some debloating scripts or something like that

I understand, I didn't know that, thank you

Gave +1 Rep to @mossy river (current: #6 - 1511)

so anyone that goes to the SAL 1 link will get a email saying "we've noticed you've been exploring the SAL1 certification;"
very fun

is there no rule against minimoddign anymore?

Meterpreter

This metasploit hell is neverending

Hello

hello ladies and gentlemen and just wonderful people! I hope you all doing well!

ayo tf is that new logo

💀

when u update it yeah. I have not updated by vbox in ages

https://tenor.com/view/first-time-meme-first-time-the-ballad-of-buster-scruggs-gif-24656975

is the platform ok? it says my credentials are invalid even though i logged in a couple minutes ago

logged in just fine

Helloooo

Had it this morning, 5th attempt worked for some reason

Should I take notes for meterpreter?

I don't wanna

https://ericmigi.com/blog/february-shenzhen-trip-update

YAY YAY YAY

have you noticed it's starting to take the shape of that vmare X?

i'm having a hell of time doing this. ill be ready for nmapping by midnight. just had the second blackout of electricty of the day

Wallpaper of the day:

soon as i get back to the US, i'll turn my rasppi into a windows box and attack that. that'll show'em

so don't 😂

kinda off topic but do yall use windows or linux?

🪟

Linux all the way

But it'll help my future self

so I will

so do 😂

One great thing about meterpreter (among many others) is the post exploit module

There's a post exploit vulnerability scanner that I often use

both 😎

this looks lovely, what resolution is this

copypasta! last pasta!

I did dual boot for a while then I realise that I hadn't booted in windows for 10 month so it was a waste of space 😂

Wait hold on, I gotta check something
How many hours do yall sleep without an alarm?

nice try diddy

depends on the day, sometimes I wake up before the alarm, sometimes I hit the snooze a few times

I don't sleep with an alarm, i just let myself wake up whenever

you guys ever seen any labs or vm's based on IT/OT systems ? or specifically medical field stuff which i guess is like It/OT/and iotot?

how many hours tho

~9/10 hours

interesting

No

2 big reasons, alot of it is hardware, and licensing

They don't want people looking at, REing or testing their stuff

i mean i guess alot of it could be mimick'ed with conpots and a couple windows boxes..pfsense, etc

That must be nice

I don't use alarms on weekends and bank holiday, but yet again it depends on the day, some weekend I wake up at the same time of the alarm, some times earlier, and some time way after, my body is kind of crazy like me 😂

haha uni life rn

not really, because the details that you want to test are in the actual implementation

That's like saying finding a flaw in a cisco router, works on junipers almost

will barrow this

you mean like specific communication with name brand plcs?

Yeah that's a good example

There's some DICOM software you can play with, I haven't seen much other stuff tho.
Not prebuilt VMs but some foss software to poke at

I have a raspberry pi that's a traffic signal

Some of the OT stuff is architecture at least

ah i was thinking more big picture baby steps. modbus coms, mitm fuzzing, etc.

that setence broke my brain

do you have a write up? i would love to check it out

I do not.

i've done a few conpots to play with protocols, but would love to do some maritime themed labs - or more realistic set ups. been learning lader logic etc.

the big picture, baby steps killed me, oxymoron in the making 😂

Look up ADSB and...................... the boat version... it's almost the same thing......... ghahhhhhhhhhh

Also MILSTD-1553

good read

There is also a boat version of that....

Build the lab

ICS/scada/iot are my main interests in the word of cyber. check my medium https://medium.com/@BadDog

AIS?

THat's it

i'm definitely not a pro but i hav interest

ths is the idea eventually. but i dont know - what i need to know - to build the lab via a VM

It's OT
A lot of it is hardware

The macyste is super interesting but i havent been able to get to working yet

https://crack-mcr.github.io/MaCySTe/

i've messaged giacomo and russo before, they answered back. cool dudes

i find this in every fruit drink i don't understand why... https://en.wikipedia.org/wiki/Acesulfame_potassium

it's always too gooddamn sweet bro

SCADA hacking 🤢

I can immitate the bridge system easily enough - it that most maritime vessels claim air gapping in OT and IT - so unless there is a USB attack- you are left doing AIS spoofing, mitm ecdis updates, SAT and COMMS mitm

From my professional life, and playing by Chatham house rules, you'd be amazed at the differences between what (OT, IT, Maritime) vendors claim and reality.

Sat being satellite? Vsat etc? They're awful but should be segmented
Architecture.

i mean i have 10 years on cargo ships - but yeah i've never had the ability to crack in and look for myself lol

there are large companies still using satcoms with hardcoded creds

Yeah VSAT terminals are stuck in 2007

Rare to find them internet exposed though, dutch gov had one a few years ago that went famous

Hi All, I submitted the survey form yesterday evening as I have btl1 , I am just wondering if people have received the voucher already for SAL1

maritime industry is even slower than normal ics because they'll just sell a ship - and the vuln gets passed on

Replies state theh should be within 24 hours, but I'd imagine it may take slightly longer or shorter, depending on the replies.

Ais spoofing ( and other vectors) are also applicable to airports and other spots. that'd be a fun box

Ais ain't for planes, 'tis boats.
ADS-B for planes

Some interesting talks out of Defcon etc on ads-b spoofing and spoofing immunity

welp, it's official, sent resume to national guards cyberdefense unit. Also, hi everyone. have a great day.

Good luck

yes ! ads-b

@sick lance

Done!

when you run banspam does it clear all spam with regex or do you have to put a user

i love this word regex

same lol

i have a nerd fantasy about making a framework that's a mix between recon-ng and a metasploit thats strictly for ICS systems - so you could OSINT and store it in a database- then find the structures--and lock and load the exploit or coms

what is ics again

industrial control systems

ah

1080p

I'm bored can someone give me an idea again

have you draw the software architecture for it already?

where do you get your wallapers

mines are blurry and pretty bad 😭

a lot of sources..

but most recently from the catppuccin discords wallpaper forum channel

ohh

could you dm the link

sure

thankss

shadow has the best servers discord list

i have zero knowledge on how i would even start. I started using dev.boot everyday to learn some basics. please fill me in

Banspam removed the user and their messages.

like i imagine alot of it could be done via api's and it would really just be a database holding the information

and sent

I mean, that wouldn't be too hard.

i meant does it clear all spam in the server

I'm actually working on one right now.

Only messages from that user.

is there a maybe 2k or 4k version of it

well where do i start to learn about how i could make one? like i don't even know the vocabulary to search besides " framework" - which i found there are libraries for making frameworks which is awesome

not in shadows wallpapers folder but maybe if you search the internets ¯_(ツ)_/¯

Just look up well known vulnerabilities and stuff, it's usually the same culprits.

wait huh? i'm not looking for vulns - i'm talking about creating a shareable framework similar to recon-ng and metasploit

Bans user and purges thier messages, sends a specific appeal message too

Er, what does Metasploit do?

Swiss army knife of hacking tools.

(it's AI)

Honestly I'd just extend MSF

I'd certainly easier at this point.

like an additional module

Yeah.

SecOnion takes too long to install.

You ever done the ICS Chemplant?

i mean - recon-ng is just using the api keys like shodan etc, and holding the data. if i could input the api keys in metasploit, and have an additional room on the init_db to hold the recon'ed osint info. i mean there is already a LOOT option right?

How would you deal with the devices that aren't connected publicly?

the fortiphyd one? yeah

i actually learned alot about networking setting up the visual ones..also the dude thiag alves

his labs and plc stuff is great. my linkedin has all the ics labs i've put together . the visual ones in ignition are fun

https://github.com/hslatman/awesome-industrial-control-system-security

ahh i'll have to take a look. armitage always struck me as a cool idea also but i could never get it working

Armitage is no longer supported.

ahh thanks

have you done the free CISA ics courses? grassmarlin heavy

Grassmarlin was annoying, worked when it wanted to 😂

this is why i need to cruise teh darkweb more - i feel like there is the leader of a the foot clan teaching people to do the stuff i'm trying to learn lol

OHh, that's cool, I dind't know that was public

LOLOL

yeah grassmarlin was no the coolest - but i like the idea of it being passive

What's public?

grassmarlin

They usually copy alot of the Emails yeah.

check out the phishing room

Foot clan ?

It's not supposed to be? 😅

No, it is 😄

isn't that paid for?

go ninja go ninja go ninja go

You're either being sarcastic, or not giving enough context... 🤔

https://tenor.com/view/shredders-revenge-funny-dnopls-splinter-throw-gif-26053497

read it again

However, I don't think we should discuss how criminals commit crimes. 👀

kk

ima delete it

From an analysis PoV, yes. They try and immitate the E-mail as much as they can.

Anyone here went to WGU? Considering transferring there

WGU ?

I'm mostly wondering about the no-reply part

i'm completing the last of my COMPTIAS before i enroll to cop the bachelors

There is, but I'll let them announce it.

The floodgates are open haha

Fortiphyd was part of my BsC. 😅

What is WGU?

I have my GISF/GFACT maybe they’ll waive some of the courses

You got your bachelor 👀 i though you started it recently

oh no, I'm on my last 7 weeks.

Gosh.

The last push is the worst.

Hard working i see 💪

Right now, as part of my project, I'm installing Sec Onion, to impliment in an ICS testbed.

I have no idea what that mean

Good luck 😊

My Uni has a test bed for a level crossing (car crossing train tracks).

School

SANS is too expensive, wgu i can apply for fafsa

So you installing a secured infrastucture to monitor and control Train passing tracks ?

i had this book marked but havent had the time to really go through it well - i also found a pdf of 'pentesting ics' by paul smith that looked great but need again - to make working labs

Touching some Scada ICS?

Where are those schools?

ahh excellent! i'm talking to the right person then. you seen that dude c fox do his set up with grfics?

online

Both

Technology
COMPARE
Cybersecurity and Information Assurance – B.S.

VIEW DEGREE
Protect your career and earning potential with this degree.

MORE DETAILS
APPLY NOW
Time: 60% of graduates finish within 29 months.
Tuition: $4,365 per 6-month term.
Courses: 34 total courses in this program.
Certifications included in this program at no extra cost include:

Certified Cloud Security Professional (CCSP) - Associate of (ISC)2 designation
Systems Security Certified Practitioner (SSCP) - Associate of (ISC)2 designation
ITIL® Foundation Certification
CompTIA A+
CompTIA Cybersecurity Analyst Certification (CySA+)
CompTIA IT Operations Specialist
CompTIA Network+
CompTIA Network Vulnerability Assessment Professional
CompTIA Network Security Professional
CompTIA PenTest+
CompTIA Project+
CompTIA Secure Infrastructure Specialist
CompTIA Security+
CompTIA Security Analytics Professional

Incredible , and expensif but seem worth it

some of those are stacked certs

For the love of god I dont care who the IRS sends, I'm not taking your cert THM

All of these certs are comptia

Almost all of them are anyway

Heyy, i was wondering, do you have any recommendation or know about some quality universities that have a programme in computer networks, in Europe? Something close to that or simmilair?

I did not, no.

i forgot i could get domains like this

Good night everyone

good night

Don't say the word of the module I'm doing and I'll have sweet dreams

Have a cookie 🍪

waitttt

yay nvm

wasn't gonna go without giving cookies lol

😮 🫢 😋 👍

lol

active directory something

actually started loving it haha so not that

I just realized that stars you see at night are stars

Impossible

https://tenor.com/view/the-universe-tim-and-eric-mind-blown-mind-blown-meme-mind-explosion-mind-explosion-meme-gif-18002878

I never really gave it a thought, just "yeah thats that, stars in the sky", but like no, it's cooler than that, they are stars as in giant fucking plasma balls in space light years away

and there is so many, visible, so far away, you're in the middle of the universe, empty space

https://tenor.com/view/running-quick-fast-running-fast-sprint-gif-11390031044419433068

Some people said I work in the backrooms

you do

Best part what you’re seeing is the past, the time it took for that light to get to you could be millions of years ago

mail.com

i don't actually have because I think mail.com isn't really the best

nah you good

i do have one

https://tenor.com/view/nick-jonas-thats-really-deep-gif-11839843

nice

the only reason i know about this is because i need a temp mail and also phishing simulation

yeah

the only reason for nice domain names i can think of is for making funny vhosts for irc bouncers

https://www.youtube.com/@shaunnasworkshop had a interesting set up - and the first i heard about openplc which really helped alo....seafoxc https://www.youtube.com/@seafoxc there's a playlist of newbie friendly ics stuff if anyone else is interesting, https://www.youtube.com/watch?v=CCIrntyqe64&list=PLbYkEkKTCOE1f2CmievGpCyht73_39DeO

sorry that took forever - i couldnt find his youtube

It's ok, I'll check it out, thanks.

Gave +1 Rep to @hollow nebula (current: #2712 - 1)

ngl it's pretty dangerous

i already took it and gavef it a random password and logged out

Netcat is watching me.

pet netcat

lol

$0.00

its all free

Don't mind me...

looks like grumpy cat

*cat bans everyone

How is the picture of the cat in the background of the same picture?

Magic

Hello I had a question I am doing the course on Nmap my question is nmap is only used to see which port is open / closed or filtered?

It can do vulnerability checks too

I deleted that image 😄

And you often use it for host discovery as well

service enumeration

I'd prefer the droste effect but ehhhhh

nvm image is smudged

Team, I used THM few months ago and have completed few learning modules but I wanted to re-do them again but as those modules are completed already, I couldn't be able to practice them again. Is there a way that THM clear the modules I did so that I can practice again.

You can reset your progress

Great. Could you please let me know how to reset the progress

When you open the module , on top they are settings

Click room options

I see it!

THanks much team!

It looks like I can reset the room but not the whole module like Presecurity path or introduction to cyber security

Yep, you have to visit every room

does it list all the ports that are available on the network?

That sounds like a big task! I will try to reach support team THM.

You talk about nmap?

yes

So, my friends are organising a talk on pentesting tools for our juniors in my college and invited me to give a talk on that topic as a whole.
Now, I may not be very good when compared to seasonal CTF players and other pentesters but I do know quite a few things which I believe could be useful for my juniors and would give them a head start.
I would like to get a few suggestions on what to actually talk about. I’m thinking of talking about categories such as website enumeration, brute forcing through passwords, logon crackers. The target audience is people who are familiar with programming and computers but not security related topics.
So anything..? (Sorry for the message dump T_T)

It map the open port for an IP you gave

Yes it does map all the ports if you give the right argument

By default only mainstream used port are tested , as it take lot of time

Hello

Does anyone use vmware ?

Ports belong to an IP, a system

Yes.

just to see the open ports? but what is the use of that to me after knowing

You identify services

do u know how to connect my Kali and Windows VM on here so that they share the VPN

Support can't reset.

Which you can then interact further with

Which VPN?

The tryhackme openvpn for ADenumeration network

Without doing some dodgy NAT and routing stuff that's not very possible

If you see an open port like , 80 or 443 you can find a Http service for example , it's a webpage

Yeah, I'd suggest just sticking the VPN in one envrioment, why do you need it in Windows?

I’m doing a room and it says “what is the user flag?” How do I see what the flag is?

hoooo

It's the flag you get when you foothold/user

Into my own Kali Linux?

The ad enumeration room said to use it to do attacks that u cant do on kali.

The red team pathway says to use a windows attack VM

I marked this in my summary and therefore let's admit port 96 is open how do I know the company's IP for example?

No, the machine you're attacking.

And overall I need to learn how to do that

Can you link the room?

if i were to go for a cret which one should i get first for offensive security

Oh I didn’t see it because it said I can only deploy one a day. That sucks😂🤦🏽‍♂️

Uhm you need to know the IP before beeing able to nmap the ports

No, that's the attackbox

Attackbox != Target machine

https://tryhackme.com/room/adenumeration

and how i can have the ip im new on cyber

one a day isn't that hackthebox thing

Are u sure that vmware doesnt have a solution to doing it ?

Ok, for this ideally you'd use the VPN on your Windows machine, however, I would not suggest stickign your host machine on the VPN

Which room are you doing?

You can do a dns resolve on the Domain name of the compagnie website 🙄

ohhhhh thx bro for help

Gave +1 Rep to @dark frost (current: #277 - 25)

Dns is the service that traduct
A domain name to an IP adresse

so hackers in general first look for the DNS to get the IP?

Uh, what are you doing?

Uhm yeah somehow 🙄

I forgot the name of it but it had a ip address and machine but the machine didn’t load. It only displayed “Target ip lookup” so I was very confused. I refreshed and tried the basic one.

I'm just trying to understand because I'm learning lots of stuff on tryhackme but I feel like I don't see the basics of the tools

Yeah, that's the ip you interact with from your VM or Attackbox.

The basics of the tools is good, but looking at this conversation from the outside, you're looking like you want to find the IP of websites to hack them.

Ohhhhhh. I’m like how do I do this?🤣🤣

If you want to use Windows, I suggest using a VM, and connecting to the VPN that way.

@sick lance I will do it through Kali Linux. I can set it up on the Kali I normally use? It’s just 1

Yep that's just fine

no just that I'm learning nmap and I told myself that it didn't make sense because later I would have to find ip to have access to the port

VMware Workstation Pro is also now free, if you can stand jumping through Broadcomm's awful website

https://tenor.com/view/fine-this-is-fine-dumpster-fire-everthing-is-fine-everything's-fine-gif-3293785927797514322

Kali is good.

he'll need a map and a compass 😉 😂

I understand that but my question is how do I make my VPN connect to both my Kali and my Windows VM .....

You don't need to, just connect with your VM

Puts cayenne on my sandwich
Doge walks under me where some cayenne flakes fell on the ground
Doge licks it up
Doge rushes to doge's waterbowl

Hey, I recently got the voucher for the SAL1, and my skills revolving around blue team and defense are incredibly lacking compared to the red teaming side of security.

Anyone have recommendations on how i can get to the skill level needed to pass this exam by the end of the month?

and if i have understand nmap for port and gobuster for files ?

SOC Level 1 Path and the SOC Simulator

I thought you meant "and my Widnows host" but saying you need this in a Windows VM as well is more puzzling. Generally however you can to 99% of THM just with a Linux VM connected to the OpenVPN

Can the SOC level 1 path and SOC simulator be completed by the deadline of the end of the month do you think?

Spicy food is spicy

Do u know how to do it

I've never had a need to run the OpenVPN connection with two VMs at the same time. Can you explain why you need this?

If you're on a Windows host and have a Windows and Linux VM... what the heck is the Windows VM for?

usually the clue is in the name 😉 😂

I’m getting a “error opening config file”

depends on how much time you put in every day

but technically yes

Because the red teaming pathway said I cant do all attacks of red teaming on a linux.

Thats why the CRTO u do it on Windows

i program computers!

if you dedicate more than 20 hours per week probably yes

NOt easily, isn't worth it.

That's only somewhat true, but for the times you do need a Windows VM, you don't need the OpenVPN connected to both VMs at the same time anyways

thats actually pretty manageable

You probably dont' want to waste RAM running both the Windows and Linux attack VMs at the same time all the time anyways

wheres the line of people that will hire me after i pass this certification?

You may need #site-support unless it's something as simple as you not using sudo openvpn whatever.ovpn on your *nix VM

https://tenor.com/view/empty-shelves-john-travolta-confused-where-huh-gif-16456244

and or just regenerate your openvpn file if it's actually borked. That's about all I can say here

https://tenor.com/view/i-hate-it-here-gif-24977099

Typically the OpenVPN just werks

oh the joys of the cybersecurity job market.

you become the line

yeah

with bunch of other ppl who got certs

I did and it brings up everything

at least i get a chance to fill a large skill gap

"everything"?

i have been preparing for the OSCP and really neglected defense.

If it's a long bit of terminal output and successful stuff, that's a good sign

just leave it running

are tryhackme giving out oscp any time in the future in ctf?

I just read something about them doing that