#general

like wht sacrifices bro?

wheres the part they mention wearing a hoodie and sunglasses ?

am also enjoying kali and i also had those questions

where do you get these quotes from

this one is from Silks blog
he is a goon at defcon handling recording hackers and things happening at defcon

i mean that will be slowly working tbh

I'm not gonna tell you where it is but you might want to look at the picture a little harder and read things

ohhhh

those are optional

@modest charm are you ther

had to pull out archive.org though as something has gone wrong with his blog post of what is a hacker

isnt there any other way like the windoes remain my main os while i can work on kali?

it links to a 404 D:

partially yes.. I still have a lot of work to do today

I thought i was gonna look like when i first started

https://tenor.com/view/hacker-hoodie-gif-12540732

ye

i said

VM

What's up

i hate work ;D btw did u see TPB

i mean dual booting

thats the "going to the local caffe" outfit

his challenge is limited to student teams only. To appear on the Chart and Scoreboard, you need to be part of a team and have a student profile. Read more here When this shows does that mean my team dont count?

https://tenor.com/view/typing-code-linux-computer-elliot-alderson-gif-10667985

NVM DON'T DO THAT

first kali launch

loool

How do you get media perms?

verify

You need to link your thm account like on the htb server?

Oh, damn

I remembered that once a mod banned me from this server

Because i said HTB is better than THM

something like that

lol

cool russian hacker page?

you might get banned again

i had those in my town

ig im not gonna use kali for a while it seems risky + my laptop already lags can't handle anymore

kali actually less than windows

windows lags over time

oh, its gonna be hard for u

but its can still work

i can sense it

also you prob should check out the linux introduction rooms before switching

well it is in the learning path so dwbi

sry if u can not understand what i say, some english terms are hard for me

k wait is using kali like a necessity ?

For osint no need

Your doing perfect I couldn't tell

no but preferably

tysm

yw

And u can use attack box

:hammer: aidon_researcher#0 has been banned.

like its a necessity for full timeers?

I knew it

whts tht?

prob laggy atm hackfinity

if u want to work only on pentest learning u can install kali as a main OS

Is it? I didn't try it yet just doing the osint for now

its a linux box for the os in the browser that tryhackme provides

i have PC on windows for games and laptop on kali for work

so you can do tasks

same

Hi guys, does the complete cybersecurity course (in this case, Pentester, from the introductory course to Red Team) give you the skills you need to work in this field without going to university? Do I need any other courses or websites to improve my skills? Thanks.

im jus doing all of this on side so like tryna learn not trying to be a full timer

I would say you need more skills

hands on experiences

like a compact version just for learning?

yes

than use kali as main but be ready to some hard moments in sys-administration at begining

so ig its more preferable for low end devices?

ye

or at first is better to learn it on windows

I'm not able to show you everyything since my school doesn't like tryhackme

nah man dont scare me my laptop is surviving jus cuz the cooler works rn

kali will work faster than windows

sys-adminitration is really useful i was gonna skip it as a beginner (dont)

Where do you recommend strengthening my skills?

so i complete rooms on windows first then i should switch to attack box?

i think its a base for all beginers

does it compromises with anything tht windows can do?

do some ctf, info rooms, and projects

stuff like that for example

Does anyone here knows of a CCNA is enough to become a entry level network engineer?

yeah, should've been for me

It is not always about certs but knowledge

but i didn't know about tryhackme back then

I just wanted to look cool with linux lol

In future, please can you use the /report command if you think someone is breaking the community rules? 😊
Would be very much appreciated

(you kinda prove your knowledge with certs)

most of operations inside system is inside cmd, so be ready

Yeah CCNA should be enough for entry level networking job 🙂

ngl i didn't know that existed 😯

🙂

No problem 😄

i will next time lol

Kindof not true tbh 😄
But you know, there each there own

Hey are we still able to take part in the CTF as an individual, or do you need a team?

You can but can't win prizes 🙂

you can induvidual yes, just create a team of one 🙂

yeah sure, but on tryhackme or somewhere else

one time shadow dreamt they got banned from this discord server

Has somebody solved Task 11?

shadow was very sad about it

i used tryhackme most of the time but i also do picoctf

and coding on my on

yikes

My apologies if I'm not allowed to reply to you sir. I'm doing a 2 year degree in networking and cyber defense and my class is currently using Cisco and for the final exam we have a Intro to networks course CCNA Final exam.

am begining with tryhack me , but at first i learned in russian pentest community

Will i get a CCNA cert once I pass it?

k bro jus one more thing i should use windows rn complete rooms learn the basics then i should switch upto attack box or kali ig?

i used network chuck

Yeah CISCO certs. are one of the most recognized in the industry and CISCO has highest market share in terms of networking equipment 🙂

he was really helpful to start off with

in the dream or after waking up?

oh i would say my opinion but u have to look on your situation and than make choise

Ohh ok I see thanks for the info 4lc and KGB

in the dream and after waking up beliving it to be real

@cloud quiver heyyy

hru

my situation is such that i could only give 1 to 2 hour to this cyber security thing in a day

if it were real you could easily get unbanned

so ig im good to go the way?

If you're looking for a career/cert. guidance try to ask guys in #cyber-and-careers channel , they will give you some great advice 🙂

Will do thanks 🙂

Gave +1 Rep to @cloud quiver (current: #1 - 4010)

true

than at first learn attack box

and only then kali

i think so

wait question if one of us is targeted by the discord bot thing i forgot what it called and we get banned are we allowed to join back on a different account since it wasn't on perpose

The bot does not autoban you

ok thnx for the guidance bro

the +18 server invite thingy

think the bot uses the discord timeout system

Yup that isn't an autoban, that is completely manual.

ah

If you ban, regardless of whether or not you think the bot was right, you need to appeal through the email because your IP address and phone number will still be banned until you are unbanned on your main account.

oh okk

discord use to not check the ip or email address

i didn't know they started doing that

They have done it for quite a long time 😄

ah how long

yw

i remember wayyyyyyyyyyyyyyyyyyyyy back i got ban from some gaming server and i just swap accouns and made my email and user name the same and i could join again

well i changed my username to some different actually

anyone managed to solve task 11

if you have more questions ask in pm

someone is one 24 i think

https://media.discordapp.net/attachments/1249922800702193736/1252804753323200522/GIF_20240602_080928_395.gif

k bro

what does sc17 stand for

I'm not exactly sure when they started doing it, however it has been a while.
I'm unsure how great the system is because it is Discord at the end of the day 😆

i solved almost all the labs except task 11 and 15

yeah 😂

its short form of my name and birthdate

ohhhhh

also i like the pfp

thanks

yw

is there a time deadline in hackfinity to complete all chalanges

yes i think its live

userInput +"'"; thank you @crystal mauve

its live but i want to know if there's a deadline to finish it

Can i get guidance on dark encryptor 2?

have u tried getting help from chatgpt?

nvm it works now

chatgpt isn't that reliable

if you were to go with an ai i think the best is deepseek atm

well its nice to get some low hanging fruits

that crashes every other prompt

well

forgot about that lool

good but unsable

?

brb switching classes

which channel is for ctf?

#1347217239492919346

thanks

Gave +1 Rep to @near sapphire (current: #161 - 50)

i have zero issues w/ using chatgpt for notetaking purposes

yeah its good for note taking

but help with ctf's nahhhhhhhh

eh i've gotten some ideas from chatgpt

You're missing out.
Note taking is actually one of the most effective ways to convert knowledge from short-term to long-term memory.

By writing the notes out and explaining what you're doing, you are helping to connect neurons and build pathways in your brain

obviously it wont solve it but the idea is important

i stopped using ai mostly

If I'm really stuck, I don't mind using ChatGPT, however for most tasks I try to avoid it as it's really easy to become reliant on it

yeah i remember when i was

hey people

i couldn't do any without runnin to chatgpt

hi

i think you missunderstood

whats some great certs that can teach me along the way beginner friendly for blue team hoping to be a digital forensics investigator in the end or a soc analyst

i'm vry note heavy

I didn't misunderstand don't worry 😄

what are you using to take these notes this would be very helpful for me

Its Obsidian

? hm these are notes

Yes but you are copying and pasting from ChatGPT, right?

thank you

Gave +1 Rep to @stark nest (current: #1095 - 4)

:mute: fireshot66#0 has been muted.

no it's a bit more, it's a conversation and then results from conversation

Yes, so you are copying and pasting from ChatGPT?

intial prompt is material

yes, anything not understood is asked

gtg cya

It's not about it being understood

I have confidence that you understand the material perfectly

bye

However, it's the actual act of writing the notes that is beneficial for your brain

It's even better if you can write it with pen and paper and then copy it to your PC.
Other methods include reading it out loud and explaining it to a friend or family member

Yes writting is Thinking

well if you're being black n white abou it, then you believe that copy pasting a 4 word phrase does less for the brain then typing out a 4 word phrase

Well, for example "CIA" is an acronym, but remembering that acronym might actually take some time.
And if you have 10 acronyms, that are only '4 word phrases', that's 40 words you're not converting to long-term memory efficiently. You are bound to forget at least one of them

Your note taking is completely up to you, I don't want to step on your toes 😄

big discussion as for some small word

Does anyone actually remember all the acronyms

i mean u do have a point, because everything in blue, even though also copy pasted, i don't fully understand , im not really absorbing it

but some of it i dont feel makes a difference if i wrote it out or not

https://media.discordapp.net/attachments/1249922800702193736/1252804753323200522/GIF_20240602_080928_395.gif

It depends on what line of work you are in, some acronyms are used more than others, however that was purely an example to be pedantic 😄

@sturdy mist

u still in team bruh

It might not, it doesn't hurt to try though 😁

it's difficult tho to organize it so well as it is

I understand that 100%

Even if my own notes look too bad?

Just remember that it's a marathon not a sprint

yeah ill give that a try thnks

I'm not even focusing my notes on trying to remember them, I'm just organizing them in a way so I can easily find and understand it again

i cant even make notes im not able to write 😭

i can never seem to remember things or understand them

We have sheets of acronyms, and sometimes things with the same acronyms, so you need to document that lol

have you tried understanding why

I have used obsidian for few months then I realized no matter how hard i try I cant revise them then I switched to anki its a flash card its algorithm is perfect for burning things into my memory

Well, it depends on what you mean by bad.

All that matters is that you can understand them clearly.
Generally, formatting isn't really important. If they don't look pretty and aesthetic, it's not the end of the world.

I understand that it is demotivating to open notes and them not look amazing.

However, it does matter if your notes are 4 words per line and you're not really explaining anything.
Although they are called notes, don't hesitate to go into detail or explain things that you don't fully understand

yeah

its like with the thm courses

it just dont make sense to me

i have simpled it down using ai

to

Then you need to suppliment your notes with research

i do

i put why it does it how to do it and what it is

honestly i think its just a problem with my brain

Don't expect everything to be handed to you in a way you understand.
Forage for your answer because you will come across a ton of different resources that might not be directly related but will help you understand

i have 👍

Of course this is a factor and it does slow down progress, I would recommend speaking to a healthcare professional to get support if it affects your studies

its fine to be honest

yeah i don't have anything i have spoke to my GP

already

Your GP can't diagnose you I'm afraid, you need to escalate

ok , ill try to do more of my own jabba, def did pull a bit more out

I'm currently going for an ADHD diagnosis

book appointment with GP and then they go and put it to a assesor

i was told i have nothing

If you genuinely think something is wrong, you can always pursue. Doctors aren't always right

coffee does have a similar effect as to what they'd be prescribing anyway/aderall?

Okay, thanks

Gave +1 Rep to @mossy river (current: #6 - 1534)

i don't

but thanks

Then try finding a way for your brain to learn.
There are tons of different learning types:)

what can go wrong =/

@sand trench Hi, it worked my streak is back 🙂 Thanks

Gave +1 Rep to @sand trench (current: #4 - 2116)

yep i try these with my school nothing really seems to work and be processed into my brain

judging from the lack of braces i doubt it weighs as much as it looks

YAY congratz

Not necessarily.
I probably wouldn't recommend it, and I can't guarantee it has the same affect for everyone.

A friend of mine who does take medication said that if he drinks an energy drink he has physical energy but not mental energy.
Whereas if he takes his medication it gives him mental energy but not physical energy.

He explained it to say that he needs mental energy to focus and do work, whereas physical energy results in him not able to focus on the right things

hm might have to try some 😮

is there a reason caffiene dont work with me? i try and have energy drinks and everything but it just makes me more tired or does nothing

i need something to help me concentrate

Is mental energy just motivation?

oh johnmake wid about tryhackme SOC sim 🙂

https://www.youtube.com/watch?v=AIPbFFJgD4o

Kind of? It's more just energy to think and work.

https://www.youtube.com/watch?v=sjkrrmBnpGE ever try some of this type of music/ helps me atleast, approach at a slower gear/ not as distracted

Idk if anyone's mentioned it, I can hope so, but look into "Right to choose" to cut wait times

^ this, I am currently going through right to choose

Otherwise it's literally years, yea

Although my GP messed up and referred me to the wrong place smh

I like using white noise

I mean

Listening to

any idea if there is a way so that the VPN connected to my host is automatically linked to the kali box

Yes but it's not recommended to do so.

im trying to get my gp to do the same rn lol

It should be really straight forward 😓 I hope they're not messing you around

they keep putting off giving me an appoinment

but i hope its not much trouble once i get infront of a doctor.

You might want to make a formal complaint

I didn't even need to go in, I called, filled out a form and sent an email

oh ill try something like that as well then

cause i was orginally refered at 18 and 21 and 23

and ive never been contacted about any of those xd

Taylor Otwell named Laravel after the Laurel Mountain in Pennsylvania, USA. He wanted a name that sounded elegant and sophisticated while symbolizing strength and reliability, much like a fortress or foundation.

The word "Laravel" itself does not have a dictionary meaning but was chosen for its smooth, unique sound and association with something strong and structured—which aligns with Laravel's goal as a solid and well-architected PHP framework.

found a bug!, laravel spelled wrong on page source XD

#1333993673381253162

pop it in there!

Am I allowed to share olympiad ctfs in here? (It has ended 2 days ago)

Go for it, as long as it doesn't conflict with the advertising guidelines, you're a-okay!

Awesome! There were some really funky ones where we had to analyze pcap files

i found a great place for jobs, it's a secret but look || cat /etc/crontab for any jobs in your network ||

• joke

did the answer for : Catch Me if You Can 2 changed ?

#1351230456187846788

Sigh

Does someone know how to hack account ?

What account

Actual good advice xD

@niedrigsten

@niedrigsten

:hammer: ashtag__#0 has been banned.

lmaooo

its not harmful advice

It's almost like they don't read the rules

why read when tiktok is there ?

happens pretty often sadly

maybe they should make a tiktok with the rules being read so the zoom zooms can watch that instead?

lmaoooooo

Good idea, I'll make a tiktok where I just point at text on the screen

with the little dude chasing rings on the train tracks

since THM has such an account they should

with max 10 letters on the screen at a time

yes like that meme with the tapping on the screen with a hand?

with like the pointer hand

maybe that would work

tiktok videos about HOW TO HACK your learning

also icl when i saw u typing i thought i was going to get told off a little xd

this meme drives me up the wall

"this video about hacking they dont want you to see"

yes but remember the go compare ad that opera man is burned into our brains it works to remember it right?

how do i do that

Hi, how can I get the SAL1 physical Certificate shipped to me?

best programme for practice wifi hacking?

Hey all, can someone please help me setup my Wazuh dashboard? I have the virtual machine up and running, and I can ping both ways (From host - To VM). But when I goto the url for the site, its not loading.
I keep getting:
This page could not be displayed. An internal error has occurred.

get your subjects to deliver it

You have to set the network settings in your VM to be bridged

Will there be new rooms tommorow or not

which im pretty sure jabba said was a bad idea before but its honestly dangerous to bridge your connection

WiFi hacking is restricted to the advanced channels

this will give the vbox

the VPN connection that the windows have?

There are always new rooms for people like me

||Because I don't do that many to begin with||

I have it on "Autodetect" on my MAC which I believe is bridged, but it's still not working

Autodetect is not bridged

heheh I mean in the new event

https://tenor.com/view/steve-harvey-survey-says-dancing-gif-10525521

oh! lmao my bad

no problem

After 9 hours I did it!!!!

Great job , congrats 🚀 🔥

I don't think so maybe tomorrow

wow jabba on a moderate and ban streak today

damn people are being nasty here

I've noticed that sometimes people like to pretend that they're in a call of duty lobby while talking to people on Discord.

in the event?

Yeahh I did it, but still not getting a connection

Event already started 🙂

You might need to add the host, try searching "How to connect to VPN on host and VM" into your browser there should be some helpful information available

Yeah but will there be more rooms?

I'm not around at the moment

I think that the whole challenge is in one room 🙂

Ok, I will check it out, thanks

Gave +1 Rep to @mossy river (current: #6 - 1535)

Ah I see will there be more tasks?

I don't think so , i think that the whole thing is out now 🙂

By I am not 100% sure

Alright thank you 🙂

Gave +1 Rep to @cloud quiver (current: #1 - 4013)

but doesnt that mean that many teams will have equal points?

Try to ask in #1347217239492919346 or #1351230456187846788 to be 100% sure 🙂

Alright thanks

LOCKED IN RN WITH GANG

https://tenor.com/view/lock-in-locked-in-lock-tf-in-cat-cat-meme-gif-13335816645637017379

Been stuck on the "beginner" pentest room in the ctf event for 2 hours

All of us on that leaderboard are haha

brb

why did bro delete everything

Im still stuck on Dark Encryptor and all my friends have left me 😄

here shadow sits considering if they should buy a portable music player or digital audio player/DAP to carry around outside

do u not just use your phone?

phone is privacy problem

sometimes shadow just wanna be off the grid

ahh u want a dumb device

yeah with a lot of battery life and large amount of storage to store flac files

problem is to store stuff on it youll have to leave some imprint on the device from the orginal device u used to fill it

i wont how much those old ipods leave as imprints from device to device

tbh might be worth just making something so u can dictate its storage and much more private that way just more effort

yeah bandcamp and qobuz probably knows what music shadow listens to as they buy it from said sites

if i was going full private id say pi running some kind of linux with a ssd and audio port on a jerry rigged device

fill it from a vm with some obsfucation or privacy methods i heard tails is decent as an os but idk i think it still has tracking issues if your base os is windows

youtube definetly knows a lot about me icl

https://tenor.com/view/forrest-gump-feet-my-hurt-gif-23591273

what kind of top secret spy documents are you transporting that you care about traces that much

you dont need to be carryiing or doing anything special to want privacy

that is beyong privacy

no thats pretty chill privacy there is so many more levels

are you sure we are reading the same thing?

yes i wrote it

true privacy is a very hard thing to achieve in the digital age and is wayyyy more intense than that

I would like to understand why you would want that (talking about to the degree of "true privacy")

Your phone?

well shadows desktop linux computer is good enough for transfering the flac files to a sd card to that is then inside the DAP

not good enough battery life and also very easy to track a phone

we all want different things sometimes its peaceful to know your not being tracked

is someone hunting you down?

i find it an interesting topic so i did a good amount of research into it a while back

no lol. im reasonably easy to track

just not through OSINT

poor @boreal scarab went down that rabbit hole

osint for shadow to be tracked through what music they listen to would be nearish impossible

drm free music files are hard to track

did you secretly win the lottery?

I WISH

when it comes to privacy for shadow they are just paranoid

though somehow keeping it in a semi realistic fashion

the best privacy is just not becoming a target, I could follow you around in real life without any devices if you were a valuable target (hypothetically speaking of course)

can you like

report ppl

for asking for hints

you can use the "/report user or message" function

without the ""

wotafak

not that

its the new reporting feature in the discord

very useful

if there will not be new rooms in the ctf event wont there be alot of people tied with the same points?

hints for what

hackfinity

ping a mod when they are online

Mercury is on rn

/report

oh yeah

didnt need the docs tag xd

thats what i get for learning about assembly code and frying my brain

so tempted to report themselves

obviously wont now though

is shadow misbehaving?

https://media.discordapp.net/attachments/1249922800702193736/1252804753323200522/GIF_20240602_080928_395.gif

doh... my AdGuard block linux to update =/

haha epic failure

i was wonder why can't update and i got timeout and so for last 30ish min =/

dumbass adGuard

I'm still going down it

this is better than my SMB network drive was on demilitary zone and i ddos bunch of websites =/

got another fun picture

i'm starting to realize that the ctf isn't entirely beginner friendly

i did exceed my expectation of not being able to solve a single challange

🦂 many "beginner" friendly is just not true

beginner to me means simple

Trudat

how do u feel frodo felt after being chased by Black Riders in Book 1

just like i do when they call me in 4 in morning to come to work... like shit...

are you finding it simple so far?

yeah all my challenges stump me, im on injectics and didnt realize i needed to add the ip in /etc/hosts to start T_T

i was looking in all the previous links for a hint T_T

My feet are on fireeeeeeeeeeeeeeeeee

https://tenor.com/view/ogvhs-foot-looney-tunes-wile-e-coyote-coyote-gif-18199599

why?

the ctf is not as easy as I thought

he prob bsod them

yessirrrrrrrrr

I love thm and bragging 🙂

lmao

Congratulations on completing Pentesting Fundamentals!!! 🎉

Task 7 can't be solved 😦

It can 🙂

task 15 can't

o.O ty

what's the best way to install feroxbuster on the thms vms?

ive had to install rust n cargo to get the apt version instead of snap

should i use linux as my main os

root@ip-10-10-32-44:~/Desktop# feroxbuster -u http://10.10.146.217 -w ~/Desktop/big.txt
Could not open /root/Desktop/big.txt

prob not

why not?

well you are use to using the functionality on your OS, u can use linux in VMs until u become more comfortable w it

maybe later get a laptop that only uses linux?

couldn't i get use to linux?

yeah prob

the majority of users use win os anyway, so u likely got to become more familiar with both (active directory stuff etc)

On my feet all day

• since ur kinda new ( maybe being in a sandbox env.) vms can keep u safe?

Haven't been on my feet for 8 hours for a very long time

Ouch I do not envy you

if pickle rick is easy I do not want to find out what is a hard ctf

For real

gawdddd cant get feroxbuster to run

Yea I am apparently bad at pentesting :/

I am even worse I cant complete the "easy" pentesting ctf in the ctf event

I think pickle rick is like infant easy compared to ctf event easy

might be

I did work so long in corpo that I cannot think out of the box anymore. I found all the hints but did not figure out they were hints -_-

my brain works like zombie, heh.

What did you work as?

thats something you can learn again for sure

"security software enginner" but it was more like devops + windows app developer + newbie threat analyzing that ended up in making tons of reports

hopefully

a lot of repetitive work in past years.

dang i thought i could solo the hackfinity battle but the amount of things i dont know to solve the questions is crazy

I see did you like it?

I see, I am certain you will tho

for real

-_-

let me see your enumeration to-do list

https://tenor.com/view/snif-anime-sniff-anime-bunny-anime-cute-anime-kawaii-gif-576421354183603448

i did not participate in this CTF

task 25 is insane

btw people are actually making new accounts and registering them as a student to get in the leaderboard and win

like how fr?bro didnt complete any rooms

every leaderboard on thm is cheated tho

has anyone completed Hackfinity's Battle task 9?
if yes could you please help?

task 9 is very hard, skip it!

https://tenor.com/view/rami-malek-mr-robot-elliot-alderson-gif-18214205

I am trying to connect to the ip from last 2 hours

i hope the UK lawnmowing team win

is any one taking part in hackfinity

yupp

nice

Stuck at task 9 > Notepad

i already done it all

cakewalk

i m not doing the hackfinity

just covering up the basic

aah i am also a learner trying to catch up

sir can you help out a bit 🙂

nice good luck for the event then bye

GOD you done ALOT of internships

does anybody here need +1 in team?

yupp exploring all fields

how did you start

long story bruh
rn need help with the hackfinity 😅😅

Can i call u?

how did you start bro im not understanding anything im being taught and doing on thm

yess suree

youtube, self learning, ai

who and how

no hints allowed

https://www.youtube.com/watch?v=1C597AkhGtw

shadow found a open source mp3/dap

#1333993673381253162

screenshots coming very soon tho

I’ve just did lfi and rfi on thm, isn’t lfi the same as directory traversal?

can i play hackfinity without team

not really

What’s the difference

lfi lets you read any file the user that is running the website can read
directory traversal lets you check stuff like the assets folder without arbritary file reads

What if it is hosted on the cloud?

sameish
lfi still lets you read basically any file that is hosted on the cloud that the user running the web server can access... said user generally being www-data

directory traversal just lets you check files in the assets folders basically

Day 45

i didn't post a screenshot yesterday but i answered 1 question of the "Security Principles" room but the room is not functioning (and i sent a report on #1333993673381253162)

that was enough to keep my streak

i wouldve screenshotted but theres no point

you can create a team with only yourself

and play it

I dont know if it is valid for the prizes though, in case you are a student

what is hackfinity

hey guys any tips on actually learning this pre security stuff? and not just clicking through all the rooms

Take notes.

note taking note taking note taking
teaching your friends or a rubber ducky
check back in about a month then later in a year

dang notes 😦 is there anything specific i should be looking out for in note taking or just whatever i think is useful? also thank yall

well shadow generally writes a few words here or there in their notes and then once a month go back and reformat/refactor the notes to be more legible

i.e it should be the parts you find relevant and interesting

hmmm ok thnak you so much 🙂

teaching a rubber duck also helps as you gotta put what you learnt into physical words you speak out loud

get a software like obsidian for storing your notes in an organised way, you will find yourself going back to them always.

this helps the memories stick a huge amount better

some people will think you are "insane" for speaking to a rubber duck on your desk but it helps shadow tons

i'll look at that thanks

Gave +1 Rep to @modest charm (current: #735 - 7)

will the hackfinity battle room be available after the event ends?

lol gotta make people think your a pshyco seems fun

shadow has also learnt a lot by trying to help other tryhackme users get through problems in the #room-help channel

but that can be harsh if you are just starting out

wdym i need to be a student

what if im not

You won't be eligible for the prizes I think

i bet, teaching is already hard as it is

will the hackfinity battle room be available after the event ends? does anyone knows?

yes should be

all right 🙂

My feet are fucking killing me

did you drive a car over them???

lolol

arrives

Yah! I went vroom vroom beep beep!

https://tenor.com/view/beep-friday-mood-drive-see-ya-gif-12427083

Yoo

Hey all, I had a question. I'm French and here we rely a lot on school diplomas. Is it true that in the United States they prefer certifications?

🤸🏼

okay that did not work as expected

#cyber-and-careers would be the best place to ask a question like that

i recommend moving that topic there!

and also a rootkite project / changing the framework of an ip camera are they gray projects?

Ohhh ok sorry

@mossy river sorry used the bot recently so ima @ u

any type of malware discussion is only in advanced channels if you are asking about making it

or reverse engineering it

messing with ip cameras that you own or have permission to modify is fine and dandy though

we did a full re of an ip camera in my master's class, it was cool

gpt did the osint for me

is that bad

because I was accepted into a cybersecurity school and I feel like they did crazy things compared to me

shadow is waiting to do their taxes

some things should be left unsaid

if shadow is reading the swedish tax agency site correctly shadow should be able to do it in 25 mins

i mean did you pass lol

I was think ur photo like cat🤣

I wanted to know if these were simple projects? or if it was really high level?

yeah i fed it the street name told it to spit out the possible flags and tried them one by one

oh wow

malware is high level because it is easy to break stuff or get yourself in tons of legal trouble with it

yes lol

from what i understood he just changed the framework because he said it was crap

probably just talk

I have an esp32 s2 card if you have any project ideas I'll take them 😁

did you see the new undocumented commands that was just published?

i'm waiting for the dual band cards stilll..................... it's been like 2 years man

No, not really, I was on other projects.

............... okay well, it's neat

https://developer.espressif.com/blog/2025/03/esp32-bluetooth-clearing-the-air/

ohhhhhh, and so do you have a project that I could do lol, I'm a beginner just to deepen my knowledge

Thx

Out of scope for this server

I think changing the ip is okay, it's called DHCP 😄 😄

Hi , do I need to setup a webcam for the SA1 ?

lol, I don't think so, some people here must be super strong 🤣🤣

He means the rules

Ohhhhhh

Yes, I imagine it's a server to help, not to hack, which is logical.

It's a beginner cybersecurity server 😅

heeyyyyy I was wondering, if I give you my website could you find all the passwords possible? to test if what I am learning in class is good?

am I the only one doing CTF rn?

you should not do that

ever

btw

If I have a backup, why?

because you shouldnt give random people things to hack that u dont know

^

Ohhhh

If you mean Hackfinity, others participating in the CTF can be located in #1347217239492919346.

It's logical but at the same time, it's a site that we made in class, I really don't see the danger

How would one go about linking a new Try Hack Me account to Discord? I lost the creds for my previous account and couldn't be bothered asking for support... I created a new account on the website.

where is it hosted for example

do u have permission to pentest on that infrastructure cause i doubt it

INFINITYFree

and if its on your own infra thats even worse

its a legal nightmare

and potentailly only damages you

@sharp radish

INFINITY FREE ?

TYVM

either way lad its just a horrible idea

https://hackaday.com/2025/01/26/the-esp32-c5-finally-espressif-goes-dual-band/

It's about time

dont go into random hacking servers and say that stuff just opens you up to trouble

Ohhh I see, I'll try to be careful, thanks for the advice, I'm a beginner, I don't know everything 😆😆

And thx toaster

all good just be safe

there are bad actors even out there

No worries, THM's community is always here to help others. Feel free to ask around if you're not sure what you're doing.

I would also recommend looking at #start-here if you haven't done so already.

I saw, I'm doing the lessons little by little, by the way should I do more challenges or lessons?

because I have the impression that the tools I use I don't see them in the courses

start with lessons and walkthroughs

make good notes and get comfortable

👍

Hello

(tools will come up overtime it will guide you through basics first)

which is what u need to understand what u are doing when u use tools

doesnt matter if u know the rough syntax for curl if u dont understand web requests for example

There is one thing that is vague for me. , it is when we change files via a url, it was weird

i got access to someones smtp server🧐

../login../password.tx

It looks like it on Kali Linux with the commands to change files but I didn't understand how it knows that these files exist.

seems like file traversal through the webpage itself but idk without seeing more specifics my advice is just try and follow things carefully

Don't go snooping around on it, lol.

👍

but how does he know that these files exist?

He can't do it at random

can be many ways

Look up the new Tomcat CVE, that uses a Put

maybe a lesson I learn after

as im guessing english isnt your first lanuage just make sure you take a second to read the materials and ingest them cause maybe u missed something

the last time I heard about TOMCAT it was for a database that I created

Hmm, maybe, or maybe it's thanks to the enumeration of subdomains?

Anyway, thanks a lot for the advice guys.

I will try to make a project with my esp32 s2 😁 if I need I call you 😆😆

your welcome we are happy to help gl on your journey

Can we talk about off topic in gen chat?

😁 👍

yesss

Evening all

How we all doing?

sup

red nicknames look cool

pastel or neon

Ikr

I haven't leveled up in a while. It's nice to have a change

takes a while once u start getting up there

my next two level ups are 2500 points and 5000

ill level up soon, but I think my next color is a shade of blue

#site-support or #room-help would be the place to ask

🙏

not sure which sorry for lack of specificty my brain is fried by assembly code

assembly is crazy

no joke

Probably room-help if I read the question correctly.

Solution would to place the domain into the hosts file, but I don't exactly remember what the domain is, where it's supposed to lead to, and why the domain is being accessed in the first place.

Assembly is bonkers

I know for some of the challenges, or if you have issues accessing a web page you need to add the IP and host to your hosts file

Seen it a few times

i have a ip and if i go to the browser and enter that ip in the searchbar, i redirects to lookup.thm but the website doesnt load. it should load a login page if im understanding the walkthrough propperly

i find malware analysis very intersting so learning assembly and how cpus work is a manditory

just time consuming

maybe visual presentation helps, which do yall prefer

the attackboxes are really unstable today

Fair enough

i answered you in the room help;

Yeah add it to your hosts then

Oh or that 😶‍🌫️

probably all the hackfinity activity its why i went into the malware analysis pathway in anticipation of it

We might be eating up the resources for the CTF, that's why. Sorry ;-;

lots of students running all kinds of brute force

running for that prize !!

🎉

Good luck to the 'dents

I decided just to run my attacks on my local PC with OpenVPN connection, lol.

i only use vpn tbh.. but I am also not premium

Less lag, but I can't figure out some of the challenges.

tbh at some point i should switch to running it on my local pc

cause i got great hardware for it i just use the attack box cause its easy icl

Would recommend switching, especially if doing hash brute forces.

However, some VMs may need you to do the task in-VM.

tbh u shouldnt be brute forcing much and even if u have to it has to answer in 5 mins to met the requirements i believe

Do you mean through a VM hosted on your local pc?

yer i have a kali vm

How to connect ovpn and thm?

yeah for brute forcing hash cracking vm:s are not always great

^

i personally dont use it but that should help

someone a day ago or so was asking about the time it took to complete a path, it shows on the certification of completion

how is the veggies btw!

🧦

do i need certs like A+ or can i just jump to security+?

depends on your base knowledge and experience

and if u want to go offensive or defensive

defensive

probably

Also, A+ is good for a beginner job like help desk

if u dont have any experience or educational qualifications probably u need to get some certs

hey can we make a team here for the hackfinity challenge?

The time shown is not accurate from my own experience.

#1347596231551225887

some argue that A+ cert is old in modern times

im in school for CS idk how well that translates to cyber though

some yes some nop

certs would probably help u when u get out of school

and some schools offer some certs while u are studying so look into that

that is ⚖️ fair, however it shows you took X hrs and Y minutes to complete, so it shows something

thank you

Gave +1 Rep to @upper knoll (current: #241 - 32)

I jumped from nothing to Sec+

yoo

all good i dont know how i became helper tonight but idm it

But I had a lot of experience so I could probably get A+ If I wanted lol

tempest instead of 73mp3st

yeaa, i feel like i have the base knowlecdge of A+ already just really dont want to spend the money on it if i dont have to lol

That's fair

broo how much time it takes a beginner to find his first bug in bug bounty

If you study for an exam but decide to go for something else, you still have the skills

lol

Forgot t at the end

like considering a complete beginner

Just not the cert

a while

Quite a while

I'd think

4mnth?

a lot of these creators will sell u the life on bug bounties but its a long road and takes experience

and its a side income not an outright stable income

that is truye

4 months if u are beyond dedicated and learn fast

Yeah no one is making a table income from bug bounties lol

id probably say a year

.

sup rats

as a side hustle in my teenage

?

yea if you dotn know anything bug bounty will take a good bit