#general

uce can use this forexample https://www.thewordfinder.com/caesar-cipher-solver/

does iwconfig run without iwd running?

if not

we can try nmcli device wifi list

shows 1.56Gb/s as the phy rate

seems like you should be seeing "full" speed

uhhh why my daily strike froze

2 of mine. one 2.5 one 5g

yeah, there we see 540Mb/s

not sure why the negotiated speed is < 1/2, it should either be 1/2 or full

kali is this

@mossy river inspiration for my next tattoo (17th april)

yes, that's full PHY rate

what channel does kali think it's on?

whats up folks

good evening

how to find that 🙂

nmcli

same commands as before

in this screenshot we see channel 56

which is a bit odd

given than that's a 20MHz channel

and could be a significant contributing factor to the speed

i expect that kali should report channel 50

which is the nearby 160MHz channel

since it's giving full PHY rate of 160MHz MIMO

upp is arch down is kali

huh

interesting

both marked as 56

perhaps as the center channel for negotiation/control frames

if you start a big download or a speed test, does that output change?

they wont run at full all the time, only when in use and the negotiation for faster speeds has happened

oh hey wait

what region are you in

NL

i wonder if your kali has a null country code set

and is able to do "illegally" fast channels

due to DFS or similar

the channels for wifi change on arch when i do speedtest

yeah, that is what i would expect

it change it self few time

go to 100, then 56 and so on

so set channel manual in router ? or

well

hold on

does mad hat use tryhackme just wondering

it's possible that the arch config is behaving properly

and the kali config is not

as in same speedtest

the DFS channels here

and some of the subgroup channels within it

are subject to regulation in different regions

and subject to interference monitoring

with a region code set in your driver, your adapter will behave according to some parameters

usually related to local airport and radar installations and such

kali, being that it's for pentesting, I often see set with 00 or null country/region codes

allowing all channels and widths and such

but this may be illegal and perhaps a bit "uncool" to leave on

despite it giving faster speeds

my concern is that your arch is seeing DFS channel interference/conditions and doing what it's supposed to by not intefering with it

and that your kali is not and is stomping whatever to get the fastest speeds

iw list should show us the region settings for the adapters

for kali chanel stays at 56 all time when speedtest

yeah, it's not moving when it might need to

this could be bad behavior for the adapter, despite it looking like better behavior

but on kali i got

it is interesting that it is giving full PHY rate speeds while reporting a 20MHz channel

BELGGERHGEREF

i can force 40 in router

cough cough

before chaning router side (though it should ALSO be respecting DFS)

lets see if we can determine the difference in the settings for the adapters/drivers

which i think means getting iwctl running

because i dont have another good way to query the region/capabilities from the running adapter

i can change region on router as i wish

iw reg get

this or iw list or similar is what we are after on the client

as for the router, setting it to NL is preferred if you are in NL radio space

though i dont know the NL power/band/etc. restrictions

is when i run on kali

interesting

ok, so we see country code is set to 00, as expected

but the adapter has decided NL for you which is good

on arch

again interesting

we see capabilities missing on the Arch one

or at least not enumerated

🤨

these both look like the adapter is "behaving" in that it has it's region set

though both have country code as 00

but it does look like kali is seeing adapter capabilities in the sub ghz range?

or rather, not attached to that phy but present elsewhere?

idk what anything of that means you say heh

so

in theory

that "country code 00"

should be NL on both systems

"should" is a bit strong, as the phy appears to be setting and respecting it on it's own

but it should be set to your regulatory domain

we see DFS UNSET so i dont know that it's "truly" respecting DFS without that set

but we are looking for differences here more than we are trying to bring you into regulatory domain compliance

can you run iw list

is arch

(we can fix the reg domain stuff later, its just a reg set)

iw list is sht load of info. any specific part ?

uh

good point

sec

hmmmmmm qubes os

or send you the result in DM?

yeah you can do that

my pc is hot:

😛

now lick it

Could be a great foot warmer

I like to use my laptop charging brick as a foot warmer some days

I left a SimpleHTTPServer open on my attackbox when I was trying to send a payload to a victim machine. Some IP started messing with it within 15 minutes.

That is something they warn about 😄

yah that happens

especially if you are a subscribed user as then the attackbox got an outward internet connection

It seems automated, seeing as how it all populated within seconds lol

I said 15 minutes, it was closer to 6 minutes. That's some freaky stuff.

the internet is full of scanners 🙂

naaah scanners are full of internet

Hey mate 👋🏼

https://en.wikipedia.org/wiki/Mate_(drink)

what is that lol

I think, it is illegal

@sick lance @mossy river

:hammer: shivamshukla84670#0 has been banned.

Done!

I like the apps name 😄

Oii bruv

A few days ago

Hey guys

really good tea

a drink???

not to you post heh

@mossy river 🎉

Done!

This reminds me of that software "check if your cc is in hackers databases" 🤣🤣🤣

Okay but that's hilarious 😄

Can I ask a question that is not related to tryhackme ?

Probably? As long as it does not go against anything in #rules you'll likely be fine. ;D

nice

so i have a problem in my code

i do a web page but i have a problem in my CSS

You should go to #programming

ok thank's

Gave +1 Rep to @full sparrow (current: #1114 - 4)

Guru GG

oh it hasnt updated

You can force an update by verifying again.

kk ty

Gave +1 Rep to @lament tendon (current: #36 - 255)

lesgo

How long do i have to wait for my profile to be updated ?

took me like a few hours

of waiting

for A->B

ok ok

hell yeah

0xC

So tomorrow it will normally be updated

probably yeah

nice man

yw

yw ?

i'm french bro

?

anybody wanna do the brick heist with me im new. Like super new lol i just have an assoicates in cyber

whats that supposed to mean

what's yw

yw = you're welcome

lmao

ok i didn't know

what did u think it meant

dont do brick heist maybe

https://tenor.com/view/lick-spongebob-meme-spongebob-meme-snail-gif-11908872455029987581

i think it's a missclick

oh lol

bruh

noted 😂

i don't know what's lmao too

if u have premium

start on

pre security

if u dont have premium

still start on pre security

: D

dm me if u need help setting up a personal VM

theres prob some guide out there but some ppl (notably me) like doing it hands-on

so uh

ya

cya

Anyone got a prefrence in terms of laptop for pen-testing? Trying to get more expereince in the field before i drop my OCS packet.

MSI raider 18 HX A14V

😎

4k is steeeeeeeep

im not that new HEHE just new to the process of red teaming etc and how exploiuts work im pretty tech savy though i used to do htb but gave up trying to get through the 101 boxes alone

💀

if i were u i would still do pre security

meh

its like

$3200

not 4k

Were on a military salary here

😭

sounds good thank you

Gave +1 Rep to @cerulean nest (current: #1824 - 2)

omg 2 rep

no way

idk man

Thinkin a budget of like 2k

buy a focken macbook or smth

I have one

na jk never buy a mac

hmm

Should I get the top new model?

from where

this is the way for music and audio production not cyber

microsoft: no

apple: no

apple

lenovo: no

no

Where do you recommend looking?

buy smth like

MSI

or ASUS

from costco's website

they have it cheaper

asus is pretty good!

i think

Just curious on the reasoning between those two?

Still delving into this field

better

idk im not that into hardware

2k a decent ammount to drop?

i just know they are more price efficient

meh

my desktop is 5

for a laptop no

💀

im on the MSI i talked abt earlier

its uh

https://shop.asus.com/us/90nr0ja2-m00630-rog-zephyrus-g16-2024-ga605.html?gad_source=1&gclid=CjwKCAjw-qi_BhBxEiwAkxvbkEXz4x5Eg5J9tDfQ3Cplfb7R0TOqfuWVNvooP_sN-Rq026Xdr-yZZRoCCnoQAvD_BwE

decent

oh yea that

Lenovo ThinkPad’s are nice

my sister got that 💀

oh HELL NO

I've actually heard a lot of people using ThinkPads in this field

lenovo is trash ngl

The E14 series

NAHHHHH

Yep

apple m1 better than that bs

Same for Dell Latitude’s

lmao

facts

hell no

apple fanboy

Mac’s are shit

fuck dell

I hate dells

shits slow ash

frfrfr

Fuck apple mac lmao

macbook runs decent

can your macbook run arch?

didn't think so

AY. Need y'alls help. What's a cool sounding callsign using the phonetic alphabet?
Could also include numbers

Lmao

it can

if u know what ur doing

Can it shit

Idk how its gonna do with attacks

is my thing

that link i sent is honestly best bang for buck in your proce range SMH i used to work for best buy i feel like im now their discord sells man'

bud just get the ASUS

the guy sent

Good luck upgrading your mac hardware

thats hella good

if u need setup dm me

📿

wrong emote

i can help u uh

🙏

set up ur VMs

WSL or VMWARE

or both

idfc

I'm still in hasing

give it a minute before we get into VMs and stuff

btw if ur really gonna learn cybersec

every single course

is

fucking

$9700

for the good ones

its comfortable nad portable like a mac and has about as close to a mac track pad as possible while still having grate performace

PER COURSE

I just need a basic foundation for what I'm trying to do

mac track pads ❤️ ❤️ ❤️

The military will pay for my college

W

I'm not really concerned with cost

GI Bill go brazy

lmfao

both of em

im struggling with sec + rn so many freaking definitions its killing me

just dm me if u need help with stuff

if its tryhackme then uh, dm someone smarter lmao

🙏 I appreciate it.

I want ask what the password to skip the siem

im really good at networking

like

@cerulean nest have you even worked in IT? Because both of the laptop models I mentioned are very liked and mass-deployed in a lot of enterprise businesses

cisco stuff

etc

Does anyone know what software this is used?

lenovo idk man

dell maybe

Nah I just need the basics of stuff, nothing to advanced the officer path I want will take care of that 💀

mind map software prob, google the top 3 or smth

they all look similar

Lenovo feels nice, they use nice materials. Dell’s last a long time too, easy to repair and upgrade

I may hit you up I'm still tryna understand OSI I understand like how it's presented just where certain things are past like layer 3 lol

I can get behind dell, but not Lenovo they are good but, they are just weird at the same time

This is also what I'm looking for

something I can go home and swap hardware when need be

do the tryhackme room on that

more storage etc.

did, I think I just need more experience on it

you will never be able to sw2ap cpus and gpus on laptops

my notes are long ash from these courses 💀

yeah they solder em in now

cheeks

but the asus i sent has m.2 storage yuou can add and swap

just do it a few more times or smth

the asus u sent is good

🙏

Lenovo is Chinese I think so I understand it, but I just got given my ThinkPad laptop and I was skeptical first now I like it. Thin bezels, smooth matte chassis, sikly smooth trackpad, fingerprint and facial biometrics etc

lenovco is also banned by DOD so dont do lenovo if you want to work in cyber in the DOD

💀

Only issue I have is the Fn and Ctrl key placement. But I think in the BIOS there’s a swap toggle

Maritime Cyber Warfare Officer in specific is the path

so i appreciate this info,

This doesn’t mean it’s a bad product though lmao

your welcome my dad was a cheif in the airforce and he told me that they banned them do to chinea adding a chip that had a keybopard logger on it and since then have been removed but still banned

sorry i cant spell smh

you're good

Don’t forget the military is still ran by boomers and non-technical senior officers. I was in the military

agreed

It is painful.

yes and no

and people with gifted kid syndrome

especiialy non technical officers thats very true smh

The military has a very strong mindset of “It is isn’t broke don’t fix it” kinda mentality

i feel like officers should always start as enlisted

yes they do LMAO

im jsut a military brat and i most definitely understand

Yeah, in recent years I’ve used some legacy tech lmao

Oh boy

I kinda wanna join but im scared lol

cough Dial up

oh nah just no like actuallyu no

What did you folks learn today?

A lot

Started my first day

As a SOC Analyst

congradulations bro!!

dont forget the gifted kid syndrome

Thanks man

nukes in specific have it BAD

Tell us so we can learn too!

?

hey guys any one knows the main diff between C2-server and payload server?

Yes

thats over my head im barely getting sec+ under my belt

One is C2, one is for payload

im A NOOB couldnt even be a scipt kiddy if i wanted to

Payload server is more vague.

A question you can ask AI

faxcts

but both deliver malicious to the target if am wrong ,so can we say that metasploit is a also a payload erver

server*

Perhaps to reduce the noise on the network? Idk, I would suggest to ask AI for a more detailed answer

The key difference between a C2 (Command and Control) server and a payload server is their function: C2 servers act as a central hub for attackers to send instructions and receive information from compromised devices, while payload servers are used to deliver the malicious code (the "payload") to those devices.

The real question is why

c2c send and control what the payload server sends that way the malicious code and the commands dont come from the same place

think of a botnet

Exactly. If you take down the payload server, C2 still operational

I have never heard of a "payload server". So that's a weird question.

in a bot net situation the c2c controls the hosts but the payload server send the actual code to the hopsts

like in a ddos attack the code to control the hosts is sent by the payload c2c tells the host to attack the server

You can control clients (beacons in this case) without a payload.

so metasploit is both it send the payload and controll it and still mention it as c2 server thats weird

Hello everyone 👋🏻
I'm a beginner and I am seeking for a mentor or a boot camp

think of the paylaod server like a delivery truck or a hard driver to hold the code and the c2c as the OS

people in leadership positions at least in my experience have this gifted kid syndrome (i work with nuke drops so this could be part of it as well)

metasploit is a application to set up a c2c and payload server

i have very limited knowledge this is all guesses from what i know

ships wifi sucks

1856 hours to download mac terminal tools

😭

Brother, on a warship you’re lucky to get over 30Kbps, be grateful with what you have

but thanks bro any way , I see now the main diff

Gave +1 Rep to @cloud agate (current: #2786 - 1)

Last deployment we didnt have wifi at all 💀

Emcon plan?

nah just wasnt installed

Sounds like emcon

googling

your welcome! if i told you something wrong im sorry Definitely let me know so i can learn too!

Emission control

Certain operations or areas have different emcon plans

oh nah they were just trying to work out the contracts

It’s a NATO thing

wifi is new on ships

like were one of two carriers to have it

they need to give yall starlink for wif

we have it

so it jsut sucks or maybe its the APs

Or NAICIS

but you have 5 thousand people all trying to use the internet at once

people downloading stuff, watching stuff, on the phone etc.

Starlink isn’t too good from what I heard

it also doesnt help that we have to keep moving in a circle

oh okay that defintly makles sense

say it again for the funny

i dont think they care about emissions right now with what were here doing 💀

@ruby plinth do yoiu have sec +?

yes

hi guys . plz introduce cve bot

for clearance?

dude im struggling on studying for it any tips im using professor messer and the CompTIA app but i cant seem to get it through my head

Oh I thought you meant secret

💀

Nah I havent gotten that far yet

LOL nah man this certification is kicking my but

I gotta get to the offensive security course first 🙏

terrified to spend 500$ on a test just to fail

500$ is STEEP

no shit LO)L

I'm just tryna make my degree path easier 💀

Militarys finna pay for EVERYTHING

@chilly veldt belllaaaaaaaa

i belive my company will too but still i have to pass it for them to pay fo rit

Oh military doesnt care

I have both the Post 9/11 GI

and the Montgomery

no

thats nice i used my dads to go to school and get my associates in cyber

I plan to use the Post 9/11 for my bachelors

and then the montgomery for my masters

defintly keep it for your kids if you can

Nah it's one use and I aint stayin enlisted lol

i dont blame you get in and get out making 200K

theyre letting me comission or im taking my new degree, my secret clearnace, and my experience because I plan to intern somewhere to gain experience, and finding a job somewhere

i thought hard about going the route you are

It's not a bad gig but being enlisted does suck a little bit

but no one else was gonna pay for college and I was tired of law enforcement

i just love my church and my community i finally have one after growing up moving every 3 years

yeah that wasnt fun as a kid either

i dont blame you thank you for serving for us on both fronts

Gave +1 Rep to @ruby plinth (current: #2786 - 1)

thank you for your support.

Gave +1 Rep to @cloud agate (current: #1824 - 2)

Nice to hear.

thank you!

Damn

what?

Was wondering if you could help me come up with a callsign

how can wireshark intercept network traffic on other machines?

It's sniffing traffic it doesnt really intercept it

moreso watches where its going and where its coming from to my understanding

yeah thats js my bad choice of words

You can download the copy of traffic you sniffed but

best of luck decrypting it

If you can redirect traffic to your machine then you can also sniff them.

Otherwise you can't get others' packets.

alright thx

If hacker should be an anonymous person then why people posts their self’s on LinkedIn

Because there’s a difference between CTFers and people who work in the cybersecurity industry

hi

Ya’ll wish me luck on my business law exam, can’t wait to fail 😭

Never thought that reading code would be easier than reading law but here we are lmao

Bluewin

I've been thinking about it for like an hour.... it's hard to come up with a permanent callsign

Blue_win

Ahha nice understood

Oooh, could put fluff in it too

5tuxn3t

Wen update?

Twinkie

5 Tango Utah Xray November 3 Tango

stealing this

“I❤️Steg” 🗿

uniform

Oops, was uniform

I get em mixed up sometimes lol

I used to get Sierra and sam mixed up

you can thank the sherrifs office for that

same with India and Ida

Well, I am looking for a callsign for LSPDFR

what are you state, county?

Was thinking of putting Whiskey and Viper in it.
Right now, with LSPDFR Enhanced mod, I'm in the industrial area, but Highway Patrol

Our highway units were King Units

so 1K-84

1K-93

etc

https://tenor.com/view/lspdfr-gif-27277973

I've been the chief of a few fivem servers for SAHP

was always 1K-01

Girlscout

Stand up right now and go back to work

The floor is rated feet only

it’s 3am here

Then your work is to sleep

working on that

Touch grass

Jks love ya @boreal scarab

Bravo Sierra Oscar Delta. 😄

BSoD, love it lol

Nuuuuuuuuuuuuuuuuuuuu

Been modding gta V for a couple of hours now, almost got it right

That's what bluewin is for

Blue windows

oooooooooooooh

Have you guys seen Burp Suite's AI feature?

A call sign is also something you quickly can say, which is what bluewin is too

Yah, but I want it to mean something, sound badass

Dude...

Wha?

No one in the military has badass call signs

News flash, this aint for military lol

The call signs are nicknames given to you by your fuck ups

Why tf do you need call sign anyway?

LS PD FR

Want me to sound it out?

Police doesn't have call signs...

They have position numbers

Surprise! LSPDFR has callsigns

Have you ever interacted with anything like that?

Like Sam 44, 1 Delta 33, etc etc

Problem with LSPDFR, you don't have a rank, and if you do with LSPDFR Enhanced, you go up in ranks, so it changes

That's not call signs, that is position numbers

I cannot find a mute for the user mridulsharma.#0

It correlates with the area you're in, unit you are and unit number

Why do you want to mute him

CTF players will grow to be millionaires
True✅
False ❌

@spring acorn Don't try to ping everyone . To join vc you will have to verify . You can learn how to do so on the link below 🙂
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

I wanted to unmute him 😄

no screenshot for today or yesterday cuz i barely slept today and was busy yesterday

That's fine , it's ok to take a rest from time to time 🙂

thanks

Gave +1 Rep to @cloud quiver (current: #1 - 4318)

The worse new I have heared That my laptop now inside it become alchol

💔💔

🔊 Unmuted cis32_mvp

What nothing for April fools

Yall are lame

@round orbit Watch out for blacklisted words 🙂

What is your honest criticism of the cert? Genuinely curious.

Multiple choice questions have no place in a practicum about a SOC. Plus they kind of lied on their competitors on HTB

Evening chat

Plus an industry leading cert?

My brother in Christ it just came out

How many of the load of certs that are almost all practical knowledge contain multiple choice questions? Most if not all

Hmmm

Seems like it’s kind of standard

Does a practical have the ability to cover all the other possible knowledge somehow who will work in a soc will need

Seems like that wouldn’t be possible either

imo a perfect exam would feature an open book exam and a practical element

As far as I know the SAL1 is open book with practical elements? But I could be mistaken

Like I think we should assess the ability to know things and find the answers as well as to show practical application of information

I have one

I don't recognise the name of that one, I only hold the AWS CCP

It’s the new THM one

but that's because work paid for it, I've not paid for any certs thus far

don’t try to fall in love with a hacker because every time you try to build a connection they will DDoS your feelings

Like maybe when I finish uni I'll look but until then

my favourite line is "relationships are like git repositories, you commit, push, pull, merge and resolve conflicts" haha

I think it could use a few months to get stable but imo the thought and work behind it is really good

I really noticed something hackers don’t have feelings

https://tenor.com/view/boooooo-this-guy-stinks-serious-spongebob-squarepants-gif-11981386

that's not true, we hackers do have souls

Your soul is Linux

nope

Careful you’ll summon the arch users

I definitely have feelings haha

They come out of the wood work if you mention Linux too much

I tried my best with April joke

I'm not very outward about them but they're there in full force haha

They’ll get angry if I mentioned Linux ?

I'd say that it's probably common within the industry, problem solving's baked into our personality
we like solving things on our own so don't tend to be very outward about our emotions

No they’ll just come to talk about arch

I installed arch linux 🤓 ☝️(this is a joke)

And I just did a one hour chest bicep day at mostly midnight

I woke up from a nap two hours ago

it is now 1am

Why everyone like arch linux

Oh no they’ve gone and done it

It’s allows you to have the latest software without needing to upgrade your entire system

legend has it they travel in heards

Not like kali right

It’s just another Linux distribution just so happens it’s kind of like veganism

I actually respect having your own zone hackers personality is actually nice

You have/use it you tell everyone about it

Sir yes sir

Been playing around with it, love it, fits me, but just doesn't.... WOW me

The perfect distro

is this arch?

No... it's a Debian flavor Commadore OS vission 2.0

Commodore

its a bad meme sorry i just wanted to share it with you

there was this guy in here who was always like "i use arch btw" and i made that meme to reply to him

isnt Debian what Linus uses?

anyone using parrot or kali is using a debian flavor

ahh.. i do like flavors..

Commodore OS isn't a security OS though its just a fun kickback to the 80s commodore 64

some like chocolate, some like vanilla... yes i see

i cant see my fawaz wth

ahh.. now i see it

80s???

Where's the THM april fools at 🤔

Yeah the 80s when your parents used let you ride in the back windshield of the car while they chain smoked Marlboros on long trips

I was considering which distro to use in virtualized lab.
At the end, I decided to use kali in qemu virt since kali docs provide the guide.

can't go wrong with either one I don't think

📖

thanks! I'll keep this in mind.

Gave +1 Rep to @cloud quiver (current: #1 - 4322)

i pref kali to parrot i have no REAL reason outside i started with kali.

and parrot reminds me of mac (and i dislike mac)

congrats 🎉 on being green, 🧙

M

This was lowkey complicated

i've worked as a devops engineer for like 5 years and active directory still scares me at times

though to be fair, writing scripts and interfacing with LDAP was its own sort of arcane magic

Thanks veggies!

Gave +1 Rep to @grizzled wing (current: #35 - 272)

Yesterday I hit my 30-day streak. Today I have gone on 3 times and each time I've been greeted with a window letting me know I've hit my 30-day streak, and I do a short walkthrough room and my streak stays at 30 days, which seems... strange.

Wait, so you've been on your 30 day streak, and then when you did a room, it says you got a 30 day streak, but doesn't go up to 31?

Yep. I’ve been on a 30 day streak for just over 40 hours now.

Did someone say they use Arch btw?

You should probably contact support

@dapper turtle

It’s being looked into sed scrubs

Congrats , keep up the good work 🙂 🚀

Hi everyone 👋🏻, I am beginner and I am looking for a team

https://tenor.com/view/reimu-reimu-hakurei-china-love-love-china-gif-4739820462458512257

Waitttt so chatgpt can do any art style

what if THM made every easy question hella hard for april fools

When are the several learning paths getting retired? 11:59 GMT April 1 or April 2?

is there any rooms that teach how to read and understand Apache logs?

hold up dawg, i got the best hello kitty image to date

https://cdn.discordapp.com/attachments/1300304557615874089/1355373622088171570/IMG_3188.gif

where's the thm april fools event 👀

Soon

🤣

i've been waiting 6 years for a skidy & ashu karaoke event 😦

don't forget we were promised Muiri was going to sing opera for us

(the promise wasn't from Muiri though, so the collecting on that promise has been difficult)

hi bee

that's the april fools all along

The squiddest

Dude this is adorable lol

Happy fools day, stay safe, stay smart. 👊

@inner bloom hmmmm..nice

i'll just enjoy playing games on my VR today , no grind THM

thanks

which one

probably Tactical Assault VR online

else i'll play Beat Saber or AC Nexus for timepass

I haven't been able to get into the parrot website to download the OS for the last few years, so parrot has been out for me

Kali is a great toolbox, but it seems to me that a lot of hacking is going to be from target machine - to target machine in the target environment, so it's good to slowly wean yourself off of hacking distributions or tooling once you've gained some experience.

what the - where did message go

y delet message, now I wasted my reply and look dum D:

anyways am off here , cya

https://tenor.com/view/cat-water-fountain-face-cute-gif-10731183726034091306

Hey Everyone , we started using Chronicle/SecOps as our SIEM tool. Does anyone have resources for incident response and alert logic that would help accelerate the learning process?

Today im going to end the Jr Pentester Path, just the last challenge.. what path to take next?

Depends which area of cyber security you're the most interested in 🙂

I like redteaming but more and more im get into blue

Well you will have to decide . If you're more into red teaming check out red teaming path . If you want to pursue a career in blue team go with SOC1 and 2 paths 🙂

or do both

🙂

Yesterday I set up a honeypot admin login on my webpage. I made it with Flask and the Webhook to Discord, so when someone tries to log in I get a message with the attempt and the IP it came from. Cool project 🙂

is ejpt good

need tryhack me premium acc

purchase it then

https://tenor.com/view/dancing-duck-dance-duck-duck-ooontz-dance-gif-10943740227711557279

yeah it was okay from what i've seen

i have no certifications
so i am planning to go for ejpt as it is not that expensive and I've noticed that many people recommend it

wonder if this is implemented yet 🤔

yeah why not

BEEEEEEEEE

metaspoilt? 💀

Get a sub not an account

Hlo

Meta Spoilt

ye mb thas what i meant to say

Hello everyone, I’m struggling with some python exercises, beginner level, can someone help me in private ? (I have to do them before 2pm)

did u use chat gpt?

The hacker:

to some extent, why do you wonder?

just asking :p

Okej:)

I haven't written anything with a bottle before so I had to get some help 😛

the admin login page (the honeypot) is a directory ? or subdomain or what exactly?

how the hacker supposed to find it so he login xD

you can do whatever you want, but I have it on a subdomain with a route to /admin, so the directory /admin itself doesn't exist at all... there is a link on the index page that is kindly called admin;D

Not made for any real safety but was mostly a fun lab...

hmm , well its a good small project , but I think u can see the ips of whoever is visiting ur webpage . i would suggest , to try doing honeypot in a server with easy creds and record user action and commands 🎧

We can’t help with school work here

Yes, of course I can see all visitors' IPs if I wanted to, but it's not really of interest to me, but it is interesting to know who is trying to carry out some kind of attack, like now for example, I see which IP is trying to log in to the admin page, and after some attempt I block that IP with fail2ban. All the info i sent to a Discord server so i get a notice.

woop woop

Done!

can someone find my bug

Scanner s = new Scanner(System.in);

Why ? It’s something quite simple

If it’s from a room #room-help @trail bloom

Hi, asking for school help is against our community rules. 🙂

Ohh ok so sorry

Thank you, @cyan parcel

Kek

+r*p @cyan parcel

:c

Hello guys I was learning SQL injection and I want to practice where I can find free labs ?

Here're some good ones 🙂
https://tryhackme.com/room/cheesectfv10
https://tryhackme.com/room/dailybugle
https://tryhackme.com/room/jurassicpark

Thank you !

Gave +1 Rep to @cloud quiver (current: #1 - 4326)

https://www.bleepingcomputer.com/news/software/vmware-workstation-auto-updates-broken-after-broadcom-url-redirect/

Burp suite academy

https://tenor.com/view/table-flip-adventure-time-gif-6102284985928581700

hlo

Hey

can you tell me one thing

why this server bot is sending messages on my server even its not there

Hmm not sure what you mean?

wait

@cloud quiver

🙂 ?

@meager tinsel

there's nothing wrong...?

does thm have a walkthrough room for nikito?

Oh my heart

new swag For a moment i thought my cap is going to trash now

like a tutorial room

Haven’t seen one scorpius, just rooms that suggest to use it

hey

There is a room that used to walk through it as part of the room, possible Tools r us.

how are you today guys?

suggest some tool to get web application vulnerability

burp suite

ik that, any other options?

Metasploit, ask chatgpt

depends what kind of vuln you are looking for

any kind of

Zap, Nessus, Nikto.

have u already did the information gathering, enumeration?

Openvas?

i means i am testing my website so want to know how many vulnab i have so i cn patch em all

Do you host the website?

can say that

me n my parthner we both

Do you host it on your own hardware?

Or do you use a third party to host the website?

3rd party

Then you can't test it.

You need their permission.

As it's their software/hardware etc.

um okok

u can still ctrl+u, and give the source code to a.i. and ask him about possible vulnerabilities.

🦹‍♂️

attackbox ain't booting up properly

anyone else facing it?

that's the one i am doing
but its not a walkthrough
its a challange room where we have to use nikito

that's why i wanted to do a walkthrough room first, but its fine i'll just do some research

will try

@sick lance Wanna come up with a callsign for me?

MicrowaveTea

anyone plays CTF on ctftime

If you perform an attack that disrupted their service etc.

You'll have no protection from a legal stance.

but.. You can test web applications and the page itself, ex wp etc?

No...

They'd need to whomever hosts it permissions.

tk that

ok..

acha tell me methods to get admin login
like sql ssrf

I host my own stuff.. 😛

we are working on something so yes

Doesn't mean it's ok to attack it...

But this is a bit interesting.. If I am not allowed to test the security of my site if it is hosted at a web hotel etc. and my site is exposed to an attack that could have been avoided if I had only tested the site, who is then responsible, the one who hosts it or is the responsibility still entirely on me, like that I should test the site in a local environment before it goes into production?!

Yeah, you can test it before prod.

help me with methods to get admin panel access

only name will work for me

I have already told you no.

If you continue to discuss this, I may have to mute you.

Yes, of course you can, but are you responsible for doing it? Even if I test it locally, there is still a certain difference when it is in production.

why so

im doing it for my site as i already told u

For the reasons I have already stated.

It's a combination of both.

However that doesn't mean you can attack it to test it.

I don't microwave my tea!

I have an electric gooseneck kettle 👀

If you follow the different paths here, you will learn. Here you only get help with questions like the labs and rooms here, not your own projects!

That statement has taken what I've said out of context.

Im with you..

also isn't it in general illegal to test attacks on the web?
I'm a newbie but my intial thinking was that all tests should be done in a VM

Bug bounties are legal if you stay on scope.

gotcha

off topic, is it okay/possible to test malware in a VM?
I wanna go down the Redteam path

hello

Creation of malware is illegal, and out of scope for their channel, we discuss malware exploits in advance channels

Hello!

oh gtk thank you!

Gave +1 Rep to @sick lance (current: #2 - 3587)

wakarimasu

English only please.

?

kidding

understand

I will make it summary!

In like level advance in tryhack u will access the advance rooms

it unlocks 0xD[Legend] rank onwards

Please where can I get SSH tunnel ip?

To what?

Where do they sell the SSH TUNNEL IP ADDRESS

#771818902342074388

Ahh, need legend

You set up ssh tunnels in your devices...

The ip information

Are there ever any sales on THM premium? Trying to complete the cyber security 101 learning path completely but can't swing the $$ right now even with a student discount, hoping to hear there is sales every now and then

There is, but they apply to annual subscriptions only

thats what I'm looking at getting but right now even with a student discount its $100, when are sales typically?

Random times or Black Friday/Xmas.

Sale is the same as student usually.

And they can't be stacked.